Washington, D.C.
Dec. 8, 2014
As a matter of policy, the Securities and Exchange Commission disclaims responsibility for any private publication or statement of any SEC employee or Commissioner. This speech expresses the author's views and does not necessarily reflect those of the Commission, the Commissioners, or other members of the SEC Staff.
Good morning and thank you Brad [Davidson] for the introduction. As Deputy Chief Accountant for OCA´s Professional Practice Group (PPG), I am fortunate to have a talented and dedicated team of professionals who focus on audit quality and investor protection each and every day. We work closely with, and provide advice and support to, other offices and divisions within the SEC on auditing, auditor independence, and internal control matters. OCA´s PPG also has a significant role in leading and coordinating the Commission´s oversight of the Public Company Accounting Oversight Board (PCAOB). In doing so, we work very closely with the PCAOB throughout the year to achieve our shared investor protection objectives.
I´ll begin my remarks this morning with some observations from our ongoing focus on auditor independence and then move on to some PCAOB and internal control matters. Also, Jim Schnurr mentioned our work to consider updating audit committee disclosure requirements so on that topic I´ll simply add that I too am enthusiastic about these efforts. I anticipate this work will continue to be a priority for OCA´s PPG in 2015.
High-quality audits performed objectively by independent auditors support investor confidence in financial reporting. Independence in both fact and appearance is foundational to an audit and necessary to reduce threats to auditor objectivity and to promote credibility. As I´ve said many times, I believe the SEC´s existing independence rules, which were last amended to implement the provisions of the Sarbanes-Oxley Act, have served us well.[i] Reinforcing my belief, we continue to observe efforts around the world to emulate aspects of our independence rules.[ii]
Notwithstanding the years of experience we all have had with the existing independence rules, we continue to respond to many independence inquiries each year. For example, we receive numerous questions about non-audit services, partner rotation, and business and employment relationships. Many of them relate to novel fact patters as practice evolves. Over the past couple of years we have seen an uptick in questions about broker dealer audits even though our independence rules have applied to these audits since 1975. OCA´s PPG has several staff members devoted to addressing your questions regarding auditor independence and I encourage you to continue consulting with us as you find appropriate. As we try to provide timely and helpful advice, we benefit because hearing from you helps the staff understand current practices and emerging issues. We interact routinely with auditors, management, and audit committee members given the responsibility these parties share for auditor independence. Information about OCA´s consultation process is available on the SEC website under Information for Accountants.[iii]
One of the questions I posed last year at this conference was whether management and audit committees have appropriate policies and procedures in place to evaluate the non-audit services provided by the company´s auditor. I mentioned that this evaluation should include monitoring the provision of non-audit services for the risk of "scope creep" that could result in a service becoming impermissible and impairing the auditor´s independence.[iv] I believe this reminder deserves repeating. Unfortunately, I am aware of at least one recent circumstance where a large accounting firm resigned from an issuer audit engagement because a purportedly permissible non-audit service was found to have deviated from its intended scope causing the auditor to impair its independence for the current period. When such issues occur, unplanned changes in auditors and potential reaudits can be costly and distracting to the company and its shareholders and can interfere with capital raising plans.
Another reminder that I feel compelled to repeat is that auditors of SEC-registered broker-dealers are required to be qualified and independent in accordance with the Commission´s auditor independence requirements in Rule 2‑01 of Regulation S‑X. Among other things, this means that auditors cannot both prepare and audit any part of the financial statements of a broker or dealer, including the statement of cash flows or the notes to the financial statements. Doing so is a violation of SEC independence rules.
Indeed, just this morning both the SEC and PCAOB announced the settlement of enforcement actions which include sanctions against numerous accounting firms that were found to have been involved in preparing financial statements and related notes of brokerage firms that were audit clients in violation of SEC rules. [v] I´m sure you will hear more about this topic from both SEC and PCAOB enforcement staff later in the conference.
