Remarks before the 2016 AICPA Conference on Current SEC and PCAOB Developments
Marc Panucci, Deputy Chief Accountant, Office of the Chief Accountant
Dec. 5, 2016
The Securities and Exchange Commission (“SEC” or “Commission”), as a matter of policy, disclaims responsibility for any private publication or statement by any of its employees. The views expressed herein are those of the author and do not necessarily reflect the views of the Commission, individual Commissioners, or of the author’s colleagues upon the staff of the Commission.
Good morning and thank you for the kind introduction. I am honored to be here with you today as the Deputy Chief Accountant for OCA’s Professional Practice Group (PPG).
First, I would like to thank Brian Croteau for his six years of excellent service to the Commission as my predecessor in this role. Brian’s work related to overseeing the activities of the Public Company Accounting Oversight Board (PCAOB), managing the resolution of auditor independence matters, consideration of matters related to requirements for internal control over financial reporting (ICFR), and monitoring audit and independence standard-setting internationally has been instrumental in support of the Commission’s mission.
As Deputy Chief Accountant, I hope to build upon the success that Brian and the team have achieved. Brian always acknowledged the talent and dedication of the PPG team, and in my short time working with the group, I understand why. I am truly privileged to return to this talented group that is committed to the Commission’s mission.
This morning I’ll address three of the areas that continue to be of importance to PPG: ICFR, Independence, and PCAOB matters.
Internal Control over Financial Reporting
First, I would like to discuss an area that continues to attract the attention of the SEC and PCAOB staff: ICFR. As Wes Bricker mentioned this morning, we are reminded regularly of the importance of ICFR to investors. Timely identification, appropriate evaluation, and accurate disclosure of material weaknesses are, of course, predicated on an appropriate assessment of ICFR by management and on an effective audit by the independent auditor, when applicable. The nature and frequency of ICFR inspection findings has drawn attention from various stakeholders who have raised questions regarding the potential causes of these inspection findings. In response, OCA staff members, together with our colleagues from the Division of Corporation Finance, participated as observers in a number of outreach meetings held by the PCAOB with various stakeholders to discuss issues involving ICFR assessments. The discussion of ICFR among the various stakeholders will continue with a panel later today, in which Kevin Stout, a Senior Associate Chief Accountant in PPG, will participate. Before the panel discussion, I would like to share a few thoughts.
As discussed at last year’s conference and in various other forums since that time, SEC staff has encouraged management, audit committees and auditors to engage in regular dialogue on ICFR assessments. Timely and effective communication between these parties on ICFR matters remains of continued importance, not only for accurate assessments of ICFR, but also ultimately for more reliable financial reporting for the benefit of investors.
In addition, ICFR remains a significant area of focus at the Commission, including through OCA’s coordinated efforts with the Divisions of Corporation Finance and Enforcement. For example, the Division of Corporation Finance continues to monitor ICFR disclosures and raise questions in its reviews of registrants’ filings when appropriate. In addition, SEC enforcement actions include consideration of ICFR where warranted, including a case earlier this year that focused on an inadequate evaluation of the severity of an identified control deficiency. The case included charges against the issuer, members of management, the audit partner, and the company’s consultant. These efforts demonstrate the integration of internal control considerations into the staff’s work. From my perspective, some of the important takeaways from these efforts include:
- First, management has the responsibility to carefully evaluate the severity of identified control deficiencies and to report, on a timely basis, all identified material weaknesses in ICFR. Any required disclosure should allow investors to understand the cause of the control deficiency and to assess the potential impact of the identified material weakness.
- Second, it is important to maintain competent and adequate accounting staff to accurately reflect the company's transactions and to augment internal resources with qualified external resources, as necessary. Qualified accounting resources and appropriate processes and controls will be of vital importance in connection with the adoption of the new accounting standards that Wes Bricker discussed earlier today.
- And finally, management has to take responsibility for its assessment of ICFR. That responsibility cannot be outsourced to third party consultants. At the same time, third party consultants can play an important and critical role when assisting management in its evaluation of ICFR.
Because of the importance of ICFR assessments to investors, the staff remains keenly focused on this topic and, in coordination with the PCAOB, is committed to being part of the dialogue related to challenges that may remain in this area.
Next, I would like to make a few comments regarding auditor independence. Independent auditors have an important public trust and investors expect auditors to act in an unbiased and objective manner. We continue to receive several hundred consults each year covering a broad range of independence topics. Notably, this year’s consultations included an uptick in questions concerning relationships and/or services not specifically prohibited in Rule 2-01(c) of Regulation S-X, but which require consideration under the general standard and the underlying principles described in the preliminary note to the independence rule.
Wes Bricker noted earlier that an auditor would impair its independence anytime it provides a specifically prohibited service, and reminded auditors and their audit clients to also consider whether services or relationships not specifically addressed in the independence rule may nonetheless be independence impairing. Specifically, I want to remind everybody that consideration should be given to whether any relationship or service to be provided by an auditor:
- Creates a mutual or conflicting interest with its audit client;
- Places the auditor in a position of auditing their own work;
- Results in the auditor acting as management or an employee of the audit client; or
- Places the auditor in a position of being an advocate for the audit client.
