The PCAOB, Its Current Activities, and Impact on Preparers

Good Evening,

Thank you for that kind introduction and for inviting me to speak here this evening.

As you all know, the Public Company Accounting Oversight Board was created by Congress through the passage of the Sarbanes-Oxley Act of 2002 (Sarbanes-Oxley Act) to oversee the audits of public companies in order to protect investors and the public interest by promoting informative, accurate, and independent audit reports. The PCAOB began operations in April 2003, and I joined the Board in February 2011 after spending over thirty years in public accounting.

I would like to highlight for you today a few of the PCAOB's current activities that may be important to you as financial statement preparers. But before I go further, I should tell you that the views I express today are my personal views and do not necessarily reflect the views of the Board, any other Board member, or the staff of the PCAOB.


The PCAOB was established in the wake of accounting scandals involving companies like Enron, Tyco, Adelphia, Xerox, and WorldCom, which revived long-standing concerns about auditor effectiveness, independence, and governance over the auditing profession. At the time, these concerns were contributing to a great deal of investor unease about the U.S. capital markets. In order to address investor concerns, Congress assigned four main responsibilities to the PCAOB:

  1. Registration of public accounting firms;
  2. Inspections of registered public accounting firms;
  3. Setting of auditing standards for the audits of public companies and broker-dealers; and
  4. Investigations and disciplinary proceedings in cases where auditors may have violated the securities laws or applicable standards or rules.

In doing so, Congress supplemented an existing regulatory system that previously focused primarily on the actions of management – through laws and regulations imposing disclosure requirements for public companies and accounting standards established by the Financial Accounting Standards Board (FASB), all enforced by the Securities and Exchange Commission (SEC).

While the fundamental role of auditors – to provide independent assurance on management's financial statements – has not changed in many decades, the creation of the PCAOB ended a system in which auditors themselves set the standards for their work and determined through a "peer review" process if those standards were met. With the creation of the PCAOB, key regulatory activities including standard setting, inspections, and enforcement moved out of the hands of the audit profession and into those of an independent Board established by law and subject to the oversight of the SEC.

The SEC appoints the Board's five full-time Board members, two of whom must be Certified Public Accountants. SEC oversight also includes approval of the Board's budget and any rules and standards issued by the Board. In addition, disciplinary sanctions imposed by the Board may be appealed to the SEC, and, ultimately, to federal court. Likewise, firms may request SEC review of certain PCAOB actions, such as the findings included in inspection reports and remediation determinations.

Of course, the creation of the PCAOB did not change that financial reporting – and thereby the primary source of information for investors – remains in the hands of corporate management, through existing quarterly, annual and other periodic reporting. We therefore defer to the SEC on questions about accounting, including by consulting SEC staff when novel accounting questions arise in inspections and reporting to the SEC any potential violations of accounting, independence or other rules that are within the SEC's jurisdiction.

Nevertheless, the PCAOB's actions do impact financial statement preparers indirectly. For example, our inspections often highlight audit deficiencies that can only be addressed if the auditor obtains more information, or different information, from their clients. In some cases, this requires clients to change aspects of their financial reporting processes. The most important example of this is probably in the area of internal controls.

The Sarbanes-Oxley Act included specific provisions to enhance internal controls over financial reporting, including a requirement that company management assess and report on the effectiveness of the company's internal control, and a requirement for the company's independent auditor to attest to management's disclosures regarding the effectiveness of its internal control.[1] In 2007, the PCAOB issued a new auditing standard to govern audits of internal controls, known as Auditing Standard No. 5.[2] After firms had several years of experience with the new standard, the Board's Inspections Division increased its focus in 2010 on whether firms had obtained sufficient audit evidence to support their opinions on the effectiveness of ICFR. The Board found a high rate of deficiencies in this area over the next several years, as reflected in the individual inspection reports issued to each firm. The Board also released a general report summarizing findings in this area, as well as a staff audit practice alert intended to focus auditors' attention on auditing ICFR.[3]

The deficiencies identified by the Board included auditors' not testing the right controls to ensure that management was appropriately addressing the highest risks of material misstatement. Also, for the controls selected by auditors for testing, auditors did not always sufficiently test the relevant controls' design or operating effectiveness. After extensive remediation efforts by firms, our inspection findings now appear to be declining. Continuing observations in this area are narrower, focusing for example on whether the auditor sufficiently tested the precision of relevant controls.