While I´m mentioning broker-dealer audits, I should also note that in addition to long-standing SEC independence rules, several PCAOB independence rules began to apply to broker-dealer audits for the first time in June 2014. These new rules are in addition to the PCAOB´s audit and attestations standards. For example, PCAOB Rule 3526, Communications with Audit Committees Concerning Independence, now applies, which requires certain written communications and related discussions prior to acceptance of an initial engagement and then at least annually, or in some circumstances more frequently. The same is true for PCAOB Rule 3522 regarding tax transactions, which prohibits the provision of any non-audit service related to marketing, planning, or opining in favor of the tax treatment of certain transactions, including those that would be considered "aggressive tax position transactions." Important information about these and other PCAOB rules for auditors of broker-dealers is available on the PCAOB´s website.[vi]
I´ll wrap up my independence comments by mentioning two matters that OCA worked together on with our colleagues in the Division of Enforcement. You will likely hear more about these matters from Andrew Ceresney and Mike Maloney during tomorrow´s SEC enforcement update. First, with respect to one matter involving a large accounting firm that loaned staff to its audit clients, the Commission issued a report of investigation[vii] that clarified that an auditor cannot provide otherwise permissible services, such as tax compliance services for example, in a manner that is prohibited by the rules. Acting as an employee or performing decision-making or monitoring functions is always prohibited. Also, providing loaned staff services results in an accountant violating SEC independence rules by acting as an employee of the audit client, separate and apart from whether the accountant acted as a director or officer or performed any decision-making, supervisory, or on-going monitoring functions.
Although the Commission´s guidance may not specify whether a particular type of service is prohibited, neither the nature of the service nor the manner in which it is provided can be at odds with the principles in the Preliminary Note of Rule 2-01. As a reminder, always consider whether a relationship or service provided by an auditor:
Speaking of advocacy, this brings me to the second enforcement matter I want to mention. Earlier this year a large accounting firm agreed to settle charges that a subsidiary of the firm had lobbied congressional staff on behalf of two audit clients.[viii] These activities are impermissible because they put the firm in the position of serving as an advocate for its audit clients. In this case, the firm had asked congressional staff to insert language into a bill that was favorable to the business interests of an audit client. While these facts speak for themselves, I want to emphasize that advocacy can take many forms; it doesn´t need to involve Congress or necessarily be labeled as lobbying, and it is inconsistent with maintaining independence in both fact and appearance.
With all of this in mind, auditors should continue to evaluate and apply the independence rules carefully and ensure that partners and staff, including those responsible for providing non audit services, receive sufficient training on auditor independence rules and that necessary oversight and monitoring is in place. Audit committees as well should be vigilant in carefully considering risks when fulfilling their preapproval responsibilities and, where appropriate, should establish ongoing monitoring to help avoid the types of issues I have described emanating from decisions to proceed with services that may pose scope creep threats.
You´ll hear from Chairman Doty, Board Member Hanson, and staff of the PCAOB later in the conference but I´d like to make a few observations given that the oversight of and collaboration with the PCAOB is a significant part of OCA´s PPG´s work.
First, as Jim [Schnurr] mentioned, for the past few years I have been encouraging quicker progress on updates to audit performance standards.[ix] I mentioned that standards such as auditing estimates, including fair value measurements, and use of other auditors and specialists, have all been on the PCAOB´s agenda and talked about at various meetings for several years but have not advanced to a public proposal. As I´ve said before, my view is that there has been enough talk about the need to update these standards and it is time to make progress by advancing these projects to proposals for public input. Another year has passed on these particular projects with no public proposals. I am pleased the PCAOB recently adopted, and the Commission approved, Auditing Standard No. 18, which address auditing of related party and significant unusual transactions, and the PCAOB also advanced a staff consultation paper on auditing estimates, including fair value. However, I have an increasing degree of concern about the slow pace of advancing important auditing and quality control projects and I once again hope to see more accomplished in 2015. I also look forward to working with Jim and the PCAOB Board and staff on to consider longer term improvements to the PCAOB´s standard setting process as Jim mentioned earlier.
