Keynote Address
Good Morning,
First, let me thank you for inviting me to speak here today in the beautiful city of Charleston. I am pleased to have been included among such an impressive group of speakers at an event hosted by this historic institution, which trains the leaders of tomorrow, whether in business, the military, education or other areas.
I am a member of the Public Company Accounting Oversight Board and am based in our headquarters in Washington, D.C. Unlike the Citadel, with its long and distinguished history, the PCAOB is just over a decade old, having been created by Congress through the passage of the Sarbanes-Oxley Act of 2002 ("Sarbanes-Oxley Act"). Our mission is to oversee the audits of public companies in order to protect investors and the public interest by promoting informative, accurate, and independent audit reports. We also oversee the audits of broker-dealers, including compliance reports filed pursuant to federal securities laws, to promote investor protection.
The PCAOB began operations in April 2003 and has four main responsibilities:
1. Registration of public accounting firms;
2. Inspections of registered public accounting firms;
3. Setting of auditing standards for the audits of public companies and broker-dealers; and
4. Investigations and disciplinary proceedings in cases where auditors may have violated the securities laws or applicable standards or rules.
Today, I will provide a little more background about the PCAOB, along with some of the work we are doing that relates to public company directors and management. But before I go further, I should tell you that the views I express today are my personal views and do not necessarily reflect the views of the Board, any other Board member, or the staff of the PCAOB.
Background
Many of you probably know that the PCAOB was created in the wake of some of the largest and most infamous accounting fraud scandals in this country's history. Companies like Enron, WorldCom, Tyco, Adelphia and Xerox were in the news almost daily. At one time, these companies were rising stars. Unfortunately, the impressive financial results these companies reported, even after they were audited by a major public accounting firm, turned out to be erroneous and, in some cases, fraudulent. After the collapse of Enron, concerns about the effectiveness and accountability of that company's external auditor revived long-standing questions about the governance and independence of the public accounting profession. People questioned whether auditors could be sufficiently independent if they are hired and paid by management of the companies whose financial statements they are expected to audit. In addition, auditors were not subject to comprehensive government regulation, nor was their work subject to any other independent oversight. Although many firms participated in a peer review system, critics believed that these reviews were not sufficiently rigorous or independent to provide any real incentive for improvement.
When the bankruptcy of WorldCom followed soon after the collapse of Enron, Congress acted quickly to establish the PCAOB and impose a series of other requirements on public companies in order to revive confidence in the U.S. securities markets. In addition to establishing the PCAOB, the Act included a number of provisions intended to enhance the independence of auditors from company management. For example, the Act required that audit committees, not company management, appoint, compensate and oversee the work of the independent auditor. The Act restricted audit firms from performing certain types of non-audit services for their audit clients. And beyond these provisions related to auditors, the Act included a series of measures designed to improve corporate governance at public companies, including requirements that management certify the accuracy of reported financial statements and assess the effectiveness of the company's internal controls over financial reporting. The law also requires auditors to report on management's assessment of its internal controls.
The PCAOB began operations in April 2003 and is led by a five full-time Board members, each of whom is appointed by the U.S. Securities and Exchange Commission ("SEC") to a five year term (with a maximum of two terms permitted). As mandated by the Sarbanes-Oxley Act, two of the five Board members must be Certified Public Accountants, and I was appointed in 2011 to fill one of these CPA positions. We operate under the oversight of the SEC, which, in addition to appointing Board members, must approve our budget and any rules and standards issued by the Board.
Since 2010 and the passage of the Dodd-Frank Wall Street Reform and Consumer Protection Act, the PCAOB also has had oversight authority over the auditors of brokers and dealers.
Currently, almost 2200 public accounting firms are registered with the Board, including over 900 foreign firms from 85 jurisdictions.
