Statement on the Firm and Engagement Metrics Proposal - Helpful or Harmful to Investors?

Date:: Apr. 9, 2024
Speaker:: Christina Ho, Board Member
Event:: PCAOB Open Board Meeting
Location:: Virtual

Thank you, Chair Williams. As a former Treasury senior executive who successfully led the governmentwide implementation of the first federal open data law which provided the public unprecedented transparency and accountability over federal spending,¹ I am a strong advocate for and have deep experience in data transparency.² I therefore support standardized reporting that is accurate, helpful, and a good fit for its proposed use consistent with the Paperwork Reduction Act (PRA) principles.³

The PRA principles are designed to ensure federal agencies: 1) do not overwhelm the public with unnecessary or duplicative requests for information, and 2) facilitate decision-making based on high-quality data. Although the PCAOB is not subject to PRA since it is not a federal agency, the principles are relevant when evaluating this proposal, especially if we, as a regulator, are committed to adopting effective and responsible regulations. As such, for each of the proposed metrics, I considered the following three questions:

Will the information we are proposing to collect be accurate?

Accurate information provides users facts to anchor their assessment and decision-making. I applaud the staff’s thoughtful effort to identify metrics that can be derived from standardized and objective mathematical calculations. However, I am concerned about the burdensome nature of some of the metrics. For example, one of the proposed metrics is the reporting of “hours spent by senior professionals on significant risks, critical accounting policies, and critical accounting estimates relative to total audit hours.” Reporting this metric requires a mechanism to track hours at a granular level by specific audit areas. For large firms, this metric alone might necessitate system changes to ensure accuracy and consistency. For small and medium size firms, this metric may require them to implement a new system. In addition, these audit areas can overlap, and may differ by issuer engagements. Therefore, this metric may present administrative challenges and distract the engagement teams’ focus from auditing to accurately allocating work hours across overlapping audit areas.

Will the information we are proposing to collect be helpful to the targeted users?

Our proposal makes it clear that the targeted users are investors and audit committees. Since the proposal stated that no one set of metrics can comprehensively measure audit quality, putting metrics into context is crucial to minimize the risks of the reported data being misunderstood and manipulated for unscrupulous purposes. When requiring and publishing information as a regulator, we have an obligation to ensure that we do not contribute to the culture of misinformation by unscrupulous actors who seek to sow the seeds of chaos into the financial reporting ecosystem. Although the proposal indicates that some of the metrics are “highly contextual measurements,” I am concerned that this proposal falls short in providing sufficient context for some of the subjective and complex metrics such that they may not be useful in decision-making. For example, one of the proposed metrics is the “percentage of issuer engagements that used specialists and shared service centers at the firm level, and hours provided by specialists and shared service centers at the engagement level.” My understanding is that shared service centers are often used on less complex audit matters or routine tasks for efficiency and to reduce overall audit costs. The use of shared service centers also facilitates centralization and standardization which could enhance audit quality. The proposal acknowledges that the use of shared service centers is a “highly contextual measurement,” as the “use of the work of SSCs is dependent on the structure and resources of each firm and the specific needs of individual engagement teams.” Given that this metric will likely vary across firms and specific engagements, the reported data for this metric is unlikely to indicate higher or lower audit quality without additional context. Similarly, the number of hours worked by specialists may not be a useful metric since the use of specialists is likely to vary based on the specific type of issuer and the unique risks for any one issuer. Without proper context, the comparability among issuers would be limited as they may not be “apples to apples” comparisons.

Will the information we are proposing to collect be a good fit for its proposed use?

Based on the preamble, the problem this proposal seeks to solve is “investors and audit committees cannot easily observe the services performed by auditors. This can limit investors’ ability to make informed decisions about investing their capital, ratifying the selection of auditors, and voting for members of the board of directors, including directors who serve on the audit committee, and audit committees’ ability to choose among and monitor the performance of auditors.” The proposed use is therefore to enable audit committees to efficiently and effectively monitor and select auditors, and to highlight that “investors have an important role, albeit indirect, role overseeing the work of both the auditor and audit committee.” Although well-intentioned, I am concerned that the staff’s premise that audit committees are not efficiently and effectively monitoring and selecting auditors without these metrics might be erroneous. Section 301 of the Sarbanes-Oxley Act of 2002 (SOX) amended section 10A of the Securities Exchange Act of 1934 (the ‘34 Act) by adding a requirement that “the audit committee of each issuer, in its capacity as a committee of the board of directors, shall be directly responsible for the appointment, compensation, and oversight of the work of any registered public accounting firm employed by that issuer (including resolution of disagreements between management and the auditor regarding financial reporting) for the purpose of preparing or issuing an audit report or related work, and each such registered public accounting firm shall report directly to the audit committee.”⁴ Under the ‘34 Act, audit committees have not only bargaining power but also a contractual relationship with their selected audit firm, and therefore already have access to any information needed to fulfill their statutory responsibilities. The premise that the audit committees somehow need standardized metrics to aid in its comparison and selection of auditors is simply theoretical. I have been meeting with many audit committee chairs and members, and I have been impressed by their business acumen and their deep expertise in accounting and finance. Most importantly, they are deeply committed to, and understand the importance of, audit quality.