Second, I am pleased to see the PCAOB´s Offices of the Chief Auditor and Research and Analysis working together to develop and implement policies and practices to embed economic analysis more formally into the PCAOB´s rulemaking efforts. Consistent with remarks I´ve made over the past years about root cause analysis and what I call the "audit performance feedback loop," I am also pleased to see the PCAOB advance its focus on root cause analysis of auditor behavior. In light of the behavioral nature of auditing, including the importance of the application of due care and professional skepticism, I have become very interested in the recent emergence of some insightful work in the academic community. For example, I noted that a recent academic paper on the Social Sciences Research Network (SSRN) titled, "The Way Forward on Professional Skepticism: Conceptualizing Processional Skepticism as an Attitude" [x] quickly became one of the ten most downloaded papers. Behavioral audit research that can likely follow may help improve our understanding of fundamental root causes of audit deficiencies and facilitate development of amendments to auditing standards that are most likely to effectively and efficiently achieve their intended result.
My third and final observation on PCAOB matters, which may indeed be related to the prior point, is to commend the PCAOB for the recent improvements made to the content of inspection reports. One change that I believe to be particularly useful is the addition of references to specific paragraphs of PCAOB standards that are the subject of auditor performance criticisms in inspection findings. I believe this addition provides readers of the reports with helpful context for both the nature and severity of the criticism. In addition, a new appendix (Appendix D) has been included in the reports of annually inspected firms that summarizes the auditing standards referenced within the inspection reports.
I believe this appendix could be particularly useful for audit committees to promote meaningful discussions with auditors about whether and how those same standards are being applied on their engagements to help to address or avoid similar issues. I understand that some professors are also using this new appendix in the classroom to help tomorrow´s auditors learn from today´s mistakes. I also understand thought is being given by some in the academic community about the ways this new data can be used to inform audit research.
I know that the PCAOB is likewise continually considering how its own use of the data can be enhanced. I suspect that together we will be able to more easily identify areas within auditing standards deserving focus and inform thinking about the nature of changes that are most likely to improve quality. This of course includes considering whether to clarify or build out aspects of a standard in ways that decrease the likelihood that an auditor would issue a report without performing necessary procedures.
Let me move on briefly to internal control over financial reporting (ICFR).
Last year I discussed that we are working together throughout OCA as well as with other offices and divisions on ICFR matters. I questioned whether material weaknesses were being properly identified and disclosed; mentioned that OCA planned to continue our close work with Corp Fin, the PCAOB, and Enforcement to address these matters; and noted it was surprisingly rare to see management identify a material weakness in the absence of a material misstatement. I suggested these results could either stem from deficiencies not being identified in the first instance or from the severity of deficiencies not being evaluated appropriately.[xi]
On the next panel after the break, Kevin Stout, a Senior Associate Chief Accountant in OCA´s PPG, will discuss some observations from our work with Corp Fin and the PCAOB over the last year. He will touch on COSO´s updated framework, management´s identification and consideration of financial reporting risks in their annual ICFR evaluations, and some specific concerns about how the nature of deficiencies are described and their severity evaluated. You´ll also hear more from staff in our Division of Corporation Finance on this topic tomorrow.
On the enforcement front tomorrow you´ll be hearing more about a number of ICFR enforcement case, including one where the SEC charged the CEO and CFO of a public company who mislead its auditors by withholding information about internal control deficiencies.[xii] The CEO of the same public company did not participate in management´s evaluation of its internal controls despite contrary representations in its Form 10-K. Both the CEO and CFO signed the Form 10-K containing a false management report on its controls as well as signed false certifications in which they represented they had evaluated the report and disclosed all significant deficiencies to the auditors.
Suffice it to say, based upon our cumulative efforts this year, I continue to question whether material weaknesses are being properly identified, evaluated, and disclosed. A take away you should have by the end of the conference is that our efforts throughout the SEC pertaining to the ICFR requirements are ongoing, coordinated, and increasingly integrated into our routine consultation, disclosure review and enforcement efforts.