Since commencing operations in 2003, the PCAOB has, among other activities:
- Conducted over 2500 inspections of firms that audit issuers, including inspections in 44 jurisdictions outside the United States;
- Conducted over 175 inspections of firms that audit broker-dealers under an interim inspection program that began in 2010;
- Issued 18 auditing standards and substantially amended a number of others, including a standard addressing the auditor's responsibilities with respect to the company's internal controls over financial reporting;
- Sanctioned dozens of firms and individual auditors for violations of applicable federal laws, auditing standards, and SEC or PCAOB rules; and
- Issued public reports summarizing inspection findings, staff audit practice alerts to provide insight into common audit deficiencies or difficult audit issues, and other publications intended to provide information to the public and transparency about our work.
Outreach
In order to accomplish our objectives effectively and efficiently, and in the interest of transparency, the Board has made it a priority to conduct extensive outreach to the many stakeholders affected by our work. Of course, we provide ample opportunities for public comment on all of our rulemaking and standard-setting projects. This includes not just a process inviting written comments, but also round table discussions hosted by the Board on particular standard setting projects. For example, last year, the Board hosted a round table discussion focused on the Auditor's Reporting Model project, seeking input about a potential new requirement for auditors to disclose more information about individual audits.
In addition, we have long had a Standing Advisory Group — made up of investors, auditors, audit committee members, financial statement preparers, academics and others — to provide advice to the Board in connection with our standard setting activities. Several years ago, the Board also established an Investor Advisory Group to provide additional perspectives from investors, chaired by my fellow Board Member Steve Harris. We also do outreach to preparers of financial statements, including by attending and speaking at meetings and conferences for CFO's, controllers, internal auditors and other financial executives. And in 2012, the Board announced a strategic priority to enhance its outreach to audit committees, in order to better understand how we can be helpful to audit committees and how they might be able to help us achieve our common goal of enhanced audit quality. In connection with that effort, Board members and senior staff from the PCAOB have attended and made presentations at many audit committee gatherings — large and small — where we have provided information and listened to feedback.
The reforms of the Sarbanes-Oxley Act put audit committees front and center in the financial reporting process, and their importance cannot be overstated. Indeed, last June, in the context of discussing two enforcement actions against audit committee members, SEC Chair Mary Joe White referred to directors of public companies as the "essential gatekeepers upon whom your investors and, frankly, the SEC rely."[1] Chair White stressed the fiduciary responsibility of directors and focused on the importance for directors to set an appropriate "tone at the top" for "good corporate governance and rigorous compliance." If you have not yet read this speech, I urge you to take a look at it — Chair White has experience as a director and audit committee member herself, in addition to her current roles as a regulator and past experience as a federal prosecutor and securities lawyer, and she gives sound advice.
Our own dialog with audit committees has demonstrated that many audit committee members take very seriously their duties to oversee the audit and to help ensure integrity and accuracy in the financial reporting process. The audit committee members who have engaged with us are well-informed, experienced and interested in what we do. At the same time, we hear that there are still audit committee members whose primary focus is to support management and negotiate the lowest audit fee possible. Some audit committees, we hear, are not fully qualified to oversee the financial reporting process or external auditor, because of a lack of experience among committee members in accounting, auditing and financial reporting. While this is not within the PCAOB's jurisdiction, some have urged that qualifications for the so-called "financial expert" on the audit committee be made more rigorous, in order to enhance the audit committee's ability to provide effective oversight in these areas.
Of course, one thing we hear consistently from all audit committee members is that they are very, very busy. From cybersecurity to risk management, and from CEO succession planning to activist investors, audit committee members are faced with more work, and more variety of work, than ever before. In the near future, the SEC also is expected to seek public comment about possible new disclosure requirements by audit committees about their activities, including auditor oversight.[2] A recent Wall Street Journal article may have gotten it right when it referred to audit committees as "the Board's fire department," called in to deal with emergencies and high risk areas.[3]
Combined with the ongoing responsibilities for auditor oversight and increasing complexity in accounting and financial reporting, the ever-growing list of audit committee tasks truly cause audit committees to be spread thin. Not surprisingly, then, one of the key messages from audit committees to us has been that any information we can provide should be relevant to them, provided on a very timely basis, and presented clearly and concisely. This has been the impetus for some of changes in our public documents, such as executive summaries in our summary reports of inspection findings, new charts and other reference sections in our firm specific inspection reports, and other information provided to help audit committees respond to our inspection findings. In addition, we are currently working on other periodic communication mechanisms to provide audit committee members with more timely and targeted information about relevant audit risks and related concerns.
