Keynote Address
I'm pleased to have this opportunity to address you all at this audit congress. First, I need to tell you that the views I express are my own and do not necessarily represent the views of the PCAOB, its staff, or any other board members.
Let me begin by briefly giving you an overview of the PCAOB. You will see much more detailed information in the slides I have provided and I don't want to cover all of that information today. I'd like to give you a sense of the PCAOB and its history and then talk about some of the priorities that are important to me as a Board Member.
The PCAOB was created by the Sarbanes-Oxley statute of 2002 that was enacted by the U.S. Congress in response to the accounting scandals of the early 2000s. It is a non-profit entity that is overseen by the United States Securities and Exchange Commission. Initially, there were very few employees and the budget in 2003, our first year, was about $50 million. The United States was one of the first countries to establish independent audit regulation. Since then, the PCAOB has grown substantially. For 2015, PCAOB has a budget of $250 million. We have about 825 employees in ten offices throughout the United States and five major divisions that carry out our mission.
Division of Registration and Inspections
The largest of the PCAOB's major divisions is the Division of Registration and Inspections. There are more than 500 employees in that division who carry out various activities including managing the registration of audit firms that submit registration applications. The PCAOB annually inspects the largest firms, defined as those that audit more than 100 public companies each year. There will be 10 firms in this category in 2015. Smaller firms that audit 100 or fewer issuers are inspected at least every three years.
In 2012, Congress passed a statute that required the PCAOB to establish a program to inspect audits of brokers and dealers. As we begin to set up that program, we are now inspecting auditors of broker-dealers as part of a pilot program. We also conduct a substantial number of inspections of non-U.S. audit firms registered with the PCAOB every year to review foreign audits of U.S. listed companies. For example, in 2014 we conducted 57 inspections of non-U.S. firms. A number of these inspections are conducted jointly with non-U.S. regulators.
Division of Enforcement and Investigations
We also have a division dedicated to Enforcement and Investigations with a large pipeline of cases, both in informal preliminary phases, and in the formal phase of investigation. Some cases, if they do not settle, proceed to litigation before our Hearing Officer. In 2015, so far, we have achieved 31 settled orders. Of those, 4 related to firms that have failed to maintain their registration with PCAOB or to pay annual fees. In July of 2015, there were 9 settlements related to engagement quality review and 9 related to audits of broker dealers. In the engagement quality review settlements firms either permitted clients to use their audit reports without having an engagement quality reviewer provide a concurring approval of issuance of the report or violated the "cooling off" provision of AS No. 7, which provides that the engagement quality reviewer cannot be an individual who served as the engagement partner on either of the two preceding audits for that issuer. In the Broker Dealer settlements, each of the firms prepared financial statements that it audited for a broker-dealer client.
Many of our cases are brought to our attention through our own inspection program. In addition DEI has a Public Source Analysis team that monitors and assesses public disclosures in SEC filings, news articles, and other sources to identify potential new cases. We also receive and evaluate tips and referrals from the public and other regulators, such as the SEC and state regulators.
Office of the Chief Auditor
Our Office of the Chief Auditor writes standards for audits that fall within our jurisdiction because the United States does not follow the International Standards on Auditing and provides in-house consultations to our inspectors and enforcement teams about application of our standards.
Risk, Research and Economic Analysis
Another activity on to which we devote substantial resources is research and analysis of economics and risk areas in audits and financial reporting. Our Office of Research and Analysis and our Center for Economic Analysis work together to support our other divisions by evaluating risks, analyzing economic conditions and monitoring the implementation of new standards. One of the most critical tasks they perform is to prepare information each year about which issuers we view as riskier from an audit perspective and use that information to plan our inspections for the year and to understand which areas of the audit deserve the closest review. We also spend time analyzing the audit industry and capital markets, to understand the firms we regulate and the environment in which they operate. We also conduct extensive economic analysis of the costs, benefits and impact of our proposed standards and rules.
