Current Priorities of the PCAOB

Date
Oct. 25, 2016
Speaker
Steven B. Harris, Board Member
Event
NYSSCPA SEC Conference
Location
New York

I want to thank the New York State Society of Certified Public Accountants for inviting me to speak today. It is a pleasure to appear before the nation's first state CPA society, currently representing over 26,000 CPAs.

At the outset, I must state that the views I express are my own and do not necessarily reflect the views of the Board, any other Board member, or the staff of the PCAOB.

New York is the birthplace of public accounting in the United States. Therefore, it is not surprising that the Society and its members have been on the front lines in discussions about issues affecting the profession for so many years. In the 1950s, your ethics rules set a standard far tougher than that of the AICPA. In the 1970s, your then-President, Eli Mason, argued that audit firms should not offer consulting services to their clients because their independence would be compromised. In this respect he was truly ahead of his time given the restrictions that were subsequently adopted in the Sarbanes-Oxley Act of 2002.

So I commend the Society for what it has done to promote integrity, professionalism, and ethics in the profession. You should be very proud of its record.

Today, I would like to discuss some of the current priorities of the PCAOB, a number of which are outlined in the Board's five year strategic plan.[1]

Role of the Independent Auditor

But first, a few words about the critical role auditors play in our capital markets. You provide an objective third party opinion on the veracity and quality of financial statements. Investors rely on auditors to be the gatekeepers of financial reporting integrity. This covenant between auditors and the public was established in 1933 when Colonel Arthur H. Carter, the president of the Society, persuaded Congress to require public companies to file financial statements reviewed by independent auditors. Congress' action granted the profession a special franchise, one that has enabled firms to earn billions of dollars of revenue annually.

Investors are the Auditor's True Client

This covenant also places special public obligations on auditors. As you know, the Supreme Court, in United States v. Arthur Young, described the auditor's role as a "public watchdog function" that demands "total independence from the client at all times and requires complete fidelity to the public trust."[2]

Unfortunately, as a direct result of the various financial crises that have roiled our markets over the past few decades, the accounting profession has faced serious questions about its independence and the quality of its work. After each crisis, investors questioned whether the auditors were more concerned with maintaining their client relationships than serving the public. That is why the first words of the Sarbanes-Oxley Act are "to protect investors" and why the Act sought in many ways to reinforce the importance of investors as the auditor's true client.

Re-emergence of Concerns about Auditor Independence

This brings me to the first initiative I want to highlight from our strategic plan – monitoring emerging threats to auditor independence.[3] PCAOB staff has been examining the evolution and structure of audit and non-audit services offered by larger accounting firms to identify possible implications of resulting multi-disciplinary business models for independence and audit quality, and also to develop appropriate responses as needed.[4]

This initiative reflects a growing concern that auditor independence could again be threatened by the rise of consulting and advisory services in audit firms. Revenue from consulting and advisory services is growing at a faster pace than audit revenue, and at a number of the largest firms consulting and advisory revenue will soon surpass audit revenue.

Given this trend, many wonder whether the firms will be able to resist the powerful temptation to cross sell or market their advisory and consulting services to audit clients.

As you know, auditors must approach each audit with professional skepticism and a willingness and freedom to decide issues in an unbiased and objective manner, even when their decisions contradict the interests of management. However, under federal securities laws, it is not enough for the auditor to act independently. Under Securities and Exchange Commission rules, investors must also believe that the auditor is independent.[5] As John L. Carey, the former Executive Director of the AICPA, said some 60 years ago, "the accounting profession must be like Caesar's wife. To be suspected is almost as bad as to be convicted."

Nonetheless, I am troubled that although the independence rules have been in place for more than a decade, our Inspection staff continues to identify findings related to the provision of impermissible non-audit services, non-compliance with partner rotation requirements, impermissible financial relationships between the auditor and the client, and indemnification provisions in engagement letters.[6]

The Board is committed to monitoring and holding auditors accountable to high standards of independence, objectivity, and professional skepticism.[7] As Claudius Modesti, the head of the Board's enforcement division, mentioned earlier today, independence matters are a high priority area for the Board's enforcement program. As audit firms continue to market new advisory and consulting services unrelated to their audit services, our enforcement program will continue to vigilantly safeguard the integrity of the audit by ensuring that those who conduct the audit are truly independent.

