Careers
SubscribeLooking Ahead: Auditor Oversight
I am honored to be with you today. The Council of Institutional Investors, through its leaders here in Washington and you its members, plays an important role as a watchdog of the watchdogs. I hope that what I have to say today will demonstrate that the PCAOB has heard your concerns and is committed to seeking thoughtful solutions. I do have to say that the ideas I express today are my own and should not be attributed to the PCAOB as a whole or any other members or staff.
I became Chairman of the PCAOB on February 1. I took this job because I wanted to serve an organization that is responding vigorously to the risks to the investing public that were exposed by the recent financial crisis. I know that the PCAOB strives to maintain a culture that is focused on excellence in the pursuit of the public interest, and I welcomed the opportunity to help lead the PCAOB in that pursuit.
The PCAOB replaced the profession's self-regulation, which had been based on peer reviews against standards written by the firms themselves. In 25 years of operation, the profession's self-regulatory system never issued an adverse or qualified report on a major accounting firm.
Independent inspections by the PCAOB began only eight years ago. Yet, in sharp contrast to the profession's quarter century of self examination, PCAOB inspections have identified scores of problems in audits by firms in each of the large accounting firm networks, and other firms that audit public company financial statements.
The PCAOB inspection process doesn't stop there; it focuses firms on the need to do something to correct deficient audits. The PCAOB does not oversee or interact with public companies themselves, but in numerous instances, the audit-firm response to these deficiencies has led to restatements or other corrections to financial statements. These are big differences from pre-Enron days.
What's not different from the pre-Enron days, though, is that public companies still appear to structure transactions for no other reason than to reach strained accounting results, and auditors are pressured to sign off on those accounts. Those pressures can emasculate an auditor's objectivity.
By applying formidable counter-pressure to client demands, through rigorous and skillful inspections and enforcement, the PCAOB aims to maintain auditing as the attest function it is intended to be. Many things went wrong in the recent financial crisis, but the investing public would surely have been worse off without our independent oversight.
We are again at a point where new reforms are needed to strengthen investor protection. In a nutshell, the global audit firm is not too big to fail: it is too important to leave unregulated.
The Role of the Auditor and Value of the Audit
It is critical that we examine how well auditors protected investors' interest in reliable financial reporting during the crisis. I have a sense that each of the various gatekeepers in our financial system was relying on other gatekeepers as checks and balances in the system. Bank regulators, investors, lenders, and others perceived that the audit sign-off could give them comfort. That may or may not have been the case with respect to some parties. But the fact is that the auditor's presence played a role in other peoples' decisions.
Auditors' failure to have lived up to all parties' expectations, well-founded or not, has led some to question the value of the audit. Auditors were not charged with enforcing good risk management practices at financial institutions. That is not a basis to decry the usefulness of the audit.
Rather, the auditors' job is to make sure an institution's financial statements and related disclosures fairly present its results — good or bad — to investors in conformity with applicable accounting and disclosure standards. That's a big deal. Indeed, it's immensely valuable to investors.
Different legal schemes, both in the United States and abroad, may require audits for different reasons. But the reason the U.S. securities laws require audits is to protect investors. The production of audited financial statements is an obligation of management. It cannot be substituted with an insurance policy.
The value of the audit to investors derives from the auditor's objectivity, not the value-added benefit to management. Management may prefer a less objective audit that accommodates management's short-term self interest. But in such cases, deference to management increases cost to investors and, ultimately, the company.
Time and time again, we've seen services that might be valuable to management reduce the auditor's objectivity, and thus reduce the value of the audit to investors. While management may need the services, they just don't have to get them from the auditor.
Audit firms call this "client service," and it makes things terribly confusing. When the hard questions of supporting management's financial presentation arise, the engagement partner is often enlisted as an advocate to argue management's case to the technical experts in the national office of the audit firm. The mortgaging of audit objectivity can even begin at the outset of the relationship, with the pitch to get the client.
Consider the way these formulations of the audit engagement that we've uncovered through our inspections process might prejudice quality:
- "Simply stated we want management to view us as a trusted partner that can assist with the resolution of issues and structuring of transactions."
- We will "support the desired outcome where the audit team may be confronted with an issue that merits consultation with our National Office."
- Our audit decisions are "made by the global engagement partner with no second guessing or National Office reversals."
