Date: Dec. 11, 2015
Speaker: Helen A. Munter, Director, Division of Registration and Inspections
Event: AICPA Conference on Current SEC and PCAOB Developments
Good afternoon. I would like to thank Liz Gantnier for hosting our session at the conference. Claudius and I are pleased to be back this year, but first we must say that the views we express are our own and should not be attributed to the PCAOB as a whole or any Board members or staff.
So, are we there yet?
A question I know I often get from family when we travel on vacation. And I am sure, one that many of you are likely thinking about as you prepare for your travels for this conference and the holiday season.
But it is also a question I often get as the Director of Registration and Inspections at the PCAOB.
Where are we with audit quality?
We are now thirteen years into an auditor regulatory scheme following the enactment of the Sarbanes-Oxley Act. These thirteen years have brought change, seen greater focus on auditors and their work by regulators around the world and set expectations for auditors to step up their game.
It has been a rewarding time for some and a challenging path for others.
As we approach the end of the year, it is a good time for reflection – taking a look at where we are and where we are going in audit firm inspections and where we see audit quality.
And I want to emphasize two important points:
First – I often hear auditors say that they fear an inspection – they fear the possible identification of an audit deficiency in their work. I understand that. No one wants to have a problem identified.
But there are many audits we inspect where we find no deficiencies, and many firms where we identify no deficiencies in any of their audits we inspect. That is not uncommon. It is possible to do good work. Many auditors do and we should celebrate those successes.
Second – The goal of the inspections regime has never been to simply identify deficiencies. The goal has always been to help auditors improve the quality of their audits and the value that they bring to their clients and to investors.
Righting the ship is not simply about the number of audit deficiencies that appear in the public portion of a firm's inspection report – the items we call Part I findings. Of course they matter. They are important. Our goal, however, in inspections, and what I view as a priority, is to address a firm's systemic issues, and the potential deficiencies in a firm's system of quality control.
So, thirteen years on, what is the state of audit quality?
In many respects, we have seen the quality of the audit work we inspect get better over the last thirteen years. Firms and individual partners are more engaged and are keenly focused on effectively identifying risks of material misstatement and planning audit responses to address such risks. There is, however, still room for improvement.
That the bar and expectations are high is a good thing. That is what investors expect and what they deserve. They expect a properly supported audit report. Many auditors now have greater confidence that their audit work is meeting that objective.
Let's talk about where we have seen firms improve. I want to call attention to five key areas:
While these improvements are positive, challenges remain and there are a number of areas where we would like to see improvement –
So what is the state of audit quality thirteen years later? Better. The last thirteen years show that diligence and constant probing and questioning are key to continuing to make meaningful changes that can result in lasting improvements to audit quality. I look forward to many more years of improvement.
We are in the midst of planning the 2016 inspections. We consider a number of factors as we scope our inspections including environmental, economic and technology risks along with new standards. Of course, the 2015 deficiencies will be a factor, and we do intend to see how firms are addressing past problems.
So, as auditors move into the 2015 year-end audits, what should they focus on?
1. Recurring Audit Deficiencies
As I reflect on what we have seen in the most recent inspection cycle, which generally examined 2014 year-end financial statements, I want to share a few thoughts that I think auditors, preparers and audit committees should consider as they aim to have a quality audit.
The most significant and frequent audit deficiencies continue to be in the key areas related to auditing ICFR, assessing and responding to risks of material misstatement, and auditing accounting estimates, including fair value measurements.
It is particularly important for the engagement partner and senior engagement team members to focus on these areas and for engagement quality reviewers to keep these matters in mind when performing their reviews.
Also, audit committees might wish to discuss with their auditors the types of audit deficiencies identified in their PCAOB inspections and ask how they are addressing these matters as part of their company's audit.
A few comments on preliminary 2015 inspection observations –
Inspections staff continue to observe significant audit deficiencies related to non-compliance with Auditing Standard No. 5, An Audit of Internal Control Over Financial Reporting That Is Integrated with An Audit of Financial Statements.
While Inspections staff have seen improvement in 2015 in the nature and extent of the audit issues in this area at certain firms, continued focus on this area is needed to improve and sustain audit quality.
