Keynote Speech to ALI's Accountants' Liability 2018 Conference
The underlying assumption of a well-functioning capital market is trust. When companies report their results, investors expect and deserve to rely on the completeness and accuracy of an issuer's financial statements. An informative, accurate, and independent audit report provides the basis for an investor's confidence in those statements. [1]
The Sarbanes-Oxley Act established the PCAOB to "oversee the audit[s] of [public] companies . . . in order to protect the interests of investors and further the public interest in the preparation of informative, accurate, and independent audit reports."[2] One of the ways we fulfill our statutory mandate is by conducting our oversight in a manner that promotes continuous improvement in audit quality, thereby reinforcing trust in our capital markets. I intend to spend the majority of my time this morning discussing the concept of continuous improvement in audit quality and how the new Board intends to pursue it.
As a Board, we recently went through a lengthy strategic planning process. That process provided a perfect opportunity for the five new Board members to develop and coalesce around a comprehensive new vision and strategy for the organization. The process was unlike any other the Board had previously followed. First, the Board reached beyond our own four walls for insights. We engaged a third party to host an anonymous public survey seeking views on our strategic priorities. Our consultant also engaged more than three dozen external parties in a series of one-on-one interviews.
Second, we sought feedback from our entire workforce, not just our leadership which reflects our view that the best ideas often will come from the people actually doing the work. Third, after developing a draft strategic plan based on our outreach and our own insights, we published the draft plan and sought comments from the public on the specific goals and objectives we laid out. Overall, our outreach revealed much about the current state of audit quality and the audit profession, the evolving risk landscape, and the rapidly changing environment in which we operate.
Throughout the entire process, many ideas and concepts were brought to our attention. But, one in particular stood out. To succeed in promoting continuous improvement in the quality of audit services, we must focus our regulatory attention and our efforts not only on detecting and remediating audit deficiencies, as we have done in the past, but also on preventing them from occurring in the first place. This will require a thoughtful and careful departure from our past practices.
It will require a much more forward-looking approach to the design and conduct of our oversight activities and a willingness to adjust our approach in response to the changing environment. It will also require a commitment to communicating early and often with our stakeholders and intentional engagement with standard setters and other audit regulators around the globe. In other words, we must reexamine and, where necessary, transform the manner in which we conduct our oversight to protect investors and further the public interest in the preparation of informative, accurate, and independent audit reports.
First, I'd like to address the prevention theme, as well as our efforts to transform the PCAOB, in the context of three of our duties under the Sarbanes-Oxley Act: (1) inspections; (2) enforcement; and (3) standard setting. I will then close with a few words on enhanced external engagement.
There appears to be a consensus that our current inspections, enforcement, and standard-setting regime has helped improve the quality of audit services. Since the time our approaches in these areas were first developed, many firms have made meaningful forward progress in audit planning, including risk assessment, in audit execution, in communications with audit committees, and in other significant areas of the audit. More, however, remains to be done if our goal is "continuous" improvement in audit quality because there is some evidence that indicates that firms are beginning to plateau on their inspection results.
Inspections
Led by our newly-appointed Director of Registration and Inspections, George Botic, we kicked off a number of integrated transformation activities within our inspections function this summer. These activities include revisiting the fundamental purpose of our inspections program, how we select audit engagements for inspection, what procedures we perform during an inspection, what data we collect and use as part of our inspections, and how, what, and when we report on our inspections. We are also revisiting our approach to remediation determinations, not only to ensure our process is more timely but also that it focuses on driving impactful improvements in the firms' quality control systems.
These transformation activities, which include discrete studies and larger projects, each began with a clean sheet of paper. We asked ourselves one fundamental question with respect to each: How can we most efficiently and effectively tackle this issue so as to drive continuous improvement in the quality of audit services? We expect to complete some of these activities within a matter of months. We expect others will take a few years to complete.
Audit firms should expect to see some changes in our inspections approach beginning with the 2019 inspection cycle. For example, we expect to place an increased focus on the firms' systems of quality control. When quality control systems function effectively, they prevent audit deficiencies. We have observed increased audit quality where firms have emphasized strong root cause analysis, thoughtful engagement management, careful assignment of personnel, and risk-focused client acceptance and retention processes.
