This speech reviews the current “state of the union” of the Public Company Accounting Oversight Board. Topics discussed include the nature of the Board and ways in which it differs from other regulators; the status of the Board’s registration program; and the development of the enforcement program. The speech also contains an overview of the inspection process, including the steps the Board takes when possible errors in client financial statements are identified and the focus on auditor/audit committee communications.
In the area of standard-setting, the speech states that the three top priorities are:
- The relationship between auditor independence and tax services. It is likely that, in the relatively near future, the Board will propose new rules concerning auditor tax services for public company audit clients.
- The auditor’s obligations to communicate information to the audit committee. A new standard might require an auditor to discuss with the committee the overall quality of the financial statements.
- The scope of the auditor’s obligation to look for fraud. Financial statement users expect the audit to provide assurance that management has not intentionally manipulated the financial statements.
With respect to internal control audits, the speech states that, while the auditor has important new responsibilities, three basic things have not changed:
- The auditor must still exercise professional j udgment. Auditing Standard No. 2 is not a checklist for how to audit internal
- Free and open auditor-management communications concerning financial reporting and internal control issues are still permissible. Although management can’t treat the auditor as part of its controls by relying on it to catch errors, Auditing Standard No. 2 is not intended to erect a “wall of silence” between auditors and
- Clear and informative public disclosure is still the over-riding goal of auditing, including the new internal control audits. In order to avoid unwarranted stock price gyrations, it will be important to clearly explain to investors the significance of any material weakness and the company’s plan to correct the problem.
The "State of the Union" of the PCAOB
In reviewing the program for this conference, I was somewhat perplexed to see that the title of this session is “The State of the Union of the PCAOB.” I am not completely sure what the organizers intended by this. “State of the union” conjures up images of more pomp and formality than I intend. However, I will try to live up to my billing. Like the President in his annual message, let me begin by reciting some of the specifics that illustrate our current state:
- The SEC appointed the founding Board members almost exactly two years ago -- on October 25, 2002 . So, we have just passed our second anniversary.
- We opened the doors for business at our headquarters in Washington on January 6, 2003 . Since then, we have grown from a start-up to an organization of over 250 people with seven offices around the country.
- The Board’s electronic registration system for accounting firms went live in July, 2003 and received its first application a few days later. We now have 1,388 registered firms from roughly 75 countries.
- In 2003, we conducted our first four inspections of the Big Four firms. This year, we hope to conduct at least 100 inspections. Next year, that number will probably climb to at least 200.
- We have adopted interim auditing standards and three new permanent auditing standards. We are putting together an ambitious standard-setting agenda for 2005, which will be publicly discussed with the Board’s Standing Advisory Group tomorrow.
In short, during the past two years we have laid the foundation for accomplishing the Board’s mission of rebuilding public confidence in auditing and audited financial reporting. I want to describe the state of the PCAOB by briefly reviewing what the Board has done so far and some of the things we have left to do.
Before I begin, I should note that the views I express are my own, and not necessarily those of the Board’s other members or staff.
I. Board Basics
Let me start with the basics.
The Board was created in the wake of a series of financial reporting failures that shook investor confidence to the core. Beginning with the scandal at Enron in late 2001, revelations of accounting frauds and accompanying astronomical investor losses seemed to appear in the headlines on a daily basis. The list included widely-known corporations such as Adelphia, Rite Aid, and Tyco, and reached a crescendo with WorldCom, which filed the largest bankruptcy in U.S. history.
In late July, 2002, Congress responded to the public outrage these debacles had spawned by passing -- almost unanimously in both the House and the Senate -- the Sarbanes-Oxley Act. The Board’s mission is, according to the Act, to oversee the auditors of public companies, to protect the interests of investors, and to further the public interest in the preparation of informative, accurate, and independent audit reports.
The Board is a rather unique creation.
We operate under Securities and Exchange Commission oversight. But, while the Board was established by a federal law, its members and staff are not government employees. Instead, the Board is a private, not-for-profit corporation, chartered by the Congress -- like the Boy Scouts.
In some ways, our regulatory powers are similar to those of the stock exchanges and the NASD. However, unlike those bodies, we are not a self-regulatory organization, since the accountants we regulate are not our members.
Although the Board performs a public function and regulates a profession, it is not funded by either the taxpayers or by the firms it oversees. Instead, the Board is supported by assessments levied against the public companies that issue audited financial statements, based on their market capitalization.
