The Public Company Accounting Oversight Board voted Thursday to adopt new requirements for auditing firms to report on various metrics for both the firm and its engagements, as well as change the annual reports the firms submit to the PCAOB.

The changes involve two standards, on firm and engagement metrics, and firm reporting. The PCAOB proposed the far-reaching standards in April, and they provoked some pushback from commenters, especially on engagement metrics. The firm and engagement metrics project stemmed from a yearslong effort at the PCAOB to develop a set of audit quality indicators. In response to some of the negative comments, the PCAOB decided to scale back the original proposal, although one member of board still voted against it.

Under the new rules, PCAOB-registered public accounting firms that audit one or more issuers that qualify as an accelerated filer or large accelerated filer will be required to publicly report specified metrics relating to such audits and their audit practices. These metrics — which will further PCAOB oversight activities and which can be used by investors, audit committees, and other stakeholders — cover the following eight areas:

• Partner and manager involvement;
• Workload;
• Training hours for audit personnel;
• Experience of audit personnel;
• Industry experience;
• Retention of audit personnel (firm-level only);
• Allocation of audit hours; and,
• Restatement history (firm-level only).

“The goal of this project before us today is to provide additional information about audit firms and their audits in both a consistent and comparable manner to bolster confidence, strengthen oversight, and empower investors and audit committees to make better informed decisions and help drive audit quality forward,” said PCAOB chair Erica Williams in a statement at an open meeting Thursday. “Today, investors and other stakeholders lack information about audit firms’ practices and their engagements — some of which may be shared with company management or their audit committees. Through this project, investors, audit committees and other stakeholders will have access to the same valuable information on firms and their engagements to help them make knowledgeable decisions regarding audit firms and investment related choices.”

Reporting of firm-level metrics will be required annually on a new Form FM, for firms that serve as the lead auditor for at least one accelerated filer or large accelerated filer. Reporting of engagement-level metrics for audits of accelerated filers and large accelerated filers will be required via a revised Form AP, which will be renamed “Audit Participants and Metrics.” Finally, limited narrative disclosures will be allowed (but not required) on both Form FM and Form AP to provide context and explanation for the required metrics.

After issuing its proposal in April on firm and engagement metrics, the PCAOB received feedback from a wide array of commenters and made some changes to the amendments as originally proposed

• Reduced the metric areas to eight (from 11);
• Refined the metrics to simplify and clarify the calculations;
• Increased the ability to provide optional narrative disclosure (from 500 to 1,000 characters); and,
• Updated the effective date. (If approved by the SEC, the earliest effective date of the firm-level metrics will be Oct. 1, 2027, with the first reporting as of September 30, 2028, and engagement-level metrics for the audits of companies with fiscal years beginning on or after Oct. 1, 2027.)

For the new requirements, the PCAOB also established a phased-in implementation to provide smaller firms with more time. The requirements will take effect for firms that audit more than 100 issuers first, and for other firms, the requirements will take effect the following year.

However, PCAOB board member Christina Ho, believes the new requirements were drawn up too hastily. “Our votes today are unprecedented,” she said in a statement at the meeting Thursday. “Never in the history of the PCAOB has the Board rushed to adopt new standards and rules in the middle of a historic transition to new SEC leadership, let alone adopt standards and rules that are not ready. The Firm and Engagement Metrics was proposed on April 9, 2024, and we received 46 comment letters. If adopted today, it will set the record for this Board as the fastest adopted standard which only took 226 days (7.5 months). The average number of days from proposal to adoption for the five standards adopted by this Board to date was 448 days (15 months), with an average of 32 comment letters. Essentially, although the Firm and Engagement Metrics proposal has over 40% more comment letters than the average of 32, it took half as much time as the other standards adopted by this Board. Political expediency is not evidence-based policymaking. Haste naturally harms work product quality, which will not escape any keen eyes.”

Firm reporting standard

For the firm reporting standard, the amendments adopted by the PCAOB on Thursday will modernize its annual and special reporting requirements to facilitate the disclosure of more complete, standardized and timely information by registered public accounting firms. Much of the information will be disclosed publicly, such as enhanced fee, governance and network information, as it currently is. But other information that;s potentially proprietary, sensitive or developing will be available to the PCAOB only for oversight.

The amendments enhance the required current reporting of information by registered firms on the PCAOB’s public Annual Report Form (“Form 2”), and the Special Reporting Form (“Form 3”) in several key areas:

Financial information – On Form 2, all registered firms will need to report additional fee information. The largest firms will also be required to confidentially submit financial statements to the PCAOB.

