Public Company Accounting Oversight Board; Notice of Filing of Proposed Rules on Amendments Related to Aspects of Designing and Performing Audit Procedures That Involve Technology-Assisted Analysis of Information in Electronic Form, 54922-54947 [2024-14488]

Download as PDF 54922 Federal Register / Vol. 89, No. 127 / Tuesday, July 2, 2024 / Notices lotter on DSK11XQN23PROD with NOTICES1 acts of contributory negligence. Therefore, the amendment’s impact on competition, if any, is expected to be limited. Overall, the amendment is expected to enhance audit quality and increase the credibility of financial reporting by EGCs, thereby fostering efficiency. Some commenters agreed that the amendment should apply to audits of EGCs and that doing so would benefit such audits. One commenter remarked that there was no reason not to apply the amendment to audits of EGCs and that the principles, standards, and scope of enforcement against violations involving contributory negligence should be the same regardless of the scale and size of the entity and of the firm. Another commenter posited that excluding EGCs from the application of the amendment would be inconsistent with protecting the public interest. As previously discussed, one commenter suggested that the amendment would have a greater impact on smaller firms with fewer resources to defend personnel and navigate an uncertain liability environment, and consequently, these firms are more likely to cease auditing entities that require PCAOB-registered auditors. The Board agrees that the amendment may have a greater impact on smaller firms to the extent that their individual auditors are investigated under the amended rule, and the firms are unable to absorb the direct costs and distractions. This would, in turn, impact EGCs because they are more likely than non-EGCs to engage small firms.216 The Board believes that the amendment should apply uniformly to audits of EGCs to maintain high standards of audit quality and uphold investor protection across all entities. Considering these comments and the reasons explained above, the Board will request that the Commission determine, to the extent that Section 103(a)(3)(C) of the Sarbanes-Oxley applies, that it is necessary or appropriate in the public interest, after considering the protection of investors and whether the amendment will promote efficiency, competition, and capital formation, to apply the amendment to audits of EGCs. 216 Staff analysis indicates that, compared to exchange-listed non-EGCs, exchange-listed EGCs are approximately 2.6 times as likely to be audited by a firm that is not affiliated with the largest global networks, and approximately 1.3 times as likely to be audited by a triennially inspected firm. Source: EGC White Paper and S&P. VerDate Sep<11>2014 17:34 Jul 01, 2024 Jkt 262001 III. Date of Effectiveness of the Proposed Rules and Timing for Commission Action Within 45 days of the date of publication of this notice in the Federal Register or within such longer period (i) as the Commission may designate up to 90 days of such date if it finds such longer period to be appropriate and publishes its reasons for so finding or (ii) as to which the Board consents, the Commission will: (A) By order approve or disapprove such proposed rules; or (B) Institute proceedings to determine whether the proposed rules should be disapproved. inspection and copying at the principal office of the PCAOB. Do not include personal identifiable information in submissions; you should submit only information that you wish to make available publicly. We may redact in part or withhold entirely from publication submitted material that is obscene or subject to copyright protection. All submissions should refer to PCAOB–2024–04 and should be submitted on or before July 23, 2024. For the Commission by the Office of the Chief Accountant. Sherry R. Haywood, Assistant Secretary. [FR Doc. 2024–14487 Filed 7–1–24; 8:45 am] IV. Solicitation of Comments BILLING CODE 8011–01–P Interested persons are invited to submit written data, views and arguments concerning the foregoing, including whether the proposed rules are consistent with the requirements of Title I of the Act. Comments may be submitted by any of the following methods: Electronic Comments • Use the Commission’s internet comment form (https://www.sec.gov/ rules/pcaob); or • Send an email to rule-comments@ sec.gov. Please include PCAOB–2024– 04 on the subject line. SECURITIES AND EXCHANGE COMMISSION [Release No. 34–100430; File No. PCAOB– 2024–03] Public Company Accounting Oversight Board; Notice of Filing of Proposed Rules on Amendments Related to Aspects of Designing and Performing Audit Procedures That Involve Technology-Assisted Analysis of Information in Electronic Form Paper Comments June 26, 2024. • Send paper comments in triplicate to Vanessa A. Countryman, Secretary, Securities and Exchange Commission, 100 F Street NE, Washington, DC 20549–1090. All submissions should refer to PCAOB–2024–04. This file number should be included on the subject line if email is used. To help the Commission process and review your comments more efficiently, please use only one method. The Commission will post all comments on the Commission’s internet website (https://www.sec.gov/ rules/pcaob). Copies of the submission, all subsequent amendments, all written statements with respect to the proposed rules that are filed with the Commission, and all written communications relating to the proposed rules between the Commission and any person, other than those that may be withheld from the public in accordance with the provisions of 5 U.S.C. 552, will be available for website viewing and printing in the Commission’s Public Reference Room, 100 F Street NE, Washington, DC 20549, on official business days between the hours of 10 a.m. and 3 p.m. Copies of such filing will also be available for Pursuant to section 107(b) of the Sarbanes-Oxley Act of 2002 (‘‘SarbanesOxley,’’ or the ‘‘Act’’), notice is hereby given that on June 20, 2024, the Public Company Accounting Oversight Board (the ‘‘Board’’ or the ‘‘PCAOB’’) filed with the Securities and Exchange Commission (the ‘‘Commission’’ or the ‘‘SEC’’) the proposed rules described in items I and II below, which items have been prepared by the Board. The Commission is publishing this notice to solicit comments on the proposed rules from interested persons. PO 00000 Frm 00161 Fmt 4703 Sfmt 4703 I. Board’s Statement of the Terms of Substance of the Proposed Rules On June 12, 2024, the Board adopted Amendments Related to Aspects of Designing and Performing Audit Procedures that Involve TechnologyAssisted Analysis of Information in Electronic Form (‘‘proposed rules’’). The text of the proposed rules appears in Exhibit A to the SEC Filing Form 19b– 4 and is available on the Board’s website at https://pcaobus.org/about/rulesrulemaking/rulemaking-dockets/docket052 and at the Commission’s Public Reference Room. E:\FR\FM\02JYN1.SGM 02JYN1 Federal Register / Vol. 89, No. 127 / Tuesday, July 2, 2024 / Notices II. Board’s Statement of the Purpose of, and Statutory Basis for, the Proposed Rules In its filing with the Commission, the Board included statements concerning the purpose of, and basis for, the proposed rules and discussed any comments it received on the proposed rules. The text of these statements may be examined at the places specified in Item IV below. The Board prepared summaries, set forth in sections A, B, and C below, of the most significant aspects of such statements. In addition, the Board is requesting that the Commission approve the proposed rules, pursuant to section 103(a)(3)(C) of the Act, for application to audits of emerging growth companies (‘‘EGCs’’), as that term is defined in section 3(a)(80) of the Securities Exchange Act of 1934 (‘‘Exchange Act’’). The Board’s request is set forth in section D. lotter on DSK11XQN23PROD with NOTICES1 A. Board’s Statement of the Purpose of, and Statutory Basis for, the Proposed Rules (a) Purpose The Board adopted amendments to AS 1105, Audit Evidence, and to AS 2301, The Auditor’s Responses to the Risks of Material Misstatement, and conforming amendments to another PCAOB auditing standard (collectively, the ‘‘amendments’’ or ‘‘final amendments’’). The amendments are designed to improve audit quality and enhance investor protection by addressing the growing use of certain technology in audits. In particular, the amendments update PCAOB auditing standards to more specifically address certain aspects of designing and performing audit procedures that involve analyzing information in electronic form with technology-based tools (i.e., technologyassisted analysis). The amendments are designed to decrease the likelihood that an auditor who performs audit procedures using technology-assisted analysis will issue an auditor’s report without obtaining sufficient appropriate audit evidence that provides a reasonable basis for the opinion expressed in the report. Information from the PCAOB’s research project on Data and Technology indicates that some auditors are expanding their use of technologyassisted analysis (often referred to in practice as ‘‘data analysis’’ or ‘‘data analytics’’) in the audit. Auditors use technology-assisted analysis in many different ways, including when responding to significant risks of material misstatement to the financial statements. For example, some auditors VerDate Sep<11>2014 17:34 Jul 01, 2024 Jkt 262001 use technology-assisted analysis to examine the correlation between different types of transactions, compare company information to auditordeveloped expectations or third-party information, or recalculate company information. Existing PCAOB standards discuss certain fundamental auditor responsibilities, including addressing the risks of material misstatement to the financial statements by obtaining sufficient appropriate audit evidence. However, the standards do not specifically address certain aspects of using technology-assisted analysis in the audit. If not designed and executed appropriately, audit procedures that involve technology-assisted analysis may not provide sufficient appropriate audit evidence as required by the standards. Having considered the expanded use of technology-assisted analysis by auditors, the Board proposed amendments in June 2023 to address certain aspects of designing and performing audit procedures that involve technology-assisted analysis. Commenters generally supported the objective of improving audit quality and enhancing investor protection by clarifying and strengthening requirements in AS 1105 and AS 2301 related to certain aspects of designing and performing audit procedures that involve technology-assisted analysis. In adopting the final amendments, the Board took into account the comments received. The amendments further specify and clarify certain auditor responsibilities that are described in AS 1105 and AS 2301. The amendments are focused on addressing certain aspects of technology-assisted analysis, not specific matters relating to other technology applications used in audits (e.g., blockchain or artificial intelligence) or the evaluation of the appropriateness of tools under the firm’s system of quality control. The amendments are principles-based and therefore intended to be adaptable to the evolving nature of technology. In particular, the amendments: • Specify considerations for the auditor’s investigation of items identified when performing tests of details; • Specify that if the auditor uses an audit procedure for more than one purpose, the auditor should achieve each objective of the procedure; • Specify auditor responsibilities for evaluating the reliability of external information provided by the company in electronic form and used as audit evidence; PO 00000 Frm 00162 Fmt 4703 Sfmt 4703 54923 • Emphasize the importance of controls over information technology; • Clarify the description of a ‘‘test of details’’; • Emphasize the importance of appropriate disaggregation or detail of information to the relevance of audit evidence; and • Update certain terminology in AS 1105 to reflect the greater availability of information in electronic form and improve the consistency of the use of such terminology throughout the standard. The amendments will apply to all audits conducted under PCAOB standards. Subject to approval by the SEC, the amendments will take effect for audits of financial statements for fiscal years beginning on or after December 15, 2025. See Exhibit 3 for additional discussion of the purpose of this project. (b) Statutory Basis The statutory basis for the proposed rules is Title I of the Act. B. Board’s Statement on Burden on Competition Not applicable. The Board’s consideration of the economic impacts of the proposed rules is discussed in section D below. C. Board’s Statement on Comments on the Proposed Rules Received From Members, Participants or Others The Board initially released the proposed rules for public comment in PCAOB Release No. 2023–004 (June 26, 2023). The Board received 21 written comment letters relating to its initial proposed rules. See Exhibits 2(a)(B) and 2(a)(C). The Board has carefully considered all comments received. The Board’s response to the comments it received, and the changes it made to the rules in response to the comments received, are discussed below. Background In 2010, the Board adopted auditing standards related to the auditor’s assessment of and response to risk (the ‘‘risk assessment standards’’), including AS 1105 and AS 2301. Although the risk assessment standards were designed to apply to audits when auditors use information technology, the use of information in electronic form 1 and the 1 In this document, the term ‘‘information in electronic form’’ encompasses items in electronic form that are described in PCAOB standards using terms such as ‘‘information,’’ ‘‘data,’’ ‘‘documents,’’ ‘‘records,’’ ‘‘accounting records,’’ and ‘‘company’s financial records.’’ E:\FR\FM\02JYN1.SGM 02JYN1 54924 Federal Register / Vol. 89, No. 127 / Tuesday, July 2, 2024 / Notices lotter on DSK11XQN23PROD with NOTICES1 use of technology-based tools 2 by companies and their auditors to analyze such information has expanded significantly since these standards were adopted. In light of the increased use of technology by companies and auditors, in 2017 the Board began a research project to assess the need for guidance, changes to PCAOB standards, or other regulatory actions.3 Through this research the Board found that auditors have expanded their use of certain technology-based tools, including tools used to perform technology-assisted analysis (as described above, also referred to in practice as ‘‘data analytics’’ or ‘‘data analysis’’ 4), to plan and perform audits. While the Board’s research indicated that auditors are using technology-assisted analysis to obtain audit evidence, it also indicated that existing PCAOB standards could address more specifically certain aspects of designing and performing audit procedures that involve technology-assisted analysis. Consequently, under existing standards, there is a greater risk that when using technology-assisted analysis in designing and performing audit procedures, auditors may fail to obtain sufficient appropriate evidence in the audit. The amendments in this release are intended to improve audit quality through principles-based requirements that apply to all audits conducted under PCAOB standards. They are designed to decrease the likelihood that an auditor who performs audit procedures using technology-assisted analysis will issue an auditor’s report without obtaining sufficient appropriate audit evidence that provides a reasonable basis for the 2 In this release, the term ‘‘tool’’ refers to specialized software that is used on audit engagements to examine, sort, filter, and analyze transactions and information used as audit evidence or which otherwise generates information that aids auditor judgment in the performance of audit procedures. Spreadsheet software itself without specific programming is not inherently a tool, but a spreadsheet may be built to perform the functions of a tool (examining, sorting, filtering, etc.), in which case it is included within the scope of this term. The PCAOB staff’s analysis was limited to tools classified or described by the firms as data analytic tools. Tools may be either purchased by a firm or developed by a firm. 3 See PCAOB’s Data and Technology research project, available at https://pcaobus.org/oversight/ standards/standard-setting-research-projects/datatechnology. 4 In this release, the terms ‘‘data analysis’’ or ‘‘data analytics’’ are used synonymously. VerDate Sep<11>2014 17:34 Jul 01, 2024 Jkt 262001 opinion expressed in the report. The remainder of this section of the release provides an overview of the rulemaking history, existing requirements, and current practice. In addition, it discusses reasons to improve the existing standards. Rulemaking History In June 2023, the Board proposed to amend AS 1105 and AS 2301 to address aspects of designing and performing audit procedures that involve technology-assisted analysis and that the Board’s research indicated are not specified in existing PCAOB standards.5 The proposed amendments were informed by the staff’s research regarding auditors’ use of technology, as described above. The proposed amendments: (i) specified considerations for the auditor’s investigation of items that meet criteria established by the auditor when designing or performing substantive audit procedures; (ii) specified that if an auditor uses audit evidence from an audit procedure for more than one purpose the procedure needs to be designed and performed to achieve each of the relevant objectives; (iii) provided additional details regarding auditor responsibilities for evaluating the reliability of external information maintained by the company in electronic form and used as audit evidence; (iv) clarified the differences between ‘‘tests of details’’ and ‘‘analytical procedures,’’ and emphasized the importance of appropriate disaggregation or detail of information to the relevance of audit evidence; and (v) updated certain terminology in AS 1105 to reflect the greater availability of information in electronic form and improve the consistency of the use of such terminology throughout the standard. The Board received 21 comment letters on the proposal. Commenters included an investor-related group, registered public accounting firms (‘‘firms’’), firm-related groups, academics, and others. The Board considered all comments in developing the final amendments, and specific comments are discussed in the analysis 5 Proposed Amendments Related to Aspects of Designing and Performing Audit Procedures that Involve Technology-Assisted Analysis of Information in Electronic Form, PCAOB Rel. No. 2023–004 (June 26, 2023) (‘‘proposal’’ or ‘‘proposing release’’). PO 00000 Frm 00163 Fmt 4703 Sfmt 4703 that follows. Commenters generally supported the Board’s efforts to modernize the auditing standards to specifically address certain aspects of designing and performing audit procedures that involve technologyassisted analysis, and some commenters offered suggestions to improve and clarify the proposed amendments. Existing Requirements The final amendments modify certain requirements of PCAOB standards relating to audit evidence and responses to risk (AS 1105 and AS 2301). AS 1105 explains what constitutes audit evidence and establishes requirements regarding designing and performing audit procedures to obtain sufficient appropriate audit evidence. AS 2301 establishes requirements regarding designing and implementing appropriate responses to identified and assessed risks of material misstatement. The following discussion provides a high-level overview of the areas of the PCAOB standards that the amendments address. The discussion further below provides additional details regarding the specific requirements that the Board amended. Classification of Audit Procedures (See Figure 1 below)—Under PCAOB standards, audit procedures can be classified into either risk assessment procedures or further audit procedures, which consist of tests of controls and substantive procedures. Substantive procedures include tests of details and substantive analytical procedures.6 Existing standards provide examples of specific audit procedures 7 and describe what constitutes a substantive analytical procedure,8 but do not describe what constitutes a test of details. PCAOB standards do not preclude the auditor from designing and performing audit procedures to accomplish more than one purpose. The purpose of an audit procedure determines whether it is a risk assessment procedure, test of controls, or substantive procedure.9 Figure 1. Classification of Audit Procedures BILLING CODE 8011–01–P 6 See AS 1105.13. AS 1105.15–.21. 8 See AS 2305, Substantive Analytical Procedures. 9 See AS 1105.14. 7 See E:\FR\FM\02JYN1.SGM 02JYN1 54925 Federal Register / Vol. 89, No. 127 / Tuesday, July 2, 2024 / Notices Risk Assessment Procedures Identifying and Assessing Risks of Material Misstatement Further Audit Procedures Addressing the Assessed Risks of Material Misstatement Substantive Procedures Tests of Controls Substantive Analytical Procedures Tests of Details* ; • Required when addressing significant risks ----- ------------------· J ! 1 Examples of Specific Audit Procedures Inspection Inquiry Observation Recalculation Reperformance Confirmation Analytical Procedures The purpose of an audit procedure determines whether it is a risk assessment procedure, test of controls, or substantive procedure. ----------------------------------- lotter on DSK11XQN23PROD with NOTICES1 BILLING CODE 8011–01–C Items Identified for Investigation in a Test of Details—Designing substantive tests of details and tests of controls includes determining the means of selecting items for testing. Under existing standards, the alternative means of selecting items for testing include selecting specific items, selecting a sample that is expected to be representative of the population (i.e., audit sampling), or selecting all items. The auditor may decide to select for testing specific items within a population because they are important to accomplishing the objective of the audit procedure or because they exhibit VerDate Sep<11>2014 17:34 Jul 01, 2024 Jkt 262001 some other characteristic.10 Existing PCAOB standards specify the auditor’s responsibilities for planning, performing, and evaluating an audit sample,11 but do not specify the auditor’s responsibilities for addressing items identified when performing a test of details on specific items, or all items, within a population. Relevance and Reliability of Audit Evidence—Under PCAOB standards, audit evidence is all the information, whether obtained from audit procedures or other sources, that is used by the PO 00000 10 See 11 See AS 1105.22–.27. AS 2315, Audit Sampling. Frm 00164 Fmt 4703 Sfmt 4703 ' auditor in arriving at the conclusions on which the auditor’s opinion is based.12 PCAOB standards require the auditor to plan and perform audit procedures to obtain sufficient appropriate audit evidence to provide a reasonable basis for their audit opinion. Sufficiency is the measure of the quantity of audit evidence, and appropriateness is the measure of its quality. To be appropriate, audit evidence must be both relevant and reliable in providing support for the auditor’s conclusions.13 12 See 13 See E:\FR\FM\02JYN1.SGM AS 1105.02. AS 1105.04–.06. 02JYN1 EN02JY24.000</GPH> ~--- 54926 Federal Register / Vol. 89, No. 127 / Tuesday, July 2, 2024 / Notices lotter on DSK11XQN23PROD with NOTICES1 The relevance of audit evidence depends on the design and timing of the audit procedure. The reliability of audit evidence depends on the nature and source of the evidence and the circumstances under which it is obtained, such as whether the information is provided to the auditor by the company being audited and whether the company’s controls over that information are effective.14 In addition, when using information produced by the company as audit evidence, the auditor is responsible for evaluating whether the information is sufficient and appropriate for purposes of the audit.15 Existing PCAOB standards do not specify auditor responsibilities regarding information the company received from one or more external sources and provided in electronic form to the auditor to use as audit evidence. Current Practice The Board’s research indicated that audit procedures involving technologyassisted analysis are an important component of many audits. The use of technology-assisted analysis has expanded over the last decade as more accounting firms, including smaller firms, incorporate such analysis as part of their audit procedures. However, the investment in and use of technologyassisted analysis vary across registered firms and across individual audit engagements within a firm.16 The greater availability of both information in electronic form and technology-based tools to analyze such information has contributed significantly to the increase in the use of technology-assisted analysis by auditors. More companies use enterprise resource planning (‘‘ERP’’) and other information systems that maintain large volumes of information in electronic form, including information generated internally by the company and information that the company receives from external sources. Significant volumes of this information are available to auditors for use in performing audit procedures. Powerful technology-based tools that process and analyze large volumes of information have become more readily available to auditors. As a result, auditors sometimes apply technologyassisted analysis to the entire population of transactions within one or more financial statement accounts or disclosures. The Board’s research indicated that auditors primarily use 14 See AS 1105.07–.08. 15 See AS 1105.10. 16 See also further discussion below. VerDate Sep<11>2014 17:34 Jul 01, 2024 Jkt 262001 technology-assisted analysis to identify and assess risks of material misstatement. Technology-assisted analysis enables the auditor to identify new risks or to refine the assessment of known risks. For example, by analyzing a full population of revenue transactions, an auditor may identify certain components of the revenue account as subject to higher risks or may identify new risks of material misstatement associated with sales to a particular customer or in a particular location. Increasingly, some auditors also have been using technology-assisted analysis in audit procedures that respond to assessed risks of material misstatement, including in substantive procedures. For example, such analysis has been used to test the details of all items in a population, assist the auditor in selecting specific items for testing based on auditor-developed criteria, or identify items for further investigation when performing a test of details. The staff has observed that auditors’ use of technology-assisted analysis occurs mostly in the testing of revenue and related receivable accounts, inventory, journal entries, expected credit losses, and investments.17 As discussed below, some auditors use audit evidence obtained from such analysis to achieve more than one purpose. Audit methodologies of several firms affiliated with global networks address the use of technology-assisted analysis by the firms’ audit engagement teams. For example, the methodologies specify audit engagement teams’ responsibilities for: (i) designing and performing audit procedures that involve technologyassisted analysis (e.g., determining whether an audit procedure is a substantive procedure); (ii) evaluating analysis results (e.g., whether identified items indicate misstatements or whether performing additional procedures is necessary to obtain sufficient appropriate audit evidence); and (iii) evaluating the relevance and reliability of information used in the analysis. Commenters on the proposal generally agreed with the description of the current audit practice and the auditor’s use of technology-assisted analysis. One of these commenters noted that, in addition, auditors can also use technology-assisted analysis to help understand a company’s flow of transactions, especially given increases 17 See PCAOB, Spotlight: Staff Update and Preview of 2021 Inspection Observations (Dec. 2022), at 15, available at https://pcaobassets.azureedge.net/pcaob-dev/docs/defaultsource/documents/staff-preview-2021-inspectionobservations-spotlight.pdf?sfvrsn=d2590627_2/. PO 00000 Frm 00165 Fmt 4703 Sfmt 4703 in the number and complexities of a company’s information systems. Reasons To Improve the Auditing Standards The amendments in this release are intended to improve audit quality through principles-based requirements that apply to all audits. 1. Areas of Improvement The amendments are designed to decrease the likelihood that an auditor who performs audit procedures using technology-assisted analysis will issue an auditor’s report without obtaining sufficient appropriate audit evidence that provides a reasonable basis for the opinion expressed in the report. Observations from the PCAOB’s Data and Technology research project indicate that some auditors are using technology-assisted analysis in audit procedures whereas others may be reluctant to do so due to perceived regulatory uncertainty. The research further suggests that clarifications to PCAOB standards could more specifically address certain aspects of designing and performing audit procedures that involve technologyassisted analysis. The Board’s Investor Advisory Group has also noted that auditors’ use of technology-assisted analysis is an area of concern due to auditors’ potential overreliance on company-produced information, and that addressing the use of such analysis in the standards could be beneficial.18 Using technology-assisted analysis may enhance the effectiveness of audit procedures. For example, analyzing larger volumes of information and in more depth may better inform the auditor’s risk assessment by providing different perspectives, providing more information when assessing risks, and exposing previously unidentified relationships that may reveal new risks. At the same time, inappropriate application of PCAOB standards when designing and performing audit procedures that involve technologyassisted analysis has the potential to compromise the quality of audits where the procedures are used. For example, PCAOB oversight activities have found instances of noncompliance with PCAOB standards related to evaluating the relevance and reliability of company-provided information and evaluating certain items identified in audit procedures involving technologyassisted analysis.19 18 See Proposing Release at 12 for additional discussion of investors’ concerns. 19 See, e.g., PCAOB, Spotlight: Staff Update and Preview of 2020 Inspection Observations (Oct. E:\FR\FM\02JYN1.SGM 02JYN1 Federal Register / Vol. 89, No. 127 / Tuesday, July 2, 2024 / Notices The amendments to existing PCAOB standards in this release address aspects of designing and performing audit procedures that involve technologyassisted analysis where the Board identified the need for additional specificity or clarity in the existing standards.20 These aspects include areas where PCAOB oversight activities have identified instances of noncompliance with PCAOB standards and areas where auditors have raised questions during the Board’s research regarding the applicability of PCAOB standards to the use of technology-assisted analysis. The discussion below describes the amendments in more detail. The discussion further below describes alternatives that the Board considered. lotter on DSK11XQN23PROD with NOTICES1 2. Comments on the Reasons To Improve Commenters generally supported the Board’s efforts to modernize its auditing standards to specifically address aspects of designing and performing audit procedures that involve technologyassisted analysis. Several commenters highlighted that auditors’ use of technologies, including technologyassisted analysis, continues to grow, and one of these commenters noted that the proposal is an important step forward to address this rapidly changing environment. An investor-related group stated that PCAOB standards should directly address auditors’ use of technology and data, and that the proposed amendments to AS 1105 and AS 2301 were responsive to their concern about auditor overreliance on technology-assisted analysis. Commenters also generally supported the principles-based nature of the proposed amendments and the Board’s decision not to require the use of technology-assisted analysis. One commenter, for example, noted that audit procedures performed using technology-based tools may not always provide sufficient appropriate audit evidence. An investor-related group, however, recommended that the Board consider requiring auditors to use certain (but unspecified) types of technology-based tools that financial research and investment management 2021), at 9, PCAOB, Spotlight: Staff Update and Preview of 2021 Inspection Observations (Dec. 2022), at 15, and PCAOB, Spotlight: Staff Update and Preview of 2022 Inspection Observations (July 2023), at 12, available at https://pcaobus.org/ resources/staff-publications. 20 Other PCAOB standard-setting projects may address other aspects of firms’ and auditors’ use of technology in performing audits. For example, see paragraphs .44h, .47h, and .51 of QC 1000, A Firm’s System of Quality Control, PCAOB Rel. No. 2024– 005 (May 13, 2024), which discusses a firm’s responsibilities related to technological resources. VerDate Sep<11>2014 17:34 Jul 01, 2024 Jkt 262001 firms have used to analyze financial statements. As discussed further below, requiring the use of technology would have been outside the scope of the project. The Board retained the principles-based nature of the proposed amendments within the final amendments, so that the standards are flexible and can adapt to the continued evolution of technology. Several commenters stated that the Board should consider the effect of auditors’ and companies’ use of technology more broadly on the audit. One commenter stated that technology will need to be an ongoing focus for the Board in its standard setting given the evolving nature of technology, and that broader change may be needed. This commenter also recommended a more holistic standard-setting approach that is interconnected with other PCAOB projects. Other commenters stated that as technology continues to evolve, the Board should continue to research and evaluate the need for standard setting related to other types of technology used in the audit, such as artificial intelligence. Academics emphasized the need for the PCAOB to be forwardthinking to regulate in this area. As the Board stated in the proposal, these amendments address only one area of auditors’ use of technology— certain aspects of designing and performing audit procedures that involve technology-assisted analysis. Other areas continue to be analyzed as part of the Board’s ongoing research activities. In addition, the Board’s Technology Innovation Alliance Working Group continues to advise the Board on the use of emerging technologies by auditors and preparers relevant to audits and their potential impact on audit quality.21 These ongoing activities may inform future standard-setting projects. Commenters also expressed a need for more guidance and illustrative examples. One of these commenters stated that additional explanatory materials or separate guidance could help maintain competition among firms. Another stated that insights from the PCAOB’s research and oversight activities would benefit small and midsized accounting firms in identifying and selecting appropriate tools. Throughout this release, where appropriate, the Board has incorporated examples and considerations for applying the final amendments. The examples and considerations highlight the principles-based nature of the amendments and emphasize that the nature, timing, and extent of the auditor’s procedures will depend on the facts and circumstances of the audit engagement. In addition, the staff’s ongoing research activities will continue to evaluate the need for staff guidance. Discussion of the Final Amendments Specifying Auditor Responsibilities When Performing Tests of Details See paragraphs .10 and .48 through .50 of AS 2301 of the amendments. 1. Clarifying ‘‘Test of Details’’ The Board proposed to amend AS 1105.13 and .21 to address the differences between the terms ‘‘test of details’’ and ‘‘analytical procedures,’’ by clarifying the meaning of the term ‘‘test of details.’’ The proposed amendments stated that a test of details involves performing audit procedures with respect to individual items included in an account or disclosure, whereas analytical procedures generally do not involve evaluating individual items, unless those items are part of the auditor’s investigation of significant differences from expected amounts. The Board adopted the proposed description of a ‘‘test of details’’ with certain modifications as discussed further below, including relocating the description from AS 1105 to new paragraph .48 in AS 2301. Under PCAOB standards, the auditor’s responses to risks of material misstatement involve performing substantive procedures for each relevant assertion of each significant account and disclosure, regardless of the assessed level of control risk.22 Substantive procedures under PCAOB standards include tests of details and substantive analytical procedures.23 Appropriately designing and performing an audit procedure to achieve a particular objective is key to appropriately addressing the risks assessed by the auditor. For significant risks of material misstatement, including fraud risks, the auditor is required to perform substantive procedures, including tests of details that are specifically responsive to the assessed risk.24 PCAOB standards also state that it is unlikely that audit evidence obtained from substantive analytical procedures alone would be sufficient.25 22 See AS 2301.36. AS 1105.13.b(2). 24 See AS 2301.11 and .13 (specifying the auditor’s responsibilities for responses to significant risks, which include fraud risks). 25 See AS 2305.09. 23 See 21 See PCAOB Technology Innovation Alliance Working Group, available at https://pcaobus.org/ about/working-groups-task-forces/technologyinnovation-alliance-working-group. PO 00000 Frm 00166 Fmt 4703 Sfmt 4703 54927 E:\FR\FM\02JYN1.SGM 02JYN1 lotter on DSK11XQN23PROD with NOTICES1 54928 Federal Register / Vol. 89, No. 127 / Tuesday, July 2, 2024 / Notices As discussed in the proposal, the use of ‘‘data analytics’’ or ‘‘data analysis’’ in practice and the use of the term ‘‘analytical procedures’’ in PCAOB standards have led to questions about whether an audit procedure involving technology-assisted analysis can be a test of details (i.e., not an analytical procedure as described under PCAOB standards). The distinction is important because of the requirement in PCAOB standards that the auditor perform tests of details when responding to an assessed significant risk of material misstatement. Relying on analytical procedures alone to address an assessed significant risk is not sufficient. Commenters on this topic supported clarifying the meaning of tests of details and that tests of details involve performing audit procedures at an individual item level. However, several commenters stated that with technology-assisted analysis, aspects of a substantive analytical procedure may also be performed at an individual item level. Some commenters provided examples where the auditor uses a technology-assisted analysis to develop an expectation of recorded amounts for individual items in an account and aggregates the individual amounts to compare to the aggregated amount recorded by the company. One commenter suggested clarifying the term ‘‘individual items’’ given the varying forms and level of disaggregation of data obtained for analysis by the auditor. This commenter suggested further clarifying that consideration be given to the objective of the audit procedure, the nature of the procedure to be applied, and the evidence necessary to meet the objective of the audit procedure. Another commenter sought additional information related to circumstances where a procedure would not be considered a test of details because it was not applied to individual items in an account. Some commenters, mostly firms, expressed a preference that the standards not compare tests of details to analytical procedures. For example: • A firm-related group stated that the proposed clarification was unnecessarily nuanced. • Another commenter stated that the proposed description of analytical procedures as compared to tests of details was not accurate and could cause confusion. • Other commenters stated that analytical procedures are clearly defined in PCAOB standards and are well understood by auditors, and that comparing tests of details to analytical procedures is unnecessary. VerDate Sep<11>2014 17:34 Jul 01, 2024 Jkt 262001 • Some commenters suggested evaluating the proposed amendments together with the Board’s standardsetting project to address substantive analytical procedures. Other commenters stated that technology-assisted analysis continues to make classification of procedures between tests of details and analytical procedures more challenging because some procedures may exhibit characteristics of both types of procedures. These commenters suggested that the auditing standards focus on the sufficiency and appropriateness of evidence obtained from an audit procedure instead of clarifying the terminology of tests of details and analytical procedures. Some commenters also stated that the development of an expectation differentiates an analytical procedure from a test of details. Having considered the comments received, the Board made several changes to the proposed description of a ‘‘test of details.’’ The final amendments state that a test of details involves performing audit procedures with respect to items included in an account or disclosure (e.g., the date, amount, or contractual terms of a transaction). When performing a test of details, the auditor should apply audit procedures that are appropriate to the particular audit objectives to each item selected for testing. First, the Board relocated the description of a ‘‘test of details’’ and related requirements to a new section of AS 2301, in new paragraph .48. The Board believes that describing a test of details within AS 2301 is appropriate because tests of details are performed as substantive procedures to address assessed risks of material misstatement. The description uses the term ‘‘items included in an account or disclosure’’ instead of ‘‘individual items.’’ The change in terminology was made to more closely align with the description of items selected for testing in existing AS 1105.22–.23. Second, the Board revised the amendment to clarify that when performing a test of details, the auditor should apply the audit procedures that are appropriate to the particular audit objectives to each item selected for testing. This provision focuses the auditor on the objectives of the audit procedures being performed and is consistent with existing requirements for audit sampling.26 The Board believes that an emphasis on the objectives of the audit procedures, regardless of the means of selecting items for testing in PO 00000 26 See AS 2315.25. Frm 00167 Fmt 4703 Sfmt 4703 the test of details, continues to be important and is aligned with the final amendments to AS 1105.14 (using an audit procedure for more than one purpose), which are discussed below in this release.27 Lastly, the final amendments do not compare tests of details to analytical procedures, and the Board did not amend the existing description of analytical procedures in AS 1105.21. Because of the overlap between the description of analytical procedures and substantive analytical procedures, further potential amendments to the description of analytical procedures are being considered as part of the Board’s standard-setting project to address substantive analytical procedures.28 In addition, comments the Board received related to the auditor’s use of substantive analytical procedures were taken into consideration in that project. The final amendments are not intended to define ‘‘items included in an account or disclosure’’ because such a definition is impractical given the variety of accounts and disclosures subject to tests of details. The auditor would determine the level of disaggregation or detail of the items within the account or disclosure based on the facts and circumstances of the audit engagement, including the assessed risk and the relevant assertion intended to be addressed, and the objective of the procedure. In addition, the Board considered the comments suggesting that the amendments focus on the sufficiency and appropriateness of evidence obtained from performing audit procedures instead of describing categories of procedures. Considering current practice and the nature of audit procedures performed currently, the Board continues to believe that the existing standards are sufficiently clear in describing auditors’ responsibilities for obtaining and evaluating audit evidence. The Board’s ongoing research has not identified specific examples of substantive analytical procedures that, by themselves, would provide sufficient appropriate audit evidence to respond 27 See discussion below. Board has a separate standard-setting project on its short-term standard-setting agenda (https://pcaobus.org/oversight/standards/standardsetting-research-projects) related to substantive analytical procedures. In connection with that project, the Board has proposed changes to the auditor’s responsibilities regarding the use of substantive analytical procedures, including the requirements described in AS 2305 and AS 1105. See Proposed Auditing Standard—Designing and Performing Substantive Analytical Procedures and Amendments to Other PCAOB Standards, PCAOB Rel. No. 2024–006 (June 12, 2024) (included in PCAOB Rulemaking Docket No. 56). 28 The E:\FR\FM\02JYN1.SGM 02JYN1 Federal Register / Vol. 89, No. 127 / Tuesday, July 2, 2024 / Notices lotter on DSK11XQN23PROD with NOTICES1 to a significant risk. Commenters also did not provide such examples. Therefore, the Board believes retaining the categories of procedures as tests of details and substantive analytical procedures continues to be appropriate. 