To accomplish the job of rebuilding investor confidence in financial reporting, Congress gave the Board four primary responsibilities: Registration of public accounting firms that audit “issuers;” inspections of registered public accounting firms; investigations and enforcement; and the setting of auditing, quality control, ethics, and independence standards for the auditors of public companies. I want to touch briefly on each area.
II. Registration of Public Accounting Firms
Registration with the Board is now a precondition to auditing a public company.
Registration has proven extremely popular. As I mentioned earlier, as of yesterday, 1,389 firms had registered with the Board; 880 are U.S. firms and the remaining 509 are foreign.
Our next task in this area will be to develop reporting requirements for registered firms so that the Board (and the public) are kept up-to-date regarding developments at registered firms. Eventually, registration applications and firm annual reports -- minus confidential or proprietary information -- will be available on the Board’s public Web site.
We don’t intend to create a burdensome annual paperwork exercise. Instead, we intend to tailor our reporting requirements to the information necessary to support the Board’s inspection function and to provide the public -- including the audit committees that are charged with hiring and firing firms -- with some basic information about accounting firms that has not previously been easily accessible.
Once a firm is registered, the law requires the Board to inspect it.
Inspections are the Board’s main tool for assuring that auditors are doing their job properly and that the public can have confidence in audited financial reporting. Inspections are also the vehicle by which the Board will, when necessary, apply pressure to improve a firm’s audit practice.
A. The Inspection Process
In crafting the inspection program, we have focused on the aspects of firm culture that drive audit quality. Some of the things that our inspectors look at include --
- The philosophy and commitment to quality that firm management seeks to infuse in the organization,
- How partners are compensated and promoted, and whether those decisions incentivize the highest caliber of professional practice,
- How firms that have national and international networks assure uniform audit quality and worldwide compliance with applicable U.S. standards,
- How the firm assesses the risk associated with clients and potential clients and how these decisions affect client acceptance and retention, and,
- How the firm assures that it maintains its independence and the impact on independence of non-audit services.
Board inspections also look at the way a firm performed specific audit engagements. This year, for the largest firms, we are reviewing up to five percent of public company engagements. The engagement selection criteria are largely risk-based, and, as we learn from our inspections, we intend to continually refine the selection process.
Engagement reviews involve examining audit work-papers and interviewing the auditors who did the work. However, in addition to focusing on audit procedures, a Board inspection looks at how the auditor made its calls on the application of accounting principles in client financial statements. Inevitably, a review of the auditor’s performance also entails a review of the client’s accounting. Following our first round of inspections of the Big Four last year, our inspection process resulted in at least 20 public companies filing restatements due to GAAP issues in the financials.
When our inspectors conclude that the financial statements of an inspected firm’s client may not conform to GAAP, they first inform the audit firm. This affords the auditor an opportunity to review the issue and to discuss it with our inspection team. If there is still a disagreement regarding the accuracy of the financials, the firm has, of course, a professional obligation to inform the public company. The Board does not have authority over public companies, and the auditor and its client must determine whether the issues the Board has raised require a restatement or other action. In appropriate cases, the Board will, however, inform the SEC of its views. The Commission, not the Board, has ultimate authority for determining a company’s compliance with GAAP.
As part of reviewing an audit engagement, the Board also looks at the auditor/ audit committee relationship. That includes interviewing audit committee chairs. These interviews are usually conducted by telephone. The Board can’t compel an audit committee member to speak with the inspection staff, but none of the audit committee chairs contacted so far have refused. We are not trying to assess the audit committee. Instead, these interviews aim to learn what the committee expects of the auditor and how it evaluates the auditor’s performance. In addition, the inspectors are interested in hearing about auditor communications with the committee.
B. Inspection Reports
At the conclusion of an inspection, the Board issues a report.
Each report has a public and a non-public portion. The public portion describes in detail the Board’s inspection procedures and includes a general discussion of the results. The Sarbanes-Oxley Act prohibits the Board from disclosing criticisms of a firm’s quality controls, unless the firm fails to correct deficiencies within 12 months. Therefore, the nonpublic portion of the report addresses these kinds of quality control issues.
Board inspection reports are not intended as “report cards” by which firms can be compared to one another. However, audit committees may want to ask their auditor what the PCAOB concluded about the firm’s quality controls, how any quality control defects the Board identified might affect their audit, and what the firm is doing to remedy those problems.
