Driving Audit Quality Forward: PCAOB 2.0
I. Introduction
Thank you, Jon [Lukomnik, Managing Partner of Sinclair Capital], for that kind introduction, and thank you to the International Corporate Governance Network (ICGN) for inviting me to speak at your 2018 autumn conference here in New York City.[1]
For more than two decades, as cross-border investments have rapidly grown, I have appreciated how the ICGN has promoted more effective corporate governance standards to advance efficient markets and economies worldwide. Through events like this, investors, corporate governance professionals, regulators, and other policymakers can exchange ideas, share perspectives, and deepen our collective understanding about governance practices around the globe.
Today you have covered some of the most pressing topics on the minds of global investors. You have explored the different lenses through which investors as well as corporations and regulators view environmental, social, and governance considerations. You also have explored emerging technologies — artificial intelligence, robotics, and the use of big data — and how they are changing the capital markets. It is a very impressive agenda.
To capstone today's discussions, I would like to share with you how we at the Public Company Accounting Oversight Board (PCAOB) are looking at emerging technologies as a way to drive audit quality to advance investor protection, the public interest, and well-functioning capital markets. But before I do, I would like to provide some context on the new PCAOB board, why the organization exists, what we have done over the past almost 16 years, and where we are heading.
II. The PCAOB has a New Board
For the first time since our inception in January 2003, the PCAOB has all new board members. Securities and Exchange Commission (SEC) Chairman Clayton and Commissioners Piwowar and Stein consciously selected each of us for our diverse experience and variety of perspectives.[2] Our collective backgrounds cover the spectrum of the financial reporting process: preparer, auditor, board member, and investor adviser and advocate. Together our experiences also include academia and legislative oversight, as well as corporate governance, securities regulation, risk management, cybersecurity, and fintech.
In fact, the board's skills and views are so deep and diverse that when we met with one CFO recently, he referred to our individual backgrounds as "superpowers." This was the first time in my professional life that my expertise was referred to as anything close to a superpower — which, in my mind, is just one small step short of being called a superhero. So I tried it out on my nephew. But to an eight-year-old, my "powers" around corporate governance, securities regulation, risk management, cybersecurity, and fintech are just not the same as having the superhuman speed and reflexes of the Black Panther or the power and poise of Wonder Woman. Go figure!
In any event, whether superpowers or not, the wholesale reconstitution of the board with members of varied backgrounds brings a unique opportunity for us to look back — with fresh eyes, from different vantage points — and reevaluate where the PCAOB has done well and where we can do better. To be most informed, for me, this means starting with why the organization was created.
III. Why We Are Here
Recall that just after the last millennium, the United States had a series of high profile accounting scandals and record bankruptcies by large public companies, such as Enron, Tyco, and WorldCom. Investors lost hundreds of billions of dollars, and trillions of dollars in market capital. Public confidence was shaken in the financial reporting and disclosures of public companies. Trust in the opinions of auditors on the accuracy of those financial reports was undermined. Questions arose regarding the objectivity and impartiality of auditors. Faith was weakened in the integrity of the U.S. securities markets.
During congressional hearings held at the time, consensus existed on the causes of these corporate failures: weak corporate governance, inadequate corporate disclosures, and insufficient internal controls around financial reporting. Two other identified root causes related specifically to auditors: the absence of effective oversight and the lack of independence.[3]
To restore public confidence, in the summer of 2002, Congress passed sweeping, bipartisan legislation that President George W. Bush promptly signed into law.[4] The Sarbanes-Oxley Act was born. It mandated enhanced financial disclosures, corporate responsibility, and auditor independence. The Act's first section created the Public Company Accounting Oversight Board.
IV. Who We Are
The PCAOB's statutory mission calls on us to oversee the audits of public companies and SEC-registered broker-dealers to protect investors and further the public interest in the preparation of informative, accurate, and independent audit reports.[5]
Sarbanes-Oxley outlines four core duties for the PCAOB: registration, inspections, standard setting, and enforcement.[6] Where do we stand now on each of these duties?
