The proposal before the Board today would provide investors and other users of audit opinions with new information concerning who participated in the audit. However, under the banner of transparency, the proposal combines two different ideas — disclosure of the name of the engagement partner, and disclosure of the firms and individuals (in addition to the firm issuing the audit report) that participated in the audit. The reasons for each type of disclosure are different, as are the policy decisions that the Board will have to make if it decides to adopt either or both ideas. I believe there is a strong case for disclosure of participating firms. As to engagement partner disclosure, the issues are more difficult and how the Board should ultimately proceed is less clear.
I want to start with disclosure of participating firms and individuals. As the release explains, audits today frequently represent the work of multiple firms. For example, most large companies conduct operations around the world, and work on their audits is performed in many countries. Typically, the auditors in each country are separate firms, even though they may share a common name and be part of the same global network as the firm that issues the audit report. At the other end of the spectrum, we increasingly see cases in which a small U.S. accounting firm purports to audit a foreign company with most of its operations in an emerging market, such as China. The U.S. firm accomplishes this feat by contracting with an accounting firm in the company's home country to perform significant parts of the on-the-ground auditing.
Most of this is invisible to financial statement users. Disclosure of participating firms would shine a light on these relationships and give investors a better idea of whose work supports the audit report they are relying on. It would also let them determine whether particular participating firms have had PCAOB inspections and, if so, what the results were. In some countries, we are blocked from conducting inspections, including of global network firms that participate in multi-national audits. Identifying the other firms the signing auditor used would open the door to understanding which audit participants are registered with the Board, whether the PCAOB can inspect them, what any inspections found, and whether any have been the subject of disciplinary action.
The proposal to disclose the name of the engagement partner rests on a somewhat different footing. The Board's 2009 concept release on engagement partner signature raised the possibility that naming the engagement partner (such as by requiring his or her personal signature) would cause engagement partners to feel more accountable for their work and therefore improve audit quality. Improving audit quality is certainly at the core of the Board's mission, but the concept release comment record is mixed on whether naming engagement partners would actually have a positive impact on audit quality. And, some commenters argued that signing the partner's own name might signal a counter-productive shift from emphasis on firm-wide quality controls to the skill of the particular partner. In my view, the Board would need more evidence than it has now to conclude that partner identification would improve audit quality. I hope those who comment on the proposal will focus on that question.
The concept release also suggested that the engagement partner's identity is information that investors should have as a matter of transparency — particularly in light of the fact that CEOs and CFOs are required to certify the accuracy of SEC filings. Some commenters agreed, and I have sympathy with this point of view. However, I also have reservations about whether the Board is the right body to make that policy decision. Disclosure of the engagement partner's name does not provide investors with added insight into the company's financial reporting or into the risks and judgments that confronted the auditor. The partner's name may be relevant to the shareholder vote on selection of the auditor. However, the disclosure requirements of the federal securities laws, including the proxy rules, are administered by the Securities and Exchange Commission. Unless engagement partner disclosure can be directly linked to improving audit quality, or to promoting understanding of the financial statement audit or of the Board's inspection program, the issue would seem to fall in the SEC's bailiwick. I hope commenters will also address that issue.
Engagement partner identification has another important facet. As the release acknowledges, disclosure of the engagement partner's name could have an impact on his or her personal liability, if the opinion is later alleged to be incorrect. Views will undoubtedly differ on whether increased liability would be a good or a bad thing. Greater risk of personal liability could be a spur to better performance. At the same time greater risk of being named in a law suit could have effects that would increase audit cost without increasing quality and could deter some competent and careful practitioners from serving as engagement partners on challenging audits, such as those of large financial institutions.
The report of the Treasury Department's Advisory Committee on the Auditing Profession (ACAP) stated that the signature requirement should not impose greater liability on the signing partner. Similarly, however one comes out on the pros and cons of increasing partner personal liability, I do not believe that the Board should adopt this proposal without understanding, to the fullest extent possible, how it would affect liability and weighing the liability effects as part of its decision.
