Statement on Concept Release for Potential Approach to Revisions to PCAOB Quality Control Standards
I am pleased to support the staff's recommendation that we issue the concept release before us today. Audit firm quality control systems serve an essential role in the U.S. capital markets. Strong systems of quality control provide the foundation for audit firms to execute consistent, high-quality audits in accordance with PCAOB standards. When firms effectively design and operate their quality control systems, those systems promote more consistent compliance with our standards and thereby benefit investors.
At present, the PCAOB uses the quality control standards that it adopted in 2003 from the AICPA's then-existing standards. As written and implemented, I am concerned that those standards do not do enough to address the current audit landscape and the complexity inherent in it. They also do not reflect recent market-based trends in effective quality management practices. Moreover, based on our established inspections history, I believe our standards could do more to prompt firms to take a proactive, preventative approach to managing audit quality.
The audit and the audit market have fundamentally changed since we first adopted our current quality control standards. Technology—enabled by the digitization and proliferation of data—has changed how, when, and where firms deliver audit services. Audit firms have modernized their corporate structures and leadership and governance approaches. The largest firms have vastly increased the scope and scale of their complex international footprints. They have changed their audit methodologies and refined their approaches to accepting and retaining clients. And, they have transformed how they monitor audit quality across their portfolios, both domestically and internationally. Although slower, change has also meaningfully impacted smaller firms and how they conduct audits.
The PCAOB's own oversight work has also significantly impacted the landscape since 2003. The PCAOB has issued many new or revised auditing standards designed to promote audit quality in individual audits, including standards related to audit documentation, auditing internal control over financial reporting, performing risk assessments, auditing estimates, using the work of specialists, and performing engagement quality reviews. We also now have more than 15 years of inspections-related experience and corresponding findings. Those findings reveal not only concerns with compliance with our standards on individual audit engagements, they also show continued weaknesses in firms' quality control systems. Taken as a whole, our experience suggests that modernizing our quality control standards will help to drive further improvements in audit quality.
Against the backdrop of all these significant changes in the audit and audit market, I believe the current quality control standards may no longer be sufficiently resilient to remain relevant. It is appropriate to revisit and modernize those standards now.
In considering what approach we should take to address the changes that have occurred, I am mindful that we are not alone in considering whether, or how, to revise our quality control standards. The IAASB recently proposed a standard—ISQM 1—that sets forth a comprehensive framework for firm quality control systems. ISQM 1 would require firms to proactively identify and respond to those risks that may have an impact on engagement quality. The proposed standard includes specific requirements related to current developments not addressed in existing PCAOB standards.
Based on information we have gathered through our oversight, outreach, and research activities, I am persuaded that revised PCAOB quality control standards should be built on an integrated risk-based framework, similar to Proposed ISQM 1. A strong system of quality control should direct an audit firm to identify, assess, and respond to risks to audit quality proactively. When firms focus on identifying and mitigating the specific quality-related risks they face, audit quality can and should improve. Aside from being risk-based, I believe any revised standards in this area should be scalable. Firms of all sizes and complexity should be able to tailor their specific systems of quality control to address the unique risks they face.
Rather than issue a proposed rule for public comment, we believe it is appropriate to obtain broad feedback from our stakeholders at the threshold of our project. This is a complex area and we want to ensure we hear from all impacted. I strongly encourage all of our stakeholders to provide feedback. We can only strike the right balance in this important area if we hear from investors, audit committees, audit firms, and others. We look forward to hearing from you.