Global Developments in Audit Oversight

Introduction

Thank you for inviting me to speak today. I am delighted to be here in São Paulo to share some thoughts with you about global developments in auditor oversight and audit quality. Before I begin, I must note that the views I express here today are my own, and do not necessarily reflect the views of the Public Company Accounting Oversight Board, other Board members, or the Board staff. Nor do the views I express today necessarily reflect the views of the International Forum of Independent Audit Regulators (IFIAR), its members, or its leadership. Now, with these disclaimers out of the way, let me add that although I have prepared remarks, I would like this to be a dialogue, and would greatly appreciate any questions you have. I find questions more useful and instructive than my talking at you interminably.

So how did we get to the current state of global audit oversight? Today, we live in an era of increasingly complex financial reporting, with expanded use of estimates in financial statements, and myriad new financial instruments and financing techniques. Auditing as a profession has changed accordingly, with parallel increases by audit firms in their use of technology, data mining, and analytics. Moreover, we are only at the beginning of what I believe will be a major transformation in how auditors do their job. Human resource management is also increasingly sophisticated, requiring staff with appropriate technical expertise to keep pace with the complexities of financial reporting. In addition, firms must coordinate and staff cross-border group audits that often span several languages, countries, and continents.

With these many changes have come equally important developments in auditor oversight, especially during the last fifteen years. These developments address a broad spectrum of issues, such as the expanded auditor's report; mandatory firm rotation; and developments in standards that require fair value measurement.

Independent Regulation Emerges from the Slow Demise of Self-Regulation

At the heart of all these developments in oversight are the birth, growth, and continuing advancement of independent audit oversight bodies around the world. These oversight bodies grew out of increased public demand for a more accountable and independent audit function, due to a seismic shift in oversight perspective in the early 2000's. It was at that time that dramatic accounting scandals shook the very core of the audit profession, which had been operating in the relative cocoon of a self-regulated, self-policing environment, with minimal disruptions.

Indeed, in the United States, the U.S. Securities and Exchange Commission, created by Congress in 1934, first began providing guidance in 1937 on accounting principles, but primarily focused on the orderly functioning of the securities markets and issuer requirements. The SEC largely left the auditing profession alone. By the 1960's, however, various accounting scandals reached the public eye, and scrutiny of the profession began to increase. Due to these scandals, throughout the 1970's and 1980's, the breadth and depth of self-regulation steadily expanded, and the precursors to independent audit oversight began to emerge. During these decades, the Financial Accounting Standards Board (FASB), the Public Oversight Board (POB), and Independence Standards Boards (ISB) were established, all entities that in one way or another served to strengthen the public perception of the auditing profession.

Despite these incremental advances in self-regulation, however, accounting firms still essentially policed themselves throughout the 1990's, and on into the new millennium. They continued to check each other's work through peer review, a system based on standards written by private standard-setting bodies. These private entities, if not proxies for the leading accounting firms, were at the very least recipients of their significant input and direction. Not surprisingly, their criticisms of the firms and individuals whose work they scrutinized were mild.

Enron, WorldCom, and the Creation of the PCAOB

The self-regulated auditor oversight landscape permanently changed in June 2002, when U.S. energy company Enron's auditor, Arthur Andersen, was convicted in a criminal proceeding in a U.S. federal court for obstruction of justice, for shredding documents related to its audit of Enron. Two weeks later, WorldCom, another Arthur Andersen client, collapsed in an accounting scandal, sending shock waves through world financial markets, and leading to the demise of the Arthur Andersen firm. To investors and U.S. lawmakers, the failures of Enron and WorldCom demonstrated that auditors' self-regulation was not working. The U.S. Congress concluded that the longstanding system of auditor quality oversight by the profession itself—peer review—was no longer sufficient, and substantial changes needed to be made.

And so, in July of that year, the U.S. Congress passed the Sarbanes-Oxley Act of 2002, which created the Public Company Accounting Oversight Board as an independent, not-for-profit body, to independently oversee the audits of U.S. public companies. Congress made its core mission to "protect the interest of investors and further the public interest in the preparation of informative, accurate, and independent audit reports" for U.S. public companies. The new law mandated that all issuer financial statements be audited by accounting firms registered and overseen by the newly-created Board.

