The proposal on engagement quality reviews is an important step to fulfill one of the express requirements of the Sarbanes-Oxley Act. Even more important, though, it’s a significant step in strengthening audit quality for the protection of investors. To my mind, the Act singled out engagement quality reviews as an area for improvement because such reviews provide firms a mechanism to find and correct audit problems before the audit is complete. That’s good for audit firms and for investors.
I think the proposal before us today does a good job setting forth procedures that, if done thoughtfully, will enable a firm to identify and address audit deficiencies. The proposal does not require the reviewer to re-audit the engagement team’s work. But it does draw on the reviewer’s own insights, as a person vested in the quality of the audit but also distanced from the front lines. That’s an important improvement over the existing standard.
Anyone who has followed PCAOB inspection reports over the last five years knows that we find numerous audit deficiencies. That’s good for investors, in my view, because it leads to corrections of past problems, when necessary, and minimizes the chances of similar deficiencies in the future. Of course, a thoughtful engagement quality reviewer – who after all has access to the same information we do as part of our inspections – could have found and focused the firm on these deficiencies before we inspected the firm. That would be even better for investors, because it would lead to these deficiencies being corrected before investors relied on the audit.
I am therefore very pleased that we’re able to propose this standard today. Like any proposal, though, public comment will be important to helping us finalize the standard. In this regard, there are two points I would like to highlight for potential commenters. First, in our release we ask whether we should set forth an overall objective for the engagement quality review. To my mind, the answer is yes, but it’s important that we think carefully about how to articulate that objective so as to achieve the intended result, and not unintended results. If I were to articulate that objective today, I would say that it is for an audit firm, through an engagement quality review, to identify audit deficiencies and address them before concluding the audit. But I would like to learn what commenters have to say.
Second, I hope commenters will focus on the documentation component of the proposal. As our release points out, our overall documentation standard – Auditing Standard No. 3 – would not apply to the reviewer’s work. Instead, the proposal includes stand-alone documentation requirements. In my experience, documentation of concurring reviews (as they’re known today) is weak. Without a good record of what the concurring partner did, it’s hard to tell whether, and if so how, he or she missed an audit deficiency. I’m often left to wonder whether the reviewer did a review at all, which I suspect is the problem in some cases.
What I’d like to know from commenters is whether any additional concepts in Auditing Standard No. 3 should be expressly incorporated in the proposed standard. In particular, AS 3 includes a provision on how firms can demonstrate that they performed required procedures even if they failed to adequately document them. To my mind, the demonstration process described in AS 3 applies equally to engagement quality reviews. In a similar vein, Auditing Standard No. 3 also established an “experienced reviewer” standard, to explain how documentation will be judged. Commenters should tell us whether it would be helpful to reiterate or otherwise reference these concepts in this proposal.
While I emphasize these points, I don’t want to leave the impression that I have reservations about the proposal. I think it’s a very good proposal, and I am pleased to be able to release it for public comment today.