I am honored to be with you today. As with the other PCAOB speakers at this conference, let me begin by stating that the views I express are my own and should not be attributed to the PCAOB as a whole or any other members or staff.
For 43 years now, the AICPA has used meaningful and timely programs to spur discussion among practitioners and policy makers on current issues.
In the years after enactment of the Sarbanes-Oxley Act of 2002 and the establishment of the PCAOB, the conference planners have devoted more attention to the audit.
The conference planners have not just updated the name to reflect the establishment of the PCAOB as an independent audit regulator. Rather, our agenda reflects societal attention to the critical role of the audit in our capital markets, and not just in the U.S.
The cacophony of demands on the audit can be dizzying; especially for a profession that has built itself on the core value of service.
Some, for example, struggle to see the merits of a robust audit and, rather, see it as a regulatory burden; a compliance step to be checked off at the lowest cost possible. Audit budgets can be tight.
These perspectives are in tension with the new regulatory demands of the auditor, both here and abroad, evidenced not only by new requirements, but also heightened public scrutiny of the auditor's performance of existing requirements.
Others ask for more – more transparency, more incisive reporting – again, in tension with the commercial reality that an auditor's client is rarely comfortable with the auditor speaking to the financial statements other than to affirm they are accurate.
For nearly a century, U.S. law has entrusted to the audit profession the power, and, with that power, the duty, to determine whether a company's financial reports are fairly presented consistent with an appropriate accounting framework such that they should be allowed to participate in the public capital markets.
As a statutorily established institution, the PCAOB has an overriding responsibility to serve the investing public by setting auditing and related professional practice standards, inspecting engagements and quality control systems against those standards, and, when necessary, disciplining auditors that fail to comply.
We focus auditors on their role as a gatekeeper.
If there are material misstatements or omissions in a company's statements, the auditor must qualify the opinion. The gate should close.
PCAOB oversight is intended to protect investors from the risks that flow from material misstatements and omissions in financial reporting, and promote investors' interest in more informative, accurate and independent audit reports.
At the PCAOB, we press forward on many near- and long-term initiatives. In all this work, we coordinate closely with the SEC staff in the Office of the Chief Accountant.
And what, you ask, has the PCAOB achieved? I look at three resulting, demonstrated trends:
As the public has sought to know more about what we see in and think about the audit, auditor conduct has changed.
As we have emphasized remediation in our communication to the firms, audit quality has improved.
As audit quality gains credibility from credible regulation, better access to capital accrues.
In my time here, I will speak to the details of these phenomena, and what may lie ahead.
Inspections are our primary interaction with the audit firms we oversee.
Through the end of November, we have this year conducted more than 200 inspections of firms that issue audit reports on issuers or play a substantial role in an audit of an issuer.
This includes examination of portions of about 215 engagements across the largest four domestic firms. Given the immense size of these firms and their engagements, to make the most effective use of our resources, we use a variety of analytical techniques to identify audit areas that are likely to raise challenging or difficult issues.
We have also examined portions of about 400 engagements by 140 other U.S. registered public accounting firms and about 160 engagements by 57 non-U.S. registered firms in 26 jurisdictions.
To date, we have carried out inspections in 46 foreign jurisdictions. In 18 of those jurisdictions, we conduct our inspections jointly with a local audit oversight body. This enhances our understanding of local risks. It may also provide local authorities the benefit of broader information about firms' global operations.
In Europe, we enjoy the support of the European Commission to work with member-state authorities, grounded in a 2013 Adequacy Decision that the PCAOB's oversight regime meets the Commission's criteria for coordination.
That determination is subject to re-examination next year, but I am optimistic that the Decision will be renewed in 2016. We will continue to deepen our ties with our European partners. And we will achieve protocols with the shortening list of European jurisdictions where we don't currently inspect, due to local administrative or legislative hurdles.
Greece, Hungary and Luxembourg came off that list this year, when local authorities approved bilateral arrangements between their audit regulators and the PCAOB.