Or, to demonstrate how confusing the value proposition could be even to those auditors who try to articulate it:
- We will provide you "with the best, value-added audit service in the most cost effective and least disruptive manner by eliminating non-value added procedures."
(What is a "non-value added procedure"? Whose value do you think the claim refers to? If a procedure is valuable to investors but doesn't add value to management, will it be scrapped?)
Or, consider this as a possible audit engagement formula for misunderstanding down the road:
- We will deliver a "reduced footprint in the organization, lessening audit fatigue."
(What is "audit fatigue"? Does accommodating it add value to investors? How should investors feel about a "reduced footprint"?)
Firm policies generally prohibit the inclusion of this kind of representation, but the pressures on engagement partners are formidable. As many of you know, in 2009 the PCAOB issued a concept release to explore ways to enhance investor protection by increasing transparency into and accountability for the audit, including by requiring engagement partners to sign audit reports in their own names.
Based on comments and other outreach, it is clear investors want more transparency about audits. In taking the next step in the initiative, though, it's going to be important to bolster (not undermine) the authority of national office technical leaders to push back on client demands and enforce consistent, high quality decisions at the firm level.
The Cost of a Failed Model
One of the greatest lessons of the financial crisis is that superficial analyses of behavioral incentives can have terribly damaging consequences. As Alan Greenspan famously admitted in the fall of 2008 as the financial crisis raged, "Those of us who have looked to the self-interest of lending institutions to protect shareholders' equity, myself included, are in a state of shocked disbelief."
The costs of having failed to engage in a deeper analysis of what motivated market participants' behavior have been enormous. Indeed, the effects of the economic crisis will be felt for many years to come. For example, economists at the International Monetary Fund estimate that global economies will be required to embark on adjustments to stabilize the effects of this crisis on their debt through at least through 2020.[1] I find that astounding.
A deeper analysis of what motivates auditors' behavior is underway. Indeed, the PCAOB inspected the audits of many of the issuers that later failed or received federal bail-out funds. In several cases — including audits involving substantial financial institutions — PCAOB inspection teams found audit failures that were of such significance that our inspectors concluded the firm had failed to support its opinion.
Several of these audits are now also the subject of pending PCAOB investigations and may lead to disciplinary actions against firms or individuals. Under the Sarbanes-Oxley Act, our disciplinary actions must remain non-public (unless the respondent consents), until both our proceeding and any SEC appeal are finished.
It will take a long time before the results of our contested deep dives into these audits will be public. There are many problems with this delay. Fixing it will take a legislative change. We will need the support of the investor community to get it. So I hope we can count on you.
The Future of Auditor Oversight
To my mind, the future of auditor oversight must focus on the counter-weight to client pressures that independent oversight provides. Here's how I think PCAOB programs and initiatives can be used effectively to provide this counter-weight.
Analysis of Audits Affected by the Economic Crisis
Last fall, the PCAOB issued a report to inform the public about the audit risks and challenges that PCAOB inspectors had found in connection with the financial crisis.[2] That report discussed audit deficiencies inspectors uncovered in inspections during the period 2007 through 2009.
We followed up on these areas in our 2010 inspections. Although the 2010 reporting cycle is not yet complete, so far PCAOB inspectors have continued to identify significant issues related to the valuation of complex financial instruments, among other areas. PCAOB inspectors have also identified more issues than in prior years.
In 2011, PCAOB inspectors will continue to focus on high-risk audit issues posed by the ongoing effects of the economic crisis and any emerging new risks — for example, the financial statement effect of the obligation to repurchase mortgages previously sold and mandated modifications to certain mortgages. Consistent with the PCAOB's new audit standards on risk assessment, we will be looking for more robust risk assessments and more rigorous procedures to respond to identified risks.
Root Cause Analysis
Inspectors will enhance their consideration of root causes when they find audit deficiencies. And, as in past years, inspectors will continue to press firms to identify root causes of deficiencies and address them.
Correction of Past Deficiencies
PCAOB inspectors will also look closely at corrective actions. A firm's failure to obtain sufficient evidence to support its opinion does not mean that the financial statements themselves are necessarily misstated. But it does mean that corrective actions both to shore up the deficient audit as well as to better plan and perform future audits are necessary for investor protection and to promote the public trust in the audit process.