We likewise expect to take a more agile approach to dealing with current and emerging audit risks and audit quality issues. In 2019, we plan to deploy one or more additional teams of inspection professionals focused on performing targeted procedures across firms on specific topics. Our current inspections approach has specific teams focus only on individual firms. We anticipate releasing a public report on these targeted inspections to inform the marketplace about what we observe.
In addition, we expect to increase our interaction with audit committees during the inspection process in 2019. Like us, audit committees are on the front lines of promoting audit quality. We view an informed and engaged audit committee member as an effective force multiplier.
I've spoken with dozens of audit committee members over the past several months. Nearly all have emphasized the need for the PCAOB to engage more often and more directly with them. As part of our broader engagement strategy, we believe that our inspections program provides us with one meaningful opportunity to do so.
Finally, we plan to make incremental changes in how we report our inspection results. As a Board, we have decided that to be as effective as possible, our reporting on inspection activities must be grounded in two core principles: timeliness and relevance. First, we must report on our inspection activities in a timely manner. The earlier we bring information to the marketplace, the better. Second, our reports must provide relevant, useable information. We must be intentional about how and what we communicate to different groups. More timely and relevant feedback provides investors and audit committees with useable information to aid their decision-making. Auditors will also be able to adjust their behavior before the same mistakes are made.
Although many details remain to be finalized, we plan to move away from simply reporting the "failures" we observe in individual audit engagements, to reporting more about the nature and severity of our inspections findings. We also expect to take a more balanced approach to communicating, by publishing not only those audit deficiencies we observe, but also those behaviors and practices we observe that promote or enhance audit quality. To effectively prevent audit deficiencies, we need to spend as much time discussing audit "successes" and what leads to them, as we do reporting about audit "failures" and the deficiencies that cause them.
In modifying our communications approach, we also expect to improve the accessibility of our reports for investors, audit committees, and other interested parties. We hope that our modified approach to inspections reporting will begin to shift the public dialogue away from a mere quantification of audit deficiencies to a more balanced and meaningful assessment of audit quality.
Enforcement
As with inspections, we are currently exploring how our enforcement function can most effectively assist us in our broader strategy to not only detect audit deficiencies but also prevent them from occurring in the first place. We are working closely with our team in the Division of Enforcement and Investigations to identify areas where we can improve. To the extent we identify changes that will make our approach to enforcement more efficient and effective, we will make those changes.
Certain fundamental governing principles, however, will guide our actions in this area. In particular, we are committed to enforcing compliance with our standards and rules and related federal securities laws. When registered firms and their associated persons engage in improper conduct, we will take prompt action to hold them accountable and to deter others from engaging in improper conduct.
Effective deterrence results in effective prevention. When we select the right mix of cases and the right types of sanctions to impose, we send a strong message to the profession about how they can and should shape their behavior to ensure compliance. In coordination with the SEC, we will prioritize our enforcement efforts so that those efforts focus on addressing the issues that pose the greatest risk to the investing public and are most likely to drive improvement in the quality of audit services. In particular, when we see significant audit failures—including the reckless exercise of auditor judgment—we will pursue those cases.
Effective audits unquestionably require auditors to exercise substantial judgment. So long as those judgments are made in good faith and are guided by the sound application of our auditing standards, auditors should feel empowered to make them. We do not and will not second guess judgments that, when made, were reasonable under our standards and applicable law. However, where auditors refuse to see the obvious, choose to turn a blind eye, or fail to carry out their responsibilities under the securities laws and our standards—including by failing to support their audit opinions or by failing to exercise appropriate professional skepticism—we will not hesitate to hold them accountable. We will also continue to pursue cases involving non-cooperation with Board processes.
