Remarks Before the 2012 American Accounting Association Annual Meeting - Policy Choices Informed by Root Cause Analysis and the Audit Performance Feedback Loop – Investors are counting on all of us
Brian T. Croteau
Deputy Chief Accountant, Office of the Chief Accountant
U.S. Securities and Exchange Commission
August 6, 2012
Good afternoon. Thank you Steve [Glover] for that very kind introduction and thank you to the Auditing Section of the American Accounting Association for inviting me to be here today. While many of us in Washington are heading to the Maryland and Delaware shores this time of year, I’m so glad to see so many of you from around the country assembled here, in our nation’s capital, to collaborate and share your research and thoughts on important accounting and auditing topics. I’ve had the opportunity to take part in many academic conferences, symposiums, and other meetings over the years, and I always look forward to them. I have learned that the academic community is not - nor should you be - shy about being clear and direct when sharing your views with colleagues, auditors, regulators, and others. I find it extraordinarily valuable to hear about the research and other thinking that you and your students are doing and also what you think about the work that the Public Company Accounting Oversight Board (PCAOB) and SEC are doing. I’m particularly pleased to see so many familiar faces here today and glad that many of you stay in touch and provide very helpful updates about your work throughout the year. Before I go any further, I must remind you that my remarks today are my own and do not necessarily reflect the views of the Commission, the Commissioners, or other members of the staff. i
There is much to talk about in the auditing and audit policy space. In the limited time I have today, I’ll touch on four topics:
- The importance of the academic community and your work to audit policy and regulation;
- The role of root cause analysis and the audit performance feedback loop;
- Global audit policy considerations; and
- Legislative activity related to auditing.
I’ll also try to leave some time at the end of my remarks for a few questions and comments.
For those who are not familiar with the Professional Practice Group (PPG) of the Office of the Chief Accountant (OCA), we are comprised of a small but talented and dedicated team of about a dozen staff who work closely with, and provide advice and support to, other Commission offices and divisions on auditing, auditor independence and internal control matters. OCA’s PPG has a significant role in leading and coordinating the Commission’s oversight of the PCAOB activities. We work closely with the PCAOB on a day-to-day basis to achieve our shared objective of investor protection. We also handle a steady stream of consultations, mostly related to the application and enforcement of the SEC’s auditor independence rules.
The importance of the academic community and your work to audit policy and regulation
Let me start by providing a few thoughts about the importance of the academic community and your work to audit policy and regulation. I have spent my career thus far in roles conducting audits, serving as a national office technical partner on auditing and internal control matters, and now serving cumulatively over five years as a regulator. In these roles, I have gained tremendous admiration for the critical contributions of the academic community. In my previous tenure with the SEC before returning in my current role, I was fortunate to have worked under the leadership of the first two PPG deputies, Andrew Bailey and Zoe-Vonna Palmrose - both from the academic community. Additionally, over the past decade of PPG’s existence within OCA, we have had the support of an academic fellow each year. During my combined years at the SEC, I’ve worked with all but one of our fellows. Many of our academic fellows past, current, and probably future, are here today. Our past fellows, starting with the most recent, are: Urton Anderson, Shawn Davis, Jack Krogstad, Roger Martin, Bill Kinney, David Plumlee, Mark Taylor, and Audrey Gramling. Our newest academic fellow, now just a few days on the job, is Marshall Geiger from the University of Richmond. These fellows play a very important role by participating in our work and helping to ensure that we are aware of, and appropriately understand and consider, the academic research that informs our efforts at the SEC and our oversight activities over the PCAOB. Another important role for our academic fellows is to help challenge our processes for thinking through difficult issues to enhance the policy advice and recommendations that the staff makes to the Commission.
