I support adoption of this new standard that makes the first significant changes to the auditor's report on financial statements since the 1930s. This new standard is the product of more than seven years' work by the PCAOB and has involved wide consultations with many stakeholder groups as well as close cooperation with other standard setters such as the International Auditing and Assurance Standards Board ("IAASB") and the United Kingdom's Financial Reporting Council ("FRC") that were also working on modernizing the auditor's report.
The new standard had its genesis in views expressed by many commentators on the auditor's report over many years. The auditor's report is the vehicle by which auditors communicate their views on the financial statements of public companies they audit to the investing public. Under current standards, the auditor's report states whether, in the auditor's opinion, the financial statements present fairly, in all material respects, a company's financial position, results of operations and cash flows in conformity with generally accepted accounting principles. For companies subject to the internal control requirements of the Sarbanes-Oxley Act, the auditor must also attest as to the company's internal controls over financial reporting. In certain instances, if the auditor has doubt about the company's ability to continue as a going concern for the next twelve months, the report may contain a going concern qualification. In essence, however, the report is a pass/fail judgment and since the U.S. Securities and Exchange Commission will not accept failing audit reports, almost all audit reports contain identical wording.
Many commentators have pointed out that this rather skeletal audit report does not give the users of financial statements any real understanding of the work that the auditor has done in connection with the audit or the depth of the knowledge that the auditor has obtained from his extensive audit work. This disparity between what users of financial statements perceive auditors to know about the financial condition of the companies they audit and the paucity of the auditors public utterances about that knowledge and their work has led to what has become known as an "expectations gap" between what the public perceives the function of the audit to be and what the audit profession historically has claimed their role in an audit is.
The audit began as a certification of the company's books, and first became widely used in the 1930s as the New York Stock Exchange, and later the Securities and Exchange Commission, started to require an audit for public companies.[1] For many years, expert commissions that have looked at the standard auditor's report have recommended that it be improved. In 1978, the Commission on Auditors' Responsibility (the Cohen Commission) recommended that the auditor's report be improved, saying:
For the largest corporations in the country, an audit may involve scores of auditors and tens of thousands of hours of work for which the client may pay millions of dollars. Nevertheless, the auditor's standard report compresses that considerable expenditure of skilled effort into a relatively few words and paragraphs.[2]
In 1987, the National Commission on Fraudulent Financial Reporting (the Treadway Commission) suggested that the auditor's report be improved to make the audit process itself and its limitations much more transparent. Specifically, the Treadway Commission suggested that the auditor's report should make clear the auditor's responsibilities and the limits to that responsibility and as a corollary the degree to which users can rely on the audit as well as the limits to the audit process itself.[3]
In the final report of the U.S. Treasury's Advisory Committee on the Auditing Profession, in 2008, the Committee included a recommendation that:
Urge[d] the PCAOB to undertake a standard-setting initiative to consider improvements to the auditor's standard reporting model. Further, [the Committee] urge[d] that the PCAOB and the SEC clarify in the auditor's report the auditor's role in detecting fraud under current auditing standards and further that the PCAOB periodically review and update these standards.[4]
It is worth noting the Committee's use of the word "urge" in this recommendation. The American Heritage Dictionary defines the word "urge" as "(1) to drive forward or onward forcefully; impel; (2) to entreat earnestly and repeatedly; exhort."[5] It seems likely that the Committee used the word "urge" advisedly to signal that this was more than a mere recommendation for consideration; rather, the Commission wanted the PCAOB to begin a standard setting effort on the auditor's reporting model expeditiously.
In fact, in 2005, the PCAOB's Standing Advisory Group (SAG) first considered whether the auditor's report should be amended to include more information about the auditor's judgment about the financial reporting quality of the reports being audited. Since that time, the PCAOB has conducted a number of SAG discussions as well as roundtables on the desirability of amending and expanding the current auditor's report. At the same time, regulators around the world such as the FRC and international standard setting bodies such as the IAASB have conducted stakeholder outreach and issued a variety of proposals and new standards designed to improve the auditor's report. The PCAOB has watched and participated in these efforts as part of our own journey toward the standard that we are adopting today.
