Thank you, Nick, for that gracious introduction. I am pleased to be with you this evening. I also want to thank Brian Hunt for inviting me to CPAB's Audit Quality Symposium for a second time.[1] Returning to Canada is always a pleasure.
Before I continue, I am required to say that the views I express today are my own and do not necessarily reflect the views of the Board or the staff of the PCAOB.
Brian, I want to congratulate you on your well-deserved appointment as Chair of the International Forum of Independent Audit Regulators.[2] IFIAR has matured into a recognized voice on matters of audit oversight and audit quality. So your appointment comes at a critical time.
I also want to take this opportunity to congratulate you on hosting this event, and, more broadly, offer kudos to your team at CPAB. The partnership that the PCAOB shares with CPAB is quite remarkable. Canada was one of the first jurisdictions with which the PCAOB entered into a cooperative arrangement. The PCAOB performs more inspections in Canada than in any other country outside the United States.
Brian's thinking is always global, never parochial. One example is our joint work on the economic model of the largest firms. Brian and I began working on this project when he was Chair of IFIAR's Global Public Policy Committee Working Group and I was chair of its Investor and Other Stakeholders Working Group. We explored changes in the business model of the large network firms that may have spillover effects on audit quality.
The most important change, and a source of concern for many regulators, is the accelerating growth of their consulting services, a subject I will return to later. How this growth will alter economic pressures within the network firms and their allocation of resources remains to be seen. Our two IFIAR working groups produced a paper entitled, Current Trends in the Audit Industry, that discusses these issues in more depth, which I commend to your attention.[3]
IFIAR also has published two papers summarizing the current state of audit committee requirements around the world, and perspectives that audit committees should consider as they engage with auditors.[4]
I am pleased that under Brian's leadership IFIAR will continue to publish similar thought papers. And Brian, it is a sign of the high regard in which I hold you that I say these things about you even though you are an Ottawa Senators' fan and I am a life-long New York Rangers' fan.
Tonight I would like to speak with you about independence, transparency, and accountability. These are the three bedrock principles of the Sarbanes-Oxley Act. Investors expect audit regulators, audit committees and auditors to uphold each principle.
I also want to touch on some emerging trends we are seeing in the profession. Finally, I will share some thoughts on the auditor's role with respect to non-GAAP financial measures, a topic attracting considerable discussion in the United States. Many of these issues have been brought to the Board's attention by, amongst others, its Investor Advisory Group, which I chair.
Let me begin with independence.
Auditors play a vital role in our capital markets. Investors rely on the audit to provide an objective and independent opinion on whether the financial information presented by management is fair and accurate.
The audit is a public good and investors must have confidence in the auditor's independence. Such confidence facilitates the success of individual enterprises – and fosters capital formation – both in our local markets and around the world. When it is lacking, the markets' ability to accurately price securities is called into question.
The events leading up to the enactment of the Sarbanes-Oxley Act showed us what happens when investors' faith in the audit and auditor is shaken. Due to a lack of investor confidence stemming from the accounting gimmickry and audit failures at Enron, Tyco, WorldCom and a host of other large companies, the U.S. markets experienced a "crisis in confidence" as noted by Hank Paulson, then President of Goldman Sachs and later Secretary of the Treasury.[5] Between April and July 2002, the U.S. stock market dropped more than 22 percent – or some 2,400 points.
Sarbanes-Oxley was enacted with the purpose of restoring investor confidence in the auditor and our markets. It strengthened auditor independence by barring auditors from providing certain other services to audit clients.[6] It also created an independent audit regulator, ending the era of auditor self-regulation.[7] Finally, it empowered audit committees by requiring them to be independent and making them responsible for hiring, compensating, and overseeing the auditor.[8]
Despite these changes, investors continue to be concerned that audit firms may not be exercising sufficient diligence to prevent potential independence violations. There is a reason: PCAOB inspectors continue to identify independence issues at both large and small firms relating to the provision of impermissible non-audit services.[9] Regulators around the world are identifying similar issues.[10]
Investors also are concerned about the growth of the consulting services in the firms. Once again, revenue from consulting is surpassing audit revenue in the Big Four firms. Audit firms now call themselves professional services firms and offer consulting services in a wide range of areas, including, for example, advice about product safety and drug development, HR transformations, social business, talent management, legal services, and a wide variety of IT solutions. To the extent the services are not subject to the limitations enacted in 2002, their availability may create the same situations that led to many of the problems uncovered at that time, namely the conflict between the auditor's duty to act skeptically in the interests of shareholders and the firm's interest in earning consulting fees.