Our enforcement staff works very closely with the SEC's Division of Enforcement. In many cases, the SEC has taken the lead in investigating and taking action on independence violations.[8] While I cannot discuss our pending investigations and non-public disciplinary proceedings, our enforcement program has actively pursued independence violations where appropriate, including proceedings involving prohibited non-audit services, financial interests in or prohibited relationships with clients, and failures to comply with engagement partner rotation requirements.

I urge you to review your client relationships carefully by asking whether a reasonable investor, with knowledge of all relevant facts and circumstances, would conclude that you are capable of exercising objective and impartial judgment on all issues encompassed within the audit.[9]

We will continue to assess whether and how firm independence monitoring systems provide reasonable assurance of independence from audit clients, including whether and how those systems address the growth in consulting and other non-audit services across the profession.

State of Audit Quality

Ensuring compliance with the independence rules goes hand in hand with the PCAOB's commitment to improving audit quality.

Most observers agree that audit quality has improved since the passage of the Sarbanes-Oxley Act and the creation of the PCAOB. Even individuals within the profession have commented that their work product is better today than it was in the era of self-regulation. Investors, however, believe that there is still considerable room for improvement.

As Lillian Ceynowa, from the Board's Office of Chief Auditor, mentioned earlier today, in 2015 our inspection staff observed high rates of audit deficiencies relating to:

  1. audits of internal control over financial reporting,
  2. assessing and responding to risks of material misstatement, and
  3. accounting estimates, including fair value measurements.

Our inspection staff also identified deficiencies in revenue recognition, application of substantive analytical procedures, audit sampling, and related party transactions.

There are a number of reasons for the continued high rate of audit deficiencies at many of the firms we inspect. These include poor supervision, failure to exercise appropriate professional skepticism, ignoring contradictory evidence, poor audit planning, lack of training or knowledge of audit personnel, and tight deadlines. These issues are within your control to address before the audit season begins and I would urge you to do so. You should ask your teams if additional training in certain complex areas is needed, if they are employing the appropriate practice aids and checklists, if staff members are adequately informed of their roles and responsibilities, and if there is sufficient time to perform the audit.

During my eight years at the Board, I have witnessed the evolution of the firms' responses to our inspection findings. As part of their remediation efforts, firms have changed policies, enhanced audit methodologies, conducted additional training, expanded internal inspection programs, and even altered how they determine partner compensation. Mere "good faith" effort at remediation is not enough. Firm leaders have proven that they can make timely and impressive changes when they so desire. This is what is expected by the PCAOB and contemplated in the Sarbanes-Oxley Act.[10]

Improper Alteration of Audit Documentation

A high quality audit includes proper audit documentation. As you know, improperly altering audit documentation in connection with a PCAOB inspection or investigation violates PCAOB rules and can result in disciplinary action and severe consequences. Any such alterations are also inconsistent with your gatekeeper role in the public securities markets.

The consequences of providing improperly altered audit documentation to our inspectors or investigators may be far more severe than the consequences of the audit deficiency the alterations are supposed to conceal. To date, the Board has issued 18 disciplinary orders for failure to cooperate with inspections, as well as 16 disciplinary orders for failure to cooperate with a Board investigation. A majority of those orders included improper document alteration. Through those orders, the Board has revoked the PCAOB registration of 15 firms and has sanctioned 33 individuals, including barring 27 individuals and suspending two others from further associating with a registered firm.

The PCAOB staff issued an audit practice alert in April 2016 regarding improper alterations of audit documentation, reflecting a heightened concern about such misconduct.[11] As you head into the audit season, I would encourage you to read the alert to make sure you have a clear understanding of the PCAOB standards on the subject.

