Remarks Before the 2011 AICPA National Conference on Current SEC and PCAOB Developments — The Role of the Audit Performance Feedback Loop in Audit Policy Decision-Making
Brian T. Croteau
Deputy Chief Accountant, Office of the Chief Accountant
U.S. Securities and Exchange Commission
December 5, 2011
As a matter of policy, the Securities and Exchange Commission disclaims responsibility for any private publication or statement of any SEC employee or Commissioner. This speech expresses the author's views and does not necessarily reflect those of the Commission, the Commissioners, or other members of the SEC Staff.
Good morning. I’m Brian Croteau, the Deputy Chief Accountant of OCA’s Professional Practice Group (PPG). I’d like to thank the AICPA for inviting me to be here again this year. I’ve been in my role for about a year and one-half and I assure you that when I started I could not have predicted the breadth of matters we’d address in this timeframe. The PPG is comprised of a talented and dedicated team of about a dozen staff who focus on audit quality and investor protection each and every day. We work closely with, and provide advice and support to other offices and divisions within the Commission on auditing matters, including auditor independence. OCA’s PPG also has a significant role in leading and coordinating the Commission’s oversight of the Public Company Accounting Oversight Board’s (PCAOB) activities and so we work closely with the PCAOB on a day-to-day basis to achieve our shared investor protection objectives.
Global Audit Policy Considerations
As Jim Kroeker mentioned, the PCAOB, with its new board members, has wasted no time raising and actively debating significant far-reaching audit policy ideas. They’re not alone in these debates. Regulators and standard setters around the globe, including the European Commission, the UK’s Financial Reporting Council, and the IAASB have likewise been extraordinarily busy doing the same. Considerations are underway across the globe regarding potential changes to the existing auditor’s reporting model that has been in place for decades.1 Additionally, the PCAOB recently exposed a proposal to increase transparency about those involved in conducting an audit through new disclosures of the names of the engagement partner, firms and certain other individuals.2 Mandatory firm rotation, mandatory or encouraged joint audits, expansion of restrictions on scope of non-audit services, reconsideration of the role of audit committees, and consideration of corporate governance of audit firms are just some of the ideas being explored by various audit regulators and standard setters. Those who have followed audit regulation over the years recognize that many of these ideas are not new and some are perhaps more than a little controversial.
In evaluating the various policy choices, it is important to understand that regulators around the world are beginning their consideration from different starting points in terms of existing regulation, in some cases perhaps significantly. Important provisions we are accustomed to in the U.S. such as five and seven year audit partner rotation requirements, extensive prohibitions on non-audit services and other independence rules, the role of audit committees in oversight of the external auditor, and the role of a regular program of inspections of audits by an independent audit regulator were implemented following the Sarbanes-Oxley Act (SOX). These provisions were a direct result of lessons learned about auditor performance from problems identified in financial reporting and I believe there’s room to leverage almost a decade’s worth of learning since the implementation of these provisions to further exploit the benefits. On the other hand, the financial crisis which began several years ago now appears to have highlighted problems with business risk and the management of those risks. Notwithstanding, we are considering how improvements can be made to financial reports in a holistic manner.
Accordingly, I support exploration of a wide range of new ideas and reconsideration of old audit policy ideas. I believe we should do so though in a way that enhances and builds upon the solid foundation established by SOX, including the creation of the PCAOB. Otherwise, we run the risk of layering on new requirements to address risks already adequately addressed by current rules and infrastructure or, even worse, weakening the existing carefully developed regulatory foundation. I also think it’s critical that the role of auditors remain squarely focused on reliable and useful financial reporting.
