Facilitating Investor Participation at the Standard-Setting Table

I. Overview

I want to thank Lawrence [Mundy] for the thoughtful introduction and the opportunity to talk with you today. You are a particularly important audience.[1] You help ensure that, among others, our firefighters, the police, teachers, and public employees have sound resources for retirement. They may not always know what you do, but they benefit from your hard work. Your accounting, auditing, and financial background provides unique insight and expertise into the importance of audit quality and the work done by the Public Company Accounting Oversight Board ("PCAOB").

Before I go further, I should note that the views I share are my own and do not necessarily reflect the views of the PCAOB, my fellow Board members, or PCAOB staff.

Today, I thought I would do two things.

First, I want to discuss your much needed involvement in our standard-setting efforts, and what more the PCAOB can do to enhance this role.

Second, I want to talk a bit about the purported "expectations" or "performance" gap with respect to fraud procedures and propose possible ways to bridge the gap.

II. The PCAOB and Standard Setting

The PCAOB and its oversight of the audit profession emerged out of scandal and crisis. The PCAOB received authority over auditors of issuers in Sarbanes-Oxley Act of 2002 ("SOX") following the collapse of Enron and WorldCom; and over auditors of broker-dealers in Dodd-Frank following the frauds perpetrated by Bernie Madoff and Allen Stanford.[2] The legislation ended self-regulation and authorized the PCAOB to conduct inspections, develop standards, and bring enforcement actions.

But merely listing the assigned functions does not begin to capture the magnitude of the transformation undertaken by Congress. The statutory framework instructed the PCAOB to act "to protect the interests of investors and further the public interest in the preparation of informative, accurate, and independent audit reports…"[3] That bears repeating, the PCAOB must protect the interests of investors and the public. This straight-forward articulation of the PCAOB's mission set in motion a profound shift in the approach to auditor oversight, particularly with respect to standards and standard setting.

Prior to the adoption of SOX, standards were for the most part determined by the profession,[4] with occasional intervention by the SEC,[5] Congress,[6] and the courts.[7] Irrespective of the catalyst, the profession held the drafting pen.[8]

With the creation of the PCAOB, the drafting pen changed hands. Moreover, as a consequence of the PCAOB's statutory mission, investors and the public earned a seat at the PCAOB's standard-setting table. To ensure that investors remained adequately involved, the PCAOB developed several mechanisms for collecting their views.

First, the PCAOB voluntarily agreed to submit proposed auditing and related professional practice standards, and its rules to the public for notice and comment. The notice and comment process is mandatory for federal agencies under the Administrative Procedure Act (or APA),[9] but the PCAOB is not subject to that law.[10] So, in providing an opportunity for public notice and comment, the PCAOB went beyond what the statute requires. The notice and comment process allows anyone to provide their views on the proposed standard or rule. The proposal and the comment letters received during the process are posted as part of a public record.

Second, the PCAOB created, and actively sought advice from, investors and the public through publicly-held meetings of advisory groups. The Standing Advisory Group contains representatives of multiple stakeholders, including investors.[11] Later, in 2009, the PCAOB added a specific advisory group targeting investors: the Investor Advisory Group. This body, consisting entirely of investors and investor representatives,[12] has routinely weighed in on proposed standards.

Third, active outreach became a part of the standard-setting process. The PCAOB's Office of the Chief Auditor communicates with investors and other stakeholders in connection with the standard-setting process.[13] PCAOB staff might do so through informal meetings, roundtables, or focus groups. More recently, the PCAOB created a direct point of contact for stakeholders, such as audit committees, preparers, and investors.[14]

The consequences of this change can be seen in the results. Investor participation has become apparent and highly influential. Changes to the auditor reporting model[15] generated a concept release, two rounds of proposals, and about 400 comment letters,[16] while changes to disclosures, which resulted in the identification of the engagement partner and the other auditors, generated another 200 letters.[17] They each received noticeable input from investors and both advisory groups. Significant differences in stakeholder viewpoints had to be addressed and the process took around six years in one case and seven in another to resolve. Ultimately, however, a new standard and new disclosures emerged that were approved by the SEC.[18]

Spurred by changes in the law and hard work by the staff, investors have earned a key role in the standard-setting process at the PCAOB. Some may argue that the strong presence of investor views has added complexity to the process and lengthened the time for completion, but in my opinion, the result is higher quality standards that better address the interests of investors and the public.

