The Audit Profession and the Evolution to Independent Oversight
I. Introduction
It is my great pleasure to be with you here today. I would like personally to thank Jeffrey Lucy for honoring me with the invitation to present this lecture.
While the Public Company Accounting Oversight Board (PCAOB) and its fellow independent auditor oversight bodies may seem to have narrow authority -- that is, the oversight of auditors of certain public interest entities -- the current global economic crisis demonstrates the vital role we play in the effective operation of financial markets and the financial regulatory regime.
In speaking to you today, I would like to take a look at our role in this broader context by exploring the role that the audit and auditor oversight play in our financial markets on behalf of investors. When the markets are in turmoil, as they are today, I believe it is especially critical to assess the effectiveness of the tools we have put in place to protect the markets and their investors, particularly those tools that were most recently put in place. Then, I would like to discuss the global movement to independent auditor oversight that began to accelerate in 2002. I also will share some insights from PCAOB inspections findings and my thoughts on their implications for the current state of audit quality.
Before I continue, however, let me note that the views I express today are my own and not necessarily those of the PCAOB or my fellow Board members.
II. Audit Oversight in the Current Environment
These are sobering times for all of us. Like many of you, I have monitored the twists and turns of the current economic crisis with careful attention since the first curve came at us almost two years ago. We have witnessed a significant decline in market value and a contraction of global liquidity. Last year, we saw the crisis spread from subprime mortgages to securitized products before broadening across a number of different financial products and sectors.
The decline has raised questions about management judgment, the adequacy of risk management models, and potential holes in our regulatory framework. Moreover, the current crisis has unveiled a startling, although perhaps not entirely surprising, growing number of significant financial frauds, some of which have a global reach.
In financial institutions, which have been -- in many ways -- the center of the current crisis, there continues to be concern about whether all the losses have been recognized and that many may not have enough capital to sustain their current and future losses. The loss of counterparty confidence and capital caught up with a few institutions early on – Bear Stearns and Lehman Brothers seized our attention last summer -- and stock values of many banking institutions continue to decline, even though their reported regulatory capital levels remain high.
The investor hesitation that these stock prices reflect illuminate the fact that the magnitude of banking system problems today have not been seen in most of our lifetimes. In light of these developments, government leaders, regulators, market participants and auditors are focusing, not simply on the crisis at hand, but on the need for thoughtful, long-term solutions. Regulators worldwide are working with their governments to design solutions to address weaknesses in their respective financial sectors – and I hope that we can all reach across our borders to learn from each other and collaborate on viable solutions.
In the United States, we are moving to restore confidence in our markets, by injecting capital in the banks and finding mechanisms to contain what are now “toxic” assets. At the same time, our policy makers must attend to weaknesses in the regulatory structures that were highlighted by this crisis. As I suspect may be true in your country as well, the current financial crisis has provided a historic opportunity in the United States to push through the difficult decisions necessary to strengthen our regulatory framework.
Gaps in oversight and overlapping regulatory responsibilities must be addressed. It may be possible to implement incremental solutions to these issues -- although taking a holistic look at the U.S. regulatory approach would have a better chance of providing a long-term remedy. It is more daunting task, however. In addition to these national issues, our globalized markets require a better framework that aligns supervisory objectives, and enhances collaboration and cooperation among financial supervisors globally. More should be done to support cross-border supervisory coordination. This is no time for us to slip back into our own national trenches.
This scenario is also true for auditor oversight, and audit oversight bodies must adjust and respond to the current environment. To this end, the PCAOB continues to monitor developments and adjust its programs accordingly, while communicating with our fellow regulators and standard-setters, the audit firms we oversee, public companies, and investors. At year-end 2008, for example, in response to a number of serious and mounting risks surfacing in the audit environment, the PCAOB staff issued an Audit Practice Alert to focus auditors’ attention on areas of heightened audit risk where they should pay particular attention and take appropriate measures to address.[1] These areas included – not surprisingly -- fair value measurement, impairment-related challenges, and going concern determinations, among others. This annus horribilis is not over for many auditors, recognizing that many have just wrapped up challenging audits of 2008 year-end financial statements.
III. Importance of Investor Confidence: Role of the Audit
The role of independent auditors has long been an important component of assuring the integrity of our capital markets and protecting investors. In recent years, audits have been recognized as an increasingly vital link in the financial reporting chain. I will take a moment to illustrate how the role of the audit has grown in importance over the years, using the U.S. experience as an example.
