Keynote Address
Good Morning,
Thank you for that kind introduction and for inviting me to help kick off this year's Accountants' Liability Conference. As a Board member of the Public Company Accounting Oversight Board, accountants, their conduct, their effectiveness, and their potential liability are topics I think about every day. In my prior life at McGladrey, practice protection was a big part of my day job, both at a high level and in the trenches. Much of what we do at the PCAOB revolves around trying to find the right balance between driving audit quality though regulation, inspections, incentives and market forces. We want to make sure that our auditing standards, inspections and enforcement efforts provide the right incentives for auditors to act in the best interests of investors, with the appropriate independence, objectivity and skepticism. At the same time, we want to encourage innovation by audit firms and understand that they need to remain profitable, and the profession needs to remain attractive, in order to attract the best and the brightest to join their ranks.
With that context, I will talk this morning about how we at the PCAOB try to achieve that balance and what our current priorities are in pursuit of our mission: To oversee the audits of public companies in order to protect investors and the public interest by promoting informative, accurate, and independent audit reports.
But before I go further, I should tell you that the views I express today are my personal views and do not necessarily reflect the views of the Board, any other Board member, or the staff of the PCAOB.
Background
As you know, the PCAOB is now over a decade old, having been created by Congress through the passage of the Sarbanes-Oxley Act of 2002 ("Sarbanes-Oxley Act") in the wake of accounting scandals involving companies like Enron, Tyco, Adelphia, Xerox and WorldCom, which revived long-standing concerns about auditor effectiveness, independence, and governance over the auditing profession.
The PCAOB began operations in April 2003 and has four main responsibilities:
- Registration of public accounting firms;
- Inspections of registered public accounting firms;
- Setting of auditing standards for the audits of public companies and broker-dealers; and
- Investigations and disciplinary proceedings in cases where auditors may have violated the securities laws or applicable standards or rules.
Currently, over 2100 public accounting firms are registered with the Board, including over 900 foreign firms from 85 foreign jurisdictions.
Since commencing operations in 2003, the PCAOB has, among other activities:
- Conducted over 2500 inspections of firms that audit issuers, including inspections in 45 jurisdictions outside the United States;
- Conducted over 175 inspections of firms that audit broker-dealers under an interim inspection program that began in 2010;
- Issued 18 auditing standards and substantially amended a number of others, including a standard addressing the auditor's responsibilities with respect to the company's internal controls over financial reporting;
- Sanctioned dozens of firms and individual auditors for violations of applicable federal laws, auditing standards, and SEC or PCAOB rules; and
- Issued public reports summarizing inspection findings, staff audit practice alerts to provide insight into common audit deficiencies, and other publications intended to provide information to the public and transparency about our work.
The Board is led by five full-time Board members, each of whom is appointed by the U.S. Securities and Exchange Commission ("SEC") to a five year term (with a maximum of two terms permitted). As mandated by the Sarbanes-Oxley Act, two of the five Board members must be Certified Public Accountants, and I was appointed in 2011 to fill one of these CPA positions. One Board member, currently James Doty, serves as the chair and CEO of the organization.
We operate under the oversight of the SEC, which, in addition to appointing Board members, must approve our budget and any rules and standards issued by the Board. In addition, disciplinary sanctions imposed by the Board may be appealed to the SEC, and, ultimately, to the Courts. Likewise, firms may request SEC review of PCAOB inspection reports and remediation determinations.
Because of the SEC's responsibility to approve much of what we do, it has been the Board's practice to consult with the SEC staff and/or Commissioners about important policy questions relating to our standard setting, public reporting, and international and other matters. Because the SEC also has jurisdiction over auditors under the federal securities laws, we also coordinate with SEC Enforcement staff to avoid duplication of investigations and to ensure that our collective resources are applied effectively and efficiently. And we defer to the SEC with regard to questions regarding accounting, including by consulting SEC staff when novel accounting questions arise in inspections and reporting to the SEC any potential violations of accounting, independence or other rules that are within the SEC's jurisdiction.
