Keynote Speech at Baruch College's 14th Annual Audit Conference
First, let me thank Professor Carmichael for inviting me to participate in this event. It is a pleasure to be here today with such a wide array of professionals connected to the audit profession. Between the policymakers, academics, audit firms, public company leaders, and other attendees, many of the PCAOB's core stakeholder groups are represented here.
Currently, the PCAOB is in the middle of significant change. I'm pleased to speak to you today about the changes we have underway. As many of you know, I joined the PCAOB just under two years ago. When I joined, the SEC had just decided to reconstitute the entire five-member Board. The five new Board members joined with an understanding that we needed to take a fresh look at the organization and its strategic direction.
To help with this endeavor, we thought it was crucial to hear from those most impacted by the PCAOB's work. Brand new to our roles, we needed specific, thoughtful input from our stakeholders on where we should take the PCAOB to best accomplish our statutory mission. Through our strategic planning outreach, hundreds of our stakeholders weighed in on the direction we should take—including investors, audit committee members, academics, auditors, other regulators, as well as our own employees. We received a clear and consistent message in response: The PCAOB was ripe for change. Not incremental change, but transformational change.
Our own assessment of the PCAOB led us to the very same conclusion. We needed to become more effective in improving audit quality. We needed to become more innovative in how we approach our oversight. We needed to engage more often and more directly with investors, audit committees, and other stakeholders. We needed to mature our internal operations, streamline our business processes, and dramatically improve our risk and security posture. And last, but certainly not least, we needed to enhance our culture and cultivate a higher-performing workforce.
In unanimously adopting our strategic plan last year—and in reaffirming it just two weeks ago—the Board expressed a collective commitment to that vision. Change can be exciting, but it can also be hard. It requires vision, patience, drive, and an unwavering commitment to achieving our stated goals. As a Board, we have committed to transform the PCAOB into a trusted leader that promotes high quality auditing through forward-looking, responsive, and innovative oversight. We fully intend to stay the course.
I will frame my remarks this afternoon around our core areas of focus as a Board, beginning by discussing our work to drive improvement in the quality of audit services. I will specifically discuss our work related to inspections, enforcement, and standard-setting. I will then address our efforts to anticipate and respond to the changing audit environment. Following that, I will discuss our work to enhance transparency and accessibility through proactive stakeholder engagement. I will conclude with the work we are undertaking to pursue our own operational excellence and enhance our culture and will then address any questions you may have.
I. Drive Improvement in the Quality of Audit Services
By providing assurance over financial statements, the audit serves an essential role in our capital markets. It is well-understood that, without high quality, reliable financial information, capital markets do not function efficiently or effectively. The Board is committed to driving continuous improvement in the quality of audit services. We fulfill that commitment through our work in inspections, enforcement, and standard-setting.
A. Inspections
Our inspections program is our most public-facing activity. Currently, we are in the midst of a multi-year effort to improve the effectiveness and efficiency of that program. I want to touch briefly on a few of the significant changes we are making to it.
1. Inspections Reporting
Through our outreach and engagement activities, we have heard that our inspections reports do not meet the needs of investors, audit committee members, and other users, largely because they are too difficult to read and include too much boilerplate language. We fully agree with that assessment. Over the past several months, we've been engaged in an effort to improve our inspections report format to make it more accessible. Next year, we will release a reformatted and redesigned report, beginning with our 2018 inspections for the largest U.S. firms. We view the changes to the report as incremental in nature and we expect to seek input on them and potential future changes. This is a work in process and we plan to continue to refine the report over the coming years. We hope the initial changes we release early next year will provide more relevant information to our stakeholders.
Over the past year, we have also started to communicate more comprehensively about what we observe in our inspections. In other words, we have made progress on moving away from simply reporting the "failures" we observe. In recent staff documents, we have also published "good practices" that we believe promote or enhance audit quality. By pointing out good practices, we hope to prompt firms to find opportunities to prevent future quality issues.