The history is rooted in the determination that a trustworthy, reliable audit could enable strangers to conduct business, even if they were oceans away from each other. Well over 100 years ago, for example, auditors in the United States began issuing reports to foreign entities, principally in the United Kingdom, on the status of their U.S. investments. As investments in the U.S. markets increased, obtaining public confidence in the financial information of traded companies grew ever more important. As a result, the use of independent auditors increased in the early 1900s and, by the time of the passage of the Securities Act of 1933, 85 percent of companies listed on the New York Stock Exchange were audited by independent public accountants.
When the U.S. Congress considered passage of the securities laws in 1933 and 1934, it knew that investors’ willingness to provide capital to an impersonal securities market would depend on investors’ level of confidence that companies were publishing reliable financial information. To obviate the fear of loss from reliance on inaccurate information, and thereby encourage investment in our nation’s industries, the Securities Act of 1933 and the Securities Exchange Act of 1934 required that public companies’ accounting policies and practices and their financial statements be audited and attested to by impartial, independent auditors.
And it worked. Markets rebounded.
As has happened in so many other countries, over the years, the role of auditing in the United States has grown commensurate with its financial markets and financial regulation. Today, auditors not only audit companies’ annual financial statements, they also review companies’ quarterly reports before they are filed with the Securities and Exchange Commission. In addition to public companies, broker-dealers and certain other market intermediaries are required to provide financial information that, under SEC rules, must be audited by independent public accountants. These auditors also provide assurances regarding regulated entities’ internal accounting controls and procedures for safeguarding securities, depending on the nature of the entity.
Again, auditors were called upon in the 1990s to step up their work and make the financial system safer. In 1991, in response to the savings and loan debacle of the prior decade, the U.S. Congress enacted the FDIC Improvement Act. A provision in this law required auditors to begin filing more extensive reports with bank regulators, including information on the financial statements and internal control systems of the larger federally insured banking organizations.
More recently, the Sarbanes-Oxley Act of 2002 (Section 404) required auditors to issue opinions on the internal control over financial reporting at all larger public companies – expanding, once again, the role of the audit.
The Sarbanes-Oxley Act also created the PCAOB. The Board was authorized as an oversight body whose mission and programs would provide an added source of confidence in the public accounting profession. Such a structure of oversight – including registration, inspection, enforcement, and standard-setting activity – fundamentally changed the supervision of the auditing profession.
Today, more than ever before, investors, creditors, government agencies, Congress, and others look to auditors to independently check and confirm the reported financial information that investors worldwide rely on to make the decisions that can fuel our securities markets.
Recently, when issues surfaced about the credibility of certain broker-dealer financial reports, the SEC permitted a requirement of the Sarbanes-Oxley Act to take effect so that broker-dealers must now have PCAOB-registered auditors certify their annual financial statements. There have been discussions in Congress about extending the PCAOB’s inspection and enforcement programs to include those auditors as well.
It’s worth noting that in a number of countries, the role of independent audit oversight bodies extends beyond the auditors of publicly traded companies and can include auditors of other public interest entities.
IV. What Triggered the Move to Independent Oversight in the United States?
In my view, mandatory, independent auditor oversight is a natural regulatory response to the expansion of capital markets and -- equally important -- the “democratization” of those markets that occurred as an increasing number of households became investors (many through workplace defined-contribution programs).
Today, in the United States, over 52.5 million households (which represents 45 percent of U.S. households) participate in our equity and bond markets, mainly through mutual funds. [2] I understand that a similar investment pattern has occurred in Australia, with the increase starting in the 1990s, as it did in the United States, due in part to a growth in employer-supported defined-contribution retirement plans. The Reserve Bank of Australia, in its March 2008 Financial Stability Report, indicated that market-linked financial assets, as a share of total assets in Australia, rose from 17 percent in 1990 to about 28 percent by mid-2007.[3]
The discoveries of financial reporting and auditing improprieties at Enron, WorldCom and a few other U.S. public companies swelled in 2002 into a national crisis of confidence in the integrity and reliability of public companies’ financial statements and external audits. While there were other contributing factors, those corporate scandals revealed significant accounting failures by public companies and greatly tarnished the auditing profession – which investors, understandably, had thought was acting as their watchdog in attesting to the accuracy of the financial reports.
Hence, within months, the Sarbanes-Oxley Act was enacted.