Integrating investor views into the standard-setting process, however, cannot be taken for granted. Investor contributions to the development of audit performance standards has been less robust.[19] The lack of investor participation creates a risk that the investor viewpoint will not be fully considered when the revised performance standards are ultimately adopted by the PCAOB.

The PCAOB, in my opinion, could do more to facilitate investor participation. The PCAOB can increase the overall transparency of the organization.[20] With organizational transparency, investors would become more aware of the activities at, and the reasoning process of, the PCAOB. In those circumstances, investors would presumably be more inclined to participate.

In addition, the PCAOB could be more proactive in seeking investor views by extending invitations to specific investor organizations, like this one, to meet with the full board. The PCAOB could also take a chapter from the Administrative Procedure Act (and the SEC) by providing a mechanism that allows investors and other stakeholders to publicly petition the PCAOB for changes in standards and rules.[21] Publicly posting petitions and any comments received would provide a forum for debate and discussion that could help identify and advance areas of concern to investors.

At the same time, investors should not rely exclusively on the PCAOB to ensure investor participation.[22] The post-Sarbanes-Oxley system of auditor oversight depends upon the public to help make certain that regulators remain accountable to their mission. Your role is vital. Don't leave it to us to reach out to you. Communicate with us directly, whether about standards that have been, or should be, proposed.

III. The Predictability of Unpredictable Fraud Procedures

Let me now turn to a specific place where your involvement can make a difference. The investor seat at the standard-setting table provides an avenue both to influence changes in, and help inform interpretations of, the standards. In this regard, I often hear concerns from investors about the auditing standards relating to the detection of fraud.

The concerns have sometimes been described as an "expectations gap", suggesting that investors don't fully understand the role of auditors in the fraud detection space and want more than the standards require.[23] Conversely, the concerns expressed have sometimes been described as a "performance gap", suggesting that the standards are adequate but that auditors underperform.

Let me see if I can bridge some of these "gaps." Specifically, I want to talk about the requirement in our standards for auditors to incorporate unpredictability into their procedures and your critical role in helping to ensure that audits meet this requirement.

A. Auditors and The Risk of Fraud

As everyone here knows, auditors do not give guarantees about the health and wellness of a corporate issuer. They can, however, provide investors with reasonable assurance that the financial statements are free from material misstatements, whether due to error or fraud.

Providing reasonable assurance from error mostly entails an approach that focusses on looking for mistakes. Think about how this might occur. Mistakes could result from human error, inadequate internal controls, misapplication of accounting standards, or reliance on incorrect assumptions.

In searching for mistakes, though, auditors do not look at everything. Instead, as our standards require, they focus on the areas of the financial statements that present the greatest risk of material misstatement.[24] Moreover, while materiality can be qualitatively important, firms typically compute quantitative thresholds that are predominantly based on the size of the company.[25]

So, in general, firms are not just looking for mistakes but, absent qualitative factors, big mistakes. And presumably, they will spend most of their time with accounts that have the greatest risk of material misstatement.

But remember, the auditor's opinion provides investors with reasonable assurance from all material misstatements — not only due to error but also to fraud. Looking for financial statement fraud can involve very different considerations than looking for mistakes.

First, fraud is intentional and, for the most part, deliberately concealed. Mistakes may not always be obvious but typically they are not deliberately hidden. Fraud is. That makes detection much harder.

Second, fraud can be hidden anywhere. Fraud can be in high or low risk accounts. While a risk based approach to an audit can focus auditors on a particular set of accounts, these may not be the same ones used to conceal a fraud.

Third, fraud is often material qualitatively, rendering the quantitative thresholds typically used by auditors far less relevant.[26] In fact, recognizing fraud early, particularly in modest amounts, can be critically important for both investors and for the auditor. Frauds often begin small, but often do not stay that way and, if not detected, can eventually lead to substantial harm to investors and creditors, even the bankruptcy or collapse of the company.[27]

B. Predictable Unpredictability

Those engaging in fraud can try to do so by localizing the misbehavior in places where the auditor is unlikely to go.[28] The standards address this risk by requiring that auditors incorporate "unpredictability" into the audit planning process.[29] Unpredictability makes concealment more difficult and has been described by the PCAOB as "important in responding to fraud risks."[30] In other words, firms should, as part of the audit, make an effort to look where they are not expected and test what is not anticipated.[31]

Academic research, however, suggests that the approach to unpredictability utilized by firms in an audit may sometimes become predictable. For one thing, audit plans may identify the same risks of fraud from year to year. The result may be reduced variation in the accounts examined, providing greater predictability about where the auditor will or will not go.