And now a few words on two recent decisions. First, the Laccetti decision from the D.C. Circuit.[3] There, the D.C. Circuit held that Board staff had improperly rejected an Ernst & Young partner's request for a technical expert affiliated with Ernst & Young to attend his testimony. By excluding the expert, the court held that Board staff had violated his right to counsel. In light of this decision, Board staff have been directed to make certain modifications to their prior policy. Board staff will now, in appropriate circumstances, permit the attendance of technical experts during testimony even when such experts are affiliated with the firm subject to investigation. There continue to remain, however, certain reasons to exclude such experts. For example, Board rules specifically require exclusion of anyone who may be a witness in the investigation. Also, if the expert is a supervisor or personnel reviewer of the witness, it may not be proper for that expert to attend.
Next, I'd like to briefly address the decision in Lucia v. SEC wherein the Supreme Court held by a 6-to-3 margin that the SEC's administrative law judges are "inferior officers" who must be appointed in accordance with the Appointments Clause of the U.S. Constitution.[4] We understand questions have been raised about the PCAOB's Hearing Officer following the Supreme Court's decision in Lucia. We believe that there are several material distinctions between the role of an SEC ALJ and the PCAOB's Hearing Officer. But we also believe that uncertainty in this respect can invite lengthy litigation about collateral issues and cast a cloud over our enforcement program. As a result, we are currently pursuing short-term and long-term options that should put to rest any doubts about the constitutionality of our enforcement program. For example, in the short term, the Board retains full statutory authority to oversee disciplinary proceedings itself, without the involvement of a separately appointed hearing officer. Therefore, we retain our ability to pursue litigated matters. I cannot elaborate at present on any specific actions we might take to effect a long-term solution, but we expect to be in a position to provide additional details relatively soon.
Standard Setting
Let me next address our standard-setting function. Our standards, rules, and guidance are designed to promote audit quality by providing a defined framework for the audit profession to follow. That framework, if properly designed and effectively implemented, provides the foundation for high quality auditing. To ensure our framework retains its vitality and effectiveness and thus prevents audit deficiencies, we have set a strategic priority that involves regular evaluation and refinement. We will not hesitate to make changes to that framework when we deem it appropriate to do so.
We currently have two significant standard-setting projects that we expect to conclude shortly. Both are intended to resolve lingering issues with our current standards. We also hope to complete a third project related to the Supervision of Audits Involving Other Auditors early next year. We are giving close consideration to two additional areas that we believe are strategically important—our standards related to quality control and changes in data and technology. And, finally, we are continuing to address the recent changes adopted to the Auditors' Reporting Model, including upcoming reporting of critical audit matters.
I'll address the two nearly complete standard-setting projects first. The staff is working to present to the Board by the end of the year recommended changes to our standards related to auditing accounting estimates, including fair value measurements, as well as revised standards related to the auditor's use of specialists.
With respect to estimates, the continuing evolution of accounting standards and financial reporting obligations has increased the prevalence and significance of accounting estimates, including those based on fair value measurements. The three PCAOB standards in this area, first adopted by the PCAOB in 2003, are not uniform and would benefit from further integration with our current standards. I anticipate that our staff will recommend amendments that will replace the existing standards with a single, updated standard. The Board will consider whether that revised standard would further investor protection by promoting strengthened auditing practices and a more uniform, risk-based approach to this important area of the audit. The updated standard, if adopted, would be fully integrated with the Board's risk assessment standards.
Auditors' use of specialists has also been growing in prevalence. We are considering whether the proposed amendments would effectively enhance investor protection by strengthening the requirements for evaluating the work of a company's specialist and applying a supervisory approach to both auditor-employed and auditor-engaged specialists. The amendments are designed to be risk-based and scalable, so that the auditor's effort to evaluate the specialist's work is commensurate with the risk of material misstatement associated with the area of the specialist's work. The staff believes these amendments will lead to more uniformly rigorous practices among audit firms of all sizes and enhance audit quality and the credibility of information provided in financial statements.
We are also focused on how data analytics and technology will change the audit. Our capital markets lead the world in technological innovation, including both at the preparer and audit firm level. For the foreseeable future, advancements in data analytics and technology will have a continuing, transformative impact on the nature, presentation, and consumption of financial information. How the auditing profession conducts its audits—both in the information used in the audit and in the types of procedures the auditor performs—necessarily will change in response. We must anticipate relevant changes, consider the risks associated with them, and adapt our oversight activities to respond proactively to them.