I continue to encourage auditors to read PCAOB Staff Audit Practice Alert No. 11, Considerations for Audits of Internal Control Over Financial Reporting, which discusses requirements in PCAOB auditing standards related to auditing internal controls. This remains a valuable resource and tool.
Many others have spoken this week about the importance of ICFR and the need for issuers to evaluate their own controls and conclusions. There is a lot of tension in the system related to this topic and, as we discussed on Wednesday's panel, a helpful and ongoing dialogue in this area has begun. I believe it is essential that all involved parties, issuers, audit firms and regulators continue this discussion in 2016 as I feel there has already been great benefit from opening up these lines of communication. I look forward to the upcoming year as all parties continue to work together to improve audit quality in the area of internal controls.
Assessing and Responding to Risks of Material Misstatement
The overall number and significance of the deficiencies identified in 2015 related to non-compliance with the Risk Assessment Standards decreased at certain firms, but continues to be concerning to Inspections staff. Broadly, the risk assessment deficiencies observed during the 2015 and 2014 inspection cycles were most frequently related to Auditing Standard No. 13, The Auditor's Responses to the Risks of Material Misstatement, Auditing Standard No. 14, Evaluating Audit Results, and Auditing Standard No. 15, Audit Evidence.
Assessing and responding to risks of material misstatement are two critical components of an audit. Improper application of these standards may result in audit deficiencies that contribute to an unsupported audit opinion.
We recently issued a general report, Inspection Observations Related to PCAOB "Risk Assessment" Auditing Standards (AS No. 8 through No. 15), that highlights audit requirements, and provides examples of recent audit deficiencies in these standards. It also offers insight into potential root causes of these deficiencies and potential remedial actions that firms may consider. I encourage auditors to review the general report and consider whether these types of deficiencies could manifest themselves in their audits.
Inspections staff continued to take a close look at audit work performed on complex estimates and business transactions in 2015 and frequently identified audit deficiencies in this area.
Accounting estimates often warrant more audit attention because they involve subjective factors and judgments, which make them susceptible to management bias.
The audit deficiencies identified in this area have more commonly related to testing the valuation of assets and liabilities acquired in a business combination, and evaluating impairment analyses for goodwill and other long-lived assets. Other areas where deficiencies have been identified include financial instruments, revenue related estimates and reserves, the allowance for loan losses, and inventory reserves.
Due to the significant audit deficiencies identified, together with changing market conditions, a low interest rate environment, and an increase in merger and acquisition activity, auditors should continue to remain focused on this area.
Inspections staff continued to identify instances in which auditors did not fully understand how estimates were developed or did not sufficiently test the significant inputs and evaluate the significant assumptions used by management.
Auditors should obtain an understanding of the company's process and methods, including the related controls, for the development of complex estimates. Auditors should also be sure to take into account audit evidence that appears to contradict management assumptions, even when the auditor has obtained information that supports management's assumptions.
Auditors should be looking to these deficiencies and taking steps to prevent these same problems. In addition to the typical risk areas that we focus on, I want to highlight other areas for the upcoming cycle.
2. Other Areas
Economic and Environmental Risks
Our colleagues in the PCAOB Office of Research and Analysis assist us in identifying risks and other data to assist in our inspection planning process. A few economic and environmental risks that will factor into our 2016 selections —
Inspections staff will continue to consider the effect of trends related to the search for higher yields in the low interest rate environment and falling oil prices.
Cyber-security incidents have continued to be prominent. Examples include breaches related to the theft of company software, patents, secrets, or other intellectual property, or breaches that compromise software. Both auditors and companies alike see this as an overall business risk, and not just an information technology risk.
Inspections staff have observed that some firms have already provided additional audit guidance to their auditors. It is important for auditors to consider whether cyber-security risks pose risks of material misstatement. If cyber incidents have occurred during the audit period, auditors should consider whether there are any effects on the financial statements or implications for internal control over financial reporting. Inspections staff plan to continue to obtain and evaluate information in this area.
New Auditing Standards – Auditing Standard No. 18, Related Parties ("AS No. 18")
AS No. 18, Related Parties, became effective for periods beginning after December 15, 2014. The standard and amendments address: (i) relationships and transactions with related parties, (ii) significant unusual transactions, and (iii) financial relationships and transactions with executive officers. The standard also imposes new requirements relating to the auditor's communications with the company's audit committee. The new standard and related amendments are intended to strengthen auditor performance requirements in these critical areas that historically have represented increased risks of material misstatement in issuer financial statements.
