PCAOB Chair Williams Remarks at 2024 Deloitte/University of Kansas Auditing Symposium

Remarks as prepared for delivery

Thank you, Professor Brazel and everyone at the University of Kansas for your work to make this symposium a success, including the students serving as moderators. It is great to see the next generation of audit leaders involved.

I also want to acknowledge Deloitte for their role in helping to raise awareness of the auditing profession and the valuable role it plays in protecting investors though this symposium.

Before we begin, I must provide the usual disclaimer that the views I express today are my own and do not necessarily reflect the views of my fellow Board Members or the talented and dedicated PCAOB staff.

The PCAOB works closely with the academic community through our Office of Economic and Risk Analysis, or OERA, as we refer to it.

Last year we were fortunate to have Dr. Martin C. Schmalz, Professor of Finance and Economics at the University of Oxford, join the PCAOB as our Chief Economist and Director of OERA.

We depend on OERA to provide evidence-based analysis that helps ensure our decision-making is infused with the best available data, information, and research. And OERA depends on the broader academic community to expand our knowledge and understanding of the economic impact of auditing and audit regulation on our capital markets.

Under Dr. Schmalz’s leadership, OERA is working to expand opportunities for collaboration between the PCAOB and academia even further.

In June, we will host a joint conference with The Accounting Review. We invited researchers to submit registered report proposals to be presented at the conference. Proposals that contemplate use of specific PCAOB data for their research will be considered for future collaboration with the PCAOB.

Many of you in this room may have submitted proposals. Thank you for your participation.

If you did not, the TAR conference is not your only opportunity. In the Fall, we will host our annual Conference on Auditing and Capital Markets. Requests for submission will go out soon. So please keep an eye out.

If you are not on our listserv and would like to be added, please email to [email protected].

You can find more information about ways to collaborate with the PCAOB by going to our website, clicking on resources, and selecting information for academics. We hope to have an opportunity to work with you soon.

The theme of this year’s symposium is exciting: ‘Innovations in Auditing.’ And I know you will hear from many interesting speakers over the next two days about what the future may hold.

As we look toward the future, it’s worth reflecting on the lessons of the past that led us here today.

At the end of 2001, Americans were still grappling with the tragic events of September 11th and their aftermath; our country had entered what would become the longest war in U.S. history; and our economy was just beginning to come out of a recession.

Then the Enron scandal broke.

At the turn of the century, Enron was ranked seventh on the Fortune 500. Throughout the ‘90s, it had built a reputation as a blue-chip company, admired for its innovation.

But that reputation was built on fraud. Enron was lying about its earnings, while hiding billions of dollars in bad debt. And by the fall of 2001, it all came crashing down.

After hitting a mid-2000 high of $91, Enron’s share price was all but worthless by 2001. Investors lost billions of dollars in savings, 20,000 employees lost their jobs and their retirement, and trust in our markets eroded.

Enron’s collapse was followed by the failure of its auditor, Arthur Andersen, one of the largest audit firms in the world at the time.

And Enron wasn’t alone.

In 2001, Enron’s bankruptcy was the largest in U.S. history. Just a few months later it was dwarfed by the bankruptcy of WorldCom – yet another corporation caught cooking the books and leaving destruction in the wake of its scandal.

And with each new scandal that broke, there were hardworking Americans, retirees and families who got hurt. Lifesavings lost. Dreams destroyed.

So, Congress took action.

Led by Senator Paul Sarbanes, a Democrat from Maryland, and Representative Michael Oxley, a Republican from Ohio, both parties came together to craft legislation that passed nearly unanimously with strong, bipartisan support and was signed into law by President George W. Bush in 2002.

Among other things, the Sarbanes-Oxley Act, which we affectionately refer to as “SOX,” established the Public Company Accounting Oversight Board, or the PCAOB.

For the first time, investors would have an independent audit watchdog putting their interests first. The PCAOB would set clear standards to uphold the integrity of public audits, inspect for compliance with those standards, and enforce them to help restore trust in our capital markets.

Two decades later, our markets have evolved. Practices have changed. Technology has advanced. And new risks continue to emerge.

But one thing remains constant, and that is our mission – to protect investors and further the public interest in the preparation of informative, accurate, and independent audit reports.

Because quality audits protect people. And we must never forget that is why we are here.