We have found it very important to connect academic research and practical audit experience with regulator experiential knowledge to inform policy recommendations. For those that have any doubts, as just one example, I recommend that you take a look at our 2011 Congressionally-mandated SEC staff study on Section 404(b) of the Sarbanes-Oxley Act.ii It contains reference to, and consideration of, over 100 academic studies. It combines analysis of public input with analysis of empirical evidence by us and the academic community to inform the development of policy recommendations in a transparent fashion. Academic synthesis papers prepared on topics relevant to the PCAOB’s standard setting agenda (e.g., auditor reporting on going concern, related party transactions, the auditor’s reporting model, and audit quality indicators) have also been quite helpful.iii Even when academic synthesis papers are not prepared, with the help of our academic fellows, we seek out and consider relevant academic literature.
One area that I believe may be ripe for more research relates to the application of new auditing standards that have recently become effective. The PCAOB has now adopted a number of new standards and the International Auditing and Assurance Standards Board (IAASB) and Auditing Standards Board (ASB) have adopted their newly redrafted converged standards. I can imagine a plethora of research questions given the change in standards as well as the changes in differences between the standards of the PCAOB, ASB, and IAASB.
Finally on this first topic, since I find academics to always be direct and frank, let me make one constructive observation. As most of you appreciate, views expressed without providing sufficient rationale and basis are much less valuable to informing policy recommendations and decision making. On some occasions, although thankfully not frequently, I’m surprised when a member of the academic community makes assertions or policy recommendations that appear to be only loosely tethered to empirical evidence or appear too strong given the nature of the research evidence. On a few occasions I’ve also wondered whether and how the recommendations have considered existing contradictory research. Fortunately, this is not the norm and it’s generally fairly transparent when this occurs.
I hope that you will continue to challenge your own and each other’s research and recommendations, be creative, and, most importantly, keep it coming. At the heart of it, investors are counting on all of us.
Root causes of audit deficiencies and the audit performance feedback loop
This year marks the 10-year anniversary of the Sarbanes-Oxley Act of 2002 (SOX). I believe investors have benefited from many aspects of rules implemented following the passage of SOX, including required management certifications, internal control reporting requirements, forfeiture of bonuses and profits when there is a restatement due to material noncompliance, fair funds for investors, whistleblower protections, and enhanced review of periodic disclosures made by issuers by staff in our Division of Corporation Finance. Additionally, SOX included specific auditing provisions, such as audit partner rotation requirements, extensive prohibitions on non-audit services, enhanced roles for audit committees, which includes the oversight of the external auditor at listed companies, and of course the creation of the PCAOB, an independent audit regulator with responsibility to oversee all aspects of public company audits, including a regular program of inspections. I believe many of these provisions have contributed significantly to prevention and earlier detection of the types of issues they we’re intended to address. However, now is an opportune time to leverage what we have learned over the last decade to further improve audit quality and reliable financial reporting. For example, I believe we should continually seek to reduce the occurrence rate of audit deficiencies of the nature found in public PCAOB inspection reports. It’s also important to root out and address instances where it appears auditors are not sufficiently skeptical or objective when performing their work.
The PCAOB is in a unique and fortunate position of having standard setting, inspections, and enforcement all under one roof. This position comes with the important responsibility to carefully gather, study, and use the information available in all aspects of the PCAOB’s processes. This brings me to the topics of root causes of audit deficiencies and the audit performance feedback loop.
Those of you that know me well know I could be somewhat loquacious and speak about this topic for the rest of the afternoon; however, I’ll keep it short and instead refer you to my talks from December 2010 and December 2011 for more details. They are both posted on the SEC’s website.iv The development and maintenance of what I like to think of as a robust audit performance feedback loop is an important precursor to fully leveraging what we have learned. The PCAOB and registered public accounting firms have significant roles to play in this feedback loop. Part of developing and maintaining a robust audit performance feedback loop includes elevating the PCAOB’s and audit firms’ focus on the identification of root causes of audit deficiencies in a disciplined manner. The reason this is so important is that we need to adequately understand the problems we are attempting to solve. While progress has been made and inspection results do inform the PCAOB’s standard setting agenda and other relevant processes, much more can be done to take full advantage of these opportunities.