Given this trend, investors expect audit committees and regulators to understand these pressures and ensure that firms resist the powerful temptation to cross-sell or market their advisory and consulting services to audit clients, or to not invest in their audit practice.
Investors expect audit committees to carefully assess the impact on the auditor's independence when approving non-audit services. This assessment is critical. As part of this assessment, audit committees should carefully review the auditor's annual communication about its independence as well as any relationships with management that might reasonably bear on it.[11]
Unfortunately, PCAOB inspectors have found instances where auditors perform non-audit work prior to obtaining approval from the audit committee. Our inspectors also have discovered that some auditors have failed to provide the required communications – or that they have provided inadequate information – to the audit committee about relationships that might affect their independence.[12]
These findings raise significant concerns because they demonstrate how audit committees may be prevented from effectively carrying out their oversight responsibilities. The findings also show that some audit firms continue to view management as their real clients, not the investor or the audit committee which is responsible for engaging them.
Finally, investors expect audit committees and regulators to safeguard their own respective independence.
Investors are concerned that audit committees may relegate some of their oversight responsibilities with respect to the audit to management. A 2014 academic study noted that:
As for audit regulators, investors have concerns about regulatory capture. When Congress created the PCAOB, it specifically required that the majority of the board members not come from the profession and that the Board's funding source come from public companies and not the profession. I believe that these structural measures have served the Board well.
Investors' concerns about regulators' independence go beyond structural matters. Investors want assurance that regulators consider the views of investors during the rulemaking process and that regulators' activities are, as recently stated by the Chief Accountant of the United States Securities and Exchange Commission Wes Bricker, "above political concerns, commercial interests, influence of special-interest groups, or bureaucratic convenience."[14]
This brings me to the second principle, transparency.
To put it bluntly, the work of audit committees, auditors, and audit regulators is not as transparent as investors want. Greater transparency will provide investors greater understanding of the reliability and quality of financial statements, the audit, and how their interests are being protected. It also will reinforce accountability by the three legs of the system – the audit firm, the audit committee, and the audit regulator.
We can begin with the audit report, which serves as the only communication from the auditor to investors.
The audit report in the U.S. features decades-old boilerplate language. It largely remains the same regardless of the risks with which a particular company might be dealing, the unique problems that auditors encountered in performing the audit, or the industry in which the company operates.
While investors appreciate the pass or fail nature of the current audit report, they also want more contextual information from their auditor. They want auditors to explain the process they used to reach their opinions and the challenges they faced and overcame along the way. Basically, investors want to know what kept the auditor awake at night and what matters they considered critical to the audit.
The recent financial crisis demonstrated the need for an expanded report and led directly to the audit report reforms in the European Union[15] and the United Kingdom.[16] The crisis has reinvigorated investors' interest in the audit report. For example, following the first year of the expanded audit report in the U.K., a partner at an affiliate of a Big Four firm stated that "in 20-odd years of auditing," he had never seen so much "interest from investors in what [auditors are] doing."[17]
In this regard, I hope to see the PCAOB act on its proposal to expand the audit report in the near future.[18]
This brings me to another area where greater transparency is sought by investors from auditors – the auditor's going concern assessment. It remains a mystery to many how such a large number of companies went bankrupt during the two recent financial crises, yet the audit reports for those companies did not offer any hints about significant problems. For example, only two out of the ten largest bankruptcies in the U.S. during the financial crisis involved companies whose auditors had issued going concern opinions. I think it is high time to enhance and strengthen the conditions for issuance of the auditor's going concern evaluation in the U.S.
