Developments in the Relationships Between Audit Committees and Auditors
Thank you for this opportunity to speak to you today. David asked me to set the stage for the discussion on developments in the relationships between audit committees and auditors. As I begin, let me say that the views I express are my own and should not be attributed to the PCAOB as a whole or any other members or staff.
It is great to be before a group that cares so much about good financial reporting, as Ray Garrett did. Ray Garrett was known to say that, as a securities lawyer, he devoted much of his career to helping clients reduce uncertainties. And as an individual, he was —
comfortable, as most of us are, with familiar ways and things and distrustful of attempts to impose "improvements" which will rearrange and perhaps threaten successful patterns which have been established over a period of years.[1]
Yet when he served as Chairman of the Securities and Exchange Commission — a post he at first turned down, loathe to leave the contentment of his law practice here in Chicago — he found himself in a period of significant public skepticism of Washington and corporate America.
He served from 1973 to 1975, with some of the greatest minds in securities law and accounting — A.A. Sommers, Phil Loomis, John Evans, Alan Levinson, Sandy Burton, Stanley Sporkin and others. Harvey Pitt and Ralph Ferrara were in their formative years.
With them, he presided over some of the most significant changes in securities regulation in the history of the SEC — the Commission's questionable payments voluntary disclosure program, the abolition of fixed securities brokerage commission rates, and of special importance to this audience, a significant expansion of Form 10-K, and quarterly and current reports, to achieve high quality periodic disclosure.
The latter initiative was more than just a form change. Ray Garrett correctly saw that a cultural change was required. In his view, the quality of S-1 and other '33 Act filings far exceeded the quality of periodic filings. He believed the difference derived from the "degree of concern devoted to the task" of preparing an offering document as well as the "prompt and concentrated attention traditionally accorded such filings by the Commission's staff."[2]
Garrett's Commission surprised issuers with comment letters on 10-K filings, much as recently the Commission staff devoted new resources to reviews of financial statements filed under International Financial Reporting Standards. In both cases, the quality of the disclosure improved with third-party examination.
I. The Audit Requires Support Through Strong Cultural Institutions
Turn-of-this-century financial reporting scandals brought many of the Garrett-era discussions about corporate disclosure and governance into relief again. I dare say Ray Garrett would have found all this familiar territory had he lived to see it.
Sarbanes-Oxley has antecedents in the Garrett era. Independent oversight of the accounting profession, for example, was first proposed in the 1976 report on the accounting profession by Senator Lee Metcalf of the Senate Committee on Government Operations.
The Sarbanes-Oxley and Dodd-Frank Acts have, I believe, strengthened our capital markets. But as Ray Garrett and his contemporaries appreciated, new rules and forms do not, on their own, restore credibility.
Cultural change is required. As directors of, and counsel for, America's public companies, you set the tone, and inculcate the culture, and that sustains the long-term strength of our companies and protects investors, job holders and our economy.
A strong corporate culture can deter fraud and mismanagement of assets. A weak culture allows malfeasance to grow. The audit requires your support and attention every bit as much as other areas in which you provide legal and strategic advice and oversight.
For a variety of reasons, including some that are chronic, structural and not going to go away, I believe we are in a high risk period that merits more attention to the audit, not less, by you and your clients.
I recognize this takes some faith, as Ray Garrett and Sandy Burton had when they pushed for more rigorous continuous disclosure to investors and traders, even in circumstances when a company was not seeking new capital.
We can't observe the full benefit of a good audit. When market participants have confidence in the quality of an audit, we can observe that the audit improves the company's cost of capital. Moreover, we understand, even if we cannot with completeness measure the cost of an Enron or Worldcom to the company's investors, employees and competitors. Even unrelated companies have been affected by loss of confidence in the market for securities.
But we can't tell which other companies might have gone the way of Enron but for the auditor's watchful eye, and influence on corporate culture. This inability to identify, ab initio, where the audit will be most needed has allowed the audit, in the minds of some, to become a rent to be contained with other tax and compliance costs.
In this environment, audit fees have become a decreasing portion of audit firms' revenues. Audit practices have shrunk in comparison to audit firms' other client service lines — not all of which depend on the fundamental exercise of skepticism.
II. How Audit Committees and Their Counsel Can Improve Audit Quality
The PCAOB's main work is to inspect, and when necessary discipline, auditors of public companies and broker-dealers, against standards established to protect the public interest.
But we can't improve audit quality on our own. We need your help, and to that end, we have embarked on a broad outreach campaign to raise awareness among audit committees about risks to audit quality.
A good audit starts with the selection process. The audit committee selects the audit firm and audit team. It is up to the audit committee to conduct a rigorous vetting. It is my hope that in the near future audit committees will have access to objective data on prospective engagement partners and audit firms.
The PCAOB has proposed that engagement partners, and other firms, involved in an audit be identified in the audit report. Other countries already have such disclosure. It allows the market to reward companies that choose audit partners with a reliable record and to give others an incentive to establish one. As sophisticated as U.S. markets are, I expect analysts and data services will develop useful benchmarks to compare partners both inside and across firms.