The Important Role of Analysis of Root Causes of Audit Deficiencies
Last year I discussed at this conference that I believed more focus was needed by the PCAOB and audit firms on the identification of root causes of audit deficiencies.3 I’m pleased to report that hardly a day goes by when I don’t participate in a root cause discussion. Even so, there is a lot of runway in front of us to take full advantage of the benefits. For example, there’s a lot we still don’t yet know regarding the underlying reasons for audit deficiencies. In the past year, the PCAOB developed and conducted root cause training and implemented new procedures for inspectors to identify and analyze root causes of audit deficiencies. The next critical step is using the results to enhance the articulation of the underlying problems and not just their symptoms. I’m pleased to hear that the lessons learned from root cause analysis are being embedded into the PCAOB’s inspection processes. Perhaps more importantly, I hope that audit firms are embedding improved root cause analysis into their own quality control processes and then, most importantly, promptly addressing the root causes of their audit deficiencies once they are identified.
We could probably have a lively debate about whether identification of root causes of audit deficiencies are more often akin to solving puzzles that can always be pieced together or like mysteries that have multiple potential solutions and sometimes go unsolved; regardless, I believe the efforts to understand the root causes of audit deficiencies will yield valuable benefits.
The Audit Performance Feedback Loop
Having made progress on the need for root cause analysis over the past year, this year I’d like to discuss what I believe is the appropriate usage of the results of root cause analysis. I believe that the identification and analysis of root causes are key inputs into what I’ll call, for lack of a better description, the “audit performance feedback loop.” A feedback loop is a common and powerful tool in control and oversight systems that can be used to monitor and continually improve audit performance based upon evaluations of actual and desired audit performance outputs. It’s critical that we gather and thoroughly evaluate the data we have or could obtain about audit performance for the audit performance feedback loop to work properly. To avoid getting too theoretical, I’ll resist the temptation to go further in describing all the potential inputs, outputs, and processes of an audit feedback loop and instead focus on a couple aspects where I believe there is opportunity for improvement to be made.
The Importance of PCAOB Inspections to the Audit Performance Feedback Loop
First, the PCAOB has been making progress in reaching cooperative agreements to facilitate the ability to conduct required non-U.S. inspections. Agreements have recently been reached in parts of the EU, Switzerland, Israel, Japan and Taiwan. Progress in certain other jurisdictions, including China has been slower and more challenging. The ability for the PCAOB to conduct inspections that are mandated by SOX is a very important element of investor protection. Conducting these inspections and understanding the nature of the full range of audit quality issues globally is a gap that I believe needs to be closed in the audit performance feedback loop to inform policy decisions that are best suited to addressing the issues.
Additionally, as regulators, we may perhaps too naturally focus on problems. Doing so is critical with respect to root causes of audit deficiencies in order to appropriately inform other components of the audit performance feedback loop. However, that’s not all we should be focused on. I have also observed that, even under a risk-based approach, the PCAOB has inspected thousands of issuer audits over the past nine years which have not resulted in any part one inspection findings. To be clear, I mention this not as a judgment about the acceptability of the current rate of audit deficiencies as I absolutely believe that improvements to audit quality are necessary to reduce these occurrences. Instead, I believe that by considering the characteristics of those audits where no inspection findings are identified and considering the attributes that enabled those auditors to achieve this result can also provide very valuable information to the audit performance feedback loop. This information can be used for audit firms to improve their own quality controls and for the PCAOB to improve their auditing and quality control standards.
I could go on to talk about enforcement activities and the importance of root cause analysis to the audit performance feedback loop in this area also; however, in the interest of time, I’ll move on to the audit performance feedback loop in the area of auditing standards.
Informing the Development of High Quality Auditing Standards
Last year at this conference, I explained why I believed the PCAOB’s 2011 auditing standard setting agenda was “ambitious but appropriate.”4 My view is unchanged about that agenda. Topics such as auditing standards for audits of brokers and dealers, fair value, use of specialists, confirmations, principal auditor considerations, audit committee communications, and the auditor’s reporting model were some of the PCAOB’s important projects that I mentioned. Another very important project for the PCAOB is to codify their standards. While the AICPA’s Auditing Standards Board and the IAASB have recently completed projects to update most of their respective standards, the PCAOB still has a lot of work to do to replace the interim standards they adopted from the AICPA in 2003. To be sure, important progress has been made in the past few years. The Board’s standard on auditing internal control over financial reporting (AS No. 5), the engagement quality review standard (AS No. 7), and new risk assessment standards (AS Nos. 8-15), represent an important start down this path. However, there’s much more work similar work to be done. We will continue to work very closely with the PCAOB on the topics on their standard setting agenda, including the implementation of their new oversight over audits of brokers and dealers.