2. Specifying Auditor Responsibilities When Investigating Items Identified The Board proposed to add a new paragraph .37A to AS 2301 that specified matters for the auditor to consider when investigating items identified through using criteria established by the auditor in designing or performing substantive procedures on all or part of a population of items. Under the proposed paragraph, when the auditor establishes and uses criteria to identify items for further investigation, as part of designing or performing substantive procedures, the auditor’s investigation should consider whether the identified items: • Provide audit evidence that contradicts the evidence upon which the original risk assessment was based; • Indicate a previously unidentified risk of material misstatement; • Represent a misstatement or indicate a deficiency in the design or operating effectiveness of a control; or • Otherwise indicate a need to modify the auditor’s risk assessment or planned audit procedures. The proposed requirement included a note providing that inquiry of management may assist the auditor and that the auditor should obtain audit evidence to evaluate the appropriateness of management’s responses. The Board adopted the proposed provisions with certain modifications as discussed further below, including relocating the requirements from proposed paragraph .37A to new paragraphs .49 and .50 in AS 2301. The Board also made a conforming amendment to paragraph .10 of AS 2301 to include a reference to paragraphs .48 through .50. As discussed above, designing substantive tests of details and tests of controls includes determining the means of selecting items for testing. The alternative means of selecting items for testing consist of selecting all items; selecting specific items; and audit sampling. As discussed in the proposal, the Board’s research has indicated that auditors use technology-assisted analysis to identify specific items within a population (e.g., an account or class of transactions) for further investigation. For example, auditors may identify all revenue transactions above a certain amount, transactions processed by certain individuals, or VerDate Sep<11>2014 17:34 Jul 01, 2024 Jkt 262001 transactions where the shipping date does not match the date of the invoice. Because technology-assisted analysis may enable the auditor to examine all items in a population, it is possible that the analysis may return dozens or even hundreds of items within the population that meet one or more criteria established by the auditor. Considering current practice, the Board stated in the proposal that PCAOB standards should be modified to address the auditor’s responsibilities in such scenarios more directly. The auditor’s appropriate investigation of identified items is important both for identifying and assessing the risks of material misstatement and for designing and implementing appropriate responses to the identified risks. Commenters were supportive of the principles-based nature of the proposed amendment and agreed with the Board’s decision not to prescribe the nature, timing, or extent of investigation procedures. However, commenters also asked for further clarification, guidance, and examples to address different scenarios that the auditor encounters when 100 percent of a population is tested, given that certain requirements in proposed AS 2301.37A exist in the standards today. Some commenters said it was unclear how proposed AS 2301.37A was different from requirements in existing standards related to the auditor’s ongoing risk assessment, and the auditor’s responsibility to revise their risk assessment under certain scenarios and to evaluate the results of audit procedures. Several commenters noted that existing standards address auditors’ responsibilities when investigating items under certain scenarios. These commenters observed, for example, that AS 2110, Identifying and Assessing Risks of Material Misstatement, applies when the auditor uses technologyassisted analysis to identify and assess risks of material misstatement, and AS 2110.74 and AS 2301.46 apply when the items identified by the auditor when using technology-assisted analysis indicate a new risk of misstatement or a need to modify the auditor’s risk assessment. One commenter asked whether identifying items for further investigation was intended to describe only scenarios where specific items are selected for testing. One commenter noted that the proposed amendment implied that technology-assisted analysis could be used only for purposes of risk assessment or selecting specific items for testing. Another commenter stated that it is important for the auditor’s investigation of items to include PO 00000 Frm 00168 Fmt 4703 Sfmt 4703 54929 determining whether there is a control deficiency. Several commenters asked that the Board clarify whether sampling can be applied to items identified for investigation or whether the auditor is expected to test 100 percent of the identified items. Some commenters also asked the Board to clarify whether the evidence obtained would be considered sufficient and appropriate, or if the auditor would be required to perform further procedures, in situations where a technology-assisted analysis over an entire population (e.g., matching quantities invoiced to quantities shipped) did not identify any items for investigation. One commenter recommended that the amendments be extended to address the auditor’s responsibilities over other items in the population not identified for investigation. Two commenters asked the Board to clarify how the proposed amendment and existing standard would apply when the technologyassisted analysis is modified after the original analysis is complete. Consistent with the proposal, the final requirements are principles-based and intended to be applied to all means of selecting items for a test of details (e.g., selecting all items, selecting specific items, and audit sampling). The Board continues to believe that appropriately addressing the items identified by the auditor for further investigation in a test of details is an important part of obtaining sufficient appropriate audit evidence, because these items individually or in the aggregate may indicate misstatements or deficiencies in the design or operating effectiveness of a control. In response to comments received, the final amendments reflect several modifications from the proposal. First, the Board reframed the requirements to focus on the auditor’s investigation of items when performing a test of details as part of the auditor’s response to assessed risks. The Board narrowed the requirement to apply only to tests of details because, as commenters noted, existing PCAOB standards describe the auditor’s responsibility to investigate items identified when performing substantive analytical procedures.29 In addition, the Board did not repeat the considerations related to the auditor’s risk assessment that are required under existing PCAOB standards as described above. The Board believes these changes alleviate potential confusion about how the 29 See AS 2305.20–.21 (providing that the auditor should evaluate significant unexpected differences when performing a substantive analytical procedure). See also PCAOB Rel. No. 2024–006 (proposing amendments to AS 2305). E:\FR\FM\02JYN1.SGM 02JYN1 lotter on DSK11XQN23PROD with NOTICES1 54930 Federal Register / Vol. 89, No. 127 / Tuesday, July 2, 2024 / Notices requirements are intended to be applied. The Board also removed the proposed note requiring the auditor to obtain audit evidence when evaluating the appropriateness of management’s responses to inquiries, because existing PCAOB standards already address this point by noting that inquiry alone does not provide sufficient appropriate evidence to support a conclusion about a relevant assertion.30 Second, the requirements have been relocated into two new paragraphs (.49 and .50) in AS 2301, which are designed to work together. Paragraph .49 applies to all tests of details, regardless of the means of selecting items used by the auditor. The requirement states that when performing a test of details, the auditor may identify items for further investigation. For example, an auditor may identify balances or transactions that contain, or do not contain, a certain characteristic or that are valued outside of a range. The final amendment emphasizes that when such items are identified, audit procedures that the auditor performs to investigate the identified items are part of the auditor’s response to the risks of material misstatement. The auditor determines the nature, timing, and extent of such procedures in accordance with PCAOB standards. The final amendment also provides that the auditor’s investigation of the identified items should include determining whether the items individually or in the aggregate indicate (i) misstatements that should be evaluated in accordance with AS 2810 or (ii) deficiencies in the company’s internal control over financial reporting. When the auditor identifies items for further investigation in a test of details, the final amendment does not prescribe the nature, timing, and extent of audit procedures to be performed regarding the identified items, including whether those procedures are performed on the items individually or in the aggregate. Prescribing specific procedures would be impracticable considering the multitude of possible scenarios encountered in practice. The nature of the identified items and likely sources of potential misstatements are examples of factors that would inform the auditor’s approach. To comply with PCAOB standards, the nature, timing, and extent of the audit procedures performed, including the means of selecting items, should enable the auditor to obtain evidence that, in combination with other relevant evidence, is sufficient to meet the objective of the test of details. 30 See AS 1105.17 and AS 2301.39. VerDate Sep<11>2014 17:34 Jul 01, 2024 Jkt 262001 In some cases, an auditor may be able to group the identified items (e.g., items with a common characteristic) and perform additional audit procedures to determine whether the items indicate misstatements or control deficiencies by group.31 In other cases, it may not be appropriate to group the items identified for investigation.32 Further, the auditor’s investigation could also identify new relevant information (e.g., regarding the types of potential misstatements) and the auditor may need to modify the audit response. When a test of details is performed on specific items selected by the auditor,33 the final amendments discuss the auditor’s responsibilities for addressing the remaining items in the population. When the auditor selects specific items in an account or disclosure for testing, new paragraph .50 provides that the auditor should determine whether there is a reasonable possibility that remaining items within the account or disclosure include a misstatement that, individually or when aggregated with others, would have a material effect on the financial statements.34 If the auditor determines that there is a reasonable possibility of such a risk of material misstatement in the items not selected for testing, the auditor should perform substantive procedures that address the assessed risk.35 As discussed in the proposing release, the auditor’s responsibilities over other items in the population are described in existing PCAOB standards, and the final requirement (AS 2301.50) reminds the auditor of those responsibilities. The final amendments do not specify, as suggested by some commenters, whether the evidence obtained would be considered sufficient and appropriate, or whether the auditor would be required to perform further procedures, in situations where a technology-assisted analysis over an entire population did not identify any items for investigation. Because facts and circumstances vary, it is not possible to specify scenarios that would 31 For example, in a test of revenue, the auditor may discover that the identified differences between customer invoices and payments are caused by variations in the exchange rate, but such differences are both in accordance with the terms of the customer contracts and appropriately accounted for by the company. In this example, grouping the differences for the purpose of performing additional procedures may be appropriate. 32 For example, in circumstances where the identified items are unrelated to each other, it may not be appropriate for the auditor to group these items for the purpose of performing additional procedures. 33 See AS 1105.25–.27. 34 See AS 2110. 35 See AS 2301.08 and .36. PO 00000 Frm 00169 Fmt 4703 Sfmt 4703 provide sufficient appropriate audit evidence. Consistent with existing standards, for an individual assertion, different types and combinations of substantive procedures might be necessary to detect material misstatements in the respective assertions.36 For example, in addition to performing a technology-assisted analysis of company-produced information to match quantities invoiced to quantities shipped, other audit procedures, such as examining a sample of information that the company received from external sources (e.g., purchase orders and cash receipts), may be necessary to obtain sufficient appropriate audit evidence for the relevant assertion. The auditor would be required to document the purpose, objectives, evidence obtained, and conclusions reached from the procedures in accordance with the existing provisions of AS 1215, Audit Documentation.37 Specifying Auditor Responsibilities When Using an Audit Procedure for More Than One Purpose See paragraph .14 of AS 1105 of the amendments. The Board proposed to amend paragraph .14 of AS 1105 by adding a sentence to specify that if an auditor uses audit evidence from an audit procedure for more than one purpose, the auditor should design and perform the procedure to achieve each of the relevant objectives of the procedure. The proposed amendment was intended to supplement existing PCAOB standards because the Board’s research indicated that: (i) technology-assisted analysis could be used in a variety of audit procedures, including risk assessment and further audit procedures (such as tests of details and substantive analytical procedures); (ii) an audit procedure that involves technologyassisted analysis may provide relevant and reliable evidence for more than one purpose (e.g., identifying and assessing risks of material misstatement and addressing assessed risks); and (iii) questions have been raised about whether the evidence obtained from an audit procedure that involves technology-assisted analysis can be used for more than one purpose. The Board adopted the amendment substantially as proposed, with certain modifications to clarify and simplify the sentence, as discussed below. As amended, the sentence added to paragraph .14 provides that ‘‘[i]f the auditor uses an audit procedure for more than one 36 See 37 See E:\FR\FM\02JYN1.SGM AS 2301.40. AS 1215.04–.06. 02JYN1 Federal Register / Vol. 89, No. 127 / Tuesday, July 2, 2024 / Notices purpose, the auditor should achieve each objective of the procedure.’’ Under existing PCAOB standards, the purpose of an audit procedure determines whether it is a risk assessment procedure, test of controls, or substantive procedure.38 Although AS 1105 describes specific audit procedures, it does not specify whether an audit procedure may be designed to achieve more than one purpose; nor does it preclude the auditor from designing and performing multi-purpose audit procedures.39 In fact, other PCAOB standards have long permitted auditors to use audit evidence for more than one purpose through the performance of properly designed ‘‘dual-purpose’’ procedures in certain scenarios.40 Considering the variety of applications of technology-assisted analysis throughout the audit, the Board stated in the proposal that PCAOB standards could be modified to more specifically address when an auditor uses audit evidence from an audit procedure for more than one purpose, to facilitate the auditor’s design and performance of audit procedures that provide sufficient appropriate audit evidence. The proposal explained that audit procedures involving technologyassisted analysis are not always multipurpose procedures. For example, a technology-assisted analysis that is used to analyze a population of revenue transactions to identify significant new products may provide audit evidence only to assist the auditor with identifying and assessing risks (a risk assessment procedure). But if the procedure also involves obtaining audit evidence to address the risk of material misstatement associated with the occurrence of revenue, the procedure would be a multi-purpose procedure. Commenters, including an investorrelated group, supported the objective of the amendment to specify the auditor’s responsibilities when using audit evidence for more than one purpose. One commenter stated that the proposed amendment appears to prohibit an auditor from using audit evidence obtained later in the audit. In that 38 See AS 1105.14. interpretation was highlighted in a 2020 PCAOB staff publication. See PCAOB, Spotlight: Data and Technology Research Project Update (May 2020), at 4, available at https://pcaobus.org/ Documents/Data-Technology-Project-Spotlight.pdf. 40 See, e.g., AS 2110.39 (‘‘The auditor may obtain an understanding of internal control concurrently with performing tests of controls if he or she obtains sufficient appropriate evidence to achieve the objectives of both procedures’’) and AS 2301.47 (discussing performance of a substantive test of a transaction concurrently with a test of a control relevant to that transaction (a ‘‘dual-purpose test’’)). lotter on DSK11XQN23PROD with NOTICES1 39 This VerDate Sep<11>2014 17:34 Jul 01, 2024 Jkt 262001 commenter’s view, the amendment implied that the auditor must intend to use the audit procedure for more than one purpose, which could be viewed as contradicting the principle that risk assessment should continue throughout the audit. Several commenters stated that the proposed amendment implied that, for an auditor to use audit evidence for more than one purpose, the auditor would need to know all of the purposes initially when designing the procedure. These commenters added that audit procedures that use technology-assisted analysis can be more iterative in nature and may not be designed for all the purposes that they ultimately fulfill through the nature of the evidence they generate. For example, one commenter noted that when using technologyassisted analysis to substantively test a population of transactions, the auditor may identify a sub-population of transactions that exhibit different characteristics than the rest of the population and use that information to modify the risk assessment of the subpopulation. Another commenter noted that an audit procedure may be designed as a risk assessment procedure, but the technology-assisted analysis may provide audit evidence for assertions about classes of transactions or account balances or other evidence regarding the completeness and accuracy of information produced by the company used in the performance of other audit procedures. These commenters suggested that the amendment be revised by focusing on evaluating the audit evidence obtained from the procedure. The proposed amendment was not intended to imply that the auditor should not evaluate or consider information obtained from an audit procedure that the auditor was not aware of when initially designing the procedure or that the auditor obtains after a procedure is completed. As noted in the proposal, an auditor may use audit evidence from an audit procedure that involves technology-assisted analysis to achieve one or more objectives, depending on the facts and circumstances of the company and the audit. Further, the auditor would be required to consider and evaluate such information under existing PCAOB standards. For example, as one commenter noted, existing AS 1105 states that audit evidence is all the information, whether obtained from audit procedures or other sources, that is used by the auditor in arriving at the conclusions on which the auditor’s PO 00000 Frm 00170 Fmt 4703 Sfmt 4703 54931 opinion is based.41 Another commenter observed that existing PCAOB standards provide that the auditor’s assessment of the risks of material misstatement, including fraud risks, continues throughout the audit.42 The Board continues to believe that in order for an auditor to use an audit procedure for more than one purpose (i.e., as more than a risk assessment procedure, test of controls, or substantive procedure alone), the auditor would need to determine that each of the objectives of the procedure has been achieved. Therefore, after considering the comments received, the Board retained the requirement but removed the reference to ‘‘design and perform the procedure.’’ The auditor’s responsibilities for designing and performing procedures are already addressed in AS 2110 and AS 2301. Therefore, the final amendment to paragraph .14 of AS 1105 states that ‘‘[i]f the auditor uses an audit procedure for more than one purpose, the auditor should achieve each objective of the procedure.’’ As noted in the proposal, the purpose, objective, and results of multi-purpose procedures should be clearly documented. Under existing PCAOB standards, audit documentation must contain sufficient information to enable an experienced auditor, having no previous connection with the engagement, to understand the nature, timing, extent, and results of the procedures performed, evidence obtained, and conclusions reached.43 Accordingly, audit documentation should make clear each purpose of the multi-purpose procedure, the results of the procedure, the evidence obtained, the conclusions reached, and how the auditor achieved each objective of the procedure. Commenters were supportive of acknowledging the auditor’s documentation responsibilities when using audit evidence for more than one purpose. An investor-related group commented that the audit planning documentation should support how each procedure will achieve each objective and that the audit work papers should document that the work performed achieved each objective. Another commenter also concurred with the notion that the purpose, objective, and results of multi-purpose procedures should be clearly documented. One commenter noted it was unclear whether there are any incremental 41 See AS 1105.02. e.g., AS 2110.74 and AS 2301.46. 43 See AS 1215.04–.06. 42 See, E:\FR\FM\02JYN1.SGM 02JYN1 lotter on DSK11XQN23PROD with NOTICES1 54932 Federal Register / Vol. 89, No. 127 / Tuesday, July 2, 2024 / Notices documentation expectations in comparison to current practice. Under PCAOB standards, audit documentation should be prepared in sufficient detail to provide a clear understanding of its purpose, source, and the conclusions reached.44 This applies also for procedures performed that involve technology-assisted analysis. Therefore, the Board believes that specifying further documentation requirements is unnecessary. Some commenters suggested that the Board provide an example of using audit evidence from an audit procedure to achieve more than one purpose, including two commenters suggesting an example similar to examples issued by the American Institute of Certified Public Accountants (‘‘AICPA’’).45 Given the evolving nature of the auditor’s use of technology, the Board did not include a specific example in the text of the final amendments to AS 1105.14. The proposing release, however, discussed an example where a technology-assisted analysis of accounts related to the procurement process could both: (i) provide the auditor with insights into the volume of payments made to new vendors (e.g., a risk assessment procedure to identify new or different risks); and (ii) match approved purchase orders to invoices received and payments made for each item within a population (e.g., a test of details to address an assessed risk associated with the occurrence of expenses and obligations of liabilities).46 The Board believes this example illustrates how auditors would apply the principlesbased amendments consistently. If the procedure performed does not achieve each of the intended objectives, other procedures would need to be performed (e.g., other substantive procedures to address assessed risks of material misstatement). Lastly, two commenters suggested that the Board clarify that the specific audit procedures discussed in AS 1105.14 are not an all-inclusive list, to allow for the use of additional types of procedures, or combination of procedures, in the future as technology evolves. The Board believes the existing language is sufficiently clear because it does not indicate that the specific audit procedures described in the standard are the only types of audit procedures the auditor can perform. AS 1215.04. referenced by commenters included examples issued by the AICPA in AU–C 500, Audit Evidence. 46 See Proposing Release at 19. Specifying Auditor Responsibilities for Evaluating the Reliability of Certain Audit Evidence and Emphasizing the Importance of Appropriate Disaggregation or Detail of Information See paragraphs .07, .08, .10, .10A, .15, .19, and .A8 of AS 1105 of the amendments. 1. Evaluating the Reliability of External Information Provided by the Company in Electronic Form The Board proposed to add paragraph .10A to AS 1105 to specify the auditor’s responsibility for performing procedures to evaluate the reliability of external information maintained by the company in electronic form when using such information as audit evidence. The proposed paragraph provided that the auditor should evaluate whether such information is reliable for purposes of the audit by performing procedures to: (a) obtain an understanding of the source of the information and the company’s procedures by which such information is received, recorded, maintained, and processed in the company’s information systems; and (b) test controls (including information technology general controls and automated application controls) over the company’s procedures or test the company’s procedures. The Board adopted the amendments substantially as proposed with certain modifications discussed below. The Board also made a conforming amendment to footnote 5 of paragraph .A8 of AS 1105 to include a reference to paragraph .10A. The Board noted in the proposal that, based on its research, auditors often obtain from companies, and use in the performance of audit procedures, information in electronic form. In many instances, companies have obtained the information from one or more external sources. PCAOB standards do not include specific requirements regarding information received by the company from external sources, maintained, and in many instances processed by the company, and then included in the information provided to the auditor in electronic form to be used as audit evidence.47 Because this information is maintained and potentially can be modified by the company, the Board proposed to amend its standards to address this risk to the reliability of audit evidence that the auditor obtains through using this type of information. 44 See 45 Examples VerDate Sep<11>2014 17:34 Jul 01, 2024 Jkt 262001 47 For example, the company may receive information from a customer in the form of a purchase order and provide that information to the auditor in electronic form. PO 00000 Frm 00171 Fmt 4703 Sfmt 4703 Commenters on this topic, including an investor-related group, supported the Board’s objective of addressing the risks that information the company receives from one or more external sources and provides to the auditor in electronic form to use as audit evidence may not be reliable and may have been modified by the company. However, several commenters also stated that further clarification of the requirements was needed: • Some commenters asked for clarification about the information the company received from one or more external sources and ‘‘maintained in its information systems’’ in electronic form. A few of those commenters also asked whether the use of ‘‘its information systems’’ was intended to be the same as the ‘‘information system relevant to financial reporting’’ in AS 2110.48 Several commenters suggested clarifying the proposed examples of the types of information subject to these requirements that were included in the proposed footnote to AS 1105.10A and providing more specific examples, such as a bank statement in PDF format. • One commenter noted that the proposed amendment may not clarify the difference between maintaining the reliability of the external information received by the company and what the company does with that information after it is received. The commenter noted that after external information has been received, it is often recorded into the company’s information system where it is moved, processed, and changed to the point that it is no longer considered external information, but rather information produced by the company and subject to transactional processes and controls. Another commenter stated that the requirements should not focus on accuracy and completeness because the information is provided to the company from an external source. • A number of commenters stated that the proposed amendment, specifically the requirement in AS 1105.10A to test controls over procedures or test the company’s procedures themselves, implied that the auditor had to test the effectiveness of internal controls in order for the information to be determined to be reliable. Many of these commenters asked for clarification of the distinction between testing the company’s controls and testing the company’s procedures. One commenter noted that certain smaller and mid-sized companies may not have implemented controls that can be tested. Some commenters added that, 48 See E:\FR\FM\02JYN1.SGM AS 2110.28. 02JYN1 lotter on DSK11XQN23PROD with NOTICES1 Federal Register / Vol. 89, No. 127 / Tuesday, July 2, 2024 / Notices because the proposed amendments did not include ‘‘where applicable’’ related to information technology general controls (‘‘ITGCs’’) and automated application controls, the proposed amendments implied that ITGCs and automated application controls always needed to be tested and effective. Several of these commenters also provided examples of scenarios where ITGCs and automated application controls may not need to be tested, such as controls that reconcile information in the company’s information systems to the information the company received from the external source. Commenters also asked whether information from an external source provided by the company can be tested directly (i.e., not testing a company’s controls) and stated that it would be helpful to clarify expectations of the auditor’s work effort when evaluating the reliability of such information. • One commenter indicated that it was unclear how the requirements of footnote 3 of AS 1105.10 and proposed AS 1105.10A interrelate when using information produced by a service organization. Footnote 3 of AS 1105 refers the auditor to responsibilities under AS 2601, Consideration of an Entity’s Use of a Service Organization, and in an integrated audit, AS 2201, An Audit of Internal Control Over Financial Reporting That Is Integrated with An Audit of Financial Statements, when using information produced by a service organization as audit evidence. • An investor-related group commented that, in addition to the requirements for the auditor to evaluate the reliability of external information provided by the company in electronic form, the auditor should also be required to evaluate the reliability of digital information maintained outside the company and used by the auditor as audit evidence. Another commenter suggested that the auditor’s requirements should also address information obtained directly by the auditor from external sources. In consideration of comments received, the Board made several modifications to the final amendments, which are described in more detail below. The final amendment (paragraph .10A) provides that the auditor should evaluate whether external information provided by the company in electronic form and used as audit evidence is reliable by: a. Obtaining an understanding of (i) the source from which the company received the information; and (ii) the company’s process by which the information was received, maintained, and, where applicable, processed, VerDate Sep<11>2014 17:34 Jul 01, 2024 Jkt 262001 which includes understanding the nature of any modifications made to the information before it was provided to the auditor; and b. Testing the information to determine whether it has been modified by the company and evaluating the effect of those modifications; or testing controls over receiving, maintaining, and processing the information (including, where applicable, information technology general controls and automated application controls). As discussed above, the proposed amendments described auditor responsibilities related to evaluating the reliability of information in electronic form provided by the company to the auditor that the company received from external sources. Examples of such information include, but are not limited to, bank statements, customer order information, information related to cash receipts, and shipping information from third-party carriers provided to the auditor in electronic form. The Board believes that a principlesbased description of the information subject to the requirement that does not list specific types of information, as suggested by some commenters, is in the best interest of audit quality and investor protection. This approach is adaptable to evolving sources and forms of electronic information, considering continued advancements in technology. The Board has clarified the final amendment by removing the reference to ‘‘maintained in the company’s information systems,’’ which confused some commenters. The use of this term in the proposal was intended to refer broadly to information in electronic form within a company that the company could provide to the auditor. The Board has revised subparagraph (a) of the final amendment to replace the term ‘‘company’s procedures’’ with ‘‘company’s process.’’ In the proposal the Board used ‘‘company’s procedures’’ to align with AS 2110.28(b), which describes the company’s procedures to initiate, authorize, process, and record transactions. However, the Board believes use of the ‘‘company’s process’’ is more consistent with AS 2110.30 and .31, which describe the company’s business processes that the auditor is required to understand. The Board also believe that using ‘‘company’s process’’ clarifies that the intent of the requirement is to understand the flow of the information from the time the company received it from the external source until the company provided it to the auditor. Additional refinements made to this requirement include (i) removing the word ‘‘recorded’’ because receiving, processing, and maintaining PO 00000 Frm 00172 Fmt 4703 Sfmt 4703 54933 data would encompass recording it; and (ii) adding ‘‘where applicable’’ to address examples provided by commenters where companies receive information from external sources that may be maintained only—and not processed—by the company. The Board also made revisions to clarify that, as part of understanding how the information received from external sources is processed by the company, the auditor should obtain an understanding of the nature of any modifications made to the information. This revision focuses the auditor on identifying the circumstances where the information may have been modified or changed by the company. The Board did not intend to imply that internal controls are required to be tested and effective in order for the auditor to be able to determine that external information is reliable for purposes of the audit, as suggested by some commenters. Rather, the proposed amendment was meant to (i) clarify the auditor’s responsibility for performing procedures to evaluate the reliability of audit evidence; and (ii) address the risk that the company may have modified the external information prior to providing it to the auditor for use as audit evidence. The Board revised the final amendment in subparagraph (b) to require that the auditor (i) test the information to determine whether it has been modified by the company and evaluate the effect of those modifications; or (ii) test controls over receiving, maintaining, and where applicable, processing the information. As discussed in the proposing release, the auditor may determine the information has been modified by the company by either comparing the information provided to the auditor to (i) the information the company received from the external source; or (ii) information obtained directly by the auditor from external sources. Some commenters referred to comparing the information provided by the company to the information the company received from the external source, as testing the information ‘‘directly’’ for reliability. For example, the auditor may obtain customer purchase order information from the company’s information systems and compare this information to the original purchase order submitted by the customer to determine whether any modifications were made by the company. In another example, the auditor may obtain interest rate information from the company’s information systems and compare it to the original information from the U.S. Department of Treasury. Under the final E:\FR\FM\02JYN1.SGM 02JYN1 lotter on DSK11XQN23PROD with NOTICES1 54934 Federal Register / Vol. 89, No. 127 / Tuesday, July 2, 2024 / Notices amendments, if the auditor determines modifications were made by the company, the auditor would have to evaluate the effect of the modifications on the reliability of the information. For example, the auditor may determine that certain modifications (e.g., formatting of the date of a transaction from the European date format to the U.S. date format) have not affected the reliability of the information. Conversely, the auditor may determine that inadvertent or intentional deletions, or improper alterations of key data elements by the company (e.g., customer details, transaction amount, product quantity) have negatively affected the reliability of information. Finally, the Board further clarified the amendment to indicate that if the auditor chooses to test controls instead of testing the information as described above, the auditor should test controls over the receiving, maintaining, and where applicable, processing of the information that are relevant to the auditor’s evaluation of whether the information is reliable for purposes of the audit. This aligns with the Board’s intent in the proposal that described testing controls over the company’s procedures. Controls over processing the information would include internal controls over any modifications made by the company to the information. Several commenters noted that in instances where controls over the information are ineffective, or are not implemented or formalized, the auditor may need to perform procedures other than testing internal controls to determine the reliability of the information provided by the company. In response to these comments, the Board believes it is important to remind auditors that PCAOB standards already address circumstances when the auditor encounters ineffective controls, or controls that are not implemented or formalized. It is important for the auditor to also understand the implications of such findings on the nature, timing, and extent of procedures that the auditor needs to perform in accordance with PCAOB standards.49 The Board also considered the comments related to specifying requirements for the auditor to evaluate the reliability of external information obtained directly by the auditor from external sources, which would include digital information maintained outside the company and used as audit evidence. Under existing standards, audit evidence must be reliable, and its reliability depends on the nature and 49 See, e.g., AS 1105.08, AS 2110.25 and .B1–.B6, and AS 2301.32–.34. VerDate Sep<11>2014 17:34 Jul 01, 2024 Jkt 262001 the source of the evidence and the circumstances under which it is obtained.50 In light of the existing requirements within AS 1105, the Board believes that the auditor’s responsibilities to evaluate the reliability of information obtained from external sources are sufficiently clear and that further amendments to address information obtained by the auditor directly from external sources are not necessary. In addition, the Board considered but decided not to address in this project auditors’ responsibilities related to using information produced by a service organization as audit evidence.51 Further, as discussed below, the Board’s proposed amendment was intended to highlight the importance of controls over information technology. The Board considered the comments received, and the final amendment clarifies that ITGCs and automated application controls should be tested where applicable (e.g., where controls are selected for testing or where a significant amount of information supporting one or more relevant assertions is electronically initiated, recorded, processed, or reported).52 The Board believes testing ITGCs and automated application controls is important to mitigate the risk that the information provided by the company in electronic form is not reliable. In some cases, the auditor may already be testing the relevant ITGCs and automated application controls, while in other cases the auditor may need to test additional controls. Consistent with the proposal, the Board did not prescribe the nature, timing, or extent of the auditor’s procedures to evaluate the reliability of the external information. An auditor would design the procedures considering the wide variety of types of external information received by companies and differences in the processes for receiving, maintaining and, where applicable, processing such 50 See AS 1105.06 and AS 1105.08. See also PCAOB, Staff Guidance—Insights for Auditors Evaluating the Relevance and Reliability of Audit Evidence Obtained From External Sources (Oct. 2021), available at https://assets.pcaobus.org/ pcaob-dev/docs/default-source/standards/ documents/evaluating-relevance-and-reliability-ofaudit-evidence-obtained-from-external-sources. pdf?sfvrsn=48b638b_6. 51 See AS 2601 for the auditor’s requirements related to the use of a service organization. The Board has a separate standard-setting project on its mid-term standard-setting agenda (https:// pcaobus.org/oversight/standards/standard-settingresearch-projects) related to the use of a service organization, which may result in changes to AS 2601 and the auditor’s responsibilities regarding the use of a service organization. 52 See, e.g., AS 2301.17. PO 00000 Frm 00173 Fmt 4703 Sfmt 4703 information. Further, the nature, timing, and extent of the auditor’s procedures would depend on the purpose for which the auditor uses the information whose reliability is being evaluated. In general, performing audit procedures to address the risks of material misstatement involves obtaining more persuasive evidence than in performing risk assessment procedures.53 Accordingly, evaluating the reliability of information used in substantive procedures and tests of controls would require more auditor effort than evaluating the reliability of information used in risk assessment procedures. 2. Emphasizing the Importance of Controls Over Information Technology The Board proposed several amendments to AS 1105 to emphasize the importance of controls over information technology for the reliability of audit evidence. As noted above, auditors obtain from companies, and use in the performance of audit procedures, large volumes of information in electronic form. The reliability of such information is increased when the company’s controls over that information—including, where applicable, ITGCs and automated application controls—are effective. The Board adopted the amendments to paragraph .10 of AS 1105 as proposed, and amendments to paragraphs .08 and .15 of AS 1105 substantially as proposed, with minor modifications as described below. Commenters on this topic supported the objective of emphasizing the importance of controls over information technology in establishing reliability of information used as audit evidence. Several commenters opined that the proposed amendments, more specifically the proposed amendments to paragraph .15 of AS 1105, implied that internal controls, including ITGCs and automated application controls, would need to be tested and determined effective in order to determine that the information is reliable. The proposed amendments were not intended to imply that (i) internal controls are required to be tested and effective in order for the auditor to be able to determine that information is reliable for purposes of the audit; or (ii) testing other relevant controls is less important or unnecessary. Rather, the proposed amendments were meant to highlight to the auditor that certain information is more reliable when internal controls are effective, and where applicable, those internal controls include ITGCs and automated 53 See E:\FR\FM\02JYN1.SGM generally AS 2301.09(a), .18, and .39. 02JYN1 lotter on DSK11XQN23PROD with NOTICES1 Federal Register / Vol. 89, No. 127 / Tuesday, July 2, 2024 / Notices application controls, which is consistent with existing PCAOB standards.54 The Board’s standards also describe scenarios where the sufficiency and appropriateness of the audit evidence usually depends on the effectiveness of controls.55 The amendments did not change these existing principles. Further, in the proposing release the Board explained that the proposed amendments state ‘‘where applicable’’ in relation to the controls over information technology because information produced by the company may also include information that is not in electronic form, or information that is subject to manual controls. One commenter noted that this explanation was informative and suggested incorporating it into the amendments. Another commenter also recommended defining ‘‘where applicable’’ with clear factors or examples of when ITGCs and automated application controls would be applicable. Because of the wide variety of types and sources of information, and ways in which companies use information, it would be impracticable to specify scenarios where ITGCs and automated application controls would be applicable. Having considered the above comments and the Board’s intent to retain the existing principle in paragraph .08 of AS 1105 that certain information is more reliable when controls are effective, the Board modified paragraph .15 of AS 1105 within the final amendments to align the language with AS 1105.08. In addition, the final amendments to paragraph .08 were also aligned with the terminology in paragraph .10A of AS 1105 described above. Lastly, separate from commenting on the proposed amendments to paragraph .08 of AS 1105 discussed above, some commenters suggested amendments to modernize the last bullet point of the paragraph, which describes that evidence from original documents is more reliable. Three commenters asserted that the information may exist in different forms (e.g., paper or electronic form) and may be in a format other than a document (e.g., unprocessed data). In the views of two of these commenters, no physical or original document exists when an electronic data transmission from a customer initiates a transaction in a company’s ERP system. These commenters suggested modernizing the language to focus on the original form of the audit evidence and any subsequent conversion, copying, or 54 See existing AS 1105.08. e.g., AS 2301.17. 55 See, VerDate Sep<11>2014 17:34 Jul 01, 2024 Jkt 262001 other modifications. The Board considered the comments received but did not amend the language because the bullet points in paragraph .08 of AS 1105 are intended to be examples of factors that may affect the reliability of audit evidence. The existing language provides an example of one type of audit evidence—original documents that have not been converted, copied, or otherwise modified—which is consistent with the principles suggested by the commenters. 3. Emphasizing the Importance of Appropriate Disaggregation or Detail of Information The Board proposed to amend paragraph .07 of AS 1105 to emphasize that the relevance of audit evidence depends on the level of disaggregation or detail of information necessary to achieve the objective of the audit procedure. Whether an auditor performs tests of details, substantive analytical procedures, or other tests, technologyassisted analysis may enable the auditor to analyze large volumes of information at various levels of disaggregation (e.g., regional or global) or detail (e.g., relevant characteristics of individual items such as product type or company division). The appropriate level of disaggregation or detail of information that the auditor uses as audit evidence is important for obtaining audit evidence that is relevant in supporting the auditor’s conclusions.56 Having considered the comments received, the Board adopted the amendment as proposed. The level of disaggregation or detail that is appropriate depends on the objective of the audit procedure. For example, when testing the valuation assertion of residential loans that are measured based on the fair value of the collateral, disaggregated sales data for residential properties by geographic location would likely provide more relevant audit evidence than combined sales data for both commercial and residential properties by geographic location. In another example, when performing a substantive analytical procedure and analyzing the plausibility of relationships between revenue and other information recorded by the company, using revenue disaggregated by product type would likely be more relevant for the auditor’s analysis and 56 See, e.g., PCAOB, Staff Guidance—Insights for Auditors Evaluating the Relevance and Reliability of Audit Evidence Obtained From External Sources (Oct. 2021) at 5, available at https:// assets.pcaobus.org/pcaob-dev/docs/default-source/ standards/documents/evaluating-relevance-andreliability-of-audit-evidence-obtained-fromexternal-sources.pdf?sfvrsn=48b638b_6. PO 00000 Frm 00174 Fmt 4703 Sfmt 4703 54935 result in obtaining more relevant audit evidence than if the auditor used the amount of revenue in the aggregate. Commenters on this topic were supportive of the proposed amendment and indicated that it aligned with current practice. Some of these commenters suggested providing examples, stating that examples would help auditors in understanding and applying the amendment. Consistent with the proposal, the final amendment does not prescribe an expected level of disaggregation or detail, as auditor judgment is needed to determine the relevance of information based on the objective of the audit procedure. 