We do not see enough firms going back and performing more work to shore up individual audits that inspectors identified as deficient. We have begun to see some firms going back quite recently. But with respect to firms that still don't adequately fix past errors, we may have to turn to our enforcement tools.[3]
This concern is compounded by the fact that we have received reports from members of audit committees that firms commonly represent to audit committees that their PCAOB inspection reports raise merely minor concerns, often attributable to documentation of procedures they claim — but just can't demonstrate — they performed. Therefore, we are exploring ways to encourage the firms to provide more faithful reporting to audit committees in the future.
Firm Management and Monitoring
Inspectors will continue to evaluate how firms manage audit quality. To this end, inspectors will examine whether their systems are effective at detecting and preventing audit failures, complying with auditor independence requirements, and implementing performance review processes that don't champion client service at the expense of audit quality.
Supervision of Cross-border Audits of Multi-location Companies
In addition, the PCAOB plans to expand its examination of the quality control processes of large firms that participate in global networks. Audit reports by such firms do not generally describe the affiliated firms that participated in the audit or the coordination that was required. The firm that signs the report stands by the work of the firms that are not named, which is important. But the public is left with the impression that the signing firm performed all the procedures described in the audit report, and that is generally not the case.
We plan to focus our inspections this year on evaluating the quality of communication and coordination among affiliates in these networks. Inspectors will examine firms' supervision of work performed by affiliated firms, including firms' controls over consultations on accounting and auditing issues, as well as engagement teams' use and evaluation of affiliates' work.
Based on what we find, we are planning to consider any appropriate changes to our standard on the principal (or signing) auditor's use of other audit firms.[4]
Increasing Access to Inspect Non-U.S. Registered Firms
It is no secret that we have not been able to inspect all of the non-U.S. firms we are required to. Seventy firms in 24 jurisdictions — including in the European Union, Switzerland and China — had inspection deadlines in 2010 or earlier that have not been met. This means enormous components of the audits of multi-national companies escape review, even when the firm that signed the audit report is a large U.S. accounting firm.
The PCAOB is working hard to reach accords that will allow PCAOB inspectors into those jurisdictions: it is one of our highest priorities. I am pleased to report that we have concluded an agreement to conduct joint inspections with Swiss authorities. We will commence joint inspections in Switzerland in May, with the goal of inspecting three Big Four affiliate firms by the end of the year.
In addition, in January, the PCAOB reached an agreement to conduct joint inspections with the authorities in the United Kingdom. Based on this agreement, the PCAOB is planning joint inspections of two large U.K. firms beginning in May.
The U.K. and Swiss agreements are good deals for U.S. investors. They are not "mutual recognition" arrangements, but arrangements for joint inspections that will enable PCAOB inspectors to evaluate audit work in these countries that U.S. investors rely on.
I hope that these agreements will serve as a model for cross-border cooperation with other regulators in the European Union. I am encouraged by our discussions with authorities in some jurisdictions. The negotiations with other EU Member-State regulators continue to progress quite slowly, however.
Likewise, the PCAOB continues to meet resistance to inspections in China, based primarily on national sovereignty grounds. This is especially troubling given the growth in the number of Chinese companies seeking access to capital in U.S. securities markets.[5]
There are also significant risks associated with audits of operations of U.S. companies in China. For example, we are finding through our oversight of U.S. firms that even simple audit maxims, such as maintaining the auditor's control over bank confirmations, may not hold given the business culture in China.
If Chinese companies want to attract U.S. capital for the long term, and if Chinese auditors want to garner the respect of investors, they need the credibility that comes from being part of a joint inspection process that includes the U.S. and other similarly constituted regulatory regimes. In light of these risks, the PCAOB's inability to inspect the work of registered firms from China is a gaping hole in investor protection.
Enhancing the Auditor's Reporting Model
Before I close, I would like to touch on our project on the auditor's reporting model. In many ways, this project best elucidates the transition that I see the audit profession facing as we emerge from the immediate effects of the financial crisis and shore up investor protection in light of lessons learned.
The auditor's report is the primary means by which the auditor communicates to investors and other users of the financial statements regarding its audits of financial statements. The form of the report has not evolved significantly from the pass-fail model of the early years, however.