The importance of high quality auditing standards that set clear expectations for auditor performance cannot be overstated. Moreover, the PCAOB is in a unique and fortunate position of having standard setting, inspections, and enforcement all under one roof. The potential benefits of this structure are remarkable because they are all critical components of the audit performance feedback loop. Although I’m encouraged by continuous improvements underway at the PCAOB to leverage the benefits of this structure, I believe there’s much more that can be done here too. While the PCAOB noted at an open meeting earlier this year that they are beginning to evaluate their inspection findings to identify the root causes of audit deficiencies, there was acknowledgement that this analysis was simply incomplete. While inspection findings are certainly considered in the development of standards, I believe a thorough understanding of the reasons for inspection findings has the potential to significantly enhance the PCAOB’s ability to improve auditing standards and therefore is a critical input into a robust audit performance feedback loop.
Meanwhile, the PCAOB and regulators around the world are considering how to improve audit quality. A seemingly important question to answer is, “what specific behaviors and procedures would we like to see exhibited more or performed better in a world where audit quality is improved?” In answering this question within the U.S., information within the PCAOB’s audit performance feedback loop should be fully exploited. This is also true of improvements to the PCAOB’s interim standards. But there is no need for auditors to wait for this to occur. In fact, Christian Peo, a member of OCA’s PPG, is ready in the next panel to highlight some examples of areas auditors can focus on today.
Another important element of the audit performance feedback loop is an assessment of the implementation of past standards. For example, how have we benefited from the implementation of the new engagement quality review standard, AS No. 7? Is the standard achieving the desired results? To the extent it is, are there any lessons to be learned where implementation can be further improved. To the extent standards aren’t achieving the desired result why is this so and what should be done? I think this is an element of the audit performance feedback loop that could be more fully exploited by firms and the PCAOB. A potential valuable opportunity presents itself in 2012 not only for the firms and the PCAOB to consider the effectiveness of the engagement quality review standard (AS No. 7), but also the PCAOB’s new risk assessment standards as auditors wrap up their first audits required to comply with these standards and inspectors get a first look under the hood at those audits shortly thereafter. I encourage the PCAOB to focus on the implementation of these standards in 2012. Of course, auditors need not wait for this either, as they can and should act now to focus on properly applying these newer standards.
So as we reflect on next steps and significant policy choices, I believe it is important to recognize these examples of the remaining work ahead to close the audit performance feedback loop, including, as Jim Kroeker also mentioned, through updating the PCAOB’s audit and quality control standards that focus directly on auditor performance. The extent or limitations of the benefits of the implementation of new standards — including those already adopted — are necessarily still under evaluation.
Global Audit Policy Considerations, Continued
Let me return to the broader global audit policy considerations. The SEC staff works closely with the PCAOB staff at the concept release and proposal stages through a constructive exchange of ideas to help with the refinement of a concept or its presentation, including helping identify potential pros and cons of a concept. However, neither the Commission nor the staff concludes on the merits of the ideas at this stage of the process. Public input to the PCAOB and then to the SEC to the extent the PCAOB adopts a final standard or rule is critical.
As I reflect on what we know, what we don’t know, and what we are trying to encourage, I am left with some important questions on some of the global audit policy considerations. Let me give just a few examples. I’ll start with joint audits, a proposal that is not on the PCAOB’s agenda but is getting a lot of attention in other parts of the world. While I’ve heard different views about how joint audits could be conducted if they were mandated or encouraged by regulators outside the U.S., I believe an important premise would be that both auditors should be held fully responsible for all of the work performed. So one could ask, how many auditors is enough? If two is better than one, is three better than two and are four better than three? What are the risks to audit quality? What are the cost-benefit considerations? Would we still be having the same discussions about the role of the auditor in the financial crisis today, even if joint audits had been mandated prior to the financial crisis? Are any potential new problems more likely and severe than those we’re attempting to solve? Obviously the promotion of joint audits is controversial. We’ll stay tuned to understand the policy choices ultimately made by other regulators — and the reasons for them — as we consider any potential implications and responses.