4. Updating Certain Terminology in AS 1105 The Board proposed to update certain terminology used to describe audit procedures for obtaining audit evidence in AS 1105, without changing the meaning of the corresponding requirements. For example, considering the greater availability and use of information in electronic form, the Board proposed to use the term ‘‘information’’ instead of the term ‘‘documents and records’’ in AS 1105.15 and .19. Further, to avoid a misinterpretation that only certain procedures could be performed electronically, the Board proposed to remove the reference to performing recalculation ‘‘manually or electronically’’ in AS 1105.19. For consistent terminology, the Board also proposed to replace the terms ‘‘generated internally by the company’’ in AS 1105.08 and ‘‘internal’’ in AS 1105.15 with the term ‘‘produced by the company.’’ Having considered the comments received, the Board adopted the amendments to paragraphs .08, .15, and .19 of AS 1105 as proposed. Commenters on this topic supported the updates to certain terminology described above, and stated the updated terminology appears clear and appropriate. One commenter suggested modifying the terminology in paragraph .19 from ‘‘checking’’ to ‘‘testing’’ because testing more clearly describes an audit procedure that is being performed over the mathematical accuracy of information. Having considered the comment, the Board retained the existing terminology in paragraph .19 of ‘‘checking’’ to avoid a potential for confusion with test of details. Effective Date The Board determined that the amendments will take effect, subject to approval by the SEC, for audits of financial statements for fiscal years E:\FR\FM\02JYN1.SGM 02JYN1 lotter on DSK11XQN23PROD with NOTICES1 54936 Federal Register / Vol. 89, No. 127 / Tuesday, July 2, 2024 / Notices beginning on or after December 15, 2025. In the proposing release, the Board sought comment on the amount of time auditors would need before the amendments become effective, if adopted by the Board and approved by the SEC. The Board proposed an effective date for audits with fiscal years ending on or after June 30 in the year after approval by the SEC. Several, mostly larger firms and firmrelated groups, supported an effective date of audits of financial statements for fiscal years beginning on or after December 15 at least one year following SEC approval, or for fiscal years ending on or after December 15 at least two years following SEC approval. Two commenters supported an effective date two years after SEC approval. These commenters indicated that this would give firms the necessary time to update firm methodologies, tools, and develop and implement training. In addition, several commenters highlighted that additional time would be needed because of the potential indirect impact on companies, especially if companies need to implement or formalize controls or processes around information received from one or more external sources, and auditors need to verify that the controls have been designed and implemented appropriately. Another commenter highlighted that the proposed effective date may be too soon to allow auditors to update methodologies, provide appropriate training and effectively implement the standards. In addition, multiple commenters, mainly accounting firms, suggested that the Board consider the effective dates for other standard-setting projects when determining the effective date for the amendments. The Board appreciates the concerns and preferences expressed by the commenters. Having considered the requirements of the final amendments, the differences between the amendments and the existing standards, the Board’s understanding of firms’ current practices, and the effective dates for other Board rulemaking projects, the Board believes that the effective date, subject to SEC approval, for audits of financial statements for fiscal years beginning on or after December 15, 2025 will provide auditors with a reasonable time period to implement the final amendments, without unduly delaying the intended benefits resulting from these improvements to PCAOB standards, and is consistent with the Board’s mission to protect investors and further the public interest. VerDate Sep<11>2014 17:34 Jul 01, 2024 Jkt 262001 D. Economic Considerations and Application to Audits of Emerging Growth Companies Economic Considerations The Board is mindful of the economic impacts of its standard setting. This section describes the economic baseline, economic need, expected economic impacts of the final amendments, and alternative approaches considered. There are limited data and research findings available to estimate quantitatively the economic impacts of the final amendments. Therefore, the Board’s economic discussion is largely qualitative in nature. However, where reasonable and feasible, the analysis incorporates quantitative information, including descriptive statistics on the tools that firms use in technologyassisted analysis.57 Baseline The discussion above describes important components of the baseline against which the economic impact of the final amendments can be considered, including the Board’s existing standards, firms’ current practices, and observations from the Board’s oversight activities. The discussion below focuses on two additional aspects of current practice that informed the Board’s understanding of the economic baseline: (i) the PCAOB staff’s analysis of the tools that auditors use in technology-assisted analysis; and (ii) research on auditors’ use of technology-assisted analysis. 1. Staff Analysis of Tools That Auditors Use in Technology-Assisted Analysis PCAOB staff reviewed information provided by firms pursuant to the PCAOB’s oversight activities regarding tools they use in technology-assisted analysis. The information identifies and describes tools used by audit engagement teams. The staff reviewed information provided by the U.S. global network firms (‘‘GNFs’’) as well as seven U.S. non-affiliated firms (‘‘NAFs’’).58 57 As noted above, this release uses the term ‘‘technology-assisted analysis’’ in reference to the analysis of information in electronic form that is performed with the assistance of technology-based tools. Others, including firms and academics, may refer to such analysis as ‘‘data analysis’’ or ‘‘data analytics.’’ The Board’s use of ‘‘data analysis’’ or ‘‘data analytics’’ was intended to align with terminology used by the source cited. The terms ‘‘data analysis’’ or ‘‘data analytics’’ should not be confused with the term ‘‘analytical procedures’’ that is used in PCAOB standards to refer to a specific type of audit procedure (see AS 1105.21) that may be performed with or without the use of information in electronic form or technology-based data analysis tools. 58 The U.S. GNFs are BDO USA P.C., Deloitte & Touche LLP, Ernst & Young LLP, Grant Thornton PO 00000 Frm 00175 Fmt 4703 Sfmt 4703 The information was first provided for the 2018 inspection year and was available through the 2023 inspection year for the GNFs and NAFs analyzed. Firms reported using both internally developed and externally purchased tools. Some of the externally purchased tools were customized by the firms. The nature and number of tools varied across firms, and their use varied with the facts and circumstances of specific audit engagements. Some firms describe their tools by individual use case or functionality based on how the tool has been tailored by the firm (e.g., one tool to test accounts receivable and another tool to test inventory using the same software program), and other firms describe their tools grouped by software program, thus affecting the number of unique tools reported by the firms. Some firms consolidated some of their tools over time, thus reducing the number of unique tools they used, although the number of audit engagements on which tools are used has not decreased. For example, instead of having separate tools to perform technology-assisted analysis and analytical procedures performed as part of the auditor’s risk assessment, some firms have consolidated both functions into one tool. Firms generally do not require the use of such tools on audit engagements. The average number of tools used by audit engagement teams, as reported to the PCAOB by the U.S. GNFs, increased from approximately 13 to approximately 18 per firm, or approximately 38%, between 2018 and 2023. In the 2023 inspection year, U.S. GNFs reported that 90% of their tools are used for data visualization, summarization, tabulation, or modeling.59 All the U.S. GNFs reported using tools to assist in: (i) identifying and selecting journal entries; and (ii) selecting samples for testing. The U.S. GNFs reported having tools that support both risk assessment (e.g., assessing loan risk) and substantive procedures (e.g., performing journal entry testing or fair value testing). The U.S. GNFs developed approximately 75% of the reported tools in-house while the rest were purchased externally. Furthermore, approximately 18% of the U.S. GNFs’ tools used cloud computing. Less than 7% of the U.S. GNFs’ tools used blockchain technology, artificial intelligence, or robotic process automation. All the U.S. LLP, KPMG LLP, and PricewaterhouseCoopers LLP. U.S. NAF firms include registered firms that are not global network firms. 59 For example, some firms identified Microsoft Power BI and IDEA as tools used for data visualization, summarization, tabulation, or modelling. E:\FR\FM\02JYN1.SGM 02JYN1 Federal Register / Vol. 89, No. 127 / Tuesday, July 2, 2024 / Notices GNFs’ tools used company data and approximately 20% also used thirdparty data. Compared to U.S. GNFs, the U.S. NAFs within the scope of the PCAOB staff’s review reported to the PCAOB using fewer tools. In the 2023 inspection year, on average, the U.S. NAFs reported using approximately six tools per firm. For a subset of these firms, the average number of tools increased from approximately two tools per firm to approximately five tools per firm between 2020 and 2023.60 The U.S. NAFs used the tools to visualize, summarize, and model data. Some of the U.S. NAFs reviewed use third-party software as their data analysis tools and used company data (e.g., transactional and journal entry data) as inputs. One U.S. NAF firm developed an in-house tool to assist with determining the completeness and accuracy of journal entry data used for testing journal entries. One commenter asserted that the PCAOB should have information on firms’ use of technology-based tools, as well as firms’ improper use of tools, through its oversight activities. Information obtained through PCAOB oversight activities regarding firms’ use of technology-based tools is presented here, and information related to firms’ improper use of tools is presented above. As described above, the nature and extent of the use of technologybased tools in an audit varies by firm and by individual audit engagement. The Board’s rulemaking has been informed by all relevant information as described in this release. lotter on DSK11XQN23PROD with NOTICES1 2. Research on Auditors’ Use of Technology-Assisted Analysis Academic studies regarding the prevalence of technology-based tools used to analyze information in electronic form and the impacts of using such tools in audits are limited. However, several recent surveys provide insights regarding: (i) how auditors have been incorporating data analytics into their audit approaches; and (ii) potential impediments to auditors’ further implementation of data analytics. One commenter referenced additional academic research that was not originally cited in the proposing release. The Board considered this research and 60 Due to changes in the data collection process and changes in firms’ status as annually inspected, data is not available for all firms in all years. The overall 2023 estimate is based on data from seven U.S. NAFs, and the 2020–2023 trend data is based on data from five U.S. NAFs. VerDate Sep<11>2014 17:34 Jul 01, 2024 Jkt 262001 included references to articles that are relevant to the analysis in this release.61 Regarding incorporating data analytics into audit approaches, the surveys indicate that while the use of data analytics presently may not be widespread, it is becoming more common in various aspects of the audit, primarily risk assessment and, to a lesser extent, substantive procedures. For example, a 2017 survey of U.S. auditors reported that auditors used data analytics in risk assessment and journal entry testing.62 Also, a survey of Norwegian auditors, some of whom perform audits under PCAOB standards, reported that data analytics were not widely used and were used primarily as supplementary evidence. In this survey, the respondents indicated that data analytics were used primarily in risk assessment and various types of substantive procedures, including analytical procedures.63 A 2018 to 2019 61 Several of the referenced papers report the results of experiments examining the behavioral factors associated with auditors’ use of data analytics. These papers consider nuances of auditor behavior in specific circumstances that may not be generalizable to other settings because the results are based on hypothetical, self-reported choices rather than real-world audit settings. However, their results may be useful for auditors to consider in their use and implementation of technologyassisted analysis. See Tongrui Cao, Rong-Ruey Duh, Hun-Tong Tan, and Tu Xu, Enhancing Auditors’ Reliance on Data Analytics Under Inspection Risk Using Fixed and Growth Mindsets, 97 The Accounting Review 131 (2022). See also Jared Koreff, Are Auditors’ Reliance on Conclusions from Data Analytics Impacted by Different Data Analytic Inputs?, 36 Journal of Information Systems 19 (2022). See also Dereck Barr-Pulliam, Joseph Brazel, Jennifer McCallen, and Kimberly Walker, Data Analytics and Skeptical Actions: The Countervailing Effects of False Positives and Consistent Rewards for Skepticism, available at SSRN 3537180 (2023). See also Dereck BarrPulliam, Helen L. Brown-Liburd, and Kerri-Ann Sanderson, The Effects of the Internal Control Opinion and Use of Audit Data Analytics on Perceptions of Audit Quality, Assurance, and Auditor Negligence, 41 Auditing: A Journal of Practice & Theory 25 (2022). 62 See Ashley A. Austin, Tina D. Carpenter, Margaret H. Christ, and Christy S. Nielson, The Data Analytics Journey: Interactions Among Auditors, Managers, Regulation, and Technology, 38 Contemporary Accounting Research 1888 (2021). The survey also states: [A]uditors report that they strategically leverage data analytics to provide clients with businessrelated insights. However, regulators voice concerns that this pratice might impair auditor independence and reduce audit quality. The final amendments are not intended to suggest that when using technology-assisted analysis in an audit, auditors do not need to comply with PCAOB independence standards and rules, and the independence rules of the SEC. Auditors are still expected to comply with these standards and rules when uing tehnology-asisted analysis on an audit engagement. 63 See Aasmund Eilifsen, Finn Kinserdal, William F. Messier, Jr., and Thomas E. McKee, An Exploratory Study into the Use of Audit Data Analytics on Audit Engagements, 34 Accounting Horizons 75 (2020). The survey appears to have been performed around 2017–2018. PO 00000 Frm 00176 Fmt 4703 Sfmt 4703 54937 survey of auditors in certain larger New Zealand firms reported that auditors are more frequently encountering accessible, large company data sets (i.e., data sets from the companies under audit). The respondents reported that third-party tools to process the data are increasingly available and allow auditors with less expertise in data analytics to make effective use of data.64 A 2020 Australian study that focused on big data analytics found that the use of big data analytics has reduced auditor time spent on manual-intensive tasks and increased time available for tasks requiring critical thinking and key judgments.65 A 2023 Canadian study that also focused on big data analytics found that big data analytics improves financial reporting quality.66 Earlier surveys reported qualitatively similar, though less prevalent, use of data analytics. For example, a 2016 survey of Canadian firms reported that 63% and 39% of respondents from large firms and small to mid-sized firms, respectively, had used data analytics, most commonly in the risk assessment and substantive procedures phases. Both groups reported that data analytics were used to provide corroborative evidence for assertions about classes of transactions for the period under audit. However, only smaller and mid-sized firms reported that data analytics were also used to provide primary evidence for assertions about classes of transactions for the period under audit and account balances at period end. Furthermore, only larger firms reported that data analytics were also used to provide corroborative evidence for assertions about account balances at period end.67 A survey of 2015 year-end audits performed by U.K. firms reported that the use of data analytics was not as prevalent as the market might expect, with the most common application being journal entry testing.68 A 2015 64 See Angela Liew, Peter Boxall, and Denny Setiawan, The Transformation to Data Analytics in Big-Four Financial Audit: What, Why and How?, 34 Pacific Accounting Review 569 (2022). 65 See Michael Kend and Lan Anh Nguyen, Big Data Analytics and Other Emerging Technologies: The Impact on the Australian Audit and Assurance Profession, 30 Australian Accounting Review 269 (2020). 66 See Isam Saleh, Yahya Marei, Maha Ayoush, and Malik Muneer Abu Afifa, Big Data Analytics and Financial Reporting Quality: Qualitative Evidence from Canada, 21 Journal of Financial Reporting and Accounting 83 (2023). 67 See CPA Canada, Audit Data Analytics Alert: Survey on Use of Audit Data Analytics in Canada (Sept. 2017) at 7, Exhibit 4 and 10, Exhibit 7. 68 See Financial Reporting Council, Audit Quality Thematic Review: The Use of Data Analytics in the Audit of Financial Statements (Jan. 30, 2017) at 11. E:\FR\FM\02JYN1.SGM 02JYN1 54938 Federal Register / Vol. 89, No. 127 / Tuesday, July 2, 2024 / Notices lotter on DSK11XQN23PROD with NOTICES1 survey of U.K. and EU auditors found that data analytics were being used in both risk assessment procedures and to perform certain specific audit procedures (e.g., recalculation).69 Finally, a 2014 survey of U.S. auditors reported that they often use information technology to perform risk assessment, analytical procedures, sampling, internal control evaluations, and internal control documentation. The respondents identified moderate use of data analytics in the context of client administrative or practice management.70 Regarding potential impediments to the implementation of data analytics, surveys indicate that some firms are reluctant to implement data analytics in their audit approach due to perceived regulatory risks. For example, one survey found that auditors were cautious about implementing data analytics due to a lack of explicit regulation. Respondents reported performing both tests of details that do not involve data analytics and those that do involve data analytics in audits under PCAOB standards.71 Another survey found that auditors did not require the use of advanced data analytic tools partly due to uncertainty regarding how regulatory authorities would perceive the quality of the audit evidence produced. However, the respondents tended to agree that both standard setters and the auditing standards themselves allow information obtained from data analytics to be used as audit evidence.72 A different survey found that some auditors were reluctant to implement data analytics because the auditing standards do not specifically address them.73 These survey findings are consistent with other surveys that find auditors structure their audit 69 See George Salijeni, Anna Samsonova-Taddei, and Stuart Turley, Big Data and Changes in Audit Technology: Contemplating a Research Agenda, 49 Accounting and Business Research 95 (2019). 70 See D. Jordan Lowe, James L. Bierstaker, Diane J. Janvrin, and J. Gregory Jenkins, Information Technology in an Audit Context: Have the Big 4 Lost Their Advantage?, 32 Journal of Information Systems 87 (2018). The authors do not define the term ‘‘data analytics,’’ and they present it as an application of information technology in the audit distinct from other audit planning and audit testing applications. However, the Board believes it is likely that some of the applications of information technology reported in the study would be impacted by the amendments and hence provide relevant baseline information. 71 See Austin et al., The Data Analytics Journey 1910. For similar findings, see also Liew et al., The Transformation 579–580. 72 See Eilifsen et al., An Exploratory Study. For similar findings, see also Felix Krieger, Paul Drews, and Patrick Velte, Explaining the (Non-) Adoption of Advanced Data Analytics in Auditing: A Process Theory, 41 International Journal of Accounting Information Systems 1 (2021). 73 See Salijeni et al., Big Data 110. VerDate Sep<11>2014 17:34 Jul 01, 2024 Jkt 262001 approaches to manage regulatory risks arising from inspections, including risks associated with compliance with PCAOB standards.74 One commenter on the proposed amendments cited a study which noted that ‘‘uncertainty about regulators’ response and acceptance of emerging technologies can hinder its [emerging technology’s] adoption.’’ 75 However, by contrast, another survey found that the audit regulatory environment was not commonly cited by respondents as an impediment to the use of data analytics.76 Overall, the research suggests that auditors’ use of technology-assisted analysis in designing and performing audit procedures is becoming increasingly prevalent. Some commenters also acknowledged that the use of technology-assisted analysis is becoming more prevalent. An investorrelated group provided examples of expanded use of technology by both companies and audit firms, including the use of large, searchable databases and the development of tools for analyzing large volumes of data. This provides a baseline for considering the potential impacts of the final amendments. The research also suggests that some auditors perceive regulatory risks when implementing data analytics. Some commenters acknowledged that regulatory uncertainty has been a factor in firms’ hesitance to use technologyassisted analysis. This provides evidence of a potential problem that standard setting may address. Need Low-quality audits can occur for a number of reasons, including the following two reasons. First, the company under audit, investors, and other financial statement users cannot easily observe the procedures performed by the auditor, and thus the quality of the audit. This leads to a risk that, 74 See Kimberly D. Westermann, Jeffrey Cohen, and Greg Trompeter, PCAOB Inspections: Public Accounting Firms on ‘‘Trial,’’ 36 Contemporary Accounting Research 694 (2019). See also Lindsay M. Johnson, Marsha B. Keune, and Jennifer Winchel, U.S. Auditors’ Perceptions of the PCAOB Inspection Process: A Behavioral Examination, 36 Contemporary Accounting Research 1540 (2019). 75 See Dereck Barr-Pulliam, Helen L. Brown-Liburd, and Ivy Munoko, The Effects of Person-Specific, Task, and Environmental Factors on Digital Transformation and Innovation in Auditing: A Review of the Literature, 33 Journal of International Financial Management & Accounting 337 (2022). This literature review focuses on emerging technologies broadly. Accordingly, much of the research it discusses is not directly relevant to the baseline for these amendments. However, several of the studies it cites are relevant and have already been discussed in this subsection, for example, Austin et al., The Data Analytics Journey. 76 See CPA Canada, Audit Data Analytics, at Exhibit 10. PO 00000 Frm 00177 Fmt 4703 Sfmt 4703 unbeknownst to the company under audit, investors, or other financial statement users, the auditor may perform a low-quality audit.77 Second, the federal securities laws require that an issuer retain an auditor for the purpose of preparing or issuing an audit report. While the appointment, compensation, and oversight of the work of the registered public accounting firm conducting the audit is, under Sarbanes-Oxley, entrusted to the issuer’s audit committee,78 there is nonetheless a risk that the auditor may seek to satisfy the interests of the company under audit rather than the interests of investors and other financial statement users.79 This could arise, for example, through audit committee identification with the company or its management (e.g., for compensation) or through management influence over the audit committee’s supervision of the auditor, resulting in a de facto principal-agent relationship between the company and the auditor.80 Effective auditing standards help address these risks by explicitly assigning responsibilities to the auditor that, if executed properly, are expected to result in high-quality audits that satisfy the interests of 77 See, e.g., Monika Causholli and W. Robert Knechel, An Examination of the Credence Attributes of an Audit, 26 Accounting Horizons 631, 632 (2012): During the audit process, the auditor is responsible or making decisions concerning risk assessment, total effort, labor allocation, and the timing and extent of audit procedures that will be implemented to reduce the residual risk of material misstatements. As a non-expert, the auditee may not be able to judge the appropriateness of such decisions. Moreover, the auditee may not be able to ascertain the extent to which the risk of material misstatement has been reduced even after the audit is completed. Thus, information asymmetry exists between the auditee and the auditor, the benefit of which acrues to the auditor. If such is the case, the auditor may have incentives to: under-audit, or expend less audit effort than is required to reduce the uncertainty about misstatements in the auditee’s financial statements to the level that is appropriate for the auditee. 78 See section 301 of Sarbanes-Oxley, 15 U.S.C 78f(m) (also requiring that the firm ‘‘report directly to the audit committee’’). As an additional safeguard, the auditor is also required to be independent of the audit client. See 17 CFR 210.2– 01. 79 See, e.g., Joshua Ronen, Corporate Audits and How to Fix Them, 24 Journal of Economic Perspectives 189 (2010). 80 See id.; see also, e.g., Liesbeth Bruynseels and Eddy Cardinaels, The Audit Committee: Management Watchdog or Personal Friend of the CEO?, 89 The Accounting Review 113 (2014); Cory A. Cassell, Linda A. Myers, Roy Schmardebeck, and Jian Zhou, The Monitoring Effectiveness of CoOpted Audit Committees, 35 Contemporary Accounting Research 1732 (2018); Nathan R. Berglund, Michelle Draeger, and Mikhail Sterin, Management’s Undue Influence over Audit Committee Members: Evidence from Auditor Reporting and Opinion Shopping, 41 Auditing: A Journal of Practice & Theory 49 (2022). E:\FR\FM\02JYN1.SGM 02JYN1 Federal Register / Vol. 89, No. 127 / Tuesday, July 2, 2024 / Notices lotter on DSK11XQN23PROD with NOTICES1 audited companies, investors, and other financial statement users. Economic theory suggests that technology is integral to the auditor’s production function—i.e., the quantities of capital and labor needed to produce a given level of audit quality. As technology evolves, so do the quantities of capital and labor needed to produce a given level of audit quality.81 Auditing standards that do not appropriately accommodate the evolution of technology may therefore inadvertently deter or insufficiently facilitate improvements to the audit approach. Risk-averse auditors may be especially cautious about incorporating significant new technological developments into their audit approaches because they may be either unfamiliar with the technology or unsure whether a new audit approach would comply with the PCAOB’s auditing standards. On the other hand, auditing standards that are too accommodative (e.g., by not adequately addressing the reliability of information used in a technology-based analysis) may not sufficiently address potential risks to audit quality arising from new audit approaches. As described above, since 2010, when the PCAOB released a suite of auditing standards related to the auditor’s assessment of and response to risk, two key technological developments have occurred. First, ERP systems that structure and house large volumes of information in electronic form have become more prevalent among companies. For example, one study reports that the global ERP market size increased by 60% between 2006 and 2012.82 As a result, auditors have greater access to large volumes of companyproduced and third-party information in electronic form that may potentially serve as audit evidence. Second, the use of more sophisticated data analysis tools has become more prevalent among auditors.83 As noted above, the PCAOB 81 See Gregory N. Mankiw, Principles of Economics (6th ed. 2008) at 76 (discussing how technology shifts the supply curve). 82 See Adelin Trusculescu, Anca Draghici, and Claudiu Tiberiu Albulescu, Key Metrics and Key Drivers in the Valuation of Public Enterprise Resource Planning Companies, 64 Procedia Computer Science 917 (2015). 83 This may be caused in part by a decrease in the quality-adjusted cost of software (i.e., the cost of software holding quality fixed). For example, see U.S. Bureau of Economic Analysis, ‘‘Table 5.6.4. Price Indexes for Private Fixed Investment in Intellectual Property Products by Type’’ available at https://apps.bea.gov/iTable/?reqid=19&step=3& isuri=1&nipa_table_list=330&categories=survey&_ gl=1*k50itr*_ga*MTMyMjk5NTAz MS4xNzA5ODQ0OTEx*_ga_J4698JNNFT*MTcwOT g0NDkxMS4xLjAuMTcwOTg0NDkxMS42MC4wLjA (accessed June 3, 2024) (indicating that the price index for capital formation in software by the business sector has decreased by approximately VerDate Sep<11>2014 17:34 Jul 01, 2024 Jkt 262001 staff’s analysis of the tools that firms use in technology-assisted analysis indicated that the number of such tools used by U.S. GNFs in audits increased by 38% between 2018 and 2023.84 One commenter noted that the advancement of analytical tools has increased auditor capabilities in data preparation and data validation. These recent technological developments have been changing the way technology-assisted analysis is used in audits, as discussed in more detail above. Although PCAOB standards related to the auditor’s assessment of and response to risk generally were designed to apply to audits that use information technology, they may be less effective in providing direction to auditors if the standards do not address certain advancements in the use of technology-assisted analysis in audits. Modifying existing PCAOB standards through the final amendments addresses this risk, as discussed below. Many commenters, including an investorrelated group, indicated there was a need for such standard setting given that the use of information in electronic form, and the use of technology-based tools by companies and their auditors to analyze such information, have expanded significantly since these standards were developed. The remainder of this section discusses the specific problem that the final amendments are intended to address and how the amendments address it. 1. Problem To Be Addressed Audit procedures that involve technology-assisted analysis may be an effective way to obtain persuasive audit evidence. Although the Board’s research showed that auditors are using technology-assisted analysis to obtain audit evidence, it also indicated that existing PCAOB standards could address more specifically certain aspects of designing and performing audit procedures that involve technology-assisted analysis. As discussed in detail above, these aspects include specifying auditors’ responsibilities when performing tests of details, using an audit procedure for more than one purpose, investigating certain items identified by the auditor 12% between 2010 and 2022). In preparing its price indices, the U.S. Bureau of Economic Analysis attempts to control for changes in product quality over time. Improvements to product quality may have contributed to some increase in the cost of software, including some of the software that can process large volumes of data. 84 See discussion above. See also Lowe et al., Information Technology 95 (reporting an increase in the use of information technology in audits between 2004 and 2014). PO 00000 Frm 00178 Fmt 4703 Sfmt 4703 54939 when performing a test of details, and evaluating the reliability of information the company receives from one or more external sources that is provided to the auditor in electronic form and used as audit evidence. Consequently, under existing standards, there is a risk that when using technology-based tools to design and perform audit procedures that involve technology-assisted analysis, an auditor may issue an auditor’s report without having obtained sufficient appropriate audit evidence to provide a reasonable basis for the opinion expressed in the report. For example, if an auditor does not appropriately investigate certain items identified though technology-assisted analysis when performing a test of details, the auditor may not identify a misstatement that would need to be evaluated under PCAOB standards. In another example, if an auditor does not appropriately evaluate the level of disaggregation of certain information maintained by the company, the auditor would not be able to determine, under PCAOB standards, whether the evidence obtained is relevant to the assertion being tested.85 Furthermore, there is a risk that auditors may choose not to involve technology-assisted analysis in the audit procedures they perform, even if performing such procedures would be a more effective, and may also be a more efficient, way of obtaining audit evidence. For example, an auditor may choose not to perform a substantive procedure that involves technologyassisted analysis if the auditor cannot determine whether the procedure would be considered a test of details under existing standards. 2. How the Final Amendments Address the Need The final amendments address the risk that the auditor may not obtain sufficient appropriate audit evidence when addressing one or more financial statement assertions. For example, the final amendments: (i) specify considerations for the auditor when items are identified for further investigation as part of performing a test of details; 86 (ii) specify procedures the auditor should perform to evaluate the reliability of information the company receives from one or more external 85 See, e.g., Helen Brown-Liburd, Hussein Issa, and Danielle Lombardi, Behavioral Implications of Big Data’s Impact on Audit Judgment and Decision Making and Future Research Directions, 29 Accounting Horizons 451 (2015) (discussing how irrelevant information may limit the value of data analysis). See also Financial Reporting Council, Audit Quality. 86 See detailed discussion above. E:\FR\FM\02JYN1.SGM 02JYN1 54940 Federal Register / Vol. 89, No. 127 / Tuesday, July 2, 2024 / Notices sources and that is provided to the auditor in electronic form and used as audit evidence; 87 and (iii) clarify that if the auditor uses an audit procedure for more than one purpose, the auditor should achieve each objective of the procedure.88 The final amendments also address the risk that auditors may choose not to perform audit procedures involving technology-assisted analysis by: (i) specifying responsibilities when performing tests of details; 89 and (ii) clarifying that an audit procedure may be used for more than one purpose.90 Collectively, the amendments should lead auditors to perceive less risk of noncompliance with PCAOB standards when using technology-assisted analysis. lotter on DSK11XQN23PROD with NOTICES1 Economic Impacts This section discusses the expected benefits and costs of the final amendments and potential unintended consequences. In the proposing release, the Board noted that it expected the economic impact of the amendments, including both benefits and costs, to be relatively modest. Some commenters disagreed with the characterization of costs and benefits as ‘‘modest,’’ stating that both costs and benefits of technology-assisted analysis can be substantial. However, the Board did not attempt to describe the overall costs and benefits of the use of technologyassisted analysis, but rather the marginal impact of the final amendments. It is difficult to quantify the benefits and costs because the final amendments do not require the adoption of any specific tools for technology-assisted analysis or that the auditor perform technology-assisted analysis. Some firms may choose to increase their investments in technology, and others may choose to make minimal changes to their existing audit practices. In general, the Board expects that firms will incur costs to implement or expand the use of technology-assisted analysis if firms determine that the benefits of doing so justify the costs. The Board included qualitative references to the benefits and costs associated with the use of technology-assisted analysis, including those raised by commenters. 1. Benefits The final amendments may lead auditors to design and perform audit procedures more effectively, because 87 See detailed discussion above. detailed discussion above. 89 See detailed discussion above. 90 See detailed discussion above. 88 See VerDate Sep<11>2014 17:34 Jul 01, 2024 Jkt 262001 they clarify and strengthen requirements of AS 1105 and AS 2301 related to aspects of designing and performing audit procedures that involve technology-assisted analysis. More effective audit procedures may lead to higher audit quality, more efficient audits, lower audit fees, or some combination of the three. To the extent the amendments lead to higher audit quality, they should benefit investors and other financial statement users by reducing the likelihood that the financial statements are materially misstated, whether due to error or fraud. An increase in audit quality should in turn benefit investors as they may be able to use the more reliable financial information to improve the efficiency of their capital allocation decisions (e.g., investors may more accurately identify companies with the strongest prospects for generating future risk-adjusted returns and allocate their capital accordingly). Some commenters stated that the proposed amendments would benefit investors and the general public by reducing audit failures. One commenter stated that the analysis in the proposing release appeared to suggest that existing financial information and audits are ‘‘less reliable.’’ The Board’s intent was not to suggest that existing audits are unreliable, but rather that the proposed amendments may increase audit quality, which should in turn increase investors’ confidence in the information contained in financial statements. In theory, if investors perceive less risk in capital markets generally, their willingness to invest in capital markets may increase, and thus the supply of capital may increase. An increase in the supply of capital could increase capital formation while also reducing the cost of capital to companies.91 The Board is unable to quantify in precise terms this potential benefit, which would depend both on how audit firms respond to the standard and on how their response affects audit quality, factors that are likely to vary across audit firms and across engagements. Auditors also are expected to benefit from the final amendments because the additional clarity provided by the amendments should reduce regulatory uncertainty and the associated compliance costs. Specifically, the final amendments 91 See, e.g., Hanwen Chen, Jeff Zeyun Chen, Gerald J. Lobo, and Yanyan Wang, Effects of Audit Quality on Earnings Management and Cost of Equity Capital: Evidence from China, 28 Contemporary Accounting Research 892 (2011); Richard Lambert, Christian Leuz, and Robert E. Verrecchia, Accounting Information, Disclosure, and the Cost of Capital, 45 Journal of Accounting Research 385 (2007). PO 00000 Frm 00179 Fmt 4703 Sfmt 4703 should provide auditors with a better understanding of their responsibilities, which in turn should reduce the risk that auditors design and perform potentially unnecessary audit procedures (e.g., potentially duplicative audit procedures). Most commenters agreed that the proposed amendments would allow auditors to design and perform audit procedures more effectively, ultimately leading to higher quality audits. Some commenters identified specific benefits to audit quality resulting from increased use of technology-assisted analysis, such as the ability to automate some repetitive tasks and to improve the performance of risk assessment procedures and fraud and planning procedures. One commenter stated that the proposed amendments could result in the ineffective use of analytics if there is implicit pressure for firms to adopt technology-assisted analysis without appropriately preparing for its use, and another stated that the proposed amendments may not change the likelihood of not obtaining sufficient appropriate audit evidence. As discussed below, the final amendments are principles-based and are intended to clarify auditors’ responsibilities when using technology-assisted analysis. The following discussion describes the benefits of key aspects of the final amendments that are expected to impact auditor behavior. To the extent that a firm has already incorporated aspects of the amendments into its methodology, some of the benefits described below would be reduced.92 i. Decreasing the Likelihood of Not Obtaining Sufficient Appropriate Audit Evidence The final amendments are expected to enhance audit quality by decreasing the likelihood that an auditor who performs audit procedures using technologyassisted analysis will issue an auditor’s report without obtaining sufficient appropriate audit evidence that provides a reasonable basis for the opinion expressed in the report. For example, the final amendments specify auditors’ responsibilities for investigating items identified when performing a test of details. In another example, the final amendments specify auditors’ responsibilities for evaluating the reliability of certain information provided by the company in electronic form and used as audit evidence. As a result, auditors may be more likely to obtain sufficient appropriate audit evidence when designing and performing audit procedures that use 92 See E:\FR\FM\02JYN1.SGM discussion above. 02JYN1 Federal Register / Vol. 89, No. 127 / Tuesday, July 2, 2024 / Notices technology-assisted analysis, resulting in higher audit quality. As described above, the higher audit quality should benefit investors and other financial statement users by reducing the likelihood that the financial statements are materially misstated, whether due to error or fraud. These potential benefits to audit quality apply both to audit engagements where auditors currently incorporate technology-assisted analysis into their audit approach and audit engagements where auditors have been previously reluctant to use technologyassisted analysis because of the risk of noncompliance. ii. Greater Use of Technology-Assisted Analysis lotter on DSK11XQN23PROD with NOTICES1 The final amendments may lead to some increase in the use of technologyassisted analysis by auditors when designing and performing multi-purpose audit procedures and tests of details. For example, the final amendments clarify the description of a ‘‘test of details.’’ As a result of this clarification, auditors may make greater use of technology-assisted analysis when designing or performing tests of details because they may perceive a reduction in noncompliance risk. Notwithstanding the associated fixed and variable costs, greater use of technology-assisted analysis by the auditor when designing or performing audit procedures may allow the auditor to perform engagements with fewer resources, which may increase the overall resources available to perform audits.93 In economic terms, it may increase the supply of audit quality.94 For example, obtaining sufficient appropriate audit evidence by using technology-assisted analysis may require fewer staff hours than obtaining the evidence manually. Current labor shortages of qualified individuals and decreases in accounting graduates and new CPA examination candidates amplify the value of gathering sufficient appropriate audit evidence with fewer staff hours.95 93 See below (discussing costs associated with greater use of technology-assisted analysis). 94 For purposes of this discussion, ‘‘audit quality’’ refers to assurance on the financial statements provided by the auditor to the users of the financial statements. The ‘‘supply of audit quality’’ is the relationship between audit quality and incremental cost to the auditor. An ‘‘increase in the supply of audit quality’’ occurs when the incremental costs of audit quality decrease (e.g., due to technological advances) and the auditor is able to profitably provide more audit quality at a given cost. 95 See, e.g., AICPA Private Companies Practice Section, 2022 PCPS CPA Top Issues Survey (2022); AICPA, 2021 Trends: A Report on Accounting Education, the CPA Exam and Public Accounting Firms’ Hiring of Recent Graduates (2021). VerDate Sep<11>2014 17:34 Jul 01, 2024 Jkt 262001 Apart from consideration of demands from the audited company, discussed in greater detail below, the efficiencies that may arise from greater utilization of technology-assisted analysis would be retained by the auditor in the form of higher profit. However, to better address regulatory, litigation, or reputational risks, the auditor may choose to redeploy engagement-level resources to other work. For example, auditors may shift staff resources to audit areas or issues that are more complex or require more professional judgment.96 As a result of the greater use of technology-assisted analysis by auditors, some companies may be able to obtain a higher level of audit quality or renegotiate their audit fee, or both. The outcome would likely vary by company depending on the competitiveness of the company’s local audit market and the company’s audit quality expectations. For example, negotiating power may be smaller for larger multinational companies, which may have fewer auditor choices, than for smaller companies, which may have more auditor choices. Furthermore, some companies may expect their auditor to reassign engagement team staff resources from repetitive or less complex audit procedures to more judgmental aspects of the audit. Other companies may expect the engagement team to perform the audit with fewer firm resources (e.g., fewer billable hours). Some research suggests that most companies prefer audit fee reductions in response to their auditor’s greater use of data analytics.97 Because the final amendments do not require the auditor to use technologyassisted analysis when designing and performing audit procedures, the associated benefits would likely be limited to cases where auditors determine that their benefits justify their costs, including any fixed costs required to update the auditor’s approach (e.g., update methodologies, provide training). The fixed costs may be significant; however, some firms may have incurred some of these costs already.98 Moreover, despite the continued tendency of companies to adopt ERP systems to house their accounting and financial reporting data, some companies’ data may remain prohibitively difficult to obtain and analyze, thus limiting the extent to which the auditor can use technologye.g., Salijeni et al., Big Data. Austin et al., The Data Analytics Journey. 