Governance information – On Form 2, all registered firms will be required to report additional information regarding their leadership, legal structure, ownership, and other governance information, including reporting on certain key quality control operational and oversight roles.

Network relationships – Registered firms will be required to report a more detailed description of any network arrangement to which a registered firm is subject. That includes describing the network’s structure, the registered entity’s access to resources such as audit methodologies and training, and whether the firm shares information with the network regarding its audits (including whether the firm is subject to inspection by the network).

Special reporting – For annually inspected firms, the amendments include a new confidential special reporting requirement for events material to a firm’s organization, operations, liquidity or financial resources, such that they affect the provision of audit services.

Cybersecurity – On Form 3, confidentially, registered firms will be required to promptly report significant cybersecurity events to the PCAOB. On Form 2, registered firms will also be required to periodically and publicly report a brief description of any policies and procedures to identify and manage cybersecurity risks.

Updated description of QC policies and procedures – A new form will require any firm that registered with the Board prior to the date that the PCAOB’s new quality control (QC) standard becomes effective (December 15, 2025) to submit an updated statement of the firm’s quality control policies and procedures pursuant to the QC standard.

After the original proposal in April on firm reporting, the PCAOB received input that caused it to modify the requirements to focus on specific disclosures that should be most useful to PCAOB staff, investors, audit committees and others. Among other changes made since these amendments were first proposed, the PCAOB:

• Streamlined fee disclosure requirements;
• Eliminated the proposed requirement that financial statements conform to an applicable financial reporting framework (such as U.S. generally accepted accounting principles) and instead prescribed certain minimum financial statement reporting requirements;
• Streamlined requirements related to firm governance and network arrangements;
• Maintained the Form 3 reporting timeframe of 30 days for existing special reporting items to ease potential burden – particularly for smaller firms – while still requiring more timely reporting of events of sufficient significance and urgency (such as cybersecurity); and,
• Modified the material event reporting requirement to better focus on information relevant to a firm’s audit practice – and limited the material event reporting requirement to firms that are annually inspected.

The amendments are subject to approval by the Securities and Exchange Commission. If they’re approved by the SEC, they will become effective in stages. The PCAOB is encouraging firms and others to carefully review the “effective date” sections in both adopting release documents to understand the various phases. The PCAOB intends to issue resources to assist firms with implementation of these requirements.

The Internal Revenue Service said Thursday it would begin accepting electronically filed tax returns that contain dependents who have already been claimed on another taxpayer’s return, as long as the taxpayer on the second return has an Identification Protection Personal Identification Number.

The move would help prevent tax refund delays next tax season, while still protecting taxpayers from identity theft. This change will especially help filers who claim tax credits such as the Earned Income Tax Credit and Child Tax Credit.

Starting in the 2025 filing season, the IRS said it would begin accepting accept Forms 1040, 1040-NR and 1040-SS even if a dependent has already been claimed on a previously filed return as long as the primary taxpayer on the second return includes a valid IP PIN. This change in policy will decrease the amount of time for the IRS to receive the tax return and accelerate the issuance of tax refunds for those with duplicate dependent returns. Up until now, the second tax return had to be filed by paper. 

Andrew Harrer/Bloomberg

The IRS is encouraging taxpayers who plan to file early in 2025 to sign up for an IP PIN before Nov. 23, 2024. After that date, the IP PIN system will be offline for annual maintenance until early January 2025. 

Using an IP PIN enables taxpayers to protect themselves against identity theft. With the latest changes, the IP PIN will also help protect taxpayers when someone fraudulently claims a taxpayer’s dependent. 

Signing up now ensures taxpayers are ready to file electronically at the start of the 2025 tax season with an additional safeguard against identity theft and helps avoid issues involving dependents being claimed on multiple tax returns. 

While the IP PIN system will be down for scheduled maintenance later this month, the IRS reminded taxpayers they can still sign up for an IRS Online Account, which is the first step to get an IP PIN. The account also enables taxpayers to securely access their tax return and account information from previous years, including information from their W-2 and 1099 forms. The IRS has been periodically adding new digital tools and features to the Online Account as part of its transformation work. 

The IRS will continue to reject e-filed returns claiming dependents who appear on a previously filed tax return unless a valid IP PIN is provided. 