Consistent with the implementation of previously issued standards, our 2016 inspection program will include procedures to assess the effectiveness of a firm's implementation of AS No. 18. I encourage auditors to refresh their understanding of the new requirements in this area.
We continue to evolve and develop our auditor oversight programs – communication and digging deeper into issues both within the U.S. and with our fellow regulators around the globe will be key elements of our future.
1. Expanding Information and Data
We achieved two important milestones in our communications and outreach this past year. First, we expanded inspection reports to include additional information, including information about industries inspected and findings by industry. Second, we introduced inspection briefs, which highlight important matters that Inspections staff want to share with auditors.
The Board also issued a summary report on findings related to risk assessment.
In the new year, we also expect to begin to post on our website data related to inspection results. Stay tuned. These additions are part of our focus on improving our communication and outreach to auditors. We welcome auditor feedback on them.
2. Collaboration Among Audit Regulators
The cross-border aspects of audits and audit quality around the globe are a focus for us and for our fellow regulators in other countries and jurisdictions. We are active participants and leaders in IFIAR and their Global Public Policy Committee (GPPC). These connections are important to us as they provide an opportunity to share data and information to help improve the audit globally.
Learning from our fellow regulators about risks and economic trends in other jurisdictions helps to inform our risk analysis and inspection planning.
Most importantly, these relationships help us to identify and discuss how firm culture in different jurisdictions may affect auditor independence, objectivity, and professional skepticism; and to implement effective ways, both here in the U.S. and internationally, to respond as necessary.
This past year, we inspected firms in approximately 30 jurisdictions and many times jointly with other regulators. Inspections staff routinely inspect portions of multiple-firm audits, including the audit work performed by both domestic and non-U.S. firms that played a role in the audit, commonly referred to as referred work. In 2014, our inspectors observed fewer audit deficiencies in the referred work engagements inspected.
3. Root Cause Analysis
In addition to the work performed by firms, Inspections staff also perform their own root cause analysis of findings at firms. This work has been expanding to include specific quality events, both negative (for example, audits with significant inspection findings) and positive (for example audits, or parts of audits, with no inspection findings where the inspection team recognized some anecdotal assessment of quality work).
We found through this process –
So sometimes it is not only about the tools. Sometimes it is not about doing more work. It is, however, about doing smart work, which includes well planned, organized, and effective work that ultimately demonstrates an understanding of the purpose/objective of the work being performed.
Some of these issues are not new but we are thinking about them in a new way. It is time to rethink the way work is undertaken. Auditors are diligent and smart, but obstacles can get in their way.
What we have learned is that the audit process itself – when it is thoughtful, timely and made a priority - leads to a quality audit. We have also learned that it is equally important to have the right players on the team, in terms of experience and expertise, including the level, the scope and the timing of their involvement in the audit process.
Rethinking "process" may require a change in behavior for some. While I recognize this can't happen overnight, I believe that if we stay focused on how it can help deliver a quality audit and protect investors, then over time we will meet that goal.
4. PCAOB Broker-Dealer Auditor Oversight
We also continue to develop our broker-dealer auditor oversight program. The 2015 inspection cycle is coming to a close. This year, our Inspections staff issued an inspection brief discussing the inspection plan for 2015 inspections. By the end of the year, we will have inspected 75 audit firms and portions of 115 broker-dealer audit and attestation engagements.
All inspections performed during 2015 cover audit and attestation engagements of brokers and dealers that were required to be conducted in accordance with PCAOB standards. The requirement to apply PCAOB standards is new for audits of brokers and dealers pursuant to an amended SEC Rule. We are coordinating closely with SEC staff in monitoring implementation of the amended rule and PCAOB standards, including our new auditor attestation standards.
In August, we issued our fourth annual summary report discussing the deficiencies identified during the 2014 inspection cycle. This report identified high levels of independence findings and audit deficiencies, similar to reported findings and deficiencies in previous years. Although findings and deficiencies were identified across all types of audit firms, firms that did not also audit issuers were noted to have a higher percentage of findings and deficiencies than firms that also audited issuers. Given the continued high level of findings, we have been urging firms that audit broker-dealers to re-examine their audit approaches.
