Let me start by stating, as required by PCAOB's Ethics Code, that these views are my own and may not represent the views of PCAOB, its Board, or its employees.
I have just finished the eighth year of my seven year term as a founding board member of the PCAOB, so I have had the incentive while waiting for the SEC to name my replacement to give some thought to the PCAOB's activities to date. With the encouragement of Scott Showalter, my good friend and long-time aide Ron Boster and I have organized our thoughts in an article available on Current Issues in Auditing under the title "The PCAOB's First Seven Years: A Retrospection."
Janus-like, having taken a backwards look in that paper, today I want to look forward, through my admittedly cloudy crystal ball, at what may lie ahead. A good starting point may be to ask how is the PCAOB doing in carrying out its statutory mission, which is "To protect investors by improving the accuracy and reliability of corporate disclosures made pursuant to the securities laws"? You are entitled to discount my views, but based on reading well over one thousand inspection reports, I believe progress has been made and that we are getting better each year in targeting our inspections to the areas of highest risk of material misstatements and identifying root causes of auditing deficiencies. Our internal data shows that the number of failed audits identified by the firm's internal inspections is consistently lower than those identified by the PCAOB's risk-based methodology.
Of course, more important than what I say is the evidence from actual filings, not only the decline in restatements but also a marked decline in adverse internal control opinions among larger public companies. But, it's important for the rooster not to take credit for the sunrise. Preparers, auditors, audit committees, and regulators all play a part. Since protection of investors is what this is all about, I was struck by the results of a survey of over a thousand investors conducted last July for the Center for Audit Quality which asked the following question:
"Other than individual investors themselves, which of the following does the best job of protecting investor interests?"
At the top of the list, and rated about equally, were government regulations and oversight, financial analysts and brokers, and auditors of publicly-traded companies. Near the bottom were stock exchanges, corporate boards of directors, and corporate management. It will be interesting in the future to see whether investors give higher marks to audit committees, whose role in overseeing outside independent auditors had been enhanced, and to senior corporate managers who have to sign quarterly certifications – and have seen some of their wayward brethren taken away in handcuffs.
Of course, it is heartening that the folks we are in business to protect think well of what we are doing to protect them.
Having said this, though, it should come as no surprise that there still are some auditors of public companies who should be doing something else for a living. The PCAOB has the responsibility, through its inspection and enforcement programs, to identify them (and their firms) and deal with them appropriately. As for the demand for audit services, some issuers clearly seek simply to get the cheapest possible external audit or even an outright sham (ala Madoff).
There is (and probably always will be) a question of whether the benefit of a quality audit outweighs the costs; a classic case of unpriced benefits vis-à-vis priced costs. Even if, as some research suggests, investors are willing to pay higher prices for equity shares (higher price-to-earnings ratios) when they are more confident of the "accuracy and reliability" of the financial statements, there are issuers whose management is willing to accept a lower market price for the company's shares and/or higher costs of capital as a trade-off for lower audit and audit-related expenses.
Looking ahead, important changes are in the offing. A new majority will soon be taking the reins at the Board providing the first real chance for a fresh inside look at the PCAOB. And this will happen at a time of soul-searching about the auditors' role in the recent economic crisis. I think it's entirely appropriate to consider what role auditors might play in helping reduce systemic risk. Is there more auditors could have done to protect investors during the downturn? If so, what? If not, are there barriers to the firms doing more, what are they, and are there ways to overcome the barriers?
The regulatory environment may be changing as well. Certainly Dodd-Frank and, of course, Sarbanes-Oxley involve more not less regulation, but at least as for regulation of smaller businesses, the tide may be moving in the opposite direction. We can see this in the exemption of filers with market caps below $75 million from Section 404(b)- eliminating auditor oversight of the effectiveness of internal controls over financial reporting for about half of all issuers. And there is pressure in the Congress to raise the exemption to $250 million market cap, hardly what I think of as small business.