At the level of the federal securities laws, the partner personal liability question has two facets — liability under Securities Exchange Act Rule 10b-5 and liability under Securities Act Section 11. In an Appendix to this statement, I briefly outline some issues that are relevant to each type of liability. In both cases, the bottom line is that the SEC's views will be critical on how, if at all, partner identification would affect partner liability. I urge the Board's staff to consult the SEC staff on these issues so that, when this proposal comes before the Board for a decision on final adoption, the Board can be fully informed of the consequences it would have for partner personal liability.
* * *
As I hope my comments illustrate, this project is complex and multi-faceted. It has involved extraordinary effort and thought on the part of the staff. I want to acknowledge the contributions of Jennifer Rand, Dima Andriyenko, and Lisa Calandriello in the Office of the Chief Auditor; and of Jake Lesser and Mary Peters in the Office of the General Counsel. Thanks also, of course, to Marty Baumann, our Chief Auditor, and Gordon Seymour, the Board's General Counsel.
Pursuant to Rule 10b-5, "it is unlawful for ‘any person, directly or indirectly, . . . [t]o make any untrue statement of material fact' in connection with the purchase or sale of securities." Because there is no private right of action under Section 10(b) against those who aid and abet a securities fraud, Central Bank of Denver, N.A. v. First Interstate Bank of Denver, N.A., 511 U.S. 164, 191 (1994), to be liable in a Section 10(b) private damage action for an untrue statement, the actor must be the maker of the statement.
In June 2011, the United States Supreme Court considered what it means to "make any untrue statement of material fact" under Section 10(b) and Rule 10b-5. In Janus Capital Group, Inc. v. First Derivative Traders, 131 S.Ct. 2296 (2011), the Court held that, "[f]or purposes of Rule 10b-5, the maker of the statement is the person or entity with ultimate authority over the statement, including its content and whether and how to communicate it." 131 S.Ct. at 2302. The Court added that "in the ordinary case, attribution within a statement or implicit from surrounding circumstances is strong evidence that a statement was made by — and only by — the party to whom it is attributed." Id.
Therefore, as to Rule 10b-5, the Board's decision to propose a partner name identification requirement instead of a signature requirement may have liability ramifications. If the engagement partner does not sign the audit report, but is merely named in it, there would seem to be a basis for arguing, under Janus, that he or she was not "making" the statements in the report. To date, however, no court has considered this argument.
The application of Rule 10b-5 in private suits for damages is ultimately up to the courts (although the SEC frequently files amicus curiae briefs in such cases urging the courts to come to the result that the Commission believes best serves the interests of investor protection and sound administration of the federal securities laws). I hope that commenters will provide the Board with their views on how an engagement partner identification requirement would affect partner liability under Rule 10b-5.
Section 11 of the Securities Act of 1933 imposes liability for material misstatements or omissions in a Securities Act registration statement on "every accountant . . . who has with his consent been named as having prepared or certified any part of the registration statement, or as having prepared or certified any report or valuation which is used in connection with the registration statement, with respect to the statement . . . which purports to have been prepared or certified by him." Section 7 of the Securities Act requires issuers to file the consent of any accountant who is named as having prepared or certified any part of the registration statement or any valuation or report included in the registration statement.
Therefore, the threshold question is whether, in the context of a Securities Act registration statement, being named as the engagement partner in the audit report means that the engagement partner will be considered an "expert" and will be required to file a Section 7 consent. If so, the engagement partner will be liable for any misstatements unless he or she meets the burden of showing that he or she acted with due professional care. Section 11, in effect, presumes liability and places the burden on the defendant to show that he or she meets the statutory defense.
If the Board adopts the engagement partner identification requirement, the SEC, in its processing of registrations statements (including other filings that are incorporated into registration statements) would have to decide whether or not to require engagement partners to file Section 7 consents As noted in the body of this statement, I urge the Board's staff to consult with the SEC staff on this question so that the Board can be fully informed of the consequences the proposal would have for partner personal liability. I would also encourage commenters provide their views on the application of Sections 7 and 11 and to address following questions —