The PCAOB and Audit Committees – Common Goals
Introduction
Thank you for that kind introduction. And thank you for inviting me to join you today for this Audit Committee Summit. As I will discuss in a little more detail, I believe that audit committees are one of the PCAOB's most important stakeholders and partners, so I am always eager for opportunities to address groups like this one. I also find that I learn something during every discussion with audit committee members.
I would like to start by providing a brief overview of the PCAOB and our work and then focus in more detail on our recent outreach to audit committees. But before I begin, I should say that the views I express today are my personal views and do not necessarily reflect the views of the Board, any other Board member, or the staff of the PCAOB.
Background
As you know, the PCAOB was created by Congress through the passage of the Sarbanes-Oxley Act of 2002 (the "Sarbanes-Oxley Act") to oversee the audits of public companies in order to protect investors and the public interest by promoting informative, accurate, and independent audit reports. The PCAOB began operations in April 2003.
The PCAOB is led by a five member Board, each of whom is appointed by the U.S. Securities and Exchange Commission ("SEC") to a five year term (with a maximum of two terms permitted). As mandated by the Sarbanes-Oxley Act, two of the five Board members are Certified Public Accountants. After spending over thirty years in public accounting, I was appointed to the Board in February 2011 in order to fill one of these CPA positions. The Board operates under the oversight of the SEC, which, in addition to appointing Board members, must approve our budget and any rules and standards issued by the Board. The SEC also is empowered to hear appeals of our inspection determinations and enforcement orders.
Under the Sarbanes-Oxley Act, the PCAOB has four main responsibilities:
1. Registration of public accounting firms that audit public companies or broker-dealers;
2. Inspections of registered public accounting firms;
3. Setting of auditing standards for the audits of public companies and broker-dealers; and
4.
Investigations
and disciplinary proceedings in cases where auditors may have violated certain
provisions of the securities laws or applicable standards or rules.
In order to achieve our mission, we have a staff of over 800 employees, which work in in sixteen offices around the country. The majority of our employees work in our core program areas in the Division of Inspections and Registration, the Division of Enforcement and Investigations or the Office of the Chief Auditor. In addition to our administrative offices, we also have an Office of International Affairs and an Office of Research and Analysis, both of which provide important information and assistance to the Board and staff.
Currently, more than 2200 firms are registered with the Board, including just under 900 foreign firms from 85 jurisdictions. The Board has conducted inspections of public company audits in over 40 jurisdictions outside the United States. After the Dodd-Frank Wall Street Reform and Consumer Protection Act gave us authority in 2010 to inspect the auditors of brokers and dealers, we commenced an interim program of broker-dealer auditor inspections. In determining the scope of a future permanent inspection program, we are evaluating the findings from the interim inspection program and will consider the effects of the SEC's new reporting rules for broker-dealers and the related broker-dealer auditing standards we issued recently.
With respect to standard setting, since its inception, the Board has issued 18 auditing standards — including, for example, standards addressing audit documentation, internal controls, audit planning, engagement quality review, risk assessment and audit committee communications — as well as two attestation standards for audits of brokers and dealers. We also have substantially amended a number of interim standards — including, for example, standards addressing communications about control deficiencies, audit reports, audit sampling, and substantive analytical procedures, among others. Most recently, we issued AS 18, a standard on auditing related party transactions, as well as amendments to PCAOB standards relating to significant and unusual transactions and a company's relationships and transactions with its executive officers. After the SEC's approval earlier this week, this standard and related amendments will go into effect for audits of financial statements for fiscal years beginning on or after December 15, 2014, including reviews of interim financial information within these fiscal years.
The fourth prong of the PCAOB's statutory mission is enforcement of applicable federal laws, standards and rules. The Board has publicly announced sanctions including revocations of firm registrations, orders barring or suspending individuals from practicing before the Board, censures and, in some cases, significant monetary penalties. Our cases have involved Big Four firms as well as smaller firms and sole practitioners and have been brought against firms in the U.S. and abroad. In addition, we have matters currently under investigation and in litigation, but those remain non-public as required by the Sarbanes-Oxley Act.
Audit Committee Outreach
In the context of all of these activities, we endeavor to keep in touch with our stakeholders — particularly investors and audit committees — to help ensure that our work supports our mission to protect investors and the public. We want to know whether our actions are consistent with your expectations. In that context, in 2012, the Board identified a series of near term priorities, including a desire by the Board to enhance its outreach to audit committees. We believe that audit committees, who share our goal of protecting the investors in public companies, provide an important complement to our work, driving audit quality through their own oversight of auditors and the market incentives they can offer to promote high quality audits.
