The State of Audit Quality

Date: Dec. 11, 2015

Speaker: Helen A. Munter, Director, Division of Registration and Inspections

Event: AICPA Conference on Current SEC and PCAOB Developments

Location: Washington

Good afternoon. I would like to thank Liz Gantnier for hosting our session at the conference. Claudius and I are pleased to be back this year, but first we must say that the views we express are our own and should not be attributed to the PCAOB as a whole or any Board members or staff.

So, are we there yet?

A question I know I often get from family when we travel on vacation. And I am sure, one that many of you are likely thinking about as you prepare for your travels for this conference and the holiday season.

But it is also a question I often get as the Director of Registration and Inspections at the PCAOB.

Where are we with audit quality?

We are now thirteen years into an auditor regulatory scheme following the enactment of the Sarbanes-Oxley Act. These thirteen years have brought change, seen greater focus on auditors and their work by regulators around the world and set expectations for auditors to step up their game.

It has been a rewarding time for some and a challenging path for others.

As we approach the end of the year, it is a good time for reflection – taking a look at where we are and where we are going in audit firm inspections and where we see audit quality.

And I want to emphasize two important points:

First – I often hear auditors say that they fear an inspection – they fear the possible identification of an audit deficiency in their work. I understand that. No one wants to have a problem identified.

But there are many audits we inspect where we find no deficiencies, and many firms where we identify no deficiencies in any of their audits we inspect. That is not uncommon. It is possible to do good work. Many auditors do and we should celebrate those successes.

Second – The goal of the inspections regime has never been to simply identify deficiencies. The goal has always been to help auditors improve the quality of their audits and the value that they bring to their clients and to investors.

Righting the ship is not simply about the number of audit deficiencies that appear in the public portion of a firm's inspection report – the items we call Part I findings. Of course they matter. They are important. Our goal, however, in inspections, and what I view as a priority, is to address a firm's systemic issues, and the potential deficiencies in a firm's system of quality control.

I. The State of Audit Quality Thirteen Years On

So, thirteen years on, what is the state of audit quality?

In many respects, we have seen the quality of the audit work we inspect get better over the last thirteen years. Firms and individual partners are more engaged and are keenly focused on effectively identifying risks of material misstatement and planning audit responses to address such risks. There is, however, still room for improvement.

That the bar and expectations are high is a good thing. That is what investors expect and what they deserve. They expect a properly supported audit report. Many auditors now have greater confidence that their audit work is meeting that objective.

Let's talk about where we have seen firms improve. I want to call attention to five key areas:

Tone at the top – first and foremost, the tone from firm leaders has been a critical component to effecting positive change within a firm. We have seen that when firm leaders set an appropriate tone – one that is focused on audit quality – and message this focus, it facilitates necessary changes in a firm's system of quality control which in turn results in improvements in the performance of audits by staff.

Training – no doubt auditors have seen a change in the training they are receiving. Most firms now have targeted and focused training on some of the more complex audit topics that often involves detailed case studies and at the end a course assessment to confirm the participants understanding.

New practice aids and checklists – especially for professional skepticism, auditing fair market value and management estimates as well as internal control over financial reporting ("ICFR"), practice aids and checklists have been developed and implemented by many firms. Such aids and checklists help firms achieve reasonable assurance that audit work is performed at consistent levels, but they also help teams to understand what is required and why certain procedures must be performed. Certainly, these are just tools and they need to be implemented with caution, but we have seen where they have contributed to a decrease in a firm's audit deficiencies. I am not advocating a checklist, check the box mentality but firms have learned that these tools can really work when used with proper judgment, supervision and professional skepticism.

Coaching and support to teams – we have heard a great deal from issuers that auditors often don't understand or can't explain to issuers the purpose of some of their audit procedures. Certainly, we think that as a first step it is important that auditors understand what objectives they are trying to achieve and whether the planned procedures satisfy those objectives. Firms have been investing more time and energy into coaching and providing support that helps less experienced team members develop the experience and knowledge that is crucial to their long-term development.

