I am honored to be here again at the Annual Financial Reporting Conference, sponsored by the Robert Zicklin Center for Corporate Integrity.
This conference's focus is right on target given the critical role of reliable financial reporting and high quality auditing in investor protection and the overall integrity of our capital markets and financial system.
Before I go further, let me say that the views I express today are my personal views and do not necessarily reflect the views of the Board, any other Board member, or the staff of the PCAOB.
I first addressed this conference in 2012, just nine weeks into my appointment at the PCAOB. That year also marked the 10th anniversary of the passage of the Sarbanes-Oxley Act of 2002. At that time, feedback from external stakeholders, as well as PCAOB inspection staff, indicated that audit quality had improved during the 10 years since passage of the Act.[1]
At the same time, inspection deficiencies at the large firms were still high and, in some cases, increasing. Meanwhile, an academic synthesis paper published that year, Audit Quality: Insights from the Academic Literature,[2] noted that despite more than two decades of research, there was little consensus about how to define, let alone measure, audit quality.
In late 2012, the Board announced several initiatives aimed at driving improvement in audit quality among public company auditors.[3] One of those initiatives involved a project to identify audit quality measures, with a longer term goal of tracking such measures at the domestic audit firms of the largest global audit networks and reporting collective measures over time.[4] The PCAOB refers to this as the Audit Quality Indicators (AQI) initiative.
Today I'll provide an update on the current state of audit quality, including an overview of the significant advances in the use of AQIs and PCAOB developments in using statistical approaches to analyze inspection results. I'll also briefly touch on the significant implications of technological innovation for auditing and the critical need for a diverse workforce as a sustainability issue for the accounting profession.
Overall, the PCAOB has seen a significant improvement in audit quality and a reduction in the number and severity of part I findings over the past several years. (These findings represent deficiencies in completed audit engagements identified by PCAOB Inspections staff that indicate that the audit firm had not performed sufficient work to support its opinion.)
Additionally, for the 2015 inspections, 49 percent of U.S. firms inspected triennially – the smaller firms – had no part I deficiencies.[5]
We've seen the large firms dedicate significant resources toward remediating deficiencies and improving quality control systems. To varying degrees across the large firms, we've also seen improvements in tone at the top, coaching and support to audit teams, training, and monitoring of quality.
And, in the smaller firms, we've seen many firms doing high quality work and taking their responsibility for audit quality very seriously. The bottom line is that, for the most part, we've seen a focus on audit quality backed by actions and resources.
In addition, the Board's process for reviewing and studying the remedial efforts taken by firms in response to inspection findings is prompting many firms to more proactively manage quality. In particular, our Inspections Division's emphasis on studying the root causes of audit deficiencies (and, more recently, audit successes) is prompting the profession to address a wide range of issues that drive audit quality.
But across the system, there are still firms that need significant improvement and others that are serious outliers. We've also found significant deficiencies and risks to audit quality across the global networks and in other cross-border audits. We consider these firm-specific issues in our inspections planning and selection processes, as our inspection process evolves to address ever changing risks.
I'm happy to report that we've seen significant advances in the area of AQIs since the Board issued its "Concept Release on Audit Quality Indicators" on July 1, 2015.[6] The release discussed the content and possible uses of a group of 28 potential indicators related to: (1) audit inputs, such as the characteristics of auditors and the resources applied to managing audit personnel; (2) audit process, including incentives, independence, and monitoring and remediation, and; (3) audit results, such as the quality of financial reporting, including the frequency of restatements and fraud, timely reporting of internal control weaknesses, trends in PCAOB and SEC enforcement proceedings and private litigation.
The objective was to start a discussion about the indicators or other metrics that might provide insights into evaluating audit quality, inform discussions – together with qualitative context – among those concerned with financial reporting, strengthen audit planning and execution, and potentially stimulate competition among audit firms based on quality. Possible users of the indicators were identified as audit committees, audit firms, audit regulators, and investors.