Today, the PCAOB has just over 1,860 auditing firms registered with us, slightly more than half of which are domiciled in the United States, with the remaining located in 84 countries aboard.[7]
Through 2017, we have conducted about 3,000 firm inspections, covering more than 12,500 public company audits. As part of our broker-dealer inspection program, our inspectors performed 409 firm inspections and looked at 630 broker-dealer audits since 2011, when our inspection authority was expanded as part of the congressional response to the 2008 financial crisis. Intended to identify and address weaknesses and deficiencies in how firms conduct audits, our inspections assess the quality control systems that audit firms have in place and use a risk-based approach to select individual audits, and areas to probe within those audits, looking for potential deficiencies.
After initially adopting the prevailing generally accepted auditing standards in 2003, the PCAOB has systematically modernized those standards. In addition to streamlining and reorganizing, these efforts also have included retiring, updating, and adopting new standards. Our most recent new standard changes the auditor's report for the first time in 70 years. As you heard during a panel earlier today that included my fellow board member, Jim Kaiser, these changes are designed to inform investors and other financial statement users of the most significant issues in the audit — or "critical audit matters" — and how the auditor addressed those issues.[8]
Finally, through our enforcement program, the PCAOB has sanctioned more than 180 firms for, among other things, fundamental failures to gather sufficient audit evidence around some of the most material accounts in financial statements, such as revenue and intangible assets. We also have sanctioned more than 200 individuals for many of these same basic audit failures. In connection with penalties collected through enforcement actions, the PCAOB also has provided $9.29 million for 929 scholarships to accounting students from 455 colleges and universities across the country.[9]
V. Where We Are and What We Know
General consensus exists that audit quality has substantially improved and restatements of financial statements are dramatically down since the establishment of the PCAOB.[10] But we also know that more needs to be done.
For example, over the last several years, we have seen roughly the same percentage of audit deficiencies year over year at the largest audit firms.[11] And that percentage is not small. While the picture is not yet complete, for five of the six largest global network firms with publicly reported inspection results, the deficiency rates over the past three years have ranged from 20 percent to 74 percent.[12]
To be sure, our inspections are largely risk-based. Our inspectors typically focus on high risk audits — those with a higher threat that the financial statements will have a material misstatement; they also focus on the audit work around the most challenging or inherently uncertain parts of those financial statements, such as estimates, like the valuation of intangible assets. But, even for a risk-based program, the potential plateauing of deficiencies at an unacceptably high rate should cause us and others to pause.
What are we doing about this?
VI. Where We Are Heading and Why: Our Five Strategic Goals
The new board began by looking inward. A key tool that we are using to reevaluate our programs and operations and chart our course for the future is our strategic planning process, which we launched six months ago. This process included for the first time a public survey soliciting advice from our stakeholders on what we could do better. We also conducted dozens of in-depth one-on-one interviews and polled our entire staff. My fellow board members and I went on listening tours around the country. We met with investors, audit committee and board members, CFOs, and others who play roles in preparing financial statements. We spoke with auditors from an array of firms and met with foreign regulators.
So where did we end up — what is this new board about and what are our strategic priorities?
First, we are about raising the bar on moving audit quality forward through a combination of prevention, detection, deterrence, and enforcement.
Second, we are about positioning the PCAOB to better anticipate and adapt to a changing environment, including emerging and potentially disruptive technologies.
Third, we are committed to improving our transparency and outreach to investors like you, as well as other stakeholders, including audit committees, board members, and financial statement preparers.[13] This effort includes making our work more accessible, meaningful, and timely. For example, in addition to issuing our inspection reports faster, we are considering creating a short executive summary, with plain language narratives and visual depictions of trends, to assist readers in better understanding the essence of the reports' findings. We also are considering ways to more clearly communicate the degree of severity of the deficiencies that we find during our inspections.
