Statement on Reproposed Auditing Standard on the Auditor's Report

Date May 11, 2016
Speaker Steven B. Harris, Board Member
Event PCAOB Open Board Meeting
Location Washington

Mr. Chairman, I commend you, the other members of the Board, and the staff for moving this project forward. Modernizing the auditor's report has been a priority of mine since I joined the Board in 2008 and I have given statements on the subject at the four previous open meetings.[1]

The need for a new expanded auditor's report has also been discussed as far back as May 2010 and March 2011 at PCAOB Investor Advisory Group meetings which I chaired as well as at numerous Standing Advisory Group meetings going back to 2010.[2]

The current audit report features boilerplate language – decades old – that largely remains the same regardless of the risks a particular company might be dealing with or the unique problems that auditors encountered in performing the audit. Time and again, investors have asked for auditors to provide more information about the difficult parts of the audit, information that the auditor gained from the audit that he or she would like to know as an investor, and, most importantly, those items in the audit that kept the auditor awake at night.

Following the various reporting scandals that occurred at the beginning of this century, Congress passed the Sarbanes-Oxley Act to establish the PCAOB. The Board's statutory mandate is direct: "to protect the interest of investors…in the preparation of informative, accurate and independent audit reports."[3] In pressing to assure that audit reports are sufficiently explanatory and useful to investors, we are simply doing what Congress charged us to do and expected us to do – namely provide "informative" reports, which is currently not the case in the view of most investors.

The recent financial crisis demonstrated again the need for an expanded report. As the California Public Employees' Retirement System, or CalPERS, noted in its May 2014 comment letter in response to our 2013 proposal: from 2008-2010 the auditor's report for a recipient of Troubled Asset Relief Program funds did not change while the audit fee increased by approximately 62 percent.[4] Investors in that company had no insight into "[w]hat additional work was necessary for the auditor to be able to once again provide a non-descript [auditor's report]."[5]

It is well past time that investors, the real clients of the auditor, who ultimately pay for the audit and depend upon its veracity, receive a report that meets their legitimate expectations and needs.

PCAOB action to address this problem is warranted even if no one else had already done so. Yet, the United States now lags behind the rest of the world in modernizing the language of the report. The Financial Reporting Council ("FRC") in the United Kingdom mandated in 2013 that audit firms provide expanded information in their audit reports.[6] The European Union[7] and the International Auditing and Assurance Standards Board ("IAASB")[8] adopted their standards in April and September 2014, respectively.

Now auditors of foreign companies issue two reports for the same audit – an expanded informative report that is unique to that company in their jurisdiction and a simple generic report in the U.S. For example, in the U.K., the auditor provides a more descriptive report as required under U.K. rules, but only provides the boilerplate three paragraph report in the company's U.S. filings with the Securities and Exchange Commission. I believe U.S. investors deserve similarly informative reports as those required abroad.

In 2014, the Board held a public meeting in the wake of the many reforms to the auditor's report that had, by then, been adopted in the United Kingdom and proposed by the European Union and the IAASB.

Various experts from outside the United States were present during the 2014 public meeting, including William Touche, senior audit partner of Deloitte's London audit practice and leader of the firm's U.K. Center for Corporate Governance. In discussing his firm's views on the expanded report, Mr. Touche stated:

we see the extended audit report as an opportunity to inform shareholders about the important work we do on their behalf. We are appointed by shareholders to form a view—and commenting on the major focus areas of our work now seems quite natural ...."[9]

Critical Audit Matters

I have carefully reviewed this reproposal and I am pleased that it continues to require additional information about the auditor's (i) independence, (ii) tenure and (iii) responsibilities for fraud and financial notes. I support these changes as do the investors and investor representatives who commented on the 2013 proposal.[10]

However, I remain concerned with the proposed definition of "critical audit matter," or CAM.

In August 2013, while supporting the Board's issuance of the original proposed rule regarding the auditor's report, I voiced concerns that the proposal was not strong enough to accomplish its purpose, or to meet the needs of investors. I listed three reasons. First, that the language in the original proposal endorsed a subjective standard of determining what is a CAM. Second, that the effectiveness of the new disclosures could vary depending on how plainly and directly they were written. And third, I was concerned that effective inspection and enforcement of compliance with a subjective critical audit matters standard would not be possible.

Many investors and investor representatives voiced similar concerns regarding the subjectivity of the standard in the original proposal.[11]

The reproposed definition of CAMs limits the source of a CAM to any matter communicated or required to be communicated to the audit committee that (i) relates to material accounts or disclosures and (ii) involves especially challenging, subjective, or complex auditor judgment.