The Independent PCAOB and its Investor Protection Mission

The Sarbanes-Oxley Act required that auditors of U.S. public companies be subject to external and independent oversight for the first time in history. By statute, the five members of the PCAOB Board are appointed by the U.S. Securities and Exchange Commission (SEC) to staggered five-year terms, meaning that one Board term expires each year. The SEC has oversight authority over the PCAOB, including the approval of the Board's rules, standards, and budget. To prevent dominance by the accounting profession, Congress provided that although two of the five PCAOB board members had to be CPAs, no more than two of the Board members could be. That leaves me and two of my fellow Board members, one of whom is the PCAOB's Chairman, as the standing majority of the Board—all lawyers by training and profession. The hallmarks of the PCAOB are undoubtedly its independence from the profession, its inspections program and its enforcement authority, but it carries out several essential core functions:

Registration of Firms

The first is to oversee and maintain the registration of audit firms, whether they are located in the U.S. or abroad, that file issuer audit reports with the SEC or play a substantial role in another audit firm's audit of an SEC issuer. In 2010, Congress also gave the PCAOB jurisdiction over auditors of registered brokers and dealers, and required all such firms to be registered. Today, over 2,000 auditing firms are registered with the PCAOB. Of these, a small majority, approximately 57% of firms, are located in the United States, while 43% are located outside the United States. These non-U.S. registrants come from 86 different jurisdictions around the world. In Brazil, there are 16 PCAOB-registered firms, including 13 located right here in São Paulo.

Standard Setting

The PCAOB's second principal function is to set auditing and other professional standards, a role that the PCAOB took over from the private standard-setters in 2002. The Board currently has an ambitious standard-setting agenda that tackles both old and new issues in auditing. These include, most recently, improving audit transparency through routinized disclosure of the name of the engagement partner, an expansion of the auditor's report, and a revised standard governing the use of other auditors.

The Board continually seeks to give a wide variety of stakeholders the opportunity to provide input on standards. Those stakeholders include investors, auditors, preparers of financial statements, other standard-setters and regulators, and other interested parties. The Board has a Standing Advisory Group composed of auditors, investors, public company executives and others, which provides advice on the Board's standard-setting agenda and related matters. The Board also utilizes an Investor Advisory Group, which provide its views and advice to the Board on broad policy issues and other matters, including, on occasion, matters relating to standard-setting. The Board also takes into account observations from its own inspections and its own enforcement activities, and also utilizes public roundtables, focus groups, and task forces as part of its standard-setting process. In the near-term, the Board anticipates standard-setting in several areas, including: going concern; accounting estimates (including fair value); the use of specialists; and revised quality control standards.

Inspections, Remediation, and Root Cause Analysis

The third principal function of the PCAOB, and undoubtedly the most well-known element of the PCAOB's work, is its inspections program. Since commencing inspections in 2003, the Board's staff has conducted over 2,500 inspections of firms that audit issuers or play a substantial role in audit reports. The PCAOB has conducted inspections both within the U.S. and in 46 jurisdictions outside the United States, including, as I noted before, inspections of firms registered here in Brazil. The Board is statutorily required to periodically inspect registered firms that issue and/or play a substantial role in the preparation or furnishing of an audit report with respect to at least one issuer.

Any audit firm with more than 100 issuer audit clients is inspected annually, and firms that provide audit reports for 100 or fewer issuers at least triennially. Currently, inspections are not randomly selected, but instead are selected on the basis of audit risk, focusing on issuers, industries, or firms where we believe the greatest risk of audit failure may lie. The Board has also developed an interim inspection program for auditors of securities brokers and dealers. This program has been operating since 2011, and most recently, in 2015, inspected 75 firms and portions of 115 audits.

Built into our inspections process is a root cause analysis. By this, I mean a deep analysis of the underlying causes that contributed to audit deficiencies. This work has been expanding to include selection by our inspection staff of specific quality-related events—both negative and positive occurrences. Inspectors then analyze these events looking for factors that contributed to the event. Through this analysis, our inspectors are beginning to see, among other things, that apart from the benefits of good issuer accounting and controls, those auditors with good project management skills—auditors who plan and execute phases of the audits in a timely manner and involve the appropriate people at the appropriate time—achieve better results.

The outward manifestation of the PCAOB inspection program is the publication of a report on each inspection. These reports identify audit deficiencies from a firm's public company audit engagements in Part I of the report, and weaknesses in a firm's quality control system in Part II of the report. Although Part I, illustrative of particular audit deficiencies, is publicly available on the PCAOB's website when finalized and approved by the Board, Part II of the report only becomes public if the firm fails to satisfactorily remediate the quality control criticisms within a 12-month period. This remediation period allows firms to improve and fix systemic quality control issues, and potentially to avoid public Part II findings.