In adapting our oversight activities, we must ensure our standards do not inhibit those innovations that support audit quality. We thus have a discrete project on our research agenda to explore whether there is a need for guidance, changes to PCAOB standards, or other regulatory actions in light of new and emerging technology-based tools. We will analyze carefully the impacts of technological changes on the audit profession and will engage capital market participants—including investors, public companies, audit committees, researchers, audit firms, international audit regulators, and others—as part of that effort. As we anticipate relevant advancements and the need for changes to our guidance and standards, we will develop specific action plans to respond, with the goal of ensuring that the advancements support informative, independent, and accurate audit reports.
In support of this project, the Board continues to push forward with its data and technology task force, which has been charged with assisting our staff in obtaining insights into the use of data analytics and other emerging technologies. We have also begun to develop formal organization-wide strategies related to our own IT program management and use of data. We will be making significant investments in these and related areas to enhance the effectiveness of our oversight activities.
Next, the Board continues to make progress on its quality control project. As noted earlier, we view a strong system of quality control as integral to our shift towards a more prevention-based regulatory approach. We must focus firms on building quality control into their audit processes. In particular, our staff is exploring whether there is a need for changes to existing quality control standards that would prompt firms to improve their quality control systems and more proactively identify and address emerging risks and deficiencies.
Let me turn now to the Auditors Reporting Model. In 2017, the PCAOB adopted a new standard intended to enhance the usefulness of the auditor's report.[5] Beginning in 2019, the new standard will require the auditor to communicate critical audit matters arising from the audit of the financial statements that required especially challenging, subjective, or complex auditor judgment, and the auditor's response to those matters. These changes are intended to inform investors and other financial statement users about the most significant issues in the audit and how they were addressed. The new standard also requires disclosure of auditor tenure in addition to a number of other changes to the presentation of the auditor's report.
The PCAOB is observing what audit firms are doing to implement the new requirements, placing particular emphasis on how they are preparing to communicate critical audit matters. We are taking a proactive approach in this area because we want auditors to get the requirements right from day one. In particular, we are engaging with audit firms to understand their experiences in performing dry runs with their clients and any implementation issues that may need to be addressed. We are also providing direction through written guidance, educational webinars, and responses to comments and questions we receive. Any auditors who wish to consult with us regarding critical audit matters before they become effective should simply reach out.
Once the initial implementation of critical audit matters begins in June 2019, we plan to assess experiences and results, and determine whether we need to take further action—including whether to issue guidance or amend the standard. As part of this assessment, the staff plans to engage with auditors, investors, financial statement preparers, and audit committee members, through requests for comment, interviews, surveys, and other outreach to learn about their experiences.
After a reasonable period of time following completion of implementation in December 2020, we will conduct a post-implementation review to analyze the effectiveness of the new requirements. As part of that exercise, the staff will reevaluate the costs and benefits of the standard, including any unintended consequences, to understand the overall impact on the audit profession, public companies, and users of financial statements. To the extent that review suggests changes should be made, we will consider such changes at that time.
External Engagement
Let me conclude by addressing one additional effort the Board is undertaking as it attempts to transform the PCAOB. The Board strongly believes that substantial opportunities exist for us to engage more often and more effectively with investors, audit committees, preparers, registered audit firms, standard-setting organizations, and other audit regulators. Continuous and interactive engagement enhances our ability to improve the quality of audit services. It provides us with the information we need to better understand the state of audit quality and to tailor appropriately our regulatory responses. Consequently, the Board has set a goal to enhance our transparency and accessibility through proactive external engagement. This will include directed efforts toward cultivating more effective and more dynamic dialogue and improving the nature and quality of the information we produce for the marketplace.
Thank you.
[1] The views I express here today are my own and do not necessarily represent the views of the board, or any individual board member.
[2] 15 U.S.C. § 7211(a).
[3] Laccetti v. SEC, 885 F.3d 724 (D.C. Cir. 2018).
[4] Lucia v. SEC, __ U.S. __, 138 S.Ct. 2044 (2018).
[5] PCAOB Release No. 2017-001 (June 1, 2017); see also SEC Release No. 34-81916 (Oct. 23, 2017).