The establishment of the PCAOB replaced the audit profession’s self-regulatory model with an independent oversight system. This change was grounded in the concern that the audit profession’s self-regulatory model had not kept up with the growing democratization of the U.S. financial system, which naturally increased reliance on audits as a critical component of the system’s integrity.
V. Global Phenomenon: Audit Oversight Landscape Around the World
The United States was not the only country to experience significant corporate scandals and audit failures in the 2000-2002 time period. This led to a worldwide discrediting of the auditor peer review system, launching a global movement to establish independent audit oversight in countries around the world, which continues to progress today.
Today, approximately 27 countries have established independent audit oversight bodies that are responsible for audit firms operating in their jurisdictions.[4] Operational models for these auditor oversight structures vary. In some places, they are similar to the PCAOB – a freestanding independent body, subject to the authority of a government agency, such as the SEC. In several other jurisdictions, auditor oversight is a component of a broader market regulator, such as the Australian Securities and Investments Commission (ASIC).
Based on the PCAOB’s experience in cooperating with foreign counterparts in inspections, I can say that, with appropriate authority and capable staff, both models can provide effective oversight.
As the number of audit oversight bodies grew, the Financial Stability Forum and others encouraged the newly formed auditor oversight bodies to work together to create an international forum of their own for dialogue among counterparts on auditor oversight issues. There were a series of initial gatherings – including a groundbreaking meeting hosted by ASIC, under the leadership of Jeffrey Lucy. Then, in September 2006, the participants agreed to formally establish the International Forum of Independent Auditor Regulators – or IFIAR. Today, there are 27 members, and the number continues to grow.
IFIAR’s core functions are important and clear:
- To share knowledge of the audit market environment and practical experience of independent audit regulatory activity;
- To promote collaboration in regulatory activity; and
- To provide a central place of contact for other international organizations that have an interest in audit quality.
I strongly support international regulatory dialogue and IFIAR is the logical venue. I have seen the value it has already provided to the PCAOB and other members. The opportunity to share experiences and lessons learned is key to our mutual success, particularly as we are vigilant about improving the effectiveness of our respective inspection programs.
The ability to gather audit oversight bodies together through IFIAR is especially valuable when it comes to the oversight of the largest global audit networks. Through IFIAR, we have begun an ongoing dialogue with the six largest global networks.[5] Such activities, including frank exchanges of concerns, to my mind, promote effective oversight and higher quality auditing worldwide.
VI. U.S. Example
The PCAOB’s auditor oversight authority may be broader than that of some other audit oversight bodies. It includes a mandatory program of registering public accounting firms, conducting regular inspections of such firms, and imposing strong disciplinary sanctions on firms that are found to have serious deficiencies in their audits or otherwise violated Board rules or the securities laws. These sanctions include suspensions and bars of individuals and whole firms from the practice of public accounting. They also can -- and have -- included monetary penalties. Finally, the PCAOB also is the U.S. standards-setter for audits of public companies. PCAOB staff today is approximately 500 strong – almost half of whom are inspectors.
Development of the PCAOB Inspection Approach
Let me focus for a moment on our inspection program – which is the largest component of our oversight program, and where we most often work in cooperation with other audit regulators. The Sarbanes-Oxley Act (Section 104(d)) defined the fundamental tenants of the PCAOB’s inspection program.
First, the PCAOB is directed to inspect and review selected audit and review engagements of a registered firm. Second, it must evaluate the sufficiency of the quality control system of a firm and the manner of documentation and communication of that system throughout the firm. Third, the Board has broad authority to perform other testing of a firm’s audit, supervisory and quality control procedures, as necessary and appropriate, to fulfill the PCAOB’s inspection and other responsibilities.
With 1,900 public accounting firms registered with the Board -- including just over 40 Australian firms -- the PCAOB has had to leverage its resources and take a risk-focused approach to its inspections. We have developed, and continue to refine, the process the PCAOB uses to select audit engagements for review. The process involves the analysis of several risk factors. Some of these factors pertain to the firm itself, based on what we know about the firm’s structure, clients and other demographics, as well as what we have learned from prior inspections. Other risk factors may pertain to our analysis of high risk industries, complex financial instruments and business lines that pose accounting and auditing challenges.
Finally, we identify a firm’s audit clients with higher risk – and then, more importantly -- focus on the significant and risky elements of each audit we inspect. This process is similar for inspections of non-U.S. firms registered with the PCAOB. If the inspection is a joint inspection – that is, conducted with a counterpart oversight body – the PCAOB and its counterpart determine the scope of the inspection together.