After receiving 50 comment letters on the concept release, with a wide range of views, and holding discussions with the Board's Standing Advisory Group,[7] the Board's current approach is to encourage and monitor the use of audit quality indicators by firms, audit committees, and other audit regulators, as well as in academic research.[8]
PCAOB staff is also actively incorporating audit quality indicator information into the inspection program to drive improvements to audit quality. The inspections teams are analyzing various detailed measures as part of the inspections process for the large firms. In addition, for these firms, during the course of inspections, the root cause analysis teams work to identify factors that differentiate high quality from deficient audits and audit practices.
We've also observed audit firms using audit quality indicators in several ways. Some firms are actively deriving and using AQI-types of metrics for managing audit quality across their audit practices, and for individual audit engagements to varying degrees. Some of the large firms are also publishing firm-level metrics in their annual transparency reports.
The Board hopes to publish a report later this year with observations from the remediation and root cause programs, including a discussion of the potential benefits of using AQIs within a firm's system of quality control.
We've also seen AQIs gain momentum among audit committees and the firms for focusing on audit quality. The 2016 PwC Annual Corporate Directors Survey polled 884 public company directors. Overall, 58 percent of respondents indicated that they formally use one or more AQI-like quantitative metrics in their oversight of auditors. This trend is especially prevalent in smaller companies, with 63 percent of respondents at companies with less than $1.0 billion in sales reported using metrics, compared to 39 percent of companies with revenue of $1.0 billion and above.
The Center for Audit Quality recently released an updated version of its External Auditor Assessment Tool in April 2017,[9] that offers evaluation questions for audit committees to consider asking around four thematic areas: firm leadership and tone at the top; engagement team knowledge, experience and workload; monitoring; and auditor reporting. The updated tool reflects elements of an AQI approach offered by the CAQ in 2014 and discussed in a series of roundtables with audit committee members and other stakeholders.[10]
In addition to the Board's efforts, a number of other national audit regulators around the world are using AQIs in their audit oversight programs. In some countries, reporting of AQI information is occurring at varying levels.[11] The International Forum of Independent Audit Regulators[12] is also working to share information among audit regulators about the development of AQI programs and the use of AQIs in audit regulation around the world.
Finally, the PCAOB staff's work in the area of AQIs is helping to inform PCAOB's current project on its research agenda dealing with audit firm quality control standards, including assignment and documentation of firm supervisory responsibilities.[13] Through this project, the staff is exploring whether there is a need for changes to PCAOB quality control standards that would prompt firms to improve their quality control systems to more proactively identify and address emerging risks and deficiencies, thereby improving audit quality. The effort may include identifying types of information, including AQIs, that an audit firm should monitor to allow it to identify and resolve relevant issues.
As a former auditor and now a PCAOB board member, I consider our project on "randomization" to be a significant advance in providing knowledge and insights on the state of audit quality at the large firms.
As you already know, PCAOB inspections at the large firms are mainly risk-based. Individual audits and audit areas selected for inspection are generally selected on a risk-weighted basis and not randomly. Areas of focus vary among selected audits but often involve audit work on the most difficult or inherently uncertain areas of financial statements.
The risk-based approach was designed as a remedial approach intended to encourage firms to address identified weaknesses and related quality control issues within their audit practices, while keeping the number of inspected audits to a manageable level. I believe it has been a very practical and effective approach.
As such, the risk-based approach to PCAOB's inspections was not designed to provide a complete picture of audit quality within a firm or across the audit market, and the selection model was not intended to provide a statistically generalizable result. Therefore, the part I deficiencies disclosed in inspection reports, and the rate of those findings among a firm's audits actually inspected by the PCAOB, may not provide a reliable estimate of overall audit quality at that particular firm. This approach is explained, along with the relevant caveats, in the Board's inspection reports and other publications that discuss inspection results.
In recent years, we've been adding some non-risk based selections and random selections to the mix of inspected audits, while also studying how to use inspection results to provide a more comprehensive assessment of audit quality and to make statistically based inferences about audit quality. We refer to these collective efforts as our project on "randomization."
