Remarks at the AICPA Conference on SEC and PCAOB Developments
I'm delighted once again to address you at this Annual Conference. This continues to be the premier event on accounting and auditing developments, and I congratulate the AICPA for their efforts on this conference each year.
Before I say more, I need to remind you that my comments are my own views and do not necessarily represent the views of the PCAOB, its Board or its staff members.
Introduction
The PCAOB is committed to fostering the highest level of audit quality in the world through high-quality auditing and professional practice standards, a robust inspection process, and enforcement actions, when necessary. In my role as Chief Auditor, I work closely with the Board and other Divisions to make sure any new standards are in the public interest, furthering the protection of investors, and are supported by robust economic analysis regarding the need for and benefits of the rulemaking. We're also committed to issuing timely staff guidance through Audit Practice Alerts and other means to address current or emerging challenges to high quality audits. This afternoon I plan to discuss the following major developments:
- Recent standards adopted that improve the relevance and transparency of audits,
- A recent Audit Practice Alert issued to help auditors address the implementation challenges of the new Revenue Accounting Standard,
- Three standards and amendments proposed to improve audits in critical areas, and
- PCAOB activities to stay on the cutting edge of changes in the use of data and technology in audits.
Recent Standards Adopted that Improve the Relevance and Transparency of Audits
New Audit Report
On June 1, the Board adopted a new standard and amendments that completely transform the audit report issued on financial statements. This rule was approved by the SEC in October. The new audit report was adopted after extensive outreach and opportunity for public comment over more than six years and results in the first significant change to auditor reporting since the 1940's. As you know, the audit report today is essentially a binary pass/fail model. In the opinion of the auditor, the financial statements are either fairly presented or not. Whether the audit cost $50,000 or $50 million, the investors, the owners of the company who pay for the audit, see the exact same pass/fail opinion on each set of financial statements.
However, as you know, operations of companies are becoming increasingly more complex and global, and financial reporting frameworks have evolved to an increasing use of complex estimates and fair value measurements. As a result, audits, in turn, can involve challenging, subjective and complex judgments. But investors have no insight into the unique challenges of each audit. The audit report provides no transparency into the audit. On the other hand, the new audit report will now convey to investors useful information about the audit – information that will help investors better consume the underlying financial information reported by management.
The key aspect of this change is the requirement for auditors to communicate "critical audit matters" in the audit report. Critical audit matters, or CAMs, are matters that are communicated or required to be communicated to the Audit Committee and that:
- Relate to accounts or disclosures that are material to the financial statements, and
- Involve especially challenging, subjective or complex auditor judgments.
The Audit Committee plays a vital role in its oversight of financial reporting and the auditor. PCAOB standards govern auditor communications with the audit committee and require the auditor to communicate information about the complex aspects of the audit. As such, CAMs are likely to be identified in areas that investors have said are of particular interest to them, such as audit work pertaining to significant management estimates and judgments, areas of high financial statement and audit risk, unusual transactions and other significant changes in the financial statements.
Communication in the audit report of each CAM will include:
- Identification of the critical audit matter,
- A description of the principal considerations that led the auditor to determine that the matter was a CAM,
- A description of how the matter was addressed in the audit, and
- Reference to the relevant financial statement accounts and disclosures.
CAMs will be unique to each audit and will provide investors with important information about the audit that can further inform their investment decisions.
Critical Audit Matters are not the only change in the new auditor's report. The auditor's report will now disclose auditor tenure with the company – the number of years the auditor has consecutively served as the company's auditor. Although there has been growing voluntary disclosure of auditor tenure in proxy statements, this new requirement will now result in this disclosure in all cases, in a consistent location and on a timely basis – that is, together with the filing of a document with the SEC containing the auditor's report.
Some of the other changes to the audit report require the opinion to appear in the first section of the report; include a statement that the auditor is required to be independent; add a new phrase "whether due to error or fraud" in a description of the auditor's responsibilities to plan and perform the audit to obtain reasonable assurance that the financial statements are free of material misstatement; and require a statement if the auditor has not performed an audit of ICFR when management makes an assertion about the effectiveness of their internal controls.
The changes to the audit report will generally apply to all audits conducted under PCAOB standards, except that the communication of CAMs will not be required for audits of emerging growth companies, brokers and dealers, investment companies (other than BDCs) and benefit plans.