Investors also want greater transparency from the audit committee about how it is carrying out its responsibilities in appointing, compensating, and overseeing the auditor. Some audit committees are starting to provide expanded disclosure in this area[19] but there is no discussion of the most important issues they raised with the auditors, or the disputes, if any, between management and the auditors that they resolved. Finally, there is no disclosure of the specific non-audit services they allow the auditor to provide to the company or of the metrics they use to assess the auditor's work.
Transparency is just as important for the audit regulator as it is for the auditor or the audit committee. Regulators must work to assure investors that regulators consider investor protection as their primary responsibility by regularly reporting their activities in clear and understandable language. In this regard, I applaud CPAB for its publications, which I have always found to be both well written and in plain English.
To summarize, greater transparency will provide greater confidence to investors that audit committees, auditors and audit regulators are carrying out their respective responsibilities to further investor protection.
Accountability is similarly critical.
As audit committees serve as the investors' principal interface with the auditor, investors expect audit committees to hold auditors accountable for their work and not to view the audit as merely a regulatory requirement. As such, investors believe that the quality of the audit is improved by the nature and quality of the interaction between the audit committee and auditor.
Candid and frank discussions between the auditor and the audit committee enable the committee to gauge the quality of the audit, the engagement partner's knowledge of the company and technical expertise, and how identified risks are being addressed.
Investors also expect independent audit committees to act to protect the auditor from management influence and to be active defenders of the auditor when it comes to conflicts between management and the auditor. Unfortunately, as I mentioned earlier, these challenges are not being fully met.
Investors believe that regulators and audit firms should take steps to ensure that the culture and tone at the top as set by firm leaders promotes audit quality, independence, objectivity, and professional skepticism.
Recent regulatory actions in the U.S. and other jurisdictions indicate that more work needs to be done in this area. For example, in the past five months, the PCAOB has announced several enforcement settlements with international affiliates of global network firms where firm personnel – including senior partners with leadership roles – issued materially false audit reports, altered audit work papers, pressured others within the firm to do the same, withheld documentation, provided false testimony, and did not cooperate with our inspections and subsequent investigations.[20]
In those settlements, not only were the individuals involved barred for a period of time from working on public company audits, some also were assessed civil monetary penalties in addition to those assessed against their firms.
Leaders of audit firms must not tolerate such total disregard for established rules and standards. They must take steps to ensure that a robust and sound system of quality control exists in all their affiliates as well.
As for audit regulators, investors expect more from us too. While it is well recognized that audit quality has improved since the creation of the PCAOB and its counterparts in other countries, investors believe more can and needs to be done.
They point to the continued high rate of audit deficiencies noted by regulators around the world. In 2016, in response to results of the 2015 IFIAR inspection survey, the leadership of the six largest network firms agreed to work towards reducing the number of deficient audits by 25 percent over the next four years.[21]
Audit regulators must not only focus on current issues affecting audit quality but must also keep abreast of emerging developments that may have an impact on audit quality.
I would like to touch on two specific topics: First, whether the Big Four are too big, or too few to fail and, second, the increased use of technology in audits.
There is a growing concern in the U.S. that the Big Four firms have become either too big to fail or too few to fail. In the past 30 years, a wave of consolidations and other events have taken us from eight down to four large global firms. This raises the question whether these firms have become so systemically important to the economy that the market could not easily tolerate the failure of one of them.
This question has renewed calls for regulators to require firms to have independent board members on their governance boards and to publish audited financial statements. In many other countries audit firms must do both. I believe both steps represent basic sound governance practice. I support both.
Allow me to present the case for why such information is necessary. Collectively, the Big Four in the U.S. audit approximately 97 percent of the total U.S. market capitalization.[22] The concentration becomes even more pronounced in certain industries where only one or two firms dominate.
