Thank you for the opportunity to join you today. Due to the composition of the Exchequer Club membership, I would like to share with you today my perspective on prudential supervision and how the Public Company Accounting Oversight Board (PCAOB) is applying this approach with regard to our oversight of the accounting profession.
As a former banking supervisor, I have found the first six months of my term as chairman of the PCAOB to be extremely interesting – and challenging. Let me share some of the perspective I have gained in this short time. In addition to prudential supervision à la PCAOB, I would also like to address another issue that is currently on the minds of auditors, bankers and financial supervisors alike – the challenges of auditing the allowance for loan and lease loss.
Before I go further, I must note that the views I express today are my own, and not those of other Board members or staff of the PCAOB.
The fundamentals of banking supervision have evolved over time and have been fine-tuned through the tests of financial crises. Internationally, banking supervisors have defined their best practices through Basel’s core principles for banking supervision. Unlike the banking supervisors, the PCAOB is in the early stages of developing an auditor oversight model. While the PCAOB has registered audit firms and is well into its inspections program, it is still defining what it means to be a supervisor of audit firms. This is a fascinating time to be involved in the oversight of the audit profession.
While there may not be a universally held definition of the term “prudential supervision,” I use the term to mean the process of ensuring that institutions adhere to minimum standards imposed either by government regulation and policy, industry best practices, or an institution's own policies, procedures and controls. These standards seek to provide an appropriate balance between the business strategies and operations of a regulated organization and the public policies adopted for the relevant industry.
In a banking environment, prudential supervision is fundamentally geared toward ensuring a banking organization is run in a safe and sound manner (which includes the protection of depositors). In today’s environment of complex and global banking organizations, the role of the supervisor includes the analysis of the risk profile of the supervised institution and the adequacy of its risk management. Compliance with regulations and standards is an important part of this analysis. Bank supervisors protect the solvency or viability of organizations by encouraging and promoting prudent behavior by the organizations' management.
In the U.S. banking industry in recent years, FDIC insurance has been both a reason for prudential supervision and a generator of consumer regulation, such as those issued under the Community Reinvestment Act. It is instructive to remember, however, that when the Federal Deposit Insurance Act was passed, it was in response to a concern for confidence in the banking system. There is a significant parallel with accounting and Sarbanes-Oxley and a similar crisis in confidence over financial reporting – the real impact of financial reporting has grown tremendously since the early 1990s due to the fact that over 50% of U.S. households now hold equity investments.
Prudential supervision of banking organizations encourages an enterprise-wide focus on controlling risks. Supervised organizations are encouraged to establish a control infrastructure that ensures compliance with relevant laws and regulation, principles of safe and sound operation and other risk management practices that result in a more resilient, efficient and competitive operation. Control infrastructures are expected to be forward-looking, so the organization will be able to identify and respond to new risks and changing environments.
Let me focus a moment on examinations as a key part of the prudential supervision framework. While supervisors around the globe utilize a number of different methods to monitor institutions' adherence to standards, the U.S. banking supervisors’ model has evolved over time to employ a very hands-on examination-based approach. Supervisors in other countries may rely more heavily on other elements such as the review of regulatory reports filed by the organizations, meetings with management, and the engagement of external auditors to review and report on specific areas or topics.
Based on the overall objective of banking supervision mentioned above, bank examinations generally serve to evaluate the overall safety and soundness of the banking organization. Examinations therefore include an assessment of the organization’s risk-management systems, financial condition, and compliance with applicable banking laws and regulations. Bank examinations are typically risk-focused; that is, bank examiners focus on business activities that may pose the greatest risk to the organization. The trend in prudential supervision has been to move away from a regulatory only focus. That is, today, the essential purpose of prudential supervision focuses on moving an organization beyond strictly focusing on compliance with regulations and laws toward a focus on controlling risks. More and more institutions have an embedded risk management approach. Such control infrastructures should ultimately make for a more resilient operation and enable organizations to be in a position to respond to tomorrow’s risks.
It is worth noting that this current risk management focus by banking supervisors evolved over time, as supervisors moved away from a more transactions-focused supervisory approach to an approach more focused on management’s own capabilities for measuring and managing risk exposures. This change in supervisory approach became particularly critical for the largest and most complex banking organizations for which it became clear that a supervisory approach based solely on transaction testing of individual risk exposures would not necessarily capture the true condition of the organizations.
Based on the nature of the audit profession, I consider a prudential supervisory approach the most appropriate for meeting the PCAOB’s auditor oversight objectives. In other words, the PCAOB is applying its inspection function as a tool of supervision rather than solely as a point in time regulatory checklist. However, based on the nature of the audit profession and the requirements of the Sarbanes-Oxley Act, there are some distinctions between the banking agencies’ supervision model and the evolving PCAOB supervision model.