In some cases, as auditors improved their auditing of internal controls, their increased focus caused companies also to make changes in their control environments and in the operation and documentation of some controls. Overall, this appears to have been a positive development: Along with improvements in the effectiveness of internal controls, we have seen declines in the number and severity of restatements. Of course, companies have also responded by increasing the resources focused on internal controls and therefore face increased costs. Over the last year, we and the SEC have faced questions about whether the pendulum has swung too far. Some companies complained that their auditors' were requesting too much information in immaterial or low risk areas and doing unnecessary procedures to review internal controls. Sometimes auditors justified this work to the clients only by explaining that it is required by the PCAOB. In response to these concerns, PCAOB Board members and staff, along with representatives of the SEC, have participated in several meetings with companies and audit firms to better understand the issues being raised.

Discussions at these meetings suggest that there continues to be an expectation gap between preparers, auditors, and the PCAOB and SEC with regard to the appropriate level of scrutiny, testing and documentation by auditors of internal controls. Although we are comfortable that our inspectors are not imposing new auditing requirements through inspections, it is possible that firms' concerns about the frequency of our inspection findings in the area of ICFR audits, along with firms' efforts to improve their performance, have caused some audit teams to do more work and request more information from their clients. In some cases, their work may be focused on the wrong areas, resulting in unnecessary burdens on management. We at the PCAOB, in coordination with SEC staff, will continue to focus on this issue in order to make sure we have an appropriate balance between auditors' doing sufficient and meaningful audit work to gather the right amount and the right type of audit evidence, while not imposing unnecessary burdens on management or causing needless delays in the financial reporting process.

As this example demonstrates, regulators like the PCAOB must be constantly aware of striking the right balance, to ensure that we are not imposing unreasonable burdens, and that any burdens we do impose are justified by the benefits to be gained. In that context, the Board committed in 2012 to conducting rigorous economic analysis in connection with standard setting.[4] This was due in part to the increased attention to the topic of economic analysis after several judicial opinions criticized the SEC's process for conducting economic analysis,[5] and Congress passed the JOBS Act.[6]

Since then, the Board has added several economists to the staff to assist in that effort. These economists work closely with accountants on our staff to enhance our collective understanding of economic concepts and how they relate to auditing. In recent standard setting projects, we have begun to gather information relating to costs and benefits of new requirements under consideration, and we continue the learning process of both understanding and better articulating the potential costs and benefits of our work. Doing so presents challenges, particularly in the area of quantifying benefits. While improvements in auditing standards enhance the effectiveness of the audit and therefore the credibility of financial statements and the capital markets, they are several steps removed from direct and tangible benefits to investors. Additional challenges are posed by the need to consider less obvious unintended consequences, which could outweigh potential benefits.

With that background in mind, let me turn to some of the more high profile standard setting projects currently on the Board's agenda.

Auditor's Reporting Model

As I noted earlier, investors have long received virtually all of their information about public companies directly from those companies, through periodic reporting and disclosure, press releases and analyst calls. And while auditors historically have provided an important check on the financial statement information provided by management, investors have received no information directly from auditors about their work.

Financial statements have become more complex and increasingly are based on subjective estimates and valuations. In recent years, this and other factors have given rise to demand by investors for expanded auditor reporting. With this in mind, and given the mandate of the Sarbanes-Oxley Act that the Board ensure the "preparation of informative, accurate and independent audit reports,"[7] the Board in 2011 began to explore possible requirements for expanded auditor reporting.

After conducting and considering the results of extensive outreach on this topic, the Board issued a proposal for public comment in August 2013 that would require auditors to include in their reports a discussion of so-called "critical audit matters" or "CAMs." As the Board noted at that time, this project was focused primarily on enhancing communication to investors through the auditor's report rather than on changing the fundamental role of the auditor in performing an audit of financial statements. As a result, the project does not contemplate substantive changes to the way audits are performed and maintains the binary "pass/fail" structure of the auditor's ultimate opinion.

