|
DATE | June 30, 2011 |
James R. Doty, Chairman | |
EVENT: | FEE Conference on Audit Policy |
LOCATION: | Brussels, Belgium |
It is a genuine honor to be with you today. I want to thank the Federation of European Accountants for convening such a distinguished group of experts to encourage new thinking about the role the audit profession can play in strengthening financial systems, both here in Europe and abroad. I also want to thank all of you for the extraordinary welcome my colleagues and I have received here in Brussels. Although this conference is coming to a close, the opportunity to be here signifies several beginnings for me. I am new in my role at the Public Company Accounting Oversight Board. This is my first trip to Europe in this role. And when I leave the conference this evening, I will head directly to Paris to meet with a PCAOB counterpart — the chairman and staff of the H3C. I look forward to many more such meetings. I am enthusiastic about what we can do through auditor oversight, both on our own and with our counterparts, to improve the quality, reliability and transparency of financial information. Let me explain why. But I do have to say that the ideas I express today are my own and should not be attributed to the PCAOB as a whole or any other members or staff. I. Extraordinary Challenges Call for Creative IdeasWe are experiencing extraordinarily challenging times. In the United States, we have experienced the worst economic crisis since the Great Depression. We have lost not just one, but several, titans of the U.S. financial industry, an industry that we had thought secured the economic well-being of our nation. A determined people, such as we all serve, can overcome such setbacks. With the lessons we have learned, we can build financial systems that embody the great strength and character of all our nations, while serving as an example to the world of how fair societies protect their people. Two U.S. administrations have devoted enormous effort and concentration to mending our economy, and European leaders also are clearly focused on restoring stability. As a great American lawyer, Rufus Choate, in an 1841 speech to the U.S. Senate, reminded us: "The final end of government is not to exert restraint but to do good." I am absolutely confident that through cooperation we can achieve our goals. But the task will require hard work. It will require both U.S. and non-U.S. authorities to bring creativity to bear. This is not just a banking problem to be addressed by finance ministers and bank supervisors. A better early warning system, based on more relevant and reliable financial information about risks, and about leverage and liquidity, would undoubtedly have made a difference to boards, bank supervisors, and investors. Reliable financial information is also fundamental to investor confidence in the fairness of markets. Good audits are critical to reliability. And, of course, good audits go hand-in-hand with good corporate
governance. Good audits benefit not only investors, but audit
committees, boards of directors, even management. Bad audits
ultimately hurt all these. In the United States, more than half of all American households and one in three adults owns stocks directly or through mutual funds. The vast majority of these Americans depend on these investments to fund their retirements. This reflects the move of U.S. companies away from a defined benefit retirement system some time ago. This move has given people freedom from economic dependence. But it amplifies the economic consequences of inaccurate financial reporting and financial fraud, which can have a devastating impact on the everyday lives of potentially millions of individuals, as we saw when the accounting frauds at Enron and Worldcom were exposed. Employers in Europe have begun to make this shift as well. As countries move away from state-funded pensions and participation by the general public in the capital markets increases, the importance of transparent financial markets and reporting and rigorous financial regulation grows. With the discussions of convergence in accounting standards waxing, it may be useful to note actual convergence in savings patterns as an emerging trend, and to reflect on the critical, cultural value of the audit to that trend. International cooperation thus becomes critical. In a crisis, when a nation's (or a region's) economic well-being is in jeopardy, there can be a tendency to retrench and pull inward. This is not the right response. We must embrace cooperation, and close regulatory loopholes and the opportunities for regulatory arbitrage. This depends on continued communication and goodwill between and among regulators. We must have the courage to step forward and find solutions that best protect the public. II. The PCAOB's Policy Agenda to Enhance the Relevance, Credibility and Transparency of AuditsThe recent financial crisis has precipitated serious questions about (i) the relevance and value of audits, (ii) the relationship of the auditor to the audit client, and (iii) the role of various participants in the audit. The PCAOB plans to commence debate on several concepts intended, together, to enhance the relevance and credibility of audits, and to provide the public a better understanding of auditors' work through enhanced transparency. That said, these projects are founded on the principle that audit regulation should foster conduct and a culture consistent with the franchise that the securities regulatory regime accords the profession. We have and will continue to engage in broad public outreach to obtain feedback and suggestions. We need constructive insights from a wide range of voices and experience to help us design effective solutions. A. The Auditor's Reporting ModelLast Tuesday, the PCAOB released a paper on the first of these ideas — a concept release on potential