Presentation to the AICPA National Conference
Introduction
Good afternoon everyone! I’m very pleased to be here today to address matters on auditing, addressing matters of interest from the Office of the Chief Auditor. Like a number of you, I’ve been attending this conference for many years and find it to be one of the most informative conferences regarding current accounting and auditing issues. I'm honored to be a part of the conference and addressing you today. My remarks will be focused around the following three topics:
- The Current Audit Environment,
- PCAOB Standards-Setting Activities, and
- FASB/IASB Convergence projects (and potential implications for auditing)
I recognize that many in the audience are from the preparer/issuer community rather than from the auditing profession. I'll do my best to structure my comments to have relevance to everyone, but even when I'm speaking primarily on standards, I think it's beneficial for preparers to have a good understanding of the current auditing issues.
Before I go further, I want to remind you that my remarks are my own and do not necessarily reflect the views of the PCAOB Board, individual Board members or other members of the PCAOB staff.
The Current Audit Environment
Although there are some signs of improvement in the overall economy, our economic future is filled with challenges and uncertainties. In Fed Chairmen Ben Bernanke's recent words, "we're not very far from the level where the economy is not self sustaining." On the international front, just last Friday the President of the European Central Bank stated bluntly, "the crisis is not yet over."
The ongoing economic challenges and uncertainties pose significant risks for financial reporting and auditing. In my opinion, audit risk, as it has been since the start of the economic crisis, continues to be very high.
In December 2007 and December 2008 we issued Practices Alerts 2 and 3, respectively, as we saw auditing challenges growing. In my view, both of these Alerts continue to be applicable to 2010 audits.
Practice Alert 2 alerted auditors to increasing risks, because of the economic environment, in auditing fair value measurements, and reminded auditors of their responsibilities under PCAOB standards at AU 328 and 332.
Practice Alert 3 describes numerous risks in connection with audits in the current economic environment and directs auditors to the applicable PCAOB auditing standards. Many of the same auditing challenges, including those pertaining to fair value measurements of financial instruments, continue to be prevalent. Some of these are:
- Revenue recognition practices
- Valuation of Goodwill and Other Long-lived assets
- Valuation allowances needed for Deferred tax Assets
- Allowance for loan losses or other uncollectible receivables
- Realizable value of inventories,
- The adequacy of disclosures, and
- Going Concern considerations
In addition, it's important to recognize that fraud risk also continues to be elevated. Pressures for a company to survive, to meet earnings expectations or for management incentive compensation can create incentives and rationalizations for financial reporting fraud. Cost containment actions, resulting in reductions in staff size or key control personnel, may create the opportunity for fraud as elements of the internal control structure could be missing. Combined with this, we’re also hearing about demands on auditors for significant fee reductions – at a time when audit effort may need to increase. Given the need to maintain audit quality, auditors who agree to significant audit fee reductions, hopefully, are not decreasing audit hours unless they are doing so because of an identifiable decrease in audit risk or other commensurate changes in circumstances.
Speaking of fraud risk, during the past year COSO published their study of "Fraudulent Financial Reporting: 1998-2007." The study analyzed financial reporting fraud investigated by the SEC during those years. A couple of the study’s findings that are important audit considerations, especially in this environment, are, first, that the SEC named the CEO and/or the CFO for some level of involvement in 89% of the fraud cases and, second, that fraudulent revenue recognition practices accounted for over 60% of the cases.
PCAOB auditing standards tackle these two issues head-on. AU 316 states that "the auditor should ordinarily presume that there is a risk of material misstatement due to fraud relating to revenue recognition." The standard also states that "management has a unique ability to perpetrate fraud because it frequently is in a position to…manipulate ...records and present fraudulent financial information." Because of this, the auditor should specifically address the risk of management override of controls occurring.
This seems like a good time to remind auditors of their responsibility to plan and perform their audit work with "due professional care" and to "exercise professional skepticism – an attitude that includes a questioning mind and a critical assessment of audit evidence" throughout the audit.
In September of this year, the PCAOB issued, under Rule 4010, a "Report on Observations of PCAOB Inspectors Related to Audit Risk Areas affected by the Economic Crisis." Although not suggesting pervasive issues existed, PCAOB inspectors identified instances where auditors sometimes failed to comply with auditing standards in areas that were significantly affected by the economic crisis, such as fair value measurements, impairment of goodwill…and other long-lived assets, allowance for loan losses, off balance sheet structures, revenue recognition, inventory and taxes."
