Areas of Focus for Global Audit Regulators

I welcome our regulatory guests from over 35 jurisdictions around the world to the Public Company Accounting Oversight Board's 10th Annual International Institute on Audit Regulation.

At the outset, the views I express today are my own and do not necessarily reflect those of the Board or staff of the PCAOB.

Today, I want to touch on four topics: recent enforcement findings, firm governance and transparency, non-GAAP financial measures, and the impact of technology on audits. I know that some of the topics I want to address have already been discussed in the Enforcement breakout session, by the panel on Taking Forward Audit Regulation, and just now on our panel dealing with investor perspectives. But because they remain priorities of mine, let me also touch upon some of them briefly and raise others which were discussed at the October meeting of the PCAOB's Investor Advisory Group ("IAG"), which I chair.

Recent Enforcement Findings

Last week, as you know, the PCAOB announced major settlements with two international affiliates of a global network firm.[1]

The settlements relate to instances where firm personnel – some of whom were senior partners with leadership roles at the firm – issued materially false audit reports, altered audit work papers, pressured others within the firm to do the same, withheld documentation, provided false testimony, and did not cooperate with our inspections and subsequent investigation. It was through our enforcement staff's investigative efforts that the cover-up involving the improperly altered work papers was ultimately discovered.

As described in detail in the orders – which are posted on our website[2] – senior partners, including leaders in the audit practice and individuals serving on one firm's governance board, set a tone of disregard for compliance with rules and, in one instance, actively thwarted the Board's oversight.

The audits implicated in both matters were of large multinational corporations, underscoring the importance of regulators around the world to work increasingly collaboratively to address improper behavior.

I view these as extremely serious violations which raise fundamental issues relating to global firm governance, culture and tone at the top.

I know that Ms. Tomoko Amaya, secretary general of the CPAAOB of Japan, will be discussing some of these issues in her presentation tomorrow in our session entitled "Promoting a Culture of Quality Through Enforcement."

Firm Governance and Transparency

Quite apart from any enforcement context, Jeff Mahoney, general counsel of the Council of Institutional Investors, just now spoke about firm governance and transparency.

At this year's meeting of the PCAOB's IAG, investor representatives recommended that audit firms should be required to appoint independent members to their governance boards and provide audited financial statements.[3]

Some have asserted that having independent board members on the governance boards of firms could, for example, among other things, ensure that the firm and its leaders (i) more closely monitor a firm's culture and tone at the top, (ii) protect the independence of the audit practice, (iii) ensure that audit quality is a significant factor in the partner evaluation process versus revenue generation, (iv) hold partners accountable for significant deficiencies identified in their audits or other egregious behavior, and (v) promote a culture that enhances audit quality as well as auditor independence, objectivity and professional skepticism. I agree.

With respect to audit firms providing more information regarding their financial condition, such governance and transparency requirements currently are in place in various jurisdictions outside of the United States. I think we as regulators should all consider such additional transparency reporting in the context of basic sound governance practice.

I know that a number of the firms are already considering these issues and I would suggest that you, as their regulators, encourage them to continue to do so.

Non-GAAP Financial Measures

This brings me to another topic discussed at our recent PCAOB IAG meeting, namely the reporting and use of non-GAAP financial measures.[4] The use of non-GAAP financial measures has grown significantly since 2010 and the difference between non-GAAP and GAAP financial measures has increased as well. For example, the difference between non-GAAP earnings per share and GAAP earnings per share was 30% in fiscal year 2015.[5]

Concerns have been raised that companies may be using non-GAAP measures to obscure or present an unjustifiably favorable view of a company's financial condition versus reported GAAP results.

To promote consistent reporting and presentation across companies and industries, the PCAOB's IAG recommended that non-GAAP financial measures be defined and disclosed as part of the financial statements so that they might be subject to independent validation as part of the audit.[6]

In response to the issues surrounding non-GAAP reporting, the United States Securities and Exchange Commission has increased their focus on reported non-GAAP financial measures[7], and I would suggest that you as regulators globally do the same.

Investors are also increasingly considering non-financial performance factors — such as environment, social, and governance matters -- as being integral to their investment decision making. With this comes the question of whether such information should be subject to independent verification.

At the PCAOB, we are examining the auditor's role with respect to non-GAAP financial measures as part of our research on the auditor's responsibility for other information accompanying the audited financial statements. Further, the SEC's concept release on disclosure reform published this past April included 11 pages of discussion on sustainability.[8]

Both I believe are promising steps in addressing issues of ongoing concern to investors which I know that a number of you have already acted upon in your various jurisdictions.

Transformative Impact of Technology

The last topic I would like to address is the focus on the role of technology in the audit. I understand that there is a panel discussion tomorrow morning dealing with audit analytics so I will keep my comments brief.