We are also working on developing other indicators of audit quality, both at the engagement and firm level. Expect to see a concept release describing potential measures later this year. We will seek public comment to help us decide which measures to pursue in more depth.
These will be future tools. We also have tools in place now, for audit committees to use in overseeing the audit team, so that you can leverage the PCAOB's inspection and oversight programs. I included two of these tools in the Institute's electronic handbook. They can also be downloaded from the PCAOB's website directly into iBooks or another reader.
First, in August 2011 the PCAOB issued a paper entitled Information for Audit Committees about PCAOB Inspections.[3] The point was to give audit committees techniques to make effective use of inspection results to improve the quality of the audits of their companies' financial statements. This is no straightforward task, unfortunately.
The Sarbanes-Oxley Act limits what the PCAOB may disclose to an audit committee about its auditor and even about its audit. With good counsel, though, an audit committee should nevertheless be able to use the public portion of PCAOB inspection reports to ask and follow up on important questions.[4]
Any use of PCAOB findings must start with an understanding of what they mean. Inclusion in the public portion of the inspection report means that the inspection staff has determined that the firm failed to fulfill its fundamental responsibility in the audit: the firm failed to obtain reasonable assurance about whether the financial statements are free of material misstatement.[5]
There has been some discussion in the press about the term "audit failure." Some, including some of my fellow board members, fear it could be understood to mean that PCAOB inspectors have determined that the financial statements were incorrect; that is, that the audit must have failed to detect a material misstatement. This is not necessarily the case, and inspection reports appropriately have made this point clear.
Before the audit inspection regime established by the Sarbanes-Oxley Act, an "audit failure" could only be discovered if there were a restatement or other problem in the financial statements. Independent audit oversight and inspections, however, have allowed for new, independent insight into the performance of all audits. In that environment, it is both appropriate and useful to distinguish between a financial reporting failure and an audit failure.
In my view, most people can, in this new environment, understand that distinction. But I also think that a debate over a label needlessly distracts from the critically important substantive point about which there must be no confusion: that the auditor has issued an opinion without satisfying its fundamental obligation to obtain reasonable assurance about whether the financial statements were free of material misstatement.
Whether or not associated with a disclosed financial reporting misstatement, an auditor's failure to obtain the reasonable assurance that the auditor is required to obtain is a serious matter. It is a failure to accomplish the essential purpose of the audit. It means that, based on the audit work performed, the audit opinion should not have been issued, and more work consistent with applicable audit standards was necessary for the opinion to stand.
The second tool recently developed is a document issued by the staff of the PCAOB's Division of Registration and Inspection to provide information for firms that receive an inspection report that includes a quality control criticism.[6] It is useful to audit committees as well. It describes considerations that are relevant to the staff's recommendations to the Board concerning the sufficiency of firms' remediation efforts.
Inspectors have seen improvements in audit quality in response to quality control findings. When a firm accepts the findings, and undertakes a rigorous root cause analysis, it can design actions to reduce and eliminate recurrence.
The audit firm takes a significant step when it acknowledges that the number and vector of our findings indicate systemic issues, and not merely episodic failures in execution. That involves self-monitoring and testing — not just waiting to see if the PCAOB finds the problem in other audits.
Your role as an audit committee member or counsel makes a difference to audit quality: how an audit committee addresses inspection results can affect the tone of the audit. An audit committee that is impatient with the technicalities of an audit, or accepts weak arguments to dismiss the findings in an inspection report, may inadvertently signal to the audit firm and audit team that the audit committee is not concerned with quality. An audit committee that, on the other hand, expresses explicit concern for how the auditor has resolved noted deficiencies tells the auditor that quality matters.
III. The PCAOB's Initiatives to Enhance the Relevance and Reliability of the Audit
The PCAOB is also engaged in developing new initiatives to enhance the relevance and reliability of the audit. I have mentioned a couple already — audit transparency and audit quality indicators. Our proposals have benefited from input from both audit committees and the bar.
1. Auditing Related Party Transactions
We are soon to consider adoption of a new auditing standard to strengthen audits in three critical areas that routinely draw the attention of audit committees and counsel alike: (1) related parties, (2) significant unusual transactions, and (3) a company's financial relationships and transactions with its executive officers.
Misleading disclosures in these areas have contributed to a skein of prominent financial reporting scandals that have resulted in significant investor losses as well as the loss of jobs at affected companies. Despite such scandals, inspectors continue to see execution problems in practice today.
The standard introduces new procedures, while retaining and strengthening many existing procedures already familiar to auditors. Some of these new procedures appear to be contemplated in many audit firms' methodologies as best practices already. By making them standards, we will be able to enforce them where we see lapses.
2. The Auditor's Reporting Model
Last year, the Board also proposed the first significant changes to the auditor's reporting model in more than seventy years, based on investors' calls for more informative, insightful and relevant audit reports. The proposal is based on several years of outreach to investors, auditors, preparers, academicians and others, on what kind of changes would be most useful and achievable.
The PCAOB first issued a concept release in 2011, outlining certain approaches we could take, ranging from a new, stand-alone auditor's discussion and analysis of the financial statements all the way to some relatively small, but helpful clarifications to the standard auditor's report.