The PCAOB's Center for Economic Analysis (CEA) has been working with the Division of Registration and Inspections (DRI) to assess what we can learn regarding audit quality across a firm's audits by applying statistical methods throughout the selection process and analysis of inspection results. Statisticians have assisted our staff in developing methods to estimate overall deficiency rates at individual firms subject to inspection, with a current focus on the large firms. These methods could also be used to estimate deficiency rates across a group of firms or for given categories of audits.
Obtaining a reliable estimate of the overall deficiency rate at a firm could be used by the Board in various ways. For example, the results may be helpful in assessing the quality and effectiveness of our risk analysis and we might be able to further hone our risk-based inspection selection process. We might also be able to track trends in firms' estimated compliance levels over time. In addition, incorporating an element of randomization may increase audit quality by limiting the ability of firms to predict – and therefore, potentially seek to game – which of their audits the PCAOB may select to inspect.
The CEA and other staff at the PCAOB are continuing to advance our internal statistical and analytical capabilities to assist the Board in its oversight responsibilities. Thus far, the Board has been provided with some preliminary results, and I look forward to future iterations of this approach to arrive at statistically valid inferences about the overall deficiency rates at the large firms.
One of our staff economists recently published research on analyzing non-randomly selected samples.[14] This paper illustrates an approach that could be useful for the type of statistical analysis we are exploring with inspection data.
Another key issue that will affect the future of audit and the audit business model is the emerging role and impact of technology.
Audit firms have invested significant resources into changing the model of auditing, using data analytics, artificial intelligence, and automated testing of entire populations of transactions and certain internal controls, among other innovations. Some of these approaches may be fully deployed in the near future.
In addition, certain technologies, such as robotics, artificial intelligence, and distributed ledger technologies, also known as blockchain or distributed database technology, have the potential to disrupt markets and information sharing, which could also cause disruption to financial reporting and auditing processes.[15]
These potentially disruptive changes will present challenges and threats across the auditing profession, including the need for significant investments in technology, new management and technical skills, and even new firm business and organizational models. Of course, these developments will present new corresponding risks to audit quality.
And throughout the course of these technological changes, we cannot forget that our focus should remain on the critical role of auditors to provide assurance over management's financial reporting and related controls for the protection of investors. If managed and implemented properly, these developments have the potential to enhance the value of the audit process and increase audit quality.
The PCAOB's inspection approaches have been evolving and changing over the years in response to risks and trends, and the pace of these changes and the necessary evolution in our inspection approaches will likely accelerate drastically in the coming years.
We currently have a number of interdisciplinary initiatives underway at the PCAOB to study and evaluate the implications of new audit innovations and technologies on PCAOB auditing standards, inspections, and oversight generally, so that we will be well poised to meet these challenges as they arise.[16]
Because the auditing profession is largely a business of people, a key driver of audit quality is the quality of talent in the auditing workforce.
I will state the obvious, once again,[17] on the issue of the dismal state of diversity in the accounting profession in the U.S. The profession must focus on inclusion and increasing diversity in order to have the talent and capabilities to fulfil its important mission of assurance and investor protection now and in the future.
Leaders of the largest firms in the profession have acknowledged the slow progress and related challenges.[18] Despite growing attention by audit firms to diversity in their workforces, progress in achieving diverse audit teams and firm leadership remains opaque and slow. This state of affairs also implicates the academic institutions that educate future accounting and auditing professionals.
While the auditing profession faces a number of challenges and issues, diversity needs to be a top priority, backed with meaningful and impactful actions. In my view, this is a matter of priority for the sustainability of the profession.
At the PCAOB, we are tackling long-standing audit quality issues while advancing our oversight and standard-setting programs in light of emerging trends that may drastically impact auditing in the future. The auditing profession is also dealing with these same issues.
As the markets and technology continue to evolve, the auditing profession, academia, and regulators must continue to innovate to respond to risks and maximize opportunities to benefit investors and the public interest.