The Board expects firms as a matter of course to perform their own root cause analysis as part of their monitoring procedures, as required by the PCAOB's quality control standards. We also expect them to consider the "systemic causes" of audit deficiencies, and take corrective actions to address the systemic causes rather than merely addressing the episodic manifestations of the problem. Remedial actions undertaken without fully understanding all of the causes and underlying problems that contributed to a particular problem or deficiency are less likely, in my view, to prevent similar deficiencies from occurring in the future.

Last year, the Board's staff conducted over 200 inspections in countries around the world. To date, we have carried out inspections in 46 foreign jurisdictions. In 18 of those jurisdictions, we conduct our inspections jointly with a local audit oversight body, which greatly enhances our understanding of local risks and gives local regulators broader information about firms' global operations. Here in Brazil, although we do not currently have a formal information sharing agreement in place between the PCAOB and CVM, we strongly value our bilateral working relationship, and CVM inspectors have on many occasions sat in as observers of local PCAOB inspections in Brazil, and had a chance to see firsthand how the PCAOB inspections process operates.

Enforcement

Our final core function is to conduct investigations and enforcement proceedings. The Board has the authority to impose disciplinary sanctions, including barring auditors, both firms and individuals, from public company auditing, and imposing substantial monetary penalties. Through the first quarter of 2016, the Board has publicly announced the resolution of 160 enforcement proceedings, including 125 sanctions against firms, with 64 revocations of firm registrations with the Board, and 112 sanctions against associated persons, resulting in 86 bars and 11 suspensions.

Enforcement gives teeth to our standard-setting and inspection activities, and provides an important means of making audit firms and professionals aware of potential trouble spots that appear more likely to trip up firms, ranging from independence violations to improper document alteration in connection with an inspection or investigation. On that point, although one would think document alteration cases would have gone away, given the well-known adage that "the cover-up is worse than the crime," such alteration continues nonetheless to occur at firms, and the Board continues to police these violations. To date, the Board has issued 18 disciplinary orders for failure to cooperate with inspections, as well as 16 disciplinary orders for failure to cooperate with a Board investigation, many of which included improper document alteration. I am hopeful that auditors will get the message that cooperation with the PCAOB's inspections and investigations will always be an expectation of the Board, and that the consequences of noncooperation may be even more severe than an underlying audit failure, as many have learned the hard way. Indeed, through the 18 disciplinary noncooperation orders I mentioned, the Board has revoked the registration of 15 firms and has sanctioned 33 individuals, including barring 27 individuals and suspending two others.

International Focus

Apart from our core operational functions, the PCAOB has an international focus that I consider essential to its success. Indeed, the PCAOB does not operate in a global regulatory void, although it may have seemed that way a bit at the beginning. In 2002, when the PCAOB was created, the United States had no experience with comprehensive regulation of the auditors of public companies that was independent of the profession itself, and many other countries were similarly situated. Indeed, Sarbanes-Oxley was initially seen by many outside the U.S. as an American response to a uniquely American problem. But shortly after Enron and WorldCom, a series of major accounting failures were uncovered at non-U.S. companies, such as Parmalat, Vivendi, Hollinger, Ahold, Royal Dutch Shell, and others. As a result, many other countries began to adopt independent audit supervisory regimes, or strengthen existing entities.

Today, nearly 15 years after the creation of the PCAOB, almost all advanced or emerging market countries have an independent audit regulator. These regimes differ in scope and operational structure. Some, like the PCAOB, are independent agencies; others, like Brazil's CVM, are housed in the government securities regulator. But they share certain common attributes: they are either government agencies or bodies that are independent of the audit profession; they conduct regular inspections of audit firms; and, in some cases, they possess disciplinary, licensing and standard-setting powers.

I see the spread of independent audit regulation as a real opportunity. I believe that cross-border cooperation is fundamental to strengthening audit quality globally, and needs to be a continuing priority for the PCAOB. My experience is that, as audit regulation advances around the world, the level of coordination between national authorities deepens. The kinds of advancements in audit regulation I understand are happening here in Brazil are also being mirrored by regulators around the world, which brings me to another important landmark in the maturity of audit oversight—the increasingly global sharing of knowledge to improve audit quality, a crucial development that I think will be a real driver of change in the coming years. As I mentioned before, the PCAOB maintains bilateral contact with many jurisdictions around the world, including your CVM, and we look forward to the continuation and deepening of this important relationship.