We also interact regularly with other regulators and standard setters. PCAOB Board members and staff attend selected public meetings of the Financial Accounting Standards Board, and we interact informally on projects of common interest. Regular dialogue with banking regulators allows us to discuss topics of common interest. More recently, the Dodd-Frank Wall Street Reform and Consumer Protection Act required us to bring auditors of brokers and dealers into the scope of our regulation, which has generated close coordination with the Financial Industry Regulatory Authority. And we keep abreast of developments in international audit regulation, including through dialogue with the Board and staff of the International Auditing and Assurance Standards Board (IAASB).
During its first decade of existence, the Board focused on establishing an appropriate framework to achieve its statutory mandates of inspections, enforcement, and standard setting. We complied with the Sarbanes-Oxley Act requirements to enhance regulation regarding audits of internal control, and we addressed important standards in the areas of documentation, risk assessment, engagement quality review and others. A lot of effort went into expanding our international scope, in order to satisfy the requirement that we inspect all auditors of public companies that trade in the U.S., regardless of where those companies and firms are located.
Having successfully established a rigorous system of auditor oversight, the Board more recently began to expand the scope of our activities in order to drive positive change in audit quality more broadly. We have done more outreach to audit committees, who we believe share our goal of enhancing audit quality. We have embarked on standard setting projects that we believe could drive fundamental changes in the way audits are perceived and understood by investors and the public. We believe this will enhance the relevance of audits and hopefully spark a dialog that could result in further improvements in audit quality. And, through our international efforts, in conducting inspections around the world, and our participation in the International Forum of Independent Audit Regulators (chaired until recently by my fellow Board member Lew Ferguson), we have begun to level the playing field and, hopefully, helped raise the bar for audit quality globally.
You will hear later today and tomorrow from my fellow Board member Jeanette Franzel and senior staff members of our inspections and enforcement divisions, who will provide more details on their respective activities, including by providing an overview of recent inspection observations and important enforcement matters.
In the meantime, let me discuss some of the Board's priority projects outside of inspections and enforcement, including in the area of standard setting. The concept of auditor liability has played a central role in our consideration of several of these projects, and I will highlight some of these issues.
Transparency – Disclosure of the Audit Partner and Other Auditors
As you know, audit reports provide an opinion, usually by an audit firm, that the audited financial statements are fairly stated. These opinions are, essentially, binary opinions – either the auditor believes that the financial statements are fairly stated (pass) or that they are not (fail). Investors tell us that these opinions continue to matter to them. At the same time, investors are asking for more information about the audit, noting that auditors obtain a great deal of information while conducting the audit, some of which investors believe would be helpful to them in making their investment decisions. In light of investor demands for more information from auditors, the Board has been working on two standard setting projects that involve more disclosure by auditors.
First, investors have long asked for more information about who actually conducts the audit. In response, in 2008, the Advisory Committee on the Auditing Profession to the U.S. Department of the Treasury recommended that the Board consider a standard setting project to consider requiring audit engagement partners to sign the audit report, noting that "the engagement partner's signature on the auditor's report would increase transparency and accountability." The committee, however, also explained that "the signature requirement should not impose on any signing partner any duties, obligations or liability that are greater than [those] imposed on such person as a member of an auditing firm."[1]
The Board subsequently issued a concept release seeking commenters' views on whether the Board should require the engagement partner to sign his or her own name to the auditor's report.[2] While many investors supported such a requirement, and many continue to do so today, a number of other commenters were concerned that an audit partner signature would appear to minimize the role of the accounting firm in the audit and also could result in a potential increase in the engagement partner's liability. Concerns expressed about liability included potential liability under section 10(b) of the Securities Exchange Act of 1934 (the "1934 Act"), for example because the signing audit partner may be deemed to have personally made the statements contained in the auditor's report. In addition, some expressed concern about liability under section 11 of the Securities Act of 1933 (the "1933 Act") because the audit partner would be deemed to have been named, with his or her consent, as having prepared or certified a report which is used in connection with a registration statement.[3]
The Board subsequently proposed to require disclosure of the name of the engagement partner in the auditor's report, but not the partner's signature. The Board sought comment on, among other things, whether merely identifying the partner would alleviate liability concerns. In addition, the Board responded to investor demand for information about the audit by also proposing to require the disclosure of other auditors or audit firms that participated in the audit. In many audit engagements, especially audits of companies with international operations, some or most of the audit work is conducted by audit firms or individual auditors who, even though they may be associated with a global network of firms, are not part of the firm issuing the opinion. Although the identity and location of other participants in the audit could have a significant impact on audit quality, investors typically do not have access to this information, including instances where the auditor is located in a country where the PCAOB is not able to inspect the work of the auditor.