2. Areas of Inspections Emphasis
Of course, identifying good practices also requires changes to how we conduct our inspections. Most notably, we've begun a multi-year journey of emphasizing systems of quality control in our inspections. This year, we devoted substantial resources to understanding how the largest U.S. firms define their quality control objectives and manage the risks associated with achieving those objectives. Next year we expect to begin testing in greater depth those firm quality control systems to determine whether they are operating effectively.
This year we also deployed our first ever "target team" of inspectors. The objective of this team is to look at specific issues across the entire profession, rather than having different teams at individual firms. This type of horizontal review gives us a more consistent and expansive view of where the profession stands with respect to high or emerging risk audit areas. In 2019, we directed our target team to perform a horizontal review of auditors' conduct and supervision of multi-location audits. We expect to continue to use the "target team" approach in 2020.
One final note related to how we conduct inspections. This year we significantly increased our interaction with audit committees during the inspection process. Historically, we spoke to only about 10% of audit committee chairs for the issuers whose audits we selected for inspection. This year, we requested to speak with every audit committee chair. To date, we've spoken to nearly 400. We expect to publish soon our first readout of what we heard from them in those conversations. By communicating more directly and more often with audit committee members, we firmly believe we can enhance our effectiveness and, hopefully, magnify their effectiveness as well.
3. Inspections Quality Group
During 2019, we made another significant change to our inspections program, albeit an internal one. We formed a new team, known as the "Inspections Quality Group." For the first time, the PCAOB is examining the way we conduct our inspections. We have tasked this group, staffed by experienced inspectors, with ensuring the consistency, quality, and effectiveness of our inspection activities. The group's efforts will touch the entire inspections lifecycle, from methodology to execution to reporting to remediation. Although this group is entirely internal facing, we expect it will have significant positive external effects.
The early returns from the Inspections Quality Group have been eye opening. In particular, they have confirmed the need for us to monitor the consistency, quality, and effectiveness of our inspections work on an ongoing basis. If we are to demand consistent high quality audits, we must conduct consistent high quality inspections.
B. Enforcement
Let me turn now to enforcement. As a part of the Board's strategic plan, we affirmed our commitment to enforcing accountability and deterring improper conduct. When registered firms and their associated persons violate PCAOB standards and rules, we will take prompt action to hold them accountable. Currently, we are prioritizing our enforcement efforts to address those issues that pose the greatest risk to investors and are most likely to deter improper conduct.
Most recently, the Board has placed a renewed emphasis on investigating significant audit failures, and we have issued several settled orders in priority matters in 2019. Those matters cover violations related to auditor independence, ICFR audits, quality control systems, engagement quality reviews, and other important areas of the audit. Unfortunately, we also continue to see instances where firms and their associated persons fail to cooperate with Board inspections and enforcement activities. We have issued sanctions in a number of non-cooperation matters during 2019, and we will continue to focus on this area moving forward.
C. Standard-Setting Efforts
I'll now turn to our standard-setting related efforts, beginning with our standard-setting project on quality control systems.
1. Quality Control Standard-Setting Project
The Board views a strong system of quality control within a firm as crucial to promoting consistent, high-quality audits. We also view it as foundational to our shift towards a more preventive regulatory approach.
We believe the quality of audit services will continue to improve if firms focus on identifying and mitigating the risks they face in effectively executing audits. In my view, our current quality control standards do not adequately prompt firms to do that, as evidenced by what we continue to observe in some of our inspections.
At present, the PCAOB uses the quality control standards that the AICPA developed and issued in 1997. Those standards require registered firms to design and implement a quality control system that provides reasonable assurance that their personnel comply with applicable professional standards and the firm's standards of quality. We are concerned that those standards, as currently written, are outdated and do not adequately promote audit quality.