The new standard attempts to achieve a balance between a number of views that we have heard from stakeholders over the years both in our outreach efforts and in response to earlier concept releases and draft proposals that the PCAOB issued in 2011, 2013 and 2016. We heard a wide variety of views, many of which were conflicting. Views ranged from suggestions that the auditor's report should be modified to include a wide-ranging "auditor's discussion and analysis" in which an auditor would comment on matters such as the quality of the company's financial reporting including, for example, whether particular audit policies were "conservative" or "aggressive". Such an analysis would include a discursive discussion of many aspects of a company's financial statements and financial reporting policies. The calls for a more robust auditor's report came in large measure from investors and other outside users of financial statements to whom the auditor's work is largely opaque. Critics of this view claimed that broad ranging auditor commentary, referred to as "free writing", was likely to have a number of mischievous consequences, including inconsistency and a lack of comparability among audit reports, usurpation of management's proper responsibility to provide original information, and confusion among users. Critics pointed out that the problems from inconsistent audit reports was one of the main reasons for the adoption of a uniform audit opinion format in the early years of the twentieth century.
At the other end of the spectrum, other commenters expressed the view that the present audit report does not need change and already communicates the critical fact about the audit, namely, whether the financial statements as a whole are fairly presented in light of existing accounting standards. Some commenters suggested possibly amplifying the auditor's report to explain more clearly the limits of the auditor's role. Issuers, members of boards of directors and members of the accounting profession themselves (at least in the early days of the discussion) were the primary proponents of this view. This is perhaps understandable in that these groups would either be the ones required to do whatever additional work a more robust auditor's report would require or were already intimately familiar (in the case of corporate managers and members of boards of directors) with the details of the auditor's work. Critics of this view said that it would do nothing to ameliorate the long existing "expectations gap" between auditors and many users of financial statements.
Several questions emerged early in the discussion, among which were whether a more complete auditor's report would put the auditor in the position of providing original information on a company's financial condition, whether providing such information was the proper role of the auditor, and what the consequences of that would be. I believe that the PCAOB board always understood and believed that responsibility for a company's financial information and reporting lay with management and that the auditor's role was derivative, being to independently examine, verify and attest to that financial information. It became apparent, however, that the unconstrained expressions of views on a company's financial statements by the auditor could become an independent and possibly conflicting source of information. The possibility for conflict between auditors and management and the possibility that audit reports could become so individualized that comparability between companies or industries would be destroyed led me to believe that any changes to the auditor's report needed to be crafted so that management remained the sole source of original financial information and that the auditor's role should be confined to the secondary position of commenter on and verifier of that financial information.
The solution that the present standard embraces, to have the auditor comment on certain critical audit matters (CAMs), achieves a judicious balance between providing meaningful additional information about the audit while preserving the role of management as the sole provider of a company's original financial information. This new standard should alert the users of financial statements to those areas of the audit that posed particular challenges to the auditor, that involved disagreements with management, that required specialized consultation with experts and a host of other factors indicative of special concern on the part of the auditor. Disclosure of these critical audit matters should give users of financial statements a window into the audit process itself without giving away whatever subjective view an auditor might have of the specific financial information being audited. The CAMs can also alert users of financial statements to those areas of the statements to which they should pay particular attention.
Another potential benefit is that auditors will also be driven to focus on the critical areas of the audit knowing that they will need to share some information about those challenges and their responses to them. Anticipation of public disclosure may well drive heightened focus and attention in these important areas of the audit. In addition, as the discussion of CAMs is prepared by the auditor, the auditor may need to engage in an iterative dialogue with management and the audit committee, and this may drive better management disclosures as well.