The audit deficiencies noted in this report are found in mostly the same areas as those highlighted as potential audit risks in Practice Alert 3. Also, I'm aware that many firms issued guidance to their staffs in these same areas. Auditors and Audit firms should consider how improvements in the processes of Supervision and Review during the audit and in the firm's system of quality controls could improve audit quality in these areas in this year's audits – in other words, getting to the root cause of audit deficiencies.
During this past year we also issued two new audit Practice Alerts, numbers 5 and 6.
Practice Alert 5 addresses Auditor Considerations Regarding Significant Unusual Transactions. The current economic environment increases the risks of a company entering into a significant unusual transaction outside the normal course of business, structured to achieve a particular financial reporting objective. This Alert reminds auditors of their responsibilities to address the financial reporting risk of significant unusual transactions and, among other things, describes responsibilities to consult with others, communicate with the audit committee, and evaluate the transparency of the related financial statement presentation and disclosures.
Practice Alert 6 addresses situations where US auditors are reporting on the financial statements of issuers where substantially all of the operations and assets of the issuers are in foreign countries. In many of these cases, the foreign operating company had previously merged with a US shell company registered with the SEC. This Alert reminds auditors of their responsibilities under AU 543, Part of an Audit Performed Other Auditors, and AU 311, Planning and Supervision. Our Inspections have identified cases where US auditors were issuing audit reports on issuers with substantially all of their operations in foreign countries but were not following either of these standards in their audits.
The last item I want to mention regarding the current environment pertains to the Mortgage Documentation issue that has recently received widespread attention. Allegations have been made that loans were sold that did not meet the requirements specified in the sale documents and may be "put back" to the sellers and that, as part of foreclosure proceedings, some financial institutions submitted erroneous or incomplete documents. Recently the SEC staff issued a letter to many issuers reminding them of their responsibilities in accounting for and disclosing loss contingencies. Auditors should be aware that the potential risks and costs associated with these activities could have implications for audits of financial statements or of internal controls over financial reporting. These implications include the proper accounting for recourse liabilities, in the proper period, and accounting for litigation or other loss contingencies and the related disclosures.
Finally, in the audits of internal controls over financial reporting, auditors should take a fresh look each year at their approach and consider changes within a company and its environment in assessing risk and developing appropriate audit responses. It has been observed that disclosures of material weaknesses, which should be a leading indicator of potential financial reporting problems, have instead become a lagging indicator. That is, Material Weaknesses seem to be reported, generally, only in connection with a restatement - where the material weakness is often obvious. In many cases a material weakness likely existed before the restatement as well, but unfortunately the ICFR audits are often not identifying them.
Let me now turn to our standards-setting activities.
Standards-Setting
As I’m sure many of you have observed, the PCAOB has significantly accelerated its standards-setting activities. Numerous final standards, proposed standards, concept releases and Practice Alerts have been issued in the past two years. We have an ambitious standards-setting agenda which is officially updated semi-annually and is posted on our website. I want to express my appreciation to our Standing Advisory Group with whom we discuss and review these standards-setting projects. The SAG provides us with very valuable input and insight into our activities.
First, I’ll address recent standards adopted by the Board.
AS 7, Engagement Quality Review (or what was formerly called a concurring partner review), is effective for 2010 quarterly reviews and audits of the financial statements of all Issuers. Although it’s been required for quarterly reviews of calendar year filers throughout 2010, I still think it's important to discuss today – in advance of its initial applicability to year-end audits. I believe this is a standard that should significantly benefit investors through improved audit quality. Our Inspection observations in the past noted numerous weaknesses in the performance of the concurring partner review, including questionable effectiveness and poor documentation. AS7 should substantially enhance the quality of the EQR by strengthening the review requirements, especially regarding (i) the qualifications of the reviewer, (ii) the procedures required to be performed and (iii) the documentation required of the reviewer. I believe audit quality can be greatly improved by a well performed, objective review of the audit by a qualified engagement quality reviewer. In many cases, I would expect the 2010 EQR to be performed in substantially greater depth than the concurring partner review was in 2009.