Our interim inspection program will continue until the Board's rules for a permanent inspection program take effect. Inspections staff are currently working to develop a rule proposal for the Board to consider during 2016 to establish a permanent inspection program.
I remain concerned about a few areas that continue to be potential barriers to audit quality.
Topping my list is auditor independence. While last year, I was most concerned about the recent business activity with audit firms buying consulting practices, this year, I also have concerns in the area of personal independence. Auditors must be independent of their audit clients throughout the audit and professional engagement period.
Without independence, auditors cannot properly discharge their full range of professional responsibilities for exercising due care, including professional skepticism. Inspections staff have continued to observe deficiencies related to auditor independence which is concerning.
These deficiencies include instances where impermissible non-audit services were provided, as well as deficiencies in the area of personal independence, principally with respect to financial relationships. We have also observed instances where partners have violated the five year rotation requirement and served as the engagement partner or engagement quality review partner longer than a five year period or sometimes within the five year period following having served for five consecutive years.
While deficiencies with auditor independence were not pervasive across firms, auditors should continue to assess their personal and professional activities to ensure compliance with applicable independence standards.
2. Audit Staffing
Firms take various actions to combat fee pressure and price competition around the world including expanding non-audit and related services and outsourcing audit work to off-shore locations. These all pose various risks that we continue to monitor.
I am concerned about the effect that off-shoring and the increasing use of technology in the audit have on audit staff development. With many of the typical lower risk audit procedures being performed through technology or at an offshore center, how will staff learn and develop the skills that they need to perform quality audit work and be successful managers and partners?
I know firms are thinking about how these changes affect their current model and what may need to change in their system of quality control, particularly, in the areas of supervision and review and training. It is important that audit staff develop critical thinking skills and are able to understand how the more fundamental tasks of an audit are performed. This experience provides the foundation for them to be able to audit more complex areas as they progress in their careers.
We have been blocked from conducting inspections in a number of countries and jurisdictions including China and certain locations in Europe. We have made a great deal of progress, but the lack of access continues to be a concern. Without the benefit of PCAOB inspections investors face additional risks and auditors lack valuable input that can lead to improved audit quality. I hope and expect that our progress to expand our agreements with counterparts in other jurisdictions will continue.
No doubt we are pleased to see improvement in the audits we inspect. The decreasing number of deficiencies at some firms is promising. The focus on root cause analysis is promising. The focus on timely and substantive remedial actions is promising. But we have not yet arrived at our destination and more steps need to be taken to improve and sustain audit quality.
The road may present some bumps and barriers along the way, but with careful planning and communication, it can be navigated.
Auditing is and remains, a remarkable profession. Our inspectors also have deep audit experience and appreciation for the audit process. Our collective goal is to further improve audit quality and to protect the interests of investors.
 See PCAOB Quality Control Section 20, System of Quality Control for a CPA Firm's Accounting and Auditing Practice.
 See Staff Guidance - Information Concerning the Quality Control Remediation Process Under PCAOB Rule 4009 issued on November 18, 2013.
 See paragraphs 3 and 4 of AS 2501, Auditing Accounting Estimates (currently AU Section 342).
 See paragraphs 9 through 14 of AS 2501 and paragraphs 9 through 14, and 23 of AS 2502, Auditing Fair Value Measurements and Disclosures (currently AU Section 328).
 See paragraph 3 of AS 2810 (currently AS No. 14) and paragraph 2 of AS 1105 (currently AS No. 15).
 This conduct is inconsistent with Commission independence criteria, see Rule 2-01(c)(4)(i) and 2-01(c)(4)(vi) of Regulation S-X, 17 C.F.R. 210.2-01(c)(4), and is prohibited by Section 10A(g) of the Securities Exchange Act of 1934 and Commission Exchange Act Rule 10A-2.
 This conduct is inconsistent with Commission independence criteria, see Rule 2-01(c)(6)(i) of Regulation S-X, and is a violation of Section 10A(j) of the Exchange Act and Commission Exchange Act Rule 10A-2.