98 See discussion above, discussing increased availability of data analytic tools at larger firms and Austin et al., The Data Analytics Journey 1908. PO 00000 96 See, 97 See Frm 00180 Fmt 4703 Sfmt 4703 54941 assisted analysis.99 Some survey research also suggests that some firms lack sufficient staff resources to appropriately deploy data analysis.100 Collectively, these private costs may deter some auditors from incorporating technology-assisted analysis into their audit approach and thereby reduce the potential benefits associated with greater use of technology-assisted analysis. Some commenters suggested that audit fees are unlikely to decrease as a result of increased use of technologyassisted analysis due primarily to the costs involved with using technologyassisted analysis. One commenter stated that the Board’s analysis in the proposal focused on reducing costs (which could put downward pressure on audit fees), and suggested that the analysis should focus instead on enabling auditors to shift resources to higher risk areas of the audit, which should increase audit quality. Another commenter urged the PCAOB not to include commentary that relates the greater use of technologyassisted analysis to lower audit fees on the grounds that the proposing release underestimated the costs to smaller firms of designing, implementing, and operating technology-assisted analysis. The commenter added that such commentary could have the unintended effect of encouraging firms to reduce costs and therefore choose to use analytics ineffectively or choose not to implement technology-assisted analysis. A different commenter noted that the ‘‘supposition that efficiencies would accrue to the firms, potentially impacting audit efficiencies or even audit fees, is beyond the Board’s charge of improving audit quality.’’ The Board acknowledged that there can be significant costs associated with the use of technology-assisted analysis, particularly with the initial implementation of technology-assisted analysis tools, which some firms may pass on to audited companies in the form of higher audit fees, at least in the short term. However, the Board noted that the final amendments do not require the use of technology-assisted analysis, and academic studies suggest that greater use of data analytics could reduce audit fees.101 99 See, e.g., Austin et al., The Data Analytics Journey 1906. 100 See, e.g., Saligeni et al., Big Data 108. See also CPA Canada, Audit Data Analytics. However, some more recent survey research suggests that auditors tend to agree that they have the technical expertise to deploy data analytics. See Eilifsen et al., An Exploratory Study 84. 101 See Austin et al., The Data Analytics Journey 1891. E:\FR\FM\02JYN1.SGM 02JYN1 54942 Federal Register / Vol. 89, No. 127 / Tuesday, July 2, 2024 / Notices lotter on DSK11XQN23PROD with NOTICES1 One commenter stated that the PCAOB should be ‘‘agnostic’’ about the use of audit technology and should focus on audit quality rather than audit efficiency. The Board believes that the PCAOB’s focus on audit quality does not preclude it from considering the effect of audit efficiency on the Board’s stakeholders. Furthermore, audit efficiencies in one area may allow auditors to redeploy resources to other audit areas that are more complex or require more professional judgment, resulting in increased audit quality. 2. Costs To the extent that firms make changes to their existing audit approaches as a result of the final amendments, they may incur certain fixed costs (i.e., costs that are generally independent of the number of audits performed), including costs to: update audit methodologies, templates, and tools; prepare training materials; train their staff; and develop or purchase software. GNFs and some NAFs are likely to update their methodologies using internal resources, whereas other NAFs are likely to purchase updated methodologies from external vendors. In addition, firms may incur certain engagement-level variable costs. For example, the final amendments related to evaluating whether certain information provided by the company in electronic form and used as audit evidence is reliable could require additional time and effort by engagement teams that use such information in performing audit procedures. This additional time, and therefore the resulting variable costs, may be less on integrated audits or financial-statement audits that take a controls reliance approach because, in these cases, internal controls over the information, including ITGCs and automated application controls, may already be tested. As another example, some firms may incur software license fees that vary by the number of users. To the extent that auditors incur higher costs to implement the amendments and can pass on at least part of the increased costs through an increase in audit fees, audited companies may also incur an indirect cost. Some commenters stated that they do not believe the fixed and variable cost increases will be modest as stated in the proposal, and that the evolution of technology-assisted analysis may render tools and training obsolete, requiring renewed investment at regular intervals. One of these commenters referenced increased resource costs such as the need to investigate items identified through technology-assisted analysis. VerDate Sep<11>2014 17:34 Jul 01, 2024 Jkt 262001 One commenter stated that the proposing release mischaracterized the costs to NAFs of implementing technology-assisted analysis. This commenter noted that costs could include a learning curve for new technology adoption, increased costs of hiring engagement team members with appropriate skill sets, obtaining reliable data, and the development or purchase of software tools. Another stated that some audit firms already use technology, so both costs and benefits would be modest for those firms. As the Board discussed in the proposal and as reiterated above, the final amendments do not require the use of technologyassisted analysis. Therefore, the costs discussed by these commenters would occur only if firms determined it was in their best interest to incur them. Some aspects of the final amendments may result in more or different costs than others. The following discussion describes the potential costs associated with specific aspects of the amendments. i. Potential Additional Audit Procedures and Implementation Costs The final amendments clarify and specify auditor responsibilities when designing and performing audit procedures that involve technologyassisted analysis. As a result, some auditors may perform incremental procedures to comply with the final amendments, which may lead to incremental costs. For example, in addition to applying technology-assisted analysis when testing specific items in the population, some auditors may address the items not selected for testing by performing other substantive procedures if the auditor determines that there is a reasonable possibility of a risk of material misstatement in the items not selected for testing (i.e., the remaining population). To the extent that auditors currently do not fulfill their responsibilities under existing PCAOB standards related to the remaining population when there is a reasonable possibility of a risk of material misstatement, those firms may incur one-time costs to update firm methodologies and ongoing costs related to fulfilling their responsibilities. In another example, an auditor may determine that incremental procedures are necessary to evaluate the reliability of external information provided by the company in electronic form.. These incremental procedures may apply to audit engagements where auditors currently incorporate technologyassisted analysis into their audit approach, and audit engagements where auditors have been reluctant to use PO 00000 Frm 00181 Fmt 4703 Sfmt 4703 technology-assisted analysis due to the risk of noncompliance. At the firm level, some firms may incur relatively modest fixed costs to update their methodologies and templates (e.g., documentation templates) or customize their technology-based tools. Firms may also need to prepare training materials and train their staff. Firms may incur relatively modest variable costs if they determine that additional time and effort on an individual audit engagement is necessary in order to comply with the final amendments. For example, a firm may incur additional variable costs to investigate items identified when performing a test of details. ii. Greater Use of Technology-Assisted Analysis As discussed above, the final amendments do not require the use of technology-assisted analysis in an audit. However as noted above, the final amendments may lead to some increase in the use of technology-assisted analysis by auditors when designing and performing multi-purpose audit procedures and tests of details. The greater use of technology-assisted analysis by the auditor may allow the auditor to perform engagements with fewer resources. However, this potential efficiency benefit would likely be offset, in part, by fixed and variable costs to the audit firm. Fixed costs may be incurred to incorporate technologyassisted analysis into the audit approach. For example, some firms may purchase, develop, or customize new tools.102 Some firms may choose to hire programmers to develop tools internally. Firms may also incur fixed costs to obtain an understanding of companies’ information systems.103 Some commenters stated that the costs to research, develop, and implement technology-assisted analysis can be significant. They also stated that rapid technological advancements require continual investment by audit firms to keep pace. Because the final amendments do not require the adoption of technology-assisted analysis, any such investments by firms would be made only if they determine that the benefits justify the costs. Relatively modest variable costs may be incurred to use technology-assisted 102 See Financial Reporting Council, Audit Quality. See also Austin et al., The Data Analytics Journey 1908. 103 See Eilifsen et al., An Exploratory Study 71 (discussing how audit data analytics are used less often when the company does not have an integrated ERP/IT system). See also Financial Reporting Council, Audit Quality. E:\FR\FM\02JYN1.SGM 02JYN1 Federal Register / Vol. 89, No. 127 / Tuesday, July 2, 2024 / Notices analysis on individual audit engagements. For example, firms may incur variable costs associated with preparing company data for analysis or updating their technology-based tools. Several commenters stated that there are costs associated with obtaining or preparing data in a format that can be utilized by specific tools for technologyassisted analysis. In another example, a firm may incur variable costs to obtain specialized expertise for using technology-assisted analysis on audit engagements. For example, a firm data analytics specialist may be used on an audit engagement to automate certain aspects of data preparation or design and perform a custom technologyassisted analysis. One commenter noted that the investigation of items identified by technology-assisted analysis requires resources such as the involvement of personnel who are skilled in interpreting the results of technologyassisted analysis. As a result, according to the commenter, the use of technology-assisted analysis may not necessarily reduce costs and may increase costs. As discussed above, auditors may increase audit fees due to costs associated with the use of technology-assisted analysis, passing along some of those costs to audited companies. Several factors may limit the costs associated with greater use of technology-assisted analysis in an audit. First, the costs would likely be incurred by a firm only if it determined that the private benefits to it would exceed the private costs. Second, some firms have already made investments to incorporate technology-assisted analysis in audits. Finally, the cost of software that can process and analyze large volumes of data has been decreasing.104 lotter on DSK11XQN23PROD with NOTICES1 3. Potential Unintended Consequences In addition to the benefits and costs discussed above, the final amendments could have unintended economic impacts. The following discussion describes potential unintended consequences considered by the Board and, where applicable, factors that mitigate them. These include actions taken by the Board as well as the existence of other countervailing forces. i. Reduction in the Use of TechnologyAssisted Analysis It is possible that, as a result of the final amendments, some auditors could reduce their use of technology-assisted analysis. This could occur if the final amendments were to lead firms to conclude that the private benefits would 104 See discussion above. VerDate Sep<11>2014 17:34 Jul 01, 2024 Jkt 262001 not justify the private costs of involving technology-assisted analysis in their audit approach. For example, the final amendments specify considerations for investigating items identified by the auditor when performing a test of details and procedures for evaluating the reliability of certain information the company receives from one or more external sources and used as audit evidence. As discussed above, such additional responsibilities could lead to fixed costs at the firm level and variable costs at the engagement level. As a result, some auditors may choose not to use audit procedures that involve technology-assisted analysis. Several factors would likely mitigate any negative effects associated with this potential unintended consequence. First, the Board believes that any decrease in the use of technologyassisted analysis would likely arise from a reduction in the performance of audit procedures that would not have contributed significantly to providing sufficient appropriate audit evidence. This development would therefore probably benefit, rather than detract from, audit quality. For example, currently some auditors might not appropriately investigate items identified when using technologyassisted analysis in performing tests of details. The amendments specify auditors’ responsibilities for investigating the items identified. If auditors view the requirement as too costly to implement, they may instead choose to perform audit procedures that do not involve the use of technologyassisted analysis. If the other procedures chosen by the auditor provide sufficient appropriate audit evidence, the reduction in the performance of audit procedures that involve technologyassisted analysis (where auditors did not appropriately investigate items identified) would benefit audit quality. Second, any reduction in the use of technology-assisted analysis resulting from certain of the amendments, such as in the above scenario, may be offset by the greater use of technology-assisted analysis in other scenarios. For example, as discussed above, the final amendments clarify the description of a ‘‘test of details.’’ As a result, auditors may make greater use of technologyassisted analysis in performing tests of details because they may perceive a reduction in noncompliance risk. Finally, because the final amendments are principles-based, auditors will be able to tailor their work subject to the amendments to the facts and circumstances of the audit. For example, the amendments do not prescribe procedures for investigating PO 00000 Frm 00182 Fmt 4703 Sfmt 4703 54943 items identified when performing a test of details. Rather, the auditor will be able to structure the investigation based on, among other things, the type of analysis and the assessed risks of material misstatement.105 Some commenters stated that the proposed amendments could potentially deter auditors from using technologyassisted analysis; in contrast, others said that the proposed amendments could potentially pressure auditors to use technology-assisted analysis. As outlined above, the final amendments, consistent with the proposal, do not require the use of technology-assisted analysis, and the Board believes that auditors will use technology-assisted analysis to the extent that it allows them to perform audit procedures in a more efficient or effective manner. Some commenters expressed appreciation for PCAOB standards that allow auditors to employ appropriate audit procedures based on the facts and circumstances of the audit engagement. They agreed with the scalable, principles-based approach that allows for use of technologyassisted analysis to the extent that it is effective and efficient, taking into consideration the firm size, company size, and other circumstances of the audit engagement. ii. Inappropriately Designed MultiPurpose Audit Procedures It is possible that some auditors could view the final amendments as allowing any audit procedure that involves technology-assisted analysis to be considered a multi-purpose procedure. Auditors who hold this view may fail to design and perform audit procedures that provide sufficient appropriate audit evidence. This potential unintended consequence would be mitigated by: (i) existing requirements of PCAOB standards; and (ii) the amendment to paragraph .14 of AS 1105. Existing PCAOB standards address auditors’ responsibilities for designing and performing procedures to identify, assess, and respond to risks of material misstatement and obtaining sufficient appropriate audit evidence.106 Auditor responsibilities established by existing PCAOB standards apply to the performance of both audit procedures that are designed to achieve a single objective and audit procedures that are designed to achieve multiple objectives. Further, existing standards specify auditor responsibilities in certain scenarios that involve multi-purpose audit procedures. For example, existing PCAOB standards provide that an audit 105 See discussion above. e.g., AS 2110 and AS 2301. 106 See, E:\FR\FM\02JYN1.SGM 02JYN1 lotter on DSK11XQN23PROD with NOTICES1 54944 Federal Register / Vol. 89, No. 127 / Tuesday, July 2, 2024 / Notices procedure may serve as both a risk assessment procedure and a test of controls provided that the auditor meets the objectives of both procedures.107 In another example, existing PCAOB standards provide that audit procedures may serve as both a test of controls and a substantive procedure provided that the auditor meets the objectives of both procedures.108 In addition, the amendment to paragraph .14 of AS 1105 would further mitigate the risk that auditors fail to design and perform multi-purpose audit procedures. The amendment would emphasize the auditor’s responsibility to achieve particular objectives specified in existing PCAOB standards when using audit evidence from an audit procedure for multiple purposes. higher audit fees,109 it may also reduce companies’ opportunity to opinion shop, thereby positively impacting audit quality.110 In contrast, some literature suggests that reduced competition may have a negative effect on audit quality.111 Finally, any negative impact on the smaller firms’ ability to compete with larger firms would likely be limited to smaller and mid-sized companies because smaller firms may lack the economies of scale and multi-national presence to compete for the audits of larger companies. Indeed, there is some evidence that smaller and larger audit firms do not directly compete with each other in some segments of the audit market 112 although some research suggests that smaller and larger firms do compete locally in some cases.113 iii. Disproportionate Impact on Smaller Firms Alternatives Considered The development of the final amendments involved considering numerous alternative approaches to addressing the problems described above. This section explains: (i) why standard setting is preferable to other policy-making approaches, such as providing interpretive guidance or enhancing inspection or enforcement efforts; (ii) other standard-setting approaches that were considered; and (iii) key policy choices made by the Board in determining the details of the amendments. It is possible that the costs of the final amendments could disproportionately impact smaller firms. As discussed in Section IV.C.2 above, increased use of technology-assisted analysis may require incremental investment and specialized skills. Smaller firms have fewer audit engagements over which to distribute fixed costs (i.e., they lack economies of scale). As a result, smaller firms may be less likely than larger firms to increase their use of technology-assisted analysis when designing and performing multi-purpose audit procedures and tests of details. Although the final amendments do not require auditors to use technologyassisted analysis, a choice not to use it may negatively impact smaller firms’ ability to compete with larger firms (e.g., if using technology-assisted analysis is expected by prospective users of the auditor’s report). One commenter stated that the costs of using technologyassisted analysis could be significant and cause audits performed by small and mid-sized accounting firms to be uneconomical. This potential unintended negative consequence would be mitigated by several factors. First, the fixed costs associated with the amendments may be offset by engagement-level efficiencies which may increase the competitiveness of smaller firms. Second, as discussed above, the costs associated with acquiring and incorporating technologybased analytical tools into firms’ audit approaches have been decreasing and may continue to decrease. Third, while reduced competition may result in 107 See 108 See AS 2110.39. AS 2301.47. VerDate Sep<11>2014 17:34 Jul 01, 2024 Jkt 262001 1. Why Standard Setting Is Preferable to Other Policy-Making Approaches The Board’s policy tools include alternatives to standard setting, such as issuing interpretive guidance or 109 See, e.g., Joshua L. Gunn, Brett S. Kawada, and Paul N. Michas, Audit Market Concentration, Audit Fees, and Audit Quality: A Cross-Country Analysis of Complex Audit Clients, 38 Journal of Accounting and Public Policy 1 (2019). 110 See, e.g., Nathan J. Newton, Julie S. Persellin, Dechun Wang, and Michael S. Wilkins, Internal Control Opinion Shopping and Audit Market Competition, 91 The Accounting Review 603 (2016); Nathan J. Newton, Dechun Wang, and Michael S. Wilkins, Does a Lack of Choice Lead to Lower Quality?: Evidence from Auditor Competition and Client Restatements, 32 Auditing: A Journal of Practice & Theory 31 (2013). 111 See, e.g., Jeff P. Boone, Inder K. Khurana, and K.K. Raman, Audit Market Concentration and Auditor Tolerance for Earnings Management, Contemporary Accounting Research 29 (2012); Nicholas J. Hallman, Antonis Kartapanis, and Jaime J. Schmidt, How Do Auditors Respond to Competition? Evidence From the Bidding Process, Journal of Accounting and Economics 73 (2022). 112 See, e.g., GAO Report No. GAO–03–864, Public Accounting Firms: Mandated Study on Consolidation and Competition (July 2003). 113 See, e.g., Kenneth L. Bills and Nathaniel M. Stephens, Spatial Competition at the Intersection of the Large and Small Audit Firm Markets, 35 Auditing: A Journal of Practice and Theory 23 (2016). PO 00000 Frm 00183 Fmt 4703 Sfmt 4703 increasing the focus on inspections or enforcement of existing standards. The Board considered whether providing guidance or enhancing inspection or enforcement efforts would be effective mechanisms to address concerns associated with aspects of designing and performing audit procedures that involve technology-assisted analysis. One commenter stated that PCAOB staff guidance would be preferable to standard setting to communicate the requirements. Several commenters stated that additional guidance and examples would be helpful for auditors when applying existing standards and the proposed amendments when performing audit procedures that involve technology-assisted analysis. Interpretive guidance inherently provides additional information about existing standards. Inspection and enforcement actions take place after insufficient audit performance (and potential investor harm) has occurred. Devoting additional resources to interpretive guidance, inspections, or enforcement activities, without improving the relevant performance requirements for auditors, would at best focus auditors’ performance on existing standards and would not provide the benefits associated with improving the standards, which are discussed above. The In contrast, some literature suggests that reduced competition may have a negative effect on audit quality.amendments, by contrast, are designed to improve PCAOB standards by adding further clarity and specificity to existing requirements. For example, the amendments specify auditor responsibilities for evaluating the reliability of external information provided by the company in electronic form and used as audit evidence. In another example, the amendments clarify auditor responsibilities when the auditor uses an audit procedure for more than one purpose. 2. Other Standard-Setting Approaches Considered The Board considered, but decided against, developing a standalone standard that would address designing and performing audit procedures that involve technology-assisted analysis. Addressing the use of technologyassisted analysis in a standalone standard could further highlight the auditor’s responsibilities relating to using technology-assisted analysis. However, a new standalone standard would also unnecessarily duplicate many of the existing requirements, because existing PCAOB standards are already designed to be applicable to audits performed with the use of E:\FR\FM\02JYN1.SGM 02JYN1 Federal Register / Vol. 89, No. 127 / Tuesday, July 2, 2024 / Notices technology, including technologyassisted analysis. Further, as the discussion above explains in greater detail, the Board’s research indicates that auditors are using technology-assisted analysis in audit procedures. Rather than developing a new standalone standard, the final amendments use a more targeted approach that includes amending certain requirements of the standards where the Board’s research has indicated the need for providing further clarity and specificity regarding designing and performing audit procedures that involve technologyassisted analysis. 3. Key Policy Choices lotter on DSK11XQN23PROD with NOTICES1 i. Investigating Certain Items Identified by the Auditor As discussed above, auditors may use technology-assisted analysis to identify items within a population (e.g., transactions in an account) for further investigation when performing a test of details.114 The auditor’s investigation may include, for example, examining documentary evidence for items identified through the analysis, or designing and performing other audit procedures to determine whether the items identified individually or in the aggregate indicate misstatements or deficiencies in the company’s internal control over financial reporting. The Board considered but did not prescribe specific audit procedures to investigate items identified by the auditor in the way described in the above examples. Instead, the final amendments specify that audit procedures that the auditor performs to investigate the identified items are part of the auditor’s response to the risk of material misstatement. The auditor determines the nature, timing, and extent of such procedures in accordance with PCAOB standards. The Board also considered, but did not prescribe, specific audit procedures to address items not selected for a test of details (i.e., remaining items in the population) when the auditor’s means of selecting items was selecting specific items. Although certain audit procedures may be effective to address the assessed risk under certain circumstances, other audit procedures may be more effective under different circumstances. Because of the wide range of both the analyses that the auditor may perform to identify items for further investigation, and the potentially appropriate audit procedures that the auditor may perform to investigate them, the Board believes that 114 See detailed discussion above. VerDate Sep<11>2014 17:34 Jul 01, 2024 Jkt 262001 an overly prescriptive standard could in certain cases lead auditors to perform audit procedures without considering the facts and circumstances of the audit engagement. ii. Describing a New Specific Audit Procedure The Board considered but did not describe (or define), technology-assisted analysis or similar terms (e.g., data analysis or data analytics) in AS 1105 as a new specific audit procedure. Although describing technology-assisted analysis as a specific audit procedure might clarify certain auditor responsibilities, it could also create confusion and unnecessarily constrain the potential use of such analyses in the audit. As the Board’s research indicates, and as commenters have stated, auditors already incorporate technology-assisted analysis in various types of audit procedures (e.g., inspection, recalculation, reperformance, analytical procedures) that are used for various purposes (e.g., identifying risk or responding to risk). In addition, describing technology-assisted analysis or similar terms would present challenges because the meaning of such terms may vary depending on the context and may further evolve as technology evolves. iii. Requiring Auditors’ Use of Technology The final amendments, consistent with existing PCAOB standards, are principles-based and are intended to be applicable to all audits conducted under PCAOB standards. An investor-related group commented that the Board should consider requiring that auditors use certain types of technology-based tools that financial research and investment management firms have used to assess and verify the accuracy and completeness of financial statements, in order to improve audit quality and help detect fraud. In contrast, some commenters noted that requiring the use of certain technology could have unintended consequences for smaller companies and affect the ability of smaller firms to compete. As one commenter noted, clients of small and mid-sized accounting firms may rely on other processes appropriate to their size to manage their operations and financial reporting, and the use of technologyassisted analysis may not be as costeffective in those circumstances. Another commenter noted that it is important that PCAOB standards continue to enable auditors to employ audit procedures that are appropriate based on the engagement-specific facts and circumstances, recognizing that PO 00000 Frm 00184 Fmt 4703 Sfmt 4703 54945 technology-assisted analysis may not be the most effective option and therefore its use should not be expected on all audits. That commenter emphasized the need for the proposed amendments to be scalable for firms (and the companies they audit) of all sizes and with varying technological resources. Several other commenters stated that the principlesbased nature of the proposed amendments was important, so that they can be applicable to all PCAOBregistered firms and the audits they conduct under PCAOB standards, regardless of the size of the firm or complexity of the issuer. The Board considered the views of commenters, including those of investors, and the Board decided not to require auditors’ use of technology as part of these amendments, which would have been outside the scope of the project. Maintaining a principles-based approach to these amendments is appropriate due to the ever-evolving nature of technology; requiring the use of specific types of technology, based on how they are used currently, could quickly become outdated. In addition, as discussed above, the Board’s Technology Innovation Alliance Working Group continues to advise the Board on the use of emerging technologies by auditors and preparers relevant to audits and their potential impact on audit quality. These ongoing activities may inform future standardsetting projects. Application of the Proposed Rules to Audits of Emerging Growth Companies Pursuant to section 104 of the Jumpstart Our Business Startups (‘‘JOBS’’) Act, rules adopted by the Board subsequent to April 5, 2012, generally do not apply to the audits of emerging growth companies (i.e., EGCs), as defined in section 3(a)(80) of the Exchange Act, unless the SEC ‘‘determines that the application of such additional requirements is necessary or appropriate in the public interest, after considering the protection of investors, and whether the action will promote efficiency, competition, and capital formation.’’ 115 As a result of the JOBS Act, the rules and related amendments to PCAOB standards that the Board adopts are generally subject to a 115 See Public Law 112–106 (Apr. 5, 2012). See also section 103(a)(3)(C) of Sarbanes-Oxley, as added by section 104 of the JOBS Act (providing that any rules of the Board requiring: (1) mandatory audit firm rotation; or (2) a supplement to the auditor’s report in which the auditor would be required to provide additional information about the audit and the financial statements of the issuer (auditor discussion and analysis), shall not apply to an audit of an EGC. The amendments do not fall within either of these two categories). E:\FR\FM\02JYN1.SGM 02JYN1 54946 Federal Register / Vol. 89, No. 127 / Tuesday, July 2, 2024 / Notices lotter on DSK11XQN23PROD with NOTICES1 separate determination by the SEC regarding their applicability to audits of EGCs. To inform consideration of the application of auditing standards to audits of EGCs, the PCAOB staff prepares a white paper annually that provides general information about characteristics of EGCs.116 As of the November 15, 2022, measurement date in the February 2024 EGC White Paper, PCAOB staff identified 3,031 companies that self-identified with the SEC as EGCs and filed with the SEC audited financial statements in the 18 months preceding the measurement date.117 As discussed above, auditors are expanding the use of technologyassisted analysis in audits. The final amendments, as discussed above, address aspects of designing and performing audit procedures that involve technology-assisted analysis. The proposed rules are principles-based and are intended to be applied in all audits performed pursuant to PCAOB standards, including audits of EGCs. The discussion of benefits, costs, and unintended consequences of the proposed rules above is generally applicable to all audits performed pursuant to PCAOB standards, including audits of EGCs. The economic impacts on an individual EGC audit would depend on factors such as the auditor’s ability to distribute implementation costs across its audit engagements, whether the auditor has already incorporated technologyassisted analysis into its audit approach, and electronic information acquisition challenges (e.g., information availability, legal restrictions, or privacy concerns). EGCs are more likely to be newer companies, which are typically smaller in size and receive lower analyst coverage. These factors may increase the importance to investors of the higher audit quality resulting from the proposed rules, as high-quality audits 116 See PCAOB, White Paper on Characteristics of Emerging Growth Companies and Their Audit Firms at November 15, 2022 (Feb. 20, 2024) (‘‘EGC White Paper’’), available at https://pcaobus.org/ resources/other-research-projects. 117 The EGC White Paper uses a lagging 18-month window to identify companies as EGCs. Please refer to the ‘‘Current Methodology’’ section in the white paper for details. Using an 18-month window enables staff to analyze the characteristics of a fuller population in the EGC White Paper but may tend to result in a larger number of EGCs being included for purposes of the present EGC analysis than would alternative methodologies. For example, an estimate using a lagging 12-month window would exclude some EGCs that are delinquent in making periodic filings. An estimate as of the measurement date would exclude EGCs that have terminated their registration, or that have exceeded the eligibility or time limits. See id. VerDate Sep<11>2014 17:34 Jul 01, 2024 Jkt 262001 generally enhance the credibility of management disclosures.118 However, as discussed above, the use of technology-assisted analysis appears to be less prevalent among NAFs than GNFs. Therefore, since EGCs are more likely than non-EGCs to be audited by NAFs, the impacts of the proposed rules on EGC audits may be less than on nonEGC audits.119 The proposed rules could impact competition in an EGC’s product market if the indirect costs to audited companies disproportionately impact EGCs relative to their competitors. However, as discussed above, the costs associated with the proposed rules are expected to be relatively modest. Therefore, the impact of the proposed rules on competition, if any, is likewise expected to be limited. Overall, the proposed rules are expected to enhance the efficiency and quality of EGC audits that implement technology-assisted analysis and contribute to an increase in the credibility of financial reporting by those EGCs. To the extent the proposed rules improve EGCs’ financial reporting quality, they may also improve the efficiency of capital allocation, lower the cost of capital, and enhance capital formation. For example, higher financial reporting quality may allow investors to more accurately identify companies with the strongest prospects for generating future risk-adjusted returns and reallocate their capital accordingly. Investors may also perceive less risk in EGC capital markets generally, leading to an increase in the supply of capital to EGCs. This may increase capital 118 Researchers have developed a number of proxies that are thought to be correlated with information asymmetry, including small company size, lower analyst coverage, larger insider holdings, and higher research and development costs. To the extent that EGCs exhibit one or more of these properties, there may be a greater degree of information asymmetry for EGCs than for the broader population of companies, which increases the importance to investors of the external audit to enhance the credibility of management disclosures. See, e.g., Steven A. Dennis and Ian G. Sharpe, Firm Size Dependence in the Determinants of Bank Term Loan Maturity, 32 Journal of Business Finance & Accounting 31 (2005); Michael J. Brennan and Avanidhar Subrahmanyam, Investment Analysis and Price Formation in Securities Markets, 38 Journal of Financial Economics 361 (1995); David Aboody and Baruch Lev, Information Asymmetry, R&D, and Insider Gains, 55 The Journal of Finance 2747 (2000); Raymond Chiang and P. C. Venkatesh, Insider Holdings and Perceptions of Information Asymmetry: A Note, 43 The Journal of Finance 1041 (1988); Molly Mercer, How Do Investors Assess the Credibility of Management Disclosures?, 18 Accounting Horizons 185 (2004). 119 Staff analysis indicates that, compared to exchange-listed non-EGCs, exchange-listed EGCs are approximately 2.6 times as likely to be audited by an NAF and approximately 1.3 times as likely to be audited by a triennially inspected firm. Source: EGC White Paper and Standard & Poor’s. PO 00000 Frm 00185 Fmt 4703 Sfmt 4703 formation and reduce the cost of capital to EGCs. We are unable to quantify in precise terms this potential benefit, which would depend both on how audit firms respond to the standard and on how their response affects audit quality, factors that are likely to vary across audit firms and across engagements. Furthermore, if certain of the proposed rules did not apply to the audits of EGCs, auditors would need to address differing audit requirements in their methodologies, or policies and procedures, with respect to audits of EGCs and non-EGCs. This could create the potential for additional confusion. Two commenters on the proposal specifically supported the application of the amendments to EGCs. One of those commenters stated that excluding EGCs from the proposal would be inconsistent with protecting the public interest. Accordingly, and for the reasons explained above, the Board will request that the Commission determine that it is necessary or appropriate in the public interest, after considering the protection of investors and whether the action will promote efficiency, competition, and capital formation, to apply the proposed rules to audits of EGCs. III. Date of Effectiveness of the Proposed Rules and Timing for Commission Action Within 45 days of the date of publication of this notice in the Federal Register or within such longer period (i) as the Commission may designate up to 90 days of such date if it finds such longer period to be appropriate and publishes its reasons for so finding or (ii) as to which the Board consents, the Commission will: (A) By order approve or disapprove such proposed rules; or (B) Institute proceedings to determine whether the proposed rules should be disapproved. IV. Solicitation of Comments Interested persons are invited to submit written data, views and arguments concerning the foregoing, including whether the proposed rules are consistent with the requirements of Title I of the Act. Comments may be submitted by any of the following methods: Electronic Comments • Use the Commission’s internet comment form (https://www.sec.gov/ rules/pcaob); or • Send an email to rule-comments@ sec.gov. Please include PCAOB–2024– 03 on the subject line. E:\FR\FM\02JYN1.SGM 02JYN1 Federal Register / Vol. 89, No. 127 / Tuesday, July 2, 2024 / Notices Paper Comments • Send paper comments in triplicate to Vanessa A. Countryman, Secretary, Securities and Exchange Commission, 100 F Street NE, Washington, DC 20549–1090. All submissions should refer to PCAOB–2024–03. This file number should be included on the subject line if email is used. To help the Commission process and review your comments more efficiently, please use only one method. The Commission will post all comments on the Commission’s internet website (https://www.sec.gov/ rules/pcaob). Copies of the submission, all subsequent amendments, all written statements with respect to the proposed rules that are filed with the Commission, and all written communications relating to the proposed rules between the Commission and any person, other than those that may be withheld from the public in accordance with the provisions of 5 U.S.C. 552, will be available for website viewing and printing in the Commission’s Public Reference Room, 100 F Street NE, Washington, DC 20549, on official business days between the hours of 10 a.m. and 3 p.m. Copies of such filing will also be available for inspection and copying at the principal office of the PCAOB. Do not include personal identifiable information in submissions; you should submit only information that you wish to make available publicly. We may redact in part or withhold entirely from publication submitted material that is obscene or subject to copyright protection. All submissions should refer to PCAOB–2024–03 and should be submitted on or before July 23, 2024. For the Commission, by the Office of the Chief Accountant. Sherry R. Haywood, Assistant Secretary. [FR Doc. 2024–14488 Filed 7–1–24; 8:45 am] BILLING CODE 8011–01–P SECURITIES AND EXCHANGE COMMISSION lotter on DSK11XQN23PROD with NOTICES1 [Release No. 34–100436; File No. SR– CboeBYX–2024–023] Self-Regulatory Organizations; Cboe BYX Exchange, Inc.; Notice of Filing and Immediate Effectiveness of a Proposed Rule Change To Amend Its Fee Schedule To Clarify Its Certification Port Fees June 26, 2024. Pursuant to section 19(b)(1) of the Securities Exchange Act of 1934 (the VerDate Sep<11>2014 17:34 Jul 01, 2024 Jkt 262001 ‘‘Act’’),1 and Rule 19b–4 thereunder,2 notice is hereby given that on June 13, 2024, Cboe BYX Exchange, Inc. (the ‘‘Exchange’’ or ‘‘BYX’’) filed with the Securities and Exchange Commission (the ‘‘Commission’’) the proposed rule change as described in Items I, II, and III below, which Items have been prepared by the Exchange. The Commission is publishing this notice to solicit comments on the proposed rule change from interested persons. I. Self-Regulatory Organization’s Statement of the Terms of Substance of the Proposed Rule Change Cboe BYX Exchange, Inc. (the ‘‘Exchange’’ or ‘‘BYX’’ or ‘‘BYX Equities’’) is filing with the Securities and Exchange Commission (‘‘Commission’’) a proposed rule change to amend its Fee Schedule. The text of the proposed rule change is provided in Exhibit 5. The text of the proposed rule change is also available on the Exchange’s website (https://markets.cboe.com/us/ equities/regulation/rule_filings/BYX/), at the Exchange’s Office of the Secretary, and at the Commission’s Public Reference Room. II. Self-Regulatory Organization’s Statement of the Purpose of, and Statutory Basis for, the Proposed Rule Change In its filing with the Commission, the Exchange included statements concerning the purpose of and basis for the proposed rule change and discussed any comments it received on the proposed rule change. The text of these statements may be examined at the places specified in Item IV below. The Exchange has prepared summaries, set forth in sections A, B, and C below, of the most significant aspects of such statements. A. Self-Regulatory Organization’s Statement of the Purpose of, and Statutory Basis for, the Proposed Rule Change 1. Purpose The Exchange proposes to amend its Fees Schedule to clarify its fees for Certification Logical Port fees.3 By way of background, the Exchange offers a variety of logical ports, which provide users with the ability within the Exchange’s System to accomplish a specific function through a connection, U.S.C. 78s(b)(1). CFR 240.19b–4. 3 The Exchange initially filed this proposed rule change on May 31, 2024 for June 3, 2024 effectiveness (SR–CboeBYX–2024–018). On June 13, 2024, the Exchange withdrew that filing and submitted this filing. PO 00000 1 15 2 17 Frm 00186 Fmt 4703 Sfmt 4703 54947 such as order entry, data receipt or access to information. Specifically, the Exchange offers Logical Ports,4 Purge Ports,5 Multicast PITCH GRP Ports and Multicast PITCH Spin Server Ports.6 For each type of the aforementioned logical ports that is used in the production environment, the Exchange also offers corresponding ports which provide Members and non-Members access to the Exchange’s certification environment to test proprietary systems and applications (i.e., ‘‘Certification Logical Ports’’). The certification environment facilitates testing using replicas of the Exchange’s production environment process configurations which provide for a robust and realistic testing experience. For example, the certification environment allows unlimited firm-level testing of order types, order entry, order management, order throughput, acknowledgements, risk settings, mass cancelations, and purge requests. The Exchange currently provides free of charge one Certification Logical Port per port type offered in the production environment (i.e., Logical Ports, Purge, Multicast PITCH GRP, and Multicast PITCH Spin Server Ports) and a monthly fee of $250 per Certification Logical Port for any additional Certification Logical Ports.7 The Exchange proposes to make clear in the notes section under the Logical Port Fees section of the Fees Schedule that the Certification Logical Port fees only apply if the corresponding logical port type is also in the production environment. For example, if the Exchange intends to adopt a new port type that has not yet been launched in the live production environment, any certification port for that port type will be free until such time that the proposed new port is in the production environment. Once any new logical port type is in the live production environment, Members and NonMembers will only be entitled to one 4 Logical Ports include FIX and BOE ports (used for order entry), drop logical port (which grants users the ability to receive and/or send drop copies) and ports that are used for receipt of certain market data feeds. 5 Purge Ports are dedicated ports that permit a user to simultaneously cancel all or a subset of its orders in one or more symbols across multiple logical ports by requesting the Exchange to effect such cancellation. 6 Spin Ports and GRP Ports are used to request and receive a retransmission of data from the Exchange’s Multicast PITCH data feeds. 7 For example, if a Member maintains 3 FIX Certification Logical Ports, 1 Purge Certification Logical Port, and 1 set of Multicast PITCH Spin Server Certification Logical Port, the Member will be assessed $500 per month for Certification Logical Port Fees (i.e., 1 FIX, 1 Purge and 1 set of Multicast PITCH Spin Server Certification Logical Ports × $0 and 2 FIX Certification Logical Ports × $250). E:\FR\FM\02JYN1.SGM 02JYN1