changes to the auditor's reporting model. This project is about what information investors want from audit reports in the future, and how audit reports can be more useful to society. It's about how audits can provide investors more insightful assessments of management stewardship. While auditors most certainly did not cause the financial crisis, some people have legitimately questioned whether audits adequately served investors' needs in the months and years before and during the crisis. For decades, the auditor's report has identified the financial statements that were audited, described the general nature of the audit, and presented the auditor's opinion as to whether, taken in their entirety, those statements present the company's financial results and position fairly in all material respects. Given the effort involved in an audit of a large company, and the complexity of many financial statements, investors want deeper insight from the auditor. The concept release explores several ways that audit reports could better serve investors. The four, broad alternatives offered for discussion by our concept release show that we have not remained oblivious to the ideas discussed here in Europe, and their relevance to better corporate governance. To summarize:
All are ideas that raise many interesting issues. We expect to hear from many commenters. The alternatives described in the concept release are the result of several months' of engagement with investors and others to identify concrete ways in which audit reports can be improved. This outreach was critical, since unlike most other standard setting projects, this project required us to understand user needs before we could develop means of meeting those needs. The alternatives described in the concept release also focus on enhancing the relevance of the auditor's communication to investors. They would not change the fundamental role of the auditor to perform an audit and attest to management's assertions as embodied in management's financial statements. Nor are they intended to put the auditor in the position of creating and reporting financial information for management. Together with the other initiatives I will describe, this project is intended to spur debate over how to infuse auditing with an immutable emphasis on public service. B. Auditor IndependenceI am mindful that culture does not change quickly. It would be naïve to think that merely changing the auditor's report would trigger cultural change. This is why I advocate a holistic approach aimed at enhancing the credibility and transparency of audits as well as their relevance. The second project I want to describe goes to the credibility of audits. An audit has value to the public only to the extent that it is performed by a third party who is viewed as having no financial stake in the outcome. As auditors and audit regulators, though, we know that auditors do face real pressures to please their clients, or lose the fee. The payment model is an inherent challenge to independence and objectivity as the auditor is hired and fired by the company itself. The Sarbanes-Oxley Act's reform to shift hiring and oversight of the auditor from management to the audit committee may in practice have proved insufficient to counteract that conflict and others facing auditors. The PCAOB has conducted annual inspections of the largest U.S. audit firms for eight years. The PCAOB's inspectors have reviewed more than 2,800 engagements of such firms and discovered and analyzed hundreds of cases involving what they determined to be audit failures.[1] I do not suggest that every audit failure detected by inspectors resulted from a lack of objectivity or skepticism. Some may reflect weaknesses in technical competence, in experience, or some other root cause. Undoubtedly, competitive pressures in the marketplace for services, leading to cross-selling and pressures on client intake, have played a causal role too. Moreover, as our inspections are not random, but risk-based selections of engagements, we may be looking at the most error-prone situations. Firms have implemented rigorous training and other quality control initiatives to address identified problems. The PCAOB evaluates those remediation efforts in detail. For the most part, the initiatives have been constructive. Yet inspectors continue to find audit failures, including in both basic areas and complex ones. Because skepticism is a state of mind, objectivity a silent success, their absence is rarely documented and can be particularly difficult to detect. But too often, the audit failures identified by inspectors do not appear to be explainable by any lack of knowledge, on the auditor's part, about what audit steps are required in the circumstances. Inspections by other audit regulators have also given rise to concerns about auditor skepticism, as reported by the U.K.'s Audit Inspection Unit, the Dutch AFM, and yesterday, the Australian Securities and Investments Commission.[2] I am prepared to consider all possible approaches to address the incidence of audit failures — including whether audit firm term limits would help address the inherent conflict created because the firm is paid by the client. Under existing U.S. rules, all but the smallest audit firms are required to rotate engagement and quality review partners. This requirement dates back to the profession's self-imposed quality control requirements. But it was imposed by law as part of the Sarbanes-Oxley Act's independence reforms. My understanding is that it is now widely accepted globally as a best practice. Partner rotation allows a firm to become aware of a partner's decisions in the audit. But a new partner will likely feel the need to live with those decisions and agreements; he may have little flexibility to reopen them. The partner of a new firm does not have that problem. A long-term