After considering comment, the PCAOB proposed a middle ground approach. It builds on the pass-fail report but would provide more insight about the audit, to help the public understand where the audit was most challenging and thus provided the most value.
The proposal provides a framework to report critical audit matters, which keeps the auditors in their area of expertise — the audit. The proposal would also require auditors to report on their evaluation of certain other information, besides the financial statements, such as the company's annual report and management's discussion and analysis.
The UK began using expanded audit reports earlier this year. The UK's move has been praised by investors, auditors and issuers. Last month, the PCAOB held a public meeting on our own proposal, and invited UK investors, auditors and issuer representatives to speak to that experience. Moreover, the same week as our public meeting, coincidentally, the European Parliament voted to adopt a broad package of audit reforms for EU companies, including expanded audit reports.
If you did not follow the meeting, I encourage you to download the transcript or podcast.[7] We had two days of discussion. You can use the agenda to direct yourself to the areas most pertinent to your practice. This is an engaging debate of the first order, with important implications for audits, corporate reporting and capital markets. Anyone interested in the public policy of financial markets will find something of interest.
* * *
This is a good place to move into our discussion. But let me close with some advice from Ray Garrett, reflecting on the then raging controversy over the disclosure initiatives then under consideration —
Over a period of years, very significant changes in our institutions do occur. This is necessary and desirable, since changes are the safety valve by which our system is able to operate effectively and within a broad consensus without periodic explosions or revolutions. We view the Commission's current activities in this light. We are helping evolution in our areas of responsibility so that our basic free capital market institutions will continue to operate in a fashion consistent with public expectations and economic realities. The practical alternative to successful evolution is not the indefinite preservation of the comfortable old ways but rather increasing pressure for radical replacement of the whole system.[8]
In our time, we too debate new paths, and uncertainties abound. Let us be good stewards of our institutions, and tend to them not as an immutable shrine but as servants themselves to our collective welfare. That is Ray Garrett's legacy. I want to thank Northwestern School of Law for tending to it by making this event possible.
[1] Ray Garrett, Jr., Chairman, Securities and Exchange Commission, Address at the AICPA Second National Conference: The Need for Change in Accounting Policies (Jan. 6, 1975). ("AICPA Address").
[2] Ray Garrett, Jr., Chairman, Securities and Exchange Commission, Address at the Financial Executives Institute: Improving Disclosure of Investors (Dec. 12, 1974).
[3] See PCAOB Release No. 104-2004-001, Statement Concerning the Issuance of Inspection Reports, (Aug. 26, 2004), http://pcaobus.org/Inspections/Pages/PublicReports.aspx.
[4] See id. at 4 n.9. The Board has acknowledged that some firms may be wary of voluntarily disclosing nonpublic inspection information for fear of waiving any privilege that Section 105(b)(5)(A) of the Act might afford them against compelled disclosure in a different context (such as a private civil lawsuit). Whether Section 105(b)(5)(A) affords a firm any such privilege, and whether a firm's voluntary disclosure of inspection information to an audit committee would result in a waiver of any such privilege, are questions for the courts to resolve. An auditor and audit committee sensitive to the risk of waiver, however, can likely still find ways to communicate about matters that might bear on the audit or on the company's financial statements without necessarily disclosing information specifically about the inspection, as discussed further below, at the end of Part I of this release.
[5] When PCAOB inspectors identify significant audit deficiencies, they describe their concerns in detail to the auditor. If the auditor disagrees, the auditor has ample opportunity to demonstrate to the inspection team any oversight or error in the inspection team's analysis or its understanding of the facts. The inspection team's conclusions are reviewed by PCAOB staff at multiple levels, in light of input the auditor provides, including any response to a draft of the inspection report.
Firms' approaches to characterizing these inspection results can sometimes distort them, intentionally or unintentionally. For example, one common claim is that a cited audit deficiency is based on nothing more than the auditor's failure to adequately document work that the auditor in fact performed. A firm may also argue that the cited audit deficiency reflects merely a difference of professional judgment, between the inspection staff and the auditor, within a range of reasonable professional judgments.
Audit committees should probe such assertions. In the case of every failure cited in the public portion of an inspection report, the inspection staff have considered and rejected any contention that the procedures were performed but just not documented. Similarly, in the case of every failure cited in the public portion of a report, the inspection staff has considered and rejected any suggestion that a reasonable judgment could be made that the omitted procedures were not necessary.
[6] See Information Concerning the Quality Control Remediation Process Under PCAOB Rule 4009, http://pcaobus.org/Inspections/Pages/Remediation_Process.aspx.
[7] Transcripts, witness statements and public comments relating to the PCAOB public meetings on Docket 034: Proposed Auditing Standards on the Auditor's Report and the Auditor's Responsibilities Regarding Other Information and Related Amendments are available at http://pcaobus.org/Rules/Rulemaking/Pages/Docket034.aspx. Podcasts are available at http://pcaobus.org/News/Webcasts/Pages/04022014_PublicMeeting.aspx.
[8] AICPA Address, supra note 1.