Statement on Proposal for New Quality Control Standard

Date:
Nov. 18, 2022
Speaker:
Kara M. Stein, Board Member
Event:
PCAOB Open Meeting
Location:
Virtual

Remarks as prepared for delivery

As events over the last several weeks have demonstrated, effective corporate controls and trustworthy financial statements are vitally important safeguards for the protection of investors.

Today, we consider a staff recommendation for a proposed standard, that, if adopted, would require PCAOB-registered accounting firms to implement a system of quality control that would help prevent audit failures, wrong opinions, and erroneous audit reports.

And, importantly, It would require firms to continually monitor and improve audit quality.

The current interim standards on quality control were written by the audit profession before the dot-com bubble, the accounting failures at Enron and World Comm, and the 2008 Financial Crisis. If implemented, the standard proposed today would completely replace the current interim quality standards, which were written and adopted over 25 years ago. 1 This proposed standard should enhance the responsibility of registered accounting firms to oversee the quality of their work.

During the formation of the audit profession in the U.S., a lot of attention was placed on the importance of an auditor’s integrity and objectivity.2 Academic research has found and continues to consistently find that auditors’ integrity positively impacts audit quality.

For decades, the most widely accepted framework3 for designing, implementing, and operating an organization's control environment (COSO) includes “integrity” as a foundational principle. An organization’s control environment ultimately reflects the integrity, ethical values, and competence of the people in the organization.

Today, the staff recommends retirement of the Board’s interim quality control standards and related ethics provisions, which were originally incorporated in 2003 from the American Institute of Certified Public Accountant’s (AICPA) Statements on Quality Control Standards.

The step the Board takes today is a meaningful one. Since 2003, our inspections program has used the interim quality control standards, written during the period of self-regulation, as the baseline when inspecting registered accounting firms. Similarly, our enforcement program investigated and disciplined registered accounting firms for egregious failures to comply with interim standards.

Quality Control or Quality management is often defined by “eye of the beholder.” 

So, how do I view quality control?

In my view, quality control is the process that registered accounting firms use to protect their professional skepticism and professional judgment in performing audits.

By utilizing the tools of professional skepticism and professional judgment, an auditor challenges management’s significant assumptions, estimates, judgments, and determinations; evaluates conformity with financial reporting standards and rules; and forms an opinion (conclusion), based on the accumulation of objective evidence, on management’s assertions and the fairness of presentation.

In its simplest form, the goal of a quality control system is to prevent incorrect or inaccurate audit reports. That is best done by rigorously guarding an auditor’s professional skepticism and professional judgment.

The system of quality control should, among other things,

  • help to prevent restatements of an issuer’s financial statements;
  • help ensure robust evaluation of a company’s ability to continue as a going concern when conducting audits;
  • help prevent degrading audit quality, such as taking on too many clients with insufficient personnel or taking on work that it is not prepared to perform.

I would now like to briefly discuss some aspects of the proposal.

The staff has carefully crafted what I think is an ingenious approach in the proposed standard, which is mainly principles-based, with some prescriptive provisions, scalable depending on an audit firm’s environment and risk profile, with continuous surveillance to detect and address deficiencies where the audit firm may not be acting in accordance with the applicable professional and legal requirements to prevent audit failures.

The most important characteristic of this standard is that it replaces a standard written by the profession with one written with investors and the public interest in mind.

Further, for the first time, an audit firm’s system of quality control must reflect and reinforce its role “in protecting the interests of investors and furthering the public interest in the preparation of informative, accurate, and independent audit reports.”   

I would like to highlight a few other provisions.

Under the proposed standard, audit firm CEOs would be ultimately responsible for the effectiveness of the audit firm’s system of quality control. Importantly, the CEO would be required to certify an annual evaluation of whether the audit firm’s system of quality control is effective.

Some will recognize an analogous provision that has been in place since 2002 for corporate executives regarding a public company’s internal control over financial reporting.

The proposed standard would also require the audit firm CEO to designate individuals responsible for the most critical components of the quality control system:

  • independence and ethics,
  • monitoring and remediation, and
  • operational capability.

Moreover, the proposed standard requires those individuals to have reporting lines and regular communications with the CEO.

The proposed standard requires registered accounting firms to design, implement and operate a surveillance component that can identify both engagement and firm-level departures from the PCAOB standards or from their own quality objectives. Each deficiency must be addressed, including understanding the root cause of the deficiency and remediating the deficiency as appropriate.

Importantly, deficiencies in the performance of audits must be evaluated as quality control deficiencies. This provision highlights the critical element of the system's purpose – to prevent deficiencies.

Prevention is the ultimate goal.

In order to strengthen organizational governance, the largest PCAOB-registered firms--those that issue more than a one hundred audit reports a year--must incorporate some form of independent oversight over their quality control system, which should help decrease the incentives for commercial interests to prevail over audit quality. In 2008, the U.S. Department of the Treasury’s Advisory Committee on the Auditing Profession (ACAP) included a recommendation ,for governance structures to include independent members with meaningful authority and responsibility.

Conclusion

In conclusion, today we take a meaningful step forward in furthering audit quality by retiring the standards written by the profession during a period of self-regulation as the baseline in favor of a standard written to protect investors and further the public interest.

In 2002, the Sarbanes-Oxley Act (SOX) included absolute clarity that effective internal controls required a focused mind with a requirement for the highest-level executives to be responsible and accountable for the effectiveness of a public company’s internal controls.

Today’s proposed quality control standards can be seen as internal controls for registered accounting firms. It is both appropriate and necessary on the 20th anniversary of SOX that we issue these proposed quality control standards

I am keenly interested in hearing from investors and other commenters about the proposed standard and how it can be improved.

Thank you

This proposal reflects a tremendous amount of work, and I want to thank the Quality Control Team for their hard work.

Primarily, I would like to thank Jessica Watts for her years-long commitment to getting us to this day.

Next, I would like to thank the entire Quality Control Team for their tireless days and sometimes nights working to get this proposal before the Board today. This includes from the Office of the Chief Auditor: Linnette Klinedinst, Ekaterina Dizna, Sky Simms and Karen Wiedemann; and from the Office of Economic and Risk Analysis: Nick Galunic, and Dylan (pronounced Die-lan) Rassier; and from the Office of General Counsel: Jennifer Williams, Drew Dropkin, Connor Raso, and Jayme Herschkopf.

Thank you, and I am pleased to support this proposal.

1 In May 1996, the AICPA’s Auditing Standards Board issued two new standards to replace SQCS No.1, Statement on Quality Control Standards No. 2, System of Quality Control For a CPA Firm’s Accounting and Auditing Practice, and SQCS No. 3, Monitoring a CPA Firm’s Accounting and Auditing Practice (effective January 1997):  QC20:  System of Quality Control for a CPA Firm’s Accounting and Auditing Practice; QC30:  Monitoring a CPA Firm’s Accounting and Auditing Practice, and QC40:  The Personnel Management Element of a Firm’s System of Quality Control.

2 Qualifications of auditors included “tact, caution, firmness, fairness, good temper, courage, integrity, discretion, industry, judgment, patience, clear-headedness, and reliability,” Auditing: A Practical Manual for Auditors. (1905)

3 Originally formed in 1985, COSO is a joint initiative of five private-sector organizations and is dedicated to providing thought leadership through the development of frameworks and guidance on enterprise risk management, internal control, and fraud deterrence. COSO’s supporting organizations are the Institute of Internal Auditors, the American Accounting Association, the American Institute of Certified Public Accountants, Financial Executives International and the Institute of Management Accountants.