Agencies

SECURITIES AND EXCHANGE COMMISSION

[Federal Register Volume 89, Number 127 (Tuesday, July 2, 2024)]
[Notices]
[Pages 54922-54947]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2024-14488]


-----------------------------------------------------------------------

SECURITIES AND EXCHANGE COMMISSION

[Release No. 34-100430; File No. PCAOB-2024-03]


Public Company Accounting Oversight Board; Notice of Filing of 
Proposed Rules on Amendments Related to Aspects of Designing and 
Performing Audit Procedures That Involve Technology-Assisted Analysis 
of Information in Electronic Form

June 26, 2024.
    Pursuant to section 107(b) of the Sarbanes-Oxley Act of 2002 
(``Sarbanes-Oxley,'' or the ``Act''), notice is hereby given that on 
June 20, 2024, the Public Company Accounting Oversight Board (the 
``Board'' or the ``PCAOB'') filed with the Securities and Exchange 
Commission (the ``Commission'' or the ``SEC'') the proposed rules 
described in items I and II below, which items have been prepared by 
the Board. The Commission is publishing this notice to solicit comments 
on the proposed rules from interested persons.

I. Board's Statement of the Terms of Substance of the Proposed Rules

    On June 12, 2024, the Board adopted Amendments Related to Aspects 
of Designing and Performing Audit Procedures that Involve Technology-
Assisted Analysis of Information in Electronic Form (``proposed 
rules''). The text of the proposed rules appears in Exhibit A to the 
SEC Filing Form 19b-4 and is available on the Board's website at 
https://pcaobus.org/about/rules-rulemaking/rulemaking-dockets/docket-052 and at the Commission's Public Reference Room.

[[Page 54923]]

II. Board's Statement of the Purpose of, and Statutory Basis for, the 
Proposed Rules

    In its filing with the Commission, the Board included statements 
concerning the purpose of, and basis for, the proposed rules and 
discussed any comments it received on the proposed rules. The text of 
these statements may be examined at the places specified in Item IV 
below. The Board prepared summaries, set forth in sections A, B, and C 
below, of the most significant aspects of such statements. In addition, 
the Board is requesting that the Commission approve the proposed rules, 
pursuant to section 103(a)(3)(C) of the Act, for application to audits 
of emerging growth companies (``EGCs''), as that term is defined in 
section 3(a)(80) of the Securities Exchange Act of 1934 (``Exchange 
Act''). The Board's request is set forth in section D.

A. Board's Statement of the Purpose of, and Statutory Basis for, the 
Proposed Rules

(a) Purpose
    The Board adopted amendments to AS 1105, Audit Evidence, and to AS 
2301, The Auditor's Responses to the Risks of Material Misstatement, 
and conforming amendments to another PCAOB auditing standard 
(collectively, the ``amendments'' or ``final amendments''). The 
amendments are designed to improve audit quality and enhance investor 
protection by addressing the growing use of certain technology in 
audits.
    In particular, the amendments update PCAOB auditing standards to 
more specifically address certain aspects of designing and performing 
audit procedures that involve analyzing information in electronic form 
with technology-based tools (i.e., technology-assisted analysis). The 
amendments are designed to decrease the likelihood that an auditor who 
performs audit procedures using technology-assisted analysis will issue 
an auditor's report without obtaining sufficient appropriate audit 
evidence that provides a reasonable basis for the opinion expressed in 
the report.
    Information from the PCAOB's research project on Data and 
Technology indicates that some auditors are expanding their use of 
technology-assisted analysis (often referred to in practice as ``data 
analysis'' or ``data analytics'') in the audit. Auditors use 
technology-assisted analysis in many different ways, including when 
responding to significant risks of material misstatement to the 
financial statements. For example, some auditors use technology-
assisted analysis to examine the correlation between different types of 
transactions, compare company information to auditor-developed 
expectations or third-party information, or recalculate company 
information.
    Existing PCAOB standards discuss certain fundamental auditor 
responsibilities, including addressing the risks of material 
misstatement to the financial statements by obtaining sufficient 
appropriate audit evidence. However, the standards do not specifically 
address certain aspects of using technology-assisted analysis in the 
audit. If not designed and executed appropriately, audit procedures 
that involve technology-assisted analysis may not provide sufficient 
appropriate audit evidence as required by the standards.
    Having considered the expanded use of technology-assisted analysis 
by auditors, the Board proposed amendments in June 2023 to address 
certain aspects of designing and performing audit procedures that 
involve technology-assisted analysis. Commenters generally supported 
the objective of improving audit quality and enhancing investor 
protection by clarifying and strengthening requirements in AS 1105 and 
AS 2301 related to certain aspects of designing and performing audit 
procedures that involve technology-assisted analysis. In adopting the 
final amendments, the Board took into account the comments received.
    The amendments further specify and clarify certain auditor 
responsibilities that are described in AS 1105 and AS 2301. The 
amendments are focused on addressing certain aspects of technology-
assisted analysis, not specific matters relating to other technology 
applications used in audits (e.g., blockchain or artificial 
intelligence) or the evaluation of the appropriateness of tools under 
the firm's system of quality control. The amendments are principles-
based and therefore intended to be adaptable to the evolving nature of 
technology. In particular, the amendments:
     Specify considerations for the auditor's investigation of 
items identified when performing tests of details;
     Specify that if the auditor uses an audit procedure for 
more than one purpose, the auditor should achieve each objective of the 
procedure;
     Specify auditor responsibilities for evaluating the 
reliability of external information provided by the company in 
electronic form and used as audit evidence;
     Emphasize the importance of controls over information 
technology;
     Clarify the description of a ``test of details'';
     Emphasize the importance of appropriate disaggregation or 
detail of information to the relevance of audit evidence; and
     Update certain terminology in AS 1105 to reflect the 
greater availability of information in electronic form and improve the 
consistency of the use of such terminology throughout the standard.
    The amendments will apply to all audits conducted under PCAOB 
standards. Subject to approval by the SEC, the amendments will take 
effect for audits of financial statements for fiscal years beginning on 
or after December 15, 2025.
    See Exhibit 3 for additional discussion of the purpose of this 
project.
(b) Statutory Basis
    The statutory basis for the proposed rules is Title I of the Act.

B. Board's Statement on Burden on Competition

    Not applicable. The Board's consideration of the economic impacts 
of the proposed rules is discussed in section D below.

C. Board's Statement on Comments on the Proposed Rules Received From 
Members, Participants or Others

    The Board initially released the proposed rules for public comment 
in PCAOB Release No. 2023-004 (June 26, 2023). The Board received 21 
written comment letters relating to its initial proposed rules. See 
Exhibits 2(a)(B) and 2(a)(C). The Board has carefully considered all 
comments received. The Board's response to the comments it received, 
and the changes it made to the rules in response to the comments 
received, are discussed below.
Background
    In 2010, the Board adopted auditing standards related to the 
auditor's assessment of and response to risk (the ``risk assessment 
standards''), including AS 1105 and AS 2301. Although the risk 
assessment standards were designed to apply to audits when auditors use 
information technology, the use of information in electronic form \1\ 
and the
---------------------------------------------------------------------------

    \1\ In this document, the term ``information in electronic 
form'' encompasses items in electronic form that are described in 
PCAOB standards using terms such as ``information,'' ``data,'' 
``documents,'' ``records,'' ``accounting records,'' and ``company's 
financial records.''

---------------------------------------------------------------------------

[[Page 54924]]

use of technology-based tools \2\ by companies and their auditors to 
analyze such information has expanded significantly since these 
standards were adopted.
---------------------------------------------------------------------------

    \2\ In this release, the term ``tool'' refers to specialized 
software that is used on audit engagements to examine, sort, filter, 
and analyze transactions and information used as audit evidence or 
which otherwise generates information that aids auditor judgment in 
the performance of audit procedures. Spreadsheet software itself 
without specific programming is not inherently a tool, but a 
spreadsheet may be built to perform the functions of a tool 
(examining, sorting, filtering, etc.), in which case it is included 
within the scope of this term. The PCAOB staff's analysis was 
limited to tools classified or described by the firms as data 
analytic tools. Tools may be either purchased by a firm or developed 
by a firm.
---------------------------------------------------------------------------

    In light of the increased use of technology by companies and 
auditors, in 2017 the Board began a research project to assess the need 
for guidance, changes to PCAOB standards, or other regulatory 
actions.\3\ Through this research the Board found that auditors have 
expanded their use of certain technology-based tools, including tools 
used to perform technology-assisted analysis (as described above, also 
referred to in practice as ``data analytics'' or ``data analysis'' 
\4\), to plan and perform audits. While the Board's research indicated 
that auditors are using technology-assisted analysis to obtain audit 
evidence, it also indicated that existing PCAOB standards could address 
more specifically certain aspects of designing and performing audit 
procedures that involve technology-assisted analysis. Consequently, 
under existing standards, there is a greater risk that when using 
technology-assisted analysis in designing and performing audit 
procedures, auditors may fail to obtain sufficient appropriate evidence 
in the audit.
---------------------------------------------------------------------------

    \3\ See PCAOB's Data and Technology research project, available 
at https://pcaobus.org/oversight/standards/standard-setting-research-projects/data-technology.
    \4\ In this release, the terms ``data analysis'' or ``data 
analytics'' are used synonymously.
---------------------------------------------------------------------------

    The amendments in this release are intended to improve audit 
quality through principles-based requirements that apply to all audits 
conducted under PCAOB standards. They are designed to decrease the 
likelihood that an auditor who performs audit procedures using 
technology-assisted analysis will issue an auditor's report without 
obtaining sufficient appropriate audit evidence that provides a 
reasonable basis for the opinion expressed in the report. The remainder 
of this section of the release provides an overview of the rulemaking 
history, existing requirements, and current practice. In addition, it 
discusses reasons to improve the existing standards.
Rulemaking History
    In June 2023, the Board proposed to amend AS 1105 and AS 2301 to 
address aspects of designing and performing audit procedures that 
involve technology-assisted analysis and that the Board's research 
indicated are not specified in existing PCAOB standards.\5\ The 
proposed amendments were informed by the staff's research regarding 
auditors' use of technology, as described above.
---------------------------------------------------------------------------

    \5\ Proposed Amendments Related to Aspects of Designing and 
Performing Audit Procedures that Involve Technology-Assisted 
Analysis of Information in Electronic Form, PCAOB Rel. No. 2023-004 
(June 26, 2023) (``proposal'' or ``proposing release'').
---------------------------------------------------------------------------

    The proposed amendments: (i) specified considerations for the 
auditor's investigation of items that meet criteria established by the 
auditor when designing or performing substantive audit procedures; (ii) 
specified that if an auditor uses audit evidence from an audit 
procedure for more than one purpose the procedure needs to be designed 
and performed to achieve each of the relevant objectives; (iii) 
provided additional details regarding auditor responsibilities for 
evaluating the reliability of external information maintained by the 
company in electronic form and used as audit evidence; (iv) clarified 
the differences between ``tests of details'' and ``analytical 
procedures,'' and emphasized the importance of appropriate 
disaggregation or detail of information to the relevance of audit 
evidence; and (v) updated certain terminology in AS 1105 to reflect the 
greater availability of information in electronic form and improve the 
consistency of the use of such terminology throughout the standard.
    The Board received 21 comment letters on the proposal. Commenters 
included an investor-related group, registered public accounting firms 
(``firms''), firm-related groups, academics, and others. The Board 
considered all comments in developing the final amendments, and 
specific comments are discussed in the analysis that follows. 
Commenters generally supported the Board's efforts to modernize the 
auditing standards to specifically address certain aspects of designing 
and performing audit procedures that involve technology-assisted 
analysis, and some commenters offered suggestions to improve and 
clarify the proposed amendments.
Existing Requirements
    The final amendments modify certain requirements of PCAOB standards 
relating to audit evidence and responses to risk (AS 1105 and AS 2301). 
AS 1105 explains what constitutes audit evidence and establishes 
requirements regarding designing and performing audit procedures to 
obtain sufficient appropriate audit evidence. AS 2301 establishes 
requirements regarding designing and implementing appropriate responses 
to identified and assessed risks of material misstatement.
    The following discussion provides a high-level overview of the 
areas of the PCAOB standards that the amendments address. The 
discussion further below provides additional details regarding the 
specific requirements that the Board amended.
    Classification of Audit Procedures (See Figure 1 below)--Under 
PCAOB standards, audit procedures can be classified into either risk 
assessment procedures or further audit procedures, which consist of 
tests of controls and substantive procedures. Substantive procedures 
include tests of details and substantive analytical procedures.\6\ 
Existing standards provide examples of specific audit procedures \7\ 
and describe what constitutes a substantive analytical procedure,\8\ 
but do not describe what constitutes a test of details. PCAOB standards 
do not preclude the auditor from designing and performing audit 
procedures to accomplish more than one purpose. The purpose of an audit 
procedure determines whether it is a risk assessment procedure, test of 
controls, or substantive procedure.\9\
---------------------------------------------------------------------------

    \6\ See AS 1105.13.
    \7\ See AS 1105.15-.21.
    \8\ See AS 2305, Substantive Analytical Procedures.
    \9\ See AS 1105.14.
---------------------------------------------------------------------------

Figure 1. Classification of Audit Procedures

BILLING CODE 8011-01-P

[[Page 54925]]

[GRAPHIC] [TIFF OMITTED] TN02JY24.000

BILLING CODE 8011-01-C
    Items Identified for Investigation in a Test of Details--Designing 
substantive tests of details and tests of controls includes determining 
the means of selecting items for testing. Under existing standards, the 
alternative means of selecting items for testing include selecting 
specific items, selecting a sample that is expected to be 
representative of the population (i.e., audit sampling), or selecting 
all items. The auditor may decide to select for testing specific items 
within a population because they are important to accomplishing the 
objective of the audit procedure or because they exhibit some other 
characteristic.\10\ Existing PCAOB standards specify the auditor's 
responsibilities for planning, performing, and evaluating an audit 
sample,\11\ but do not specify the auditor's responsibilities for 
addressing items identified when performing a test of details on 
specific items, or all items, within a population.
---------------------------------------------------------------------------

    \10\ See AS 1105.22-.27.
    \11\ See AS 2315, Audit Sampling.
---------------------------------------------------------------------------

    Relevance and Reliability of Audit Evidence--Under PCAOB standards, 
audit evidence is all the information, whether obtained from audit 
procedures or other sources, that is used by the auditor in arriving at 
the conclusions on which the auditor's opinion is based.\12\ PCAOB 
standards require the auditor to plan and perform audit procedures to 
obtain sufficient appropriate audit evidence to provide a reasonable 
basis for their audit opinion. Sufficiency is the measure of the 
quantity of audit evidence, and appropriateness is the measure of its 
quality. To be appropriate, audit evidence must be both relevant and 
reliable in providing support for the auditor's conclusions.\13\
---------------------------------------------------------------------------

    \12\ See AS 1105.02.
    \13\ See AS 1105.04-.06.

---------------------------------------------------------------------------

[[Page 54926]]

    The relevance of audit evidence depends on the design and timing of 
the audit procedure. The reliability of audit evidence depends on the 
nature and source of the evidence and the circumstances under which it 
is obtained, such as whether the information is provided to the auditor 
by the company being audited and whether the company's controls over 
that information are effective.\14\ In addition, when using information 
produced by the company as audit evidence, the auditor is responsible 
for evaluating whether the information is sufficient and appropriate 
for purposes of the audit.\15\ Existing PCAOB standards do not specify 
auditor responsibilities regarding information the company received 
from one or more external sources and provided in electronic form to 
the auditor to use as audit evidence.
---------------------------------------------------------------------------

    \14\ See AS 1105.07-.08.
    \15\ See AS 1105.10.
---------------------------------------------------------------------------

Current Practice
    The Board's research indicated that audit procedures involving 
technology-assisted analysis are an important component of many audits. 
The use of technology-assisted analysis has expanded over the last 
decade as more accounting firms, including smaller firms, incorporate 
such analysis as part of their audit procedures. However, the 
investment in and use of technology-assisted analysis vary across 
registered firms and across individual audit engagements within a 
firm.\16\
---------------------------------------------------------------------------

    \16\ See also further discussion below.
---------------------------------------------------------------------------

    The greater availability of both information in electronic form and 
technology-based tools to analyze such information has contributed 
significantly to the increase in the use of technology-assisted 
analysis by auditors. More companies use enterprise resource planning 
(``ERP'') and other information systems that maintain large volumes of 
information in electronic form, including information generated 
internally by the company and information that the company receives 
from external sources. Significant volumes of this information are 
available to auditors for use in performing audit procedures.
    Powerful technology-based tools that process and analyze large 
volumes of information have become more readily available to auditors. 
As a result, auditors sometimes apply technology-assisted analysis to 
the entire population of transactions within one or more financial 
statement accounts or disclosures. The Board's research indicated that 
auditors primarily use technology-assisted analysis to identify and 
assess risks of material misstatement. Technology-assisted analysis 
enables the auditor to identify new risks or to refine the assessment 
of known risks. For example, by analyzing a full population of revenue 
transactions, an auditor may identify certain components of the revenue 
account as subject to higher risks or may identify new risks of 
material misstatement associated with sales to a particular customer or 
in a particular location.
    Increasingly, some auditors also have been using technology-
assisted analysis in audit procedures that respond to assessed risks of 
material misstatement, including in substantive procedures. For 
example, such analysis has been used to test the details of all items 
in a population, assist the auditor in selecting specific items for 
testing based on auditor-developed criteria, or identify items for 
further investigation when performing a test of details. The staff has 
observed that auditors' use of technology-assisted analysis occurs 
mostly in the testing of revenue and related receivable accounts, 
inventory, journal entries, expected credit losses, and 
investments.\17\ As discussed below, some auditors use audit evidence 
obtained from such analysis to achieve more than one purpose.
---------------------------------------------------------------------------

    \17\ See PCAOB, Spotlight: Staff Update and Preview of 2021 
Inspection Observations (Dec. 2022), at 15, available at https://pcaob-assets.azureedge.net/pcaob-dev/docs/default-source/documents/staff-preview-2021-inspection-observations-spotlight.pdf?sfvrsn=d2590627_2/.
---------------------------------------------------------------------------

    Audit methodologies of several firms affiliated with global 
networks address the use of technology-assisted analysis by the firms' 
audit engagement teams. For example, the methodologies specify audit 
engagement teams' responsibilities for: (i) designing and performing 
audit procedures that involve technology-assisted analysis (e.g., 
determining whether an audit procedure is a substantive procedure); 
(ii) evaluating analysis results (e.g., whether identified items 
indicate misstatements or whether performing additional procedures is 
necessary to obtain sufficient appropriate audit evidence); and (iii) 
evaluating the relevance and reliability of information used in the 
analysis.
    Commenters on the proposal generally agreed with the description of 
the current audit practice and the auditor's use of technology-assisted 
analysis. One of these commenters noted that, in addition, auditors can 
also use technology-assisted analysis to help understand a company's 
flow of transactions, especially given increases in the number and 
complexities of a company's information systems.
Reasons To Improve the Auditing Standards
    The amendments in this release are intended to improve audit 
quality through principles-based requirements that apply to all audits.
1. Areas of Improvement
    The amendments are designed to decrease the likelihood that an 
auditor who performs audit procedures using technology-assisted 
analysis will issue an auditor's report without obtaining sufficient 
appropriate audit evidence that provides a reasonable basis for the 
opinion expressed in the report. Observations from the PCAOB's Data and 
Technology research project indicate that some auditors are using 
technology-assisted analysis in audit procedures whereas others may be 
reluctant to do so due to perceived regulatory uncertainty. The 
research further suggests that clarifications to PCAOB standards could 
more specifically address certain aspects of designing and performing 
audit procedures that involve technology-assisted analysis. The Board's 
Investor Advisory Group has also noted that auditors' use of 
technology-assisted analysis is an area of concern due to auditors' 
potential overreliance on company-produced information, and that 
addressing the use of such analysis in the standards could be 
beneficial.\18\
---------------------------------------------------------------------------

    \18\ See Proposing Release at 12 for additional discussion of 
investors' concerns.
---------------------------------------------------------------------------

    Using technology-assisted analysis may enhance the effectiveness of 
audit procedures. For example, analyzing larger volumes of information 
and in more depth may better inform the auditor's risk assessment by 
providing different perspectives, providing more information when 
assessing risks, and exposing previously unidentified relationships 
that may reveal new risks. At the same time, inappropriate application 
of PCAOB standards when designing and performing audit procedures that 
involve technology-assisted analysis has the potential to compromise 
the quality of audits where the procedures are used. For example, PCAOB 
oversight activities have found instances of noncompliance with PCAOB 
standards related to evaluating the relevance and reliability of 
company-provided information and evaluating certain items identified in 
audit procedures involving technology-assisted analysis.\19\
---------------------------------------------------------------------------

    \19\ See, e.g., PCAOB, Spotlight: Staff Update and Preview of 
2020 Inspection Observations (Oct. 2021), at 9, PCAOB, Spotlight: 
Staff Update and Preview of 2021 Inspection Observations (Dec. 
2022), at 15, and PCAOB, Spotlight: Staff Update and Preview of 2022 
Inspection Observations (July 2023), at 12, available at https://pcaobus.org/resources/staff-publications.

---------------------------------------------------------------------------

[[Page 54927]]

    The amendments to existing PCAOB standards in this release address 
aspects of designing and performing audit procedures that involve 
technology-assisted analysis where the Board identified the need for 
additional specificity or clarity in the existing standards.\20\ These 
aspects include areas where PCAOB oversight activities have identified 
instances of noncompliance with PCAOB standards and areas where 
auditors have raised questions during the Board's research regarding 
the applicability of PCAOB standards to the use of technology-assisted 
analysis. The discussion below describes the amendments in more detail. 
The discussion further below describes alternatives that the Board 
considered.
---------------------------------------------------------------------------

    \20\ Other PCAOB standard-setting projects may address other 
aspects of firms' and auditors' use of technology in performing 
audits. For example, see paragraphs .44h, .47h, and .51 of QC 1000, 
A Firm's System of Quality Control, PCAOB Rel. No. 2024-005 (May 13, 
2024), which discusses a firm's responsibilities related to 
technological resources.
---------------------------------------------------------------------------

2. Comments on the Reasons To Improve
    Commenters generally supported the Board's efforts to modernize its 
auditing standards to specifically address aspects of designing and 
performing audit procedures that involve technology-assisted analysis. 
Several commenters highlighted that auditors' use of technologies, 
including technology-assisted analysis, continues to grow, and one of 
these commenters noted that the proposal is an important step forward 
to address this rapidly changing environment. An investor-related group 
stated that PCAOB standards should directly address auditors' use of 
technology and data, and that the proposed amendments to AS 1105 and AS 
2301 were responsive to their concern about auditor overreliance on 
technology-assisted analysis.
    Commenters also generally supported the principles-based nature of 
the proposed amendments and the Board's decision not to require the use 
of technology-assisted analysis. One commenter, for example, noted that 
audit procedures performed using technology-based tools may not always 
provide sufficient appropriate audit evidence. An investor-related 
group, however, recommended that the Board consider requiring auditors 
to use certain (but unspecified) types of technology-based tools that 
financial research and investment management firms have used to analyze 
financial statements. As discussed further below, requiring the use of 
technology would have been outside the scope of the project. The Board 
retained the principles-based nature of the proposed amendments within 
the final amendments, so that the standards are flexible and can adapt 
to the continued evolution of technology.
    Several commenters stated that the Board should consider the effect 
of auditors' and companies' use of technology more broadly on the 
audit. One commenter stated that technology will need to be an ongoing 
focus for the Board in its standard setting given the evolving nature 
of technology, and that broader change may be needed. This commenter 
also recommended a more holistic standard-setting approach that is 
interconnected with other PCAOB projects. Other commenters stated that 
as technology continues to evolve, the Board should continue to 
research and evaluate the need for standard setting related to other 
types of technology used in the audit, such as artificial intelligence. 
Academics emphasized the need for the PCAOB to be forward-thinking to 
regulate in this area.
    As the Board stated in the proposal, these amendments address only 
one area of auditors' use of technology--certain aspects of designing 
and performing audit procedures that involve technology-assisted 
analysis. Other areas continue to be analyzed as part of the Board's 
ongoing research activities. In addition, the Board's Technology 
Innovation Alliance Working Group continues to advise the Board on the 
use of emerging technologies by auditors and preparers relevant to 
audits and their potential impact on audit quality.\21\ These ongoing 
activities may inform future standard-setting projects.
---------------------------------------------------------------------------

    \21\ See PCAOB Technology Innovation Alliance Working Group, 
available at https://pcaobus.org/about/working-groups-task-forces/technology-innovation-alliance-working-group.
---------------------------------------------------------------------------

    Commenters also expressed a need for more guidance and illustrative 
examples. One of these commenters stated that additional explanatory 
materials or separate guidance could help maintain competition among 
firms. Another stated that insights from the PCAOB's research and 
oversight activities would benefit small and mid-sized accounting firms 
in identifying and selecting appropriate tools.
    Throughout this release, where appropriate, the Board has 
incorporated examples and considerations for applying the final 
amendments. The examples and considerations highlight the principles-
based nature of the amendments and emphasize that the nature, timing, 
and extent of the auditor's procedures will depend on the facts and 
circumstances of the audit engagement. In addition, the staff's ongoing 
research activities will continue to evaluate the need for staff 
guidance.
Discussion of the Final Amendments
Specifying Auditor Responsibilities When Performing Tests of Details
    See paragraphs .10 and .48 through .50 of AS 2301 of the 
amendments.
1. Clarifying ``Test of Details''
    The Board proposed to amend AS 1105.13 and .21 to address the 
differences between the terms ``test of details'' and ``analytical 
procedures,'' by clarifying the meaning of the term ``test of 
details.'' The proposed amendments stated that a test of details 
involves performing audit procedures with respect to individual items 
included in an account or disclosure, whereas analytical procedures 
generally do not involve evaluating individual items, unless those 
items are part of the auditor's investigation of significant 
differences from expected amounts. The Board adopted the proposed 
description of a ``test of details'' with certain modifications as 
discussed further below, including relocating the description from AS 
1105 to new paragraph .48 in AS 2301.
    Under PCAOB standards, the auditor's responses to risks of material 
misstatement involve performing substantive procedures for each 
relevant assertion of each significant account and disclosure, 
regardless of the assessed level of control risk.\22\ Substantive 
procedures under PCAOB standards include tests of details and 
substantive analytical procedures.\23\ Appropriately designing and 
performing an audit procedure to achieve a particular objective is key 
to appropriately addressing the risks assessed by the auditor. For 
significant risks of material misstatement, including fraud risks, the 
auditor is required to perform substantive procedures, including tests 
of details that are specifically responsive to the assessed risk.\24\ 
PCAOB standards also state that it is unlikely that audit evidence 
obtained from substantive analytical procedures alone would be 
sufficient.\25\
---------------------------------------------------------------------------

    \22\ See AS 2301.36.
    \23\ See AS 1105.13.b(2).
    \24\ See AS 2301.11 and .13 (specifying the auditor's 
responsibilities for responses to significant risks, which include 
fraud risks).
    \25\ See AS 2305.09.

---------------------------------------------------------------------------

[[Page 54928]]

    As discussed in the proposal, the use of ``data analytics'' or 
``data analysis'' in practice and the use of the term ``analytical 
procedures'' in PCAOB standards have led to questions about whether an 
audit procedure involving technology-assisted analysis can be a test of 
details (i.e., not an analytical procedure as described under PCAOB 
standards). The distinction is important because of the requirement in 
PCAOB standards that the auditor perform tests of details when 
responding to an assessed significant risk of material misstatement. 
Relying on analytical procedures alone to address an assessed 
significant risk is not sufficient.
    Commenters on this topic supported clarifying the meaning of tests 
of details and that tests of details involve performing audit 
procedures at an individual item level. However, several commenters 
stated that with technology-assisted analysis, aspects of a substantive 
analytical procedure may also be performed at an individual item level. 
Some commenters provided examples where the auditor uses a technology-
assisted analysis to develop an expectation of recorded amounts for 
individual items in an account and aggregates the individual amounts to 
compare to the aggregated amount recorded by the company.
    One commenter suggested clarifying the term ``individual items'' 
given the varying forms and level of disaggregation of data obtained 
for analysis by the auditor. This commenter suggested further 
clarifying that consideration be given to the objective of the audit 
procedure, the nature of the procedure to be applied, and the evidence 
necessary to meet the objective of the audit procedure. Another 
commenter sought additional information related to circumstances where 
a procedure would not be considered a test of details because it was 
not applied to individual items in an account.
    Some commenters, mostly firms, expressed a preference that the 
standards not compare tests of details to analytical procedures. For 
example:
     A firm-related group stated that the proposed 
clarification was unnecessarily nuanced.
     Another commenter stated that the proposed description of 
analytical procedures as compared to tests of details was not accurate 
and could cause confusion.
     Other commenters stated that analytical procedures are 
clearly defined in PCAOB standards and are well understood by auditors, 
and that comparing tests of details to analytical procedures is 
unnecessary.
     Some commenters suggested evaluating the proposed 
amendments together with the Board's standard-setting project to 
address substantive analytical procedures.
    Other commenters stated that technology-assisted analysis continues 
to make classification of procedures between tests of details and 
analytical procedures more challenging because some procedures may 
exhibit characteristics of both types of procedures. These commenters 
suggested that the auditing standards focus on the sufficiency and 
appropriateness of evidence obtained from an audit procedure instead of 
clarifying the terminology of tests of details and analytical 
procedures. Some commenters also stated that the development of an 
expectation differentiates an analytical procedure from a test of 
details.
    Having considered the comments received, the Board made several 
changes to the proposed description of a ``test of details.'' The final 
amendments state that a test of details involves performing audit 
procedures with respect to items included in an account or disclosure 
(e.g., the date, amount, or contractual terms of a transaction). When 
performing a test of details, the auditor should apply audit procedures 
that are appropriate to the particular audit objectives to each item 
selected for testing.
    First, the Board relocated the description of a ``test of details'' 
and related requirements to a new section of AS 2301, in new paragraph 
.48. The Board believes that describing a test of details within AS 
2301 is appropriate because tests of details are performed as 
substantive procedures to address assessed risks of material 
misstatement. The description uses the term ``items included in an 
account or disclosure'' instead of ``individual items.'' The change in 
terminology was made to more closely align with the description of 
items selected for testing in existing AS 1105.22-.23.
    Second, the Board revised the amendment to clarify that when 
performing a test of details, the auditor should apply the audit 
procedures that are appropriate to the particular audit objectives to 
each item selected for testing. This provision focuses the auditor on 
the objectives of the audit procedures being performed and is 
consistent with existing requirements for audit sampling.\26\ The Board 
believes that an emphasis on the objectives of the audit procedures, 
regardless of the means of selecting items for testing in the test of 
details, continues to be important and is aligned with the final 
amendments to AS 1105.14 (using an audit procedure for more than one 
purpose), which are discussed below in this release.\27\
---------------------------------------------------------------------------

    \26\ See AS 2315.25.
    \27\ See discussion below.
---------------------------------------------------------------------------

    Lastly, the final amendments do not compare tests of details to 
analytical procedures, and the Board did not amend the existing 
description of analytical procedures in AS 1105.21. Because of the 
overlap between the description of analytical procedures and 
substantive analytical procedures, further potential amendments to the 
description of analytical procedures are being considered as part of 
the Board's standard-setting project to address substantive analytical 
procedures.\28\ In addition, comments the Board received related to the 
auditor's use of substantive analytical procedures were taken into 
consideration in that project.
---------------------------------------------------------------------------

    \28\ The Board has a separate standard-setting project on its 
short-term standard-setting agenda (https://pcaobus.org/oversight/standards/standard-setting-research-projects) related to substantive 
analytical procedures. In connection with that project, the Board 
has proposed changes to the auditor's responsibilities regarding the 
use of substantive analytical procedures, including the requirements 
described in AS 2305 and AS 1105. See Proposed Auditing Standard--
Designing and Performing Substantive Analytical Procedures and 
Amendments to Other PCAOB Standards, PCAOB Rel. No. 2024-006 (June 
12, 2024) (included in PCAOB Rulemaking Docket No. 56).
---------------------------------------------------------------------------

    The final amendments are not intended to define ``items included in 
an account or disclosure'' because such a definition is impractical 
given the variety of accounts and disclosures subject to tests of 
details. The auditor would determine the level of disaggregation or 
detail of the items within the account or disclosure based on the facts 
and circumstances of the audit engagement, including the assessed risk 
and the relevant assertion intended to be addressed, and the objective 
of the procedure.
    In addition, the Board considered the comments suggesting that the 
amendments focus on the sufficiency and appropriateness of evidence 
obtained from performing audit procedures instead of describing 
categories of procedures. Considering current practice and the nature 
of audit procedures performed currently, the Board continues to believe 
that the existing standards are sufficiently clear in describing 
auditors' responsibilities for obtaining and evaluating audit evidence. 
The Board's ongoing research has not identified specific examples of 
substantive analytical procedures that, by themselves, would provide 
sufficient appropriate audit evidence to respond

[[Page 54929]]

to a significant risk. Commenters also did not provide such examples. 
Therefore, the Board believes retaining the categories of procedures as 
tests of details and substantive analytical procedures continues to be 
appropriate.
2. Specifying Auditor Responsibilities When Investigating Items 
Identified
    The Board proposed to add a new paragraph .37A to AS 2301 that 
specified matters for the auditor to consider when investigating items 
identified through using criteria established by the auditor in 
designing or performing substantive procedures on all or part of a 
population of items. Under the proposed paragraph, when the auditor 
establishes and uses criteria to identify items for further 
investigation, as part of designing or performing substantive 
procedures, the auditor's investigation should consider whether the 
identified items:
     Provide audit evidence that contradicts the evidence upon 
which the original risk assessment was based;
     Indicate a previously unidentified risk of material 
misstatement;
     Represent a misstatement or indicate a deficiency in the 
design or operating effectiveness of a control; or
     Otherwise indicate a need to modify the auditor's risk 
assessment or planned audit procedures.
    The proposed requirement included a note providing that inquiry of 
management may assist the auditor and that the auditor should obtain 
audit evidence to evaluate the appropriateness of management's 
responses.
    The Board adopted the proposed provisions with certain 
modifications as discussed further below, including relocating the 
requirements from proposed paragraph .37A to new paragraphs .49 and .50 
in AS 2301. The Board also made a conforming amendment to paragraph .10 
of AS 2301 to include a reference to paragraphs .48 through .50.
    As discussed above, designing substantive tests of details and 
tests of controls includes determining the means of selecting items for 
testing. The alternative means of selecting items for testing consist 
of selecting all items; selecting specific items; and audit sampling. 
As discussed in the proposal, the Board's research has indicated that 
auditors use technology-assisted analysis to identify specific items 
within a population (e.g., an account or class of transactions) for 
further investigation. For example, auditors may identify all revenue 
transactions above a certain amount, transactions processed by certain 
individuals, or transactions where the shipping date does not match the 
date of the invoice. Because technology-assisted analysis may enable 
the auditor to examine all items in a population, it is possible that 
the analysis may return dozens or even hundreds of items within the 
population that meet one or more criteria established by the auditor.
    Considering current practice, the Board stated in the proposal that 
PCAOB standards should be modified to address the auditor's 
responsibilities in such scenarios more directly. The auditor's 
appropriate investigation of identified items is important both for 
identifying and assessing the risks of material misstatement and for 
designing and implementing appropriate responses to the identified 
risks.
    Commenters were supportive of the principles-based nature of the 
proposed amendment and agreed with the Board's decision not to 
prescribe the nature, timing, or extent of investigation procedures. 
However, commenters also asked for further clarification, guidance, and 
examples to address different scenarios that the auditor encounters 
when 100 percent of a population is tested, given that certain 
requirements in proposed AS 2301.37A exist in the standards today. Some 
commenters said it was unclear how proposed AS 2301.37A was different 
from requirements in existing standards related to the auditor's 
ongoing risk assessment, and the auditor's responsibility to revise 
their risk assessment under certain scenarios and to evaluate the 
results of audit procedures. Several commenters noted that existing 
standards address auditors' responsibilities when investigating items 
under certain scenarios. These commenters observed, for example, that 
AS 2110, Identifying and Assessing Risks of Material Misstatement, 
applies when the auditor uses technology-assisted analysis to identify 
and assess risks of material misstatement, and AS 2110.74 and AS 
2301.46 apply when the items identified by the auditor when using 
technology-assisted analysis indicate a new risk of misstatement or a 
need to modify the auditor's risk assessment. One commenter asked 
whether identifying items for further investigation was intended to 
describe only scenarios where specific items are selected for testing.
    One commenter noted that the proposed amendment implied that 
technology-assisted analysis could be used only for purposes of risk 
assessment or selecting specific items for testing. Another commenter 
stated that it is important for the auditor's investigation of items to 
include determining whether there is a control deficiency.
    Several commenters asked that the Board clarify whether sampling 
can be applied to items identified for investigation or whether the 
auditor is expected to test 100 percent of the identified items. Some 
commenters also asked the Board to clarify whether the evidence 
obtained would be considered sufficient and appropriate, or if the 
auditor would be required to perform further procedures, in situations 
where a technology-assisted analysis over an entire population (e.g., 
matching quantities invoiced to quantities shipped) did not identify 
any items for investigation. One commenter recommended that the 
amendments be extended to address the auditor's responsibilities over 
other items in the population not identified for investigation. Two 
commenters asked the Board to clarify how the proposed amendment and 
existing standard would apply when the technology-assisted analysis is 
modified after the original analysis is complete.
    Consistent with the proposal, the final requirements are 
principles-based and intended to be applied to all means of selecting 
items for a test of details (e.g., selecting all items, selecting 
specific items, and audit sampling). The Board continues to believe 
that appropriately addressing the items identified by the auditor for 
further investigation in a test of details is an important part of 
obtaining sufficient appropriate audit evidence, because these items 
individually or in the aggregate may indicate misstatements or 
deficiencies in the design or operating effectiveness of a control. In 
response to comments received, the final amendments reflect several 
modifications from the proposal.
    First, the Board reframed the requirements to focus on the 
auditor's investigation of items when performing a test of details as 
part of the auditor's response to assessed risks. The Board narrowed 
the requirement to apply only to tests of details because, as 
commenters noted, existing PCAOB standards describe the auditor's 
responsibility to investigate items identified when performing 
substantive analytical procedures.\29\ In addition, the Board did not 
repeat the considerations related to the auditor's risk assessment that 
are required under existing PCAOB standards as described above. The 
Board believes these changes alleviate potential confusion about how 
the