Our outreach initiatives have included many meetings by members of the Board and staff with groups of audit committees, including summits such as this one and smaller gatherings of audit committee members all around the United States. We have provided information that we hope will be helpful to audit committees, but a key component of our outreach has been to have a dialog with audit committee, to understand their needs and how we can help them achieve their goals. This continues to be a work in progress, as we attempt to provide helpful information without crossing the line into being prescriptive or inadvertently establishing de facto standards for audit committees, whom we do not regulate.
So what have we heard, during the last two years, in our discussions with members of audit committees, and how are we responding?
General
Overall, audit committee members have expressed appreciation that our outreach has not consisted merely of speaking to audit committees, but also engaging in a dialog with them to better understand their concerns and needs. One frequent comment is that audit committees have a lot on their plates. They don't want our activities to create more work for them; rather, they want us to help them do their jobs more effectively and, hopefully, more efficiently. They ask that any information we provide be narrowly tailored to their needs — rather than needlessly detailed and overly technical — and that we demonstrate the relevance of our information to their work.
Timeliness also has been a common theme: Audit committees would like to hear from the PCAOB about ongoing trends and concerns as they are occurring, when audit committees can engage their audit firms and take action, rather than after formal inspection reports have been released and the audits at issue are almost two years old.
The Board has responded to these comments in a number of ways. First, in August 2012, we issued information for audit committees about the Board's inspection process and the meaning of inspection results in order to help audit committees understand the context and meaning behind our inspection reports.[1] The objective of this document was to better equip audit committees to engage in meaningful discussions with audit firms about the process, results and context of PCAOB inspections.
We also have incorporated into many of our public general reports, which summarize inspection findings and trends, brief executive summaries that are intended to give the reader basic information and allow them to decide quickly whether to delve deeper into the report for additional details. We have made some changes to our website to make it easier for audit committee members to find relevant information, and we hope to add additional content relevant to audit committees. On our website, you can also sign up to receive notifications of new information when it is posted. Finally, it is my hope that we can come up with some creative ways to provide information about our inspection results and potential audit risks much more quickly than our current reporting process allows.
Inspections
The vast majority of the PCAOB's resources are dedicated to our inspections of the audits of public companies and broker-dealers. So it is not surprising that audit committee members also have a lot of interest, questions and comments about this program, how well it works, and how it could be improved.
Our mandate under the Sarbanes-Oxley Act, of course, is to test for compliance with applicable auditing standards and rules, and to report our findings. In operationalizing this mandate, the Board has adopted an approach that is designed to find problems by risk-weighting its selections of audits for inspection and by focusing reports on findings of non-compliance. While many audit committee members carefully review these reports and discuss findings with their auditors, we also have heard that the reports' length makes it difficult to discern what information is most important or relevant to audit committees. Many audit committee members would like to understand better the most common or most significant problems identified across audits or by industry. Audit committees would like to know more about the severity of findings and how audit firms compare to each other. And timeliness is also an important issue in this context, as most audit committees are not sure what to do about audit deficiencies that occurred in audits from a year or more ago.
The Board continues to consider improvements to our inspection reports, both general reports and firm-specific inspection reports. In addition to the executive summaries in our general reports, we are making an effort to include in each report at least a few sentences about why the information may be relevant to audit committees or what actions audit committees may want to consider taking in response. We appreciate any feedback you have to make these reports as useful as possible to you.
Our firm-specific inspection reports also have undergone some changes in recent months. One major addition to the reports are references for each finding to the auditing standards involved and a chart summarizing the auditing standards that were implicated in all of the cited findings, providing a quick overview of those standards that were most frequently cited in that particular report. We are hopeful that this additional information will help both firms and audit committees focus on those areas of the audit where we see problems most frequently.
Finally, we heard from many audit committee members that our characterization of audit deficiencies as "audit failures" in inspection reports was needlessly harsh and confusing. Some audit committee members were concerned that references to audit failures might be interpreted as meaning that the company's financial statements were misstated, or that the entire audit — as opposed to a particular portion of the audit — was insufficient. As a result of this feedback, the Board recently removed references to audit failures from its firm-specific inspection reports. Instead, we have tried to focus in the reports on the fact that the deficiencies included in the report mean that the auditor did not gather all of the audit evidence necessary to support the opinion. These are significant deficiencies, not to be downplayed, and our reports emphasize that deficiencies rising to this level mean that the auditor should have done more work before the audit opinion was issued. But we hope that the revised language is more factual, without the potential misunderstanding triggered by the previous approach.