The current challenges facing the Board are pretty well known. In no particular order my list would include five major issues:
- Current inability to conduct inspections in the EU, Switzerland, and China;
- Major changes in accounting standards;
- New authority to inspect and if necessary discipline auditors of broker-dealers;
- Ongoing recruiting challenges; and
- Fee pressures being experienced by public company auditors.
Here's my take on each of these. I'll start with international inspections because this is the weakest link in our inspection program involving not only limits on inspecting the work of the signing auditor, but also substantial role work and work referred by U.S.-based firms to their international affiliates. I am hopeful that progress will be made in entering into bilateral inspection agreements in Europe, but pessimistic about China. Looking ahead, the key question in my mind about audits of foreign private issuers or of U.S. companies with substantial international activities is whether investors care that the auditors of companies they invest in are not subject to inspection. Are price-earnings ratios of such companies lower than those of companies whose audits are subject to inspection? And, if not, what does this say about investors' perception of the value of PCAOB inspections?
Is the PCAOB's international inspection program viable in the long run? Will some countries that now permit PCAOB inspections decide not to do so, reasoning that if other major countries won't enter into inspection agreements with the PCAOB why should they? To be more direct, might the entire international inspection program unravel over time?
And, closely related, how can the PCAOB gain a better understanding of the role of the global entities of the big firms – global entities which are not registered with the PCAOB and therefore not currently subject to inspection or enforcement?
As for accounting standards (the second of my big-five concerns) there are tactical, short range issues and long term strategic issues. In the immediate future, recruiting of skilled auditors with IFRS experience is urgent but not easy – urgent because foreign private issuers can already use IFRS without reconciling to US GAAP. And Canada (the home of more FPIs than any other country) is moving to IFRS this year.
The strategic challenge grows out of the nature of IFRS which in many cases is less prescriptive than US GAAP. Will the PCAOB's ability to protect investors be diminished if the FASB and the IASB make the accounting world safe for diversity? How do auditors audit accounting standards that are written without much attention to their auditability? Will issuers and auditors be able to keep up with the pace of change in accounting standards? And how will conflicts be resolved between more judgment-based accounting standards and auditing standards that are more prescriptive – intentionally written so that they can be inspected against?
Number three on my list of five is the PCAOB's new authority over the auditors of broker-dealers. It involves inspections that go well beyond the financial statements to include protection of customer assets—both securities and cash. The present inspection force includes auditors with broker-dealer experience, enough to permit limited inspections this year, but recruiting a significant number of inspectors with prior broker-dealer auditing experience will be a major challenge. There is already a push to exempt so-called non-clearing broker-dealers from inspection. But, as the SEC has pointed out:
"Since 1995, Securities Investor Protection Corporation (SIPC) has liquidated at least 33 broker-dealers that were not ‘carrying firms' providing clearing or custodial services – 43 percent of all SIPC liquidations during that period. Those 33 liquidations have required SIPC to draw over $92 million from the SIPC fund. A significant number of frauds involving broker-dealers (including those that result in a SIPC liquidation) involve a non-carrying broker-dealer that steals customer cash and securities.
"In addition (continuing my quote from the SEC), a large number of broker-dealers that are not carrying firms are permitted to receive customer cash or securities on a limited basis. Out of a total of approximately 5,000 registered broker-dealers, only approximately 275 are carrying firms. Approximately 2,300 broker-dealers that are not carrying firms are permitted to handle customer cash or securities on a limited basis, including accepting cash directly from customers. For those broker-dealers not permitted to handle customer cash or securities, a well-executed audit would help to confirm that these broker-dealers are not handling such cash or securities or potentially misappropriating customer funds."
Needless to say, these numbers – whether 5,000 registered broker-dealers or 2,300 (in addition to the 275 carrying firms) could overwhelm the PCAOB's inspection capabilities.
Investors already have an important degree of protection from broker-dealer frauds through SIPC. Since SIPC protection is capped, I think it's fair to say that PCAOB's role will be not only to protect SIPC, but more specifically, to protect investors from losses that exceed the SIPC limits.