For example, in the telecommunications services sector, one firm audits approximately 93 percent of the S&P 500 market capitalization while in the energy, materials, and information technology sectors, only two firms audit approximately 73 to 75 percent of the S&P 500 market capitalization of each sector.[23]
Individually, based on reported revenues, each of the Big Four firms would be included in the Fortune 500, and two would be included in the Fortune 250. Globally, these firms employ approximately 900,000 people. Yet very little is known about their financial condition.
The issuance of audited financial statements for the firms would provide not only greater transparency but, as some have asserted, would also increase discipline and "help sharpen focus, accountability and trust."[24] Further, such information would enable regulators to better understand the firms they regulate.
Also, requiring independent board members would align the profession with mandated public company corporate governance practice.
Turning to the increasing role of technology in the audit – The firms are developing and using technological tools at a rapid pace. These include work flow automation, data analytics, and artificial intelligence, just to name a few, and these tools are fundamentally altering how audits are done. The major audit firms are spending approximately $3 billion to $5 billion a year on technology and such outlays have become part of a new baseline of operational costs for the major firms.[25]
These technological tools have great potential. They can replace routine parts of the audit and enable auditors to gain greater understanding of the company's business and risks through data analytics and the ability to mine large amounts of data. This development is already significantly affecting the skill sets sought by firms in recruiting new auditors.
I urge regulators and audit committees to monitor developments in this area and examine their likely impact on audit quality and investor protection. As powerful as these tools are, or are expected to become, they are not substitutes for the auditor's knowledge, judgment, and exercise of professional skepticism.
I would like to wrap up by touching on non-GAAP financial measures.
Investors today look not only to the financial statements but to a multitude of other information when making investment decisions including sustainability reports, environmental, social and corporate governance matters, and non-GAAP financial measures.
At last year's PCAOB Investor Advisory Group meeting, members noted that despite certain concerns about their use, non-GAAP financial measurements often convey valuable information and are very useful signals of management's behavior.[26]
While the amount of information included in and alongside the financial statements has increased, the scope of the audit has stayed largely the same. Some argue that the scope of the audit should be expanded to provide some level of review or assurance on information outside of the financial statements, including non-GAAP financial measures, in order for the audit to remain relevant and for investors to be protected.[27]
Others have stated that the audit committee must enhance its oversight of the company's external reporting process to ensure that non-financial information is presented fairly and accurately.[28]
Many investors believe that they deserve to have assurance that the information they rely upon for their investment decisions is fair and accurate. Whether that assurance comes from the auditor is a question that regulators need to consider.
To sum up, I have tried in my remarks this evening to describe how auditors, audit committees and audit regulators each play a vital role in maintaining the integrity of our capital markets.
By focusing on independence, transparency, and accountability, I am sure we can help assure that investors have confidence in the financial information they rely upon and that our markets and capital formation will continue to prosper.
Again, I would like to thank the CPAB and Brian for inviting me this evening.
[1] See Statement on Efforts to Gain Investor Input, PCAOB Standard Setting and the Future Role and Relevancy of the Audit (Nov. 30, 2012).
[2] See International Forum of Independent Audit Regulators opens headquarters in Tokyo; first Board meeting held, (April 3-6, 2017).
[3] The paper served as a background paper for the 2015 IFIAR Plenary Meeting. See Highlights from 2015 IFIAR Plenary Meeting at https://www.ifiar.org/IFIAR-Plenary-Meeting-Highlights.aspx.
[4] See Audit Committees and Audit Quality: Trends and Possible Areas for Further Consideration (April 2017) and Joint Session of the Investor and GPPC Working Groups on the Auditor's Communications with Audit Committees (April 2014).
[5] See Henry M. Paulson, Jr., "Restoring Investor Confidence: An Agenda for Change," The National Press Club, Washington, (June 5, 2002).
[6] See Section 201(a) of the Sarbanes-Oxley Act.
[7] See Section 101 of the Sarbanes-Oxley Act.