After I was sworn in as Chair of the PCAOB in 2022, the Board and I reflected on the changes over the PCAOB’s last 20 years and asked ourselves what innovation was required to meet our mission in today’s market and keep investors protected against today’s risks.

Together we developed three strategic goals:

  • One, we would modernize our standards,
  • Two, we would enhance our inspections, and
  • Three, we would strengthen our enforcement.

Over the last two years, thanks to the hard work and dedication of our incredible PCAOB staff, we have significantly advanced all three of these goals in service of investors. OERA, and the broader academic community, play an important role in all three.

Modernizing Standards

Let’s start with modernizing our standards.

When the PCAOB was first getting off the ground in 2003, it adopted existing standards that had been set by the auditing profession on what was intended to be an interim basis.

Twenty years later, far too many of those interim standards remain unchanged. So, we’ve laid out an ambitious agenda to modernize them.

I didn’t have the pleasure of hearing Mr. Fackler speak before me. But the title of his speech is telling: “Rapid Change and Evolving Landscape of the Capital Market.”

The world has changed since 2003. Our markets are evolving every day. To keep investors protected in an era of rapid change, our standards must keep up.

Last year, the Board took more formal actions on standard setting and rulemaking than any year in the previous 10.

In total, this Board has adopted two standards and related amendments and issued another eight proposals for rules and standards.

In 2022, we finalized a new standard and related amendments that strengthen requirements that apply to audits involving multiple audit firms. And we issued proposals on quality control and the confirmation process for public comment.

The confirmation process touches nearly every audit, and firms’ quality control systems lay the very foundation for how firms approach everything they do, including performing audits. It is essential that they are fit for purpose in today’s world.

In 2023, we issued proposed changes to modernize and consolidate a suite of standards that address core auditing principles and responsibilities, including reasonable assurance, professional judgment, due professional care, and professional skepticism – known as AS 1000.

We proposed amendments to give auditors additional direction on specific aspects of designing and performing audit procedures that involve technology-assisted analysis of information in electronic form.

We proposed a new standard on noncompliance with laws and regulations, commonly referred to as NOCLAR.

When auditors fail to identify noncompliance with laws and regulations that have a material impact on a company’s financial statements – or fail to take the proper steps to evaluate and communicate that noncompliance – investors pay the price: retirees, families, hardworking people whose futures and savings are on the line.

Unfortunately, the current NOCLAR standard is 35 years old, and we have seen far too many examples of investors getting hurt due to noncompliance with laws and regulations since it was adopted.

We issued a proposal on a rulemaking project that would hold associated persons accountable when they negligently, directly, and substantially contribute to firms’ violations.

And the Board unanimously voted to adopt the new standard and related amendments on the confirmation process I mentioned a moment ago.

In 2024, our work continues.

In February, we proposed a new rule to protect investors from misinformation about firms’ PCAOB registration status, or what that status means.

Unfortunately, we have seen too many instances of firms promoting their PCAOB registration in a way that could mislead clients, investors, and others.

PCAOB registration is not a “seal of approval” or “mark of excellence,” as some firms have advertised on their websites. The PCAOB does not sponsor, recommend, or endorse firms.

PCAOB registration is not a system for grading the quality of a firm’s professional work.

And it certainly is not a marketing gimmick for firms.

So, this rule would ensure there are consequences when firms misrepresent their PCAOB registration status or what it means.

In April, we issued two proposals designed to empower investors, audit committees and others with more consistent, comparable data about audit firms and their audits.

Both proposals reflect input from our Standards and Emerging Issues Advisory Group and our Investor Advisory Group, who told us that better information is needed to help investors make more informed decisions.

The Firm and Engagement Metrics proposal is more than 10 years in the making. It sets out a standardized set of 11 metrics for every firm that audits at least one public company classified as either an “accelerated filer” or a “large accelerated filer” to disclose each year.

The metrics are grounded in countless hours of research by our professional staff. They include information about firms’ overall audit practice, for example, how partners’ quality performance ratings affect their compensation, and information about individual engagements, such as the time incurred by partners and managers on the engagement team related to areas of significant risks, critical accounting policies and practices, and critical accounting estimates.

Collectively, these metrics would help investors make more informed decisions about how they invest their money. And they would provide audit committees with consistent data to analyze and compare as they are selecting and monitoring audit firms.