In light of the interconnected nature of evolving financial reporting and auditing models and practices, I remain particularly focused on engaging effectively with the business community, academia, the auditing profession, other regulators, and, of course, investors to continually assess their needs and interests in audit quality.
Conferences like this one provide an excellent opportunity for such engagement. I hope we can continue the productive dialogue and work together to advance audit quality and protect the effective functioning of our capital markets.
[1] See, Jeanette M. Franzel, Board Member, Protecting Investors By Seizing the Opportunity to Strengthen Audit Quality, Jan. 18, 2013.
[2] Knechel, W. Robert; Krishnan, Gopal V.; Pevzner, Mikhail B.; Stefchik, Lori; and Velury, Uma (2013). "Audit Quality: Insights from the Academic Literature," Auditing: A Journal of Practice & Theory , Vol. 32, No. Supplement 1, pp. 385-421. (The paper was one of many literature reviews developed by the Auditing Section of the American Accounting Association for the PCAOB and published as a Journal supplement in 2013.)
[3] PCAOB, 2012-2016 Strategic Plan: Improving the Relevance and Quality of the Audit for the Protection and Benefit of Investors, pg. 5, Nov. 30, 2012.
[4] The Advisory Committee on the Auditing Profession recommended in 2008 that the Board undertake such a project. See, U.S. Department of the Treasury, Final Report of the Advisory Committee on the Auditing Profession, Oct. 6, 2008.
[5] PCAOB rules require that the PCAOB inspect registered firms that issue 100 or fewer issuer audit opinions per year at least once every three years. The PCAOB inspects some firms in this category more frequently than triennially, but all such firms are included in this data.
[6] PCAOB Release No. 2015-005, available at https://pcaobus.org/Rulemaking/Pages/Docket041.aspx.
[7] The Standing Advisory Group held discussions over two days, Nov. 12-13, 2015. The briefing materials, agenda, and discussion summary are available on the PCAOB website.
[8] See, PCAOB 2016-2020 Strategic Plan: Improving the Quality of the Audit for the Protection and Benefit of Investors, pg. 16, Nov. 18, 2016.
[9] The CAQ, External Auditor Assessment Tool: A Reference For U.S. Audit Committees, April 2017.
[10] See, The CAQ, Audit Quality Indicators: Journey and Path Ahead, Jan. 2016.
[11] The Federation of European Accountants (FEE) has issued a 2016 update of its paper on various organizations' approaches to AQIs. The update is available at https://www.accountancyeurope.eu/wp-content/uploads/1607_Update_of_Overview_of_AQIs.pdf In the Netherlands, United Kingdom, Australia, and New Zealand, for example, audit firms are increasingly disclosing to the public certain AQI information.
[12] IFIAR comprises independent audit regulators from 51 jurisdictions around the world. See http://www.ifiar.org/.
[13] PCAOB, Standard-Setting Update, Mar. 31, 2017.
[14] Cook, J. A. (2017). ROC curves and nonrandom data. Pattern Recognition Letters, 85, 35-41.
[15] See FINRA, Distributed Ledger Technology: Implications of Blockchain for the Securities Industry, Jan. 2017, available at http://www.finra.org/industry/blockchain-report. As described by FINRA, "Distributed ledger technology involves a distributed database maintained over a network of computers connected on a peer-to-peer basis, such that network participants can share and retain identical, cryptographically secured records in a decentralized manner." Ibid. at 2.
[16] See, e.g., PCAOB, Standard-Setting Update, Mar. 31, 2017.
[17] Jeanette M. Franzel, Building the Pipeline of Diverse Accounting Professionals, Apr. 24, 2015.
[18] See Center for Audit Quality, Eighth Annual CAQ Symposium: Panel 1- Innovative Approaches to the Development of Auditor Talent, Aug. 7, 2016 (Cathy Engelbert, CEO, Deloitte LLP, minutes 54:48 to 54:58 — "this is hard and we're really bad at it as a profession. I think we're probably a 'D';" see panelist statements at webcast minutes 50:35 to 59:25).