Thank you, Gerry, for that gracious introduction. It’s a pleasure to be here this morning, and to see so many familiar faces.
It’s hard to believe, but in just one week the PCAOB will be celebrating its second birthday. The founding Board members were appointed by the SEC on October 25, 2002, and we opened our doors for business 2 and ½ months later, on January 6, 2003. I’m proud to say that we have gone from essentially a start-up with eight employees on day #1 to an organization of over 250 people.
Our Chairman, Bill McDonough, spoke to you a year ago, at this very conference, and I know that he told you that the PCAOB is a private-sector, non-profit corporation, and that we are under the oversight of the SEC. I also know that many of you have followed the PCAOB closely, and so I won’t repeat the basic facts of who and what we are. Instead, I want to give you a “report card,” so to speak, of what’s been accomplished during the past 22 months, and what still lays ahead. In doing this, I hope to focus particularly on the impact of the Board’s work on audit committee members.
Before I begin, I should note that the views I express are my own, and not necessarily those of the Board, its other members or staff.
Let me start with a brief review of the Board’s responsibilities, as Congress laid out in Title 1 of the Sarbanes-Oxley Act.
I will touch briefly on what the Board has done in each of these four areas, what is next on our agenda, and how public companies and their directors will be affected by our work.
Since October 22, 2003, it has been illegal for any U.S.-based accounting firm to issue an audit report with respect to an SEC-reporting company unless the firm is registered with the Board. Foreign firms were required to register by July 19 of 2004.
Registration is important because it forms the foundation for the Board’s authority over the profession – that is, only registered firms are required to comply with our standards, and are subject to our inspection and enforcement authority.
Over 1,300 auditing firms have registered with the Board. Roughly 850 of those are U.S. firms and the remaining 450 or so are foreign.
A list of registered firms – along with copies of Board releases, comment letters, speeches, and auditing standards – is on the Board’s Web site at www.pcaobus.org.
Once a firm is registered with us, the law requires the Board to inspect it.
Although the regular inspection cycle just began this year, we launched our inspection program in 2003 with “limited procedure” inspections of the Big Four firms. The focus of these first-year inspections was on both how the largest firms conducted selected audit engagements, and on how the firms operate as businesses.
With respect to specific audit engagements, our inspectors reviewed at least 16 engagements for each firm. These engagement reviews were in depth – they involved both review of the workpapers and interviews with the audit staff involved. Our inspection staff does not “re-audit” the financial statements, but rather focuses on specific areas it views as higher risk (either because of the issue or the personnel involved). We hope to eventually expand the scope of our reviews to roughly 10 percent of the major firms’ public company engagements.
With respect to firm operations, some of the things that our inspectors looked at included:
A couple of points may be of special interest to audit committee members, concerning our inspection process:
These interviews have focused on such matters as:
If your company’s engagement is selected for review as part of the Board’s inspection of your auditor, please don’t panic and don’t assume it means the Board thinks your audit was “risky.” Remember that it is the audit firm, not the client that is being inspected. I urge you to view this as an opportunity to gain additional insight into the job your auditor is doing.
On August 26, 2004, the Board issued inspection reports describing the results of the 2003 Big Four inspections.
Three key points for directors to bear in mind about the reports:
This year, our inspections are no longer “limited.” We are inspecting the largest 8 US firms, plus between 80 and 100 smaller firms. Our reports will not be issued en mass, as was done for 2003 reports. Rather, they will be released in groups, likely beginning near the end of the calendar year.
Congress also charged the PCAOB with establishing the auditing and other professional standards (such as quality control, ethics and independence) that govern public company audits.
During the past year, we have taken some important steps in the area of standard setting.
First, we adopted interim auditing standards. In effect, the Board adopted as our own standards, those “generally accepted auditing standards” that existed in April, 2003 as standards of the Board. At the same time, the Board announced that it would review all of the interim standards and would determine, standard by standard, whether they should be modified, repealed, or made permanent. As my colleague, Dan Goelzer, said at the time of our adoption, these interim standards should be considered to have been written in “disappearing ink.”
In addition, the Board has also adopted three new auditing standards.
Some of the areas we are considering for upcoming standard-setting projects include:
The Board is also building an investigation and enforcement program.
Let me turn once again to Auditing Standard No. 2, concerning the auditor’s review of internal control over financial reporting. I want to touch on some of the ways in which Standard No. 2 will affect directors, particularly audit committees. First, some background.
Section 404(a) of Sarbanes-Oxley requires public company managements to file a report annually with the SEC stating management’s conclusions regarding the effectiveness of the company’s internal controls over financial reporting. (Remember also that companies have been required, since the adoption of the Foreign Corrupt Practices Act in the late ‘70’s, to have effective internal controls. Section 404(a) simply now requires the company to annually assess the effectiveness of the controls, and publicly report on material weaknesses.)
Section 404(b) requires that the company also file a report of its outside auditor attesting to management’s report. The auditors must prepare their report in accordance with Auditing Standard No. 2. This marks a sea-change in the way that auditors review controls. Previously, auditors reviewed internal control, but only as part of planning the financial statement audit in order to determine the extent to which they could rely on controls in the audit. Now, the review will be from a different perspective – to determine whether the system of internal control is effective in providing reasonable assurance that financial reporting is accurate and in accordance with GAAP. In effect, there will be two audits at once – one of internal control effectiveness and one of the financial statements.
While the direct effect of the standard will be to impose requirements on public company auditors, it also has significant indirect effect on audit committees. Among other things, the standard:
Thank you for your attention. I look forward to responding to your questions.