Consider for a moment the investigation of the tragic crash of the Air France Flight on its way from Brazil to France in June 2009. Like the National Transportation Safety Board does in conducting objective, precise accident investigations and safety studies in the United Statesv, France’s Bureau of Investigation and Analysis studied this crash. Only recently, three years later and after careful study, it issued a report detailing its conclusions of the various contributors and the underlying root cause of the crash. Understanding the root cause in these circumstances included a challenging two year relentless search for the black box and piecing together many pieces of evidence to develop the entire picture. Doing so has already resulted in changes to the way pilots are trained in an effort to reduce the risk of future accidents.
I believe with today’s audit documentation and technology, auditors, academics, standard setters, regulators and others can continually strive to do more to understand and assess the contributing factors and root causes of audit deficiencies so we can affect improvements in auditor performance and audit quality.
I’m encouraged that root cause analyses efforts have been embedded into the PCAOB’s inspection processes. Perhaps more importantly, I’m encouraged to hear that many audit firms have ramped up their efforts to embed improved root cause analysis into their own quality control processes and then, most importantly, promptly address the root causes once they are identified.
Inspection findings appear to be resulting in audit committees becoming more interested in engaging in the discussion about audit deficiencies and improving audit quality. Last Wednesday, the PCAOB issued an informational Board release intended to assist audit committees in understanding the PCAOB’s inspection process and to help them consider how they might gather information from audit firms about inspections.vi The release describes the nature of the PCAOB’s inspection program and their reports and raises possible matters that audit committees may wish to discuss with audit firms. The document does not prescribe any particular requirements or responsibilities for audit committees, but provides audit committees with information that I believe may be useful to their oversight role. The PCAOB has also indicated its intentions to consider the adoption of a new auditing standard on auditor communications with audit committees in the near-term. These projects are intended to enhance the communications between auditors and audit committees.
The PCAOB has an active standard setting agenda, which includes updates to its interim auditing and quality control standards. There is a lot of work ahead of us. Your ideas are important and welcome, particularly those that link to root cause analysis, appropriately contemplate the audit performance feedback loop, and are well-grounded in empirical evidence. Improvements to both audit and quality control standards are an important input to continuous improvement in audit quality and reliable financial reporting.
It’s also important to consider the results of the inspection work related to implementation of relatively new standards, such as Auditing Standard No. 7 on engagement quality reviews and the risk assessment standards, Auditing Standard Nos. 8-15. For example, consideration is welcome as to whether those standards are being applied as intended and having the desired effect or whether further enhancements to either the standards or their implementation are appropriate.
In short, in-depth root cause analyses and a robust audit performance feedback loop can help us promote reliable financial reporting and further investor protection. Progress has been made, but there is much more to do. Again, investors are counting on all of us.
U.S. and global audit considerations
The PCAOB has been actively debating significant far-reaching audit policy ideas. They’re not alone in these debates. As you know, regulators and standard setters around the globe, including the European Commission, the UK’s Financial Reporting Council, and the IAASB have likewise been busy doing the same. Considerations are underway internationally regarding potential changes to the existing auditor’s reporting model that has been in place for decades. Additionally, the PCAOB exposed a proposal to increase transparency about those involved in conducting an audit. Mandatory firm rotation, mandatory or encouraged joint audits, expansion of restrictions on scope of non-audit services, reconsideration of the role of audit committees, and consideration of corporate governance of audit firms are just some of the other ideas being explored by various audit regulators and standard setters. Those who have followed audit regulation over the years recognize that many of these ideas are not new, and some are quite controversial.
In evaluating the various policy choices, it is important to understand that regulators around the world are beginning their consideration from different starting points in terms of existing regulation, and in some cases significantly different starting points. Some of the provisions of SOX that I mentioned earlier were a direct result of lessons learned about auditor performance from problems identified in financial reporting. I believe there’s room to leverage almost a decade’s worth of learning since the implementation of these provisions to further exploit the benefits and further improve audit quality.