Office of International Affairs
We also have an Office of International Affairs that advises the Board and PCAOB Divisions on international matters, coordinates our interactions with foreign regulators, and supports our participation in IFIAR. Among other things, that Office works to try to gain access for the PCAOB to conduct its mandated inspections by establishing cooperative arrangements. Currently, we have 20 bilateral agreements, and of those, agreements with 16 foreign jurisdictions also promote the sharing of confidential information. We have to date conducted inspections in 45 foreign jurisdictions.
These activities form the core of what we do year over year. Now that we've been in existence for 12 years, we are also trying to think more broadly about what we can do to improve audit quality. I'd like to cover a few things, thematically, that the PCAOB is interested in and working on as an organization at the moment. These are efforts that we hope will contribute to an improvement in audit quality in the United States, and hopefully around the world.
Root Cause Analysis
We are focused on Root Cause Analysis. By this, I mean a deep analysis of the underlying causes that contributed to audit deficiencies. We tackle this on two fronts –
- We expect firms to perform their own root cause analysis as part of their monitoring procedures, which are required by the PCAOB's quality control standards. We expect them to consider the "systemic causes" of audit deficiencies and take corrective actions to address the systemic causes rather than merely addressing the episodic manifestations of the problem. Remedial actions undertaken without fully understanding all of the causes and underlying problems that contributed to a particular problem or deficiency are less likely to prevent similar deficiencies from occurring in the future.
- We also perform our own root cause analysis at the PCAOB. Our inspections staff select specific quality events – both negative and positive. Inspectors then analyze these events looking for factors that contributed to the event. Through this analysis, our inspectors are beginning to see, among other things, that auditors with good project management skills – auditors who plan and execute phases of the audits in a timely manner and involve the appropriate people at the appropriate time achieve better results.
Audit Quality Indicators
Second, we are working to develop Audit Quality Indicators. I'm looking forward to discussing this in more detail as the moderator of a panel on the topic. To give a broad outline now, we have issued a release that asks the public for feedback on using a set of audit quality indicators to gather and share information about audits, both at the audit firm level, and at the specific engagement level. We want these indicators to be quantitative and measurable rather than simply descriptive. It is important that these indicators be considered as a portfolio; no single AQI can establish the quality of an audit. These AQIs are not a benchmark or a scorecard, but rather they are hopefully more likely to cause the user to ask the right questions about the audit. An example of an audit quality indicator is the number of hours spent on the audit, or the level of experience of the audit team. There are a few key areas of controversy surrounding AQIs. First, should the associated data be made public, or should the AQI information be provided only for use by the firm and the audit committee. Second, is there a risk of unintended consequences, and can those risks be mitigated. Finally, what are the right AQIs to use. We don't know yet which audit quality indicators we will use, how many there will be, or how exactly we will use them, but we have initially received a very positive reaction to the idea of trying to measure high quality audits and share more information that would help investors and audit committees evaluate the audits they are paying for and relying upon.
I look forward to discussing this further this afternoon.
Focus on Cross-Border or Group Auditing
Our mandate at the PCAOB includes a requirement that we register and inspect foreign audit firms, in other words, audit firms outside the United States, that perform work for U.S.-listed issuers. Our division of inspections conducts a number of inspections each year outside the United States. In 2015, we are planning to do over 60 inspections of non-U.S. firms. We have agreements with a number of countries that allow us to cooperate with them in inspections and in enforcement. Although we do not yet have an agreement with Turkey, we are grateful that we have been able to collaborate on an inspection in Turkey. These foreign inspections are an important component of our work to protect investors. As a result in past of these international inspections, we have found that the quality of the audit firms branded under one name is not consistent from country to country. Only by inspecting that firm's affiliates in different countries can we gain an understanding of the work being performed by those affiliates. From 2011-2013, inspections identified significant deficiencies in approximately 46% of the audits inspected in our foreign inspections.
Inspection selections may include work performed by other firms at the request of the principal auditor ("referred work engagements") as well as the audit work performed by the principal auditor with respect to the principal auditor's decision to use the work of the other auditor.