PCAOB's Standard-Setting Activities

The Board's standard setting activities naturally play an important role in its drive to improve audit quality. As noted in our strategic plan, our standards are intended to appropriately describe the PCAOB's expectations for auditors and be scalable.[12]

Our standard-setting process begins with researching the need and the problem to be addressed as well as analyzing emerging trends that may lead to increased audit risk, such as changes in economic conditions, new accounting standards, or risks that could affect financial reporting. The Board recognizes its efforts in setting standards must be balanced. Accordingly, in 2014, the staff of the PCAOB developed specific guidance on the use of economic analysis as part of its standard-setting process.[13]

The Board also considers whether the proposed action is in the public interest, whether it will protect investors, and if it promotes efficiency, competition and capital formation.

Since I joined the Board in 2008, I have supported policy projects that seek to focus auditors on meeting investor needs by increasing auditors' sense of accountability and providing greater transparency into what they do and the results of their actions.

You have already heard from Lillian on some of the Board's standard setting activities, but I would like to touch on one in particular that is discussed in the Board's strategic plan – the expanded auditor's report, which, if adopted, is designed to improve the relevance and usefulness of the audit report for investors.[14]

Auditor's Reporting Model

The audit profession differs from other professions because auditors do not interact directly with their real client – the investor. The only connection is the audit report, which auditors write and investors read.

A primary mission of the PCAOB, as articulated in the very first section of the Act, is "to protect the interest of investors…in the preparation of informative, accurate and independent audit reports."[15]

As a result, and as you know, the Board has been considering reforming the auditor's report since 2011 in order to make it more informative to investors.

In May 2016, the Board reproposed the auditor's reporting standard, retaining the existing pass/fail model but proposing that additional information be provided in the report, such as new disclosures about auditor independence, auditor tenure, and critical audit matters. The discussion of critical audit matters is designed to inform investors about the way the auditor responded to material audit issues that involved especially challenging, subjective, or complex auditor judgment.

I am well aware of your concerns with respect to this proposal but I would note that there is increasing support, even within the profession[16], for such reform, and much of the rest of the world has already taken steps to change the audit report, including the United Kingdom,the European Union, and the International Auditing and Assurance Standards Board. And the reaction abroad has been generally positive, because investors believe the expanded report deepens their knowledge of important aspects of the audit and improves audit quality.

Commenting on the expanded auditor's report in the United Kingdom, William Touche, senior audit partner of Deloitte's London audit practice and leader of the firm's U.K. Center for Corporate Governance stated, "[t]he fact that key matters we address in our work are now directly described in our public report is inspiring to our people."[17] He went on to say that the expanded audit report "invigorates [our people's] personal sense of responsibility and pride."[18] I believe for the same reasons, the expanded audit report should be embraced in the United States.

As auditors, you are expected to understand your client's business and risks.[19] Given the technological innovations in the audit including the increased use of data analytics and increased access to greater data, I believe it is appropriate for investors to expect more information about the audit from the auditor in his or her report and I would note that many in the profession agree.[20]

The Board is currently considering its latest proposal on the subject and reviewing all the comments received.

Technological Innovation in the Audit

Now, before I close, I would like to take a few moments to share some thoughts about the emerging technologies that are driving audit innovation today.

The audit process is changing rapidly and this change cannot be ignored. Through the expanded use of technology, routine audit tasks are now automated. The ongoing emergence of Big Data has also increased the depth and breadth of information available to auditors.

Today auditors are using emerging technologies to mine large amounts of data, develop sophisticated data analytics, and analyze unstructured data such as contracts, e-mails, or text collected through social media. Using such tools, auditors now have the capacity to examine 100 percent of a client's transactions, track and analyze trends, as well as anomalies and risks, to identify problematic areas or transactions, and benchmark a company's financial information against others based on industry, geography, size or other factors.

The use of data analytics is entering a new frontier and giving rise to predictive analytics which can estimate possible outcomes of a client's business activities. For example, one firm recently implemented technologies used by a Formula One team to estimate a company's future revenue based upon changing internal and external financial metrics.[21]

This new wave of innovation in data analytics is affecting large and small firms alike. Firms are investing significantly, both in physical and human capital, to develop and drive future capabilities.

However, with great benefits from innovation come challenges that firms need to address. These include ensuring the integrity and security of client data, assessing the reliability of any data used in the analytics, determining how these developments change the skill mix and structure of audit teams, and monitoring how these technologies influence auditor judgment.