Over time, once the PCAOB has been carrying out its broker-dealer responsibilities for a few years, it will be possible to measure not only the costs incurred by the PCAOB, (paid by the larger broker-dealers) but also the benefits to investors, which hopefully is a reduction in losses they suffer from broker-dealer fraud. Needless to say, if the costs exceed the benefits, the entire broker-dealer audit oversight effort may be called into question.
As for investment advisors, like broker-dealers prior to Dodd-Frank, they must be audited by PCAOB registered firms – but these audits are not subject to PCAOB inspection or enforcement. This is a major gap in investor protection which deserves Congressional consideration.
Number four on my list of five is turnover. During the economic downturn, it was extremely low not only for the firms but also for the PCAOB inspections division. But even during the downturn, the PCAOB was challenged in trying to fill vacancies though the positions were funded and the PCAOB pays competitive salaries.
Finally, as for fee pressures, it's back to the old drawing board for those who believed that price competition among large audit firms would not happen (an oligopoly, we were told, would prevent that). Fee pressures are real and are coupled with new and more rigorous auditing standards – less money but more work to do. This will be an area of emphasis in this year's inspections – especially to be sure that adequate audit work has been done. Longer term, what will be the effects, if any, of narrowing margins on the ability of the firms to attract and retain the best and the brightest in auditing versus moving into the growing (and less litigious) consulting business?
Quite apart from monetary incentives is that the creation of an independent audit oversight organization may be a game-changer for audit firms through its impact on the culture of auditors. Sarbanes-Oxley marked the first time the federal government has chosen to regulate a profession – there is currently nothing like this degree of detailed inspection and enforcement for doctors or lawyers or actuaries or engineers. To me, the notion of a professional is someone who usually works under minimal supervision and whose judgment is respected when close calls have to be made. Obviously, this is changing with possible effects on who will wish to become an auditor and how their work is supervised and reviewed.
Finally, a few words about the PCAOB's relations with the SEC, PCAOB's enforcement activities, and the PCAOB's contacts with academia.
In my view, PCAOB relations with the SEC are excellent. The SEC's oversight of PCAOB activities is detailed and comprehensive (as it should be) and improves the quality of PCAOB's work. As you know, a recent Supreme Court decision changed the way in which Board members can be removed by the SEC so that Board members now serve at the pleasure of the SEC. Only time will tell how – if at all – this changes the relationship of the Board and the SEC.
Under Sarbanes-Oxley, regulation by the PCAOB is based on a supervisory or prudential approach with its emphasis on remediation. Specifically, quality control deficiencies identified in an inspection are not made public if they are corrected to the satisfaction of the Board within twelve months of the issuance of an inspection report. This, of course, is very different from the SEC's regulatory approach which is more enforcement-based.
Saying this, I quickly want to emphasize that the PCAOB has a robust enforcement program, although I realize it looks like a black box from outside. This is because Sarbanes-Oxley prohibits disclosure of PCAOB enforcement actions until the SEC acts on appeals. If justice delayed is justice denied, so too investors are not well-served if useful information – in this case enforcement information – is not made available in a timely manner. There have been cases where firms have issued numerous audit reports while enforcement actions were pending, meaning that investors and issuers had no way to know that the PCAOB considers the firm's work to be substandard.
Last and most certainly not least, I want to acknowledge the contribution of the academe to our work through membership on the Standing Advisory Group (which advises the PCAOB on auditing standards), participation in our joint annual research symposia, proving speaking opportunities such as this one today, and the privilege of meeting with students and faculties on many of your campuses. You have sent us top-notch interns (22 to be exact for last summer alone). And, just last year we initiated an Academic Fellow Program in the person of Mike Stein who has set a high standard for those who follow him.
There is one area in which I see as yet unrealized potential for closer working relations between the PCAOB and the academe and that is in making far more data available to the public than in the past. It is my hope that you will identify information you would like access to and that the Board would give serious consideration to such requests, consistent, of course, with the limitations imposed by statute.
Thanks again for the opportunity to be with you today. I look forward to your questions and comments.