Where audit work that was deficient was conducted outside the United States on a U.S. listed public issuer, the Division of Enforcement has the authority to start an investigation and potentially to bring a formal case against that audit firm. When we do so, where information-sharing laws and arrangements permit, we hope to work with the local regulator in a cooperative way.
I have focused heavily in my time at the PCAOB on international issues. The financial markets are increasingly interlinked and it is important for the audit regulators to collaborate and coordinate throughout the world to strengthen our own domestic programs as well as to provide the most comprehensive audit oversight. I served as the Chair of IFIAR, the International Forum of Independent Audit Regulators for two years, ending this April. I am currently serving as the Chair of IFIAR's Global Public Policy Committee Working Group. Through this group, IFIAR interfaces with the largest global audit firm networks to discuss with them matters relating to audit quality and to help them improve the quality of the audits they provide and to increase the level of consistency throughout the world. We also have started, in IFIAR's GPPC working group, an effort to do a coordinated inspection by several regulators of a single multi-national audit. We hope that this will give us insight into how group audits are performed and how they can be improved. Turkey has been an active member of IFIAR, and I hope that lessons learned through this exercise will be shared with all of the IFIAR members, including Turkey.
Emerging Technologies
We also spend a lot of time trying to understand the business model of the major audit firms. We understand our role as a regulator and we also feel part of that role is to ensure that there are audit firms that are viable economically, but that also operate as independent and ethical auditors.
As part of that supervision, we are concerned about emerging technologies and trying to understand how auditors plan to perform the audits of the future. The PCAOB has had presentations about new programs and systems to analyze data that the audit firms are using to try to automate the audit. The new technology, which we call "data analytics" has the potential to help firms deliver better audits because they can review a greater percentage of the company's transactions, including potentially all such transactions. For example, some of the programs allow the auditors to load and review all of the company's contracts and search for text or contractual provisions that are unusual. Other programs may allow the auditor to review all transactions and look for outliers instead of performing sampling. Another potential benefit of this data analytics is that it may automate the most routine and low-level tasks performed in the audit and therefore allow the junior people on the audit to perform more interesting and judgment-based work. In turn, that may help the audit firms train and retain the best talent and strengthen the profession overall. Of course, there are also risks to placing too much reliance on technology. It will be important for firms to find the right balance in implementing new tools and preserving the critical element of human judgment that is so important to audits.
Audit Committee Outreach
Finally, we are making enhanced efforts to connect with audit committees in various ways. In May, the PCAOB published a brief document that we called the "Audit Committee Dialogues" that we hoped would have information the audit committees would find useful to consider in overseeing their auditors. My fellow board members and I have spent significant time attending meetings that are held to educate audit committee members. We talk with them about our work, the importance of selecting and overseeing the auditor, and the importance of paying the auditor a fair fee for them to do their work. One of the troubling things we hear is that some audit committees focus mostly on reducing the fee when they hire auditors. It is my view that it is not the audit committee's job to save a few dollars on the fee. Rather, the audit committee should be hiring the best auditor for the job and negotiating with them to have the right level of staffing and work to ensure a high quality audit.
We have some new initiatives being considered in our standard-setting process that I think may help the Audit Committee to see the value of a high quality audit. One is the initiative to develop audit quality indicators, which I will discuss in detail later. The other is a proposal we put out to consider asking auditors to put more information in the auditors' report. As things stand today, the only output of the audit that the public sees is an audit report that is usually an unqualified audit report and there is no way to distinguish one report from another. Under our current proposal, the auditor would discuss in their audit report the most critical matters that the auditor faced during the audit, and provide some information about how those issues were resolved. It may be that by providing the investor and others with more information about how the audit is conducted, the auditor will better be able to show the value of the audit report and will provide more useful information to the investing public about the audit process.
Conclusion
I hope you can sense that both audit firms and audit regulators face an environment of rapid change. It is a challenging time to be involved in the audit activities, including as a regulator, but also an exciting one. I hope that through close cooperation among audit regulators, including conferences such as this, we will be able to improve audit quality and increase investor protection throughout the world.