Skip Ribbon Commands
Skip to main content
Stay Connected: Twitter Facebook Flickr RSS E-Mail

 Keynote Address: Which Way Next? Future Thinking at the PCAOB

DATE Oct. 4, 2011
SPEAKER(S): James R. Doty, Chairman
EVENT: NACD Board Leadership Conference 2011
LOCATION: Washington, DC

Thank you for inviting me to speak to this illustrious group. It is an honor and a pleasure to be here. As directors of public companies, you perform a crucial service to the investing public. That you are here at this conference demonstrates your commitment to leadership in corporate governance, by staying current on emerging challenges and best practices to address them.

As a securities lawyer, like many of you, I have observed first hand the many challenges boards face. Risks can arise from both internal and external sources. They can be both financial and operational. They threaten not only individual companies, but as we were reminded quite recently in the most recent financial crisis, they can affect our financial system as a whole.

As directors of America's public companies, you are on the front lines. You set the tone, and inculcate the culture, and that makes all the difference. A strong culture can deter fraud and mismanagement of assets. A weak culture allows it to grow. Our financial system already puts a heavy burden on you. But with so much of our population depending on corporate investment for their retirement and other savings, never before has your time, energy and character been more needed.

The Sarbanes-Oxley Act changed oversight of public company auditing in two fundamental respects. The Act created the PCAOB to regulate auditors. It also amended the Securities Exchange Act of 1934 to change the relationship of auditors to the managers of public companies. Responsibility for the appointment, compensation, and oversight of any listed public company's auditor transferred to an audit committee comprised of independent directors.

Both the role of the PCAOB, in carrying out its regulatory responsibilities, and the role of audit committees, in carrying out their engagement oversight, are critical to protecting the interests of investors.[1] We share a common obsession: what are the threats to shareholder interests and how can we thwart them? The Act does not, however, specify any mechanism through which our roles intersect.

I believe the PCAOB's work can help independent directors and their audit committees. In a moment, I will explain why. Let me start, though, by bringing you up-to-date on the PCAOB's current initiatives. And as I begin, I must say that the ideas I express are my own and should not be attributed to the PCAOB as a whole or any other members or staff.

I.  Multi-national Audit Risks

If you are in the audience today, it is likely because you sit on the board of a U.S. company. Likely, that company has operations or customers, or otherwise does business, abroad. Your audit will, therefore, inevitably have an international component.

In the case of many of the largest companies, half or more of the audit may be performed abroad. In most such cases, that means the principal audit firm, whose name appears on the audit report, uses other, local firms to conduct the foreign portion of the audit.

Those firms that regularly perform or participate in U.S. audits must be inspected at least every three years. We have conducted more than 290 inspections of such non-U.S. firms in 35 jurisdictions to date.

Based on those inspections, the PCAOB knows the challenges of managing a multi-national audit are great.

It is important for you to know that, through this process, our inspectors have identified considerable room for improvement. This should be a concern for audit committees. Fraud thrives in shadows. Some auditors, perhaps under pressure to reduce fees, have offered a "reduced footprint" as a selling point to audit committees.

That might offer an easy way to reduce audit costs. But in the context of the global audit, the reduced footprint can prove disastrous. Audit committees should think long and hard before agreeing in advance to reductions in audit scope or procedures to save cost. Much less should audit committees be inviting or even pushing for that.

Instead, I encourage you to ask auditors tough questions, to ensure that you understand and find sufficient their plan to ferret out accounting or internal control weaknesses that may exist in operations abroad.

In my experience, the best audit committees — the audit committees that are able to resolve problems effectively — send auditors the message that they are keen to know what may be wrong, in order to respond early. They champion the audit, and challenge claims by management or others that an audit "foot print" is too intrusive or too expensive. They question, and they don't accept formulaic answers from either auditors or management.

If you sit on the board of a company that requires a multi-national audit, find out how the auditor intends to supervise the various components. Principal auditors typically send instructions to correspondent auditors, who report back to the principal auditor with a summary audit package.

Ask how the principal auditor intends to ascertain whether the non-U.S. auditors performing the required procedures complied with applicable PCAOB audit standards. Does the correspondent firm or firms have the requisite knowledge of US GAAP and PCAOB standards?

How does the auditor ensure that the audit report will not be based on flawed work by a correspondent auditor? How will the auditor ensure that correspondent auditors are independent, both in fact and appearance?