Monitoring – monitoring the quality of work performed is an integral part of an effective quality control system – and is required by the standards.^[1] Through their monitoring, firms have been able to identify deficiencies more effectively, timely and consistently. Some firms have implemented pre-issuance reviews in order to identify deficiencies before the audit work is completed. This gives engagement teams time to get it right before audit reports are issued. Monitoring is important as it helps auditors understand whether they have quality controls from both a firm and engagement level perspective, as well as what is and isn't working when evaluating these controls to ensure the firm is providing quality audits.

While these improvements are positive, challenges remain and there are a number of areas where we would like to see improvement –

Recurring audit deficiencies – a theme that I share globally with other regulators. The annual Global Survey of Inspection Results of the International Forum of Independent Audit Regulators ("IFIAR") has reported recurring audit deficiencies in key audit areas – internal control, fair value and revenue recognition being the top three. Not unlike our experience here in the U.S. The persistence of these issues has the attention and focus of regulators globally. Regulators expect firms to continue to take active steps to address deficiencies in these areas.

Effective remedial actions – firms are not always successful in their remediation efforts. In the last several years, the Board has made public quality control criticisms at large and small firms because the firms failed to satisfactorily remediate those criticisms. We have seen improvements in many firms following such decisions. Others, however, are not there yet. But I think we can say that right now audit quality is trending in the right direction. Firms need to continue to take prompt and active steps to address identified deficiencies. To be successful – a remedial action will meet five key criteria – change, relevance, design, implementation, and execution and effectiveness.^[2] I also urge firms to engage with us early and often during the process. We have dedicated staff to the remediation process and they are available to work with a firm throughout the 12 month remediation period.

Root cause analysis – most of the largest firms now have formal root cause analysis processes, but they are all at different stages. For the most part, these firms now take identified audit deficiencies and perform deep and systematic analyses of what went wrong and why. They are beginning to address matters that extend beyond the symptom of the problem in order to address the underlying cause of deficiencies. Some have even started looking at successes and the underlying reasons for those successes in order to gain greater insight into what are effective actions. As firms begin to get a better understanding of what drives successful outcomes, and the underlying drivers of quality, we expect that they will be able to more effectively and proactively drive their remedial efforts, and ultimately improve their audit quality. Implementing and maintaining this effectively throughout firms and their global networks will continue to be a challenge.

Consistent execution of audit methodology and approach around the globe – many firms are brought together under an umbrella entity, known as a global network firm. Executing consistent audit procedures throughout multi-location and multi-firm audits within such structures will continue to be an area where firms need to improve.

Monitoring of independence – as firms continue to grow their global practice, monitoring of independence on a global basis may raise challenges and require that firms remain vigilant in ensuring they comply with the independence rules.

So what is the state of audit quality thirteen years later? Better. The last thirteen years show that diligence and constant probing and questioning are key to continuing to make meaningful changes that can result in lasting improvements to audit quality. I look forward to many more years of improvement.

II. Looking Ahead to 2016

We are in the midst of planning the 2016 inspections. We consider a number of factors as we scope our inspections including environmental, economic and technology risks along with new standards. Of course, the 2015 deficiencies will be a factor, and we do intend to see how firms are addressing past problems.

So, as auditors move into the 2015 year-end audits, what should they focus on?

1. Recurring Audit Deficiencies

As I reflect on what we have seen in the most recent inspection cycle, which generally examined 2014 year-end financial statements, I want to share a few thoughts that I think auditors, preparers and audit committees should consider as they aim to have a quality audit.

The most significant and frequent audit deficiencies continue to be in the key areas related to auditing ICFR, assessing and responding to risks of material misstatement, and auditing accounting estimates, including fair value measurements.

It is particularly important for the engagement partner and senior engagement team members to focus on these areas and for engagement quality reviewers to keep these matters in mind when performing their reviews.

Also, audit committees might wish to discuss with their auditors the types of audit deficiencies identified in their PCAOB inspections and ask how they are addressing these matters as part of their company's audit.