IFIAR

To that end, the PCAOB is proud to have a leading role in the International Forum of Independent Audit Regulators (IFIAR), which was established in September 2006 with the aim of allowing audit regulators to share with one another their knowledge of the audit market environment and the learnings from their inspection and enforcement activities.

As outlined here, IFIAR focuses on sharing the practical experience of independent audit regulatory activity (with a focus on inspections of auditors and audit firms); promoting collaboration and consistency in regulatory activity; and providing a platform for dialogue with other international organizations that have an interest in audit quality. IFIAR's activities are accomplished primarily through various working groups. I previously served as IFIAR's Chair, and now serve as the Chairman of the Global Audit Quality (GAQ) Working Group.

As this slide indicates, IFIAR has a wide-ranging geographic presence, and has had a diverse presence from the very beginning. Brazil's CVM was one of the 17 founding IFIAR members, and remains today the sole Latin American member. Since 2006, IFIAR has been growing very quickly, and as you can see, a total of 51 national independent audit oversight bodies are now members of IFIAR from around the world. Of the utmost importance is IFIAR's key membership requirement—that only regulators that are truly independent of the auditing profession are eligible for membership.

IFIAR has always been international, but over the years has continually rotated among its Chairs and Vice Chairs the responsibility for running IFIAR's Secretariat function. I am pleased to be able to say that in April of this year, IFIAR members approved establishing IFIAR's permanent Secretariat in Tokyo, Japan, a milestone event that will provide a lasting organizational continuity and permanent base of operations. IFIAR also approved implementation of a new Board-led governance structure as of April 2017, which will enhance IFIAR's organizational capabilities.

To this end, in June 2015, IFIAR developed a Multilateral Memorandum of Understanding (MMOU), with the goal of facilitating cooperation in the exchange of information among members regarding auditor oversight. Two years in the making, the MMOU seeks to improve the quality of public company audits through enhanced information sharing among members. The MMOU is intended to provide a framework for cooperation among IFIAR members; maximize cooperation through a flexible approach; and work within the scope of existing authorities so as not to require any member to change its regulatory regime. I expect the first IFIAR Member countries to formally sign the MMOU later this year.

IFIAR Global Survey of Inspection Findings

A significant development for IFIAR back in 2012 was the publication of its first global survey of inspection findings. The survey began with the goal of informing regulators, investors, the financial community, auditors, and the public about the current state of inspections of audits of public companies, including financial institutions, around the world. This survey also enabled IFIAR to respond to a request from the Financial Stability Board for information on inspection findings at Global Systemically Important Financial Institutions (G-SIFIs) and Systemically Important Financial Institutions (SIFIs), including global systemically important banks (G-SIBs). IFIAR has since conducted the survey annually. In addition to tracking changes in findings, these surveys provide a helpful reference point for discussion among regulators and with the audit firms about topics such as the root causes underlying the inspection findings, and what practices are most effective in reducing the audit deficiencies.

2015 Survey Results

The Report on 2015 Survey of Inspection Findings, the most recent IFIAR Survey results, was released in March of this year. A total of 35 IFIAR members reported findings in three categories of audit firm activities: highlighted here are the number of inspected audits of public interest entities listed on a national securities exchange (PIEs); and the number of inspected audits of major financial institutions, designated as audits of systemically important financial institutions (SIFIs, including G-SIFIs and G-SIBs). As you can see, there is a considerably larger pool of PIE audits compared to SIFI audits. This makes the year-over-year changes for SIFI results somewhat more erratic, but also notable in itself, as it reminds us that despite the importance of SIFIs to the global financial markets, there are a relatively small number of SIFIs worldwide. The Survey also addressed internal systems for firm-wide quality control, that is, inspections of the audit firms' own quality control systems, which I will get to in a moment.

Of course, like all data sets, several caveats apply. The purpose of IFIAR's Survey is not to measure empirically the changes in audit quality. This reflects, in part, the risk-based approach to inspections undertaken by many IFIAR Members, which do not inspect all audits conducted by an inspected firm; rather, they select and examine a sample of audits that may not be a representative sample of a firm's work. Regulators often select inherently more complex areas, and do not necessarily inspect all of the themes included in the Survey. As such, it would not be appropriate to extrapolate the Survey results to form broader conclusions about the frequency of deficiencies throughout the firms' audit practices—the conclusions based on a non-representative sample could be quite misleading.