Notably, auditor reporting is also an issue that has received attention internationally. The International Auditing and Assurance Standards Board — which issues International Standards on Auditing that are used in many countries around the world (but not in the U.S.) – recently adopted a standard requiring auditors to discuss so-called "key audit matters" in the auditing report.[8] Likewise, the United Kingdom's Financial Reporting Council adopted requirements for enhanced auditor reporting in 2012, including that auditors describe the assessed risks of material misstatement that were identified by the auditor and which had the greatest effect on the audit and provide an explanation of how the auditor applied the concept of materiality in planning and performing the audit.[9]

After considering the comments on its 2013 proposal, the Board issued a re-proposal earlier this year to further refine the potential reporting requirements. Like the original proposal, the re-proposal responds to investor demands for more information about the audit by requiring auditors to determine whether there are any matters that were communicated or required to be communicated to the audit committee and that:

  • Relate to accounts or disclosures that are material to the financial statements, and
  • Involved especially challenging, subjective, or complex auditor judgment.

In addition to identifying the CAM, the auditor would have to describe the principal considerations that led the auditor to determine that the matter is a critical audit matter, describe how it was addressed in the audit, and refer to the relevant financial statement accounts and disclosures. If there are no critical audit matters, the auditor would state that in the auditor's report.

New in this re-proposal was the requirement that the auditor also discuss how the CAM was addressed in the audit. This discussion should utilize language to make the information useful to investors, which, in my view, means that descriptions of audit procedures should not be overly technical but should convey how and why the procedure helped the auditor become comfortable with the critical matter.

As explained by our economists, the additional information provided to investors should decrease the information asymmetry between investors and auditors, which should reduce the information asymmetry between investors and management about the company's financial performance. This, in turn, should increase the credibility of the financial reporting process and increase confidence in the capital markets. However, because the proposed requirements would also impose costs and burdens on preparers, auditors and others, we must be sure that the information to be provided would actually be useful to investors.

The comment period on the re-proposal ended on August 15. Some commenters opposed the proposed auditor reporting requirements entirely, while many believed the Board should continue with the project but make certain changes. Some commenters, including preparers, expressed concern that auditors would have to disclose information that is immaterial or otherwise not subject to disclosure by management. Others, including investors, were supportive of the proposed disclosures but urged the Board to require even more expansive auditor reporting, including by lowering or eliminating the materiality threshold for CAMs. While many auditors were supportive of the proposal, some expressed concern about a potential increase in auditor liability.

This proposed standard could have important implications, as it provides much more insight than currently exists into complex and challenging areas of the audit. It is also possible that auditors may do more work in certain areas considered critical audit matters, or that companies may change their approaches to certain financial reporting matters as a result of the auditor's disclosure obligations. The PCAOB staff is currently evaluating these and other potential impacts and expects to present a recommendation to the Board for a final standard in the next several months.

Other Auditors

The second standard setting project I would like to address briefly is our April 2016 proposal regarding the planning, supervision, and performance of audits involving other auditors, meaning auditors who participate in the audit but do not issue the audit opinion. This is an important area in light of the increase in companies with global operations, requiring the referral of audit work to other auditors around the world. Under current standards, there are multiple approaches for the oversight of such other firms or auditors, and the Board has observed varying levels of audit quality in the work performed by other auditors and varying degrees of supervision by the firm issuing the audit report.

To some degree, this project represents the PCAOB catching up to what is already "best practice" by some of the largest public accounting firms. These firms have extensive experience with global audits and have incorporated into their methodologies not only the requirements of international auditing standards but also process improvements designed in response to inspection findings by the PCAOB and other regulators. These firms require frequent, comprehensive communications with other auditors and review of other auditors' work papers in areas of significant risk, steps which go beyond those currently required by PCAOB standards. Other firms, including those who do not follow international standards, continue to base their supervision of other auditors largely on existing PCAOB standards. The proposed amendments are intended to enhance supervision and provide consistency to audits involving other auditors.