C. The 2003 Limited Procedure Inspections
Although the regular inspection cycle began this year, we launched our inspection program in 2003 with “limited procedure” inspections of the Big Four firms. On August 26, 2004 , the Board issued inspection reports describing the results of the 2003 Big Four inspections. While the reports indicate that there is room for improvement in the audit quality and professionalism of the Big Four firms, the Board has stated that the reports are not a broad condemnation of the Big Four Firm’s audit practices. On the contrary, all four are clearly capable of high quality audit work.
The Board’s third area of responsibility is enforcement.
Many of the specific auditing problems the Board identifies will be dealt with through comments in inspection reports. However, inevitably, situations will arise from inspections or otherwise in which merely requiring better performance in the future is inadequate. Therefore, the Board is also building an investigation and enforcement program. When necessary, we will not hesitate to use our enforcement powers. The Board has the power to conduct investigations and to seek disciplinary sanctions, which can include fines, and suspensions and bars from auditing public companies.
The Board’s enforcement staff has several matters on its agenda already. While there is nothing in this field that I can talk publicly about today, I suspect that, at future conferences like this one, Board enforcement cases will be a major topic of discussion.
V. Auditing Standards
Let me turn to the Board’s fourth responsibility. Congress charged the PCAOB with establishing auditing and other professional standards (such as quality control and ethics) to govern public company audits. The Board can also issue independence rules to implement the Act’s prohibition against certain non-audit services.
Setting professional standards requires knowledge and expertise beyond what the Board members themselves bring to the task. We have taken several steps to make sure that we have access to the kind of expertise necessary to do this complex job and to be nimble in responding to emerging issues.
We have recruited a staff of highly qualified accountants from academia, professional practice, and government.
In addition, the Board has appointed an advisory group to ensure that we have access to all of the perspectives that are affected by new auditing standards. This body, which we call the Standing Advisory Group or SAG, is comprised of 30 members, including practicing auditors, financial statement preparers, and investors. It meets publicly with the Board several times a year.
Moreover, through the Board’s inspection program and its enforcement activities, we will gain real-time insights on trends and risks in auditing. That knowledge will also be brought to bear when we formulate new professional standards.
A. Standard-Setting So Far
During the past year, we have taken some important steps in the area of standard setting.
First, we adopted interim auditing standards. In effect, the Board adopted generally accepted auditing standards as they existed in April, 2003 as standards of the Board. At the same time, the Board announced that it would review all of the interim standards and would determine, standard by standard, whether they should be modified, repealed, or made permanent. This will, of course, be a long-term project.
Second, the Board has adopted new auditing standards addressing three fundamental issues.
- PCAOB Auditing Standard No. 1 changes the wording of the auditor’s opinion. Instead of the familiar statement in the opinion that the audit was conducted in accordance with generally accepted auditing standards, current audit opinions filed with the SEC now must say that the review was conducted in accordance with the standards of the PCAOB.
- PCAOB Auditing Standard No. 2 addresses the auditor’s review of internal control over financial reporting. Section 404 of the Sarbanes-Oxley Act requires management reporting on the effectiveness of internal controls and requires auditor reporting on management’s conclusions. Auditing Standard No. 2 fulfills the Board’s obligation to develop a standard to govern how auditors perform that Congressionally-mandated new task.
- PCAOB Auditing Standard No. 3 deals with audit documentation. It requires the audit work papers to contain enough information so that an experienced auditor, having no previous connection with the engagement, can understand the work performed, who performed it and when, and the basis for the conclusions reached. Adequate audit documentation is an important support for our inspection program.
B. What’s Next with Respect to Standard-Setting?
Board standard-setting is just getting started. While we have a long agenda, three areas are at the top of the list.
- First, the Board is looking at the relationship between independence and tax services. We held a public roundtable on this issue last summer. Some issues that were discussed include the marketing of tax-driven strategies to audit clients, tax work for company executives, and auditor involvement in transactions the IRS has listed or of which it requires reporting. As the discussion at the roundtable indicated, independence remains a primary concern of the users of audited financial statements -- the investing public, including large institutional investors. For that reason, the Board regards this area as a high priority. It is likely that, in the relatively near future, we will propose new rules concerning auditor tax services for public company clients.