Further, IFIAR is always playing catch-up on timing because of the timing of audit inspections vis-à-vis current year audits and the timing of the Survey itself. So the Survey is a lagging indicator, in some cases lagging by as much as three years, and is not a real-time snapshot. IFIAR and its members recognize that actions taken by the firms now, or that are already underway, may not necessarily be reflected in the results of the next Survey.

As we see here, the results concerning the number of inspected PIE audits with findings were proportionally consistent when comparing the 2014 results to the 2015 results, with fewer PIE audits inspected in 2015 and fewer audits with at least one finding in 2015. Overall, however, improvement in the frequency of inspections with findings was not nearly as substantial as one would hope. Indeed, the percentage of inspected listed PIE audits with at least one finding remains at an unacceptably high rate—43% in 2015, down only slightly from 47% in 2014.

As reflected here, the Survey found the highest number of audit inspection deficiencies in areas that are not entirely surprising—internal control testing, fair value measurement, revenue recognition, and risk assessment – all topics among the core building blocks of audited financial statements. These four most frequent areas of findings generally remain consistent with prior Surveys, although Risk Assessment has joined the top four just this year.

The chart here lays out the frequency of various inspection themes. "Frequency" refers to the percentage of audits inspected that had a finding. Notably, while one might naturally expect to see a fair percentage of findings in complex areas such as the audit of allowance for loan losses and loan impairments, as shown here (and SIFIs are included as part of the PIE universe, so long as they are listed), one might not expect to see such a high figure of 19% in Inventory, which, although occasionally complex, most would consider considerably more straightforward. So there is much work to be done.

Fourteen IFIAR members submitted SIFI findings, including those designated as G-SIFI by the Financial Stability Board (FSB), and 96 SIFI audits were inspected. Of these, 49 SIFI audits had at least one finding (51%), which is up from 41% in 2014. As I mentioned before, the population of inspected SIFIs is substantially smaller than that of PIEs, so I take less stock in the year-over-year variations for the SIFI numbers than the numbers for PIE audits.

For SIFIs, the rate of deficiencies, measured as the percentage of all inspected audits with at least one finding, boils down to these top four areas, as follows:

  • Audit of allowance for loan losses and loan impairments (51%)
  • Insufficient challenge and testing of management judgments and assessments (42%)
  •  Internal control testing (40%)
  •  Valuation of investments and securities (27%)

Although this chart is organized in order of percentage of findings, the survey found the highest total number of SIFI deficiencies to be similar—-related to internal control testing, auditing of allowance for loan losses and loan impairments, auditing the valuation of investments and securities, and use of experts and specialists.

Response of the Global Audit Quality (GAQ) Working Group

As part of IFIAR's work to address head-on these recurring Survey findings, IFIAR's Global Audit Quality (GAQ) Working Group, which I chair, engages in an ongoing dialogue with the six largest firm networks at the global network level, with the objective of improving audit quality on a global basis. The nine GAQ Working Group members are the IFIAR Members from Australia, Canada, France, Germany, Japan, the Netherlands, Singapore, the United Kingdom, and the United States of America. The six firms with which the GAQ Working Group meets are those firms that are members of the Global Public Policy Committee, or the "GPPC". They are BDO International Limited, Deloitte Touche Tohmatsu Limited, Ernst & Young Global Limited, Grant Thornton International Limited, KPMG International Cooperative, and PricewaterhouseCoopers International Limited.

From these efforts, the GAQ Working Group and the GPPC networks have identified four focus areas for examination that come up on a consistent basis in the survey year-after-year (currently ranking in the 2015 Survey as #1, 2, 4, and 7 on the number of findings): internal control testing, fair value measurement (including management estimates), revenue recognition, and group audits.

To provide a means to measure progress, for the first time the GAQ Working Group has set a measurable target for the reduction of PIE audits with findings: a reduction of at least 25 per cent in the next four years in audits with at least one finding as reported by the members of the GAQ Working Group. The GAQ Working Group will measure progress specifically related to findings reported by the nine members of the GAQ Working Group. For audits inspected by these members and reported in the 2015 Survey, 39% of inspected audits of listed PIEs had at least one finding (the findings frequency for listed PIE audits inspected reported by all IFIAR members participating in the 2015 Survey was 43%).

The GAQ Working Group expects that, within four years, the number of listed PIE audit engagements with one or more inspection finding should decrease from this level by at least 25% (to 29% or lower) on an aggregate basis across the firms that are part of the GPPC networks. Future IFIAR surveys will provide the information used to measure the firms' aggregate progress. IFIAR recognizes that inspection findings are not the sole measure of progress in audit quality. The 25% reduction goal provides a measurable target for the firms' combined efforts to improve audit quality. IFIAR believes that the firms' achievement of the minimum 25% goal would be a meaningful indication of progress along the longer-term path toward greater improvement in audit quality.