A few comments on preliminary 2015 inspection observations –

ICFR

Inspections staff continue to observe significant audit deficiencies related to non-compliance with Auditing Standard No. 5, An Audit of Internal Control Over Financial Reporting That Is Integrated with An Audit of Financial Statements.

While Inspections staff have seen improvement in 2015 in the nature and extent of the audit issues in this area at certain firms, continued focus on this area is needed to improve and sustain audit quality.

I continue to encourage auditors to read PCAOB Staff Audit Practice Alert No. 11, Considerations for Audits of Internal Control Over Financial Reporting, which discusses requirements in PCAOB auditing standards related to auditing internal controls. This remains a valuable resource and tool.

Many others have spoken this week about the importance of ICFR and the need for issuers to evaluate their own controls and conclusions. There is a lot of tension in the system related to this topic and, as we discussed on Wednesday's panel, a helpful and ongoing dialogue in this area has begun. I believe it is essential that all involved parties, issuers, audit firms and regulators continue this discussion in 2016 as I feel there has already been great benefit from opening up these lines of communication. I look forward to the upcoming year as all parties continue to work together to improve audit quality in the area of internal controls.

Assessing and Responding to Risks of Material Misstatement

The overall number and significance of the deficiencies identified in 2015 related to non-compliance with the Risk Assessment Standards decreased at certain firms, but continues to be concerning to Inspections staff. Broadly, the risk assessment deficiencies observed during the 2015 and 2014 inspection cycles were most frequently related to Auditing Standard No. 13, The Auditor's Responses to the Risks of Material Misstatement, Auditing Standard No. 14, Evaluating Audit Results, and Auditing Standard No. 15, Audit Evidence.

Assessing and responding to risks of material misstatement are two critical components of an audit. Improper application of these standards may result in audit deficiencies that contribute to an unsupported audit opinion.

We recently issued a general report, Inspection Observations Related to PCAOB "Risk Assessment" Auditing Standards (AS No. 8 through No. 15), that highlights audit requirements, and provides examples of recent audit deficiencies in these standards. It also offers insight into potential root causes of these deficiencies and potential remedial actions that firms may consider. I encourage auditors to review the general report and consider whether these types of deficiencies could manifest themselves in their audits.

Accounting Estimates

Inspections staff continued to take a close look at audit work performed on complex estimates and business transactions in 2015 and frequently identified audit deficiencies in this area.

Accounting estimates often warrant more audit attention because they involve subjective factors and judgments, which make them susceptible to management bias.^[3]

The audit deficiencies identified in this area have more commonly related to testing the valuation of assets and liabilities acquired in a business combination, and evaluating impairment analyses for goodwill and other long-lived assets. Other areas where deficiencies have been identified include financial instruments, revenue related estimates and reserves, the allowance for loan losses, and inventory reserves.

Due to the significant audit deficiencies identified, together with changing market conditions, a low interest rate environment, and an increase in merger and acquisition activity, auditors should continue to remain focused on this area.

Inspections staff continued to identify instances in which auditors did not fully understand how estimates were developed or did not sufficiently test the significant inputs and evaluate the significant assumptions used by management.

Auditors should obtain an understanding of the company's process and methods, including the related controls, for the development of complex estimates.^[4] Auditors should also be sure to take into account audit evidence that appears to contradict management assumptions, even when the auditor has obtained information that supports management's assumptions.^[5]

Auditors should be looking to these deficiencies and taking steps to prevent these same problems. In addition to the typical risk areas that we focus on, I want to highlight other areas for the upcoming cycle.

2. Other Areas

Economic and Environmental Risks

Our colleagues in the PCAOB Office of Research and Analysis assist us in identifying risks and other data to assist in our inspection planning process. A few economic and environmental risks that will factor into our 2016 selections —

Appreciation of the U.S. dollar - the significant appreciation in the U.S. dollar over the past year has created significant challenges for U.S. producers of domestic goods and their international subsidiaries. Challenges include, among others, pressures on revenue and margins on domestic goods produced, potential loss of market share to foreign competition, and negative effects of foreign currency translations. This will also be a factor as we evaluate areas for inspection focus. These challenges may impact a company's ability to continue as a going concern which is something that auditors should consider in their upcoming audits.