We also inspect in Latin America, Canada, Africa, Australia and Asia, but China is an exception. We have been negotiating toward access to inspect in China. We reached a break-through of sorts this past June at the Treasury Department's portion of the U.S.-China Strategic and Economic Dialogue, when China's State Council for the Chinese securities regulator apparently directed the Chinese regulators to work out terms of a pilot inspection program with us. But coming to closure on the details of this pilot inspection program has, unfortunately, proven to be significantly more difficult than anticipated.
In my time at the PCAOB, we have seen changes. My arrival coincided with a peak in inspection findings, and remediation was being challenged. With the credibility of the inspection process, remediation has begun to work for the firms who committed to the concept of remediating deficiencies and looking for root causes. Findings are beginning – in those firms – to decline.
It is too early to declare victory, but we have established an interactive process that is fair, expertly implemented, and transparent to the firms. This is, I believe, what Sarbanes-Oxley contemplated.
For several years, a significant portion of inspection findings have clustered around the audit of internal control over financial reporting. These are not just technical deficiencies.
We include a finding in Part 1 of an inspection report only if the audit work is so flawed that the audit report – whether on the financial statements or on internal control – should not have been issued at the time it was.
Earlier this year, SEC Chief Accountant Jim Schnurr and I responded to the concerns of preparers, focused primarily on the impact of our inspections of audits of internal control.
To gather more information about their concerns, the Chief Accountant and I scheduled a series of meetings with preparers and auditors. We also discussed the concerns with our Investor Advisory Group.
Later today, my colleague, Jeanette Franzel, and Helen Munter, Director of our Division of Registration and Inspection, will discuss the insights we gleaned. I believe it is important for us to hear from groups that are affected by our work.
Expect further constructive engagement by us to dismantle barriers to understanding the PCAOB inspection process and educate and inform on the results.
By the end of this year, we will also have inspected 74 firms that audit brokers and dealers, including examinations of portions of 115 audits of brokers.
The objectives and scope for the 2015 cycle in our interim inspection program for audits of SEC-registered brokers and dealers were detailed in a staff inspection brief. As envisioned in the program, we also issued our fourth annual report on the results of the 2014 inspections in August of this year.
We embarked on the interim program, by rule, as soon as practicable after Dodd-Frank expanded our remit to the auditors of brokers and dealers. Through the program, we are assembling and analyzing information about the state of audits by various types of firms and of various types of brokers and dealers.
We are also learning about where our oversight can be most effective at protecting customers, who, unlike shareholders, do not necessarily rely on the firm's financial statements but rather on the firm's compliance with customer protection requirements.
We plan to use this analysis to develop rules for a permanent program, including rules on the frequency of inspections, and, as appropriate, exemptions.
More broadly, we also issued a general report on inspection findings related to risk assessment, which underpins the entire span of audits that we oversee – whether of financial statements, internal control, broker-dealers, large entities, small, domestic, or foreign.
Where appropriate, we have also commenced investigations and disciplinary proceedings. Over the past year, we've experienced an increase in matters relating to work performed by non-U.S. registered firms and associated persons.
The Board has broad authority to impose sanctions on registered firms and associated persons for violating applicable laws and standards. Since inception of our program, the PCAOB has publicly announced the resolution of 128 enforcement proceedings. Remedies include revocations of firms' registrations, practice bars on individuals, monetary penalties, and monitors.
The announced decisions do not, however, reflect the full extent of PCAOB enforcement activity. Under the Sarbanes-Oxley Act, PCAOB investigations and contested proceedings are non-public.
There are a significant number of matters under active investigation and an additional number in litigation. These take years to be resolved.
Senators Grassley and Reed have co-sponsored a bill to permit the PCAOB to make public our hearings and related notices, orders, and motions.
Thanks to their leadership, the bill enjoys both bi-partisan and bi-cameral support.
In my view, the bill is important for public confidence in the PCAOB's processes and oversight. It is also important for practitioners and potential respondents, who today do not have the benefit of prior case precedents.
These days, passing anything in Washington is difficult. For that reason, I am all the more grateful to Senators Grassley and Reed for their perseverance. Given auditors' gatekeeper function, publicity of disciplinary matters instituted is appropriate – for deterrence and prevention, for investor protection, and for public confidence in audits.