Auditor Independence / Mandatory Rotation
Regarding auditor objectivity and mandatory firm rotation, I have noted that many very thoughtful comment letters have already been written to the PCAOB reflecting a division of views and raising significant points for consideration.5 There is also an interesting body of academic research in this space, including some which analyzes the impact of having mandated audit firm rotation in other territories. While there are some contradictory views, research indicates that there is much to consider regarding the potential costs, benefits, and risks. Also, the PCAOB has noted that preliminary analysis of the Board’s inspection data appears to show no correlation between audit tenure and number of comments in PCAOB inspection reports.6
In addition to public input and academic literature, I believe that thorough analysis of past inspections by those with sufficient details about the issues identified, including adequately understanding the root causes is important to understanding the problems being addressed. This is another example where the audit performance feedback loop could be leveraged. Depending on the nature of underlying quality control deficiencies, one should consider whether rotation of firms would exacerbate the frequency and severity of certain deficiencies rather than diminish them. For example, after reading hundreds of PCAOB inspection reports, I recognize that there are a range of quality control defects the PCAOB identifies, with only a portion those being specifically linked to auditor objectivity or skepticism in relation to other identified issues. Narrow or broad technical competence criticisms, firm methodology, training, supervision, consultation policies and practices, extent of partner involvement, and tone at the top of the firm are all just examples of areas of defects that appear to be causing or contributing to recurring inspection findings. However, if auditors are knowingly or unknowingly compromising their objectivity and this is at the core of some portion of these audit deficiencies, then what alternatives might exist to address this issue? Are there incremental benefits beyond those we see today from engagement partner rotation? I also wonder whether the growth of consulting practices by audit firms has the potential to pose a greater risk to audit quality than auditor tenure.
There is much to consider and the PCAOB’s public comment period on its concept release is still open until December 14th. They ask roughly 70 questions for your consideration. Meanwhile, I encourage the PCAOB, when it spots problems with auditor objectivity in its inspections, to consider seriously findings about this, including in their quality control observations in firm inspection reports. Of course the PCAOB also has the ability to discuss such findings on a more aggregated basis through it Rule 4010 reports. Consistent with Jim’s remarks, audit committees should pay attention to such matters and ask appropriate questions of auditors to ensure they are satisfied with the responses with respect to the audit they must oversee.
Auditor’s Reporting Model
Let me briefly touch on the auditor’s reporting model, Chairman Doty has already mentioned this project and the comment period has closed so I won’t recap. I’d like to join many others who have commended the PCAOB, particularly the Office of the Chief Auditor led by Marty Baumann, for the extensive up-front and ongoing outreach and transparent process related to this project. In fact, the Board held its first-ever open meeting last March to discuss the concepts even in advance of issuing a concept release in June. This was followed by a public roundtable in September. To some extent I believe the project deals with questions about perceived information asymmetry between investors, management, audit committees and auditors and contemplates the appropriate role for auditors in reducing that asymmetry. I recognize that this project requires close coordination between audit and accounting standard setters and the SEC. While there is room for improvement, I’m cognizant that we didn’t arrive at the current reporting model by accident either. Although the majority of respondents support clarifications to the auditor’s report, the other alternatives have shown to be far more controversial. I welcome your input as the PCAOB continues to consider the ideas explored in the concept release and the public input received. The IAASB and European Commission are likewise focused on similar considerations.