The survey report does not focus as much on the QC findings, but certainly in order to make progress in decreasing findings on the engagement level, foundational improvement in firms' quality controls will be necessary. Although firms are putting a lot of time and resources into QC findings and root cause analysis as a means of addressing QC deficiencies, we are still in the relative infancy of this process, and much more work will be needed to push improvements in global audit quality, particularly out to the network affiliates around the globe. As this slide reflects, for the QC Systems inspection, 33 Members submitted findings concerning 101 inspected firms.

The inspection themes with the greatest number of findings were:

  • Engagement Performance (total findings: 222) (inspected firms with findings: 59%)
  • Human Resources (77) (40%)
  • Independence and Ethical Requirements (73) (36%)
  •  Monitoring (63) (33%)

The total number of QC findings reported in the 2015 Survey did decrease, continuing a trend from the 2014 Survey.

To close out the IFIAR survey results, this slide illustrates by inspection theme in QC findings the decrease in the percentage of firms with findings. As I have said, this is a good thing, but the finding levels are still too high, and improvements need to be pushed out globally.

Other IFIAR Initiatives

Cooperation with FSB and Other Entities

Apart from publication of the annual survey, IFIAR prizes its interaction and cooperation on audit-related matters with other international organizations. IFIAR actively engages with the FSB, and participates regularly in a FSB work stream project on external audit quality for SIFIs, to improve the quality of banking audits worldwide. In addition, IFIAR consults with its members' bank audit inspection experts to gather information to share with the FSB. IFIAR also meets with the Basel Committee on Banking Supervision (BCBS) and the International Organization of Securities Commissions (IOSCO). IFIAR expects in 2016 to meet with IOSCO and its Audit Quality Task Force to identify projects of mutual interest. IFIAR will continue to invite representatives from these organizations to IFIAR's annual Plenary Meetings, and welcomes opportunities to attend meetings of these and other organizations dealing with audit-related matters.

Coordinated Inspection of a Single Issuer

Over the past two years, the GAQ Working Group has taken steps to identify issues particular to group audits by coordinating multi-jurisdictional inspections of a group audit. One purpose for coordinating learning from multi-jurisdictional inspections is to enhance the understanding of the practical aspects for regulatory cooperation in the context of a group audit, including legal and operational considerations. A second purpose is to understand better how a group audit is carried out in practice by the global networks, and to establish whether the current methods used by the global networks to conduct group audits give rise to specific risks for audit quality. The PCAOB, for its part, recently released in April a proposed rule that addresses the use of other auditors in an audit, meaning the use of auditors outside the firm that will sign the audit report, I am hopeful the proposed rule will give more certainty to auditors leading and participating in group audits.

Comments on Standard-Setting Projects

IFIAR also contributes to the standard-setting projects of the International Auditing and Assurance Standards Board (IAASB) and International Ethics Standards Board for Accountants (IESBA), by providing comment letters on proposed standards, with a strong emphasis on whether the proposed standard establishes clear requirements, is enforceable, and is in the public interest. IFIAR has delivered six such comment letters in the past two years. IFIAR will continue to prepare such comment letters going forward, thereby aiming to improve the effectiveness of its input into the IAASB and IESBA by having more frequent discussions with them. This will include, where possible, providing input on commonly found audit quality observations from its Members early in the standard-setting process. IFIAR will also continue its participation in the Monitoring Group, which monitors public oversight of the standard-setting boards, including the IAASB and IESBA.

Meeting with Global Firm CEOs at IFIAR Plenary Meetings

IFIAR representatives also meet at least annually with the GPPC network firms, and IFIAR plenary sessions have included constructive dialog and interface with global firm CEOs. The CEOs are quite engaged, and discuss different topics every year, and give IFIAR members insight into the objectives of, and tone at the top of global firm leadership. These sessions also provide global regulators who are members of IFIAR access to the type of dialogue with global firm leadership that they might not routinely see because their contact with the firms typically is more limited to the network firms in their home countries. So it really is a tremendous opportunity, and a very interesting forum every year that is unique in the universe of auditor oversight.