The audit and the audit market have fundamentally changed since the AICPA first issued its quality controls standards. Technology—enabled by data—has changed how, when, and where firms deliver audit services. Firms have modernized their corporate structures and leadership and governance approaches. They have increased the scope and scale of their complex international footprints. They have changed their audit methodologies and refined their approaches to accepting and retaining clients. And, they have transformed how they monitor audit quality across their portfolios, both domestically and internationally.
Moreover, when the PCAOB adopted in 2003 the then-current AICPA standards, audit firms were not required to audit any clients' internal controls over financial reporting. Against the backdrop of these significant changes, we believe the current standards may not be sufficiently resilient to remain relevant.
At present, the Board is committed to revising the current quality control standards to better meet the needs of the present and future audit environment. We are finalizing a concept release to seek input on potential changes to those standards and we will hold an open meeting later this month on the proposed concept release.
In considering the approach we should take in this area, we know that we are not addressing this issue in a vacuum. The IAASB recently proposed a standard – ISQM 1. The IAASB designed proposed ISQM 1 to focus firms' attention on proactively identifying and responding to quality risks that may have an impact on engagement quality. The proposed standard includes specific requirements related to current developments not addressed in PCAOB standards. Information gathered through our oversight, outreach, and research activities signals that future revisions to the PCAOB's quality control standards should be built on an integrated risk-based framework, similar to Proposed ISQM 1. Many firms that follow PCAOB standards also follow the IAASB standards (or standards based on the IAASB's standards), and we believe it would not be practical to require firms to comply with fundamentally different quality control standards. Indeed, unnecessary differences in standards can detract from audit quality.
For these reasons, we plan to address these and other issues by considering later this month the issuance of a concept release on a potential approach for revising PCAOB quality control standards. We hope to obtain a diverse set of perspectives on the concept release. We encourage your participation in the process and look forward to receiving your comments.
2. Other Standard-Setting Activities
Let me briefly touch on some of our other standard-setting activities. We have finally begun to see the first audit reports that include critical audit matters, a topic you will discuss further this afternoon. We are actively reviewing the initial CAMs that have been issued to date. It is too early, however, to make meaningful observations about them. Our inspection teams have examined a sample of CAMs from large accelerated filers and we will publicly report our observations from our initial inspections and outreach as soon as possible. We'll also continue to focus on any implementation issues that arise, including as we inspect CAMs during our 2020 inspection cycle.
We're also focused on analyzing the economic and other effects of CAMs by preparing an interim analysis. The primary objective of that analysis is to evaluate whether early evidence from CAM implementation suggests significant costs or unintended consequences. We will examine how auditors responded to CAM requirements and assess initial downstream effects of the requirements on preparers and issuers. As a secondary objective, we look to gain an initial understanding of whether (and how) investors are using CAMs.
It's important to note that the interim analysis will not be an evaluation of the overall effect of the Auditor's Reporting Model standard; some potential effects may take additional time to materialize or stabilize. We do, however, expect to address the overall effect of the standard through our broader post-implementation review, which will take more time to complete.
I'll address one final point related to our standard-setting. While the PCAOB has historically issued staff guidance, we have been working to make our staff guidance more timely and useful. For example, we issued a series of CAM guidance documents to provide answers on frequently asked questions as auditors were implementing the new requirements. We plan to continue to take this proactive approach in all aspects of our oversight work as we aim to be more transparent and accessible. We welcome your feedback on our efforts and are always open to suggestions.
II. Anticipate and Respond to the Changing Environment
I'll turn now to our second strategic priority. The Board understands the audit environment is changing and is committed to anticipating and reacting to the corresponding risks and opportunities.
We have focused significant resources on understanding those technologies that are most affecting auditing and financial reporting. We have a team within our Office of the Chief Auditor dedicated to monitoring the development and implementation of emerging technologies and analyzing the implications of those developments for our auditing standards. We strongly believe that our standards—as well as our other oversight activities—should not impede innovations that support the preparation of informative, accurate, and independent audit reports. In general, we have heard that our current standards do not impede the use of technology. At the same time, we also have heard that our standards do not explicitly encourage the use of technology and that they do not illustrate how technology may be used and what the related risks and considerations are if it is used.