Some may ask why the Board is concerned about imposing additional liability on auditors. Indeed, some commenters expressed the view that the Board should not be concerned about increasing liability, as doing so would provide additional incentive for engagement partners and other firms to do better work. But we must also consider the costs and benefits of our regulatory activities to ensure that we are not imposing unreasonable burdens and that any such burdens are justified by the benefits to be gained. In 2012, in the wake of increased attention to the area of economic analysis, several judicial opinions criticizing the SEC's process for conducting economic analysis,[4] and the passage of the JOBS Act by Congress,[5] the Board committed to doing more rigorous economic analysis in connection with standard setting.[6]
Since then, the Board has worked with a number of economists to assist us in that effort. These economists work closely with accountants on our staff to enhance our collective understanding of economic concepts and how they relate to auditing. In recent standard setting projects, we have begun to gather information relating to costs and benefits of any new requirements under consideration, and we continue the learning process of both understanding and better articulating the potential costs and benefits of our work. Doing so requires input from our stakeholders, who can help us understand not just anticipated costs and benefits of new auditor requirements but also potentially less obvious unintended consequences.
In the context of seeking comment on the costs and benefits of naming the audit engagement partner and other auditors in the auditor's report, the message from commenters was loud and clear – the potential costs and uncertainties associated with the increased liability for auditors would present an obstacle to the Board's adopting the proposed approach.
In response to the proposal to name auditors but not require signatures, views on the extent of potential liability were mixed, but many commenters continued to believe that liability for partners and other participants in the audit would increase with their respective identification in the auditor's report, particularly under Section 11 of the 1933 Act. In light of these continuing concerns, and noting that its purpose was not to expose auditors to additional private liability [but] . . . to provide information about certain participants in the audit," the Board issued a supplemental request for comment in June of this year.[7] In that document, the Board proposed to require audit firms to disclose the relevant information – that is, the engagement partner's name and other participants in the audit – in a form to be filed and made public on the PCAOB's website. Our staff has been analyzing the comment letters received in response to this request for comment, and we currently anticipate that the Board will consider adoption of a final "transparency" standard by the end of the year, most likely with the form-based disclosure requirement.
I don't object to the form-based approach and believe it is a practical way to achieve the transparency investors seek, allowing them to gather information about engagement partners and other firms, such as PCAOB inspection history, restatement history, experience and education, while reducing the potential costs that would have arisen with an increase in auditor liability. Stay tuned.
Auditor's Reporting Model
A second standard setting project based on investor demand for information is our auditor's reporting model project. Questions about whether auditors should do more than provide a pass/fail opinion were raised as early as the 1970's, but little has changed in the form of the auditor's report since the 1940's.[8] The Board conducted extensive outreach on these questions in 2010-11 and investors clearly voiced their interest in learning more from auditors about what they do and what they are learning about the company in the process.