The Sarbanes-Oxley Act requires the PCAOB to conduct a continuing program of inspections of registered public accounting firms. Prior to the establishment of the PCAOB, the firms underwent periodic peer review in a context that was often subject to criticism because of the degree of control that the profession itself exercised in the process. This self-oversight by the profession was a key concern addressed in the Act and through the establishment of the PCAOB. PCAOB inspections take a significantly different approach from that of the peer reviews, which focused on compliance with applicable standards but did not address the overall audit environment.
Similar to the federal banking agencies, the PCAOB’s oversight incorporates supervisory and regulatory aspects. The PCAOB’s mandate includes monitoring and inspecting registered firms in order to assess the controls and compliance of the audit firms with the relevant laws and standards.
Some key differences between banking organizations and audit firms drive certain distinctions in the PCAOB supervisory approach. For example, unlike banking organizations, due to the nature of the audit profession and firm structure, audit firms do not have a centralized point where aggregated risk exposure can be easily assessed. That is, within an audit firm, there are no equivalents to a banking organization’s measure of liquidity, interest rate, and market risks. As a consequence, PCAOB’s inspections are structured with an emphasis on a review of individual audits. Like the banking supervisors, our supervisory model will evolve along with the profession we supervise.
The PCAOB inspections are designed to have two focuses. First, there is the review of the aspects of recent audits performed by the firm. Inspectors assess the degree of compliance of a registered public accounting firm (and associated persons) with the Act, the rules of the PCAOB, the rules of the Securities and Exchange Commission, and professional standards, in connection with the firm’s performance of audits, issuance of audit reports, and related matters involving issuers. For those of you who follow the PCAOB, the PCAOB practice has been to publish a description of any observed auditing deficiencies that rise above a certain level of significance through the release of Part I of the PCAOB inspection reports.
The second and perhaps more forward looking component of the PCAOB inspections is the assessment of quality controls. In inspections of smaller firms, our quality control concerns may often arise less from a review of formal policies and procedures and more from inferences drawn from deficiencies in the actual performance of audits. At larger firms, quality control policies and procedures are typically far more complex, extensive and formal than those at small firms. Our quality control inspection procedures are correspondingly more extensive, and our inspection dialogue with larger firms about their quality control systems is extensive and specific. Those critiques tend to focus not only on audit performance issues, but also on how the firm designs and implements other aspects of its business that bear on the quality of its audits. Processes relating to such things as the firm's internal inspections, evaluation and compensation of partners, procedures for complying with independence requirements, establishment and internal communication of policies and procedures, and client acceptance and retention policies, all tend to call for much more formal and detailed approaches in larger firms.
This is the area of the PCAOB inspection that takes a more prudential approach in that we look to ensure that a firm has established infrastructure appropriately designed to control its risks and ensure quality in its audit work. Our feedback on a firm’s internal processes is designed to encourage the firm to improve its processes and make the firm stronger and better able to control risks in future audit engagements, in addition to ensuring better compliance with standards and laws. Needless to say, a firm’s infrastructure should be commensurate with its size, complexity, business model and overall risk profile.
Those of you who are banking supervisors or bankers will appreciate one significant distinction between the PCAOB’s inspection process and the banking agencies’ examination process: Sarbanes-Oxley not only requires the Board to prepare a written report concerning each inspection and keep much of the inspection information confidential (which is consistent with the practice of banking agencies), but the Act also requires that the PCAOB make portions of the report available to the public in appropriate detail, subject to the Act’s confidentiality restrictions. To banking supervisors, this is not only unusual, but it would violate federal law. You can imagine how curious I found this when I first arrived at the PCAOB. Of course, consistent with the Act, we do avoid publicly identifying the relevant firm clients, and, for a variety of reasons, we caution against drawing conclusions about the comparative merits of the larger firms based on the public portions of the reports. Even so, the public portion may provide the public with a window on some of the types of issues that the inspection process can help surface and address. The reporting process also includes an opportunity for the firm to respond in writing to a draft report, and we make public any portion of that response that addresses the public portion of the report.
Another important component of the PCAOB’s supervisory model is its enforcement program. As necessary, the PCAOB can investigate auditor conduct and, as appropriate, impose disciplinary sanctions. In circumstances of reckless conduct or worse, those sanctions can include significant monetary penalties, and also may include revoking a firm's registration (thus preventing it from auditing public companies) or suspending or barring individuals from working on the audits of public companies. The PCAOB also has the authority to refer findings of potential violations to certain regulatory and law enforcement agencies.