Technology advancements are not uniform across the audit marketplace. The largest firms are investing heavily in new technology-enabled tools and techniques. By contrast, mid-size and small audit firms continue to employ more traditional audit tools and techniques. To the extent we consider future changes to our standards, we will need to take account of the distinctions in the marketplace.
We will continue to monitor this area aggressively, with an intent to stay ahead of the curve. One way we are doing so is by relying on input from our Data and Technology Task Force.
Internally, we've also begun to make changes in our own data and technology strategy. This year, we hired our first ever Chief Data Officer and we subsequently appointed him to serve also as our Director of Information Technology. He is responsible for defining our data and technology strategy, determining the resources we need to implement them, and then spearheading their implementation across the various PCAOB divisions and offices. To be candid, we are far behind where we should be in these areas and I look forward to advancing the ball as quickly as we can over the coming years.
III. Enhance Transparency and Accessibility through Proactive Stakeholder Engagement
I'll turn now to our goal to enhance our transparency and accessibility through engagement. One of the biggest wins we had over the past year has been to greatly expand our engagement and outreach to stakeholders.
For the first time ever, we hired a stakeholder liaison to lead our outreach efforts to investors, audit committees, and preparers. Erin Dwyer is dedicated to serving as a direct point of contact and resource for these stakeholders and is actively implementing a new engagement strategy for us.
Among the activities we are sponsoring, we have hosted a number of roundtables for investors and audit committees. We are encouraged by the attendance at these events as well as the enthusiasm shown by the investors and audit committee members who attended. We expect to host more of these events in 2020 to continue this important dialogue.
In addition to the roundtables, we are also ramping up our presence at other relevant events. Over the last several months, the PCAOB has been present at events attended by more than 800 investors and 600 audit committee members. Our key takeaway from our expanded outreach is that there continues to be a strong desire to interact more often and directly with us.
Aside from investors and audit committee members, we've also recently begun to improve our outreach to financial statement preparers, and we intend to focus further on that outreach in 2020.
In short, we look forward to continuing to expand and improve our stakeholder engagement. Please reach out if you have any thoughts on how we can better reach those impacted by our audit oversight work.
IV. Pursue Operational Excellence and Develop, Empower, and Reward Our People
Let me now turn briefly to some of our internal-facing efforts to improve the efficiency and effectiveness of the PCAOB itself.
We identified a need to improve our operational excellence and in response to that need, we hired into newly-created, significant positions—a Chief Risk Officer, Chief Compliance Officer, Chief Information Security Officer, and several experts in project and portfolio management. After hiring our first Chief Risk Officer, we launched the PCAOB's first-ever enterprise risk management program this year. We developed formal plans and systems to identify and respond to business continuity concerns as well as other security threats and incidents. And, most recently, we developed a new suite of performance metrics that will assist us in measuring our progress towards completing our strategic goals.
In terms of our people, in 2019 we drafted the PCAOB's first-ever human capital strategic plan. We also launched a brand new learning management system to assist our staff in their professional growth and development. Soon, we expect to issue a new compensation and career progression philosophy, to increase transparency and engagement with our employees. We've also begun to revamp how we communicate internally. We hired an internal communications specialist and recently developed and launched the organization's first internal communications plan, with an aim of communicating more often and more effectively with all PCAOB staff.
V. Conclusion
These are just a few examples of the dozens of initiatives we have under way to achieve operational excellence and to implement our strategic plan. Much more remains to be done, however. With high expectations, we expect to continue the hard work of transforming the PCAOB into a trusted leader. As always, we welcome any feedback on our efforts.
I'm now happy to address any questions you may have. Thank you.