When a dependent has already been claimed on another tax return, the IP PIN provides an important new option. The taxpayer listed first on an e-filed tax return claiming dependents can provide their current year IP PIN when they file. If they do, the return will still be accepted. The spouse (if married filing jointly) and the dependents on the tax return don’t need to provide an IP PIN if they don’t have one. 

Taxpayers who don’t have IP PINs will have their e-filed returns rejected if one of their dependents has already been claimed by another taxpayer. However, if the taxpayer gets an IP PIN and e-files again with the IP PIN entered on the return, the IRS will accept the return as long as there are no other issues with it. Taxpayers will also still have the option to paper file returns with duplicate claims for dependents. 

An IP PIN will be required when claiming duplicate dependents or children on Forms 1040, 1040-NR and 1040-SS. It will also be required on Forms 2441, 8863 and Schedule EIC that are attached to Tax Type Form 1040. 

Tax returns claiming duplicate dependents for prior years (tax years 2023 and 2022) still need to be filed by mail if the dependents have been claimed on another return.

The Treasury Inspector General for Tax Administration issued a report Thursday on the Internal Revenue Service’s response to the Oct. 7, 2023 attack on Israel by Hamas.

The report noted that after the attack, the Treasury Department and the IRS issued a notice granting tax relief to individuals and businesses affected by the terrorist attack. The IRS also posted a news release detailing taxpayer eligibility requirements that qualify for the postponement of various tax return filing and payment deadlines. The information was available less than a week after the attack. This relief was in effect from Oct. 7, 2023, through Oct. 7, 2024. 

TIGTA found the IRS proactively identified and marked the tax accounts of the taxpayers who were likely to be affected by the attack. IRS management identified and proactively added freeze codes to 185,707 individual and 22,110 business tax accounts. The IRS also made available some of its well-established disaster relief processes for use by individuals and businesses who are affected by the terrorist attack to self-identify for tax relief.

Alexi J. Rosenfeld/Photographer: Alexi J. Rosenfeld

“When the IRS does not accurately identify all affected taxpayers, these taxpayers may receive tax deficiency notices, which may place unnecessary stress and obligation on taxpayers already impacted by the trauma of experiencing the Israel terrorist attack,” said the report. 

However, unlike the IRS’s process of sending notifications directly to individuals and businesses that qualify for tax relief due to a federally declared disaster, the IRS did not send similar notices to taxpayers whom the IRS identified as qualifying for relief resulting from the terrorist attack, TIGTA found. As a result, individuals and businesses who probably qualified for the specific tax relief made available by the Treasury in response to the terrorist attack were not directly notified.

IRS officials pointed out that they elected to communicate the availability of the tax relief the day it was announced via the posting of the information on the IRS newsroom website, where media and other audiences go to for information. However, TIGTA noted that the IRS failed to include information regarding this relief on the website it uses to disseminate international press releases. 

TIGTA’s evaluation also found the IRS initially missed adding freeze codes to 2,176 individual and 1,306 business tax accounts that met the IRS’s criteria for relief. In addition, TIGTA identified 10,550 individual tax accounts where the IRS incorrectly added a freeze code based on the foreign country code on accounts for taxpayers who resided in the State of Israel, Gaza, or the West Bank when in fact the taxpayers had an U.S. address as their address of record. Finally, TIGTA identified another 413 individual taxpayers whom the IRS also incorrectly added a freeze code on their tax accounts when their international address was outside the covered area of the State of Israel, Gaza or the West Bank. 

TIGTA made three recommendations to the IRS, saying the IRS should: input the freeze code on all eligible individual tax accounts, remove the freeze code from all ineligible tax accounts, and ensure that IRS systems properly update the foreign country codes used by taxpayers to change their address. The IRS agreed with the recommendation to input the freeze code on all eligible individual tax accounts, but disagreed with the recommendation to remove the freeze code from ineligible tax accounts and the recommendation to ensure that IRS systems properly update the foreign country codes used by taxpayers to change their address. 

The IRS noted in response to the report that the foreign country code is necessary to accurately process and post tax returns filed by nonresident aliens.

“This relief effort represents two significant ‘firsts’ for the IRS disaster program — the first time the IRS provided relief based on a terroristic action (and not based on a federally declared natural disaster), and the first time the IRS implemented disaster relief internationally,” wrote Lia Colbert, commissioner of the IRS’s Small Business/Self-Employed Division, in response to the report.