Investors deserve to know whether those entrusted to tend the gate to public capital are the subject of pending actions. Competent private contracting parties would surely require such information in due diligence. If we want to retain the confidence of more dispersed public investors, we should afford them the same transparency.
To enhance public confidence in and awareness of our work we are doing more in the way of outreach, especially to audit committees, with a view to help raise awareness of audit risks and challenges.
We sought comment on the identification and potential uses of objective audit quality indicators.
We continue to help auditors at smaller firms keep up on requirements, trends, and risks by maintaining daylong small business forums around the country throughout the year. We've held ten this year, including four devoted to auditors of brokers and dealers. More than 1,300 professionals attended one of the 10 forums. We also held two webinars for broker-dealer auditors in January and will hold more next year.
We are also examining economic impacts. Through a combination of permanent staff and academic talent, our Center for Economic Analysis has brought empirical skills and tools to many questions relevant to our work. Our economists analyze the need for and effects of potential changes in standards, and have produced a series of research papers on the impact of our inspections.
The Center has also commenced our first post-implementation review. It will examine the impact of our standard on engagement quality reviews.
And, together with our inspections staff, the Center has begun a project to work with statisticians to explore whether we should allocate some portion of our inspection resources to randomly selected engagements. Could some randomization help us make better inferences about how pervasive audit deficiencies may be? Could some random selection increase the deterrent effect of our inspections program?
Our programs are the levers by which we both deter bad conduct and incentivize exemplary conduct.
For example, through skillful engagement selection, we increase the risk to the auditor – both real and perceived – that a failure to identify and address a financial reporting error would come to our, and the firm's, attention. It is the perceived risk that amplifies the deterrent effect of our inspections, which are, by necessity, limited in scope.
When we identify a significant deficiency in an engagement, such that the audit report should not have been issued when it was, most firms now tend to agree with our finding.
We've learned that, the next year, both the engagement partner who had the deficiency and other engagement partners in his or her office react in a positive manner. There is a spillover effect.
According to emerging research from our Center for Economic Analysis, we see a statistically significant increase in effort by the engagement partner and quality reviewer. We see a statistically significant decrease in restatement risk. And we see no statistically significant change in fees.
Those are powerful results – for the public interest as well as the interest of the profession as a whole.
Conversely, when we inspect an audit and find no significant deficiency – I'm not saying there were no mistakes, but none that merited inclusion in Part 1 of our inspection report – then we tend to see a statistically significant decrease in effort and increase in restatement rate.
This is consistent with a hypothesis that, after such an inspection, the spotlight is perceived to move on.
Auditors must come to appreciate the profound impact of incentives on their own biases and judgments.
We can protect the public's interest in the audit as a mechanism to provide trust only by recognizing the impact of incentives, both systemic and personal, and implementing stronger counter-measures.
I joined the PCAOB because I believe that the major national and regional firms in this country, operating at their best, are capable of the highest quality audit work. But they are comprised of rational human beings.
There are formidable forces that work against their best intentions. It is these forces – intrinsic to the business model – that plant seeds of doubt among young auditors trained to be skeptics.
There is the payment model. Sarbanes-Oxley shifted hiring and oversight of the auditor from management to the audit committee. Anecdotally, I have heard that in many cases highly competent and strong audit committees have championed auditor objectivity and independence from management.
But I have also heard that other audit committees may still see themselves as agents of management, and their job as negotiating the lowest audit fee. Higher fees may not always be justified. But, what an audit committee signals – about both fees and other matters – establishes implicit incentives for auditors, and those tacit signals may not all promote quality.
The statutory franchise also affects auditor incentives. There may be intense competition on price, but auditors don't have a natural incentive to redesign the audit or to evolve their reports to suit market participants, that is, the users – public investors.
There are other external conflicts of interest for the audit to overcome. Conflicts are rife in the fundamental issues auditors face in evaluating whether a company's going concern assumption is valid. These conflicts inhere in the judgments of people who prepare and market valuations while actively trading.
There is no silver bullet to address these challenges.
There are as many or more problems with structural alternatives, such as a third-party payor or insurance-based system.
In a dispersed ownership society, eliminating the audit requirement would be impractical and outright reckless.
Therefore, I believe our initiatives must go to reducing risks that flow from these conflicts, and developing stronger incentives to counter-balance them.