Beyond reporting, some audit committee members also have questioned whether our inspections could be more meaningful to them if at least some audits were selected randomly for inspection, rather than on a purely risk-weighted basis. Because our Division of Inspections and Office of Research and Analysis have become quite skilled at recognizing audit risk and selecting the most difficult audits and most challenging audit areas for inspection, the theory goes, it is no surprise that the PCAOB finds problems. But some audit committee members have speculated that they might get a better sense of the quality of their firm's work if PCAOB inspections provided a more balanced view of all audits performed, not just those that are most likely to show problems.
To date, the Board has not adopted such an approach, because we believed that the best use of resources, and the best result for investors, was to find — and hopefully motivate audit firms to eliminate — problems in audit performance. Inspecting a high enough number of randomly selected audits to provide statistically significant results also could require extensive additional resources. Nevertheless, the Board understands the potential benefits of random inspections, and we are contemplating whether and how we could incorporate at least some random components into our process.
Audit Quality
Ultimately, everything we do — inspections, standard setting, enforcement — is all intended to further the goal of achieving and maintaining improvements in audit quality. In that context, another important question posed by audit committees is whether all of our work has, in fact, resulted in better audit quality. Related questions are whether the PCAOB's efforts have resulted in better audit work, or simply better documentation, and whether auditor skepticism has increased since the PCAOB began operations in 2003.
Questions relating to audit quality improvements are, perhaps, the most difficult questions we face. Having spent over thirty years as an auditor and three years as a PCAOB Board member, I firmly believe that audit quality has improved since the creation of the PCAOB. Auditors are more accountable for their work, subject not only to PCAOB inspections and enforcement actions but also to enhanced internal firm inspections and more rigorous promotion and compensation schemes based on the quality of their work. Auditing standards are more rigorous, and firm audit programs and guidance have followed suit. Firms and engagement partners are more aware of the importance of the tone set for audit engagement teams, including the importance of independence, objectivity and skepticism.
PCAOB inspectors nevertheless continue to identify many inspection findings — sometimes arising in very difficult and complex areas of auditing or accounting, but also, at times, in more basic areas where deficiencies are harder to understand.
My fellow Board members and I are very interested in trying to better understand what all of this means, and whether audit quality is improving. For that reason, we commenced a project about two years ago to establish measurable, quantifiable audit quality indicators. This project has been led by our Office of Research and Analysis, in consultation with many others within and outside of the PCAOB. We are hoping to issue a concept release in the next few months to seek comment on some possible audit quality indicators and their potential uses, with the ultimate goal of finding a way to measure and track the quality of public company audits.
Of course, this project, too, raises questions among our stakeholders, including audit committee members. For example, some have expressed concern that the indicators will be treated as a checklist, with too much focus on meeting certain targets and not enough focus on holistically achieving and maintaining audit quality. Others have wondered whether certain critical factors that are difficult or impossible to measure will become overshadowed by less important but quantifiable indicators. Our staff has been struggling with these and many other questions. One answer is that we have no expectation that the audit quality indicators will provide a complete picture of audit quality. Rather, they are intended as one of many ways for firms, the Board, audit committees, investors and others to get some measurable input into their broader evaluation of auditors and audit quality. Other information will continue to be relevant, not the least of which is the audit committee's relationship and communication with its auditor.
Costs and Benefits
No discussion of the PCAOB's work — and audit committees' views about that work — would be complete without a few words about the costs and benefits of what we do. Audit committees are generally supportive of PCAOB inspections, standard setting, and other activities, and few would deny that our work has had a positive effect on audit quality. At the same time, they question whether we have achieved the right balance of burdens and benefits. Some are concerned about the increase in audit fees and question whether additional work by auditors results in better audits. Others believe that our inspectors are imposing new requirements through inspections. On that topic, I often point out that the vast majority of our inspection findings are the result of poor execution by auditors of the audit steps already required by their firms. So the extent to which PCAOB inspections result in more audit work and higher fees, it is more often than not due to individual engagement teams not following their own firms' guidance, rather than an effort by the Board to conduct standard-setting through inspections.
That said, the question of costs and benefits is an important one that the Board struggles with every day. Over the last few years, we have made more explicit in our rulemaking process what has always been implicit — the consideration of whether the burdens we impose through regulation are justified in light of the potential benefits to investors and the public. Earlier this year, we posted on our website a document titled "Staff Guidance on Economic Analysis in PCAOB Standard Setting," which provides a basic framework for the consideration of costs and benefits.[2] We have hired a number of economists to help us with that process, and our recently established Center for Economic Analysis, aided by academics and auditors, is planning research related to the role of the audit in the capital markets, to further put our economic analysis into context. One question that I have asked myself recently in the context of economic analysis is how or where we set the baseline against which to measure the costs. Is it the current standard, prevailing practice (which could be higher than the standard) or something else?