Finally, because we are funded ultimately by investors through fees charged to public companies and broker-dealers, we are dedicated to becoming more efficient and effective with our resources, while empowering our people to take prudent risks to drive our mission forward.
As you can see, our strategic priorities are broad and thematic, and they transcend specific offices and functions. They also are designed to break down internal and external silos, and other barriers that may impede propelling audit quality ahead. Currently, we have 43 distinct projects with board member champions assigned to each, which are designed to transform our activities and operations in pursuit of our strategic priorities.
VII. Emerging Technologies, Data Analytics, and Beyond
Now let me focus in on how we are positioning ourselves and the entities we regulate to anticipate and adapt to emerging technologies.
Why is technology a key strategic focus for us? According to a recent study by the global consulting firm Accenture, more than a third of all finance tasks at large global companies are being performed today by algorithms and robots.[14] Within three years, that figure is expected to increase to 45 percent. [15]
The use of advanced analytics and artificial intelligence at these companies has more than doubled over the past two years. For example, in 2016, about a third of the surveyed companies reported using advanced analytics; today, that figure tops 70 percent. Similarly, two years ago, only about 28 percent of these companies were deploying artificial intelligence and now more than 60 percent are.[16]
Emerging technologies have the potential to fundamentally change financial reporting. Sitting here today, we cannot envision the full extent of those changes or even how exactly those changes will manifest themselves. But what we do know is that auditors will need to understand not only how their clients are using these technologies, but also how to deploy new approaches to technology and analytics to effectively perform their assurance function.
Drones are already being used as an audit tool for inventory observations. Data analytics could replace sampling techniques with assessments of all transactions and accounts. The use of blockchain could make confirmations a thing of the past.
Freed from manual time-consuming rote reviews, technology offers the promise of providing auditors with more time to exercise deep business and financial expertise and to hone their professional skepticism to identify indicia of errors or fraud and probe their potential root causes. So, while technology can lead to efficiencies, it also offers the promise of improving effectiveness or audit quality.
Emerging technologies also provide the opportunity to build accounting and auditing standards and regulatory requirements into solutions from the start rather than bolting them on after the fact. From my perspective as an audit regulator — and yours as investors — this is why technology is so powerful and transformational.
In order to stay abreast of developing trends, my fellow board members and I — along with PCAOB staff — are meeting with audit firms to see their most innovative applications of technology. We are also meeting with and learning from other regulators, both domestic and international.
Our standards team is spearheading a research project to assess the use of new technologies on the audit and audit quality. As part of that, they are obtaining advice from a PCAOB data and technology task force comprised of private-sector experts. The overarching topic we are exploring so far is how data analytics, artificial intelligence, the use of blockchain, and other emerging technologies affect audits today and their potential effects on audits tomorrow.
The research project and task force are also helping the board assess whether our standards may be constraining the use of technology in audits and, if so, to determine the most appropriate policy response. Today, the PCAOB's auditing standards do not appear to be inappropriately impeding the use of innovative technology in the audit. And our current standards appear flexible enough to allow audit technology to evolve for now. However, we are carefully monitoring for signs that our standards might inappropriately stifle innovation, especially around breakthroughs that could enhance audit quality and, ultimately, financial reporting for the benefit of investors and other users of financial reports.
For example, we have three standards projects that are close to completion — accounting for estimates, the use of specialists, and supervision of other auditors. In addition to making sure that the new board was comfortable with the work previously done, our staff has re-reviewed the proposed standards with an eye towards better ensuring that the standards will remain evergreen as technology and data analytics evolve.
One final note, we are not just looking at how technological innovations will affect financial reporting and the audit. We are also reassessing our own use of technology and data. We want to make sure that we are well-positioned to exploit innovative thinking around the use of technology and data analytics to more effectively perform our oversight role.
VIII. Conclusion
An entirely new board is a significant change for the PCAOB. With that change comes significant opportunity — a chance to reflect on the organization's past work and, with that foundation, to innovate and improve how we approach our oversight of the auditing profession. This opportunity is particularly timely in light of the current dynamic environment driven largely by rapidly changing technology.