Audit committee members, of course, often discuss the audit with their company's respective management, who are on the receiving end of the actions auditors take in response to our regulatory activities. Sometimes, audit committee members tell us that they are hearing concerns from management about an uptick in auditors' demands on financial reporting staff or about audit work that they don't believe adds value to the audit. As a result, we are trying to make sure that we hear directly from preparers of financial statements about their concerns. My fellow Board members and I have been able to meet with groups of preparers through organizations like Financial Executives International, the Institute of Management Accountants, networks of controllers organized by audit firms or corporate governance organizations, meetings organized through the U.S. Chamber Commerce, and a variety of other meetings and conferences.
What we hear from the preparer community often echoes what we hear from audit committees, and the chief concern tends to be about increasing audit costs, both in terms of the fee paid to the auditor and the time spent by management responding to information requests from auditors. Some believe that our actions are causing their auditors to spend more time than necessary on "busy work" or "check-the-box" compliance activities without adding much value to the audit process. Others believe that we are bringing back the more burdensome "Auditing Standard No. 2" in audits of internal controls, which was superseded in 2007 by Auditing Standard No. 5. We also hear that some auditors may not be performing effective risk assessments, but rather are treating all areas as high risk, doing extensive audit work even in low risk areas, in order to avoid PCAOB inspection findings.
I appreciate hearing critical comments and believe it is important that we continue our dialog with financial statement preparers. We take seriously concerns about inefficiencies and adverse consequences on companies, and we will continue to work toward the right balance between regulations intended to enhance investor protection and unnecessary burdens on auditors and issuers. For that reason, the PCAOB staff and Board take great care to ensure that inspection reports reflect only deficiencies based on existing risk based audit requirements, adopted by the Board after extensive consideration and public input. It is not our intention to impose new requirements through inspections. I find that, often, an open dialog between the PCAOB and an audit committee or management of a public company can provide context that helps all involved understand better why inspection findings are made and how the PCAOB expects firms to respond. To the extent we learn that auditors go to unreasonable extremes by conducting audits in a way that drives up costs without providing benefits, we want to hear about it so that we can consider an appropriate response.
Another way in which we are trying to ensure that our regulatory activities are well balanced is the Board's commitment to conducting economic analyses in connection with all of our auditing standard setting projects. The Board has hired several experienced economists to assist us in that effort, who are working closely with experienced accountants on our staff to enhance our collective understanding of economic concepts and how they relate to auditing. In recent standard setting projects, we have begun to gather information relating to costs and benefits of any new requirements under consideration, and we continue the learning process of both understanding and better articulating the potential costs and benefits of our work. Doing so requires input from our stakeholders, who can help us understand not just anticipated costs and benefits of new auditor requirements but also potentially less obvious unintended consequences. This is a work in progress, and we value feedback on how we are doing.
Progress
Shifting gears slightly, I would like to spend my remaining time talking about the state of auditor independence and audit quality now, more than a decade after the passage of the Sarbanes-Oxley Act and after extensive work by the PCAOB, SEC, audit committees, and auditors themselves.