The standard provides a phased approach for the effective date. All changes to the audit report, except for CAMs, are required for audits of financial statements this year end, fiscal years ending on or after December 15, 2017. Critical Audit Matters are not required this year end, but as follows:
- For audits of Large Accelerated Filers for fiscal years ending on or after June 30, 2019, and
- For all other audits to which CAMs apply for fiscal years ending on or after December 15, 2020.
The later effective date for CAMs is to provide accounting firms, companies and audit committees more time to prepare for these changes, and for smaller audits to benefit from the experience of audits of large accelerated filers. The effective dates for CAMs will provide audit firms with ample time to develop methodologies and perform training. It will also provide auditors, preparers and audit committees time to address these new disclosures in audit reports. Auditors and audit committees can use reports to the audit committee this year end and next, for example, to discuss the types of matters that may be communicated as critical audit matters in future audit reports. Our goal is for a very effective implementation of these new requirements and we stand ready to answer any questions or provide guidance that may be needed. In fact, guidance to help with phase 1 implementation of the new auditor's report was issued yesterday. We are also providing webinars on December 12th and January 10th. Further information is on our website.
We will begin our post-implementation review after the initial adoption phase of CAMs to determine if any further guidance is needed. Expanded auditor reporting, similar to CAMs, has already started with substantial success in other parts of the world. The new audit report in the United States will make the report more relevant for investors and more meaningful to the auditors who provide it.
Disclosure of the Engagement Partner and Other Participants in the Audit
Another area where investors lacked transparency into the audit historically pertained to who performed the audit. Although the name of the audit firm that signed the opinion is provided in the audit report, investors were not made aware of the name of the engagement partner who was responsible for the audit and its execution or of other audit firms who may have participated significantly in the audit. Furthermore, evidence shows that audit quality can vary significantly among engagement partners and among firms, including firms within the same network. Again, after many years of outreach and opportunity for public comment, new Transparency Rules adopted by the Board were approved by the SEC in May 2016 and became effective earlier this year.
Disclosure of the name of Engagement Partner started with audit reports issued on January 31st and disclosure of other accounting firms participating in the audit began with audit reports issued on June 30th. The firm name, location and extent of participation is required to be disclosed for each firm, including the separate firms within each network, that accounts for 5 percent or more of total audit hours. The number of audit firms participating and the aggregate percentage of their participation are required for all other firms that are individually less than 5 percent of total audit hours.
These new Transparency disclosure are required to be filed on Form AP which can be found on the PCAOB's AuditorSearch database. As of November 15th, over 13,000 Forms AP have been filed.
For any audit, one can see who the engagement partner is on an audit. One can also see what other audits (and how many) that person is responsible for. Over time, together with other data points, engagement partner disclosures should provide investors and other financial statement users with valuable information. The database also now provides the information on other accounting firms participating in the audit which can also provide meaningful information.
With respect to the disclosure of audit firms, inspection results show quality can vary significantly among firms, including those within the same network. For some large multinational audits, more than 20 firms have been disclosed as participating in the audit. For some audits the aggregate amount of other firms' participation can be in the range of 60- 70 percent of the audit. This demonstrates the importance of the engagement partner's oversight of the global audit. In another case, the other firm participation was greater than 90 percent. Remember disclosure of other firms just began with reports issued starting on June 30th, as such, much more information will become available in our database with audit reports issued this year end.
Practice Alert No. 15
Next I'll comment briefly on some auditing implications of the new Revenue accounting standard. As has been mentioned several times in this conference and others before it, the implementation of the new revenue accounting rules may be, for many companies, the most significant accounting event addressed in many years. There have been many efforts by FASB, the SEC, Industry Groups, Preparers and certainly Accounting Firms to get ready for a smooth implementation of the new accounting standard; yet, many have stated that significant financial reporting and audit risks remain.
On October 5th the PCAOB published Staff Audit practice Alert 15, Matters Related to Auditing Revenue from Contracts with Customers. The Alert discusses significant matters relevant to auditing the implementation of the new revenue standard. In preparing Practice Alert 15, we also considered relevant topics addressed in Practice Alerts 10, 11 and 12 which deal with professional skepticism, ICFR and auditing revenue. These Practice Alerts continue to be relevant and are also helpful to auditors in auditing a company's implementation of the new revenue standard.