Has the principal auditor participated in face-to-face reviews of correspondent auditors' work? Is the auditor relying on the network to perform such reviews? If so, is the auditor sufficiently informed about the results of such reviews to make an appropriate judgment about the reliability of the other auditor's work?

What prior experience does the principal auditor have with the audit teams performing the procedures at the other locations? You may ask the principal auditor if the Board has issued an inspection report about the audit firm performing the procedures and whether the principal auditor is familiar with those published criticisms?

If the correspondent auditor is in a jurisdiction where the business culture discourages questioning figures of authority, how will the auditor ensure the correspondent auditor maintains appropriate skepticism? If the business culture is known to foster fraud and corruption, what additional steps will the auditor take to ensure himself that the correspondent auditor's procedures are sufficient to provide the necessary assurance that the financial statements are free of material misstatement or fraud?

Yesterday, the PCAOB staff issued an Audit Practice Alert that provided auditors guidance on a number of audit questions related to risks in certain emerging markets.[2] The alert is good reading for corporate directors as well.

The alert focuses on the risk of misstatement due to fraud that an auditor might encounter in an audit of a company with operations in certain emerging markets. The alert is based on observations from PCAOB inspections and other oversight activities, as well as other situations that have come to light in recent corporate filings with the SEC and SEC orders suspending trading in certain emerging market companies. It highlights conditions that indicate heightened fraud risk, such as fraud in bank confirmations, including through forgery or collusion.

The audit practice alert is a virtual "bill of particulars" indicating where auditors are supposed to look for risk in emerging markets. If you are a director of a multi-national company, or otherwise involved in international business, I encourage you to read it.

It will not have escaped your attention that numerous emerging-market issuers have recently had their auditors resign. In warning of risks in emerging markets (or from related party transactions, wherever found), the PCAOB Audit Practice Alert and standards intend to guide the auditor; but they can also inform the audit committee of what the auditor is supposed to know about.

This leads me to another risk that affects the PCAOB and investors, as well as directors. As has been widely reported, the PCAOB remains unable to inspect registered firms that perform or participate in U.S. audits but reside in China or some parts of Europe.

I remain hopeful that we will be able to resolve concerns raised by authorities in these countries. This is not to say that we haven't made progress: we are recently back in the U.K.; we have begun inspections in Switzerland; and we will soon begin inspections in Norway.

While encouraged by the face-to-face meetings that recently were held in Beijing between the Chinese authorities and a joint delegation from the SEC and PCAOB, the PCAOB cannot sit back and wait indefinitely. If we are not able to reach an agreement that will give the PCAOB access to firms in China that have registered with us, we will have to consider using the tools we have at our disposal, and which the Congress gave us for this purpose, to protect investors. Moreover, the PCAOB is investigating audits where allegations of fraud have surfaced, and we are working closely with the SEC on those matters.

II.  The PCAOB's Policy Agenda to Enhance the Relevance, Credibility and Transparency of Audits

Let me turn now to the PCAOB's policy initiatives. The financial crisis has precipitated serious questions about (i) the relevance and value of audits, (ii) the relationship of the auditor to the audit client, and (iii) the role of various participants in the audit. The PCAOB has invited debate on several concepts intended, together, to enhance the relevance and credibility of audits, and to provide the public a better understanding of auditors' work through enhanced transparency.

These projects are founded on the principle that audit regulation should foster conduct and a culture consistent with the franchise that the securities regulatory regime accords the audit profession.

A.  The Auditor's Reporting Model

First, the PCAOB has initiated a broad debate on the form and content of the standard auditor's report. In June, the PCAOB released a concept release on potential changes to the auditor's reporting model.

We issued this paper to seek broad public input on whether the auditor's report could better serve investor needs. Given the effort involved in an audit of a large company, and the complexity of many financial statements, investors have called for deeper insight from the auditor.

The concept release described four, broad alternatives and invited discussion. To summarize:

  • Auditor's Discussion and Analysis could provide a narrative of the auditor's views on significant matters relating to the audit or the financial statements;
  • Required and expanded use of emphasis paragraphs could highlight significant areas and identify where those are disclosed in the financial statements;
  • Auditor assurance on information outside the financial statements could include an auditor expressing an opinion on Management's Discussion and Analysis or earnings releases; and
  • Clarification of the language in the standard report could enhance users' understanding about what an audit is, and what an auditor's responsibility is, such as clarifying what "reasonable assurance" means.

We have received more than 130 comment letters to date, including a thoughtful comment letter from the NACD last week. In addition, in September we held a public roundtable to foster further discussion among 32 experienced individuals, including several corporate directors.