After reviewing comments provided in response to a 2011 concept release, the Board issued a proposal in August 2013 to require auditors to discuss in their reports so-called "critical audit matters." These were defined in the proposed standard as those matters addressed during the audit that (1) involved the most difficult, subjective or complex auditor judgments; (2) posed the most difficulty to the auditor in obtaining sufficient appropriate evidence; or (3) posed the most difficulty to the auditor in forming the opinion on the financial statements.[9] As the Board has noted, this project should be focused primarily on enhancing communication to investors through improving the content of the auditor's report rather than on changing the fundamental role of the auditor in performing an audit of financial statements, and the project does not include substantive changes to the way audits are performed.[10]
Our proposed approach was intended to achieve a careful balance — between satisfying the investor need for more information about the audit, while not undermining management's role in providing financial information about the company. In my view, "critical audit matters" should provide investors with a window into select parts of the audit, intended to provide more information about the difficulty faced by auditors in connection with providing assurance on certain important and complex aspects of the company's financial statements or internal controls. But it is important to understand that the standard, as proposed, would not require reporting of all information known by the auditor in which investors may have an interest. There are risks and uncertainties inherent in the financial reporting process and in business that may not be discussed as critical audit matters because the application of the accounting standards are clear, and the audit process is relatively straightforward. Likewise, there may be critical audit matters reported that bear little on investment decisions. But, overall, the proposed enhanced reporting may provide helpful context to the mix of information available to investors.
We received hundreds of comment letters on this topic and held a public round table discussion in April 2014 to facilitate further discussion about a possible way forward. We received many supportive comments but also heard concerns about duplication of management disclosures, disclosure by auditors of original information about the company not otherwise required to be disclosed, the disclosure of useless boilerplate and information overload more generally.
Several commenters also expressed concern about the potential for increased auditor liability as the result of the disclosure of critical audit matters. Concerns included, for example:
- Potential liability for the potential failure to disclose a matter that should have been a critical audit matter or mischaracterizing a critical audit matter, potentially in violation of section 10(b) of the 1934 Act. Commenters believed that this concern was exacerbated by the broad scope of critical audit matters as defined in the proposal, suggesting that a narrowing of the definition may help alleviate this concern.
- Concern that the detail that might have to be provided in the description of a critical audit matter might frustrate the objective of the Private Securities Litigation Reform Act of 1995 to curtail non-meritorious claims against auditors (by providing information for more detailed pleadings that courts would find more difficult to dismiss under the PSLRA).
- Potential violation of confidentiality or privacy laws or of ethics standards, particularly in connection with audits performed in foreign countries.
Notably, auditor reporting is also an issue that has received attention internationally. As you may know, the IAASB — which issues International Standards on Auditing that are used in many countries around the world (but not in the U.S.) – recently adopted a standard requiring auditors to discuss so-called "key audit matters" in the auditing report.[11] Key audit matters are those matters that required significant auditor attention during the audit and may include areas of higher assessed risk of material misstatement, areas in the financial statement that involved significant management judgment, and significant events or transactions, among others.
Likewise, the United Kingdom's Financial Reporting Council adopted requirements for enhanced auditor reporting in 2012, including that auditors describe the assessed risks of material misstatement that were identified by the auditor and which had the greatest effect on the audit, provide an explanation of how the auditor applied the concept of materiality in planning and performing the audit, and provide a summary of the audit scope, including an explanation of how the scope was responsive to the assessed risks of material misstatement and the auditor's application of the concept of materiality, as disclosed in the auditor's report.[12]
Currently, the PCAOB is considering the comments received on our auditor's reporting model proposal, as well as monitoring auditor reporting in other countries under the new requirements. I expect that we will issue a re-proposal of a standard governing the auditor's report early next year. It is likely that our revisions will result in a narrower, more focused requirement that would facilitate the disclosure of only the most relevant information about the audit, while not crossing the line into areas that are within management's responsibility. I am hopeful that we can also address the potential liability concerns expressed by some commenters.
This standard, clearly, could have important implications for audits and the audit profession, as it provides much more insight than currently exists into the complex and difficult areas of the audit. It is possible that auditors may do more work in certain areas considered critical audit matters, or that companies may change their approaches to certain financial reporting matters as a result of the auditor's disclosure obligations. Hopefully, audit quality will increase, but, certainly, investors, audit committees and others will be armed with more information to understand the audit.
Fair Value and Estimates and the Use of Specialists
Beyond the far-reaching disclosure standards I just discussed, the Board is, of course, also continuing to address the nuts and bolts of auditing. In the last couple of years, we have issued standards governing the auditor's communications with audit committees and audit procedures regarding related parties and broker-dealers. Currently, we are working on, among other things, standards relating to fair value and estimates, going concern, the supervision of other auditors and multi-location audits and the use of specialists.