Meetings with Investors

Similarly, IFIAR plenary sessions have also included periodic meetings with investor representatives, with the goal of engaging in thoughtful dialog on key audit quality issues. This investor dialogue was started by my colleague, PCAOB Board member Steve Harris, as part of the IFIAR Investor and Other Stakeholders Working Group. Recently, the program has expanded to engage audit committee members as fiduciaries of investors, and an advisory group has been formed of individuals who more frequently engage with audit matters. Their unique perspectives look to be very helpful is providing a running commentary from an investor perspective rather than a series of brief interfaces with particular investors that are limited in scope and duration. I think this will be a great asset to the working group going forward and look forward to its progress. As you can see, IFIAR is active in many areas, and I invite you to take a look at the full report of the survey results, which is available on IFIAR's website, at www.ifiar.org.

Other Significant Changes in the Profession

Impact of Firm Rotation – Rules and Consequences

Many countries' regulatory schemes require some form of mandatory firm audit rotation. Some countries require only certain types of companies to rotate audit firms, while others require it more broadly, such as for all listed issuers. This idea has received increased exposure worldwide. Following a well-publicized 2010 green paper, the EU passed in April of this year a requirement that PIEs change auditors after a period of 10 years ((EU) No. 537/2014). This period can be extended to 20 years if the audit is put out for bid, or 24 years in instances of joint audits, in which more than one firm conducts the audit. The new EU requirement comes into force very soon, on June 16, 2016.

As I understand the rule in Brazil, audit firms must rotate every five years for listed companies and both listed and unlisted insurance companies; whereas certain listed financial institutions regulated by the Central Bank are not subject to such "Firm Mandatory Rotation" (FMR). One might ask, has the FMR rule here in Brazil achieved the desired effect of improved audit quality through a fresh and increasingly skeptical look by new auditors? Has the benefit of any increased objectivity outweighed the costs of a routinized sacrifice of an auditor's deep understanding of a client's particular system and business practices? I suspect that we will not know the answer to that question for some time.

In looking for academic papers on the subject, I came across one, Rotation of Independent Auditors and Analysis of Their Reports Before and After Rotation in Brazil, an April 2014 research paper by authors Lopo Martinez Antonio and Aldecir Basseti, that seemed to suggest that the rotation of auditors "did not assure the preservation of independence," nor was there any evidence of increased audit quality. Interestingly, they found that the rule did lead "to reduced concentration" in the market, with greater participation by smaller firms. Certainly no one paper is dispositive, and I am curious from those here, and my fellow panelists, what their own experience has been, and whether they feel mandatory rotation in Brazil has improved audit quality, or reduced independence issues.

I also have no doubt, with Brazil as a trendsetter in this area, that there are other studies underway concerning Brazil's experience that will help answer the question of whether audit rotation is helpful, or whether in fact audit deficiencies increase when auditors are changed more frequently due to the disruptive effect of a new auditor. Certainly, it seems to me that a greater frequency of mandatory rotation carries with it a greater risk of that disruption, but what is the optimal time period? Perhaps comparison of the EU 10-to-24-year model and the Brazilian five-year model some years hence will be helpful in assessing what auditor tenure is optimal for audit quality.

Changes in the Auditor's Reporting Model

Another recent development in global auditor oversight has been the concept and implementation of the expanded auditor's report. In May of this year, in the culmination of several years of effort, the PCAOB reproposed for public comment a revised auditor reporting standard. The revised standard is intended to enhance the auditor's report, to make it more informative for investors by requiring auditors to provide information on what are termed critical audit matters (CAMs). The reproposed standard would require a description of these CAMs, which would include audit-specific information about especially challenging, subjective, or complex aspects of the audit, along with references to the relevant financial statement accounts and disclosures. This would include a description, for identified CAMs, of the principal considerations that led the auditor to determine that the matter is a CAM, an account of how it was addressed in the audit, with reference to the relevant financial statement accounts and disclosures.

In the United States, this is the most significant change to the existing auditor's report in decades, and a considerable expansion of the binary pass/fail model. In addition, the proposed standard requires disclosure of auditor tenure, information which ultimately may or may not be helpful to investors, but will at least be standardized and centralized in terms of investor access to this information. The reproposed standard will also ensure that U.S. financial reporting both keeps pace with and leverages insights gained from the expanded auditor reports that are being put in place globally by other regulators and standard-setters, including the International Auditing and Assurance Standards Board (IAASB), the European Union (EU), and the Financial Reporting Council in the United Kingdom (FRC).