I agree that CAMs should include matters discussed with the audit committee. Audit committees are intended to represent investors' interests and to oversee the work of the auditor. Under our audit committee communication rules, the auditor and the audit committee must discuss those matters that are significant to the company and the audit.[12] Therefore, it is appropriate and reasonable that the population of CAMs come from that source.

The revised definition however, still contains an element of subjectivity. In my view, allowing auditors to decide what matters involved "especially challenging, subjective or complex auditor judgment" still grants them too much discretion. And the factors listed in the standard that guide the auditor in determining whether a matter meets these criteria do not help as they are subjective themselves. I had hoped that the proposed standard would be more objective so as to guard against the possibility of auditors pursuing artful means to avoid providing information to investors. Further, my earlier concern about the possibility of effectively inspecting and enforcing compliance with such a subjective standard persists. If we cannot successfully apply our inspection regime to the new CAMs rules, and if enforcement proves difficult or impossible, this proposal will not be as effective as it otherwise could be.

I believe that there should also be a precise list of matters that the auditor must discuss in the report– not unlike the European Union regulation, which requires auditors to describe "the most significant assessed risks of material misstatement, including assessed risks of material misstatement due to fraud,"[13] As I noted in 2013, respondents to the PCAOB Investor Advisory Group's survey indicated a strong need for the auditor's report to contain a discussion regarding the auditor's assessment of management's estimates and judgments, a discussion of unusual transactions, restatements and other changes, and the auditor's assessment of the quality of the issuer's accounting policies and practices.[14] The comments we received on the proposal from investors and investor representatives,[15] including the investor panel at the April 2014 public meeting on the auditor's report,[16] continue to call for the inclusion of these items in the report. As noted by Jeff Mahoney of the Council for Institutional Investors at the April 2014 hearing, these items provide "the kind of independent auditor 'insight' that are . . . more responsive to investors' information needs."[17]

I also share the concern that some commenters have raised regarding including descriptions of audit procedures performed in CAMs.[18] I am concerned that these descriptions could become too detailed and, as a result, make the auditor's report more complicated and difficult to read than it should be. If any such descriptive disclosures are included they should be sufficiently specific and detailed so that the subject of the disclosure is directly focused for the investor.

Despite my concerns, I continue to believe strongly that expanding the auditor's report is essential in fulfilling the Board's mandate under the Sarbanes-Oxley Act. An expanded auditor's report would have been helpful to investors by providing them information that might have mitigated their massive losses during the scandals of 2001-2002 and the more recent 2007-2008 financial crisis. It remains a mystery how so many companies went bankrupt during these crises and yet received audit reports without a hint of any significant problems from their auditors. And, I would note that it was the 2007-2008 crisis that led directly to the audit report reforms in the EU[19] and UK.[20] Others clearly recognized and acted to address the need and problems associated with the old format of the report.

Quite frankly, I would also hope that the expanded auditor's report would be good for the profession, not just the investor. As Mr. Touche noted, in the U.K. the expanded report has inspired the profession as it "invigorates their personal sense of responsibility and pride and underscores to them why quality is so important in everything [they] do."[21] He goes on to say that through the expanded audit report the profession has "been given the opportunity to re-establish the value of audit."[22] As a leading member of the profession in the U.K., he actively welcomed reform and I encourage the profession here to embrace the inevitable modernization of the report as well.

Conclusion

In conclusion, today the Board is taking a positive, though limited, step in furthering investor protection by revising a clearly outdated, formulaic and uninformative auditor's report. The United States Treasury Department's Advisory Committee on the Auditing Profession proposed the idea in 2008,[23] and after all these years of Board consideration, I would hope that, after hearing from all interested parties, we could vote on a final proposal by the end of the year. I see no reason not to do so.

I join my fellow board members in thanking the staff who have put in so many long nights and weekends to get us to this point. They include Marty Baumann, Jennifer Rand, Jessica Watts, Karen Wiedemann, Elena Bozhkova, and Ekaterina Dizna, from our Chief Auditor's office, Andres Vinelli and Morris Mitler from our Center of Economic Analysis, and Gordon Seymour and Jennifer Williams from our Office of General Counsel.

Finally, Mr. Chairman, I want to acknowledge your ongoing commitment and leadership to providing investors and the capital markets with a more informative, accurate and independent audit report.

[1] See Statement on Consideration of Adopting Rules on Periodic Reporting by Registered Public Accounting Firms (June 10, 2008), Statement on Proposed Auditing Standards Regarding the Auditor's Report and the Auditor's Responsibilities Regarding Other Information (Aug. 13, 2013), Statement on the Auditor's Reporting Model Roundtable (Sept. 15, 2011), Statement on Concept Release on Possible Revisions to PCAOB Standards Related to Reports on Audited Financial Statements (June 21, 2011), and Statement on Auditor's Reporting Model (March 22, 2011).