I´ll wrap up with a final prospective point on ICFR. As companies work to implement the FASB and IASB´s newly converged standard on revenue recognition[xiii] it is important to give early and ongoing consideration to implementing new controls or redesigning existing controls where necessary. Given the special importance of properly accounting for revenue, to the extent changes are made to ICFR in advance of adoption that also relate to current period financial reporting, I´d also remind management to consider its quarterly obligations to disclose material changes to ICFR.
Thank you for your attention and I look forward to answering any questions on the end of day Q&A panel.
[i] See Brian T. Croteau, Remarks Before the 2013 AICPA National Conference on Current SEC and PCAOB Developments — Audit Policy and Current Auditing and Internal Control Matters (Dec. 9, 2013), available at http://www.sec.gov/News/Speech/Detail/Speech/1370540472057.
[ii] See, e.g., European Commission Regulation (EU) No 537/2014 on specific requirements regarding statutory audit of public-interest entities and repealing Commission Decision 2005/909/EC (April 16, 2014), available at http://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX:32014R0537&from=EN; and International Ethics Standards Board for Accountants (IESBA) Exposure Draft, Proposed Changes to Certain Provisions of the Code Addressing the Long Association of Personnel with an Audit or Assurance Client (Aug. 14, 2014), available at http://www.ifac.org/publications-resources/proposed-changes-certain-provisions-code-addressing-long-association-personne.
[iii] See OCA, Guidance for Consulting with the Office of the Chief Accountant, at http://www.sec.gov/info/accountants/ocasubguidance.htm.
[iv] See Brian T. Croteau, op. cit.
[v] See SEC, SEC Sanctions Eight Audit Firms for Violating Auditor Independence Rules (Dec. 8, 2014), available at http://www.sec.gov/News/PressRelease/Detail/PressRelease/1370543608588; and PCAOB, PCAOB Announces Settled Disciplinary Orders Against Seven Audit Firms for Independence Violations When Auditing Broker-Dealers (Dec. 8, 2014), available at http://pcaobus.org/news/Releases/Pages/12082014_Enforcement.aspx.
[vi] See PCAOB, Staff Guidance for Auditors of SEC-Registered Brokers and Dealers (June 26, 2014), available at http://pcaobus.org/Standards/Documents/06262014_Staff_Guidance.pdf.
[vii] See Rel. No. 37-71390, Report of Investigation Pursuant to Section 21(a) of the Securities Exchange Act of 1934: KPMG LLP (Jan. 24, 2014), available at https://www.sec.gov/litigation/investreport/34-71390.pdf.
[viii] See In re Ernst & Young LLP, AAER No. 3566 (July 14, 2014), available at http://www.sec.gov/litigation/admin/2014/34-72602.pdf.
[ix] See, e.g., Brian T. Croteau, op. cit.; Remarks Before the 2012 AICPA National Conference on Current SEC and PCAOB Developments – Audit Policy and Current Auditing and Internal Control Matters (Dec. 3, 2012), available at http://www.sec.gov/News/Speech/Detail/Speech/1365171491828; and Remarks Before the 2011 AICPA National Conference on Current SEC and PCAOB Developments – The Role of the Audit Performance Feedback Loop in Audit Policy Decision-Making (Dec. 5, 2014), available at http://www.sec.gov/news/speech/2011/spch120511btc.htm.
[x] See
Christine J. Nolder and Kathryn Kadous, The Way Forward on Professional
Skepticism: Conceptualizing Professional Skepticism as an Attitude (Nov.
14, 2014), available at
http://papers.ssrn.com/sol3/papers.cfm?abstract_id=2524573.
[xi] See Brian T. Croteau, op. cit. (2013).
[xii] See In re Marc Sherman, AAER No. 3573 (July 30, 2014), available at http://www.sec.gov/litigation/admin/2014/34-72723.pdf; In re Edward L. Cummings, CPA, AAER No. 3572 (July 30, 2014), available at http://www.sec.gov/litigation/admin/2014/34-72722.pdf.
[xiii] See FASB, Accounting Standards Update No. 2014-09— Revenue from Contracts with Customers (Topic 606) (May 2014), available at http://www.fasb.org/jsp/FASB/Document_C/DocumentPage?cid=1176164076069&acceptedDisclaimer=true