The Firm Reporting proposal would modernize the PCAOB’s framework for collecting information from audit firms by amending the annual and special reporting requirements which have not been substantively updated since 2008.

It would facilitate the disclosure of more complete, standardized, and timely information by firms to empower investors and audit committees through greater transparency while also strengthening the PCAOB’s work to protect investors.

We are committed to getting these proposals and every project on our agenda done right.

And that requires economic analysis from our experts in OERA. Our evidence-based approach starts with understanding the current environment – asking what is needed to ensure investors are best protected and what changes may be needed to achieve that goal. Economic analysis also helps us see around the corner and anticipate a standard’s impact.

Among other things, we review a standard in terms of its likely economic benefits, costs, competitive effects, and potential unintended consequences. 

Even after a standard is approved, we often continue to examine its impact through our post-implementation review process by analyzing public and non-public data. We also conduct surveys and interviews to collect quantitative and qualitative information about the impact of standards on key stakeholders, such as investors, audit committees, and audit firms. 

And, of course, we rely on researchers. Reviewing the work of academics outside the PCAOB is critical to shaping our understanding of the audit and its role in supporting trust in our capital markets. 

Public comment is also an essential part of our standard-setting process. And that, too, includes hearing from academics who have been conducting research in these areas and have valuable input to share.

We are grateful to everyone who provides feedback, and we carefully weigh and consider each and every comment we receive.

Ultimately, having modern, effective standards that live up to the protections investors expect is good for investors, good for the profession, and good for our capital markets.

Enhancing Inspections

Of course, standards on paper don’t earn trust unless they are followed in practice, which brings us to goal number two: enhancing our inspections.

Our Inspections division is the largest division at the PCAOB, because inspections are one of the most important tools we have to keep investors protected. In fact, the Division of Registration and Inspections inspects roughly 800 audits in more than 30 jurisdictions around the world each year – now including China for the first time in PCAOB history.

To stay responsive, our inspectors need data, analysis, and high-quality economic research. 

OERA collects data from the information provided to us by firms, from third-party data providers, and from internal sources. Then, they aggregate and analyze that data to help identify areas of risk and point our inspectors in the right direction. 

They also develop economic models to further guide how we direct our inspection resources.

Of course, staying up to date on all the latest research from the broader academic community is critical to maintaining the accuracy of our models over time.

In December, the PCAOB’s inspection staff issued a Spotlight highlighting our inspection priorities for 2024. These priorities include key risks such as high interest rates and other considerations, like audit areas with recurring deficiencies that auditors should be focused on when planning and performing audit procedures.

Last year, we began including new information about independence and other matters in our inspection reports for the first time.

And we expanded the tools available on our website to make it easier to find and compare deficiency rates across audit firms. We believe when firms compete on quality, quality improves.

This was just the beginning of our work to increase transparency and make PCAOB data more accessible.

Unfortunately, we continued to see the number of deficiencies found in our inspections trend in the wrong direction in our recently released 2022 inspection reports.

While all of our 2023 reports are not yet finalized, I can say overall deficiency rates are still far too high and the PCAOB is continuing to demand firms improve.

Still, there are glimmers of movement in the right direction as we are starting to see some small signs of improvement in our 2023 reports.

Preliminary results indicate a modest improvement in Part I.A deficiency rates at some of the six U.S. Global Network Firms. At the same time, we are seeing a decline in the number of deficiencies for certain of these firms’ quality control systems.

It will take time for the quality control improvements to take root. But, because firms’ systems of quality control lay the foundation for how they perform audits, quality control improvements can signal a first step toward improving overall deficiency rates.

Again, these signals are modest, and there is much more work left to do. I know the profession can do better. And I acknowledge that many firms have committed to doing better.

It will take time and persistent focus to turn this trend around. But too much is at stake to let complacency win.

For our part, the PCAOB is using every tool in our toolbox to protect investors and drive audit quality improvements.

We have engaged in a robust outreach campaign to audit committees, including holding conversations with more than 200 audit committee chairs each year and providing specific questions audit committees should ask of their auditors.

For example:

  • Has our audit engagement been inspected by the PCAOB? Were there any audit areas that required significant discussions with the PCAOB that did not result in a comment form?
  • Has the engagement partner been inspected on other engagements? If so, what were the results of that inspection?
  • And, what is the audit firm doing to address the overall increase in inspection findings?