As we reflect on the global policy issues, we all probably agree that audit policy choices should enhance and not diminish the reliability and usefulness of financial reporting information to investors. Auditors should maintain — in fact continuously strive to strengthen — their objectively. I also believe that it’s important to preserve their role as auditors rather than preparers of a company’s financial reporting information. It’s also important to thoroughly evaluate the consequences of, and the interaction between, any proposals and the existing regulatory foundation to ensure we do not find ourselves inadvertently weakening the strong foundation in place today. Moreover, audit policy choices can be very impactful, but should not be thought of as the solution to every problem. For example, accounting standard setters have a very important role to play in promoting useful financial reporting to investors and we need to be mindful of management and audit committee responsibilities too. Regulators have a role, of course, relative to establishing in the first instance and then inspecting and enforcing against appropriate auditing and quality control standards and rules. As gatekeepers, auditors also play an important role and it’s appropriate for us to regularly challenge this role and their performance, including whether and how their role should change.
PCAOB Oversight Over Audits of Brokers and Dealers
Before I wrap up, I know some may be interested in brief update on the SEC rulemaking related to PCAOB oversight over auditors of brokers and dealers. The Dodd-Frank Act granted the PCAOB explicit oversight authority over audits of brokers and dealers registered with the Commission. In June of this year, the Commission proposed amendments to Rule 17a-5, the rule containing the financial reporting requirements for brokers and dealers.7 Among other things, the proposed amendments are intended to facilitate the ability of the PCAOB to implement its oversight of broker-dealer audits. In July of this year, the PCAOB proposed new auditing and attestation standards that would apply to the audits of broker and dealers.8 OCA’s PPG has been working very closely with our colleagues in the Division of Trading and Markets as well as with the PCAOB on these proposals.
The SEC’s comment period closed in August and one overarching theme was commenters’ concerns with the proposed effective date, which would be for annual reports filed with the SEC for fiscal years ending on or after December 15, 2011. The Commission has not voted on a final rule, and as such, broker-dealers and their auditors should continue to look to the existing requirements in Rule 17a-5. Additionally, consistent with a Commission Interpretation issued in September 2010, broker and dealers and their auditors should continue to refer to AICPA standards, rather than PCAOB standards, until the Commission directs otherwise.9 I also encourage auditors to review the joint letter issued in November 2010 by the Director of the Division of Trading and Markets and the SEC Chief Accountant reminding auditors of their responsibilities under AICPA standards.10
Finally this morning, I’d like to encourage you to listen carefully to the remarks related to fair value measurements and the use of pricing services by both management and auditors that Jason Plourde, a member of OCA’s PPG staff, will be making on the next panel. I encourage focus by management and auditors on the adequacy of the information obtained from pricing services and the appropriateness of the judgments, disclosure and internal controls in this area. It is an area of focus for many of us as you‘ll also hear from our Division of Corporation Finance and representatives from the PCAOB tomorrow.
Thank you very much for your commitment to reliable and useful financial reporting, including your commitment to audit quality. I look forward to answering questions as part of the end of day Q&A panel.
1 See, for example, http://pcaobus.org/Rules/Rulemaking/Pages/Docket034.aspx and http://www.ifac.org/publications-resources/enhancing-value-auditor-reporting-exploring-options-change
2 See http://pcaobus.org/Rules/Rulemaking/Pages/Docket029.aspx. The comment period for this proposal ends on January 9, 2012.
3 See http://www.sec.gov/news/speech/2010/spch120610btc.htm
5 See http://pcaobus.org/Rules/Rulemaking/Pages/Docket037Comments.aspx
6 See http://pcaobus.org/Rules/Rulemaking/Docket037/Release_2011-006.pdf at 16.
7 See http://www.sec.gov/rules/proposed/2011/34-64676.pdf
8 See http://pcaobus.org/Rules/Rulemaking/Pages/Docket035.aspx and http://pcaobus.org/Rules/Rulemaking/Pages/Docket036.aspx
9 See http://www.sec.gov/rules/interp/2010/34-62991.pdf
10 See http://www.sec.gov/info/accountants/staffletters/aicpa111810.pdf