[[Page 54930]]

requirements are intended to be applied. The Board also removed the 
proposed note requiring the auditor to obtain audit evidence when 
evaluating the appropriateness of management's responses to inquiries, 
because existing PCAOB standards already address this point by noting 
that inquiry alone does not provide sufficient appropriate evidence to 
support a conclusion about a relevant assertion.\30\
---------------------------------------------------------------------------

    \29\ See AS 2305.20-.21 (providing that the auditor should 
evaluate significant unexpected differences when performing a 
substantive analytical procedure). See also PCAOB Rel. No. 2024-006 
(proposing amendments to AS 2305).
    \30\ See AS 1105.17 and AS 2301.39.
---------------------------------------------------------------------------

    Second, the requirements have been relocated into two new 
paragraphs (.49 and .50) in AS 2301, which are designed to work 
together. Paragraph .49 applies to all tests of details, regardless of 
the means of selecting items used by the auditor. The requirement 
states that when performing a test of details, the auditor may identify 
items for further investigation. For example, an auditor may identify 
balances or transactions that contain, or do not contain, a certain 
characteristic or that are valued outside of a range. The final 
amendment emphasizes that when such items are identified, audit 
procedures that the auditor performs to investigate the identified 
items are part of the auditor's response to the risks of material 
misstatement. The auditor determines the nature, timing, and extent of 
such procedures in accordance with PCAOB standards. The final amendment 
also provides that the auditor's investigation of the identified items 
should include determining whether the items individually or in the 
aggregate indicate (i) misstatements that should be evaluated in 
accordance with AS 2810 or (ii) deficiencies in the company's internal 
control over financial reporting.
    When the auditor identifies items for further investigation in a 
test of details, the final amendment does not prescribe the nature, 
timing, and extent of audit procedures to be performed regarding the 
identified items, including whether those procedures are performed on 
the items individually or in the aggregate. Prescribing specific 
procedures would be impracticable considering the multitude of possible 
scenarios encountered in practice. The nature of the identified items 
and likely sources of potential misstatements are examples of factors 
that would inform the auditor's approach. To comply with PCAOB 
standards, the nature, timing, and extent of the audit procedures 
performed, including the means of selecting items, should enable the 
auditor to obtain evidence that, in combination with other relevant 
evidence, is sufficient to meet the objective of the test of details.
    In some cases, an auditor may be able to group the identified items 
(e.g., items with a common characteristic) and perform additional audit 
procedures to determine whether the items indicate misstatements or 
control deficiencies by group.\31\ In other cases, it may not be 
appropriate to group the items identified for investigation.\32\ 
Further, the auditor's investigation could also identify new relevant 
information (e.g., regarding the types of potential misstatements) and 
the auditor may need to modify the audit response.
---------------------------------------------------------------------------

    \31\ For example, in a test of revenue, the auditor may discover 
that the identified differences between customer invoices and 
payments are caused by variations in the exchange rate, but such 
differences are both in accordance with the terms of the customer 
contracts and appropriately accounted for by the company. In this 
example, grouping the differences for the purpose of performing 
additional procedures may be appropriate.
    \32\ For example, in circumstances where the identified items 
are unrelated to each other, it may not be appropriate for the 
auditor to group these items for the purpose of performing 
additional procedures.
---------------------------------------------------------------------------

    When a test of details is performed on specific items selected by 
the auditor,\33\ the final amendments discuss the auditor's 
responsibilities for addressing the remaining items in the population. 
When the auditor selects specific items in an account or disclosure for 
testing, new paragraph .50 provides that the auditor should determine 
whether there is a reasonable possibility that remaining items within 
the account or disclosure include a misstatement that, individually or 
when aggregated with others, would have a material effect on the 
financial statements.\34\ If the auditor determines that there is a 
reasonable possibility of such a risk of material misstatement in the 
items not selected for testing, the auditor should perform substantive 
procedures that address the assessed risk.\35\ As discussed in the 
proposing release, the auditor's responsibilities over other items in 
the population are described in existing PCAOB standards, and the final 
requirement (AS 2301.50) reminds the auditor of those responsibilities.
---------------------------------------------------------------------------

    \33\ See AS 1105.25-.27.
    \34\ See AS 2110.
    \35\ See AS 2301.08 and .36.
---------------------------------------------------------------------------

    The final amendments do not specify, as suggested by some 
commenters, whether the evidence obtained would be considered 
sufficient and appropriate, or whether the auditor would be required to 
perform further procedures, in situations where a technology-assisted 
analysis over an entire population did not identify any items for 
investigation. Because facts and circumstances vary, it is not possible 
to specify scenarios that would provide sufficient appropriate audit 
evidence. Consistent with existing standards, for an individual 
assertion, different types and combinations of substantive procedures 
might be necessary to detect material misstatements in the respective 
assertions.\36\ For example, in addition to performing a technology-
assisted analysis of company-produced information to match quantities 
invoiced to quantities shipped, other audit procedures, such as 
examining a sample of information that the company received from 
external sources (e.g., purchase orders and cash receipts), may be 
necessary to obtain sufficient appropriate audit evidence for the 
relevant assertion. The auditor would be required to document the 
purpose, objectives, evidence obtained, and conclusions reached from 
the procedures in accordance with the existing provisions of AS 1215, 
Audit Documentation.\37\
---------------------------------------------------------------------------

    \36\ See AS 2301.40.
    \37\ See AS 1215.04-.06.
---------------------------------------------------------------------------

Specifying Auditor Responsibilities When Using an Audit Procedure for 
More Than One Purpose
    See paragraph .14 of AS 1105 of the amendments.
    The Board proposed to amend paragraph .14 of AS 1105 by adding a 
sentence to specify that if an auditor uses audit evidence from an 
audit procedure for more than one purpose, the auditor should design 
and perform the procedure to achieve each of the relevant objectives of 
the procedure.
    The proposed amendment was intended to supplement existing PCAOB 
standards because the Board's research indicated that: (i) technology-
assisted analysis could be used in a variety of audit procedures, 
including risk assessment and further audit procedures (such as tests 
of details and substantive analytical procedures); (ii) an audit 
procedure that involves technology-assisted analysis may provide 
relevant and reliable evidence for more than one purpose (e.g., 
identifying and assessing risks of material misstatement and addressing 
assessed risks); and (iii) questions have been raised about whether the 
evidence obtained from an audit procedure that involves technology-
assisted analysis can be used for more than one purpose. The Board 
adopted the amendment substantially as proposed, with certain 
modifications to clarify and simplify the sentence, as discussed below. 
As amended, the sentence added to paragraph .14 provides that ``[i]f 
the auditor uses an audit procedure for more than one

[[Page 54931]]

purpose, the auditor should achieve each objective of the procedure.''
    Under existing PCAOB standards, the purpose of an audit procedure 
determines whether it is a risk assessment procedure, test of controls, 
or substantive procedure.\38\ Although AS 1105 describes specific audit 
procedures, it does not specify whether an audit procedure may be 
designed to achieve more than one purpose; nor does it preclude the 
auditor from designing and performing multi-purpose audit 
procedures.\39\ In fact, other PCAOB standards have long permitted 
auditors to use audit evidence for more than one purpose through the 
performance of properly designed ``dual-purpose'' procedures in certain 
scenarios.\40\
---------------------------------------------------------------------------

    \38\ See AS 1105.14.
    \39\ This interpretation was highlighted in a 2020 PCAOB staff 
publication. See PCAOB, Spotlight: Data and Technology Research 
Project Update (May 2020), at 4, available at https://pcaobus.org/Documents/Data-Technology-Project-Spotlight.pdf.
    \40\ See, e.g., AS 2110.39 (``The auditor may obtain an 
understanding of internal control concurrently with performing tests 
of controls if he or she obtains sufficient appropriate evidence to 
achieve the objectives of both procedures'') and AS 2301.47 
(discussing performance of a substantive test of a transaction 
concurrently with a test of a control relevant to that transaction 
(a ``dual-purpose test'')).
---------------------------------------------------------------------------

    Considering the variety of applications of technology-assisted 
analysis throughout the audit, the Board stated in the proposal that 
PCAOB standards could be modified to more specifically address when an 
auditor uses audit evidence from an audit procedure for more than one 
purpose, to facilitate the auditor's design and performance of audit 
procedures that provide sufficient appropriate audit evidence. The 
proposal explained that audit procedures involving technology-assisted 
analysis are not always multi-purpose procedures. For example, a 
technology-assisted analysis that is used to analyze a population of 
revenue transactions to identify significant new products may provide 
audit evidence only to assist the auditor with identifying and 
assessing risks (a risk assessment procedure). But if the procedure 
also involves obtaining audit evidence to address the risk of material 
misstatement associated with the occurrence of revenue, the procedure 
would be a multi-purpose procedure.
    Commenters, including an investor-related group, supported the 
objective of the amendment to specify the auditor's responsibilities 
when using audit evidence for more than one purpose. One commenter 
stated that the proposed amendment appears to prohibit an auditor from 
using audit evidence obtained later in the audit. In that commenter's 
view, the amendment implied that the auditor must intend to use the 
audit procedure for more than one purpose, which could be viewed as 
contradicting the principle that risk assessment should continue 
throughout the audit.
    Several commenters stated that the proposed amendment implied that, 
for an auditor to use audit evidence for more than one purpose, the 
auditor would need to know all of the purposes initially when designing 
the procedure. These commenters added that audit procedures that use 
technology-assisted analysis can be more iterative in nature and may 
not be designed for all the purposes that they ultimately fulfill 
through the nature of the evidence they generate. For example, one 
commenter noted that when using technology-assisted analysis to 
substantively test a population of transactions, the auditor may 
identify a sub-population of transactions that exhibit different 
characteristics than the rest of the population and use that 
information to modify the risk assessment of the sub-population. 
Another commenter noted that an audit procedure may be designed as a 
risk assessment procedure, but the technology-assisted analysis may 
provide audit evidence for assertions about classes of transactions or 
account balances or other evidence regarding the completeness and 
accuracy of information produced by the company used in the performance 
of other audit procedures. These commenters suggested that the 
amendment be revised by focusing on evaluating the audit evidence 
obtained from the procedure.
    The proposed amendment was not intended to imply that the auditor 
should not evaluate or consider information obtained from an audit 
procedure that the auditor was not aware of when initially designing 
the procedure or that the auditor obtains after a procedure is 
completed. As noted in the proposal, an auditor may use audit evidence 
from an audit procedure that involves technology-assisted analysis to 
achieve one or more objectives, depending on the facts and 
circumstances of the company and the audit. Further, the auditor would 
be required to consider and evaluate such information under existing 
PCAOB standards. For example, as one commenter noted, existing AS 1105 
states that audit evidence is all the information, whether obtained 
from audit procedures or other sources, that is used by the auditor in 
arriving at the conclusions on which the auditor's opinion is 
based.\41\ Another commenter observed that existing PCAOB standards 
provide that the auditor's assessment of the risks of material 
misstatement, including fraud risks, continues throughout the 
audit.\42\
---------------------------------------------------------------------------

    \41\ See AS 1105.02.
    \42\ See, e.g., AS 2110.74 and AS 2301.46.
---------------------------------------------------------------------------

    The Board continues to believe that in order for an auditor to use 
an audit procedure for more than one purpose (i.e., as more than a risk 
assessment procedure, test of controls, or substantive procedure 
alone), the auditor would need to determine that each of the objectives 
of the procedure has been achieved. Therefore, after considering the 
comments received, the Board retained the requirement but removed the 
reference to ``design and perform the procedure.'' The auditor's 
responsibilities for designing and performing procedures are already 
addressed in AS 2110 and AS 2301. Therefore, the final amendment to 
paragraph .14 of AS 1105 states that ``[i]f the auditor uses an audit 
procedure for more than one purpose, the auditor should achieve each 
objective of the procedure.''
    As noted in the proposal, the purpose, objective, and results of 
multi-purpose procedures should be clearly documented. Under existing 
PCAOB standards, audit documentation must contain sufficient 
information to enable an experienced auditor, having no previous 
connection with the engagement, to understand the nature, timing, 
extent, and results of the procedures performed, evidence obtained, and 
conclusions reached.\43\ Accordingly, audit documentation should make 
clear each purpose of the multi-purpose procedure, the results of the 
procedure, the evidence obtained, the conclusions reached, and how the 
auditor achieved each objective of the procedure.
---------------------------------------------------------------------------

    \43\ See AS 1215.04-.06.
---------------------------------------------------------------------------

    Commenters were supportive of acknowledging the auditor's 
documentation responsibilities when using audit evidence for more than 
one purpose. An investor-related group commented that the audit 
planning documentation should support how each procedure will achieve 
each objective and that the audit work papers should document that the 
work performed achieved each objective. Another commenter also 
concurred with the notion that the purpose, objective, and results of 
multi-purpose procedures should be clearly documented. One commenter 
noted it was unclear whether there are any incremental

[[Page 54932]]

documentation expectations in comparison to current practice.
    Under PCAOB standards, audit documentation should be prepared in 
sufficient detail to provide a clear understanding of its purpose, 
source, and the conclusions reached.\44\ This applies also for 
procedures performed that involve technology-assisted analysis. 
Therefore, the Board believes that specifying further documentation 
requirements is unnecessary.
---------------------------------------------------------------------------

    \44\ See AS 1215.04.
---------------------------------------------------------------------------

    Some commenters suggested that the Board provide an example of 
using audit evidence from an audit procedure to achieve more than one 
purpose, including two commenters suggesting an example similar to 
examples issued by the American Institute of Certified Public 
Accountants (``AICPA'').\45\ Given the evolving nature of the auditor's 
use of technology, the Board did not include a specific example in the 
text of the final amendments to AS 1105.14. The proposing release, 
however, discussed an example where a technology-assisted analysis of 
accounts related to the procurement process could both: (i) provide the 
auditor with insights into the volume of payments made to new vendors 
(e.g., a risk assessment procedure to identify new or different risks); 
and (ii) match approved purchase orders to invoices received and 
payments made for each item within a population (e.g., a test of 
details to address an assessed risk associated with the occurrence of 
expenses and obligations of liabilities).\46\ The Board believes this 
example illustrates how auditors would apply the principles-based 
amendments consistently. If the procedure performed does not achieve 
each of the intended objectives, other procedures would need to be 
performed (e.g., other substantive procedures to address assessed risks 
of material misstatement).
---------------------------------------------------------------------------

    \45\ Examples referenced by commenters included examples issued 
by the AICPA in AU-C 500, Audit Evidence.
    \46\ See Proposing Release at 19.
---------------------------------------------------------------------------

    Lastly, two commenters suggested that the Board clarify that the 
specific audit procedures discussed in AS 1105.14 are not an all-
inclusive list, to allow for the use of additional types of procedures, 
or combination of procedures, in the future as technology evolves. The 
Board believes the existing language is sufficiently clear because it 
does not indicate that the specific audit procedures described in the 
standard are the only types of audit procedures the auditor can 
perform.
Specifying Auditor Responsibilities for Evaluating the Reliability of 
Certain Audit Evidence and Emphasizing the Importance of Appropriate 
Disaggregation or Detail of Information
    See paragraphs .07, .08, .10, .10A, .15, .19, and .A8 of AS 1105 of 
the amendments.
1. Evaluating the Reliability of External Information Provided by the 
Company in Electronic Form
    The Board proposed to add paragraph .10A to AS 1105 to specify the 
auditor's responsibility for performing procedures to evaluate the 
reliability of external information maintained by the company in 
electronic form when using such information as audit evidence. The 
proposed paragraph provided that the auditor should evaluate whether 
such information is reliable for purposes of the audit by performing 
procedures to: (a) obtain an understanding of the source of the 
information and the company's procedures by which such information is 
received, recorded, maintained, and processed in the company's 
information systems; and (b) test controls (including information 
technology general controls and automated application controls) over 
the company's procedures or test the company's procedures.
    The Board adopted the amendments substantially as proposed with 
certain modifications discussed below. The Board also made a conforming 
amendment to footnote 5 of paragraph .A8 of AS 1105 to include a 
reference to paragraph .10A.
    The Board noted in the proposal that, based on its research, 
auditors often obtain from companies, and use in the performance of 
audit procedures, information in electronic form. In many instances, 
companies have obtained the information from one or more external 
sources. PCAOB standards do not include specific requirements regarding 
information received by the company from external sources, maintained, 
and in many instances processed by the company, and then included in 
the information provided to the auditor in electronic form to be used 
as audit evidence.\47\ Because this information is maintained and 
potentially can be modified by the company, the Board proposed to amend 
its standards to address this risk to the reliability of audit evidence 
that the auditor obtains through using this type of information.
---------------------------------------------------------------------------

    \47\ For example, the company may receive information from a 
customer in the form of a purchase order and provide that 
information to the auditor in electronic form.
---------------------------------------------------------------------------

    Commenters on this topic, including an investor-related group, 
supported the Board's objective of addressing the risks that 
information the company receives from one or more external sources and 
provides to the auditor in electronic form to use as audit evidence may 
not be reliable and may have been modified by the company. However, 
several commenters also stated that further clarification of the 
requirements was needed:
     Some commenters asked for clarification about the 
information the company received from one or more external sources and 
``maintained in its information systems'' in electronic form. A few of 
those commenters also asked whether the use of ``its information 
systems'' was intended to be the same as the ``information system 
relevant to financial reporting'' in AS 2110.\48\ Several commenters 
suggested clarifying the proposed examples of the types of information 
subject to these requirements that were included in the proposed 
footnote to AS 1105.10A and providing more specific examples, such as a 
bank statement in PDF format.
---------------------------------------------------------------------------

    \48\ See AS 2110.28.
---------------------------------------------------------------------------

     One commenter noted that the proposed amendment may not 
clarify the difference between maintaining the reliability of the 
external information received by the company and what the company does 
with that information after it is received. The commenter noted that 
after external information has been received, it is often recorded into 
the company's information system where it is moved, processed, and 
changed to the point that it is no longer considered external 
information, but rather information produced by the company and subject 
to transactional processes and controls. Another commenter stated that 
the requirements should not focus on accuracy and completeness because 
the information is provided to the company from an external source.
     A number of commenters stated that the proposed amendment, 
specifically the requirement in AS 1105.10A to test controls over 
procedures or test the company's procedures themselves, implied that 
the auditor had to test the effectiveness of internal controls in order 
for the information to be determined to be reliable. Many of these 
commenters asked for clarification of the distinction between testing 
the company's controls and testing the company's procedures. One 
commenter noted that certain smaller and mid-sized companies may not 
have implemented controls that can be tested. Some commenters added 
that,

[[Page 54933]]

because the proposed amendments did not include ``where applicable'' 
related to information technology general controls (``ITGCs'') and 
automated application controls, the proposed amendments implied that 
ITGCs and automated application controls always needed to be tested and 
effective. Several of these commenters also provided examples of 
scenarios where ITGCs and automated application controls may not need 
to be tested, such as controls that reconcile information in the 
company's information systems to the information the company received 
from the external source. Commenters also asked whether information 
from an external source provided by the company can be tested directly 
(i.e., not testing a company's controls) and stated that it would be 
helpful to clarify expectations of the auditor's work effort when 
evaluating the reliability of such information.
     One commenter indicated that it was unclear how the 
requirements of footnote 3 of AS 1105.10 and proposed AS 1105.10A 
interrelate when using information produced by a service organization. 
Footnote 3 of AS 1105 refers the auditor to responsibilities under AS 
2601, Consideration of an Entity's Use of a Service Organization, and 
in an integrated audit, AS 2201, An Audit of Internal Control Over 
Financial Reporting That Is Integrated with An Audit of Financial 
Statements, when using information produced by a service organization 
as audit evidence.
     An investor-related group commented that, in addition to 
the requirements for the auditor to evaluate the reliability of 
external information provided by the company in electronic form, the 
auditor should also be required to evaluate the reliability of digital 
information maintained outside the company and used by the auditor as 
audit evidence. Another commenter suggested that the auditor's 
requirements should also address information obtained directly by the 
auditor from external sources.
    In consideration of comments received, the Board made several 
modifications to the final amendments, which are described in more 
detail below. The final amendment (paragraph .10A) provides that the 
auditor should evaluate whether external information provided by the 
company in electronic form and used as audit evidence is reliable by:
    a. Obtaining an understanding of (i) the source from which the 
company received the information; and (ii) the company's process by 
which the information was received, maintained, and, where applicable, 
processed, which includes understanding the nature of any modifications 
made to the information before it was provided to the auditor; and
    b. Testing the information to determine whether it has been 
modified by the company and evaluating the effect of those 
modifications; or testing controls over receiving, maintaining, and 
processing the information (including, where applicable, information 
technology general controls and automated application controls).
    As discussed above, the proposed amendments described auditor 
responsibilities related to evaluating the reliability of information 
in electronic form provided by the company to the auditor that the 
company received from external sources. Examples of such information 
include, but are not limited to, bank statements, customer order 
information, information related to cash receipts, and shipping 
information from third-party carriers provided to the auditor in 
electronic form.
    The Board believes that a principles-based description of the 
information subject to the requirement that does not list specific 
types of information, as suggested by some commenters, is in the best 
interest of audit quality and investor protection. This approach is 
adaptable to evolving sources and forms of electronic information, 
considering continued advancements in technology. The Board has 
clarified the final amendment by removing the reference to ``maintained 
in the company's information systems,'' which confused some commenters. 
The use of this term in the proposal was intended to refer broadly to 
information in electronic form within a company that the company could 
provide to the auditor.
    The Board has revised subparagraph (a) of the final amendment to 
replace the term ``company's procedures'' with ``company's process.'' 
In the proposal the Board used ``company's procedures'' to align with 
AS 2110.28(b), which describes the company's procedures to initiate, 
authorize, process, and record transactions. However, the Board 
believes use of the ``company's process'' is more consistent with AS 
2110.30 and .31, which describe the company's business processes that 
the auditor is required to understand. The Board also believe that 
using ``company's process'' clarifies that the intent of the 
requirement is to understand the flow of the information from the time 
the company received it from the external source until the company 
provided it to the auditor. Additional refinements made to this 
requirement include (i) removing the word ``recorded'' because 
receiving, processing, and maintaining data would encompass recording 
it; and (ii) adding ``where applicable'' to address examples provided 
by commenters where companies receive information from external sources 
that may be maintained only--and not processed--by the company.
    The Board also made revisions to clarify that, as part of 
understanding how the information received from external sources is 
processed by the company, the auditor should obtain an understanding of 
the nature of any modifications made to the information. This revision 
focuses the auditor on identifying the circumstances where the 
information may have been modified or changed by the company.
    The Board did not intend to imply that internal controls are 
required to be tested and effective in order for the auditor to be able 
to determine that external information is reliable for purposes of the 
audit, as suggested by some commenters. Rather, the proposed amendment 
was meant to (i) clarify the auditor's responsibility for performing 
procedures to evaluate the reliability of audit evidence; and (ii) 
address the risk that the company may have modified the external 
information prior to providing it to the auditor for use as audit 
evidence.
    The Board revised the final amendment in subparagraph (b) to 
require that the auditor (i) test the information to determine whether 
it has been modified by the company and evaluate the effect of those 
modifications; or (ii) test controls over receiving, maintaining, and 
where applicable, processing the information. As discussed in the 
proposing release, the auditor may determine the information has been 
modified by the company by either comparing the information provided to 
the auditor to (i) the information the company received from the 
external source; or (ii) information obtained directly by the auditor 
from external sources. Some commenters referred to comparing the 
information provided by the company to the information the company 
received from the external source, as testing the information 
``directly'' for reliability.
    For example, the auditor may obtain customer purchase order 
information from the company's information systems and compare this 
information to the original purchase order submitted by the customer to 
determine whether any modifications were made by the company. In 
another example, the auditor may obtain interest rate information from 
the company's information systems and compare it to the original 
information from the U.S. Department of Treasury. Under the final

[[Page 54934]]

amendments, if the auditor determines modifications were made by the 
company, the auditor would have to evaluate the effect of the 
modifications on the reliability of the information. For example, the 
auditor may determine that certain modifications (e.g., formatting of 
the date of a transaction from the European date format to the U.S. 
date format) have not affected the reliability of the information. 
Conversely, the auditor may determine that inadvertent or intentional 
deletions, or improper alterations of key data elements by the company 
(e.g., customer details, transaction amount, product quantity) have 
negatively affected the reliability of information.
    Finally, the Board further clarified the amendment to indicate that 
if the auditor chooses to test controls instead of testing the 
information as described above, the auditor should test controls over 
the receiving, maintaining, and where applicable, processing of the 
information that are relevant to the auditor's evaluation of whether 
the information is reliable for purposes of the audit. This aligns with 
the Board's intent in the proposal that described testing controls over 
the company's procedures. Controls over processing the information 
would include internal controls over any modifications made by the 
company to the information.
    Several commenters noted that in instances where controls over the 
information are ineffective, or are not implemented or formalized, the 
auditor may need to perform procedures other than testing internal 
controls to determine the reliability of the information provided by 
the company. In response to these comments, the Board believes it is 
important to remind auditors that PCAOB standards already address 
circumstances when the auditor encounters ineffective controls, or 
controls that are not implemented or formalized. It is important for 
the auditor to also understand the implications of such findings on the 
nature, timing, and extent of procedures that the auditor needs to 
perform in accordance with PCAOB standards.\49\
---------------------------------------------------------------------------

    \49\ See, e.g., AS 1105.08, AS 2110.25 and .B1-.B6, and AS 
2301.32-.34.
---------------------------------------------------------------------------

    The Board also considered the comments related to specifying 
requirements for the auditor to evaluate the reliability of external 
information obtained directly by the auditor from external sources, 
which would include digital information maintained outside the company 
and used as audit evidence. Under existing standards, audit evidence 
must be reliable, and its reliability depends on the nature and the 
source of the evidence and the circumstances under which it is 
obtained.\50\ In light of the existing requirements within AS 1105, the 
Board believes that the auditor's responsibilities to evaluate the 
reliability of information obtained from external sources are 
sufficiently clear and that further amendments to address information 
obtained by the auditor directly from external sources are not 
necessary. In addition, the Board considered but decided not to address 
in this project auditors' responsibilities related to using information 
produced by a service organization as audit evidence.\51\
---------------------------------------------------------------------------

    \50\ See AS 1105.06 and AS 1105.08. See also PCAOB, Staff 
Guidance--Insights for Auditors Evaluating the Relevance and 
Reliability of Audit Evidence Obtained From External Sources (Oct. 
2021), available at https://assets.pcaobus.org/pcaob-dev/docs/default-source/standards/documents/evaluating-relevance-and-reliability-of-audit-evidence-obtained-from-external-sources.pdf?sfvrsn=48b638b_6.
    \51\ See AS 2601 for the auditor's requirements related to the 
use of a service organization. The Board has a separate standard-
setting project on its mid-term standard-setting agenda (https://pcaobus.org/oversight/standards/standard-setting-research-projects) 
related to the use of a service organization, which may result in 
changes to AS 2601 and the auditor's responsibilities regarding the 
use of a service organization.
---------------------------------------------------------------------------

    Further, as discussed below, the Board's proposed amendment was 
intended to highlight the importance of controls over information 
technology. The Board considered the comments received, and the final 
amendment clarifies that ITGCs and automated application controls 
should be tested where applicable (e.g., where controls are selected 
for testing or where a significant amount of information supporting one 
or more relevant assertions is electronically initiated, recorded, 
processed, or reported).\52\ The Board believes testing ITGCs and 
automated application controls is important to mitigate the risk that 
the information provided by the company in electronic form is not 
reliable. In some cases, the auditor may already be testing the 
relevant ITGCs and automated application controls, while in other cases 
the auditor may need to test additional controls.
---------------------------------------------------------------------------

    \52\ See, e.g., AS 2301.17.
---------------------------------------------------------------------------

    Consistent with the proposal, the Board did not prescribe the 
nature, timing, or extent of the auditor's procedures to evaluate the 
reliability of the external information. An auditor would design the 
procedures considering the wide variety of types of external 
information received by companies and differences in the processes for 
receiving, maintaining and, where applicable, processing such 
information. Further, the nature, timing, and extent of the auditor's 
procedures would depend on the purpose for which the auditor uses the 
information whose reliability is being evaluated. In general, 
performing audit procedures to address the risks of material 
misstatement involves obtaining more persuasive evidence than in 
performing risk assessment procedures.\53\ Accordingly, evaluating the 
reliability of information used in substantive procedures and tests of 
controls would require more auditor effort than evaluating the 
reliability of information used in risk assessment procedures.
---------------------------------------------------------------------------

    \53\ See generally AS 2301.09(a), .18, and .39.
---------------------------------------------------------------------------

2. Emphasizing the Importance of Controls Over Information Technology
    The Board proposed several amendments to AS 1105 to emphasize the 
importance of controls over information technology for the reliability 
of audit evidence. As noted above, auditors obtain from companies, and 
use in the performance of audit procedures, large volumes of 
information in electronic form. The reliability of such information is 
increased when the company's controls over that information--including, 
where applicable, ITGCs and automated application controls--are 
effective. The Board adopted the amendments to paragraph .10 of AS 1105 
as proposed, and amendments to paragraphs .08 and .15 of AS 1105 
substantially as proposed, with minor modifications as described below.
    Commenters on this topic supported the objective of emphasizing the 
importance of controls over information technology in establishing 
reliability of information used as audit evidence. Several commenters 
opined that the proposed amendments, more specifically the proposed 
amendments to paragraph .15 of AS 1105, implied that internal controls, 
including ITGCs and automated application controls, would need to be 
tested and determined effective in order to determine that the 
information is reliable.
    The proposed amendments were not intended to imply that (i) 
internal controls are required to be tested and effective in order for 
the auditor to be able to determine that information is reliable for 
purposes of the audit; or (ii) testing other relevant controls is less 
important or unnecessary. Rather, the proposed amendments were meant to 
highlight to the auditor that certain information is more reliable when 
internal controls are effective, and where applicable, those internal 
controls include ITGCs and automated

[[Page 54935]]

application controls, which is consistent with existing PCAOB 
standards.\54\ The Board's standards also describe scenarios where the 
sufficiency and appropriateness of the audit evidence usually depends 
on the effectiveness of controls.\55\ The amendments did not change 
these existing principles.
---------------------------------------------------------------------------

    \54\ See existing AS 1105.08.
    \55\ See, e.g., AS 2301.17.
---------------------------------------------------------------------------

    Further, in the proposing release the Board explained that the 
proposed amendments state ``where applicable'' in relation to the 
controls over information technology because information produced by 
the company may also include information that is not in electronic 
form, or information that is subject to manual controls. One commenter 
noted that this explanation was informative and suggested incorporating 
it into the amendments. Another commenter also recommended defining 
``where applicable'' with clear factors or examples of when ITGCs and 
automated application controls would be applicable. Because of the wide 
variety of types and sources of information, and ways in which 
companies use information, it would be impracticable to specify 
scenarios where ITGCs and automated application controls would be 
applicable.
    Having considered the above comments and the Board's intent to 
retain the existing principle in paragraph .08 of AS 1105 that certain 
information is more reliable when controls are effective, the Board 
modified paragraph .15 of AS 1105 within the final amendments to align 
the language with AS 1105.08. In addition, the final amendments to 
paragraph .08 were also aligned with the terminology in paragraph .10A 
of AS 1105 described above.
    Lastly, separate from commenting on the proposed amendments to 
paragraph .08 of AS 1105 discussed above, some commenters suggested 
amendments to modernize the last bullet point of the paragraph, which 
describes that evidence from original documents is more reliable. Three 
commenters asserted that the information may exist in different forms 
(e.g., paper or electronic form) and may be in a format other than a 
document (e.g., unprocessed data). In the views of two of these 
commenters, no physical or original document exists when an electronic 
data transmission from a customer initiates a transaction in a 
company's ERP system. These commenters suggested modernizing the 
language to focus on the original form of the audit evidence and any 
subsequent conversion, copying, or other modifications. The Board 
considered the comments received but did not amend the language because 
the bullet points in paragraph .08 of AS 1105 are intended to be 
examples of factors that may affect the reliability of audit evidence. 
The existing language provides an example of one type of audit 
evidence--original documents that have not been converted, copied, or 
otherwise modified--which is consistent with the principles suggested 
by the commenters.
3. Emphasizing the Importance of Appropriate Disaggregation or Detail 
of Information
    The Board proposed to amend paragraph .07 of AS 1105 to emphasize 
that the relevance of audit evidence depends on the level of 
disaggregation or detail of information necessary to achieve the 
objective of the audit procedure. Whether an auditor performs tests of 
details, substantive analytical procedures, or other tests, technology-
assisted analysis may enable the auditor to analyze large volumes of 
information at various levels of disaggregation (e.g., regional or 
global) or detail (e.g., relevant characteristics of individual items 
such as product type or company division). The appropriate level of 
disaggregation or detail of information that the auditor uses as audit 
evidence is important for obtaining audit evidence that is relevant in 
supporting the auditor's conclusions.\56\ Having considered the 
comments received, the Board adopted the amendment as proposed.
---------------------------------------------------------------------------

    \56\ See, e.g., PCAOB, Staff Guidance--Insights for Auditors 
Evaluating the Relevance and Reliability of Audit Evidence Obtained 
From External Sources (Oct. 2021) at 5, available at https://assets.pcaobus.org/pcaob-dev/docs/default-source/standards/documents/evaluating-relevance-and-reliability-of-audit-evidence-obtained-from-external-sources.pdf?sfvrsn=48b638b_6.
---------------------------------------------------------------------------

    The level of disaggregation or detail that is appropriate depends 
on the objective of the audit procedure. For example, when testing the 
valuation assertion of residential loans that are measured based on the 
fair value of the collateral, disaggregated sales data for residential 
properties by geographic location would likely provide more relevant 
audit evidence than combined sales data for both commercial and 
residential properties by geographic location. In another example, when 
performing a substantive analytical procedure and analyzing the 
plausibility of relationships between revenue and other information 
recorded by the company, using revenue disaggregated by product type 
would likely be more relevant for the auditor's analysis and result in 
obtaining more relevant audit evidence than if the auditor used the 
amount of revenue in the aggregate.
    Commenters on this topic were supportive of the proposed amendment 
and indicated that it aligned with current practice. Some of these 
commenters suggested providing examples, stating that examples would 
help auditors in understanding and applying the amendment. Consistent 
with the proposal, the final amendment does not prescribe an expected 
level of disaggregation or detail, as auditor judgment is needed to 
determine the relevance of information based on the objective of the 
audit procedure.
4. Updating Certain Terminology in AS 1105
    The Board proposed to update certain terminology used to describe 
audit procedures for obtaining audit evidence in AS 1105, without 
changing the meaning of the corresponding requirements. For example, 
considering the greater availability and use of information in 
electronic form, the Board proposed to use the term ``information'' 
instead of the term ``documents and records'' in AS 1105.15 and .19. 
Further, to avoid a misinterpretation that only certain procedures 
could be performed electronically, the Board proposed to remove the 
reference to performing recalculation ``manually or electronically'' in 
AS 1105.19. For consistent terminology, the Board also proposed to 
replace the terms ``generated internally by the company'' in AS 1105.08 
and ``internal'' in AS 1105.15 with the term ``produced by the 
company.'' Having considered the comments received, the Board adopted 
the amendments to paragraphs .08, .15, and .19 of AS 1105 as proposed.
    Commenters on this topic supported the updates to certain 
terminology described above, and stated the updated terminology appears 
clear and appropriate. One commenter suggested modifying the 
terminology in paragraph .19 from ``checking'' to ``testing'' because 
testing more clearly describes an audit procedure that is being 
performed over the mathematical accuracy of information. Having 
considered the comment, the Board retained the existing terminology in 
paragraph .19 of ``checking'' to avoid a potential for confusion with 
test of details.
Effective Date
    The Board determined that the amendments will take effect, subject 
to approval by the SEC, for audits of financial statements for fiscal 
years

[[Page 54936]]

beginning on or after December 15, 2025.
    In the proposing release, the Board sought comment on the amount of 
time auditors would need before the amendments become effective, if 
adopted by the Board and approved by the SEC. The Board proposed an 
effective date for audits with fiscal years ending on or after June 30 
in the year after approval by the SEC.
    Several, mostly larger firms and firm-related groups, supported an 
effective date of audits of financial statements for fiscal years 
beginning on or after December 15 at least one year following SEC 
approval, or for fiscal years ending on or after December 15 at least 
two years following SEC approval. Two commenters supported an effective 
date two years after SEC approval. These commenters indicated that this 
would give firms the necessary time to update firm methodologies, 
tools, and develop and implement training. In addition, several 
commenters highlighted that additional time would be needed because of 
the potential indirect impact on companies, especially if companies 
need to implement or formalize controls or processes around information 
received from one or more external sources, and auditors need to verify 
that the controls have been designed and implemented appropriately. 
Another commenter highlighted that the proposed effective date may be 
too soon to allow auditors to update methodologies, provide appropriate 
training and effectively implement the standards. In addition, multiple 
commenters, mainly accounting firms, suggested that the Board consider 
the effective dates for other standard-setting projects when 
determining the effective date for the amendments.
    The Board appreciates the concerns and preferences expressed by the 
commenters. Having considered the requirements of the final amendments, 
the differences between the amendments and the existing standards, the 
Board's understanding of firms' current practices, and the effective 
dates for other Board rulemaking projects, the Board believes that the 
effective date, subject to SEC approval, for audits of financial 
statements for fiscal years beginning on or after December 15, 2025 
will provide auditors with a reasonable time period to implement the 
final amendments, without unduly delaying the intended benefits 
resulting from these improvements to PCAOB standards, and is consistent 
with the Board's mission to protect investors and further the public 
interest.