For most audits, revenue is a significant account which often involves significant risks that warrant special audit consideration. PCAOB standards also require that the auditor should presume there is a fraud risk involving revenue recognition and evaluate which types of revenue, revenue transactions, or assertions give rise to such risks and perform substantive procedures, including tests of details, that are specifically responsive to those risks.
As companies implement the new revenue standard, they may need to change existing (or develop new) systems, processes and controls used to gather and archive contract data, make required estimates, and provide required disclosures. Inadequate or ineffective design or implementation of such changes can pose heightened risks of material misstatement, including risks of misstatement due to fraud.
The Practice Alert highlights certain requirements of PCAOB standards that are relevant to an auditor's consideration of a company's implementation of the revenue standard in interim reviews and year-end audits. It discusses:
- Auditing management's transition disclosures in notes to the financial statements
- Auditing the Transition Adjustments
- Considering ICFR
- Identifying and Assessing Fraud risks
- Evaluating whether revenue is recognized in conformity with the applicable financial reporting framework , and
- Evaluating whether the financial statements include the required disclosures regarding revenue.
The most significant aspect for this year end will likely be auditing management's transition disclosures about the anticipated effects on the financial statements when the new revenue standard is adopted. In practice, we often refer to these as SAB 74 disclosures.
The auditor's evaluation of whether the financial statements contain the information essential for a fair presentation of the financial statements includes the company's transition disclosures regarding the new revenue standard. Auditors should consider if transition disclosures are omitted, incomplete, or inaccurate, and evaluate the effect on the financial statements and the auditor's report. The new revenue standard covers recognition, measurement, presentation, and requires extensive new disclosures. Auditors should consider the full scope of the standard when evaluating transition disclosures, including disclosures that assert that the impact of the standard is not expected to be material.
In an integrated audit, the auditor is also required to test controls that are important to the auditor's conclusion about whether the company's controls sufficiently address the assessed risk of material misstatement to the relevant assertions of significant disclosures, including transition disclosures.
The Practice Alert also reminds auditors that if they identify a concern regarding management's anticipated application of the new revenue standard they have a responsibility to communicate such concerns to the audit committee.
At our recent Advisory Group meeting last week, some auditors mentioned that they found Practice Alert 15 to be helpful in preparing to audit the new revenue accounting standard and in discussing their audit requirements with management. Auditors might also find matters in the Alert to be relevant to their preparations for auditing the application of the new standards on leases and credit losses.
New Standards and Amendments Proposed to Further Improve Audit Quality
Now I'd like to turn to some very active standard-setting projects on the Board's agenda. These proposed standards and amendments are intended to improve audit quality in key aspects of an audit.
On June 1st, the Board issued two proposals for auditor performance standards in areas vital to audit quality—first, auditing accounting estimates, including fair value measurements, and, second, the auditor's use of the work of specialists.
These two proposals were developed in tandem, so that the proposed rules can work together, for example, when using the work of a specialist in auditing an accounting estimate.
The first proposal would update and strengthen the standards for auditing accounting estimates and auditing fair value measurements. I'll refer to both of these today as estimates.
Accounting estimates are pervasive in financial statements of both large and small companies. These estimates often involve management's most subjective and complex judgments, making them susceptible to error and management bias. Thus, in many audits, estimates present a heightened risk of material misstatement and demand a critical evaluation of positive and negative evidence, and a consistent application of professional skepticism.
Auditing accounting estimates has proven challenging for auditors, as our inspection results indicate. The proposed standard should prompt auditors to be more diligent and skeptical as they face those challenges, which can improve audit quality in these critical areas.
The second proposal would strengthen and enhance PCAOB standards regarding the auditor's use of the work of non-accountant specialists.
As estimates have proliferated in financial reporting, so has the use of specialists. Today, companies and auditors use a variety of specialists, including, among others, valuation specialists, reserve engineers, and actuaries. As the use of these specialists has grown in frequency and importance, some audit firms have enhanced their practices, employing their own specialists to critically evaluate the work of company specialists, while other firms use the work of the company's specialist and perform more limited procedures.