AS 8 through 15, or what we refer to as the Risk Assessment Standards, were adopted by the Board this summer and we are anticipating final approval by the SEC in the very near term. As adopted, these standards are effective for 2011 audits. So, it is important for auditors to build these standards into their audit methodologies as soon as possible. These standards are designed to improve the auditor's assessment of and response to risks in the audit. With 8 new standards, it would be a bit overwhelming for me (and exhausting for you) to review them in any detail here. But, I hope the following points give you a flavor for some of the highlights of these standards. The risk assessment standards:
- Enhance the requirements for planning the audit and considering materiality, including greater guidance for multi-location audits.
- Describe more directly the supervisory responsibilities of the engagement partner. (Our Inspections often find engagement deficiencies which should have been obvious through the review process)
- Strengthen the requirements linking audit tests to the assessed risks.
- Promote a more comprehensive evaluation of evidence obtained during the audit.
- Integrate fraud considerations throughout the audit. (Our Inspections have noted that fraud brainstorming is often done as an isolated event, not integrated into the audit)). And
- Focus more audit attention on financial statement disclosures. ( Again, it is often asserted that auditors don't focus sufficiently on the quality of financial statement disclosures )
Obviously, I can't do justice to the content of 8 new standards in a 30 minute speech, so I just wanted to remind you of (i) the importance of these new standards, (ii) some of their key themes, and (iii) their expected imminent effective date.
Next, let me turn to our current standards-setting agenda. As you know, the first few years of standards-setting within the PCAOB were largely dominated by the SOX requirement for an audit of and the auditor's expression of an opinion on a company's internal controls over financial reporting. As I mentioned earlier, we've now moved up the dial substantially with respect to the pace with which we are addressing revisions to interim standards and development of new standards. We prioritize our standards-setting goals based on a number of factors, including:
- our assessment of those interim standards most in need of improvement,
- input from our Inspection findings and Enforcement actions,
- developments in the marketplace, and
- areas where we believe we can best improve audit quality and address fraud risk.
As SEC Chairman Mary Schapiro said yesterday, "the scandals and crises of the last decade…have shaken the public's trust in America's capital markets", a "decade (investors) perceive as marked by restatements, misleading window dressing and off balance sheet exposures that prevent them from making fully informed investment decisions." Our standards-setting activities are intended to rebuild investor confidence in our markets through:
- Transparency in the standards-setting process,
- Addressing the most pressing audit issues, and
- Developing standards with appropriate and robust requirements.
We review our standard-setting agenda regularly with the Board and periodically with the SEC and our Standing Advisory Group. We’re also cognizant of the fact that there are multiple auditing standards-setters. As such when we issue a proposed or adopted standard, we include an analysis of our standard with any analogous standard of the ASB or the IAASB to facilitate comparison.
These next two slides list the matters that are currently on our standards-setting agenda. I'll speak to just a few of the items.
Turning to the first slide, with respect to first two items, Communications with Audit Committees and Confirmations, we've issued proposed standards, and, with respect to the next two items, Failure to Supervise and Signing the Audit Report in the Engagement Partner's Name, we’ve issued Concept Releases. In each case the comment periods have closed, we are assessing the comments received and, together with the Board, we are considering next steps such as moving to a final standard or another proposal. In either event, I expect you will see action on all four of these standards-setting matters in the first half of 2011.
Just as AS7 should substantially improve the engagement quality review, our proposed standards on Communications with Audit Committees and use of Confirmations are intended to substantially improve audit practice in these areas. For example, The Sarbanes Oxley Act placed the audit committee squarely at the center of the relationship between a public company and its auditor based on the idea that independent, informed, and proactive audit committees can and should be key to protecting the interests of public company investors. The proposed standard - Communications with Audit Committees- builds on that idea by ensuring auditors communicate timely to the audit committee significant matters regarding audit risk and strategy, accounting policies and practices and other important audit matters.
Turning to the other items on our Agenda on this next slide, I'll comment briefly regarding the Audits of Broker/Dealers, the Auditor's Report and Going Concern.
Dan Goelzer mentioned that the Dodd/Frank Act gave the PCAOB specific authority, including standards-setting, over the audits of Broker/Dealers. The SEC has issued a release advising that 2010 audits of Broker/Dealers should continue to be performed in accordance with AICPA standards. We’ve begun work, however, to address these audits in contemplation, ultimately, of them being performed in accordance with PCAOB standards. We’re considering initial implementation, or Day 1, guidance as many of the auditors of nonpublic broker/dealers have not previously performed audits in accordance with our standards. In addition, we’re addressing future standards for the financial statement audits and for the various compliance reports, including reports regarding the safekeeping of customer assets, that auditors of broker/dealers are required to issue pursuant to SEC rules. We’ll be working closely with the SEC to develop standards that are properly aligned with the SEC’s rulemaking and that protect investors, yet are appropriately scalable for the different types and sizes of broker/dealers. The Madoff scandal highlighted the risk investors can face regarding the safekeeping of their assets. As such, this standard-setting project is a high priority item on our agenda!