The Act profoundly changed the environment in which public company auditors operate by providing for ongoing accountability to the PCAOB. It gave us important tools, but it does not – cannot – ensure the future.
It is up to us to use those tools to establish a more stable model in which auditors are not forced to choose between client service and public service.
This is why, I believe, the Sarbanes-Oxley Act gave the PCAOB the authority and responsibility to set auditing and related professional practice standards for public company audits.
We completed this year a multi-year effort to reorganize our standards, in order to make them more accessible to auditors and others who use them.
Our standards cover audits of internal control over financial reporting, documentation, engagement quality review, risk assessment, related party transactions, and communications with audit committees, among other topics.
Some of our most important standards are principles-based and timeless – relating to independence, skepticism, due care.
But we also have an active standard-setting agenda to address current challenges. It involves consideration of both appropriate audit procedures, as well as mechanisms to promote appropriate auditor incentives.
We are developing a new standard on auditor procedures for using the work of other auditors. These procedures will be particularly important to improving the quality of large, multi-national audits in which significant parts of the audit are conducted by firms other than the signing firm.
I expect to be in a position to propose this standard early in 2016. As in all cases, we work closely with, and benefit from the knowledge and advice of, our colleagues at the SEC.
Also, earlier this year, PCAOB staff sought comment on ways to improve the auditor's use of specialists, who, as I've mentioned, bring their own set of potential conflicts.
At the same time, we continue to consider comments on a staff consultation paper on auditing accounting estimates and fair value measurements. Among other comments, we recently received a letter from the AICPA's Center for Audit Quality, which encouraged us to borrow from the standards of the profession's International Auditing and Assurance Standards Board. We will certainly take the IAASB's approach into consideration.
We have also been evaluating our standard implementing the auditor's statutory duties to assess a company's ability to continue as a going concern. We had a robust discussion of this topic with our Investor Advisory Group in September, and are now gathering additional information about how the auditor's work can best serve investors.
We also have two other significant projects underway to strengthen auditors' connection with investors.
First, in June we sought additional comment on the most efficient way to provide investors useful information on the names of engagement partners and other firms that participate in an audit.
We know, both from our own oversight and from our solicitation of views, that the engagement partner has singular, albeit not complete, influence over the quality of an audit. Quality among engagements varies considerably, especially at the largest firms made up of tens of thousands of professionals.
Disclosure will help investors to assess that quality. Moreover, disclosure will help strong engagement partners, who demonstrate skill in counteracting counter-productive incentives and bias, to distinguish themselves in the market.
This kind of disclosure bodes well for good auditors.
Through our oversight, we have also seen multi-national audits with inconsistent quality among participating affiliates. Transparency as to the firms involved should not only help investors distinguish reliability, but it should enhance networks' incentives to ensure that they pick high quality local firms with whom to affiliate.
We have also seen instances where most of the audit work was done by a firm other than the one signing the audit report. Investors should know who really did the audit.
We have been sensitive to auditors' concerns of a risk of increased personal liability, especially if they are required to sign the audit report, or even simply put their name in the audit report. It isn't the goal of the proposal to increase personal liability, but rather to give investors a means, over time, of discerning the quality of the audit through its leadership.
Again, there is the nexus of information and conduct: I believe the knowledge that there is public information about who led or participated in the audit will enhance accountability when it may still be needed.
Therefore, in our June supplemental request for comment, we took up the comments urging us to develop a form for auditors to report the information other than in the audit report itself. We've been deliberating on the comments received, and I believe we are now in a position to adopt a final rule next week.
The second project involves re-examining the standard auditor's report.
The profession itself, through its International Auditing and Assurance Standards Board, recently adopted new requirements that auditors disclose what they call "key audit matters" in their audit reports. The IAASB's standards on auditor reporting are applicable in most other major financial markets for audits of financial statements for periods ending on or after December 15, 2016.[1]
The United Kingdom adopted standards on an expanded audit report even earlier, and so we now benefit from a growing body of evidence and experience. There, the Financial Reporting Council has required extended auditor reporting on financial statements for periods that began on or after October 1, 2012. There are approximately 900 UK-reporting companies subject to the requirement.[2]
After two years of experience, investors, analysts, auditors and companies reporting in the UK all report that the new audit reports have brought new relevance to the audit.
