Today's proposal to expand the content of the auditor's report and to issue a new auditing standard governing "other information" in annual reports is an important step in a long journey toward improving the usefulness of the audit report.
We are only at the proposal stage, and I see today's action as a starting point for more discussion. In many respects, these proposals have attributes of a second concept release. We will carefully review written comments. We plan to hold a roundtable to seek additional feedback. It is possible, if not likely, that we will have a re-proposal before we adopt any final standards in these areas. Thus, while I support the need for the proposals to start that discussion, I do have questions about certain aspects of the proposals.
Let me begin with a few words about the auditor's report. Arriving at today's proposal took a lot of time and effort. The staff and Board considered a wide range of options, starting with the four alternatives discussed in the 2011 concept release and including a variety of other potential approaches including those proposed by regulators and standard setters in other parts of the world. I believe that the result — requiring disclosure in the auditor's report of more information about the audit but leaving to management the disclosures related to the financial statements — has the potential to achieve our goal of balancing the desire of investors for more information while not having the auditor overstep into the realm of management responsibility or investment analysis.
The proposed expansion of the auditor's report to include critical audit matters, where applicable, is a first attempt to be responsive to investor demands for more information from auditors. The discussion of critical audit matters will not, however, be a silver bullet that will help avoid or predict future economic crises. As defined, critical audit matters are those matters addressed during the audit that (1) involved the most difficult, subjective or complex auditor judgments; (2) posed the most difficulty to the auditor in obtaining sufficient appropriate evidence; or (3) posed the most difficulty to the auditor in forming the opinion on the financial statements. Thus, they are a window into the audit, intended to provide more information about the difficulty faced by auditors in connection with providing assurance on certain important and complex aspects of the company's financial statements or internal controls. I think of it as telling investors what kept the auditor up at night.
It is important to understand that the proposed standard does not require reporting of all information known by the auditor in which investors may have an interest. There are risks and uncertainties inherent in the financial reporting process that may not be discussed as critical audit matters because the application of the accounting rules is clear, there are limited estimates required, and the audit process is relatively standard. For example, revenue is the most important number in the financial statement to investors. But revenue recognition for some businesses (like a restaurant) is very straightforward and may not be identified as a critical audit matter. Likewise, there may be critical audit matters reported that bear little on investment decisions.
Overall, I believe that the proposed enhanced reporting will add context to the mix of information available to investors for consideration in their investment decisions. In order to ensure that our proposal accomplishes this objective most effectively and without adverse consequences, I would like to highlight a few specific aspects of the proposal, and raise several questions that I believe merit particular attention by commenters.
First, one potential concern I have with the reporting of critical audit matters is that the discussion in the auditor's report of these matters could result in the disclosure by the auditor of information that specifically was exempted from disclosure by other applicable rules and regulations. By way of example, the determination that a deficiency in internal controls is a significant deficiency rather than a material weakness may have been a critical audit matter. Under applicable securities laws and SEC regulations, depending on the circumstances, a company may not have to disclose a significant deficiency, but the critical audit matter discussion in the audit report may cause that information to be disclosed. Similar nonrequired disclosures could result in connection with going concern considerations. The current standards expressly require the use of the phrase "substantial doubt about the entity's ability to continue as a going concern" whenever the auditor has reached that conclusion. The current standards also prohibit conditional language like "if the company continues to suffer losses, there may be substantial doubt about its ability to continue as a going concern." Is a critical audit matter that discusses considerations like "possible losses" therefore inconsistent with current standards? Will this result in confusion? Are there any unintended adverse consequences associated with this possibility? If so, what, if anything, should the Board do to address this concern?
I also question whether it is appropriate for the Board to require disclosure in the audit report of the auditor's tenure with the particular client. We explained in the release that in developing the proposed requirement, the Board has not reached a conclusion regarding the relationship between audit quality and auditor tenure and that the Board's inspection process has not been designed to determine a relationship between audit quality and auditor tenure. Thus, we do not have, at this point, any data indicating that audit tenure has any correlation with audit quality. The mere fact that the Board requires a disclosure about auditor tenure, however, might suggest that the Board believes the information to be meaningful. Do commenters share this concern? Would inclusion of this information cause readers of the audit report to draw unwarranted inferences? Given that information about auditor changes is publicly available for many companies on the SEC's EDGAR database going back for almost twenty years, should the Board nevertheless require this information to be included in the auditor's report as a matter of transparency and in the interest of more disclosure?
Finally, a note in the proposed auditor reporting standard (par. 7) suggests that in most cases, auditors will report critical audit matters. This provision is intended to convey the Board's belief that most audits involve consideration of complicated and difficult issues and the expectation that auditors report those issues in the audit report. I generally agree with that belief and expectation, but we have not conducted research to support this point. Are there audits of smaller, less complex companies that routinely do not involve any complex issues or judgments and present no difficulty gathering audit evidence? Would inclusion of the note, as written, cause auditors to believe that they must come up with a critical audit matter for every audit report, no matter how straightforward the audit? What would be the potential adverse consequences of that result?
Finally, let me say a few words about the proposed documentation requirement in the standard. As drafted, auditors must document their determination of critical audit matters. This includes not merely a requirement to document why particular issues were determined to be critical audit matters, but also why other areas that "would appear to meet the definition of a critical audit matter" ultimately were not included in the auditor's report. In the release, we explain that this documentation requirement is not intended to be overly burdensome. We do not expect auditors to reference every single matter included in the engagement completion document or communicated to the audit committee and explain why such matters do not constitute critical audit matters for purposes of the proposed standard. Rather, the expectation is that the auditor address those audit issues that a reasonable experienced auditor would believe to be critical audit matters and document why a determination was made that they are not. I would be interested in hearing from commenters whether this requirement is sufficiently clear, whether it is practical, and whether the Board should consider alternative or supplemental language in the standard.