We will be analyzing the comments we have received for some time. This is a major project, and the PCAOB will not rush the process.

One point I have emphasized throughout is that, if we make changes, they will be focused on enhancing the relevance of the auditor's communication to investors. They may require auditors to communicate more, or different, things, such as the auditor's assessment of management's estimate and judgment or of significant unusual transactions, accounting changes or restatements. They might require the auditor to discuss the quality of a company's accounting practices and policies.

From the PCAOB's recent roundtable, one takes away an emerging, broader view shared by the profession and stakeholders that the audit report can and should change. As a reference point, there are shared views that the pass-fail opinion should be retained. Differences develop over whether auditor communications should include non-financial statement information, how to assure consistency and yet avoid boilerplate, whether broader auditor communication will chill the nuances of auditor-audit committee communication, and (conversely) why if auditors are now required to form judgments about accounting practices and policies, the stakeholders cannot have that knowledge.

The NACD's own thoughtful comment letter echoes the comments of others that more association of the auditor with earnings releases would be useful, while acknowledging there are devils in the details.

Such new communications might, or might not, require new audit procedures. But they would not change the fundamental role of the auditor to perform an audit and attest to management's assertions as embodied in management's financial statements. And in no event would they put the auditor in the position of creating and reporting financial information for management.

B.  Auditor Independence

The PCAOB is also focused on auditor independence. Our inspectors have conducted annual inspections of the largest U.S. audit firms for eight years. They have reviewed more than 2,800 engagements of such firms and discovered and analyzed hundreds of cases involving what they determined to be audit failures.[3]

Every now and then, inspectors can trace an audit failure to a competence issue, such as in the design of the audit methodology or in its execution. But on the whole, these firms are highly competent. And yet the failures continue to occur, in spite of firms' remediation efforts. I am left with the inescapable question whether the root of the problem is auditor skepticism, coming to ground in the bedrock of independence. The loss of independence destroys skepticism.

Inspections by other audit regulators have also given rise to concerns about auditor skepticism, as reported by the U.K.'s Audit Inspection Unit, the Dutch AFM, the Australian Securities and Investments Commission, the Canadian Public Accountability Board, the Swiss Federal Audit Oversight Authority and the German Auditor Oversight Commission.[4] Based on such concerns, the European Commission is also reportedly considering reforms to enhance auditor independence. I understand a draft of proposals from the EC is expected in November.

In August, the PCAOB issued a concept release to seek public comment on how to enhance auditor independence, including whether audit firms should be subject to term limits.

Under existing U.S. rules, all but the smallest audit firms are required to rotate engagement and quality review partners. This requirement dates back to the profession's self-imposed quality control requirements. But it was imposed by law as part of the Sarbanes-Oxley Act's independence reforms. My understanding is that it is now widely accepted globally as a best practice.

Partner rotation allows a firm to become aware of a partner's decisions in the audit. But a new partner will likely feel the need to live with those decisions and agreements; he may have little motivation to reopen them. What is lost is the true "fresh pair of eyes."

I recognize that audit firm rotation presents considerable operational challenges. I am interested in hearing about them in specific terms.

I am also aware of concerns that audits may be worse when the auditor is new. There has been research on mandatory firm rotation: the problem is that much of the work suggesting a greater incidence of failure in the early years of rotation has limited relevance because the samples are companies that voluntarily change auditors.

Consider this: audit firms invest considerable resources in pitching new clients. And in the early years of an engagement, they may even take in less in fees than it costs them to do the audit. Why? Because they hope to make up these costs and more in a long stream of future fees.

That future stream of fees may be cut off if the company is displeased. And the auditor may perceive that displeasing management on a substantive accounting or auditing issue — one of those so-called "close calls" — may increase the risk of losing those future fees.

If the audit firm were seeking a finite engagement, say ten years, would they feel the same incentives? Would audits be more objective, in early years and all years, if the auditor knew within the reasonably foreseeable future another firm would take over the audit?

Audit committees have an important role to play in protecting auditors from these subtle, and powerful, influences. I have no doubt that there would be more audit failures but for the rigorous involvement of many diligent audit committees. But why are there still such a great number of audit failures, even with the counter-incentives presented by audit committee intervention?

You have a unique window onto the field in which auditors work. The PCAOB needs to hear from you, not just about the challenges associated with changing the model, but also about how we can best design changes that will reduce the failures.

We have a long comment period, extending to December 14. We will then hold a public roundtable to further discuss the subject in March of 2012.

