To Do Better...
Remarks as prepared for delivery
I want to start out by thanking our staff for the tremendous time and effort they have put into this project, which is ultimately about how to get audit firms to do better.
It helps to begin by thinking about evolution. Natural selection, driven by genetic mutations that occur over generations, bring about gradual change – change that enhances the fitness for survival in a particular environment. And, I believe, a similar process is at work in our capital markets.
Since the industrial revolution, investors and company managers have focused on quality management to drive improvement and gain a competitive edge. I worked one summer when I was in college to help a company manage its quality control circle program.
The quest for high quality means a quest to allocate scarce resources; to prevent the occurrence and recurrence of failure; and to deliver optimal products and services. Effective quality management, or quality control, varies by industry, but involves a data-driven, iterative approach, and a focus on systems and their reliability and adaptability.
I am pleased that the staff has crafted a final standard that does just that for the audit profession-- helping it do better at its job. The standard before us today is:
- principles-based, with some prescriptive provisions;
- scalable, depending on an audit firm’s environment and risk profile; and
- focused on continuous surveillance to detect and immediately address deficiencies in auditing.
Importantly, this standard establishes minimum acceptable quality, which is compliance with PCAOB standards. At the same time, the standard also encourages audit firms to exceed the minimum level of quality with flexibility to establish quality objectives to raise audit quality from simply passable--or C-level work-- to A-level work. In effect, the standard establishes a floor-- but there is no ceiling. Accordingly, this standard empowers audit firms and auditors to be innovative and to drive quality beyond mere compliance with our standards.
In sum, audit firms will identify those threats to audit quality for their audits. Firms are then required to adopt responses to mitigate those risks. For each identified risk and response, firms must continually monitor the effectiveness of responses to identified risks. This surveillance system should ferret out deficiencies and remediate them before they can affect the quality of an audit.
The most important characteristic of QC 1000 is that it replaces a standard written with the audit profession in mind, to one focused on investors and the public interest. Reorienting the standard means that for the first time in one hundred years, an audit firm’s system of quality control must reflect and reinforce its role:
“(I)n protecting the interests of investors and furthering the public interest in the preparation of informative, accurate, and independent audit reports.”
That is going to prove to be a powerful change as it should permeate its culture. Moreover, there is real accountability built into the standard. Under the final standard, the audit firm CEO must certify an annual evaluation regarding whether the audit firm’s system of quality control is effective. This aligns with the requirement that public company CEOs and CFOs have had since 2002.
I am particularly proud of the provision of the standard that requires audit firms with the largest presence or footprint in our capital markets to establish and empower an independent quality control function. This provision will supersede the “advisory groups” some audit firms have developed with the external quality control function—whose sole focus is on quality control.
This morning the Board voted to adopt a new standard regarding the Empowerment and General Responsibilities of the Auditor. AS 1000 is integral to an effective system of quality control, which is best done by rigorously guarding an auditor’s professional skepticism and professional judgment.
Approximately one month ago, the Board proposed a standard for enhancing Audit Firm Reporting. Today’s Quality Control standard has some important links to that proposal as well. For example, the Audit Firm Reporting proposal seeks comment on the public transparency of an audit firm’s independent quality control function. Independent governance of an audit firm’s system of quality control is a means of improving audit quality.
Public disclosure of those accountable for an audit firm’s external quality control function will inform investors and other stakeholders of a governance mechanism that they may consider relevant to audit quality, which would align with our goal of improving the ability of stakeholders to understand an audit firm and assess its services.
I encourage investors and other stakeholders to provide robust comment on the nature, timing, and extent of public disclosure that should be furnished by the external quality control function to the audit firm, and in turn provided by the audit firm on its proposed enhanced annual report to the PCAOB (filed annually on Form 2).
Thank you to Jessica Watts for her years-long commitment to getting us to this day. Next, I would like to thank the entire Quality Control team for their tireless days and sometimes nights working to get this proposal before the Board today. This includes from the Office of the Chief Auditor: Linnette Klinedinst, Ekaterina Dizna, Sky Simms, and Karen Wiedemann; From the Office of Economic and Risk Analysis: Nick Galunic, and Dylan Rassier; and From the Office of General Counsel: Jennifer Williams, Drew Dropkin, and Connor Raso.