Thank you, Mr. Chairman. I support the staff recommendation that the Board issue this concept release to consider how best to update our audit confirmation standard. I hope that we would move expeditiously on this issue.
We all know that confirmations are a critical part of the audit process. We have known this since the late 1930s, when the consequences of inadequate confirmations were first publicized in the scandalous fraud at the pharmaceutical company, McKesson & Robbins, Inc., in which the auditor never even attempted to authenticate what turned out to be falsified documents.
Indeed, even more recently, the need for an effective confirmation process was highlighted by the Madoff and Satyam fraud investigations – and before that, the well-known fraud at the Italian dairy company, Parmalat.
In 2003, Parmalat was the largest bankruptcy in European history. The company – with operations in Europe, the United States and Latin America – was found to have mislead investors about its true financial condition for a decade. According to the Financial Times, at least 100,000 Italian shareholders, including many pensioners, lost their life savings in the collapse.
In each of these cases, auditors arguably failed to adequately authenticate all parties involved in the process of reporting cash and investments. Investors and shareholders paid the greatest price.
Virtually everyone agrees that the current auditing standard on confirmations should be modernized. It was written in the early 1990s, before technology gave us today’s sophistication in security and encryption of email and online transactions.
The standard should address the use and reliability of confirmations received electronically. It should address the authenticity and accuracy of direct access to online account information. The use of such procedures could improve the effectiveness and efficiency of the auditing process.
Other concerns about the current standard are that it does not consider how auditors should respond to the disclaimers and restrictive language inserted by a confirming party – the use of which is increasing. The standard also does not address an appropriate auditor response when management asks the auditor not to confirm certain accounts.
Most of the audit failures I have mentioned involve the lack of confirmations of cash, investments, or other accounts and agreements, such as credit facilities or debt agreements – all of which are not required by the current standard.
The current standard only requires the auditor to confirm accounts receivable, with the auditor instructed only to consider the need to confirm complex agreements or transactions.
Through this concept release we are considering today, the Board is seeking direct input into whether, and how, the PCAOB’s existing auditing standard on confirmations should be revised. Earlier this month, the Board heard comments from its Standing Advisory Group, and this concept release incorporates issues raised in that discussion.
We are seeking input from all interested parties, including audit practitioners and financial statement users. It is important that the PCAOB also hear from Information Technology audit and financial reporting specialists in considering the security implications of an electronic confirmation process.
Most importantly, the Board actively seeks the input of investors, whose interests are paramount.
The Board will analyze, in the course of this potential standard-setting process, the work already undertaken by the International Auditing and Assurance Standards Board, as well as the profession.
This is an important initiative and I anticipate a timely and transparent process in moving forward to modernize and adopt a final standard.
I would like to thank Jennifer Rand, Dee Mirando-Gould and Christopher David from the Office of Chief Auditor, as well as Bob Burns and Nina Mojiri-Azad from the General Counsel’s office, for all their hard work in preparing this recommendation for the Board.