Segment disclosures - recent Securities and Exchange Commission ("SEC") commentary has highlighted an increased focus on segment disclosures. Given the heightened focus in this area, our Inspections staff will take a closer look at these disclosures in the upcoming cycle. Auditors should consider how an issuer identified the chief operating decision maker and determined the operating segments and the reportable segments. This would include an analysis of the characteristics an issuer considered when deciding whether or not operating segments could be aggregated. This may involve subjective factors and we would expect audit teams to apply professional skepticism in this area and consider all of the relevant facts, which may support or contradict management's assertions. Merely confirming the consistency of segment disclosures with the prior year may not be enough. Auditors should consider whether any factors have indicated that a reassessment of the segment reporting is necessary.

Mergers and acquisitions – increasing deal values and the high pace of mergers and acquisitions activity continue and may increase the risk of potentially aggressive accounting transactions. In 2015, Inspections staff identified audit deficiencies in the testing of the valuation of assets and liabilities acquired in a business combination. Deficiencies in this area appear to be increasing and this will continue to be an area of inspection focus in 2016.

Income taxes - companies continue to grow their profits in lower tax jurisdictions, and consistent with prior year inspections, Inspections staff will focus on this area, as appropriate. Audit deficiencies have been identified related to the procedures performed to test the design and operating effectiveness of controls selected by the auditors for testing related to income taxes, and in some instances the valuation allowance of the net deferred tax assets. Auditors should remain focused on this area, including the testing of selected controls over the completeness and valuation of income taxes and the related disclosures.

Going concern – given the various risks I have highlighted, auditors should be particularly mindful when evaluating a company's ability to continue as a going concern. The PCAOB standard-setting agenda includes a project on going concern. Our 2016 inspections will have a focus on an auditor's evaluation of a company's ability to continue as a going concern and I expect that this will help to inform the standard-setting process.

Inspections staff will continue to consider the effect of trends related to the search for higher yields in the low interest rate environment and falling oil prices.

Technology Risks

Cyber-security incidents have continued to be prominent. Examples include breaches related to the theft of company software, patents, secrets, or other intellectual property, or breaches that compromise software. Both auditors and companies alike see this as an overall business risk, and not just an information technology risk.

Inspections staff have observed that some firms have already provided additional audit guidance to their auditors. It is important for auditors to consider whether cyber-security risks pose risks of material misstatement. If cyber incidents have occurred during the audit period, auditors should consider whether there are any effects on the financial statements or implications for internal control over financial reporting. Inspections staff plan to continue to obtain and evaluate information in this area.

New Auditing Standards – Auditing Standard No. 18, Related Parties ("AS No. 18")

AS No. 18, Related Parties, became effective for periods beginning after December 15, 2014. The standard and amendments address: (i) relationships and transactions with related parties, (ii) significant unusual transactions, and (iii) financial relationships and transactions with executive officers. The standard also imposes new requirements relating to the auditor's communications with the company's audit committee. The new standard and related amendments are intended to strengthen auditor performance requirements in these critical areas that historically have represented increased risks of material misstatement in issuer financial statements.

Consistent with the implementation of previously issued standards, our 2016 inspection program will include procedures to assess the effectiveness of a firm's implementation of AS No. 18. I encourage auditors to refresh their understanding of the new requirements in this area.

III. Advances in Audit Regulation

We continue to evolve and develop our auditor oversight programs – communication and digging deeper into issues both within the U.S. and with our fellow regulators around the globe will be key elements of our future.

1. Expanding Information and Data

We achieved two important milestones in our communications and outreach this past year. First, we expanded inspection reports to include additional information, including information about industries inspected and findings by industry. Second, we introduced inspection briefs, which highlight important matters that Inspections staff want to share with auditors.