The PCAOB also assesses the quality control systems within a firm and how they are implemented. Our inspectors evaluate certain key processes in addition to assessing a firm’s overall technical proficiency, such as client selection, compensation practices, leverage, internal inspections, and the overall management approach, including the firm’s tone-at-the-top. For the largest firms, we evaluate these processes in a more sophisticated way, including establishing higher expectations for how these firms monitor and manage quality.
I can distill those expectations down to one key message: It is essential that audit firms take on the responsibility to establish a culture of quality; to provide sufficient training, support and resources to execute quality audits; and, importantly, to establish strong monitoring processes to ensure that quality deficiencies are understood and remediated.
I can even take it one step further: Firms should evaluate, both individually and collectively, the results of positive and negative indications of audit quality that are identified by their system of internal controls and by third parties. Among other things, this includes issues identified in their internal inspection programs, their processes to review audits subject to restatements and litigation, and issues identified by the PCAOB, peer reviewers, and other third parties.
In cases where quality is not at the level a firm expects – and this could be something less than an audit failure – the firm should make a judgment as to the root cause of the poor quality and determine if there are systemic implications to be addressed. Finally, the firm should respond to these systemic or cultural issues holistically and document its remedial measures. I believe that all of the larger firms are trying to do this – although they may not yet have adopted a firm-wide risk management language and approach.
I believe this approach to managing quality represents a key success of independent auditor oversight. But it will take all of us, acting in concert, to make it truly effective. As the overwhelmingly largest proportion of the world’s publicly traded companies are audited by only a handful of global firms, we ask our regulatory counterparts, and audit firms around the globe, to consider the value of this approach.
Experience Gained: PCAOB’s 2008 Report on the First Four Years of Large Firm Inspections and Remediations
In December 2008, the PCAOB issued a summary report on our findings during the inspections of the eight largest audit firms registered with the PCAOB that we’ve inspected every year since the full inspection program began in 2004.[6] Overall, the firms demonstrated a commitment to improving audit quality. I would like to share with you a select few of the issues covered in the report.
The PCAOB continued to find deficiencies in a few very important audit areas, such as certain aspects of revenue recognition and some types of management estimates. There also continued to be deficiencies in planning audits and evaluating audit results. In addition, it will not surprise you to learn that deficiencies continued to appear where the accounting guidance is evolving and the application of accounting principles, vexing -- as is the case with fair value measurements. A number of deficiencies were observed in situations where the issues were complex and the application of judgment, difficult.
While deficiencies continued, there were signs of improvement. In certain audit areas -- such as analytical procedures -- we still saw deficiencies, but the nature of those deficiencies narrowed during the course of the first four years of full inspections. This suggests that auditors were paying more attention to the specifics of the auditing requirements, although, in some cases additional focus is still required.
The December 2008 summary report on large firm inspection findings also described examples of steps some firms took to address quality control defects. These steps demonstrate the breadth and variety of actions various firms took to improve their audit performance in response to PCAOB inspection findings.
As mandated by the Sarbanes-Oxley Act, the PCAOB does not make public the descriptions of quality control defects if the Board determines that the firm is appropriately addressing the defect within 12 months of the date of the inspection report. To date, while we have made portions of over 50 inspection reports public, the vast majority of the firms have made good faith efforts to remediate the identified defects in their quality controls..
So, what does this all mean? While I see good progress, work remains to be done. The PCAOB and other audit regulators have an important role to play in encouraging firms to remediate quality control deficiencies and to adopt programs of continuous improvement. The PCAOB’s close, but arm’s-length supervisory arrangement is one key way to fulfill our common mission -- to protect the interests of investors and further the public interest in the preparation of informative, fair, and independent audit reports.
VII. The Dialogue around Broader Regulatory Reform
As I mentioned at the outset, financial markets in the United States and abroad declined significantly during 2008 and are expected to continue to be unstable in 2009 and possibly longer. The decline, which first surfaced in the mortgage markets, involved domestic and international uncertainty about valuations of companies, their assets and market transactions. Declining values, uncertainty over true values, and a lack of understanding of the risk implications of certain leveraged instruments by market participants have affected other instruments, markets, and industries as well.
The significant decline in the financial condition and market capitalization of many companies has required unprecedented care by public accounting firms in performing their 2008 audits, many of which were just concluded. It also will require careful scrutiny on the part of the PCAOB in inspecting those audits during our 2009 inspection season.