On the other hand, the financial crisis that began several years ago now appears to have highlighted problems with business risk and the management of those risks. Notwithstanding, we are considering how improvements can be made to financial reports in a holistic manner. And so, I continue to support exploration of a wide range of new ideas and reconsideration of old audit policy ideas. However, I believe we should do so in a way that enhances and builds upon the solid foundation established by SOX a decade ago, including the establishment of the PCAOB. Otherwise, we run the risk of layering on new and redundant requirements or, even worse, weakening the existing carefully developed regulatory foundation.
I also think it’s critical that the role of auditors remain squarely focused on reliable and useful financial reporting. Some ideas that have emerged around the world seem to me to suggest that the auditor should play a different or expanded role that I believe has the potential to distract from this very important focus.
Last month, the European Parliament’s Impact Assessment Unit (IAU) published a report on the European Commission’s (EC) impact assessment of its audit reform proposals.vii Among other things, I notice that the IAU report stated that the underlying reasons for reform of the audit market were "less clearly evidenced" than the problem areas identified. The report also noted that the EC did “not seem to provide sufficient evidence that the preferred options are necessarily the most beneficial.” Regarding mandatory firm rotation, it notes, “less radical alternative approaches have not been explored in the same detail” and that there has not been “enough attention [paid] to the unintended effects of its options.” While the PCAOB has its own concept release, outreach and process on this topic, as we think about policy choices in the U.S., the points made in this report remind me of my previous remarks about the importance of in-depth robust root cause analysis and a robust audit performance feedback loop. It’s important for us to understand the reasons for policy choices made by other regulators and the linkages they make to ideas as we consider their efforts as an input to our own policy thinking.
I look forward to our continued efforts with the PCAOB to consider various audit policy ideas that can serve to enhance the usefulness and reliability of financial reporting, including through their ongoing efforts to update interim auditing and quality control standards and to continue to explore significant changes to the auditor’s reporting model.
Legislative activity related to auditing
While the 2010 Dodd-Frank legislation contained hundreds of pages that have resulted in, and continue to result in, a significant number of SEC rulemakings, I’ll just mention two specific auditor-related implications now. First, under Dodd-Frank, the PCAOB was granted comprehensive oversight authority over the audits of broker-dealers registered with the Commission, and we continue to work closely with the PCAOB on the implementation of that authority. The PCAOB has a temporary inspection program up and running with a first report on that program due to be finalized later this month. The PCAOB proposed a number of new auditing standards related to audits of broker-dealers, the finalization of which is expected after the Commission finalizes amendments to the broker-dealer reporting requirements in Rule 17a-5. Second, non-accelerated filers have been exempted from the audit requirement in SOX 404(b). However, management’s responsibilities for evaluating and reporting on internal control over financial reporting (ICFR) under SOX 404(a) were not in any way changed by the absence of an ICFR audit mandate for these companies.
The JOBS Act passed earlier this year also provided an exemption from SOX 404(b), this time for emerging growth companies (EGCs). This exemption in a way expands upon the phase-in provisions the Commission previously had established for newly public companies. In addition, the JOBS Act prohibits any PCAOB rules requiring mandatory audit firm rotation or a supplement to the auditor’s report in which the auditor would be required to provide additional information (e.g., auditor discussion and analysis) from applying to audits of EGCs. Another provision of the JOBS Act requires that future PCAOB standards shall not apply to audits of EGCs unless the Commission determines that they are necessary or appropriate in the public interest after considering the protection of investors and whether the standards will promote efficiency, competition and capital formation. I believe that one outcome that you will see from this provision will be increased transparency into the reasoning behind policy choices made in the PCAOB’s standard settling process.
Let me wrap up with a final thought for students that sit in your classrooms today. What we all do as accountants and auditors is very important. The attention that the audit profession has received over the last decade or so is reflective of both the importance of audits and indicative of the need for the best and brightest individuals to continue to enter the profession. I hear on occasion that some in our next generation of auditors are sometimes feeling discouraged or uncertain about entering the profession. I would tell them to embrace the challenges of this profession that bring opportunity, and, know that investors are already counting on them. So are all of us.
