Good morning. I would like to welcome you to the PCAOB Forum on Auditing in the Small Business Environment.
Since late 2004, the PCAOB has held forums like this one in ten cities across the United States. This session in Fort Lauderdale is the second of eight we plan to hold this year. Today’s program is aimed at directors and CFOs of smaller public companies. Yesterday, we held a similar meeting for smaller auditing firms.
The purpose of these forums is to inform the small business community about the Board’s work, and to open an avenue for discussion and dialogue. These sessions give us the opportunity to provide a broad group of smaller firms and their clients with insight into the Board’s inspections process and its standards-setting agenda. In the course of the prior forums, Board members and staff have met with more than 1,000 representatives of companies and accounting firms.
While we hope to give you some useful information about our work, these events are not intended as a one-way street. Your comments assist us in understanding how our work affects smaller companies. We also encourage you to ask questions. In that context, I want to note, however, that the views that my colleagues and I express today are our own, and not necessarily those of the Board’s other members or staff. Much of what we say will be based on official Board statements. But, when we venture into expressing opinions, we are speaking only for ourselves.
II. The Work of the PCAOB and its Impact on Companies.
Some of you may be wondering why a regulator of auditors invited public company directors and CFOs to a day-long session to discuss the PCAOB’s work. Of course, we have no jurisdiction over officers and directors. Nevertheless, it seems to me that our work should be important to you.
The potential impact of Board inspections of auditors on their public company clients is a good illustration. By creating the PCAOB, the Sarbanes-Oxley Act launched a new system of auditor oversight. SOX requires the Board to inspect accounting firms that audit public companies and to issue a report at the end of each inspection. There are important intersections between the PCAOB’s inspection program and the responsibilities of CFOs and audit committees.
For example, in some cases, Board inspections raise questions about company financial reporting. Inevitably, the review of how an auditor performed an audit is also a review of the client’s financial statements. CFOs may therefore find that they are faced with accounting issues as a result of questions raised by the Board’s staff with the company’s auditor during an inspection. At least 20 issuers filed restatements because of GAAP issues identified in the Board’s 2003 inspections.
Board inspections may also affect audit committees --
- First, as part of reviewing audit engagements, the Board examines auditor/audit committee relationships and may, in the case of listed companies, ask to interview the audit committee chair. Inspectors are not trying to assess the audit committee but instead the auditor/audit committee relationship.
- And, even if a company’s engagement is not reviewed, the Board’s inspection findings concerning its auditor should be of interest to the audit committee. Audit committees may want to ask the auditor, among other things--
1) What did the PCAOB conclude about the auditing firm’s quality controls?
2) Did any of the quality control defects the Board identified affect our audit?
3) What is the auditing firm doing to remedy those problems?
Board quality control criticisms are, by statute, included in the non-public part of the inspection report. Some audit committees ask to see that part of the report, others do not. The important part is to find out what it says and to use the findings as a basis for discussion with the auditor.
III. The PCAOB and Small Business.
You will hear more during the rest of the program about the relationship between the PCAOB’s work and smaller public companies. I want to use the balance of my time to touch on some of the ways in which the Board seeks to take into account the unique circumstances of smaller firms and companies.
Two defining characteristics of the accounting profession that serves public companies in the United States are its size and its concentration. There are over 1,600 firms registered with the Board. That is a far higher number than we originally anticipated, and it reflects the breadth of the public company auditing practice in this country. However, in terms of concentration, a very high percentage of the total public company market capitalization is audited by only a handful of firms. In fact, a 2004 GAO report found that just four firms audit nearly 99 percent of the revenues of all SEC registered companies.
Something similar is true of reporting companies. The SEC Advisory Committee on Smaller Public Companies found that the smallest 50 percent of public companies together account for only 1 percent of total U.S. securities market capitalization. The next largest 30 percent of all public companies account for only an additional 5 percent of total market capitalization. At the other end of the spectrum, the largest 20 percent of public companies comprise 94 percent of total market capitalization.
This profile of the auditing profession and the public company community poses some significant issues for the Board. We need to make sure that our regulatory activities take into account the differences between large and small auditing firms and their clients and that they do not use a one-size-fits all approach in those areas where it is not appropriate. These are not easy goals to achieve, but they are goals that we try to keep in mind as we approach our responsibilities.
These small business forums are one step in that direction. I would also like to mention three other things that may be of interest to this audience --
- Board efforts to tailor our inspections program to the size and nature of accounting firm.
- Board efforts to solicit input from smaller public companies and smaller accounting firms in our standards-setting process; and
- Board participation in the work of the SEC’s Advisory Committee on Smaller Public Companies.
A. Tailoring the PCAOB’s Inspection Program to Smaller Firms
Let me turn first to the problem of tailoring the inspection to the firm.
The Board holds both small and large firms to the same standards, as we believe Congress has required. That having been said, we also try to customize each firm’s inspection to take into account a firm’s size, complexity and nature of risk. As a result, there are many aspects of a small firm inspection that are quite different from the large firm inspections.
Our efforts to tailor the inspection to the firm have led to the concept of the “PCAOB-based” inspection. Under this approach, in some cases the Board’s inspection staff dispenses with field work altogether and conducts the inspection by reviewing work papers and other documents furnished by the firm at the Board’s offices. While not appropriate in every case, where they make sense, PCAOB-based inspections save time and money for both the Board and the inspected firm. We will look for other ways to make the process efficient for small companies.