Academic research also suggests that, in response to identified fraud risks, audit firms may employ the same substantive procedures each year with little variation. In other words, the nature of the testing may not vary.[32] This could entail increases in the planned sample sizes without undertaking "effective modifications to a standard audit program, such as targeting procedures or samples in the fraud area."[33] Similarly, in testing the general ledger, engagement teams may use filters to search for possible fraud risk factors but do so in a predictable fashion, such as using the same filters, using a predictable rotation of filters, or limiting their applicability to the same accounts.

Academic research suggests that even our standards can push auditors towards some level of predictability.[34] The risk assessment process may nudge an auditor away from less material accounts or lower risk accounts.[35] Similarly, the standards contain a presumption that improper revenue recognition is a fraud risk.[36] But fraud can be hidden anywhere. To the extent auditors focus mostly on revenue, those committing fraud have an incentive to rely on non-revenue accounts.

C. Red Flags

The use of unpredictable procedures will potentially reveal risk factors or red flags that suggest the possibility of fraud. As a result, auditors also must apply professional skepticism and develop appropriate procedures to respond to these possibilities of fraud. [37]

The enforcement division at the PCAOB has brought cases for the failure to exercise appropriate professional skepticism upon the discovery of certain "warning signs" that "warranted heightened scrutiny." These have included last minute adjustments,[38] deficiencies in internal controls that increased the risk of fraud,[39] the treatment of errors discovered after issuance of the earnings release but before the audit report,[40] unusual payments to officers,[41] failure to assess "uncharacteristically large amounts . . . reported in the last week or two of the reporting period from unusual transactions",[42] and indications of the unreliability of documentation.[43]

Red flags are, of course, not proof of fraud.[44] Nor are all red flags the same.[45] They will often generate false positives. But they are matters that require additional consideration and analysis. And in doing so, auditors may find themselves having uncomfortable conversations with management. But these conversations are structurally necessary and a sign of an effective audit, something that ultimately benefits the issuer and the consumers of the financial statements.

IV. Steps Forward

So what can you do in this space?

Unpredictability is a critical element of the fraud detection process. Greater emphasis on unpredictability may or may not increase the detection of fraud. But by signaling that fraud can be less easily hidden, some may forego the effort. The primary benefit may well be the frauds avoided.[46] You therefore have an interest in helping to ensure that this element is properly executed.

You can do so through direct conversations with audit firms about their approach to these matters. Outreach by firms to the investor community seems to be increasing. The conversations can better help auditors incorporate elements of unpredictability into their selection of auditing procedures.

You can, as investors, encourage audit committees to engage in conversations with firms to better understand their approach to unpredictability and to emphasize the importance of this requirement. This does not mean a discussion of specific procedures employed in the audit but can entail a discussion about the need to incorporate elements of unpredictability in the nature, timing and extent of audit procedures.

V. Final Observations

Let me end by returning to the mission of the PCAOB and the seat for investors and the public at the standard-setting table. The PCAOB needs to hear from you.

Specifically, with respect to unpredictability, I would encourage you to bring any insights to the PCAOB. Remember, the PCAOB has the drafting pen and you have a seat at the table. The PCAOB could, if it wanted, look more often at the issue of unpredictability in the inspection process, and the PCAOB could potentially provide guidance on how to better fulfill the requirement. Your comments could very much contribute to these steps.

How might you do that? Write to us, talk to us, ask for meetings with the staff or the full Board to share your views. Push for more transparency.[47] Give us any insight you have into how we might better reflect the interests of investors and the public in our standards.

Why should you do this? Because you benefit. If we can make better decisions in this space, we will improve the quality of, and trust in, the corporate reporting regime and help you in your role ensuring the economic well-being of the hard working Americans that are counting on you for their retirement.

[1] I want to thank Wintana Kiflu, my intern during the Fall of 2019, for research on the history of changes to the audit and audit relevance, and for her valuable work and insight used in this speech.

[2] The Sarbanes-Oxley Act of 2002 created the PCAOB and required the auditors of U.S. public companies to be subject to external and independent oversight for the first time in history. See Pub. L. No. 107-204, 116 Stat. 745. The Dodd-Frank Wall Street Reform and Consumer Protection Act of 2010 amended the Sarbanes-Oxley Act and expanded the PCAOB's authority to include oversight of firms that audit broker-dealers. See Section 982 of the Dodd-Frank Act, Pub. L. No. 111-203, 124 Stat. 1376 (2010); see also Senate Report No. 111-176, Apr. 30, 2010 (accompanying S. 3217).