The next item I'd like to mention is the Auditor's Report. Based on everything I know and continue to hear, investors highly value an audit. On the other hand, however, we are continuing to hear, with ever increasing volume and frequency, that investors are not satisfied with the current audit report itself. It's very important to investors to know whether the financial statements are presented fairly, but Investors and other Users are saying that they need to hear much more from the auditor. There's a broad range to the quality of the financial statements and disclosures within the term "presents fairly" and investors want to hear more about the auditor's view of those financial statements – especially about significant judgments and estimates in the statements and the quality, not just acceptability, of the company’s accounting policies.
This message is being heard around the world and several international organizations are also addressing questions about the auditor's reporting model. In the case of the PCAOB, my office has been (and will continue) conducting a broad outreach to better understand the issues. We are meeting with many investors and investor groups, auditors, preparers, academics, regulators and others. As Dan Goelzer mentioned, my office intends to present the results of this research to the Board in March and issue a Concept Release in the second quarter of 2011. The Concept Release will consider alternative reporting models. This is another project that we are marking as high priority. And, I expect you'll see action in the near-term from other international standards-setters and Regulators on this as well.
Let me turn to Going Concern. Today, the responsibility to evaluate whether there is substantial doubt about a company's ability to continue as a going concern resides in the auditing standards. The FASB added a project to their agenda to consider requiring going concern disclosures to be made by management in the financial statements. At recent meetings, however, the FASB has indicated they are moving more to a risks and uncertainties type of disclosure requirement – an early warning signal. We are working closely with the FASB to consider their standard setting in this area in connection with our going concern standard. Depending on how the FASB comes out on this project may or may not lead us to make changes to our Going Concern standard. In either event, we’re endeavoring to be in lock-step with the FASB on this issue.
Let me now briefly comment on two items not currently listed on the standards-setting agenda – codification and independence.
We have identified codification of our standards as another important matter, although a fix is probably not right around the corner. Nevertheless, we’ve begun a project addressing the integration, or codification, of the Interim standards with newly adopted standards to develop a new framework for the Board’s standards.
With respect to auditor independence, although we do not have a current project on our agenda, we regularly consider emerging issues potentially affecting independence to determine if further rulemaking is necessary. In this regard, we are aware of the increase in non-audit services at many firms. We’re working closely with our Inspections division to consider whether the nature or extent of these non-audit services could impact auditor independence and require action on our part.
This covers my update on standards-setting so let me now turn to the FASB/IASB Convergence projects.
FASB/IASB CONVERGENCE PROJECTS
My office has been closely monitoring the FASB/IASB convergence projects and, in many cases, have held discussions with the FASB and the SEC. We’ve also had substantive discussions at the last two meetings of our Standing Advisory Group regarding the pace, volume and nature of changes being proposed to the U.S. accounting framework. I want to emphasize that we know that developing accounting standards for U.S. Issuers is the charge of the FASB, IASB and SEC. Having said that, the SAG discussions expressed concern about the pace, volume and nature of accounting change and the potential audit implications. Some of the areas of concern were:
- The ability for all involved to comment and absorb the extent of change,
- The significant decrease in guidance in certain proposed standards, and
- The resulting increase in judgments, estimates and use of fair values in proposed standards -- areas where our inspections have, at times, found audit problems in the past.
It's often mentioned that in revenue recognition, for example, approximately 200 pieces of guidance will now be covered by one standard -- one size, fitting all.
With respect to the pace and volume, we appreciate that the Boards have staggered, somewhat, the release of proposals. Hopefully, this will mitigate the risk of proposals not getting sufficient attention.
To the extent auditors have any concern about auditability with the proposed standards, we encourage the audit community to share those concerns with the FASB or us.
Our SAG has also advised us to consider new auditing standards that may be necessary in light of the changes in the accounting framework.
Wrap-Up
Well, let me bring my comments to a close by wishing all of you, preparers and auditors, best wishes for success in your 2010 year-end efforts.
Thanks very much for your kind attention!