In addition, the proposal notes “shareholder ratification of the appointment of the auditor is not statutorily required in the U.S. and in many cases the ratification vote is non-binding.” If shareholder ratification votes are for the most part non-binding, it seems that the justification for the proposed collection of information to help shareholders efficiently and effectively ratify the selection of auditors and allocate capital, is not a good fit for purpose. In my outreach to investors and audit committees, I understand that it is rare for shareholders to not ratify the audit committee’s selection. Shareholders rely on audit committees to do their job appropriately as they have the expertise and regularly engage with the auditor. Are we suggesting that shareholders could make a non-binding decision on auditor ratification based on metrics that we admit do not comprehensively measure audit quality? Are we suggesting that shareholders should engage in direct operational oversight of audit committees and auditors? I certainly hope not, because that will instill chaos into this ecosystem and sow further distrust in the capital markets, contrary to our statutory mission to protect investors. I am therefore concerned that the proposal does not clearly and objectively articulate our goals and how the information we plan to collect fits within our goals.

Congress gave the PCAOB broad authority to require registered firms to provide additional information beyond what is statutorily required. However, this authority is not open-ended; rather, Congress authorized the Board to require the submission of such additional information only when the Board determines that it is necessary or appropriate in the public interest or for the protection of investors. This authority also comes with the responsibility to be prudent in terms of the reporting burdens we are imposing on firms, because “more disclosure does not necessarily mean better disclosure, especially when the additional disclosure is difficult and expensive to prepare and does not meaningfully improve an investor’s ability to assess a company’s business and operations.”⁵

PCAOB’s mission of investor protection does not operate in isolation from the ultimate goal of investors to earn returns on their investments. Investors need to trust that the PCAOB as a regulator will exercise its statutory authority to protect investors in a measured, cost-effective way to help investors accumulate wealth. Inaccurate, unhelpful, and burdensome reporting requirements on firms will ultimately hurt investors’ returns on their investments.

Lastly, the proposal does not articulate clearly what the PCAOB is going to do with all this information. We are proposing to mandate that firms submit this information by the respective due dates, but what are the PCAOB’s due dates to publish? Will we analyze the information we collect and share our analysis with the public?

We’ve had a continuous stream of proposed and adopted standards during my short tenure here at the PCAOB. As I stated in my February 27, 2024, statement regarding the Firm Registrations proposal, “I am concerned that we are not mindful of the limited capacity of some of our stakeholders to respond to our ongoing stream of proposals with short comment periods. I am particularly concerned about smaller firms having the capacity to review the proposals and provide comments.”⁶ With that said, I value stakeholder insights to help us mitigate the risk of adopting requirements that are costly and ineffective as well as the possible unintended consequences that are harmful to investors as well as the capital markets. I look forward to hearing from commenters their insights on the usefulness and feasibility of these proposed metrics as proxies to audit quality. Specifically, I am interested in hearing from shareholders and audit committees to what extent these metrics would be helpful or harmful to investors. Additionally, I am broadly interested in hearing about the impact on small and medium firms.

In closing, I cautiously support this proposal and encourage all stakeholders to provide comment letters. I would like to express my appreciation to the Office of the Chair, the Office of the Chief Auditor, and the Office of Economic and Risk Analysis for their contributions to the proposal.

I now have a few questions for the staff:

The proposal states, “the Board has studied ways to measure audit firm and audit engagement performance, primarily with a view to providing information useful to investors in their investment and proxy voting decisions,” based on the said studies performed, how do you anticipate that the average investor (shareholder) will use this information in practice?
The proposal states, “The information would also inform investors’ auditor appointment ratification decisions. Research finds that investors are more likely to challenge auditor appointments when they have access to certain information about the firm, which suggests that, in some cases, investors would use standardized information across firms and over time to make better decisions.” Footnote 239 states, “...on average, shareholder votes against ratifying the appointment of the firm are not associated with audit failures but are associated with investment performance.” Based on this footnote, how does this support the conclusion that investors are more likely to challenge auditor ratification, even with more information about the firm, as the votes against appear to be associated with investment performance as opposed to auditor failures?
Given that audit committees already have direct access to auditors; and therefore, can question and directly engage with the auditors, how do you think that these metrics will change the dynamics of the audit committee and auditor interactions?

Thank you. Back to you, Chair Williams.

¹ https://www.washingtonpost.com/news/the-switch/wp/2014/04/10/the-data-act-just-passed-the-senate-heres-why-that-matters/

² https://federalnewsnetwork.com/people/2017/09/hero-of-federal-management-data-act-implementation-leaving-treasury/

³ https://pra.digital.gov/about/

⁴ 15 U.S.C. 78j-1(m)(2).

⁵ https://assets.pcaobus.org/pcaob-dev/docs/default-source/rulemaking/docket-051/80_nyse.pdf?sfvrsn=16b41ad3_4 at page 2.

⁶ https://pcaobus.org/news-events/speeches/speech-detail/statement-on-the-proposals-regarding-false-or-misleading-statements-concerning-pcaob-registration-and-oversight-and-constructive-requests-to-withdraw-from-registration