If you have been following the press and legal developments regarding financial reporting, accounting and auditing for the last decade or so, you know that one of the most common but also most vexing issues for preparers, accountants and auditors has been the determination of estimates and fair values for financial reporting purposes. More and more, companies of all sizes and in all industries hold increasing amounts of financial instruments, for many of which market values are not readily available. Auditors face a particular challenge in being tasked with the obligation to provide assurance that financial statements that include such instruments, and other estimates, are fairly stated. Over the last decade, there have been changes in the financial reporting frameworks relating to accounting estimates and an increasing use of fair value as a measurement attribute, together with new related disclosure requirements. Through its oversight activities, the PCAOB has observed significant audit deficiencies in this area
We have conducted significant outreach to help us better understand the full range of issues and to obtain input about possible approaches to take in standard setting. The staff is currently considering comments and has identified three areas that require more work, including increasing auditor skepticism, how to address measurement uncertainty, and the use of third parties to establish values and estimates.
Our standard setting project on the work performed by a company specialist or the use of a specialist by the audit firm intersects with the Board's standard setting project on fair value and estimates, and the Board decided to align the two projects in order to ensure that we proceed with consistency and efficiency. One issue the Board has to address in this context is whether there should be one standard that applies to the auditor's use of a specialist employed by the audit firm (usually the case in larger firms) and one engaged by the firm in a consulting relationship, including whether the same independence considerations should apply. The Board also needs to determine whether a company specialist should be treated like any other company representative for purposes of the audit, or whether company specialists should be subject to unique requirements. That decision could have significant cost and practical implications.
Supervision of other auditors
Imminent is our proposal in connection with standards governing the supervision of audit firms and accountants who are not employed by the firm issuing the audit report, and the approach to multi-location audits (whether or not other auditors are involved). Such "other auditors" have taken on greater significance in recent years with the increasingly global operations of many companies. The lead auditor often involves other auditors at various locations of the company in areas of the audit where there is a high risk of material misstatement in the financial statements. The staff currently is drafting, for the Board's consideration, proposed amendments to improve the auditing standards that govern the planning, supervision, and performance of audits involving other auditors and multi-location audit engagements.
We expect to propose improvements that will align the standards governing other auditors with our risk assessment standards and to impose more rigorous supervision requirements over other auditors and in multi-location audits. I should note that International Standard on Auditing governing group audits, issued by the IAASB, already includes requirements that are similar to those we are considering. As a result many of the larger firms, who operate internationally, already go beyond the requirements of PCAOB standards in their audit practice involving other auditors or multi-location audits. Thus, the new standards may increase consistency among firms, along with imposing certain new requirements. I expect we will hear from some of you about potential liability implications of our proposal, and I look forward to your comments.
Audit Quality Indicators
As you can see – especially after you hear more about our activities from my colleagues in our inspections and enforcement divisions later today and tomorrow – there is much to be done in the area of auditor oversight. We are judged to some degree, of course, on the quality and quantity of our output, such as standards, inspection reports, disciplinary sanctions and so forth. But ultimately, we should be judged on whether our actions are improving audit quality. Are auditors more independent now than in the late 1990's and early 2000's? Are audits more rigorous? Are financial statements more reliable? While I firmly believe that PCAOB inspections, standard setting and enforcement activities have had a substantial, positive impact on audit quality, it is difficult to provide specific measures to back up that claim. In addition to restatement data and PCAOB inspection findings, people have tried to look at litigation against auditors, investor and audit committee satisfaction, and industry peer reviews, to name just a few examples of possible ways to gauge audit quality.