We recently launched a culture review initiative as part of our annual inspections. We now have a dedicated team that is performing specific procedures that have the potential of identifying and assessing unique aspects of the culture at each of the six U.S. affiliates of the global network firms and the impact these aspects may have on the firm’s ability to consistently perform high quality audits.

This team performed more than 100 interviews of personnel across these firms and are going through other materials from the firms that provide actual examples of culture. 

Our staff has not completed our evaluation or reached any common observations, but we look forward to discussing their findings soon.

I mentioned earlier that PCAOB staff issued a report we call a Spotlight last year, outlining our inspection priorities for 2024. This provides firms with key risks they should focus on when planning and performing audit procedures, a valuable tool for performing high-quality audits.

And this is just one of the many Spotlights PCAOB staff produce as part of their frequent communication to firms. Spotlights provide valuable insights about how to improve, not only highlighting key risks, but also lifting up examples of good practices to follow.

In fact, we published a new Spotlight just this week on root cause analysis, which can help firms identify and correct the underlying contributors to deficiencies to improve quality moving forward.

We also understand that not all firms have the same challenges. Smaller firms play an important role in our work to protect investors, and we know they have unique needs.

Next month, I will be in Chicago to kick off a series of forums designed specifically to provide resources and assistance to small firms. Each of my fellow Board Members will host similar forums in different regions across the country throughout the year. 

These forums allow the PCAOB to share valuable resources and information with small firms to help them improve audit quality. And by travelling around the country, the Board will be able to hear directly from small firms about their concerns.

Finally, the remediation process offers all firms an opportunity to improve their quality control procedures and therefore their overall audit quality.

When PCAOB inspections identify quality control deficiencies, by law we do not make them public in the initial inspection report.

Instead, firms have a year to correct – or remediate – the problems.

Our inspectors watch the firm’s progress closely. If the firm doesn’t address the deficiencies to the Board’s satisfaction in that timeframe, only then do we make the quality control findings public.

As I mentioned earlier, quality control systems lay the foundation for quality audits.

If you’ve ever installed wallpaper, then you know, if you get the first corner right, the rest of the job flows nicely from there. But get the first corner wrong, and the whole thing is a mess. The remediation process incentivizes firms to figure out where that first corner went wrong and provides an opportunity to get it right.

And I encourage every firm to take full advantage of it.

Enforcement

And now we have arrived at goal number three: strengthening enforcement.

Under this Board we are making sanctions count. We are expanding how we identify cases. And we are expanding the types of cases we are pursuing.

Once again, our enforcement team works closely with the OERA team to develop a list of risk factors to focus on, informed by things like significant corporate events, auditor events, or characteristics of the issuer, among others. 

Using these risk factors and other criteria, our analysts develop lists of audit engagements that our enforcement team can use to find the most likely enforcement matters, ensuring those that fail to comply with our standards and laws are identified and action is taken to promote audit quality and investor protection. 

Last month we announced the largest civil money penalty in the history of the PCAOB – a $25 million fine against KPMG Netherlands for violations of PCAOB rules and quality control standards relating to exam cheating and misinforming investigators.

As of this month, the PCAOB has imposed $34 million in penalties in 2024, and we’ve only just begun.

We set a record in 2022. We broke that record in 2023. And we broke it again just four months into this year.

Let this be a clear warning to those who break the rules – if you put investors at risk, there will be consequences.

And monetary penalties are not the only option on the table.

We have not hesitated to impose bars on bad actors or revoke firms’ registrations where appropriate. We have required functional changes to a firm’s supervisory structure for the very first time. And we have required firms to retain an independent monitor to drive improvements and best protect investors.

Removing bad actors from the profession and punishing wrongdoing protect investors, promote deterrence, and bolster trust in the vast majority of auditors who are honest and who are working hard to live up to the trust investors have placed in them.

In a moment, I will turn the floor back to Professor Brazel, and I look forward to addressing the questions you submitted.

First, I would like to leave you with this quote.

Reflecting on SOX five years after it was signed, Senator Sarbanes warned: “When things get better, companies tend to forget what happened or how serious it was at the time. Trying to maintain high standards is a difficult job.”

As you continue looking toward the future throughout this symposium, I urge you not to lose sight of the lessons of the past and the people that audits are intended to protect.

Let our innovations in auditing be in service of them.