Standard on "Other information"
Let me turn for a few minutes to the "other information" standard.
As a general matter, I support the need for clarity about the auditor responsibility for other information included in annual reports. I support today's proposal as a step in that direction, but I believe that we could benefit from input on a few specific issues in order to further refine the approach.
As members of the Office of the Chief Auditor already explained, the proposed standard is limited in scope. As drafted, the proposed standard would require auditors to perform procedures on certain types of information that is outside the financial statements but that is included or incorporated by reference in annual reports filed under the Securities Exchange Act of 1934. The requirements would not apply to the following:
- Other information included in filings made exclusively under the Securities Act of 1933, which includes registration statements; and
- Other information in documents, such as so-called "glossy" annual reports or other documents that are distributed by companies to shareholders but not filed with the Securities and Exchange Commission.
The actual procedures by the auditor also would be limited. The proposed standard does expand the auditor's responsibilities from "read" and "consider" as required under current AU sec. 550, to "evaluate" whether the other information contains (1) a material inconsistency with amounts or information, or the manner of its presentation, in the audited financial statements and/or (2) a material misstatement of fact. The auditor's responsibilities are limited, however, to basing this evaluation on relevant audit evidence obtained, and conclusions reached during the audit. In other words, if the auditor, through the performance of the financial statement audit or audit of internal controls, did not gather information or evidence against which to evaluate the consistency or truthfulness of the "other information," the auditor need not go further. In practice, this means that there may be "other information" in the relevant documents that is important to investors but that the auditor will not evaluate. Examples may include operational statistics provided by the company in order to explain the success (or lack thereof) of its business, such as number of new customers; key improvements in product features; measures about environmental matters and sustainability; status of regulatory approvals for new products in the pipeline (e.g. new drugs); registered users (of a website), number of patents held or new patents granted, and the like. In many cases, audit work papers do not include data relating to such disclosures, and the auditor may have no way to evaluate that information.
Combined, do these limitations on the "other information" standard increase — rather than decrease — the expectation gap between auditors and investors? Will investors understand the limited universe of information and documents to which the proposed standard would apply? Will investors understand what the auditor actually did with respect to the "other information?" Will they understand that the auditor is unlikely to have information or audit evidence to substantiate some of the numbers reflected in the "other information?" Are there any changes the Board should consider making to the proposed standard to eliminate this potential expectation gap?
Likewise, the concept of the auditor "evaluating" the other information may have the potential to cause some confusion. The auditor's work to "evaluate" the information will not constitute what is normally understood to be an "audit," nor is it the same as a "review." What level of assurance, then, does the auditor provide by conducting these procedures? Will this, too, increase the expectation gap with investors?
Finally, I believe that many audit teams, particularly at the largest firms that audit the vast majority of U.S. market capitalization of issuers, may already perform many of the procedures proposed to be required in the "other information" standard. If true, this may imply that new audit costs arising out of the proposed standard would be minimal. It also suggests, however, that investors in companies audited by these largest audit firms should not expect a change in the current level of assurance being provided in connection with "other information" included in annual reports filed under the Exchange Act. I would be interested to hear from firms, large and small, to what extent the "other information" proposal will affect their current audit process. Do firms already largely satisfy the proposed requirements to evaluate other information? What are the incremental changes that you believe will be required, and, conversely, what additional benefit, if any, should investors expect if the proposed standard goes into effect?
I am encouraged that the PCAOB is devoting more time and attention to the economic impact of our standards and rulemaking. We have hired an economist to assist our Chief Auditor and have plans to hire more. Our economists in our Office or Research and Analysis have devoted substantial time to the economic impact of these proposals. We recognize that we need to further develop our models for evaluation and formalize a consistent methodology and guidance. These proposals contain discussions of economic theories and academic studies. It is all a good start. However, we need to hear from investors, preparers, auditors and others through the comment process about whether the potential economic benefits of the proposals discussed are realistic. We also need comments about the nature and extent of potential costs of the proposals, as well as unintended consequences.
In closing, I would like to ask for help from investors, auditors, audit committee members and other potential commenters. I would like to encourage a dialog among audit firms, management, audit committees and investors to discuss our proposals and to foster better understanding among everyone about potential benefits and costs. As some of my fellow Board members have pointed out, the proposed changes to the audit report represent a dramatic shift for the auditing profession. It is important that the Board consider all relevant viewpoints and that we obtain the best feedback possible in order to help us refine our approach going forward.
I would particularly like to encourage auditors to work with their client's audit committees and management to perform some voluntary mini "field tests," where the engagement partner, the engagement quality reviewer, management and the audit committee each independently consider what issues may constitute critical audit matters under the proposed standard. Provide feedback in your comment letters about this experience, including whether there was consistency with regard to the critical audit matters identified. Also, I would be interested in hearing from auditors who have attempted to draft the necessary discussion of critical audit matters for particular engagements. Perhaps share the language with your client's management and audit committee and ask them to provide feedback to the Board. Let us know the degree of effort and/or difficulty you encountered in doing this exercise. Share your drafts with us if you can. Perhaps even share them with investors to obtain their views on the usefulness of the information.
Finally, I would like to join my fellow Board members in thanking the staff in the Chief Auditor's Office and the Office of General Counsel, the Office of Research and Analysis and anyone else who lent a hand on the project. As usual, you received a lot of input — not always consistent — from PCAOB Board members and staff. This project presented some novel and difficult but very important issues, and I appreciate the diligence with which you considered and addressed them. I know that many of you worked long hours into the night to get us to this point today, and I look forward to seeing all of you after you take some well-deserved vacations. I would also like to thank our colleagues at the Securities and Exchange Commission, who, as usual, provided food for thought and insightful comments.