[3]See 15 U.S.C. § 7211 (2002) (mission of PCAOB to oversee "the audits of companies that are subject to the securities laws …in order to protect the interests of investors and further the public interest . . .".).

[4] Report, Conclusions and Recommendations, An Independent Commission established by the American Institute of Certified Public Accountants, at xii (1978) (Cohen Commission), available at 127 http://3197d6d14b5f19f2f440-5e13d29c4c016cf96cbbfd197c579b45.r81.cf1.rackcdn.com/collection/papers/1970/1978_0101_CohenAuditors.pdf ("That auditing standards are now set by a representative group of practicing auditors with wide experience provides assurance that other practicing auditors will generally be satisfied with the merits of the positions taken.").

[5] Report, Conclusions and Recommendations, An Independent Commission established by the American Institute of Certified Public Accountants, at xii (1978) (Cohen Commission), at 52 http://3197d6d14b5f19f2f440-5e13d29c4c016cf96cbbfd197c579b45.r81.cf1.rackcdn.com/collection/papers/1970/1978_0101_CohenAuditors.pdf ("Changes that appear to have originated with the profession are often the result of SEC suggestions or action.").

[6] Section 10A of the Securities Exchange Act requires, among other things, that the auditor of an issuer's financial statements report to the issuer's board of directors certain uncorrected illegal acts of the issuer, and that the issuer notify the Commission that it has received such a report. See 15 U.S.C. § 78j-1.

[7] See Rocco R. Vanasco, Clifford R. Skousen, & Richard L. Jenson, Audit evidence: the US standards and landmark cases, 16 Managerial Auditing Journal 207-2143 (2001) (discussing impact on auditing standards of the SEC and of "landmark cases").

[8] Prior to the creation of the PCAOB, The Auditing Standards Board (ASB) of the AICPA's developed and updated auditing and professional practice standards. The ASB routinely released exposure drafts for public comment.

[9] The Administrative Procedure Act (APA) governs the process by which federal agencies develop and issue regulations. See 5 U.S.C. § 551 et seq. (1946).

[10] While the PCAOB is not subject to the APA, the SEC is subject to the statue's requirements. PCAOB rules do not take effect unless approved by the SEC.

[11] The Board convened a Standing Advisory Group to advise on the development of auditing and related professional practice standards. The SAG includes auditors, investors, audit committee members, public company executives, and others. See https://pcaobus.org/Standards/SAG/Pages/default.aspx

[12] The IAG provided investors and their representatives with a separate forum to discuss audit related issues. A separate forum provided more opportunity for investor input and discussion. The IAASB does not have a separate advisory group for investors, although they participate on the Consultative Advisory Group. See https://pcaobus.org/About/Advisory/Pages/IAG.aspx

[13] See Discussion of Outreach Activities at the Board's March 22, 2011 open meeting, available at https://pcaobus.org/News/Events/Pages/03222011_OpenBoardMeeting.aspx. See also Concept Release on Possible Revisions to PCAOB Standards Related to Reports on Audited Financial Statements and Related Amendments to PCAOB Standards, PCAOB Release No. 2011-003 (June 21, 2011)("To obtain insight into the changes that investors and others are seeking to the auditor's report and how those changes could be incorporated into the auditor's report or the overall auditor's reporting model, the staff conducted outreach to investors, preparers, auditors, audit committee members, regulators and standard-setters, and representatives of academia from October 2010 through March 2011.").

[14] PCAOB Announces New Liaison for Investors, Audit Committees, and Preparers , May 29, 2019, available at https://pcaobus.org/News

[15] See AS 3101: The Auditor's Report on an Audit of Financial Statements When the Auditor Expresses an Unqualified Opinion (PCAOB Release No. 2017-001 and SEC Release No. 34-86269).

[16] See Docket 034: Auditing Standards on the Auditor's Report and the Auditor's Responsibilities Regarding Other Information and Related Amendments available at https://pcaobus.org/Rulemaking/Pages/Docket034Comments.aspx

[17] See Docket 029: Improving Transparency Through Disclosure of Engagement Partner and Certain Other Participants in Audits available at https://pcaobus.org/Rulemaking/Pages/Docket029Comments.aspx

[18] See SEC Release No. 34-86269.