The Board also issued a summary report on findings related to risk assessment.

In the new year, we also expect to begin to post on our website data related to inspection results. Stay tuned. These additions are part of our focus on improving our communication and outreach to auditors. We welcome auditor feedback on them.

2. Collaboration Among Audit Regulators

The cross-border aspects of audits and audit quality around the globe are a focus for us and for our fellow regulators in other countries and jurisdictions. We are active participants and leaders in IFIAR and their Global Public Policy Committee (GPPC). These connections are important to us as they provide an opportunity to share data and information to help improve the audit globally.

Learning from our fellow regulators about risks and economic trends in other jurisdictions helps to inform our risk analysis and inspection planning.

Most importantly, these relationships help us to identify and discuss how firm culture in different jurisdictions may affect auditor independence, objectivity, and professional skepticism; and to implement effective ways, both here in the U.S. and internationally, to respond as necessary.

This past year, we inspected firms in approximately 30 jurisdictions and many times jointly with other regulators. Inspections staff routinely inspect portions of multiple-firm audits, including the audit work performed by both domestic and non-U.S. firms that played a role in the audit, commonly referred to as referred work. In 2014, our inspectors observed fewer audit deficiencies in the referred work engagements inspected.

3. Root Cause Analysis

In addition to the work performed by firms, Inspections staff also perform their own root cause analysis of findings at firms. This work has been expanding to include specific quality events, both negative (for example, audits with significant inspection findings) and positive (for example audits, or parts of audits, with no inspection findings where the inspection team recognized some anecdotal assessment of quality work).

We found through this process –

Good issuer accounting and controls – leads to a better audit
Good project management skills – leads to a better audit
Good audit team mix with an appropriate level of supervision and review – leads to a better audit

So sometimes it is not only about the tools. Sometimes it is not about doing more work. It is, however, about doing smart work, which includes well planned, organized, and effective work that ultimately demonstrates an understanding of the purpose/objective of the work being performed.

Some of these issues are not new but we are thinking about them in a new way. It is time to rethink the way work is undertaken. Auditors are diligent and smart, but obstacles can get in their way.

What we have learned is that the audit process itself – when it is thoughtful, timely and made a priority - leads to a quality audit. We have also learned that it is equally important to have the right players on the team, in terms of experience and expertise, including the level, the scope and the timing of their involvement in the audit process.

Rethinking "process" may require a change in behavior for some. While I recognize this can't happen overnight, I believe that if we stay focused on how it can help deliver a quality audit and protect investors, then over time we will meet that goal.

4. PCAOB Broker-Dealer Auditor Oversight

We also continue to develop our broker-dealer auditor oversight program. The 2015 inspection cycle is coming to a close. This year, our Inspections staff issued an inspection brief discussing the inspection plan for 2015 inspections. By the end of the year, we will have inspected 75 audit firms and portions of 115 broker-dealer audit and attestation engagements.

All inspections performed during 2015 cover audit and attestation engagements of brokers and dealers that were required to be conducted in accordance with PCAOB standards. The requirement to apply PCAOB standards is new for audits of brokers and dealers pursuant to an amended SEC Rule. We are coordinating closely with SEC staff in monitoring implementation of the amended rule and PCAOB standards, including our new auditor attestation standards.

In August, we issued our fourth annual summary report discussing the deficiencies identified during the 2014 inspection cycle. This report identified high levels of independence findings and audit deficiencies, similar to reported findings and deficiencies in previous years. Although findings and deficiencies were identified across all types of audit firms, firms that did not also audit issuers were noted to have a higher percentage of findings and deficiencies than firms that also audited issuers. Given the continued high level of findings, we have been urging firms that audit broker-dealers to re-examine their audit approaches.

Our interim inspection program will continue until the Board's rules for a permanent inspection program take effect. Inspections staff are currently working to develop a rule proposal for the Board to consider during 2016 to establish a permanent inspection program.