[8] See Section 301 of the Sarbanes-Oxley Act.
[9] See Staff Inspection Brief: Preview of Observations from 2015 Inspections of auditors of Issuers, Vol. 2016/1, (April 2016). See also SEC Rule 2-01(c) of Regulation S-X and Section 602.02f.i. of the Codification of Financial Reporting Policies.
[10] See Accountancy Age: Firm by firm: The FRC's audit quality inspections, by Calum Fuller (May 23, 2016) and Financial Times: KPMG Probed Over Non-Audit Services to Ted Baker, by John Murray Brown (June 6, 2016).
[11] See PCAOB Rule 3526, Communications with Audit Committees Concerning Independence.
[12] See Staff Inspection Brief: Preview of Observations from 2015 Inspections of auditors of Issuers, Vol. 2016/1, (April 2016).
[13] See Beck, Matthew J., and Mauldin, Elaine G., "Who's Really in Charge? Audit Committee versus CFO Power and Audit Fees", The Accounting Review, Vol. 89, No. 6, at 2060 (June 2014).
[14] See Wesley R. Bricker, Remarks before the 2017 Baruch College Financial Reporting Conference: Advancing Our Capital Markets with High-Quality Information, (May 4, 2017).
[15] See Reforming EU audit services to restore investors' confidence, Press Release (April 3, 2014).
[16] See paragraphs 19A–B of ISA (UK and Ireland) 700 (Revised June 2013), The Independent Auditor's Report on Financial Statements. The requirements became effective for audits of financial statements for periods beginning on or after October 1, 2012 and were applicable to audits of companies that apply the United Kingdom Corporate Governance Code.
[17] Norris, Floyd, "Holding Auditors Accountable on Reports", The New York Times (May 8, 2014).
[18] See Proposed Auditing Standard – The Auditor's Report on an Audit of Financial Statements When the Auditor Expresses and Unqualified Opinion and Related Amendments to PCAOB Standards, PCAOB Release No. 2016-003 (May 11, 2016).
[19] See Audit Committee Reporting to Shareholders in 2016, Ernst & Young LLP Center for Board Matters (Sept. 2016).
[20] See, e.g., PCAOB News Release: PCAOB Announces $1 Million Settlement with Indonesian Member of Ernst & Young Network for Audit Failure, Noncooperation, and Violations of Quality Control Standards, (Feb. 9, 2017), PCAOB News Release: PCAOB Sanctions Former Deloitte Brazil Chairman and CEO for Violations Related to Failures to Cooperate with a Board Investigation, (March 29, 2017), PCAOB News Release: PCAOB Announces $8 Million Settlement with Deloitte Brazil for Violations Including Issuing Materially False Audit Reports and 12 Individuals Also Sanctioned for Various Violations, (Dec. 5, 2016), and PCAOB News Release: PCAOB Announces $750,000 Settlement with Deloitte Mexico for Failing to Effectively Implement Quality Control Policies and Procedures for Audit Documentation, (Dec. 5, 2016).
[21] See International Audit Regulators Say Pace of Audit Quality Improvement Too Slow; Call for Measurable Improvement By 2019, press release (March 3, 2016).
[22] Based on data obtained from S&P and Audit Analytics. Market Capitalization information is as of December 31, 2016.
[23] Id.
[24] U.S. Department of the Treasury, Final Report of the Advisory Committee on the Auditing Profession to the U.S. Department of the Treasury (Oct. 6, 2008), II:9.
[25] See Hood, Daniel, Accounting Today: Melancon: CPA firms will be unrecognizable in 5-10 years, (Feb. 13, 2017) at http://www.accountingtoday.com/.
[26] See Report from the working group on non-GAAP measures, (Oct. 27, 2016).
[27] See, e.g., Id.
[28] See, e.g., Wesley R. Bricker, Remarks before the University of Tennessee's C. Warren Neel Corporate Governance Center: Advancing the Role and Effectiveness of Audit Committees, (March 24, 2017).