C.  Audit Transparency

Next, I expect the Board to consider a proposal relating to audit transparency, in the form of enhanced disclosure about the participants in audits, including disclosure about the partner in charge of the audit as well as other firms involved in the audit.

In July 2009, the Board issued a concept release seeking comment on whether the Board should require engagement partners to sign audit reports. The Board received thoughtful comment letters. Fair arguments were made both for and against the concept. The next step will reflect due consideration of those arguments and articulate a compromise approach that would retain the substance of the benefits discussed while addressing legitimate concerns.

In addition, given the concerns I described earlier about coordination among correspondent auditors in multi-national audits, the proposal will include disclosure to enhance transparency about the participants in cross-border audits.

Look for this soon. We will again be seeking broad public comment.

III.  How the PCAOB's Work Can Help Audit Committees Improve Auditor Oversight

Let me finally turn back to the question I started with: how can the PCAOB's work help audit committees? The PCAOB plans soon to issue guidance on this topic, but I will give you a preview today. Specifically, I'd like to talk about how audit committees may make effective use of inspection results to improve the quality of the audits of their companies' financial statements.

The Sarbanes-Oxley Act limits what the PCAOB may disclose to an audit committee about its auditor and even about its audit. Apart from the public portion of an inspection report, the only potential source of information about a firm's inspection, for an audit committee or the investing public, is the inspected firm: The Act's confidentiality provisions do not restrict an inspected firm from disclosing nonpublic inspection information.[5]

When PCAOB inspectors identify significant audit deficiencies, they describe their concerns in detail to the auditor. If the auditor disagrees, the auditor has ample opportunity to demonstrate to the inspection team any oversight or error in the inspection team's analysis or its understanding of the facts. The inspection team's conclusions are reviewed by PCAOB staff at multiple levels, in light of input the auditor provides, including any response to a draft of the inspection report.

Description in the public portion of the inspection report of failure to obtain sufficient evidence to support the firm's opinion[6] means that the inspection staff has determined that the firm failed to fulfill its fundamental responsibility in the audit: the firm failed to obtain reasonable assurance about whether the financial statements are free of material misstatement.[7]

Firms' approaches to characterizing these inspection results can sometimes distort them, intentionally or unintentionally. For example, one common claim is that a cited audit deficiency is based on nothing more than the auditor's failure to adequately document work that the auditor in fact performed. A firm may also argue that the cited audit deficiency reflects merely a difference of professional judgment, between the inspection staff and the auditor, within a range of reasonable professional judgments.

Audit committees should probe such assertions. In the case of every failure cited in the public portion of an inspection report, the inspection staff have considered and rejected any contention that the procedures were performed but just not documented.[8] Similarly, in the case of every failure cited in the public portion of a report, the inspection staff has considered and rejected any suggestion that a reasonable judgment could be made that the omitted procedures were not necessary.

An auditor is, of course, always free to explain to an audit committee the auditor's position that the necessary procedures were performed but just not documented, or that in the auditor's judgment the procedures were unnecessary. It would be another matter, however, for an auditor to suggest to an audit committee that such a view is essentially shared by the inspection staff. Audit committees should understand that any such suggestion would be incorrect: a comment in the public part of an inspection report means that the inspection staff has concluded that the matter involves neither a mere documentation failure[9] nor an acceptable alternative professional judgment.

How the audit committee addresses these issues affects the tone of the audit. An audit committee that accepts such arguments may inadvertently signal to the audit firm and audit team that the audit committee is not concerned with quality. An audit committee that, on the other hand, expresses explicit concern for how the auditor has resolved noted deficiencies tells the auditor that quality matters.

*    *    *

Thank you for your interest in the PCAOB. I've described several significant challenges that will require talented and committed boards to help solve. Insights you can give the PCAOB from the board room should be an important part of the total mix of the PCAOB's decision-making. I look forward to further engagement with corporate directors on the PCAOB's policy initiatives and other work.



[1] The legislative history of the Sarbanes-Oxley Act notes both that the creation of the PCAOB was "to provide for more effective oversight of the part of the nation’s accounting industry that audits public companies," and that the Act’s "approach to audit committees will help avoid future auditing breakdowns." S. Rep. No. 2673, 107th Cong., 2d Sess. (June 26, 2002) at 4, 23.

[2] See Staff Audit Practice Alert No. 8, Audit Risks in Certain Emerging Markets (October 3, 2011).