engagement — and I'm speaking of over decades — can come to resemble an annuity for a firm. Management of the audit client may even populate the company's finance and internal audit departments with the auditor's own alumni. To be sure, incentives to please the client exist at various stages in the auditor-client relationship, including in the early years of a relationship, when the auditor might be trying to build a long-term relationship by pleasing the client. And inspectors do find audit failures in early years. Some have offered as the rationale for audit failures in early years that there is an increased risk of audit error inherent in new engagements because of the auditor's lack of experience with the client. That may happen, if firms take on clients they are ill-prepared to audit. But avoidance of such a risk — as opposed to fixing it with better client intake — is not a justification for accepting long tenures if they compromise skepticism. I am not committed to term limits as the only solution to these inherent challenges. Are there steps other than term limits that would be sufficient to overcome the incentive to avoid being the engagement partner that lost the long-term client? This is a question the PCAOB will, I expect, explore in another concept release, which I hope will be forthcoming soon. C. Providing More Context for Audit CommitteesThe PCAOB is also looking for ways to enhance audit committees' understanding of our inspection process. The U.S. regulatory framework envisions an important role for audit committees in championing auditor skepticism and independence. In my experience, I have seen both good and bad audit committees. I have been disappointed to see signs that some audit committees are more focused on fee control than quality control. But I have also observed the ways vigilant audit committees can enhance the credibility of the audit, amply justifying the cost of the auditor's work. Even well-engaged audit committees face challenges in assessing the quality of an audit, though, including challenges in obtaining from firms a candid assessment of weaknesses identified in PCAOB inspections. Instead, many audit committee members have reported to us troubling assertions by firms — such as that a particular audit deficiency cited by our inspectors is based on nothing more than incomplete documentation, or that it reflects merely a difference of professional judgment within a range of reasonable judgments. The PCAOB can neither open its inspection files to audit committees nor compel auditors to disclose inspection information to them. But we plan to help audit committees be better informed about our processes and better equipped to engage with their auditors about inspections without settling for responses that distort the significance of inspection results. D. Audit TransparencyFinally, I expect the Board to consider a proposal relating to audit transparency, in the form of enhanced disclosure about the participants in audits, including disclosure about the partner in charge of the audit as well as other firms involved in the audit. For many large, multi-national companies, a significant portion of the audit may be conducted abroad — even half or more of the total audit hours. In theory, when a networked firm signs the opinion, the audit is supposed to be seamless and of consistently high quality. In practice, that is often not the case. My first concern is investor and public awareness. I have been surprised to encounter many savvy business people and senior policy makers who are unaware of the fact that an audit report that is signed by a large U.S. firm may be based, in large part, on the work of affiliated firms. Such firms are often completely separate legal entities in other countries. Enhanced transparency about how cross-border audits are conducted should help investors and audit committees gain a better understanding of how an audit was conducted and make more informed decisions about how to use the audit report. III. Close Cooperation Among National Regulators Better Protects Investors EverywhereTo best protect investors, inspections of cross-border audits need to be as seamless as the audits are supposed to be. At the PCAOB, we have seen first hand the benefits of evaluating the various pieces of audits performed by different registered firms in multiple jurisdictions. Our inspectors often see more than the principal auditor — or signing firm — does. In many cases principal auditors rely on high-level reports from subsidiary auditors. They often don't review the work papers of the other auditors. When our inspectors do, many times they have found problems in that work. Inspectors have found obvious errors that could have, and should have, been picked up by the principal auditor if communication between the two auditors had been more robust. For example, inspectors have found unresolved audit issues between affiliates. One inspection team found a situation where the affiliate's audit team pervasively failed to perform audit procedures, unbeknownst to the principal auditor until our inspectors conducted their review. Once the problem came to light, the firm arranged for the team to be removed. But it fell to the PCAOB to find the problem. In several cases, inspectors discovered that an affiliate had failed to appropriately audit revenue, even though the affiliate reported to the principal auditor that it had. These findings demonstrate why it's so important that we look at the parts of the audit not performed by the principal auditor, whether the principal auditor was in the U.S. or elsewhere. Indeed, they should be of concern to audit regulators in Europe and other countries as well. Some of these examples were in situations where the principal auditor was outside the U.S., but the subsidiary auditor was in the U.S. This leads me to the urgency of regulatory