It has been interesting to observe that other standard setters such as the FRC in the UK and the IAASB have come up with similar, if not exactly identical, approaches to modifying the auditor's report in their new proposals. The IAASB adopted its new standard, 701 Communicating Key Audit Matters in the Independent Auditor's Report in January, 2015 which is similar to this new PCAOB standard, and reports under ISA 701 are just beginning to be issued. The FRC adopted its version of an audit reporting standard in 2013 (ISA 700 (UK and Ireland) (Revised)), which similarly requires additional disclosures from auditors beginning with fiscal years ending in 2013 and the FRC has published analysis regarding two cycles of reports issued under that new standard.[6] In the UK, the new audit reports have received widespread public support and investors appear to believe that the expanded auditor's report provides meaningful information.[7]
One of the concerns we have had in adopting the CAM approach is whether the CAMs will quickly deteriorate into boilerplate disclosures that are repeated year after year and shortly provide no additional useful information to financial statement users. There will be an inevitable attempt, particularly on the part of large audit firms with many public company clients, to achieve some, and perhaps a very high degree of uniformity in the disclosure of the CAMs. This standard has attempted to mitigate that risk by requiring the CAMs to be tied to the factual situation of the particular audit engagement in which they arise. By requiring the CAMs to be anchored in the particular factual setting of individual audits, which while they may be similar among issuers, are likely to have unique elements, we hope to prevent the CAMs from degenerating into boilerplate. In addition, if the UK experience is any guide, disclosures of these audit matters tend to be expressed differently by different audit firms and that in itself can create a richer environment for the presentation of auditors' reports.
This new requirement to include CAMs in an audit report will present an opportunity to auditors to show their skills. If auditors want to distinguish themselves, and give the public some insight into their work and judgment, this standard provides an opportunity for them to do so. If they want to hide behind boilerplate and over-disclosure, perhaps they may also find a way to do that, but they risk the disappointment or even anger of users of financial statements who may become aware from practices elsewhere that more meaningful disclosures by auditors are possible. I urge auditors to embrace the opportunity this new standard gives them to show the value of their work, and to improve overall audit quality for the benefit of investors and the companies which they are auditing.
This new standard will also require disclosure of the auditor's tenure in the audit report. I believe the public is entitled to this information about the tenure of the audit firms' service to the company and I am pleased that it will, for the first time, be required to be disclosed in one location in the audit report, thereby reducing the burden to obtain the information which is currently available to some extent through the SEC's EDGAR filing system.
We have also given a generous lead time for companies and auditors to prepare to implement this new standard by setting a phased effective date for the portion of the standard relating to CAMs. That portion of the standard will be effective for audits of fiscal years ending on or after June 30, 2019 for large accelerated filers, and for all other companies, for fiscal years ending on or after December 15, 2020. All other portions of the standard would be effective for audits of fiscal years ending December 2017.
I want to thank our staff whose many years of dedicated work on this project have led to what I hope will be a substantial improvement in the auditor's report. The team in our Office of Chief Auditor includes Elena Bozhkova, Ekaterina Dizna, Jennifer Rand, Jessica Watts and Karen Wiedemann. As usual, the staff of the U.S. Securities and Exchange Commission has been a valuable and always reliable partner in helping us to realize this new standard.
[1] Wiesen, Jeremy. The Securities Acts and Independent Auditors: What Did Congress Intend? AICPA (1978) at 23.
[2] The Commission on Auditors' Responsibilities, Report, Conclusions and Recommendations 71 (1978).
[3] National Commission on Fraudulent Financial Reporting, Report of the National Commission on Fraudulent Financial Reporting (October 1987).
[4] U.S. Treasury Advisory Committee on the Auditing Profession, Final Report, Recommendation 5, VII-13 (October 6, 2008).
[5] American Heritage Dictionary, Second College Edition, Houghton Mifflin Company (Boston) (1991).
[6] Financial Reporting Council, Extended auditor's reports: A further review of experience (January 2016).
[7] Id.