More importantly, this change gives us the opportunity to position the PCAOB for the future to better protect investors and the public interest. Not just for today, tomorrow, and next year, but for the next five years and beyond. I'm excited to be part of the PCAOB at this inflection point.
Thank you for the opportunity to share my thoughts.
[1] The views I express here are mine alone, and do not necessarily reflect the views of my board colleagues or our staff.
[2] SEC Appoints New Chairman and Board Members to PCAOB, SEC press release (Dec. 12, 2017) https://www.sec.gov/news/press-release/2017-230.
[3] When signing the act into law, President Bush commented that it included "the most far-reaching reforms of American business practices since the time of Franklin D. Roosevelt." President Bush continued that: "[t]he era of low standards and false profits is over; no boardroom in America is above or beyond the law."
[4] Seeming both quaint and extraordinary by today's standards, the Sarbanes-Oxley Act passed overwhelming in the U.S. Congress: 423 to 3 in the House, with 8 abstaining; and unanimously in the Senate 99 to 0, with 1 abstaining.
[5] With the adoption of the Dodd-Frank Wall Street Reform and Consumer Protection Act, Congress expanded the PCAOB's mission in July 2010, to include overseeing the audits of broker-dealers, including compliance reports filed pursuant to the federal securities laws. https://pcaobus.org/News/Releases/Pages/07212010_DoddFrankAct.aspx.
[6] More specifically: We register audit firms. We establish auditing standards for public companies and SEC-registered broker-dealers, as well as standards around auditor ethics, independence, and quality controls. We inspect against our standards and rules, as well as against the federal securities laws and professional standards related to the performance of audits and the issuance of audit reports. Finally, we enforce accountability by investigating and disciplining improper conduct by registered firms and their associated professionals.
[7] Specifically, as of September 30, 2018, there were 1,863 registered firms: 985 (53 percent) domestic and 878 (47 percent) international.
[8] "Critical audit matters" are defined as any matter arising from the audit that relates to material accounts or disclosures that involved especially challenging, subjective, or complex auditor judgment. The new standard also requires disclosure of auditor tenure in addition to a number of other improvements. https://pcaobus.org/Rulemaking/Docket034/2017-001-auditors-report-final-rule.pdf.
[9] To aid in our inspections and investigations of foreign domiciled firms, we have also entered into 24 bilateral agreements with foreign regulators.
[10] Audit Analytics, 2017 Financial Statements Review (June 2018). https://www.auditanalytics.com/blog/2017-financial-restatements-review/.
[11] To qualify as an audit deficiency, our inspectors have determined that the auditor's statement that the financial statements were presented fairly, in all material respects, in accordance with the applicable financial reporting framework cannot be verified based on what they saw in the work papers and learned from the engagement team. In other words, the audit firm could not support its opinion that the financial statements were not materially misstated.
[12] Specifically, for these five firms, in 2014, the deficiency rates ranged from 21 percent to 74 percent. In 2015, those rates were between 24 percent and 52 percent, and for 2016, the rates ranged from 20 percent to 67 percent. And while we do not have as granular information internationally, the latest report from the International Forum of Independent Audit Regulators (IFIAR) indicated that overall deficiencies rates for the largest firms ranged from 47 percent in 2014, to 40 percent in 2017. https://www.ifiar.org/activities/annual-inspection-findings-survey/, Annex B, p. B-3.
[14] Accenture Strategy, a unit of Accenture PLC, recently surveyed 700 finance leaders, with 60 percent of the leaders coming from companies with annual revenues between $1 billion and $5 billion. From Bottom Line to Front Line, Accenture (Sept. 2018). https://www.accenture.com/t20180910T083815Z__w__/us-en/_acnmedia/PDF-85/Accenture-CFO-Research-Global.pdf
[15] Id.
[16] Id.