[19] Refer to the PCAOB's Rulemaking Docket at https://pcaobus.org/Rulemaking

[20]For a discussion of the role of investors and the public in ensuring accountability, see J. Robert Brown, Jr., Board Member, PCAOB, Grading the PCAOB: Transparency, Accountability and Investor Protection, Fall Conference of the Council of Institutional Investors, Minneapolis, MN, Sept. 17, 2019, available at https://pcaobus.org/News/Speech/Pages/Brown-Grading-the-PCAOB-Transparency,-Accountability-and-Investor-Protection.aspx.

[21] Under the Administrative Procedure Act (APA), federal agencies must give "an interested person the right to petition for the issuance, amendment, or repeal of a rule". See 5 USC §553(e).

[22]For a discussion of the role of investors and the public in ensuring accountability, see J. Robert Brown, Jr., Board Member, PCAOB, Grading the PCAOB: Transparency, Accountability and Investor Protection, Fall Conference of the Council of Institutional Investors, Minneapolis, MN, Sept. 17, 2019, available at https://pcaobus.org/News/Speech/Pages/Brown-Grading-the-PCAOB-Transparency,-Accountability-and-Investor-Protection.aspx.

[23] The use of the phrase to suggest a lack of understanding by investors has long been subject to challenge. See Report, Conclusions and Recommendations, An Independent Commission established by the American Institute of Certified Public Accountants, at xii (1978) (Cohen Commission), at 52 http://3197d6d14b5f19f2f440-5e13d29c4c016cf96cbbfd197c579b45.r81.cf1.rackcdn.com/collection/papers/1970/1978_0101_CohenAuditors.pdf ("principal responsibility [for a gap in expectations] does not appear to lie with the users of financial statements. In general, users appear to have reasonable expectations of the abilities of auditors and of the assurances they can give.").

[24] PCAOB AS2110.04-.58 discusses the auditor's responsibilities for performing risk assessment procedures.

[25] Preeti Choudhary, Kenneth Merkley and Katherine Schipper, Auditors' Quantitative Materiality Judgments: Properties and Implications for Financial Reporting, Journal of Accounting Research, 2019.

[26] See Note, PCAOB AS 2810.17 ("As a result of the interaction of quantitative and qualitative considerations in materiality judgments, uncorrected misstatements of relatively small amounts could have a material effect on the financial statements. . . . a misstatement made intentionally could be material for qualitative reasons, even if relatively small in amount.").

[27] See Chapter 3 – Earnings Management and Fraud, Panel on Audit Effectiveness, Aug. 31, 2000, at 81 ("Some of the research, as well as anecdotal evidence, suggests that fraud often starts out small, like a trickle."), available at https://pcaobus.org/News/Events/Documents/09082004_SAGMeeting/Fraud_Attachment_1.pdf

[28] Jacqueline S., Hammersley, A Review and Model of Auditor Judgments in Fraud-Related Planning Tasks, 30 A Journal of Practice & Theory 101, 124 (Nov. 2011) ("This evidence corroborates experimental findings that auditors do not always change planned audit procedures based on risks identified and provides support for additional research examining the conditions that affect auditor performance.").

[29] They relate to the nature, timing and extent of their audit procedures. See paragraph .05c. of PCAOB AS 2301, The Auditor's Responses to the Risks of Material Misstatements.

[30] Staff Audit Practice Alert No. 12 September 9, 2014 ("Incorporating an element of unpredictability in audit procedures also is important in responding to fraud risks. Unpredictable audit procedures are more difficult for individuals looking to perpetrate a fraud to anticipate, which can make an intentional misstatement more difficult to conceal.").

[31] See paragraph 5c. of PCAOB AS 2301; see also PCAOB AS 2401.

[32] Steven M. Glover, et al, A Test of Changes in Auditors' Fraud-Related Planning Judgments since the Issuance of SAS No. 82, 22 Auditing: A Journal of Practice & Theory 237, 238 (2003) ("we do not find (pre- or post-SAS No. 82) evidence that auditors modify the nature of their planned tests in response to fraud risk… Our finding that the nature of planned tests do not change in response to fraud risk is consistent with recent research that similarly reports no association between fraud risk assessments and audit program effectiveness. . .").

[33] Jacqueline S., Hammersley, A Review and Model of Auditor Judgments in Fraud-Related Planning Tasks, 30 A Journal of Practice & Theory 101, 119 (Nov. 2011) (discussing article concluding that "audit seniors respond to increased awareness of fraud risk by increasing planned sample sizes, but seniors do not plan effective modifications to a standard audit program, such as targeting procedures or samples in the fraud area.").