When I voted to approve the issuance of this proposal in April, I also raised several questions for commenters. One of these questions that may be particularly relevant to preparers of financial statements deals with the "sufficiency determination" requiring the lead auditor has to determine whether it is performing enough of the audit work to serve as the lead auditor. Under the proposal, this determination is based on the risks of material misstatement associated with the portions of the financial statements audited by the lead auditor relative to the portion audited by the other auditors. There are, however, no bright lines or minimum percentages to help with this determination. This requirement is intended to increase the likelihood that the firm issuing the auditor's report performs audit procedures for a meaningful portion of the company's financial statements, but it may also raise questions for companies that operate in many different jurisdictions. In those circumstances, it may in some cases be difficult to determine which firm audits a sufficient portion of the company's financial statements to serve as lead auditor, and the criteria may not necessarily point to the firm currently serving as the lead auditor.

The comment period for this project ended on July 29. Overall, many commenters agreed with the Board that standards governing the use of other auditors should be enhanced, with some suggesting that the standard should allow a higher degree of reliance on firms within the same network, while others would like to see the PCAOB do more to harmonize its standard with the parallel international standard. Some commenters expressed concern about whether the sufficiency determination would be too burdensome, while others indicated that there should be specific requirements not just for the lead auditor, but also for the other auditor involved in the audit. The staff is currently evaluating the comments received.

Other ongoing standard setting projects in various stages of development include auditing fair value and estimates, the auditor's use of specialists, and potential new requirements for firms' systems of quality control.


Finally, before I close, let me say a few words about the PCAOB's outreach to financial statement preparers and audit committees. Much of this outreach is informal and takes place at meetings with small groups of preparers or audit committees, or at events like the one this evening. The PCAOB also hosts more formal meetings, such as round tables on particular topics, and our Standing Advisory Group and Investor Advisory Group include preparer and audit committee members.

Through this outreach, we have heard from audit committee members and preparers that they would like more opportunities to provide us with feedback, and that they would like more two-way dialog, both about policy issues in general and about their companies' inspection results in particular. Some have expressed frustration about the lack of a clear understanding about what is happening in their company's audit, and why auditors are performing certain procedures or asking for certain types of information. While we face some limitations in what we can discuss – for example we cannot disclose certain inspections related information – it is my hope that our continued outreach will help to promote more understanding by audit committees and preparers, as well as provide us with important perspectives about the impact of our work on public accounting firms and their clients.

Thank you for your efforts in filling important roles in the world of financial reporting. Complying with ever changing accounting standards and keeping up with an increasingly complex business environment makes it challenging to convey your company's story to investors and other stakeholders through the financial statements. We are doing our part to ensure your auditors are independent, competent, objective, and skeptical. Ultimately, our collective goals are to provide investors with clear, credible financial statements and to promote a healthy and active capital market.

With that, I'm happy to take any questions.

[1] Sarbanes-Oxley Act Section 404.

[2] Auditing Standard No. 5 (now AS 2201), An Audit of Internal Control Over Financial Reporting That Is Integrated with An Audit of Financial Statements.

[3] See Observations from 2010 Inspections of Domestic Annually Inspected Firms Regarding Deficiencies in Audits of Internal Control over Financial Reporting, PCAOB Release 2012-006 (December 10, 2012); Staff Audit Practice Alert No. 11: Considerations for Audits of Internal Control Over Financial Reporting (Oct. 24, 2013).

[4] See, e.g. Public Company Oversight Board Strategic Plan (2012-2016): Improving the Relevance and Quality of the Audit for the Protection and Benefit of Investors (November 30, 2012).

[5] See, e.g., Business Roundtable & Chamber of Commerce v. SEC, 647 F.3d 1144 (D.C. Cir. 2011); American Equity Investment Life Insurance Company v. SEC, 613 F.3d 166 (D.C. Cir. 2010).

[6] Jumpstart our Business Startups Act, Pub. L. No. 112-106 (April 5, 2012). See Section 103(a)(3)(C) of Sarbanes-Oxley, (15 U.S.C. §7213(a)(3)), as added by Section 104 of the JOBS Act.

[7] Sarbanes-Oxley Act Section 101(a) (emphasis added).

[8] See International Standard on Auditing 701, Communicating Key Audit Matters in the Independent Auditor's Report.

[9] See section C.3.8 of FRC UK Corporate Governance Code (September 2012).