If the work of a company's specialist is not appropriately evaluated, or the work of an auditor's specialist is not appropriately overseen, there is a risk that a material misstatement could go undetected by the audit. Compared to current standards, the proposal on using the work of specialists requires more auditor involvement in evaluating the work of company specialists, particularly in higher risk areas, and provides better direction on supervising the auditor's specialists.
Both the estimates proposal and the specialists' proposal are the result of extensive research and outreach, including issuing staff consultation papers and holding discussions with our Standing Advisory Group for both projects. In addition, we have worked closely with the Economists at the PCAOB to fully integrate economic analysis into all aspects of the rulemaking.
The proposed estimates standard would enhance and strengthen the requirements for auditing accounting estimates in a number of ways:
- First, this proposal would replace three existing, overlapping standards developed over the years with a single standard that streamlines and strengthens the direction to auditors in this important area.
- Second, this proposal builds on, but enhances, the requirements for the three existing approaches to auditing estimates that auditors are familiar with: testing the company's process, developing an independent expectation, and evaluating evidence from subsequent transactions and events.
- Third, this proposal requires a robust risk assessment of a company's accounting estimates and a response tailored to the assessed risks, whether they relate to subjectivity, complex processes, or the risk of management bias, with a strong emphasis on applying professional skepticism. And,
- Fourth, this proposal updates PCAOB standards in light of developments in auditing practices for fair values of financial instruments. The proposal contains an appendix on auditing the fair values of financial instruments that addresses, among other things, the auditor's use of pricing service information intended to promote a proper evaluation of that information building on existing requirements for evaluating the relevance and reliability of audit evidence.
Comments received on the proposal were generally supportive of the new standard, including strong support for retaining the three existing approaches and for more specifically addressing financial instruments, including the use of pricing services.
Other comments primarily suggested clarifications and refinements to specific requirements in the proposal
The proposal on specialists would enhance the requirements for the auditor's use of the work of company specialists and for the supervision of auditor specialists, whether employed or engaged.
Currently, two PCAOB standards primarily apply to the auditor's use of the work of specialists. The general standard on supervision, AS 1201, applies to auditor-employed specialists. Another standard, AS 1210, applies to the use of the work of company specialists and auditor-engaged specialists. Furthermore, two fundamentally different approaches apply to the use of auditor specialists, depending on whether they are employed or engaged, even though they do the same work.
The proposal addressed this odd pairing and proposed improving PCAOB standards as follows:
- For using the work of Company Specialists, the proposed standard would establish a uniform risk-based approach to testing and evaluating the work of the company specialists through amendments to the standard on audit evidence.
- The proposal would require auditors to evaluate the data, methods, and assumptions used by the company specialist, and
- The amount of required audit effort to evaluate the work of the company's specialist will vary based on:
- the risk of material misstatement,
- the significance of the specialist's work to the auditor's conclusion,
- the professional qualifications of the specialist, and
- susceptibility of the specialist to company influence or bias.
- For the Auditor's specialists, the proposed standard would establish a common supervisory approach for such specialists, whether they are employed or engaged. The new standard would provide more direction on how to apply the general supervision principles in PCAOB standards to the supervision of an auditor's specialist.
Commenters supported separating the requirements for using the work of company's specialists and auditor's specialists.
- Most commenters supported aligning the requirements for using specialists with the risk assessment standards and presenting separate requirements for using the work of company specialists and supervising the work of an auditor's specialist.
- Several commenters expressed concerns over replacing the current standard that applies to using the work of a Company's specialist with this new standard, primarily because of potential burdens it could impose on smaller firms and certain smaller companies.
This latter issue is primarily a matter for audits done by smaller firms who frequently use the work of the company's specialist, performing only limited procedures. Large firms generally employ their own specialists and use them to support their audit work done to evaluate financial information, including related data, methods and assumptions, prepared by Company specialists. Financial information prepared by a Company's specialist, to help prepare a company's financial statements should, in my opinion, be audited, using the risk-based approach discussed in the proposal.
I would like to discuss one other standard-setting proposal which deals with audits involving auditors outside the accounting firm issuing the auditor's report.
Audits of many international companies include work that is performed by audit firms, including network affiliates, other than the firm issuing the audit report. The work of other auditors may account for a significant share of the audit, as I noted earlier in my discussion about the Form AP Transparency Reports, and may involve areas of high risk of material misstatement.