[2] See Investor Advisory Group of the Public Company Accounting Oversight Board Summary of May 4, 2010 Meeting and. See Report of the Investor Advisory Group Working Group on "The Auditor's Report and The Role of the Auditor" (March 16, 2011).

[3] Section 101(a) of the Sarbanes-Oxley Act of 2002 ("Sarbanes-Oxley").

[4] See Ann Simpson, Senior Portfolio Manager and Director of Global Governance, California Public Employees' Retirement System ("CalPERS") comment letter (May 2, 2014) ("CalPERS comment letter").

[5] Id.

[6] See paragraphs 19A–B of ISA (UK and Ireland) 700 (Revised June 2013), The Independent Auditor's Report on Financial Statements.The requirements becameeffective for audits of financial statements for periods beginning on or after October 1, 2012 and were applicable to audits of companies that apply the United Kingdom Corporate Governance Code.

[7] See Reforming EU audit services to restore investors' confidence, Press Release (April 3, 2014).

[8] See IAASB Issues Final Standards to Improve Auditor's Report, Press Release (Jan. 15, 2015).

[9] Public Meeting Statement of William Touche, Partner, Deloitte LLP (UK) (March 26, 2014) ("Touche Public Meeting Statement").

[10] See CalPERS comment letter , Glenn W. Reed, Managing Director, Strategy and Finance Group, Vanguard comment letter (Dec. 11, 2013), and Brandon Rees, Acting Director, Office of Investment, American Federation of Labor and Congress of Industrial Organizations (AFL-CIO) comment letter ("AFL-CIO Comment Letter") (Dec. 9, 2013).

[11] See AFL-CIO comment letter, Barbara Roper, Director of Investor Protection, Consumer Federation of America comment letter ("Consumer Federation of America comment letter") (Dec. 11, 2013), Anne Sheehan, Director of Corporate Governance, California State Teachers' Retirement System (CalSTRS) comment letter ("CalSTRS comment letter") (Feb. 11, 2014), Kurt N. Schacht, JD, CFA, Managing Director, Standards & Financial Markets Integrity Division; Ashwinpaul C. Sondhi, Chair, Corporate Disclosure Policy Council, CFA Institute comment letter (Dec. 30, 2013).

[12] See AS 1301 (currently Auditing Standard No. 16), Communications with Audit Committees, regarding matters required to be communicated to the audit committee.

[13] Requirement 2(c)(i) of Article 10, Audit Report, of Regulation (EU) No 537/2014 of the European Parliament and of the Council ("Regulation (EU) No 537/2014")

[14] See Report of the Investor Advisory Group Working Group on "The Auditor's Report and The Role of the Auditor" (March 16, 2011).

[15] See, e.g., CFA Institute comment letter (Dec. 30, 2013); CalSTRSystem comment letter, Jennifer Paquette, Chief Investment Officer, Colorado Public Employees' Retirement Association comment letter (Feb. 27, 2014); Consumer Federation of America comment letter, CalPERS comment letter, Michael P. McCauley, Senior Officer, Investment Programs and Governance, State Board of Administration of Florida comment letter (Feb. 26, 2014), and AFL-CIO Comment Letter.

[16] See, e.g., Public Meeting Statement of Jeffrey P. Mahoney, General Counsel, Council of Institutional Investors (April 2, 2014) ("Mahoney Public Meeting Statement"), Public Meeting Statement by Lynn E. Turner, Former SEC Chief Accountant, Managing Director, LitiNomics (April 2, 2014), and Public Meeting Statement of Kurt Schacht, CFA, Managing Director, CFA Institute (April 2, 2014).

[17] Mahoney Public Meeting Statement.

[18] See Public Meeting Statement of Ann M. Cavanaugh, Managing Director, Global Accounting Policy, Black Rock, comment letter (April 2, 2014) and Touche Public Meeting Statement.

[19] See Preamble (4) to Regulation (EU) No 537/2014.

[20] See FRC "Extended Auditor's Reports A review of Experience in the first year" (March 2015).

[21] Touche Public Meeting Statement.

[22] Id.

[23] See Final Report of the Advisory Committee on the Auditing Profession to the U.S. Department of the Treasury (Oct. 6, 2008), at VII:17. Other commissions and committees have also discussed changes to the auditor's report. See, e.g., The103rd American Assembly, The Future of the Accounting Profession (Nov. 2003); Report of the National Commission on Fraudulent Financial Reporting (Oct. 1987); and American Institute of Certified Public Accountants, Commission on Auditor's Responsibilities: Report, Conclusions, and Recommendations (1978).