cooperation. I want to thank Commissioner Barnier and his staff for their efforts in breaking the impasse we had faced to conducting inspections of firms registered with the PCAOB but residing in Europe. Based on those efforts, earlier this year, we commenced joint inspections with U.K. authorities. We have also recently begun joint inspections with Swiss authorities. And for several years we have conducted inspections either jointly with audit oversight bodies or in cooperation with the local securities or financial regulator in more than 30 other countries. In joint inspections, we sit side-by-side with our counterparts, share audit concerns, and support each other's work. We are together examining audits of some of the largest companies in the world. We can well use both regulators' staff resources to examine such large engagements. Under agreements such as those we've recently concluded with our U.K. and Swiss counterparts, we are able to share confidential information related to the firms we are jointly inspecting. Moreover, this year, we plan to inspect the audit of the U.S. operations of a U.K.-based issuer. If we find problems, we will bring them to the attention of our colleagues at the U.K.'s Audit Inspection Unit, and we will invite them to join us in any follow-up work. I expect this model to expand. I believe we are close to reaching similar arrangements with other European authorities. In each case we are dealing with delays for reviews by data protection authorities. In the U.S., we understand the importance of Europe's data protection regime. It champions goals grounded in historical significance, related to the individual's freedom from tyranny. It is possible, we believe, to conduct joint inspections and still comply with national data protection requirements. And so I urge the European regulators to hasten their consideration of the data protection issues to avoid further delaying our ability to work together. With the information-sharing authority granted in Dodd-Frank, the PCAOB will do its part to make this work. Some jurisdictions continue to resist joint inspections, professing preference for a policy of "mutual" or "full" reliance. Investor protection is put at risk, not advanced, by such an approach. Audits do not stop at borders, and neiter can effective cross-border audit regulation. As in the case of audits, reliance on high-level summaries of work performed by another regulator presents an unmitigated hand-off risk. There may be times when we separately identify audit problems that would be important for a counterpart to know. When that happens, we should convey the information and support the counterpart's need to analyze the effect on its own investor protections. But leaving oversight of the components of cross-border audits to the inconsistencies of separate regulatory processes should not be a goal. As with cross-border audits, cross-border inspections must be seamless to be effective. I applaud and concur with Commissioner Barnier's call, in the Green Paper on Audit Policy, that "Group auditors should have access to the reports and other documentation of all auditors reviewing sub-entities of the group." And that "Group auditors should be involved in and have a clear overview of the complete audit process to be able to support and defend the group audit opinion."[3] * * * I do not want to leave the discussion of what the PCAOB, and all of us, as regulators think about cross-border oversight and auditing, without a reminder of what we are regulating. We regulate not a market, not an industrial sector, not a product: we regulate a profession. It is a profession that is one of the oldest in our shared commercial history (mere longevity not here being the test). The auditing profession has, on the whole, served our commercial civilization well. That we are able at all to anatomize the problems of the audit and its relevance for the complexity of the global economy is, in no small part, attributable to the analytical clarity and independence that the audit profession has devised to our civilization. The great auditing firms that have evolved represent an achievement of societal economic development. As regulators, we must not shrink from truth, from needed change. On the other hand, we are advised to proceed with a full measure of intellectual humility, and heed the advice of Rufus Choate! [1] An audit failure—that is, a failure to obtain reasonable assurance about whether the financial statements are free of material misstatement—does not mean that the financial statements are, in fact, materially misstated. When an issue is described in the public portion of an inspection report, that means that the inspection staff has determined that, because of a concretely identifiable error or omission, the firm failed to perform an audit that provides reasonable assurance about whether the financial statements are free of material misstatement. In other words, the inspection staff has determined that the audit failed. [2] See U.K. Audit Inspection Unit, 2009/10 Annual Report 4 (July 21, 2010) (stating that "[f]irms sometimes approach the audit of highly judgmental balances by seeking to obtain evidence that corroborates rather than challenges the judgments made by their clients" and that "[a]uditors should exercise greater professional scepticism particularly when reviewing management’s judgments relating to fair values and the impairment of goodwill and other intangibles and future cash flows relevant to the consideration of going concern"); AFM, Report on General Findings Regarding Audit Quality and Quality Control Monitoring 13-14 (Sept. 1, 2010); Australian Securities & Investment Commission, Audit Inspection Program Public Report for 2009-2010 (June 29, 2011). [3] See European Commission Green Paper, Audit Policy: Lessons from the Crisis (Oct. 13, 2010), at 13. |