We will closely monitor these developments as PCAOB staff refine our own proposal, which I hope will be out for public comment early in 2016.
This is an exciting time to be in or entering the audit profession. The profession offers both the reasonable expectation of financial reward and the satisfaction of performing a public service.
One of the great questions we face in our lives is whether or not we have been able to make a difference. The audit profession offers that opportunity for those who will reach for it.
But no profession is free of uncertainty or challenge. The profession faces a number of challenges, including challenges to maintaining public trust.
I have explained my view as to how the PCAOB, through the efforts of a superb staff, has made a difference.
I've described measures related to inspections, enforcement, outreach, economic analysis and standard-setting. I've explained how we set, and adjust, each lever. I think these steps will go a long way toward enhancing the investing public's perception of both the relevance and the reliability of audits.
I recognize how vexing change can be. But these changes are modest in comparison to the upheaval other industries experience, and some of these changes are overdue.
In the decade since the Enron and Worldcom scandals, audit fees in the U.S. initially spiked, but have since leveled. Audit practices have shrunk in comparison to audit firms' other client services.
There well could have been new demand for audit services in the last several years, had public confidence in audits been greater. But for nearly a generation of professionals coming of age since Enron, it has not materialized.
A range of consulting firms have emerged to provide assurance on a range of matters important to investors and the public, such as cybersecurity or sustainability. Those non-audit firms have technical expertise, but their culture is not grounded in rigorous devotion to independence, objectivity, and high standards for the use of skepticism.
The most encouraging signs for a young professional are to be found in the questions being asked in forum's such as this by the profession's thought leaders: Are we auditing the right things? What skills do young auditors need to equip them for the next generation's audit? How do we structure the business model to be truly fit to purpose? These are, surely, the growth rings.
Independence is the rock on which the audit profession takes its stand. Skepticism is the mindset that sets the audit profession apart. These are the reinforcing values that give investors the confidence to provide capital for real economic growth.
Capturing the demand for credible assurance requires attending to the public's desire for confidence that the audit function is the watchdog the public expects it to be.
[1] The Netherlands early adopted. There, first year reports under the new requirements have just recently begun to come out.
The EU also adopted major changes to audit reports used in member states, including requiring a description of the most significant assessed risks of material misstatement, as well as a summary of the auditor's response to those risks and key observations that arose.
[2] In March 2015, the FRC issued a formal report on its own in-depth review of both compliance and user benefits in the first year of extended auditor's reports. See FRC, Extended Auditor's Reports – A Review of Experience in the First Year (March 2015). The review included a detailed analysis of 153 extended auditor's reports (63 from the FTSE 100). Almost all of these reports were issued by the four largest firms (147 out of 153).
The FRC review found that auditors appeared not only to have met the new requirements, but in many cases, had voluntarily made further changes – sometimes quite radical changes – to the form and content of their reports. The new requirement spurred innovation and competition on the basis of the informativeness and quality of the report. In particular, the FRC praised reporting on detailed audit findings in relation to identified risks, informative use of explanatory diagrams and graphs, and the clarity of presentations that located the opinion at the beginning of the report as opposed to at the end.
The survey did, however, reveal areas where further improvements might be made. For example, the FRC suggested that auditors could improve risk reporting by being as entity-specific. The FRC also encouraged auditors to make sure the description of work performed in the auditor's report is consistent with the actual work performed, in light of inaccuracies in the descriptions in a few of the auditor's reports examined. In addition, although the overall message from the review was positive, the FRC pointed to emerging work from the FRC's Audit Quality Review Team:
During the FRC's Audit Quality Reviews, the FRC assesses whether the descriptions of work undertaken by auditors in extended auditor's reports are consistent with the evidence of the work actually performed. In some instances the FRC has identified inaccuracies in the auditor's descriptions of the nature or extent of the audit procedures performed. The FRC has brought these matters to the attention of the relevant audit firms and reminded all the major firms of the importance of ensuring that their auditor's reports accurately reflect the work performed.
Id. at 56.