I am very pleased to be here in Tokyo and to be part of examining the evolving responsibilities of “gatekeepers” in the United States and Japan. It is particularly an honor to appear before such a distinguished group of Columbia alumni. It is a little daunting to be one of the few lawyers admitted to the room today without having first passed through the Columbia Law School.[*]
Although many other important topics were added, the Sarbanes-Oxley Act started out as a bill to create a new oversight framework for auditors. In many ways, the most concrete differences between the pre- and post-Sarbanes-Oxley environments in the United States stem from the changes in the relationship between companies, their auditors, and their audit committees that have resulted from the Act. I want to make some comments about those changes and about the role of the Public Company Accounting Oversight Board.
Before I begin, I must give you a warning: The views I express are solely my own, and not necessarily those of the Board, its other members, or the staff of the Public Company Accounting Oversight Board.
First, I think it is worth observing that auditors are the original gatekeepers. In the U.S., an auditor’s opinion is a necessary condition to selling securities to the public and to having those securities trade in the public markets. There are ways to get along without an underwriter or a lawyer or an analyst following. But not without an auditor’s opinion.
Unlike other gatekeepers, it has always been recognized, at least in theory if not always in practice, that the auditor has important obligations to the investing public that may require him or her to act contrary to the interests of the client. Many of the audit failures that lead to the enactment of the Sarbanes-Oxley Act can be viewed as the result of auditors losing sight of those obligations to the public and defining their role as selling services, rather than controlling the gate through which companies can access the securities markets. Fundamentally, the Sarbanes-Oxley Act seeks to refocus auditor on their obligations to public shareholders.
Much has been written and spoken about the loss of public confidence in financial reporting during the late 1990s and early 2000s in the auditor’s performance of this gatekeeper role. Let me list three factors that, in my view, contributed significantly to the erosion of trust in auditing:
In the Sarbanes-Oxley Act Congress, sought to restore confidence in the auditor’s opinion and to reinvigorate the auditor’s gatekeeper role. I would point to four key aspects of the law.
I want to say a few words about the responsibilities of the Public Company Accounting Oversight Board and about the Board’s progress.
The Sarbanes-Oxley Act says that the Board’s mission is to oversee the auditors of public companies, protect the interests of investors, and further the public interest in the preparation of informative, accurate, and independent audit reports. While the Board was established by a federal law and is overseen by the Securities and Exchange Commission, a federal agency, the members and staff of the Board are not government employees. Instead, the Board is a Congressionally chartered, private, not-for-profit corporation.
Congress gave the Board four primary responsibilities -- registration, inspection, investigation, and standard-setting.
Every accounting firm, U.S.-based or foreign, that issues an audit report with respect to an SEC-reporting company, or that substantially participates in such an audit, must be registered with the Board. About 1,500 firms have registered with the Board. Roughly 900 are U.S. firms and the remaining 600 or so are foreign--including nine Japanese firms.
Once a firm is registered, the Sarbanes-Oxley Act requires the Board to inspect it periodically. For firms that audit more than 100 public companies, inspections must occur annually. For the other firms that have at least one SEC client, inspections must take place at least once every three years.
Many of the specific auditing problems the Board identifies will be dealt with through comments in inspection reports. However, inevitably, situations will arise from inspections or otherwise in which merely requiring better performance in the future is inadequate. Therefore, the Board also has an investigation and enforcement program.
The Board has the authority to impose fines and to order changes in how a firm practices. In more serious cases, we can suspend or bar firms or individual accountants from being involved in public company auditing. As long as we believe that an auditing firm is acting in good faith and is capable of and willing to conduct audits in accordance with the PCAOB’s standards, we will generally use our authority to make non-public inspection recommendations, rather than our authority to bring disciplinary actions. For firms that seem unwilling or unable to follow the rules, we will take the harsher enforcement approach. We recently brought our first enforcement case, and several other matters are under investigation.
Auditing Standards. Finally, Congress charged the Public Company Accounting Oversight Board with establishing auditing and other professional standards (such as quality control and ethics) to govern public company audits. We have the unique advantage of being able both to set the standards by which audits are conducted and to conduct inspections to see how those standards are being applied in practice. So far, we have issued new standards in important areas such as audit documentation and internal control auditing and have adopted new rules governing independence and tax services.
Finally, I want to briefly consider how the auditing environment in the U.S. today has changed, post-Sarbanes-Oxley. Four things stand out.
The profession is beginning to again view auditing as its core business -- not merely an adjunct to consulting. Many non-audit services have been prohibited. For those that remain legal, audit committee pre-approval is required, and audit committees are more reluctant to let their auditors perform significant non-audit services.
The inspection process is the key to the Board’s impact on auditing. The knowledge that, in the case of any particular audit, PCAOB inspectors who are themselves experienced auditors but who are not “peers” may review the work-papers and form their own judgment on how well the audit was conducted has had a significant effect on how auditors do their work. While there is a place for enforcement proceedings and a place for liability to private parties who are injured by bad auditing, in my view, a well-thought-out inspection is more likely to improve the day-to-day quality of auditing than are those other, blunter tools.
Our inspections and published figures show that the major firms have “fired” some clients, particular those that are riskier. Firms also have developed more sophisticated tools for assessing client risk and using those assessments to tailor how they audit.
Greater auditor sensitivity to risk is a good thing. However, it does have some perverse consequences. Some public companies -- particularly smaller ones -- are finding it harder to engage or retain a Big 4 audit firm. Also, in some cases, clients accuse their auditors of “over-auditing” as a result of the new environment and the knowledge that the Board may be looking over the auditor’s shoulder.
The audits of internal control have added an important new dimension to the auditor’s work. The auditor is required to have a more complete understanding of the strengths and weaknesses of the client’s financial reporting systems. Audit committees are also being forced to learn more about those systems in order to assess significant deficiencies that the auditor reports to them.
However, nothing good is free, and internal control auditing has come at a price. There is a lot of dispute about the costs of these reviews and how much of those costs were first-year costs and how much will be continuing. However, this added expense of being a public company also raises issues regarding the impact on small companies and on capital formation. The Board is committed to making sure that Section 404 is implemented in a way that balances costs and benefits, but it may take some time to fully achieve that goal.
What will the ultimate impact on auditors of Sarbanes-Oxley be? It is certainly too early to tell. The profession is in many ways stronger today than it was three years ago. However, in order to fully understand and evaluate the impact of Sarbanes-Oxley on auditors, we need to wait until Section 404 audits are fully integrated with financial statement audits; until PCAOB inspections are so routine that the fact of oversight is second-nature to auditors; until the Act is no longer new, but part of the day-to-day fabric of corporate life. And, we have to see how the system performs in the next bubble.
One thing is clear however: Our markets are critically dependent on reliable financial information. Therefore, the auditor’s gatekeeper role is too important for us not to get right.
Thank you. I would be happy to answer questions.
[*] The views expressed herein are solely those of the author and are not necessarily those of the Public Company Accounting Oversight Board or any of its other members or staff.