Another issue is that it is difficult, if not impossible, is to quantify the benefits of more rigorous auditing standards. Their anticipated effect of enhancing audits and hopefully providing better assurance on the fair presentation of the financial statements is several steps removed from a concrete and measurable economic effect, but it is no less important. This is an area where we continue to learn and hope to improve.
I hope that my comments have given you some food for thought in connection with your own work as audit committee members. We would be pleased to hear your views, constructive suggestions and new ideas, and I hope that we will have an opportunity during the next session of this program for some dialog about the Board's important work.
Introduction to Auditor's Reporting Model
But before I wrap up, I thought it might be helpful to provide a short introduction to the topic that we will cover during the panel discussion — the auditor's reporting model and the PCAOB's recent proposal to require auditors to provide more information in their audit reports about important matters encountered by the auditor in the audit (which is similar to a proposal by the International Auditing and Assurance Standards Board ("IAASB")).
After conducting extensive outreach related to this issue, and concluding that investors and the public would like auditors to provide more information about the audit, we issued in August 2013 a proposal to require auditors to discuss in their reports so-called "critical audit matters." These were defined in the proposed standard as those matters addressed during the audit that (1) involved the most difficult, subjective or complex auditor judgments; (2) posed the most difficulty to the auditor in obtaining sufficient appropriate evidence; or (3) posed the most difficulty to the auditor in forming the opinion on the financial statements.[3]
It is important to understand that the proposed standard would not require reporting of all information known by the auditor in which investors may have an interest. There are risks and uncertainties inherent in the financial reporting process and in business that probably would not be discussed as critical audit matters because the application of the accounting standards in those areas are clear and the audit process straightforward. Likewise, there may be critical audit matters reported that bear little on investment decisions.
We received hundreds of comment letters on this topic and held a public round table discussion in April to facilitate further discussion about a possible way forward. In commenting on the proposal, some suggested the requirements do not go far enough and are not sufficiently specific to require the auditor to report information that investors want. Others suggested that most of the matters to be discussed in the audit report would largely duplicate disclosures already included in the financial statements or management's discussion and analysis; while yet others expressed concern that the auditor might disclose original information about the company that applicable SEC rules and regulations do not require or explicitly allow the preparer not to disclose. Finally, some skeptics wonder if the end result of the changes to the auditor's report will be limited to the addition of new "boilerplate" language to the report that ultimately will not be helpful to investors. And many ask whether this requirement would simply add to what many already consider information overload in public company disclosures.
Along with the proposed changes to the auditor's reporting model, the Board also proposed a standard governing the auditor's responsibilities regarding certain types of "other information" that is outside the financial statements but that is included or incorporated by reference in annual reports filed under the Securities Exchange Act of 1934.[4] The proposed standard expands the auditor's responsibilities from "read" and "consider" as required under the current auditing standard (AU sec. 550) to require the auditor to "evaluate" whether the other information contains (1) a material inconsistency with amounts or information, or the manner of its presentation, in the audited financial statements and/or (2) a material misstatement of fact. The auditor's responsibilities are limited, however, to basing this evaluation on relevant audit evidence obtained, and conclusions reached during the audit. In other words, if the auditor, through the performance of the financial statement audit or audit of internal controls, did not gather information or evidence against which to evaluate the consistency or truthfulness of the "other information," the auditor need not go further.
The Board has received some support for this proposal by those who believe that it will enhance the assurance provided by auditors on information related to the financial statements. Others have suggested that the proposal may cause confusion about the extent of additional procedures auditors are required to perform and that it may needlessly drive up audit costs. We have also heard that the proposal, if adopted, may widen the expectation gap between auditors and investors, because investors may believe auditors are providing more assurance on "other information" than they actually do.
Currently, the Board is considering the comments received on both of these proposals, and I expect that we will issue a re-proposal in 2015. With regard to the auditor's reporting model, it is likely that our revisions will result in a narrower, more focused requirement that would facilitate the disclosure of only the most relevant information about the audit, while not crossing the line into areas that are within management's responsibility.
With that, let me thank you for your attention. I look forward to your questions.
[1] Information for Audit Committees about the PCAOB Inspection Process, PCAOB Release No. 2012-003 (August 1, 2012).
[2] Staff Guidance on Economic Analysis in PCAOB Standard Setting (Feb. 14, 2014), available at: http://pcaobus.org/Standards/Pages/05152014_Guidance.aspx.
[3] The Auditor's Report on an Audit of Financial Statements When the Auditor Expresses and Unqualified Opinion; The Auditor's Responsibilities Regarding Other Information in Certain Documents Containing Audited Financial Statements and the Related Auditor's Report; and Related Amendments to PCAOB Standards, PCAOB Release No. 2013-005 (Aug. 13, 2013).
[4] Id.