Clearly we are entering a new paradigm for the audit with some predicting that the auditing profession will change more in the next five or six years than it has in the last 30 years and that the next generation of auditors will include those with backgrounds in science, technology, engineering and mathematics. I believe this is an irreversible trend.

In just a few years, terms such as "big data", "data analytics" and "artificial intelligence" have gained prominence when discussing audits.

Each of the Big Four firms has dedicated groups working to develop analytical tools and applications to make the audit more efficient and effective. For example, some firms are exploring the use of drones to conduct inventory observations, robotic process automation to perform data transfers, and artificial intelligence to automate evidence gathering.

However, the extent to which the actual quality of the audit can be enhanced by the increased use of technological tools is still unclear. Proponents assert that these tools allow the auditor to analyze a large population of data, which provides the auditor with a more in-depth understanding of the client and its environment as part of his or her risk assessment and that, further, data analytics tools could enable the auditor to focus on higher risk areas by reducing the time spent on manual analyses.

But certain concerns exist. For example, it is important that the data being analyzed is complete, accurate, relevant and reliable. And, auditors need to take steps to prevent confirmation bias by ensuring that they consider inconsistent or contradictory evidence. Further, jurisdictional data protection laws may present logistical data transfer challenges for audits of large corporations with operations in different countries.

At the PCAOB, we recently announced that staff is researching trends and new developments in technology, data analytics, and other audit tools and how they may affect the future of the audit and firms' ability to respond to audit risk.

Given the impact of such technological tools on the audit, I believe it is important for all of us to monitor the effect of these developments on the audit and audit quality.

On this subject, I will leave you with two thoughts: (i) Is the use of data analytics improving audit quality in areas where regulators around the world continue to find the highest rates of deficiencies? The latest Global Survey of Inspection Findings by the International Forum of Independent Audit Regulators noted high numbers of inspection findings in three areas, two of which included fair value measurement and revenue recognition.[9] These areas involve significant management estimation and carry risk of management bias requiring a high degree of auditor judgment and professional skepticism – skills that technological tools are not substitutes for, and (ii) Equally importantly, does the ability to audit 100% of the population mean that we should be asking for a higher level of assurance from auditors in the future?

I would suggest that we all carefully research and analyze these questions.

Also, I would strongly encourage you to attend U.S. Treasury Deputy Secretary Sarah Bloom Raskin's keynote address[10] tomorrow morning, which will deal with the role of the auditor in assuring the cybersecurity controls of an issuer as they relate to the financial services sector. I have for some time now believed this role warrants greater clarification given the involvement of the major accounting firms in both their audit and consulting functions related to cybersecurity.


I have touched on four topics: the most recent PCAOB enforcement findings; suggestions for improved firm governance and transparency; investor perspectives on non-GAAP financial measures; and, the potential transformational changes taking place in the audit through developments in technology.

I believe we must all work increasingly collaboratively to address these findings and issues to ensure the highest possible audit quality for the protection of investors.

Thank you and I am happy to answer any questions.

[1]See PCAOB News Release: PCAOB Announces $8 Million Settlement with Deloitte Brazil for Violations Including Issuing Materially False Audit Reports and 12 Individuals Also Sanctioned for Various Violations (Dec. 5, 2016) and PCAOB News Release: PCAOB Announces $750,000 Settlement with Deloitte Mexico for Failing to Effectively Implement Quality Control Policies and Procedures for Audit Documentation (Dec. 5, 2016).

[2] PCAOB settled disciplinary orders are located at:

[3] See Report of the Investor Advisory Group Working Group on ACAP Recommendations (Oct. 27, 2016). See also U. S. Department of the Treasury, Final Report of the Advisory Committee on the Auditing Profession to the U.S. Department of the Treasury (October 6, 2008).

[4] See Report of the Investor Advisory Group Working Group on Non-GAAP Measures (Oct. 27, 2016).

[5] Id.

[6] Id.

[7]See Securities and Exchange Commission Chair Mary Jo White, Keynote Address at the 2015 AICPA National Conference: "Maintaining High-Quality, Reliable Financial Reporting: A Shared and Weighty Responsibility" (Dec. 9, 2015).

[8] See Securities Act Release No. 10064, pgs. 204-214 (April 13, 2016).

[9] See IFIAR Press Release: International Audit Regulators Say Pace of Audit Quality Improvement Too Slow; Call for Measurable Improvement By 2019 (March 3, 2016).

[10] See Remarks by Deputy Secretary Sarah Bloom Raskin at the Public Company Accounting Oversight Board International Institute on Audit Regulation: Protecting Financial Cyberspace (Dec. 14, 2016).