D. Economic Considerations and Application to Audits of Emerging Growth 
Companies

Economic Considerations
    The Board is mindful of the economic impacts of its standard 
setting. This section describes the economic baseline, economic need, 
expected economic impacts of the final amendments, and alternative 
approaches considered. There are limited data and research findings 
available to estimate quantitatively the economic impacts of the final 
amendments. Therefore, the Board's economic discussion is largely 
qualitative in nature. However, where reasonable and feasible, the 
analysis incorporates quantitative information, including descriptive 
statistics on the tools that firms use in technology-assisted 
analysis.\57\
---------------------------------------------------------------------------

    \57\ As noted above, this release uses the term ``technology-
assisted analysis'' in reference to the analysis of information in 
electronic form that is performed with the assistance of technology-
based tools. Others, including firms and academics, may refer to 
such analysis as ``data analysis'' or ``data analytics.'' The 
Board's use of ``data analysis'' or ``data analytics'' was intended 
to align with terminology used by the source cited. The terms ``data 
analysis'' or ``data analytics'' should not be confused with the 
term ``analytical procedures'' that is used in PCAOB standards to 
refer to a specific type of audit procedure (see AS 1105.21) that 
may be performed with or without the use of information in 
electronic form or technology-based data analysis tools.
---------------------------------------------------------------------------

Baseline
    The discussion above describes important components of the baseline 
against which the economic impact of the final amendments can be 
considered, including the Board's existing standards, firms' current 
practices, and observations from the Board's oversight activities. The 
discussion below focuses on two additional aspects of current practice 
that informed the Board's understanding of the economic baseline: (i) 
the PCAOB staff's analysis of the tools that auditors use in 
technology-assisted analysis; and (ii) research on auditors' use of 
technology-assisted analysis.
1. Staff Analysis of Tools That Auditors Use in Technology-Assisted 
Analysis
    PCAOB staff reviewed information provided by firms pursuant to the 
PCAOB's oversight activities regarding tools they use in technology-
assisted analysis. The information identifies and describes tools used 
by audit engagement teams. The staff reviewed information provided by 
the U.S. global network firms (``GNFs'') as well as seven U.S. non-
affiliated firms (``NAFs'').\58\ The information was first provided for 
the 2018 inspection year and was available through the 2023 inspection 
year for the GNFs and NAFs analyzed.
---------------------------------------------------------------------------

    \58\ The U.S. GNFs are BDO USA P.C., Deloitte & Touche LLP, 
Ernst & Young LLP, Grant Thornton LLP, KPMG LLP, and 
PricewaterhouseCoopers LLP. U.S. NAF firms include registered firms 
that are not global network firms.
---------------------------------------------------------------------------

    Firms reported using both internally developed and externally 
purchased tools. Some of the externally purchased tools were customized 
by the firms. The nature and number of tools varied across firms, and 
their use varied with the facts and circumstances of specific audit 
engagements. Some firms describe their tools by individual use case or 
functionality based on how the tool has been tailored by the firm 
(e.g., one tool to test accounts receivable and another tool to test 
inventory using the same software program), and other firms describe 
their tools grouped by software program, thus affecting the number of 
unique tools reported by the firms. Some firms consolidated some of 
their tools over time, thus reducing the number of unique tools they 
used, although the number of audit engagements on which tools are used 
has not decreased. For example, instead of having separate tools to 
perform technology-assisted analysis and analytical procedures 
performed as part of the auditor's risk assessment, some firms have 
consolidated both functions into one tool. Firms generally do not 
require the use of such tools on audit engagements.
    The average number of tools used by audit engagement teams, as 
reported to the PCAOB by the U.S. GNFs, increased from approximately 13 
to approximately 18 per firm, or approximately 38%, between 2018 and 
2023. In the 2023 inspection year, U.S. GNFs reported that 90% of their 
tools are used for data visualization, summarization, tabulation, or 
modeling.\59\ All the U.S. GNFs reported using tools to assist in: (i) 
identifying and selecting journal entries; and (ii) selecting samples 
for testing. The U.S. GNFs reported having tools that support both risk 
assessment (e.g., assessing loan risk) and substantive procedures 
(e.g., performing journal entry testing or fair value testing). The 
U.S. GNFs developed approximately 75% of the reported tools in-house 
while the rest were purchased externally. Furthermore, approximately 
18% of the U.S. GNFs' tools used cloud computing. Less than 7% of the 
U.S. GNFs' tools used blockchain technology, artificial intelligence, 
or robotic process automation. All the U.S.

[[Page 54937]]

GNFs' tools used company data and approximately 20% also used third-
party data.
---------------------------------------------------------------------------

    \59\ For example, some firms identified Microsoft Power BI and 
IDEA as tools used for data visualization, summarization, 
tabulation, or modelling.
---------------------------------------------------------------------------

    Compared to U.S. GNFs, the U.S. NAFs within the scope of the PCAOB 
staff's review reported to the PCAOB using fewer tools. In the 2023 
inspection year, on average, the U.S. NAFs reported using approximately 
six tools per firm. For a subset of these firms, the average number of 
tools increased from approximately two tools per firm to approximately 
five tools per firm between 2020 and 2023.\60\ The U.S. NAFs used the 
tools to visualize, summarize, and model data. Some of the U.S. NAFs 
reviewed use third-party software as their data analysis tools and used 
company data (e.g., transactional and journal entry data) as inputs. 
One U.S. NAF firm developed an in-house tool to assist with determining 
the completeness and accuracy of journal entry data used for testing 
journal entries.
---------------------------------------------------------------------------

    \60\ Due to changes in the data collection process and changes 
in firms' status as annually inspected, data is not available for 
all firms in all years. The overall 2023 estimate is based on data 
from seven U.S. NAFs, and the 2020-2023 trend data is based on data 
from five U.S. NAFs.
---------------------------------------------------------------------------

    One commenter asserted that the PCAOB should have information on 
firms' use of technology-based tools, as well as firms' improper use of 
tools, through its oversight activities. Information obtained through 
PCAOB oversight activities regarding firms' use of technology-based 
tools is presented here, and information related to firms' improper use 
of tools is presented above. As described above, the nature and extent 
of the use of technology-based tools in an audit varies by firm and by 
individual audit engagement. The Board's rulemaking has been informed 
by all relevant information as described in this release.
2. Research on Auditors' Use of Technology-Assisted Analysis
    Academic studies regarding the prevalence of technology-based tools 
used to analyze information in electronic form and the impacts of using 
such tools in audits are limited. However, several recent surveys 
provide insights regarding: (i) how auditors have been incorporating 
data analytics into their audit approaches; and (ii) potential 
impediments to auditors' further implementation of data analytics. One 
commenter referenced additional academic research that was not 
originally cited in the proposing release. The Board considered this 
research and included references to articles that are relevant to the 
analysis in this release.\61\
---------------------------------------------------------------------------

    \61\ Several of the referenced papers report the results of 
experiments examining the behavioral factors associated with 
auditors' use of data analytics. These papers consider nuances of 
auditor behavior in specific circumstances that may not be 
generalizable to other settings because the results are based on 
hypothetical, self-reported choices rather than real-world audit 
settings. However, their results may be useful for auditors to 
consider in their use and implementation of technology-assisted 
analysis. See Tongrui Cao, Rong-Ruey Duh, Hun-Tong Tan, and Tu Xu, 
Enhancing Auditors' Reliance on Data Analytics Under Inspection Risk 
Using Fixed and Growth Mindsets, 97 The Accounting Review 131 
(2022). See also Jared Koreff, Are Auditors' Reliance on Conclusions 
from Data Analytics Impacted by Different Data Analytic Inputs?, 36 
Journal of Information Systems 19 (2022). See also Dereck Barr-
Pulliam, Joseph Brazel, Jennifer McCallen, and Kimberly Walker, Data 
Analytics and Skeptical Actions: The Countervailing Effects of False 
Positives and Consistent Rewards for Skepticism, available at SSRN 
3537180 (2023). See also Dereck Barr-Pulliam, Helen L. Brown-Liburd, 
and Kerri-Ann Sanderson, The Effects of the Internal Control Opinion 
and Use of Audit Data Analytics on Perceptions of Audit Quality, 
Assurance, and Auditor Negligence, 41 Auditing: A Journal of 
Practice & Theory 25 (2022).
---------------------------------------------------------------------------

    Regarding incorporating data analytics into audit approaches, the 
surveys indicate that while the use of data analytics presently may not 
be widespread, it is becoming more common in various aspects of the 
audit, primarily risk assessment and, to a lesser extent, substantive 
procedures. For example, a 2017 survey of U.S. auditors reported that 
auditors used data analytics in risk assessment and journal entry 
testing.\62\ Also, a survey of Norwegian auditors, some of whom perform 
audits under PCAOB standards, reported that data analytics were not 
widely used and were used primarily as supplementary evidence. In this 
survey, the respondents indicated that data analytics were used 
primarily in risk assessment and various types of substantive 
procedures, including analytical procedures.\63\ A 2018 to 2019 survey 
of auditors in certain larger New Zealand firms reported that auditors 
are more frequently encountering accessible, large company data sets 
(i.e., data sets from the companies under audit). The respondents 
reported that third-party tools to process the data are increasingly 
available and allow auditors with less expertise in data analytics to 
make effective use of data.\64\ A 2020 Australian study that focused on 
big data analytics found that the use of big data analytics has reduced 
auditor time spent on manual-intensive tasks and increased time 
available for tasks requiring critical thinking and key judgments.\65\ 
A 2023 Canadian study that also focused on big data analytics found 
that big data analytics improves financial reporting quality.\66\
---------------------------------------------------------------------------

    \62\ See Ashley A. Austin, Tina D. Carpenter, Margaret H. 
Christ, and Christy S. Nielson, The Data Analytics Journey: 
Interactions Among Auditors, Managers, Regulation, and Technology, 
38 Contemporary Accounting Research 1888 (2021). The survey also 
states:
    [A]uditors report that they strategically leverage data 
analytics to provide clients with business-related insights. 
However, regulators voice concerns that this pratice might impair 
auditor independence and reduce audit quality.
    The final amendments are not intended to suggest that when using 
technology-assisted analysis in an audit, auditors do not need to 
comply with PCAOB independence standards and rules, and the 
independence rules of the SEC. Auditors are still expected to comply 
with these standards and rules when uing tehnology-asisted analysis 
on an audit engagement.
    \63\ See Aasmund Eilifsen, Finn Kinserdal, William F. Messier, 
Jr., and Thomas E. McKee, An Exploratory Study into the Use of Audit 
Data Analytics on Audit Engagements, 34 Accounting Horizons 75 
(2020). The survey appears to have been performed around 2017-2018.
    \64\ See Angela Liew, Peter Boxall, and Denny Setiawan, The 
Transformation to Data Analytics in Big-Four Financial Audit: What, 
Why and How?, 34 Pacific Accounting Review 569 (2022).
    \65\ See Michael Kend and Lan Anh Nguyen, Big Data Analytics and 
Other Emerging Technologies: The Impact on the Australian Audit and 
Assurance Profession, 30 Australian Accounting Review 269 (2020).
    \66\ See Isam Saleh, Yahya Marei, Maha Ayoush, and Malik Muneer 
Abu Afifa, Big Data Analytics and Financial Reporting Quality: 
Qualitative Evidence from Canada, 21 Journal of Financial Reporting 
and Accounting 83 (2023).
---------------------------------------------------------------------------

    Earlier surveys reported qualitatively similar, though less 
prevalent, use of data analytics. For example, a 2016 survey of 
Canadian firms reported that 63% and 39% of respondents from large 
firms and small to mid-sized firms, respectively, had used data 
analytics, most commonly in the risk assessment and substantive 
procedures phases. Both groups reported that data analytics were used 
to provide corroborative evidence for assertions about classes of 
transactions for the period under audit. However, only smaller and mid-
sized firms reported that data analytics were also used to provide 
primary evidence for assertions about classes of transactions for the 
period under audit and account balances at period end. Furthermore, 
only larger firms reported that data analytics were also used to 
provide corroborative evidence for assertions about account balances at 
period end.\67\
---------------------------------------------------------------------------

    \67\ See CPA Canada, Audit Data Analytics Alert: Survey on Use 
of Audit Data Analytics in Canada (Sept. 2017) at 7, Exhibit 4 and 
10, Exhibit 7.
---------------------------------------------------------------------------

    A survey of 2015 year-end audits performed by U.K. firms reported 
that the use of data analytics was not as prevalent as the market might 
expect, with the most common application being journal entry 
testing.\68\ A 2015

[[Page 54938]]

survey of U.K. and EU auditors found that data analytics were being 
used in both risk assessment procedures and to perform certain specific 
audit procedures (e.g., recalculation).\69\ Finally, a 2014 survey of 
U.S. auditors reported that they often use information technology to 
perform risk assessment, analytical procedures, sampling, internal 
control evaluations, and internal control documentation. The 
respondents identified moderate use of data analytics in the context of 
client administrative or practice management.\70\
---------------------------------------------------------------------------

    \68\ See Financial Reporting Council, Audit Quality Thematic 
Review: The Use of Data Analytics in the Audit of Financial 
Statements (Jan. 30, 2017) at 11.
    \69\ See George Salijeni, Anna Samsonova-Taddei, and Stuart 
Turley, Big Data and Changes in Audit Technology: Contemplating a 
Research Agenda, 49 Accounting and Business Research 95 (2019).
    \70\ See D. Jordan Lowe, James L. Bierstaker, Diane J. Janvrin, 
and J. Gregory Jenkins, Information Technology in an Audit Context: 
Have the Big 4 Lost Their Advantage?, 32 Journal of Information 
Systems 87 (2018). The authors do not define the term ``data 
analytics,'' and they present it as an application of information 
technology in the audit distinct from other audit planning and audit 
testing applications. However, the Board believes it is likely that 
some of the applications of information technology reported in the 
study would be impacted by the amendments and hence provide relevant 
baseline information.
---------------------------------------------------------------------------

    Regarding potential impediments to the implementation of data 
analytics, surveys indicate that some firms are reluctant to implement 
data analytics in their audit approach due to perceived regulatory 
risks. For example, one survey found that auditors were cautious about 
implementing data analytics due to a lack of explicit regulation. 
Respondents reported performing both tests of details that do not 
involve data analytics and those that do involve data analytics in 
audits under PCAOB standards.\71\ Another survey found that auditors 
did not require the use of advanced data analytic tools partly due to 
uncertainty regarding how regulatory authorities would perceive the 
quality of the audit evidence produced. However, the respondents tended 
to agree that both standard setters and the auditing standards 
themselves allow information obtained from data analytics to be used as 
audit evidence.\72\ A different survey found that some auditors were 
reluctant to implement data analytics because the auditing standards do 
not specifically address them.\73\ These survey findings are consistent 
with other surveys that find auditors structure their audit approaches 
to manage regulatory risks arising from inspections, including risks 
associated with compliance with PCAOB standards.\74\ One commenter on 
the proposed amendments cited a study which noted that ``uncertainty 
about regulators' response and acceptance of emerging technologies can 
hinder its [emerging technology's] adoption.'' \75\ However, by 
contrast, another survey found that the audit regulatory environment 
was not commonly cited by respondents as an impediment to the use of 
data analytics.\76\
---------------------------------------------------------------------------

    \71\ See Austin et al., The Data Analytics Journey 1910. For 
similar findings, see also Liew et al., The Transformation 579-580.
    \72\ See Eilifsen et al., An Exploratory Study. For similar 
findings, see also Felix Krieger, Paul Drews, and Patrick Velte, 
Explaining the (Non-) Adoption of Advanced Data Analytics in 
Auditing: A Process Theory, 41 International Journal of Accounting 
Information Systems 1 (2021).
    \73\ See Salijeni et al., Big Data 110.
    \74\ See Kimberly D. Westermann, Jeffrey Cohen, and Greg 
Trompeter, PCAOB Inspections: Public Accounting Firms on ``Trial,'' 
36 Contemporary Accounting Research 694 (2019). See also Lindsay M. 
Johnson, Marsha B. Keune, and Jennifer Winchel, U.S. Auditors' 
Perceptions of the PCAOB Inspection Process: A Behavioral 
Examination, 36 Contemporary Accounting Research 1540 (2019).
    \75\ See Dereck Barr[hyphen]Pulliam, Helen L. 
Brown[hyphen]Liburd, and Ivy Munoko, The Effects of 
Person[hyphen]Specific, Task, and Environmental Factors on Digital 
Transformation and Innovation in Auditing: A Review of the 
Literature, 33 Journal of International Financial Management & 
Accounting 337 (2022). This literature review focuses on emerging 
technologies broadly. Accordingly, much of the research it discusses 
is not directly relevant to the baseline for these amendments. 
However, several of the studies it cites are relevant and have 
already been discussed in this subsection, for example, Austin et 
al., The Data Analytics Journey.
    \76\ See CPA Canada, Audit Data Analytics, at Exhibit 10.
---------------------------------------------------------------------------

    Overall, the research suggests that auditors' use of technology-
assisted analysis in designing and performing audit procedures is 
becoming increasingly prevalent. Some commenters also acknowledged that 
the use of technology-assisted analysis is becoming more prevalent. An 
investor-related group provided examples of expanded use of technology 
by both companies and audit firms, including the use of large, 
searchable databases and the development of tools for analyzing large 
volumes of data. This provides a baseline for considering the potential 
impacts of the final amendments. The research also suggests that some 
auditors perceive regulatory risks when implementing data analytics. 
Some commenters acknowledged that regulatory uncertainty has been a 
factor in firms' hesitance to use technology-assisted analysis. This 
provides evidence of a potential problem that standard setting may 
address.
Need
    Low-quality audits can occur for a number of reasons, including the 
following two reasons. First, the company under audit, investors, and 
other financial statement users cannot easily observe the procedures 
performed by the auditor, and thus the quality of the audit. This leads 
to a risk that, unbeknownst to the company under audit, investors, or 
other financial statement users, the auditor may perform a low-quality 
audit.\77\
---------------------------------------------------------------------------

    \77\ See, e.g., Monika Causholli and W. Robert Knechel, An 
Examination of the Credence Attributes of an Audit, 26 Accounting 
Horizons 631, 632 (2012):
    During the audit process, the auditor is responsible or making 
decisions concerning risk assessment, total effort, labor 
allocation, and the timing and extent of audit procedures that will 
be implemented to reduce the residual risk of material 
misstatements. As a non-expert, the auditee may not be able to judge 
the appropriateness of such decisions. Moreover, the auditee may not 
be able to ascertain the extent to which the risk of material 
misstatement has been reduced even after the audit is completed. 
Thus, information asymmetry exists between the auditee and the 
auditor, the benefit of which acrues to the auditor. If such is the 
case, the auditor may have incentives to: under-audit, or expend 
less audit effort than is required to reduce the uncertainty about 
misstatements in the auditee's financial statements to the level 
that is appropriate for the auditee.
---------------------------------------------------------------------------

    Second, the federal securities laws require that an issuer retain 
an auditor for the purpose of preparing or issuing an audit report. 
While the appointment, compensation, and oversight of the work of the 
registered public accounting firm conducting the audit is, under 
Sarbanes-Oxley, entrusted to the issuer's audit committee,\78\ there is 
nonetheless a risk that the auditor may seek to satisfy the interests 
of the company under audit rather than the interests of investors and 
other financial statement users.\79\ This could arise, for example, 
through audit committee identification with the company or its 
management (e.g., for compensation) or through management influence 
over the audit committee's supervision of the auditor, resulting in a 
de facto principal-agent relationship between the company and the 
auditor.\80\ Effective auditing standards help address these risks by 
explicitly assigning responsibilities to the auditor that, if executed 
properly, are expected to result in high-quality audits that satisfy 
the interests of

[[Page 54939]]

audited companies, investors, and other financial statement users.
---------------------------------------------------------------------------

    \78\ See section 301 of Sarbanes-Oxley, 15 U.S.C 78f(m) (also 
requiring that the firm ``report directly to the audit committee''). 
As an additional safeguard, the auditor is also required to be 
independent of the audit client. See 17 CFR 210.2-01.
    \79\ See, e.g., Joshua Ronen, Corporate Audits and How to Fix 
Them, 24 Journal of Economic Perspectives 189 (2010).
    \80\ See id.; see also, e.g., Liesbeth Bruynseels and Eddy 
Cardinaels, The Audit Committee: Management Watchdog or Personal 
Friend of the CEO?, 89 The Accounting Review 113 (2014); Cory A. 
Cassell, Linda A. Myers, Roy Schmardebeck, and Jian Zhou, The 
Monitoring Effectiveness of Co-Opted Audit Committees, 35 
Contemporary Accounting Research 1732 (2018); Nathan R. Berglund, 
Michelle Draeger, and Mikhail Sterin, Management's Undue Influence 
over Audit Committee Members: Evidence from Auditor Reporting and 
Opinion Shopping, 41 Auditing: A Journal of Practice & Theory 49 
(2022).
---------------------------------------------------------------------------

    Economic theory suggests that technology is integral to the 
auditor's production function--i.e., the quantities of capital and 
labor needed to produce a given level of audit quality. As technology 
evolves, so do the quantities of capital and labor needed to produce a 
given level of audit quality.\81\ Auditing standards that do not 
appropriately accommodate the evolution of technology may therefore 
inadvertently deter or insufficiently facilitate improvements to the 
audit approach. Risk-averse auditors may be especially cautious about 
incorporating significant new technological developments into their 
audit approaches because they may be either unfamiliar with the 
technology or unsure whether a new audit approach would comply with the 
PCAOB's auditing standards. On the other hand, auditing standards that 
are too accommodative (e.g., by not adequately addressing the 
reliability of information used in a technology-based analysis) may not 
sufficiently address potential risks to audit quality arising from new 
audit approaches.
---------------------------------------------------------------------------

    \81\ See Gregory N. Mankiw, Principles of Economics (6th ed. 
2008) at 76 (discussing how technology shifts the supply curve).
---------------------------------------------------------------------------

    As described above, since 2010, when the PCAOB released a suite of 
auditing standards related to the auditor's assessment of and response 
to risk, two key technological developments have occurred. First, ERP 
systems that structure and house large volumes of information in 
electronic form have become more prevalent among companies. For 
example, one study reports that the global ERP market size increased by 
60% between 2006 and 2012.\82\ As a result, auditors have greater 
access to large volumes of company-produced and third-party information 
in electronic form that may potentially serve as audit evidence. 
Second, the use of more sophisticated data analysis tools has become 
more prevalent among auditors.\83\ As noted above, the PCAOB staff's 
analysis of the tools that firms use in technology-assisted analysis 
indicated that the number of such tools used by U.S. GNFs in audits 
increased by 38% between 2018 and 2023.\84\ One commenter noted that 
the advancement of analytical tools has increased auditor capabilities 
in data preparation and data validation.
---------------------------------------------------------------------------

    \82\ See Adelin Trusculescu, Anca Draghici, and Claudiu Tiberiu 
Albulescu, Key Metrics and Key Drivers in the Valuation of Public 
Enterprise Resource Planning Companies, 64 Procedia Computer Science 
917 (2015).
    \83\ This may be caused in part by a decrease in the quality-
adjusted cost of software (i.e., the cost of software holding 
quality fixed). For example, see U.S. Bureau of Economic Analysis, 
``Table 5.6.4. Price Indexes for Private Fixed Investment in 
Intellectual Property Products by Type'' available at https://apps.bea.gov/iTable/?reqid=19&step=3&isuri=1&nipa_table_list=330&categories=survey&_gl=1*k50itr*_ga*MTMyMjk5NTAzMS4xNzA5ODQ0OTEx*_ga_J4698JNNFT*MTcwOTg0NDkxMS4xLjAuMTcwOTg0NDkxMS42MC4wLjA (accessed June 3, 2024) (indicating 
that the price index for capital formation in software by the 
business sector has decreased by approximately 12% between 2010 and 
2022). In preparing its price indices, the U.S. Bureau of Economic 
Analysis attempts to control for changes in product quality over 
time. Improvements to product quality may have contributed to some 
increase in the cost of software, including some of the software 
that can process large volumes of data.
    \84\ See discussion above. See also Lowe et al., Information 
Technology 95 (reporting an increase in the use of information 
technology in audits between 2004 and 2014).
---------------------------------------------------------------------------

    These recent technological developments have been changing the way 
technology-assisted analysis is used in audits, as discussed in more 
detail above. Although PCAOB standards related to the auditor's 
assessment of and response to risk generally were designed to apply to 
audits that use information technology, they may be less effective in 
providing direction to auditors if the standards do not address certain 
advancements in the use of technology-assisted analysis in audits. 
Modifying existing PCAOB standards through the final amendments 
addresses this risk, as discussed below. Many commenters, including an 
investor-related group, indicated there was a need for such standard 
setting given that the use of information in electronic form, and the 
use of technology-based tools by companies and their auditors to 
analyze such information, have expanded significantly since these 
standards were developed.
    The remainder of this section discusses the specific problem that 
the final amendments are intended to address and how the amendments 
address it.
1. Problem To Be Addressed
    Audit procedures that involve technology-assisted analysis may be 
an effective way to obtain persuasive audit evidence. Although the 
Board's research showed that auditors are using technology-assisted 
analysis to obtain audit evidence, it also indicated that existing 
PCAOB standards could address more specifically certain aspects of 
designing and performing audit procedures that involve technology-
assisted analysis. As discussed in detail above, these aspects include 
specifying auditors' responsibilities when performing tests of details, 
using an audit procedure for more than one purpose, investigating 
certain items identified by the auditor when performing a test of 
details, and evaluating the reliability of information the company 
receives from one or more external sources that is provided to the 
auditor in electronic form and used as audit evidence.
    Consequently, under existing standards, there is a risk that when 
using technology-based tools to design and perform audit procedures 
that involve technology-assisted analysis, an auditor may issue an 
auditor's report without having obtained sufficient appropriate audit 
evidence to provide a reasonable basis for the opinion expressed in the 
report. For example, if an auditor does not appropriately investigate 
certain items identified though technology-assisted analysis when 
performing a test of details, the auditor may not identify a 
misstatement that would need to be evaluated under PCAOB standards. In 
another example, if an auditor does not appropriately evaluate the 
level of disaggregation of certain information maintained by the 
company, the auditor would not be able to determine, under PCAOB 
standards, whether the evidence obtained is relevant to the assertion 
being tested.\85\
---------------------------------------------------------------------------

    \85\ See, e.g., Helen Brown-Liburd, Hussein Issa, and Danielle 
Lombardi, Behavioral Implications of Big Data's Impact on Audit 
Judgment and Decision Making and Future Research Directions, 29 
Accounting Horizons 451 (2015) (discussing how irrelevant 
information may limit the value of data analysis). See also 
Financial Reporting Council, Audit Quality.
---------------------------------------------------------------------------

    Furthermore, there is a risk that auditors may choose not to 
involve technology-assisted analysis in the audit procedures they 
perform, even if performing such procedures would be a more effective, 
and may also be a more efficient, way of obtaining audit evidence. For 
example, an auditor may choose not to perform a substantive procedure 
that involves technology-assisted analysis if the auditor cannot 
determine whether the procedure would be considered a test of details 
under existing standards.
2. How the Final Amendments Address the Need
    The final amendments address the risk that the auditor may not 
obtain sufficient appropriate audit evidence when addressing one or 
more financial statement assertions. For example, the final amendments: 
(i) specify considerations for the auditor when items are identified 
for further investigation as part of performing a test of details; \86\ 
(ii) specify procedures the auditor should perform to evaluate the 
reliability of information the company receives from one or more 
external

[[Page 54940]]

sources and that is provided to the auditor in electronic form and used 
as audit evidence; \87\ and (iii) clarify that if the auditor uses an 
audit procedure for more than one purpose, the auditor should achieve 
each objective of the procedure.\88\
---------------------------------------------------------------------------

    \86\ See detailed discussion above.
    \87\ See detailed discussion above.
    \88\ See detailed discussion above.
---------------------------------------------------------------------------

    The final amendments also address the risk that auditors may choose 
not to perform audit procedures involving technology-assisted analysis 
by: (i) specifying responsibilities when performing tests of details; 
\89\ and (ii) clarifying that an audit procedure may be used for more 
than one purpose.\90\ Collectively, the amendments should lead auditors 
to perceive less risk of noncompliance with PCAOB standards when using 
technology-assisted analysis.
---------------------------------------------------------------------------

    \89\ See detailed discussion above.
    \90\ See detailed discussion above.
---------------------------------------------------------------------------

Economic Impacts
    This section discusses the expected benefits and costs of the final 
amendments and potential unintended consequences. In the proposing 
release, the Board noted that it expected the economic impact of the 
amendments, including both benefits and costs, to be relatively modest. 
Some commenters disagreed with the characterization of costs and 
benefits as ``modest,'' stating that both costs and benefits of 
technology-assisted analysis can be substantial. However, the Board did 
not attempt to describe the overall costs and benefits of the use of 
technology-assisted analysis, but rather the marginal impact of the 
final amendments. It is difficult to quantify the benefits and costs 
because the final amendments do not require the adoption of any 
specific tools for technology-assisted analysis or that the auditor 
perform technology-assisted analysis. Some firms may choose to increase 
their investments in technology, and others may choose to make minimal 
changes to their existing audit practices. In general, the Board 
expects that firms will incur costs to implement or expand the use of 
technology-assisted analysis if firms determine that the benefits of 
doing so justify the costs. The Board included qualitative references 
to the benefits and costs associated with the use of technology-
assisted analysis, including those raised by commenters.
1. Benefits
    The final amendments may lead auditors to design and perform audit 
procedures more effectively, because they clarify and strengthen 
requirements of AS 1105 and AS 2301 related to aspects of designing and 
performing audit procedures that involve technology-assisted analysis. 
More effective audit procedures may lead to higher audit quality, more 
efficient audits, lower audit fees, or some combination of the three. 
To the extent the amendments lead to higher audit quality, they should 
benefit investors and other financial statement users by reducing the 
likelihood that the financial statements are materially misstated, 
whether due to error or fraud.
    An increase in audit quality should in turn benefit investors as 
they may be able to use the more reliable financial information to 
improve the efficiency of their capital allocation decisions (e.g., 
investors may more accurately identify companies with the strongest 
prospects for generating future risk-adjusted returns and allocate 
their capital accordingly). Some commenters stated that the proposed 
amendments would benefit investors and the general public by reducing 
audit failures. One commenter stated that the analysis in the proposing 
release appeared to suggest that existing financial information and 
audits are ``less reliable.'' The Board's intent was not to suggest 
that existing audits are unreliable, but rather that the proposed 
amendments may increase audit quality, which should in turn increase 
investors' confidence in the information contained in financial 
statements. In theory, if investors perceive less risk in capital 
markets generally, their willingness to invest in capital markets may 
increase, and thus the supply of capital may increase. An increase in 
the supply of capital could increase capital formation while also 
reducing the cost of capital to companies.\91\ The Board is unable to 
quantify in precise terms this potential benefit, which would depend 
both on how audit firms respond to the standard and on how their 
response affects audit quality, factors that are likely to vary across 
audit firms and across engagements. Auditors also are expected to 
benefit from the final amendments because the additional clarity 
provided by the amendments should reduce regulatory uncertainty and the 
associated compliance costs. Specifically, the final amendments should 
provide auditors with a better understanding of their responsibilities, 
which in turn should reduce the risk that auditors design and perform 
potentially unnecessary audit procedures (e.g., potentially duplicative 
audit procedures).
---------------------------------------------------------------------------

    \91\ See, e.g., Hanwen Chen, Jeff Zeyun Chen, Gerald J. Lobo, 
and Yanyan Wang, Effects of Audit Quality on Earnings Management and 
Cost of Equity Capital: Evidence from China, 28 Contemporary 
Accounting Research 892 (2011); Richard Lambert, Christian Leuz, and 
Robert E. Verrecchia, Accounting Information, Disclosure, and the 
Cost of Capital, 45 Journal of Accounting Research 385 (2007).
---------------------------------------------------------------------------

    Most commenters agreed that the proposed amendments would allow 
auditors to design and perform audit procedures more effectively, 
ultimately leading to higher quality audits. Some commenters identified 
specific benefits to audit quality resulting from increased use of 
technology-assisted analysis, such as the ability to automate some 
repetitive tasks and to improve the performance of risk assessment 
procedures and fraud and planning procedures. One commenter stated that 
the proposed amendments could result in the ineffective use of 
analytics if there is implicit pressure for firms to adopt technology-
assisted analysis without appropriately preparing for its use, and 
another stated that the proposed amendments may not change the 
likelihood of not obtaining sufficient appropriate audit evidence. As 
discussed below, the final amendments are principles-based and are 
intended to clarify auditors' responsibilities when using technology-
assisted analysis.
    The following discussion describes the benefits of key aspects of 
the final amendments that are expected to impact auditor behavior. To 
the extent that a firm has already incorporated aspects of the 
amendments into its methodology, some of the benefits described below 
would be reduced.\92\
---------------------------------------------------------------------------

    \92\ See discussion above.
---------------------------------------------------------------------------

i. Decreasing the Likelihood of Not Obtaining Sufficient Appropriate 
Audit Evidence
    The final amendments are expected to enhance audit quality by 
decreasing the likelihood that an auditor who performs audit procedures 
using technology-assisted analysis will issue an auditor's report 
without obtaining sufficient appropriate audit evidence that provides a 
reasonable basis for the opinion expressed in the report. For example, 
the final amendments specify auditors' responsibilities for 
investigating items identified when performing a test of details. In 
another example, the final amendments specify auditors' 
responsibilities for evaluating the reliability of certain information 
provided by the company in electronic form and used as audit evidence. 
As a result, auditors may be more likely to obtain sufficient 
appropriate audit evidence when designing and performing audit 
procedures that use

[[Page 54941]]

technology-assisted analysis, resulting in higher audit quality. As 
described above, the higher audit quality should benefit investors and 
other financial statement users by reducing the likelihood that the 
financial statements are materially misstated, whether due to error or 
fraud. These potential benefits to audit quality apply both to audit 
engagements where auditors currently incorporate technology-assisted 
analysis into their audit approach and audit engagements where auditors 
have been previously reluctant to use technology-assisted analysis 
because of the risk of noncompliance.
ii. Greater Use of Technology-Assisted Analysis
    The final amendments may lead to some increase in the use of 
technology-assisted analysis by auditors when designing and performing 
multi-purpose audit procedures and tests of details. For example, the 
final amendments clarify the description of a ``test of details.'' As a 
result of this clarification, auditors may make greater use of 
technology-assisted analysis when designing or performing tests of 
details because they may perceive a reduction in noncompliance risk.
    Notwithstanding the associated fixed and variable costs, greater 
use of technology-assisted analysis by the auditor when designing or 
performing audit procedures may allow the auditor to perform 
engagements with fewer resources, which may increase the overall 
resources available to perform audits.\93\ In economic terms, it may 
increase the supply of audit quality.\94\ For example, obtaining 
sufficient appropriate audit evidence by using technology-assisted 
analysis may require fewer staff hours than obtaining the evidence 
manually. Current labor shortages of qualified individuals and 
decreases in accounting graduates and new CPA examination candidates 
amplify the value of gathering sufficient appropriate audit evidence 
with fewer staff hours.\95\
---------------------------------------------------------------------------

    \93\ See below (discussing costs associated with greater use of 
technology-assisted analysis).
    \94\ For purposes of this discussion, ``audit quality'' refers 
to assurance on the financial statements provided by the auditor to 
the users of the financial statements. The ``supply of audit 
quality'' is the relationship between audit quality and incremental 
cost to the auditor. An ``increase in the supply of audit quality'' 
occurs when the incremental costs of audit quality decrease (e.g., 
due to technological advances) and the auditor is able to profitably 
provide more audit quality at a given cost.
    \95\ See, e.g., AICPA Private Companies Practice Section, 2022 
PCPS CPA Top Issues Survey (2022); AICPA, 2021 Trends: A Report on 
Accounting Education, the CPA Exam and Public Accounting Firms' 
Hiring of Recent Graduates (2021).
---------------------------------------------------------------------------

    Apart from consideration of demands from the audited company, 
discussed in greater detail below, the efficiencies that may arise from 
greater utilization of technology-assisted analysis would be retained 
by the auditor in the form of higher profit. However, to better address 
regulatory, litigation, or reputational risks, the auditor may choose 
to redeploy engagement-level resources to other work. For example, 
auditors may shift staff resources to audit areas or issues that are 
more complex or require more professional judgment.\96\
---------------------------------------------------------------------------

    \96\ See, e.g., Salijeni et al., Big Data.
---------------------------------------------------------------------------

    As a result of the greater use of technology-assisted analysis by 
auditors, some companies may be able to obtain a higher level of audit 
quality or renegotiate their audit fee, or both. The outcome would 
likely vary by company depending on the competitiveness of the 
company's local audit market and the company's audit quality 
expectations. For example, negotiating power may be smaller for larger 
multinational companies, which may have fewer auditor choices, than for 
smaller companies, which may have more auditor choices. Furthermore, 
some companies may expect their auditor to reassign engagement team 
staff resources from repetitive or less complex audit procedures to 
more judgmental aspects of the audit. Other companies may expect the 
engagement team to perform the audit with fewer firm resources (e.g., 
fewer billable hours). Some research suggests that most companies 
prefer audit fee reductions in response to their auditor's greater use 
of data analytics.\97\
---------------------------------------------------------------------------

    \97\ See Austin et al., The Data Analytics Journey.
---------------------------------------------------------------------------

    Because the final amendments do not require the auditor to use 
technology-assisted analysis when designing and performing audit 
procedures, the associated benefits would likely be limited to cases 
where auditors determine that their benefits justify their costs, 
including any fixed costs required to update the auditor's approach 
(e.g., update methodologies, provide training). The fixed costs may be 
significant; however, some firms may have incurred some of these costs 
already.\98\ Moreover, despite the continued tendency of companies to 
adopt ERP systems to house their accounting and financial reporting 
data, some companies' data may remain prohibitively difficult to obtain 
and analyze, thus limiting the extent to which the auditor can use 
technology-assisted analysis.\99\ Some survey research also suggests 
that some firms lack sufficient staff resources to appropriately deploy 
data analysis.\100\ Collectively, these private costs may deter some 
auditors from incorporating technology-assisted analysis into their 
audit approach and thereby reduce the potential benefits associated 
with greater use of technology-assisted analysis.
---------------------------------------------------------------------------

    \98\ See discussion above, discussing increased availability of 
data analytic tools at larger firms and Austin et al., The Data 
Analytics Journey 1908.
    \99\ See, e.g., Austin et al., The Data Analytics Journey 1906.
    \100\ See, e.g., Saligeni et al., Big Data 108. See also CPA 
Canada, Audit Data Analytics. However, some more recent survey 
research suggests that auditors tend to agree that they have the 
technical expertise to deploy data analytics. See Eilifsen et al., 
An Exploratory Study 84.
---------------------------------------------------------------------------

    Some commenters suggested that audit fees are unlikely to decrease 
as a result of increased use of technology-assisted analysis due 
primarily to the costs involved with using technology-assisted 
analysis. One commenter stated that the Board's analysis in the 
proposal focused on reducing costs (which could put downward pressure 
on audit fees), and suggested that the analysis should focus instead on 
enabling auditors to shift resources to higher risk areas of the audit, 
which should increase audit quality. Another commenter urged the PCAOB 
not to include commentary that relates the greater use of technology-
assisted analysis to lower audit fees on the grounds that the proposing 
release underestimated the costs to smaller firms of designing, 
implementing, and operating technology-assisted analysis. The commenter 
added that such commentary could have the unintended effect of 
encouraging firms to reduce costs and therefore choose to use analytics 
ineffectively or choose not to implement technology-assisted analysis. 
A different commenter noted that the ``supposition that efficiencies 
would accrue to the firms, potentially impacting audit efficiencies or 
even audit fees, is beyond the Board's charge of improving audit 
quality.'' The Board acknowledged that there can be significant costs 
associated with the use of technology-assisted analysis, particularly 
with the initial implementation of technology-assisted analysis tools, 
which some firms may pass on to audited companies in the form of higher 
audit fees, at least in the short term. However, the Board noted that 
the final amendments do not require the use of technology-assisted 
analysis, and academic studies suggest that greater use of data 
analytics could reduce audit fees.\101\
---------------------------------------------------------------------------

    \101\ See Austin et al., The Data Analytics Journey 1891.