IV. Potential Barriers to Audit Quality

I remain concerned about a few areas that continue to be potential barriers to audit quality.

1. Independence

Topping my list is auditor independence. While last year, I was most concerned about the recent business activity with audit firms buying consulting practices, this year, I also have concerns in the area of personal independence. Auditors must be independent of their audit clients throughout the audit and professional engagement period.

Without independence, auditors cannot properly discharge their full range of professional responsibilities for exercising due care, including professional skepticism. Inspections staff have continued to observe deficiencies related to auditor independence which is concerning.

These deficiencies include instances where impermissible non-audit services were provided,^[6] as well as deficiencies in the area of personal independence, principally with respect to financial relationships. We have also observed instances where partners have violated the five year rotation requirement and served as the engagement partner or engagement quality review partner longer than a five year period or sometimes within the five year period following having served for five consecutive years.^[7]

While deficiencies with auditor independence were not pervasive across firms, auditors should continue to assess their personal and professional activities to ensure compliance with applicable independence standards.

2. Audit Staffing

Firms take various actions to combat fee pressure and price competition around the world including expanding non-audit and related services and outsourcing audit work to off-shore locations. These all pose various risks that we continue to monitor.

I am concerned about the effect that off-shoring and the increasing use of technology in the audit have on audit staff development. With many of the typical lower risk audit procedures being performed through technology or at an offshore center, how will staff learn and develop the skills that they need to perform quality audit work and be successful managers and partners?

I know firms are thinking about how these changes affect their current model and what may need to change in their system of quality control, particularly, in the areas of supervision and review and training. It is important that audit staff develop critical thinking skills and are able to understand how the more fundamental tasks of an audit are performed. This experience provides the foundation for them to be able to audit more complex areas as they progress in their careers.

3. International

We have been blocked from conducting inspections in a number of countries and jurisdictions including China and certain locations in Europe. We have made a great deal of progress, but the lack of access continues to be a concern. Without the benefit of PCAOB inspections investors face additional risks and auditors lack valuable input that can lead to improved audit quality. I hope and expect that our progress to expand our agreements with counterparts in other jurisdictions will continue.

V. On Our Way But We Have Not Yet Arrived

No doubt we are pleased to see improvement in the audits we inspect. The decreasing number of deficiencies at some firms is promising. The focus on root cause analysis is promising. The focus on timely and substantive remedial actions is promising. But we have not yet arrived at our destination and more steps need to be taken to improve and sustain audit quality.

The road may present some bumps and barriers along the way, but with careful planning and communication, it can be navigated.

Auditing is and remains, a remarkable profession. Our inspectors also have deep audit experience and appreciation for the audit process. Our collective goal is to further improve audit quality and to protect the interests of investors.

^[1] See PCAOB Quality Control Section 20, System of Quality Control for a CPA Firm's Accounting and Auditing Practice.

^[2] See Staff Guidance - Information Concerning the Quality Control Remediation Process Under PCAOB Rule 4009 issued on November 18, 2013.

^[3] See paragraphs 3 and 4 of AS 2501, Auditing Accounting Estimates (currently AU Section 342).

^[4] See paragraphs 9 through 14 of AS 2501 and paragraphs 9 through 14, and 23 of AS 2502, Auditing Fair Value Measurements and Disclosures (currently AU Section 328).

^[5] See paragraph 3 of AS 2810 (currently AS No. 14) and paragraph 2 of AS 1105 (currently AS No. 15).

^[6] This conduct is inconsistent with Commission independence criteria, see Rule 2-01(c)(4)(i) and 2-01(c)(4)(vi) of Regulation S-X, 17 C.F.R. 210.2-01(c)(4), and is prohibited by Section 10A(g) of the Securities Exchange Act of 1934 and Commission Exchange Act Rule 10A-2.

^[7] This conduct is inconsistent with Commission independence criteria, see Rule 2-01(c)(6)(i) of Regulation S-X, and is a violation of Section 10A(j) of the Exchange Act and Commission Exchange Act Rule 10A-2.