- Second, the Board may codify in a new professional standard all of the auditor’s obligations to communicate information to the audit committee. SOX expanded these responsibilities, and it seems useful to have a single standard that deals with auditor/audit committee communications. In addition to merely collecting and updating the existing requirements, a new standard might require an auditor to discuss with the committee the overall quality of the financial statements. That type of presentation would provide a more in-depth understanding of the choices and judgments that went into the company’s reporting.
- The Board is also considering clarifying the auditor’s obligation to look for fraud. Existing standards in this area have been strengthened during the past several years. However, they can still be read to limit the auditor’s duty to address the possibility of management fraud. In contrast, investors have told us that, from the perspective of financial statement users, assurance that management has not intentionally manipulated the financial statements should be a primary purpose of the audit.
C. The Impact of Section 404 Internal Control Reviews
Before I conclude, I want to say a few more words about the implementation of Congress’s mandate for internal control reporting. Management and auditor reporting on internal control effectiveness will have profound and far-reaching impacts on both companies and auditors.
Section 404 reporting marks a sea-change in the way that auditors review controls. Previously, auditors reviewed internal control, but as part of planning the financial statement audit and deciding the extent to which they could rely on controls. Now, the review will be from a different perspective -- to determine whether the system of internal control is effective in providing reasonable assurance that financial reporting is accurate and in accordance with GAAP. In effect, there will be two audits at once -- one of internal control effectiveness and one of the financial statements.
While much could be said about the changes in the auditor’s role that will result from internal control reporting, perhaps it is more important to emphasize three things that will not change.
- First, in one fundamental sense, internal control audits will be no different from traditional financial statement audits: Both require the auditor to exercise professional j udgment. Auditing Standard No. 2 -- while it is lengthy and complex -- is not a checklist on how to audit internal control. In this regard, Chairman McDonough recently observed that the Sarbanes-Oxley Act “in no way limits the auditor's ability -- indeed, responsibility -- to use judgment to plan an audit that is appropriate to the circumstances.”
- Second, contrary to what some have suggested, Auditing Standard No. 2 is not intended to erect a wall of silence between auditors and clients. Auditors have long advised public companies on accounting issues and on internal control matters; Auditing Standard No. 2 does not preclude that kind of advice and discussion. Of course, management needs to perform its own control evaluation; it can’t delegate that responsibility to the auditor or treat the auditor as part of the controls by relying on it to catch errors. Conversely the auditor needs to reach his or her own independent judgments, and not negotiate judgments with management. But, within these limits, auditor-management free and open communications concerning financial reporting and internal control issues are still permissible. Good judgment and common sense should resolve most issues.
- Third, just as it has been under the securities laws for 70 years, clear and informative public disclosure is still the over-riding goal of auditing. Opinions vary widely concerning how many material weaknesses will be uncovered in the first year of public reporting, and the market impact of these reports is difficult to predict. In order to avoid unwarranted stock price gyrations, it will be important to clearly explain the significance of any material weakness and the company’s plan to correct the problem. For all of us -- as company officials, accountants, regulators, analysts, and investors -- who have an interest in the transparency and efficiency of the securities markets, it is critical to make sure that disclosures concerning material weaknesses are understandable and complete so that the markets will not over- or under- react.
The costs and benefits of internal control reporting responsibilities are controversial. I believe that, once we get through the initial round of reviews and control enhancements -- which may take several years -- the benefits in terms of more reliable financial reporting, as measured by fewer restatements and SEC financial reporting enforcement actions, will be clear. The Board is committed to monitoring costs, especially the impact on small issuers, and to making mid-course corrections if necessary.
In conclusion, I believe that the Board has made tremendous progress during the last two years in turning the blueprint that Congress gave us for a new model of auditor oversight into a reality. While we still have a long way to go, at age two the state of the PCAOB is excellent.
The real question, however, is not the state of our organization -- it is the state of the public’s confidence in auditing and financial reporting. Without the investing public’s confidence, our securities markets -- the envy of the world and the engine of our national prosperity -- would cease to operate. Overcoming the public skepticism about financial reporting that has grown up over the last several years is a goal which should be as important -- actually, more important -- to those of you in this room as it is to those of us at the Board. I hope that each of you will take an interest in our work and feel that you have a stake in our success.
I would be happy to answer any questions.
* The views expressed herein are solely those of the author and are not necessarily those of the Public Company Accounting Oversight Board or any of its other members or staff.