While the Board's standards for determining the scope of multi-location audit engagements and general supervision of the audit, require more audit attention to areas of greater risk, the existing standard for using the work of other auditors allows the lead auditor, in certain situations, to limit its involvement to certain specified procedures that are not explicitly required to be tailored to the associated risks.
PCAOB inspections staff often identify significant deficiencies in the work of other auditors in critical audit areas, deficiencies that lead auditors did not identify or did not address. Such findings indicate that investor protection could be improved by increased involvement in and evaluation of the work of other auditors by the lead auditor.
To address issues that arise in the audits involving other auditors, the PCAOB in 2016 proposed a series of amendments to its standards that govern such audits.
The proposed amendments, which are risk based, are intended to increase the involvement by the lead auditor in the work of other auditors, enhance the ability of the lead auditor to prevent or detect deficiencies in the work of other auditors, and facilitate improvements in the quality of the work of other auditors. To achieve that, the proposed standard would require the lead auditor to provide more explicit direction to other auditors regarding the scope and extent of their work and perform an appropriate review of the results of that work.
In September 2017, the Board issued a supplemental request for comments to address some questions raised in comment letters on the 2016 Proposal.
Applying a risk-based approach to supervision should result in more appropriate involvement by the lead auditor in supervising the work of other auditors.
Providing additional direction to the lead auditor on how to apply the principles-based supervisory requirements under PCAOB standards to supervision of other auditors should help address the unique aspects of supervising other audit firms involved in the audit. This standard should result in higher quality audits when multiple firms are involved in an audit, which is especially important in large multi-national audits.
As I mentioned, all of these proposals – Estimates, Specialists and Supervision of Other Auditors – have had extensive exposure and opportunity for public comment. We expect to move to adopt these new standards in 2018.
Changes in the Use of Data and Technology
Now, let me turn to my final topic. The Board has four major projects on its Research Agenda, where inter-divisional teams are performing research, outreach and economic analysis to assess whether there is a need for changes to PCAOB standards. The projects relate to:
- Audit Firm Quality Controls
- The auditor's role regarding other information and company performance measures, including non-GAAP measures
- The auditor's consideration of noncompliance with laws and regulations, and
- Changes in the Use of Data and Technology in the Conduct of Audits.
I'll comment briefly about this final project.
There have been significant advances in technology, including data analysis tools, in recent years. An increased use of these new technology-based tools in audits could have a fundamental impact on the audit process, including the amount of information available to auditors, significant judgments made by auditors in critical areas of the audit, and staffing of audit engagements. We are exploring whether there is a need for guidance, changes to PCAOB standards, or other regulatory actions in light of auditors' increased use of new technology-based tools in the conduct of audits. The increased use of data analytics, powered by advanced technologies, can improve risk assessment procedures through analyses that are both more granular and deeper, for instance, looking at 100 percent of populations. They can also help auditors ask more targeted or focused questions based on the improved risk assessment. Auditors are also considering uses of data analytics in substantive audit procedures.
At the same time, developments in the use of Artificial Intelligence and Blockchain can further change how companies perform recordkeeping or how auditors will need to perform audit procedures.
Many have stated that it's likely that substantial portions of audits will be augmented by cognitive technologies over the next several years. Some examples of emerging AI technologies being discussed include natural language processing and machine learning technologies which may be effective in contract and electronic document reviews. With respect to Blockchain technology, many are predicting fundamental changes to recordkeeping which could require significant changes in audit procedures. Uses discussed have included payment processing networks and procurement systems, among many others.
Last week at our Standing Advisory Group meeting we announced the formation of a SAG Task Force to focus on these changes in the use of data and technology, and to work with the PCAOB inter-divisional research team — helping us to stay at the front end of these emerging developments. While insights from our audit inspections can assess tools that are in use, our Research Team and the Task Force will also be heavily focused on what's not here yet, but could be coming, and may have transformational impacts on audits. It is imperative that PCAOB standards and guidance permit, or promote, such advances as appropriate, as well as address potential new audit risks these new tools may bring as well. Stay tuned – things could move quickly in this space!
That concludes my comments. I know that many of you face tough challenges in the coming months in preparing and auditing financial statements. The good work you do fuels our capital markets and protects our economy. Best wishes in this work and best wishes for a happy holiday season. Thanks so much for giving me your attention.