Our inspection reports of the largest firms continue to include a high number of inspection findings, and, in at some firms, the number of findings has been increasing in recent years. This is of great concern to the Board, and we are working closely with firms to continue to drive improvements. It should also be said, however, that the nature of findings has changed over time. Early on during our inspection process, our inspectors were finding deficiencies in a wide variety of audit areas, including in what I call basic "blocking and tackling" procedures. Today, the findings are narrower and more likely to occur in especially complex and subjective auditing areas, including internal controls, revenue recognition, accounting estimates and fair value. And even within these areas, findings have become more nuanced, such as in the area of internal controls, where we are seeing better compliance overall with applicable standards but finding deficiencies when we look deeper at whether auditors fully understand and appropriately test certain types of controls. So while a lot of work remains to be done, I am encouraged by the progress many auditors are making.
Other evidence, including the number and significance of restatements of public company financial statements, suggests that accounting and auditing have improved. A recent report by Audit Analytics indicates a leveling off in recent years in the number of public company restatements, along with a trend of restatements becoming less significant.[4] There have been decreases in the average amount of income affected by the restatements, the average effect on earnings, the average length of the restatement periods, and the number of issues identified. While the results are a bit more mixed for accelerated filers, where so-called "revision restatements" have increased (though the significance of restatements even in this population continues to trend downward), I am encouraged that, overall, financial reporting appears to be improving.
While I firmly believe that PCAOB inspections, standard setting and enforcement activities have had a substantial, positive impact on audit quality, it is difficult to provide more specific measures to back up that claim. In addition to restatement data and PCAOB inspection findings, people have tried to look at litigation against auditors, investor and audit committee satisfaction, and industry peer reviews, to name just a few examples of possible ways to gauge audit quality. Because we believe it is important to gain more insight into this difficult area, and to provide audit committees and investors with better information to evaluate and oversee their auditors, our Office of Research and Analysis has been working over the last year on trying to identify a list of quantitative audit quality indicators. We hope that these indicators will provide additional information about whether particular audits are conducted by the right people, with the right tools, experience and resources, and have the right results. The indicators will not result in a comprehensive firm-wide scorecard or provide an easy answer for audit committees about which auditor or partner to engage, but we believe that they may provide some benchmarks for comparison and a basis for more informed discussion with auditors. The Board plans to issue a concept release describing our work in this area, and I encourage you to review it and provide us with your comments.
Another important aspect of trying to determine what drives audit quality is understanding what auditor actions or behaviors result in poor audits, and what auditors do that has positive results. Consistent with the requirement in the Sarbanes-Oxley Act that PCAOB inspections "assess the degree of compliance of each . . . firm . . . with th[e] Act, the rules of the Board, the rules of the Commission, or professional standards,"[5] our inspectors specifically look for and communicate audit deficiencies. PCAOB inspection reports are not intended to convey a balanced view of the strengths and weaknesses of each inspected firm. We do not provide grades to firms, and what we report should not be the only fact informing anyone's view about audit quality.
Nevertheless, we are frequently asked whether and how we can communicate what we observed in inspections of audits where we found no deficiencies. Said another way, where did things go right and why? In any given firm, PCAOB inspectors may find very different results in different audits of similar companies. Although our resources are limited, we are beginning to look more carefully at this question in the context of our inspections, including by conducting root cause analysis of good audits, not just those with deficiencies, and some of this work is feeding into our audit quality indicator project. I am encouraged that this work, along with our work on audit quality indicators, should provide more concrete information to investors, audit committees and others to aid in their evaluations of audit performance and, by extension, the work of the PCAOB.
With that, I will thank you for your attention thus far, and I look forward to the upcoming panel discussion and any questions that you may have.
[1] Mary Jo White, A Few Things Directors Should Know about the SEC (June 23, 2014).
[2] Mary Jo White, Remarks at the Financial Accounting Foundation Trustees Dinner (May 20, 2014).
[3] Michael Rapoport and Joann S. Lublin, The Board's Fire Department, The Wall Street Journal (Feb. 3, 2015).
[4] Audit Analytics, 2014 Financial Restatements: A Fourteen Year Comparison (April 2015).
[5] Sarbanes-Oxley Act, Sec. 104(a).