Although the regulatory frameworks of these other jurisdictions are not the same as in the U.S., and the details of the non-U.S. initiatives vary, they each ultimately have pursued a goal of communicating more information about audit-specific matters in the auditor's report itself, and departed from the traditional binary pass/fail model previously in use in those jurisdictions.

To be more specific, in September 2014, the IAASB adopted changes to the requirements for the auditor's report, including a new requirement for the auditor to communicate "key audit matters" for audits of listed companies, effective for audits of financial statements for periods ending on or after December 15, 2016. The IAASB's standard is most similar to the PCAOB reproposal because it requires the auditor to communicate key audit matters selected from matters communicated with those charged with governance.

In April 2014, the EU adopted legislation creating a number of new PIE audit report requirements, including a description of the most significant assessed risks of material misstatement, including assessed risks of material misstatement due to fraud, as well as a summary of the auditor's response to those risks and, where relevant, key observations arising with respect to those risks. In addition, the EU reforms, like the PCAOB reproposal, require disclosure of auditor tenure.

In June 2013, the FRC originally led the charge in expanded reporting by revising its auditor reporting requirements for entities that apply the UK Corporate Governance Code, which had become effective for audits of financial statements for periods beginning on or after October 1, 2012. Quite recently, in April 2016, the FRC adopted a final rule updating its 2013 auditor reporting requirements to incorporate the recent EU and the IAASB requirements. Under the final rule, the FRC adopted the IAASB's definition of key audit matters, and identified risks of material misstatement, as determined under both its existing requirements and those of the EU, as key audit matters under that definition. This rule is effective for audits of financial statements for periods beginning on or after June 17, 2016.

With respect to the PCAOB's reproposal, one of the things the Board and its staff were most careful with in the preparation of this standard is to make sure that management remained the primary, if not sole source of original information about the company. In my view, company information, both financial and otherwise, and its disclosure is the responsibility of management, not the auditor. To blur that responsibility by putting part of it on the auditor could only lead to confusion and mischief. The Board has been careful in this new standard to make sure that the auditor's basic assertion about the fair presentation of the financial information remains unchanged and that additional information is confined to what the auditor did in the audit and the principal reasoning behind key facets of the audit—all activities within the exclusive purview of the auditor.

Effects of Evolution of Audit Firm Activities: Non-audit Activities

Audit firm activities have also been rapidly changing with the rapid growth of non-audit practices, an ever-increasing source of revenue and more to the point, increased profitability, for the larger firms that are heading this direction. Is this a good thing or a bad thing? In my view, it is a mixed blessing. These changes are probably inevitable with the rapid changes and improvements in information technology and areas of newly developed expertise, and perhaps may be slow in being phased in and widely accepted, but ultimately cannot be avoided.

If my assumptions hold true, these technologically-based non-audit and non-prohibited consulting services will continue to be a separate, but increasingly important, revenue stream. The question then becomes whether, and to what degree, audit firms will bring their specialized professionals—the people who work largely on the consulting side—to add value to the audit side of the practice. It would be quite bad, in my view, if the auditor came to be perceived as an imperfect factory second, and consequently auditing attracted second-rate talent compared to non-audit services, without any skilled support. I don't think this will happen because the audit continues to be valued by investors and the financial markets, and things like the expanded auditor's report will, in my view, serve to maintain the importance of the audit and auditor in the financial regulatory scheme. But it is something to keep in mind as the next generation of auditors competes, to some degree, for a share of firm profits, the lure of which always runs the risk of returning to the kinds of linkages and lack of auditor independence that led to Sarbanes-Oxley and prohibitions on certain non-audit services in the first place.

Conclusion

I have made remarks on a variety of topics this afternoon, which I think is a testament to the breadth of changes to audit oversight in recent years, and the increased focus on improving audit quality globally. I would like to thank the sponsors and supporters of this conference, and especially IBRACON (Instituto dos Auditores Independentes do Brasil), and its President, Mr. Idésio Coelho, for inviting me to São Paulo to speak with you today. I now turn it over to our moderator, Mr. Carlos Sousa, Partner of PwC Brazil and IBRACON Director of Professional Development, and our discussant, CVM Commissioner Mr. Roberto Tadeu Antunes Fernandes, to follow up with any reactions or comments they may have, or follow-up questions, and to facilitate any questions from the audience, which I am glad to answer, whether they concern the work of the PCAOB, the IFIAR GAQ working group, the results of the 2015 IFIAR survey of inspections findings, or any other topic that you think would complement our discussion. Thank you again for your kind attention.

Related Topics