---------------------------------------------------------------------------

[[Page 54942]]

    One commenter stated that the PCAOB should be ``agnostic'' about 
the use of audit technology and should focus on audit quality rather 
than audit efficiency. The Board believes that the PCAOB's focus on 
audit quality does not preclude it from considering the effect of audit 
efficiency on the Board's stakeholders. Furthermore, audit efficiencies 
in one area may allow auditors to redeploy resources to other audit 
areas that are more complex or require more professional judgment, 
resulting in increased audit quality.
2. Costs
    To the extent that firms make changes to their existing audit 
approaches as a result of the final amendments, they may incur certain 
fixed costs (i.e., costs that are generally independent of the number 
of audits performed), including costs to: update audit methodologies, 
templates, and tools; prepare training materials; train their staff; 
and develop or purchase software. GNFs and some NAFs are likely to 
update their methodologies using internal resources, whereas other NAFs 
are likely to purchase updated methodologies from external vendors.
    In addition, firms may incur certain engagement-level variable 
costs. For example, the final amendments related to evaluating whether 
certain information provided by the company in electronic form and used 
as audit evidence is reliable could require additional time and effort 
by engagement teams that use such information in performing audit 
procedures. This additional time, and therefore the resulting variable 
costs, may be less on integrated audits or financial-statement audits 
that take a controls reliance approach because, in these cases, 
internal controls over the information, including ITGCs and automated 
application controls, may already be tested. As another example, some 
firms may incur software license fees that vary by the number of users. 
To the extent that auditors incur higher costs to implement the 
amendments and can pass on at least part of the increased costs through 
an increase in audit fees, audited companies may also incur an indirect 
cost.
    Some commenters stated that they do not believe the fixed and 
variable cost increases will be modest as stated in the proposal, and 
that the evolution of technology-assisted analysis may render tools and 
training obsolete, requiring renewed investment at regular intervals. 
One of these commenters referenced increased resource costs such as the 
need to investigate items identified through technology-assisted 
analysis. One commenter stated that the proposing release 
mischaracterized the costs to NAFs of implementing technology-assisted 
analysis. This commenter noted that costs could include a learning 
curve for new technology adoption, increased costs of hiring engagement 
team members with appropriate skill sets, obtaining reliable data, and 
the development or purchase of software tools. Another stated that some 
audit firms already use technology, so both costs and benefits would be 
modest for those firms. As the Board discussed in the proposal and as 
reiterated above, the final amendments do not require the use of 
technology-assisted analysis. Therefore, the costs discussed by these 
commenters would occur only if firms determined it was in their best 
interest to incur them.
    Some aspects of the final amendments may result in more or 
different costs than others. The following discussion describes the 
potential costs associated with specific aspects of the amendments.
i. Potential Additional Audit Procedures and Implementation Costs
    The final amendments clarify and specify auditor responsibilities 
when designing and performing audit procedures that involve technology-
assisted analysis. As a result, some auditors may perform incremental 
procedures to comply with the final amendments, which may lead to 
incremental costs. For example, in addition to applying technology-
assisted analysis when testing specific items in the population, some 
auditors may address the items not selected for testing by performing 
other substantive procedures if the auditor determines that there is a 
reasonable possibility of a risk of material misstatement in the items 
not selected for testing (i.e., the remaining population). To the 
extent that auditors currently do not fulfill their responsibilities 
under existing PCAOB standards related to the remaining population when 
there is a reasonable possibility of a risk of material misstatement, 
those firms may incur one-time costs to update firm methodologies and 
ongoing costs related to fulfilling their responsibilities. In another 
example, an auditor may determine that incremental procedures are 
necessary to evaluate the reliability of external information provided 
by the company in electronic form.. These incremental procedures may 
apply to audit engagements where auditors currently incorporate 
technology-assisted analysis into their audit approach, and audit 
engagements where auditors have been reluctant to use technology-
assisted analysis due to the risk of noncompliance.
    At the firm level, some firms may incur relatively modest fixed 
costs to update their methodologies and templates (e.g., documentation 
templates) or customize their technology-based tools. Firms may also 
need to prepare training materials and train their staff. Firms may 
incur relatively modest variable costs if they determine that 
additional time and effort on an individual audit engagement is 
necessary in order to comply with the final amendments. For example, a 
firm may incur additional variable costs to investigate items 
identified when performing a test of details.
ii. Greater Use of Technology-Assisted Analysis
    As discussed above, the final amendments do not require the use of 
technology-assisted analysis in an audit. However as noted above, the 
final amendments may lead to some increase in the use of technology-
assisted analysis by auditors when designing and performing multi-
purpose audit procedures and tests of details. The greater use of 
technology-assisted analysis by the auditor may allow the auditor to 
perform engagements with fewer resources. However, this potential 
efficiency benefit would likely be offset, in part, by fixed and 
variable costs to the audit firm. Fixed costs may be incurred to 
incorporate technology-assisted analysis into the audit approach. For 
example, some firms may purchase, develop, or customize new tools.\102\ 
Some firms may choose to hire programmers to develop tools internally. 
Firms may also incur fixed costs to obtain an understanding of 
companies' information systems.\103\ Some commenters stated that the 
costs to research, develop, and implement technology-assisted analysis 
can be significant. They also stated that rapid technological 
advancements require continual investment by audit firms to keep pace. 
Because the final amendments do not require the adoption of technology-
assisted analysis, any such investments by firms would be made only if 
they determine that the benefits justify the costs.
---------------------------------------------------------------------------

    \102\ See Financial Reporting Council, Audit Quality. See also 
Austin et al., The Data Analytics Journey 1908.
    \103\ See Eilifsen et al., An Exploratory Study 71 (discussing 
how audit data analytics are used less often when the company does 
not have an integrated ERP/IT system). See also Financial Reporting 
Council, Audit Quality.
---------------------------------------------------------------------------

    Relatively modest variable costs may be incurred to use technology-
assisted

[[Page 54943]]

analysis on individual audit engagements. For example, firms may incur 
variable costs associated with preparing company data for analysis or 
updating their technology-based tools. Several commenters stated that 
there are costs associated with obtaining or preparing data in a format 
that can be utilized by specific tools for technology-assisted 
analysis. In another example, a firm may incur variable costs to obtain 
specialized expertise for using technology-assisted analysis on audit 
engagements. For example, a firm data analytics specialist may be used 
on an audit engagement to automate certain aspects of data preparation 
or design and perform a custom technology-assisted analysis. One 
commenter noted that the investigation of items identified by 
technology-assisted analysis requires resources such as the involvement 
of personnel who are skilled in interpreting the results of technology-
assisted analysis. As a result, according to the commenter, the use of 
technology-assisted analysis may not necessarily reduce costs and may 
increase costs. As discussed above, auditors may increase audit fees 
due to costs associated with the use of technology-assisted analysis, 
passing along some of those costs to audited companies.
    Several factors may limit the costs associated with greater use of 
technology-assisted analysis in an audit. First, the costs would likely 
be incurred by a firm only if it determined that the private benefits 
to it would exceed the private costs. Second, some firms have already 
made investments to incorporate technology-assisted analysis in audits. 
Finally, the cost of software that can process and analyze large 
volumes of data has been decreasing.\104\
---------------------------------------------------------------------------

    \104\ See discussion above.
---------------------------------------------------------------------------

3. Potential Unintended Consequences
    In addition to the benefits and costs discussed above, the final 
amendments could have unintended economic impacts. The following 
discussion describes potential unintended consequences considered by 
the Board and, where applicable, factors that mitigate them. These 
include actions taken by the Board as well as the existence of other 
countervailing forces.
i. Reduction in the Use of Technology-Assisted Analysis
    It is possible that, as a result of the final amendments, some 
auditors could reduce their use of technology-assisted analysis. This 
could occur if the final amendments were to lead firms to conclude that 
the private benefits would not justify the private costs of involving 
technology-assisted analysis in their audit approach. For example, the 
final amendments specify considerations for investigating items 
identified by the auditor when performing a test of details and 
procedures for evaluating the reliability of certain information the 
company receives from one or more external sources and used as audit 
evidence. As discussed above, such additional responsibilities could 
lead to fixed costs at the firm level and variable costs at the 
engagement level. As a result, some auditors may choose not to use 
audit procedures that involve technology-assisted analysis.
    Several factors would likely mitigate any negative effects 
associated with this potential unintended consequence. First, the Board 
believes that any decrease in the use of technology-assisted analysis 
would likely arise from a reduction in the performance of audit 
procedures that would not have contributed significantly to providing 
sufficient appropriate audit evidence. This development would therefore 
probably benefit, rather than detract from, audit quality. For example, 
currently some auditors might not appropriately investigate items 
identified when using technology-assisted analysis in performing tests 
of details. The amendments specify auditors' responsibilities for 
investigating the items identified. If auditors view the requirement as 
too costly to implement, they may instead choose to perform audit 
procedures that do not involve the use of technology-assisted analysis. 
If the other procedures chosen by the auditor provide sufficient 
appropriate audit evidence, the reduction in the performance of audit 
procedures that involve technology-assisted analysis (where auditors 
did not appropriately investigate items identified) would benefit audit 
quality.
    Second, any reduction in the use of technology-assisted analysis 
resulting from certain of the amendments, such as in the above 
scenario, may be offset by the greater use of technology-assisted 
analysis in other scenarios. For example, as discussed above, the final 
amendments clarify the description of a ``test of details.'' As a 
result, auditors may make greater use of technology-assisted analysis 
in performing tests of details because they may perceive a reduction in 
noncompliance risk.
    Finally, because the final amendments are principles-based, 
auditors will be able to tailor their work subject to the amendments to 
the facts and circumstances of the audit. For example, the amendments 
do not prescribe procedures for investigating items identified when 
performing a test of details. Rather, the auditor will be able to 
structure the investigation based on, among other things, the type of 
analysis and the assessed risks of material misstatement.\105\
---------------------------------------------------------------------------

    \105\ See discussion above.
---------------------------------------------------------------------------

    Some commenters stated that the proposed amendments could 
potentially deter auditors from using technology-assisted analysis; in 
contrast, others said that the proposed amendments could potentially 
pressure auditors to use technology-assisted analysis. As outlined 
above, the final amendments, consistent with the proposal, do not 
require the use of technology-assisted analysis, and the Board believes 
that auditors will use technology-assisted analysis to the extent that 
it allows them to perform audit procedures in a more efficient or 
effective manner. Some commenters expressed appreciation for PCAOB 
standards that allow auditors to employ appropriate audit procedures 
based on the facts and circumstances of the audit engagement. They 
agreed with the scalable, principles-based approach that allows for use 
of technology-assisted analysis to the extent that it is effective and 
efficient, taking into consideration the firm size, company size, and 
other circumstances of the audit engagement.
ii. Inappropriately Designed Multi-Purpose Audit Procedures
    It is possible that some auditors could view the final amendments 
as allowing any audit procedure that involves technology-assisted 
analysis to be considered a multi-purpose procedure. Auditors who hold 
this view may fail to design and perform audit procedures that provide 
sufficient appropriate audit evidence. This potential unintended 
consequence would be mitigated by: (i) existing requirements of PCAOB 
standards; and (ii) the amendment to paragraph .14 of AS 1105.
    Existing PCAOB standards address auditors' responsibilities for 
designing and performing procedures to identify, assess, and respond to 
risks of material misstatement and obtaining sufficient appropriate 
audit evidence.\106\ Auditor responsibilities established by existing 
PCAOB standards apply to the performance of both audit procedures that 
are designed to achieve a single objective and audit procedures that 
are designed to achieve multiple objectives. Further, existing 
standards specify auditor responsibilities in certain scenarios that 
involve multi-purpose audit procedures. For example, existing PCAOB 
standards provide that an audit

[[Page 54944]]

procedure may serve as both a risk assessment procedure and a test of 
controls provided that the auditor meets the objectives of both 
procedures.\107\ In another example, existing PCAOB standards provide 
that audit procedures may serve as both a test of controls and a 
substantive procedure provided that the auditor meets the objectives of 
both procedures.\108\
---------------------------------------------------------------------------

    \106\ See, e.g., AS 2110 and AS 2301.
    \107\ See AS 2110.39.
    \108\ See AS 2301.47.
---------------------------------------------------------------------------

    In addition, the amendment to paragraph .14 of AS 1105 would 
further mitigate the risk that auditors fail to design and perform 
multi-purpose audit procedures. The amendment would emphasize the 
auditor's responsibility to achieve particular objectives specified in 
existing PCAOB standards when using audit evidence from an audit 
procedure for multiple purposes.
iii. Disproportionate Impact on Smaller Firms
    It is possible that the costs of the final amendments could 
disproportionately impact smaller firms. As discussed in Section IV.C.2 
above, increased use of technology-assisted analysis may require 
incremental investment and specialized skills. Smaller firms have fewer 
audit engagements over which to distribute fixed costs (i.e., they lack 
economies of scale). As a result, smaller firms may be less likely than 
larger firms to increase their use of technology-assisted analysis when 
designing and performing multi-purpose audit procedures and tests of 
details. Although the final amendments do not require auditors to use 
technology-assisted analysis, a choice not to use it may negatively 
impact smaller firms' ability to compete with larger firms (e.g., if 
using technology-assisted analysis is expected by prospective users of 
the auditor's report). One commenter stated that the costs of using 
technology-assisted analysis could be significant and cause audits 
performed by small and mid-sized accounting firms to be uneconomical.
    This potential unintended negative consequence would be mitigated 
by several factors. First, the fixed costs associated with the 
amendments may be offset by engagement-level efficiencies which may 
increase the competitiveness of smaller firms. Second, as discussed 
above, the costs associated with acquiring and incorporating 
technology-based analytical tools into firms' audit approaches have 
been decreasing and may continue to decrease. Third, while reduced 
competition may result in higher audit fees,\109\ it may also reduce 
companies' opportunity to opinion shop, thereby positively impacting 
audit quality.\110\ In contrast, some literature suggests that reduced 
competition may have a negative effect on audit quality.\111\
---------------------------------------------------------------------------

    \109\ See, e.g., Joshua L. Gunn, Brett S. Kawada, and Paul N. 
Michas, Audit Market Concentration, Audit Fees, and Audit Quality: A 
Cross-Country Analysis of Complex Audit Clients, 38 Journal of 
Accounting and Public Policy 1 (2019).
    \110\ See, e.g., Nathan J. Newton, Julie S. Persellin, Dechun 
Wang, and Michael S. Wilkins, Internal Control Opinion Shopping and 
Audit Market Competition, 91 The Accounting Review 603 (2016); 
Nathan J. Newton, Dechun Wang, and Michael S. Wilkins, Does a Lack 
of Choice Lead to Lower Quality?: Evidence from Auditor Competition 
and Client Restatements, 32 Auditing: A Journal of Practice & Theory 
31 (2013).
    \111\ See, e.g., Jeff P. Boone, Inder K. Khurana, and K.K. 
Raman, Audit Market Concentration and Auditor Tolerance for Earnings 
Management, Contemporary Accounting Research 29 (2012); Nicholas J. 
Hallman, Antonis Kartapanis, and Jaime J. Schmidt, How Do Auditors 
Respond to Competition? Evidence From the Bidding Process, Journal 
of Accounting and Economics 73 (2022).
---------------------------------------------------------------------------

    Finally, any negative impact on the smaller firms' ability to 
compete with larger firms would likely be limited to smaller and mid-
sized companies because smaller firms may lack the economies of scale 
and multi-national presence to compete for the audits of larger 
companies. Indeed, there is some evidence that smaller and larger audit 
firms do not directly compete with each other in some segments of the 
audit market \112\ although some research suggests that smaller and 
larger firms do compete locally in some cases.\113\
---------------------------------------------------------------------------

    \112\ See, e.g., GAO Report No. GAO-03-864, Public Accounting 
Firms: Mandated Study on Consolidation and Competition (July 2003).
    \113\ See, e.g., Kenneth L. Bills and Nathaniel M. Stephens, 
Spatial Competition at the Intersection of the Large and Small Audit 
Firm Markets, 35 Auditing: A Journal of Practice and Theory 23 
(2016).
---------------------------------------------------------------------------

Alternatives Considered
    The development of the final amendments involved considering 
numerous alternative approaches to addressing the problems described 
above. This section explains: (i) why standard setting is preferable to 
other policy-making approaches, such as providing interpretive guidance 
or enhancing inspection or enforcement efforts; (ii) other standard-
setting approaches that were considered; and (iii) key policy choices 
made by the Board in determining the details of the amendments.
1. Why Standard Setting Is Preferable to Other Policy-Making Approaches
    The Board's policy tools include alternatives to standard setting, 
such as issuing interpretive guidance or increasing the focus on 
inspections or enforcement of existing standards. The Board considered 
whether providing guidance or enhancing inspection or enforcement 
efforts would be effective mechanisms to address concerns associated 
with aspects of designing and performing audit procedures that involve 
technology-assisted analysis. One commenter stated that PCAOB staff 
guidance would be preferable to standard setting to communicate the 
requirements. Several commenters stated that additional guidance and 
examples would be helpful for auditors when applying existing standards 
and the proposed amendments when performing audit procedures that 
involve technology-assisted analysis.
    Interpretive guidance inherently provides additional information 
about existing standards. Inspection and enforcement actions take place 
after insufficient audit performance (and potential investor harm) has 
occurred. Devoting additional resources to interpretive guidance, 
inspections, or enforcement activities, without improving the relevant 
performance requirements for auditors, would at best focus auditors' 
performance on existing standards and would not provide the benefits 
associated with improving the standards, which are discussed above.
    The In contrast, some literature suggests that reduced competition 
may have a negative effect on audit quality.amendments, by contrast, 
are designed to improve PCAOB standards by adding further clarity and 
specificity to existing requirements. For example, the amendments 
specify auditor responsibilities for evaluating the reliability of 
external information provided by the company in electronic form and 
used as audit evidence. In another example, the amendments clarify 
auditor responsibilities when the auditor uses an audit procedure for 
more than one purpose.
2. Other Standard-Setting Approaches Considered
    The Board considered, but decided against, developing a standalone 
standard that would address designing and performing audit procedures 
that involve technology-assisted analysis. Addressing the use of 
technology-assisted analysis in a standalone standard could further 
highlight the auditor's responsibilities relating to using technology-
assisted analysis. However, a new standalone standard would also 
unnecessarily duplicate many of the existing requirements, because 
existing PCAOB standards are already designed to be applicable to 
audits performed with the use of

[[Page 54945]]

technology, including technology-assisted analysis.
    Further, as the discussion above explains in greater detail, the 
Board's research indicates that auditors are using technology-assisted 
analysis in audit procedures. Rather than developing a new standalone 
standard, the final amendments use a more targeted approach that 
includes amending certain requirements of the standards where the 
Board's research has indicated the need for providing further clarity 
and specificity regarding designing and performing audit procedures 
that involve technology-assisted analysis.
3. Key Policy Choices
i. Investigating Certain Items Identified by the Auditor
    As discussed above, auditors may use technology-assisted analysis 
to identify items within a population (e.g., transactions in an 
account) for further investigation when performing a test of 
details.\114\ The auditor's investigation may include, for example, 
examining documentary evidence for items identified through the 
analysis, or designing and performing other audit procedures to 
determine whether the items identified individually or in the aggregate 
indicate misstatements or deficiencies in the company's internal 
control over financial reporting.
---------------------------------------------------------------------------

    \114\ See detailed discussion above.
---------------------------------------------------------------------------

    The Board considered but did not prescribe specific audit 
procedures to investigate items identified by the auditor in the way 
described in the above examples. Instead, the final amendments specify 
that audit procedures that the auditor performs to investigate the 
identified items are part of the auditor's response to the risk of 
material misstatement. The auditor determines the nature, timing, and 
extent of such procedures in accordance with PCAOB standards. The Board 
also considered, but did not prescribe, specific audit procedures to 
address items not selected for a test of details (i.e., remaining items 
in the population) when the auditor's means of selecting items was 
selecting specific items. Although certain audit procedures may be 
effective to address the assessed risk under certain circumstances, 
other audit procedures may be more effective under different 
circumstances. Because of the wide range of both the analyses that the 
auditor may perform to identify items for further investigation, and 
the potentially appropriate audit procedures that the auditor may 
perform to investigate them, the Board believes that an overly 
prescriptive standard could in certain cases lead auditors to perform 
audit procedures without considering the facts and circumstances of the 
audit engagement.
ii. Describing a New Specific Audit Procedure
    The Board considered but did not describe (or define), technology-
assisted analysis or similar terms (e.g., data analysis or data 
analytics) in AS 1105 as a new specific audit procedure. Although 
describing technology-assisted analysis as a specific audit procedure 
might clarify certain auditor responsibilities, it could also create 
confusion and unnecessarily constrain the potential use of such 
analyses in the audit. As the Board's research indicates, and as 
commenters have stated, auditors already incorporate technology-
assisted analysis in various types of audit procedures (e.g., 
inspection, recalculation, reperformance, analytical procedures) that 
are used for various purposes (e.g., identifying risk or responding to 
risk). In addition, describing technology-assisted analysis or similar 
terms would present challenges because the meaning of such terms may 
vary depending on the context and may further evolve as technology 
evolves.
iii. Requiring Auditors' Use of Technology
    The final amendments, consistent with existing PCAOB standards, are 
principles-based and are intended to be applicable to all audits 
conducted under PCAOB standards. An investor-related group commented 
that the Board should consider requiring that auditors use certain 
types of technology-based tools that financial research and investment 
management firms have used to assess and verify the accuracy and 
completeness of financial statements, in order to improve audit quality 
and help detect fraud. In contrast, some commenters noted that 
requiring the use of certain technology could have unintended 
consequences for smaller companies and affect the ability of smaller 
firms to compete. As one commenter noted, clients of small and mid-
sized accounting firms may rely on other processes appropriate to their 
size to manage their operations and financial reporting, and the use of 
technology-assisted analysis may not be as cost-effective in those 
circumstances. Another commenter noted that it is important that PCAOB 
standards continue to enable auditors to employ audit procedures that 
are appropriate based on the engagement-specific facts and 
circumstances, recognizing that technology-assisted analysis may not be 
the most effective option and therefore its use should not be expected 
on all audits. That commenter emphasized the need for the proposed 
amendments to be scalable for firms (and the companies they audit) of 
all sizes and with varying technological resources. Several other 
commenters stated that the principles-based nature of the proposed 
amendments was important, so that they can be applicable to all PCAOB-
registered firms and the audits they conduct under PCAOB standards, 
regardless of the size of the firm or complexity of the issuer.
    The Board considered the views of commenters, including those of 
investors, and the Board decided not to require auditors' use of 
technology as part of these amendments, which would have been outside 
the scope of the project. Maintaining a principles-based approach to 
these amendments is appropriate due to the ever-evolving nature of 
technology; requiring the use of specific types of technology, based on 
how they are used currently, could quickly become outdated. In 
addition, as discussed above, the Board's Technology Innovation 
Alliance Working Group continues to advise the Board on the use of 
emerging technologies by auditors and preparers relevant to audits and 
their potential impact on audit quality. These ongoing activities may 
inform future standard-setting projects.
Application of the Proposed Rules to Audits of Emerging Growth 
Companies
    Pursuant to section 104 of the Jumpstart Our Business Startups 
(``JOBS'') Act, rules adopted by the Board subsequent to April 5, 2012, 
generally do not apply to the audits of emerging growth companies 
(i.e., EGCs), as defined in section 3(a)(80) of the Exchange Act, 
unless the SEC ``determines that the application of such additional 
requirements is necessary or appropriate in the public interest, after 
considering the protection of investors, and whether the action will 
promote efficiency, competition, and capital formation.'' \115\ As a 
result of the JOBS Act, the rules and related amendments to PCAOB 
standards that the Board adopts are generally subject to a

[[Page 54946]]

separate determination by the SEC regarding their applicability to 
audits of EGCs.
---------------------------------------------------------------------------

    \115\ See Public Law 112-106 (Apr. 5, 2012). See also section 
103(a)(3)(C) of Sarbanes-Oxley, as added by section 104 of the JOBS 
Act (providing that any rules of the Board requiring: (1) mandatory 
audit firm rotation; or (2) a supplement to the auditor's report in 
which the auditor would be required to provide additional 
information about the audit and the financial statements of the 
issuer (auditor discussion and analysis), shall not apply to an 
audit of an EGC. The amendments do not fall within either of these 
two categories).
---------------------------------------------------------------------------

    To inform consideration of the application of auditing standards to 
audits of EGCs, the PCAOB staff prepares a white paper annually that 
provides general information about characteristics of EGCs.\116\ As of 
the November 15, 2022, measurement date in the February 2024 EGC White 
Paper, PCAOB staff identified 3,031 companies that self-identified with 
the SEC as EGCs and filed with the SEC audited financial statements in 
the 18 months preceding the measurement date.\117\
---------------------------------------------------------------------------

    \116\ See PCAOB, White Paper on Characteristics of Emerging 
Growth Companies and Their Audit Firms at November 15, 2022 (Feb. 
20, 2024) (``EGC White Paper''), available at https://pcaobus.org/resources/other-research-projects.
    \117\ The EGC White Paper uses a lagging 18-month window to 
identify companies as EGCs. Please refer to the ``Current 
Methodology'' section in the white paper for details. Using an 18-
month window enables staff to analyze the characteristics of a 
fuller population in the EGC White Paper but may tend to result in a 
larger number of EGCs being included for purposes of the present EGC 
analysis than would alternative methodologies. For example, an 
estimate using a lagging 12-month window would exclude some EGCs 
that are delinquent in making periodic filings. An estimate as of 
the measurement date would exclude EGCs that have terminated their 
registration, or that have exceeded the eligibility or time limits. 
See id.
---------------------------------------------------------------------------

    As discussed above, auditors are expanding the use of technology-
assisted analysis in audits. The final amendments, as discussed above, 
address aspects of designing and performing audit procedures that 
involve technology-assisted analysis. The proposed rules are 
principles-based and are intended to be applied in all audits performed 
pursuant to PCAOB standards, including audits of EGCs.
    The discussion of benefits, costs, and unintended consequences of 
the proposed rules above is generally applicable to all audits 
performed pursuant to PCAOB standards, including audits of EGCs. The 
economic impacts on an individual EGC audit would depend on factors 
such as the auditor's ability to distribute implementation costs across 
its audit engagements, whether the auditor has already incorporated 
technology-assisted analysis into its audit approach, and electronic 
information acquisition challenges (e.g., information availability, 
legal restrictions, or privacy concerns). EGCs are more likely to be 
newer companies, which are typically smaller in size and receive lower 
analyst coverage. These factors may increase the importance to 
investors of the higher audit quality resulting from the proposed 
rules, as high-quality audits generally enhance the credibility of 
management disclosures.\118\
---------------------------------------------------------------------------

    \118\ Researchers have developed a number of proxies that are 
thought to be correlated with information asymmetry, including small 
company size, lower analyst coverage, larger insider holdings, and 
higher research and development costs. To the extent that EGCs 
exhibit one or more of these properties, there may be a greater 
degree of information asymmetry for EGCs than for the broader 
population of companies, which increases the importance to investors 
of the external audit to enhance the credibility of management 
disclosures. See, e.g., Steven A. Dennis and Ian G. Sharpe, Firm 
Size Dependence in the Determinants of Bank Term Loan Maturity, 32 
Journal of Business Finance & Accounting 31 (2005); Michael J. 
Brennan and Avanidhar Subrahmanyam, Investment Analysis and Price 
Formation in Securities Markets, 38 Journal of Financial Economics 
361 (1995); David Aboody and Baruch Lev, Information Asymmetry, R&D, 
and Insider Gains, 55 The Journal of Finance 2747 (2000); Raymond 
Chiang and P. C. Venkatesh, Insider Holdings and Perceptions of 
Information Asymmetry: A Note, 43 The Journal of Finance 1041 
(1988); Molly Mercer, How Do Investors Assess the Credibility of 
Management Disclosures?, 18 Accounting Horizons 185 (2004).
---------------------------------------------------------------------------

    However, as discussed above, the use of technology-assisted 
analysis appears to be less prevalent among NAFs than GNFs. Therefore, 
since EGCs are more likely than non-EGCs to be audited by NAFs, the 
impacts of the proposed rules on EGC audits may be less than on non-EGC 
audits.\119\
---------------------------------------------------------------------------

    \119\ Staff analysis indicates that, compared to exchange-listed 
non-EGCs, exchange-listed EGCs are approximately 2.6 times as likely 
to be audited by an NAF and approximately 1.3 times as likely to be 
audited by a triennially inspected firm. Source: EGC White Paper and 
Standard & Poor's.
---------------------------------------------------------------------------

    The proposed rules could impact competition in an EGC's product 
market if the indirect costs to audited companies disproportionately 
impact EGCs relative to their competitors. However, as discussed above, 
the costs associated with the proposed rules are expected to be 
relatively modest. Therefore, the impact of the proposed rules on 
competition, if any, is likewise expected to be limited.
    Overall, the proposed rules are expected to enhance the efficiency 
and quality of EGC audits that implement technology-assisted analysis 
and contribute to an increase in the credibility of financial reporting 
by those EGCs. To the extent the proposed rules improve EGCs' financial 
reporting quality, they may also improve the efficiency of capital 
allocation, lower the cost of capital, and enhance capital formation. 
For example, higher financial reporting quality may allow investors to 
more accurately identify companies with the strongest prospects for 
generating future risk-adjusted returns and reallocate their capital 
accordingly. Investors may also perceive less risk in EGC capital 
markets generally, leading to an increase in the supply of capital to 
EGCs. This may increase capital formation and reduce the cost of 
capital to EGCs. We are unable to quantify in precise terms this 
potential benefit, which would depend both on how audit firms respond 
to the standard and on how their response affects audit quality, 
factors that are likely to vary across audit firms and across 
engagements.
    Furthermore, if certain of the proposed rules did not apply to the 
audits of EGCs, auditors would need to address differing audit 
requirements in their methodologies, or policies and procedures, with 
respect to audits of EGCs and non-EGCs. This could create the potential 
for additional confusion.
    Two commenters on the proposal specifically supported the 
application of the amendments to EGCs. One of those commenters stated 
that excluding EGCs from the proposal would be inconsistent with 
protecting the public interest.
    Accordingly, and for the reasons explained above, the Board will 
request that the Commission determine that it is necessary or 
appropriate in the public interest, after considering the protection of 
investors and whether the action will promote efficiency, competition, 
and capital formation, to apply the proposed rules to audits of EGCs.

III. Date of Effectiveness of the Proposed Rules and Timing for 
Commission Action

    Within 45 days of the date of publication of this notice in the 
Federal Register or within such longer period (i) as the Commission may 
designate up to 90 days of such date if it finds such longer period to 
be appropriate and publishes its reasons for so finding or (ii) as to 
which the Board consents, the Commission will:
    (A) By order approve or disapprove such proposed rules; or
    (B) Institute proceedings to determine whether the proposed rules 
should be disapproved.

IV. Solicitation of Comments

    Interested persons are invited to submit written data, views and 
arguments concerning the foregoing, including whether the proposed 
rules are consistent with the requirements of Title I of the Act. 
Comments may be submitted by any of the following methods:

Electronic Comments

     Use the Commission's internet comment form (https://www.sec.gov/rules/pcaob); or
     Send an email to [email protected]. Please include 
PCAOB-2024-03 on the subject line.

[[Page 54947]]

Paper Comments

     Send paper comments in triplicate to Vanessa A. 
Countryman, Secretary, Securities and Exchange Commission, 100 F Street 
NE, Washington, DC 20549-1090.

All submissions should refer to PCAOB-2024-03. This file number should 
be included on the subject line if email is used. To help the 
Commission process and review your comments more efficiently, please 
use only one method. The Commission will post all comments on the 
Commission's internet website (https://www.sec.gov/rules/pcaob). Copies 
of the submission, all subsequent amendments, all written statements 
with respect to the proposed rules that are filed with the Commission, 
and all written communications relating to the proposed rules between 
the Commission and any person, other than those that may be withheld 
from the public in accordance with the provisions of 5 U.S.C. 552, will 
be available for website viewing and printing in the Commission's 
Public Reference Room, 100 F Street NE, Washington, DC 20549, on 
official business days between the hours of 10 a.m. and 3 p.m. Copies 
of such filing will also be available for inspection and copying at the 
principal office of the PCAOB. Do not include personal identifiable 
information in submissions; you should submit only information that you 
wish to make available publicly.
    We may redact in part or withhold entirely from publication 
submitted material that is obscene or subject to copyright protection. 
All submissions should refer to PCAOB-2024-03 and should be submitted 
on or before July 23, 2024.

    For the Commission, by the Office of the Chief Accountant.
Sherry R. Haywood,
Assistant Secretary.
[FR Doc. 2024-14488 Filed 7-1-24; 8:45 am]
BILLING CODE 8011-01-P

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.