These financial conditions have led to a vigorous debate in Washington regarding the structure and effectiveness of our regulatory framework. There are several questions and concerns under scrutiny. One of the root causes of the crisis can be seen as the very flow of capital itself – that is, capital can (and should) flow freely, crossing borders generally with ease. This flow supports the creation and distribution of financial products. At the same time, it also makes it easy for systemic risks to crop up … increasingly outside of regulated entities. This has made it clear that, as we sit down to rethink the structure of our regulatory framework, we need to position ourselves to better identify and monitor emerging systemic risks.
Some other problems in the “structure” of U.S. financial regulation are best illustrated by the fact that we have five federal banking agencies with overlapping examination and rule-making authority over banks, savings institutions and credit unions. On top of that, there is an overlay of state regulation of many of these depository institutions.
In addition, we have completely separate state and federal agencies to oversee the issuance and trading of public securities and of financial reporting, and yet another regulator for the futures markets. Insurance agencies are subject to overlapping authorities of the 50 states with no federal oversight. Still, the list could go on.
Most U.S. regulatory agencies were established in response to a particular financial crisis, and their authorities have been broadened, shared, and or otherwise modified over time. There is a growing sentiment among policy makers that regulatory agency mandates need to be streamlined and modernized. This includes the need to question the unregulated status and lack of transparency of certain financial instruments and transactions.
VIII. Conclusion
During 2009 and beyond, policy makers will engage in far-reaching discussions that could lead to significant modifications to the current regulatory framework. I welcome this dialogue, and I expect the PCAOB to participate in these discussions. Adoption and implementation of such modifications could occur over a number of years, but we should start right away.
Notably, the discussion of regulatory structure and effectiveness almost always centers on the need for financial stability: what it means; what the drivers are; and the absolutely critical role of the government, banks and borrowers in supporting the broader economy. While there may continue to be discomfort among many “free-marketers,” due to the current level of government engagement in the capital markets, there also is a growing appreciation for the subtle but considerable interdependencies between the markets and commercial sectors, and between individual consumers and investors and the economy. These complex financial stability issues are global issues that are rightly receiving the attention of the top minds in the United States and abroad.
The G-20 Summit last November identified a number of areas ripe for reform. I am quite interested in the outcome of the forthcoming summit on April 2nd. While most matters within the Summit Declaration did not directly address issues related to auditor oversight, some key themes speak to the work we do. These were transparency, accountability, and the commitment to enhance international regulatory cooperation.
If we did not see it before, current events now make clear the necessity for cross-border dialogue and cooperation among regulators. Equally important, current events send a clear message that our work must enhance market integrity and transparency. Thus, I encourage the G-20 to think boldly and support moves that advance international cooperation and transparency.
Auditors and the accounting profession play a key role in assuring the integrity of capital markets around the globe: The public places its trust in them. The PCAOB is continually adjusting its programs to respond to audit risks posed by the financial markets. We are fully committed to our investor protection mission to use our inspection, standard-setting and enforcement authority to require audit reports that are fair, informative and independent. Audit oversight bodies are contributing to the global dialogue on audit risk and must continue to enhance the mechanisms for cooperation.
Before I conclude, let me say that I am proud of the level of cooperation that the PCAOB and Australia’s ASIC have been able to achieve. I expect this relationship to become even stronger in coming years.
Thank you for inviting me to provide the Ken Spencer lecture this year. And, I thank you for the opportunity to visit this great country.
Endnotes
[1] Audit Practice Alert No. 3., Audit Considerations in the Current Economic Environment (December 5, 2008) (See Staff Audit Practice Alert No. 3)
[2]See Characteristics of Mutual Fund Investors, 2008 (Investment Company Institute), available at http://www.ici.org/pdf/rpt_profile09.pdf
[3] See The Financial Stability Review – March 2008 - Market Risk in the Household Asset Portfolio (Reserve Bank of Australia) available at http://www.rba.gov.au/PublicationsAndResearch/FinancialStabilityReview/Mar2008/Html/box_d.html
[4]This rough estimate is based on the current number of IFIAR members and therefore is not necessarily all-inclusive.
[5]Dialogue is conducted through the six largest global audit networks that make up the Global Public Policy Committee.
[6]Report on the PCAOB’s 2004, 2005, 2006, and 2007 Inspections of Domestic Annually Inspected Firms (See Release 2008-008).