Because we believe it is important to gain more insight into this difficult area, and to provide audit committees and investors with better information to evaluate and oversee their auditors, our Office of Research and Analysis has been working over the last several years on trying to identify a list of quantitative audit quality indicators. On June 30 of this year, the Board issued a concept release describing our work in this area, and we are planning to host a round table discussion in the next few months to facilitate further discussions of this important project. We hope that these indicators will provide additional information about whether particular audits are conducted by the right people, with the right tools, experience and resources, and have the right results. The indicators will not result in a comprehensive firm-wide scorecard or provide an easy answer about which auditor or partner to engage, but we believe that they may provide a basis for more informed discussion with auditors. And we hope that, over time, they will provide a way to judge the evolution of audit quality and, hopefully, demonstrate that auditors continue to improve in order to better protect investors.
I encourage you to take a look at our concept release and consider the legal implications of the issues being discussed. For an interesting perspective, I also commend to you a podcast we recently posted on our website, featuring the perspective on this issue of Michael Cook, a former CEO of Deloitte and prominent audit committee member.
Conclusion
Let me close by noting that there will always be tension between regulators and those they regulate. That tension is natural, necessary and healthy. Those more indirectly affected by regulation will also voice opinions about the consequences of regulation. We hear from some that we are not doing enough. We hear that the private clients of audit firms are feeling the effects of our inspections, even though we don't regulate that work. We hear from management that the impact on financial statement preparers is too burdensome. Earlier this year, we heard a call from the business community for dialogue about the consequences of our inspection activities and what they believe may be unproductive work being generated as a result, especially in the area of testing internal controls over financial reporting. I welcome their invitation for a dialog, and we have begun some very productive discussions. It is difficult to determine what the problem is without some specific facts. Once we have identified a problem that is well-defined, I hope the many parties affected by our actions can come together to discuss ideas and solutions. Communications with investors, audit committee members, preparers, auditors and others will be an important part of any response. Our door is always open to constructive feedback on how to improve our performance.
[1] U.S. Department of the Treasury, Final Report of the Advisory Committee on the Auditing Profession to the U.S. Department of the Treasury, VII:19-20 (2008).
[2] See Concept Release on Requiring the Engagement Partner to Sign the Audit Report, PCAOB Release No. 2009-005 (July 28, 2009).
[3] See Improving the Transparency of Audits: Proposed Amendments to PCAOB
Auditing Standards to Provide Disclosure in the Auditor's Report of Certain Participants in the Audit, PCAOB Release No. 2013-009 (December 4, 2013) ("2013 Release") at 21.
[4] See, e.g., Business Roundtable & Chamber of Commerce v. SEC, 647 F.3d 1144 (D.C. Cir. 2011); American Equity Investment Life Insurance Company v. SEC, 613 F.3d 166 (D.C. Cir. 2010).
[5] Jumpstart our Business Startups Act, Pub. L. No. 112-106 (April 5, 2012). See Section 103(a)(3)(C) of Sarbanes-Oxley, (15 U.S.C. §7213(a)(3)), as added by Section 104 of the JOBS Act.
[6] See, e.g. Public Company Oversight Board Strategic Plan (2012-2016): Improving the Relevance and Quality of the Audit for the Protection and Benefit of Investors (November 30, 2012).
[7] See Supplemental Request for Comment: Rules to Require Disclosure of Certain Audit Participants on a New PCAOB Form, PCAOB Release No. 2015-004 (June 30, 2015).
[8] See, e.g. Concept Release on Possible Revisions to PCAOB Standards related to Reports on Audited Financial Statements, PCAOB Release No. 2011-003 (June 21, 2011) ("2011 ARM Concept Release") at 4-5.
[9] See Proposed Auditing Standards: The Auditor's Report on an Audit of Financial Statements when the Auditor Expresses an Unqualified Opinion; the Auditor's Responsibilities regarding Other Information in Certain Documents Containing Audited Financial Statements and the Related Auditors Report; and Related Amendments to PCAOB Standards, PCAOB Release No. 2013-005 (Aug. 13, 2013).
[10] 2012 ARM Concept Release at 3.
[11] See International Standard on Auditing 701, Communicating Key Audit Matters in the Independent Auditor's Report.
[12] See section C.3.8 of FRC UK Corporate Governance Code (September 2012).