The objective of these analytical tools should be to help auditors perform high quality independent audits. They should not, however, be viewed as replacements to inquiry and professional judgment. If applied properly and with due care, these technological tools could allow auditors to make better decisions and assessments throughout the audit process by enabling them to, among other things, identify fraud and operational risks, thereby improving audit quality. With deeper insights through access to more data and more incisive analytics, auditors may be better positioned to challenge management's assertions when necessary.

As noted in the Inspection Staff Brief, PCAOB staff is monitoring the use of technology in audits and whether the firms' systems of quality control provide assurance that "(1) the tools used to analyze the data meet the audit objectives, (2) engagement teams are effectively using these tools and evaluating the results of screening large data populations, and (3) engagement teams' are applying due care, including professional skepticism, when using these tools during the performance of the audit work, including the evaluation of the results of that work."[22]

My hope and expectation is that these technological tools will make the audit more efficient and incisive and allow auditors to devote more time to higher risk areas.[23] Whether that will happen is unclear.

If these tools lead to improvement in audit quality, that is good for investors. But if the tools are used purely to further client relationships by providing deeper data analysis for management, some could argue that once again audit firms will perceive the audit function merely as a springboard to more lucrative non-audit engagements.

Conclusion

In conclusion, since the 1970s, the profession — especially for the large firms -- has faced significant changes, including changes to its business model, governance structure, audit approach, and tone and focus at the top. Auditing of public companies is no longer self-regulated. More changes are coming as a result of the revolutionary use of technology in the performance of the audit.

I was struck by a recent article in Accounting Today entitled, "What the top figures in the accounting world are worrying about now," and the response was: "Remaining relevant in a fast changing business and economic environment, recruiting and retaining staff in the face of mass retirement of the Baby Boom generation, and keeping up with technology and the fast pace of change…"[24]

No matter what changes are ahead, I encourage you to strive to improve audit quality, be vigilant in protecting your independence from management, and not lose sight that your client is the investing public.

Thank you

[1] See Public Company Accounting Oversight Board Strategic Plan: Improving the Quality of the Audit for the Protection and Benefit of Investors 2015 – 2019 ("Strategic Plan").

[2] United States v. Arthur Young, 465 U.S. 805, 818 (1984).

[3] See Strategic Plan at 18.

[4] Id.

[5] See SEC Rule 2-01(b) of Regulation S-X.

[6]See SEC Rule 2-01(c) of Regulation S-X and Section 602.02f.i. of the Codification of Financial Reporting Policies.

[7] See Strategic Plan at 17.

[8] See, e.g., Ernst & Young LLP, et al., Exchange Act Release No. 78872 (Sept. 19, 2016) and Ernst & Young LLP, et al., Exchange Act Release No. 78873 (Sept.19, 2016).

[9] See SEC Rule 2-01(b) of Regulation S-X.

[10] See Section 104(g)(2) of the Sarbanes-Oxley Act.

[11] See Staff Audit Practice Alert No. 14: Improper Alteration of Audit Documentation (April 21, 2016).

[12] See Strategic Plan at 12.

[13] See Staff Guidance on Economic Analysis in PCAOB Standard Setting (Feb. 14, 2014).

[14] See Strategic Plan at 17.

[15] Section 101(a) of the Sarbanes-Oxley Act.

[16] See, e.g., Public Meeting Statement of Joseph B. Ucuzoglu, Chairman and CEO, Deloitte & Touche LLP (March 21, 2014).

[17] Public Meeting Statement of William Touche, Partner, Deloitte LLP (UK) (March 26, 2014).

[18] Id.

[19] See Auditing Standard No. 12, paragraph 7.

[20] See, e.g., James P. Liddy, Opinion: The Future of Audit, Forbes (Aug. 4, 2014).

[21] See Harriet Agnew, Auditing: Pitch Battle, Financial Times (May 9, 2016).

[22] Staff Inspection Brief: Information about 2016 Inspections, Vol. 2016/3 (July 2016).

[23] See Harriet Agnew, Auditors go high-tech to win new business, Financial Times (Aug. 3, 2015).

[24] See Daniel Hood, What the top figures in the accounting field are worrying about now, Accounting Today, (Sept. 23, 2016)