B. Input in the Standards-Setting Process
I want to turn next to another challenge: making sure that we understand the viewpoint of small firms and small issuers when we set auditing standards or make new rules.
The standards-setting process is a good example. As many of you are probably aware, the Board has formed a group to advise it on auditing standard issues. We call this body the Standing Advisory Group, or “the SAG.” The SAG is composed of 31 highly qualified members representing the auditing profession, public companies, investors, and others.
We have sought to make sure that the SAG has strong small firm and small business representation. Currently, the membership includes two small auditing firm partners and the CEO of a smaller public company, along with representatives of the larger firms and some Fortune 500 companies.
There are of course only a limited number of SAG seats, so in order to make sure we hear all perspectives, the SAG meetings don’t just consist of discussion among the SAG members. We have also included on the SAG agenda panel presentations by representatives from smaller companies and smaller accounting firms. These panels have addressed a wide variety of issues, ranging from internal control auditing to the practical problems of second partner review. They provide the SAG with input it would not otherwise hear.
As we have certainly learned in the area of internal control auditing, auditing standards affect not just auditors, but also their clients. I encourage you to participate in the PCAOB’s standards-setting public comment process. While it obviously isn’t possible for every firm or every company to be represented on the SAG, it is possible for anyone who wishes to do so to participate in the standards-setting process via the public comment process.
C. SEC Advisory Committee on Smaller Public Companies
Finally, I want to touch on what is probably the most ambitious effort underway in Washington today to address the problems of smaller businesses: the SEC Advisory Committee on Smaller Public Companies. That group’s recommendations, while in some cases controversial, would, if adopted by the SEC, have far-reaching effects on smaller public companies and their accounting firms. I would like to mention some of those recommendations that may be especially relevant to this audience.
First, some background: The SEC established the Advisory Committee in March 2005 to assess the current regulatory system for smaller companies under the securities laws, including the impact of the Sarbanes-Oxley Act. The Committee held a series of hearings, and on February 21 voted to publish a draft report for public comment. I have served as an official observer to the Committee and, in particular, as an observer to the work of its subcommittee on internal control reporting.
The Advisory Committee’s draft report will contain recommendations in many areas. I want to highlight a few of its suggestions in one area -- internal control reporting under Section 404 of Sarbanes-Oxley.
As I am sure most of you are aware, Section 404 of SOX requires the SEC to adopt rules that provide for all public company managements to annually assess, and publicly report on, the effectiveness of the company’s internal control over financial reporting. Section 404 also requires all public companies to file with the Commission a report from their auditor on management’s assessment. Other parts of SOX require the auditor to express an opinion directly on the controls. These requirements took effect last year for the largest 50 percent or so of companies. SEC has delayed implementation for smaller companies, the non-accelerated filers, until mid-2007.
The Committee is recommending a broad series of exemptions that would prevent many companies that are not yet subject to this requirement from ever having to assess their controls and report on them. The Committee is also urging that some smaller accelerated filers, companies that are already subject to Section 404, be relieved of the auditor reporting requirements. More specifically, the Committee proposes that --
- Unless a framework for assessing the internal controls of micro-cap companies is developed that recognizes the special characteristics and needs of those companies, they should be exempt from Section 404. Micro-cap companies are those with market caps below $128 million. In order to use this exemption, these companies would have to meet certain corporate governance requirements, such as an independent audit committee, and could not have annual revenue over $125 million.
- Similarly, unless an internal control assessment framework is developed, companies with market capitalizations below $787 million would be exempt from the part of Section 404 that requires auditor reporting on controls. Company management would still have to assess and report on their controls, but there would be no auditor involvement.
These exemptions would affect over 70 percent of all public companies. The Committee recognizes that the Commission may not be prepared to go that far. As a fall-back recommendation, it proposes that, for small and micro-cap companies, auditors should only be required to opine on the design and implementation of controls, not on their operating effectiveness.
As I mentioned, the Committee will solicit public comment on its proposals. The exemption recommendations have already come under attack from some investor advocates, and it is by no means clear what the final outcome of the debate concerning the application of Section 404 to smaller companies will be. If you have views on the recommendations, you should share your thoughts with the Committee.
We will be having a discussion of internal control reporting after lunch today. In my view, it would be prudent for smaller companies not to assume that internal control reporting will never affect them. Whatever happens with the Advisory Committee’s proposals, I think that the SEC and Board will continue to search for ways to make sure that internal control reporting is efficient and workable for both large and small companies.
Along those lines, the PCAOB and SEC will be holding a roundtable on May 10 to discuss second-year experiences with the reporting requirements of SOX Section 404. This will be another opportunity to let the regulators know your views. Both the SEC and PCAOB are seeking written feedback in advance of the roundtable on auditor and issuer views and experiences with Section 404 compliance.
In conclusion, the Board has sought to shape its programs in a way that takes into account the diverse business community that is affected by our work. We have also sought to make sure that our decision-making is informed by the perspective of both large and small firms and companies.
This forum is part of those efforts. We hope you will find it useful, but we are also counting on learning from you. Your input helps us better reflect the unique characteristics of your companies in the way we do our job.