[34] T. Jeffrey Wilks & Mark F. Zimbelman, Using Game Theory and Strategic Reasoning Concepts to Prevent and Detect Fraud, 18 Accounting Horizons 173, (2004) ("Audit standards require some specific procedures on all audits to minimize certain audit risks. . . . Although the objective of these procedures is to eliminate future fraud failures, one result is that a manager who is aware of these standard procedures can design a fraud that will not be detected by the procedures.").

[35] Kendall Bowlin, Risk-Based Auditing, Strategic Prompts, and Auditor Sensitivity to the Strategic Risk of Fraud, 86 The Accounting Review 1231, 1250, 1232 (2011) ("as auditors focus resources away from accounts they view as low-risk, opportunities for fraud grow among those accounts" and that "auditees might anticipate and exploit auditors' risk-based strategies").

[36] See PCAOB AS 2401.54.

[37] In re Jose Domingos do Prado, PCAOB Release No. 105-2016-032 (Dec. 5, 2016) ("under PCAOB standards, if an auditor identifies misstatements in the financial statements, the auditor should consider whether those misstatements are indicative of fraud; if fraud may be present, the auditor should perform certain additional procedures, even if the misstatements do not appear to be material to the financial statements.").

[38] In re Christopher E. Anderson, CPA, PCAOB Release No. 105-2008-003 (Oct. 31, 2008) (failure to consider last minute adjustments in revising assessment of risk of fraud).

[39] In the Matter of Wander Rodrigues Teles, Respondent. PCAOB Release No. 105-2017-007 March 20, 2017 (in determining fraud risks, firm should consider whether deficiencies in internal controls "increased the opportunity for fraud.").

[40] In re Thomas J. Linden, CPA, PCAOB Release No. 105-2009-004 (Aug. 11, 2009) (requiring analysis of qualitative factors including treatment of overstatement of assets, revenues and earnings that was discovered after public announcement of fourth quarter earnings but before filing of audited financial statements).

[41] In re Michael F. Cronin, CPA, PCAOB Release No. 105-2013-003 (May 14, 2013)

[42] In re Akiyo Yoshida, CPA. PCAOB Release No. 105-2014-024 (Dec. 17, 2014) ("Unusual yearend revenue and income often are particularly relevant. These might include, for example . . . uncharacteristically large amounts of income being reported in the last week or two of the reporting period from unusual transactions."); see also In re AWC (CPA) Limited, PCAOB Release No. 105-2016-016 (May 18, 2016) ("Despite the aforementioned red flags, Respondents failed to assess the risk of fraud related to these last-minute adjustments").

[43] In the Matter of Cutler & Co., LLC, and David J. C. Cutler, CPA, PCAOB Release No. 105-2017-003 February 23, 2017 ("Respondents failed to evaluate red flags concerning Sungame's unearned revenue. For example, Respondents reviewed receipts sent to Sungame's customers for their deposits, and realized that they lacked both customer contact information and terms, and might not be reliable.").

[44] See AS 2401.11 ("Documents may legitimately have been lost or misfiled; the subsidiary ledger may be out of balance with its control account because of an unintentional accounting error; and unexpected analytical relationships may be the result of unanticipated changes in underlying economic factors. Even reports of alleged fraud may not always be reliable because an employee or outsider may be mistaken or may be motivated for unknown reasons to make a false allegation."). See also Chris E. Hogan, et al, Financial Statement Fraud: Insights from the Academic Literature, 27 Auditing: A Journal of Practice & Theory 231, 237 (Nov. 2008) ("One of the major challenges in identifying fraud is that while symptoms of fraud ('red flags') are observed frequently, the presence of such issues is not necessarily indicative of fraud . . . and investigation of such anomalies usually results in a conclusion that fraud was not the underlying cause.").

[45] Jacqueline S., Hammersley, A Review and Model of Auditor Judgments in Fraud-Related Planning Tasks, 30 A Journal of Practice & Theory 101, 114 (Nov. 2011) (noting study that determined that "auditors rank red flags related to management characteristics and influence over the control environment as much more important to the fraud risk assessment than red flags related to operating, financial stability, and industry conditions.").

[46] The Panel on Audit Effectiveness Report and Recommendations, August 31, 2000 ("The intent of this recommendation is twofold: to enhance the likelihood that auditors will be able to detect material fraud, and to establish implicitly a deterrent to fraud by posing a greater threat to its successful concealment.").

[47] J. Robert Brown, Jr, Board Member, PCAOB, Issuer Disclosure in Settled Enforcement Actions at the PCAOB, CFA Institute's Corporate Disclosure Policy Council, Washington, DC, Sept. 6, 2019