[3] An audit failure—that is, a failure to obtain reasonable assurance about whether the financial statements are free of material misstatement—does not mean that the financial statements are, in fact, materially misstated. When an issue is described in the public portion of an inspection report as an instance of the firm having failed to obtain sufficient evidence to support its opinion, that means that the inspection staff has determined that, because of a concretely identifiable error or omission, the firm failed to perform an audit that provides reasonable assurance about whether the financial statements are free of material misstatement. In other words, the inspection staff has determined that the audit failed.

[4] See U.K. Audit Inspection Unit, 2009/10 Annual Report 4 (July 21, 2010) (stating that "[f]irms sometimes approach the audit of highly judgmental balances by seeking to obtain evidence that corroborates rather than challenges the judgments made by their clients" and that "[a]uditors should exercise greater professional scepticism particularly when reviewing management’s judgments relating to fair values and the impairment of goodwill and other intangibles and future cash flows relevant to the consideration of going concern"); AFM, Report on General Findings Regarding Audit Quality and Quality Control Monitoring 13-14 (Sept. 1, 2010); Australian Securities & Investment Commission, Audit Inspection Program Public Report for 2009-2010 (June 29, 2011); CPAB, Enhancing Audit Quality: Report on the 2010 Inspections of the Quality of Audits Conducted by Public Accounting Firms 3 (April 2011); Auditor Oversight Commission (German), Report on the Results of the Inspections According to § 62b WPO for the Years 2007-2010 (April 6, 2011); Federal Oversight Authority (Switzerland), Activity Report 2010.

[5] See Statement Concerning the Issuance of Inspection Reports, PCAOB Release No. 104-2004-001 (August 26, 2004) at 4 n.9. The Board has acknowledged that some firms may be wary of voluntarily disclosing nonpublic inspection information for fear of waiving any privilege that Section 105(b)(5)(A) of the Act might afford them against compelled disclosure in a different context (such as a private civil lawsuit). Whether Section 105(b)(5)(A) affords a firm any such privilege, and whether a firm’s voluntary disclosure of inspection information to an audit committee would result in a waiver of any such privilege, are questions for the courts to resolve. An auditor and audit committee sensitive to the risk of waiver, however, can likely still find ways to communicate about matters that might bear on the audit or on the company’s financial statements without necessarily disclosing information specifically about the inspection, as discussed further below, at the end of Part I of this release.

[6] As explained in each inspection report, PCAOB inspections are designed to identify and focus on weaknesses and deficiencies, and the reports are not intended to serve as balanced public report cards or overall rating tools. The Board counsels caution about attempting to judge the relative merits of firms solely from a comparison of the public portions of inspection reports. The information provided in public portions of the reports, though, does have a specific meaning that should be properly understood.

[7] The Board has no authority to prescribe the form or content of a public company’s financial statements. That authority, and related authority concerning public companies, rests with the Commission. Any description in a PCAOB inspection report of perceived misstatements reflects the inspection staff’s view that there was, at the time of the audit, a misstatement that the auditor failed to detect and appropriately address, but should not be understood as an indication that the Commission has made any determination concerning the financial reporting in question. In some cases involving unusual accounting or financial reporting issues, however, the inspection staff’s conclusions may be informed by consultation with Commission staff.

[8] A similar point was recently addressed in the annual report of the Audit Inspection Unit ("AIU") of the Professional Oversight Board, which is part of the United Kingdom's Financial Reporting Council. The report noted that comments received by the AIU from audit committee chairs indicated that they "sometimes had difficulty in assessing the significance" of AIU inspection issues communicated to the audit committee by the firm. The AIU observed that "[t]his difficulty could be caused by firms characterizing some of the AIU's findings as relating to the sufficiency of documentation rather than the underlying audit evidence and judgments and therefore of less significance," and the AIU noted that it "disagrees with this characterization of its findings." Audit Inspection Unit Annual Report 2010/11 (July 19, 2011) at 9, available at http://www.frc.org.uk/pob/audit/.

[9] Deficiencies are sometimes described in reports in terms of the absence of any evidence in the audit documentation, or any persuasive other evidence, that the firm had performed certain procedures. As a matter of practice, the Board employs that formulation when a firm claims — however improbably — that it performed the procedures in question. But that formulation should not be understood as describing a mere documentation deficiency, and an audit committee should not be swayed by a firm's assertion that that formulation indicates that the inspection criticism is only a documentation criticism. In each case, the criticism reflects the inspection staff's conclusion that the firm failed to perform the procedure.

 

Related Information