Thank you for your time and attention and I’m happy to take your questions and hear your thoughts.
i The Securities and Exchange Commission disclaims responsibility for any private publication or statement of any SEC employee or Commissioner.
ii See Study and Recommendations on Section 404(b) of the Sarbanes-Oxley Act of 2002 For Issuers With Public Float Between $75 and $250 Million (April 2011), available at http://www.sec.gov/news/studies/2011/404bfloat-study.pdf
iii See, for example, Carson, Elizabeth, Fargher, Neil L., Geiger, Marshall A., Lennox, Clive S., Raghunandan, Kannan and Willekens, Marleen, Auditor Reporting on Going-Concern Uncertainty: A Research Synthesis (January 30, 2012), available at SSRN: http://ssrn.com/abstract=2000496 or http://dx.doi.org/10.2139/ssrn.2000496; Knechel, W. Robert, Krishnan, Gopal V., Pevzner, Mikhail, Shefchik, Lori B and Velury, Uma, Audit Quality Indicators: Insights from the Academic Literature (March 16, 2012), available at SSRN: http://ssrn.com/abstract=2040754 or http://dx.doi.org/10.2139/ssrn.2040754; Mock, Theodore J., Bédard, Jean, Coram, Paul J., Davis, Shawn, Espahbodi, Reza and Warne, Rick C., The Auditor’s Reporting Model: Current Research Synthesis and Implications (May 2012), available at SSRN: http://ssrn.com/abstract=2065989 or http://dx.doi.org/10.2139/ssrn.2065989; Bratten, Brian, Gaynor, Lisa Milici, McDaniel, Linda S., Montague, Norma R. and Sierra, Gregory E., The Audit of Fair Values and Other Estimates: The Effects of Underlying Environmental, Task, and Auditor-Specific Factors (March 19, 2012), available at SSRN: http://ssrn.com/abstract=2027492 or http://dx.doi.org/10.2139/ssrn.2027492; Elizabeth Gordon, Elaine Henry, Timothy J. Louwers, and Brad J. Reed, Auditing Related Party Transactions: A Literature Overview and Research Synthesis, Accounting Horizons, Vol. 21 (1), 81-102 (2007) and Jeffrey Cohen, Lisa Milici Gaynor, Ganesh Krishnamoorthy, and Arnold M. Wright, Auditor Communications with the Audit Committee and the Board of Directors: Policy Recommendations and Opportunities for Future Research, Accounting Horizons, Vol. 21 (2), 165-187 (2007).
iv See Remarks Before the 2011 AICPA National Conference on Current SEC and PCAOB Developments — The Role of the Audit Performance Feedback Loop in Audit Policy Decision-Making (December 5, 2011), available at http://www.sec.gov/news/speech/2011/spch120511btc.htm and Remarks before the 2010 AICPA National Conference on Current SEC and PCAOB Developments, Washington, D.C. (December 6, 2010), available at http://www.sec.gov/news/speech/2010/spch120610btc.htm
v See National Transportation Safety Board mission at http://www.ntsb.gov/about/index.html
vi See Information For Audit Committees About The PCAOB Inspection Process (Aug 1, 2012) at http://pcaobus.org/Inspections/Documents/Inspection_Information_for_Audit_Committees.pdf
vii See Statutory Audits of Public Accounts and of Public-Interest Entities: Appraisal by the EP Impact Assessment Unit of the Commission Proposals for a Directive Amending Directive 2006/43/EC on Statutory Audits of Annual Accounts and Consolidated Accounts and for a Regulation on Specific Requirements Regarding Statutory Audit of Public-Interest Entities (July 2012), available at http://www.europarl.europa.eu/meetdocs/2009_2014/documents/juri/dv/statutoryaudit_/statutoryaudit_en.pdf