Over the years, several committees and groups, such as the Cohen Commission, Treadway Commission, and the American Assembly, have suggested improvements or changes to the auditor's report. Similarly, in 2008, the Advisory Committee on the Auditing Profession convened by the U.S. Department of the Treasury recommended that the PCAOB consider improvements to the auditor's reporting model and clarify in the auditor's report the auditor's role in detecting fraud. The Treasury Committee noted that the greater complexity in financial reporting supports improving the content of the auditor's report beyond the current pass-fail model.
The PCAOB has already engaged in extensive, indeed unprecedented, outreach to understand how changes to the report could benefit investors.[6] The PCAOB staff is now preparing a written concept release for the Board to consider this summer to describe several potential changes and solicit public comment.
Our outreach underscored that investors clearly want more from the audit report, including information from the auditor regarding the auditor's views on audit risk, management's judgments and estimates, and the quality of management's accounting policies.
Embedded in the call for more information from the auditor, is a call for auditors to better serve investors. As I discussed earlier, there are many forces that prevent auditors from seeing investors as their direct or even ultimate masters.
Investor protection is what allows the U.S. to enjoy such economic success. Looking ahead, our audits and audit reports ought to better reflect investor needs.
We are well aware of the stake that you as investors have in our success. As I said at the beginning, the Council of Institutional Investors is a powerful watchdog of the watchdogs. Keep barking.
[1] See International Monetary Fund, Strategies for Fiscal Consolidation in the Post-Crisis World (Feb. 4, 2010).
[2] PCAOB, Report on Observations of PCAOB Inspectors Related to Audit Risk Areas Affected by the Economic Crisis (Sept. 29, 2010), available at http://pcaobus.org/Inspections/Pages/PublicReports.aspx. Among other things, the report described deficiencies relating to auditing fair value measurements, especially of financial instruments; impairment of goodwill, indefinite-lived intangible assets, and other long-lived assets; allowance for loan losses; off-balance-sheet structures; revenue recognition; inventory valuation; and income taxes.
[3] The PCAOB’s auditing standards require firms to consider performing omitted procedures after the audit report date when an auditing procedure considered necessary at the time of the audit in the circumstances then existing was omitted. See AU 390, Consideration of Omitted Procedures After the Report Date.
[4] To evaluate cross-border audits, we inspect both the principal auditor and the affiliated auditors who contribute to the audit. Approximately 260 non-U.S. firms are subject to regular PCAOB inspection. To date, the PCAOB has inspected 197 non-U.S. firms in 35 jurisdictions, including countries where some of the largest foreign private issuers — whose securities also trade in U.S. markets — are located such as Brazil, India, Japan, Korea, Mexico and the Russian Federation. In 2010 the PCAOB inspected 64 non-U.S. firms in 20 jurisdictions. Nineteen of these 64 inspections were performed on a joint basis with the local auditor oversight authority pursuant to negotiated cooperative arrangements.
[5] Last month, the PCAOB issued a research note on trends and risks related to reverse merger transactions involving companies from the China region. PCAOB, Activity Summary and Audit Implications for Reverse Mergers Involving Companies from the China Region: January 1, 2007 through March 31, 2010 (March 14, 2011), available at http://pcaobus.org/News/Releases/Pages/03152011_ResearchNote.aspx.
This note followed a July 2010 staff audit practice alert on auditing public companies with operations in China and other jurisdictions that accessed the U.S. capital markets through reverse mergers. PCAOB Staff Audit Practice Alert No. 6, Auditor Considerations Regarding Using the Work of Other Auditors and Engaging Assistants from Outside the Firm (July 12, 2010).
[6] The PCAOB staff conducted numerous in-depth meetings with more than 80 people experienced in using or preparing audit reports, including investors, auditors, preparers, audit committee members, researchers, and others. On March 22, the PCAOB held an open Board meeting to discuss the input received. This was the first time the Board has received a staff presentation on a standards-setting project in public, before a concrete proposal before us.
The Board’s Investor Advisory Group also discussed this issue at its March 16, 2011 meeting. At that meeting, the Board heard a presentation from a task force of the group's members about a survey they conducted to solicit views regarding changes to the auditor's report. The group surveyed institutional investors, including investment banks, mutual funds, pension funds, hedge funds, and others.