Enforcement provides an important tool for addressing the more serious violations of professional standards and other applicable law that we encounter in the PCAOB’s auditor oversight activities. While I am mindful that remediation efforts are our preferred tool in addressing most deficient auditing practices, our enforcement efforts are vital for assuring that public confidence is not undermined by firms or individual audit professionals whose conduct does not reflect the profession’s high standards of quality, independence, and competence.
The PCAOB’s supervisory approach emphasizes a constructive exchange between the firm and the PCAOB, and concerns that our inspectors identify during inspections are often promptly addressed by the firm being inspected. In my discussions to date with a number of audit firms and inspectors, I have been told that the PCAOB inspections have helped the audit profession evolve and enhanced the quality of audits. Like banking supervisors, it is crucial that we maintain a balanced, risk-based view when conducting our inspections, and our inspections are designed to accomplish that.
The PCAOB supervisory model fundamentally is based on a dialogue between the PCAOB and the supervised firm. This dialogue is helping firms of all sizes better understand what is required of them in today’s auditing environment. Through our inspections, we have identified and encouraged appropriate resolution of a number of accounting and auditing problems. And I feel confident that the PCAOB is, as the Congress intended, helping to move the profession steadily in the right direction – toward reducing the risks of material misstatements or unreliable auditing. I will observe, however, that our supervisory model is still evolving and we are looking at ways to fine-tune our approach and make it more risk-based. Ideally, as our capabilities evolve, we can be in a better position to help firms identify and even anticipate emerging audit risks.
While I’m on the subject of our inspections, let me address for a moment one of the specific ways they intersect with the prudential work of the banking agencies. Recently, the assessment of the appropriateness of the allowance for loan and lease loss (ALLL) has once again risen to the forefront of accounting and auditing banking issues. Favorable credit loss experience led to tension between auditors and institutions, as support for the determination of the ALLL did not appear to reconcile actual loss experience with potential losses in the portfolio. With the changing and uncertain economic environment, and with a multitude of new loan products with little credit loss history, the process for determining the ALLL, and the accompanying documented support for the appropriateness of the ALLL, has never been more important.
The ALLL represents one of the most significant estimates in an institution’s financial statements. Determination of an appropriate allowance will inevitably be imprecise, and thus, involves a high degree of management judgment.
From an accounting perspective, there has been a long history of interpretation and implementation issues around determining an appropriate ALLL. From an auditing perspective, there has been a long debate as to the nature and degree of an auditor’s work in assessing the adequacy and level of the ALLL.
I believe that PCAOB inspections should, and that properly conducted audits in fact will, complement the objective of ensuring a safe and sound banking industry, which identifies risk on a timely basis and supports appropriate reserves for losses. I believe that the PCAOB’s expectation that this important estimate be rigorously audited is consistent with the banking agencies' objectives and regulatory requirements.
Accordingly, I welcome and support the recent interagency policy statement on the allowance for loan losses issued by federal banking agencies and the National Credit Union Administration. This policy statement brings together existing guidance and clarifies expectations for banking organizations in the development and assessment of the ALLL estimate, which should provide for better, documented support of management’s determination of the ALLL. Among other things, the guidance makes it clear that there is ample room in existing guidance to support reserves that are adjusted to take into consideration changing economic conditions. In other words, the methodology may include qualitative adjustments, which are often inherently imprecise. It is particularly important that auditors continue to be alert for changes in risk exposures and ensure that qualitative and quantitative factors are adjusted as appropriate. The interagency policy statement should better align supervisory policy with generally accepted accounting principles.
I intend to continue a dialogue with the banking agencies to ensure that both the PCAOB and agencies’ objectives remain consistent in this regard.
Finally, a topic that has received lots of attention: On December 19th, the PCAOB will hold a public meeting to consider proposing for public comment a new auditing standard to supersede the Board’s existing auditing standard on internal control over financial reporting (Auditing Standard No. 2), and other related proposals. The proposals are the result of the PCAOB’s two-year assessment of the standard’s implementation for audits of issuers of all sizes. The PCAOB has focused on exploring ways to improve its audit requirements and accounting firms’ implementation of them, while preserving the intended benefits. It is important that you carefully consider this proposal and provide the PCAOB thoughtful feedback through the comment process. For the benefit of issuers, investors and auditors, our efforts have been closely coordinated with the SEC’s initiative to develop management guidance for public issuers under section 404 of Sarbanes-Oxley. The Commission is considering their management guidance at an open meeting today.
Thank you again for inviting me to speak with you today.
 See Section 104 of the Sarbanes-Oxley Act.
 See Section 104(d) of the Act.
 See Sections 104(c) and 105(b)(5)(B) of the Act.