These concepts are important to keep in mind not only at the time the company’s audit committee pre-approves any permissible non-audit service, but also throughout the delivery of the service, considering that engagement “scope creep” could result in the service impairing the auditor’s independence. As always, OCA is available to consult with issuers and auditors concerning matters related to auditor independence, including those related to any service or relationship not explicitly addressed in the independence rule that could nonetheless raise concerns in applying the general standard.
In the past, concerns have been raised related to the growth of audit firms’ consulting practices and how it might impact independence and audit quality overall. This continues to be an important area to monitor as audit quality and independence are critical to investors’ confidence in the audit. The growth of audit firms’ consulting practices also raises broader considerations related to the audit firms’ business models going forward. In this regard, I believe it is critically important for audit firms to remain committed to their audit practice. In reading certain of the audit firms’ audit quality reports, they acknowledge the importance of the audit practice in a multi-disciplinary structure, and believe it strengthens the firms’ ability to conduct an audit, which is critical to their brand. The PCAOB’s recently-issued strategic plan identifies the firm’s multi-disciplinary structure as an emerging threat that they will continue to monitor, given the potential implications for auditor independence and audit quality. I believe this is an area that merits continued attention as a sustainable and viable audit profession is critically important for investors.
Last, I would like to turn to the PCAOB. I understand that in 2016 the PCAOB began to implement changes to its standard-setting process which are aimed at improving efficiency and effectiveness. The SEC staff has seen positive changes to date and is committed to working with the PCAOB as it continues the implementation of its changes.
The PCAOB has also continued to update certain of its interim auditing standards adopted in 2003. In addition to the active standard-setting projects, the PCAOB is focused on potential implications to audit quality related to new and emerging risks. As Wes Bricker noted earlier today, the PCAOB discussed its planned research agenda at its SAG meeting last week, including its consideration of topics such as the use of data and technology in audits and other information and company performance measures. I believe the topics discussed by the PCAOB at the SAG meeting are important issues to gather and analyze further information to determine the appropriate next steps, which may include standard-setting.
Another way the PCAOB addresses potential risks to audit quality is through monitoring the implementation of its recently-adopted auditing standards. Jennifer Todling, a Professional Accounting Fellow in PPG, will discuss later this morning on the OCA Current Projects panel considerations for various stakeholders to be actively involved in the implementation of PCAOB standards. I believe active involvement by the various stakeholders strengthens audit firms’ implementation of new auditing standards and enhances audit quality.
The PCAOB’s continued focus on audit quality extends beyond its standard-setting activities, such as, the PCAOB inspection and enforcement programs. In particular, the PCAOB has implemented enhancements to its risk-based approach to inspections, such as, introducing randomization, which may result in increasing the usefulness of inspection results in assessing the overall state of audit quality and trends. In addition, the PCAOB continues to inspect auditors of broker-dealers under its interim inspection program, perform outreach, and issue general reports. At least annually, public reports related to inspections of audits of broker-dealers provide important information, including the nature and frequency of inspection findings. I have witnessed the PCAOB’s continuous enhancements to its inspection program and believe it has been integral to improving audit quality. As for the PCAOB enforcement program, it continues to investigate and discipline registered audit firms and associated persons where warranted.
I look forward to working with the PCAOB in considering our shared goals of investor protection and improving audit quality.
Thank you for your attention. I look forward to answering any questions you may have during the end of day Q&A panel this afternoon.
 See, Remarks Before the 2015 AICPA National Conference on Current SEC and PCAOB Developments, December 9, 2015 — James V. Schnurr, Chief Accountant, available at: https://www.sec.gov/news/speech/schnurr-remarks-aicpa-2015-conference-sec-pcaob-developments.html;
See, Remarks before the 2015 AICPA National Conference on Current SEC and PCAOB Developments, December 9, 2015 — Brian T. Croteau, Deputy Chief Accountant, available at: https://www.sec.gov/news/speech/croteau-2015-aicpa.html;
See, Remarks before the 12th Annual Life Sciences Accounting and Reporting Congress, March 22, 2016 — James V. Schnurr, Chief Accountant, available at:
See, Remarks before the 35th Annual SEC and Financial Reporting Institute Conference, June 9, 2016 — Wesley R. Bricker, Deputy Chief Accountant, available at:
 See e.g., SEC Press Release 2016-48, SEC Charges Company and Executives for Faulty Evaluations of Internal Controls (Mar. 10, 2016), available at https://www.sec.gov/news/pressrelease/2016-48.html.
 See Preliminary Note to Rule 2-01 of Regulation S-X
 See e.g., Remarks before the NYSSCPA SEC Conference, October 25, 2016 — Steven B. Harris, PCAOB Board Member, available at: https://pcaobus.org/News/Speech/Pages/Harris-speech-NYSSCPA-10-25-16.aspx
 See e.g., Deloitte LLP, 2015 Audit Quality Report, available at: https://www2.deloitte.com/content/dam/Deloitte/us/Documents/regulatory/us-regulatory-deloitte-touche-llp-audit-quality-report-2015.pdf
See, KPMG LLP, 2015 Our Investment in Audit Quality, available at: https://assets.kpmg.com/content/dam/kpmg/pdf/2016/04/our-investment-in-audit-quality.pdf
See, PricewaterhouseCoopers LLP, 2016 Our Focus on Audit Quality, available at: http://www.pwc.com/us/en/audit-assurance-services/publications/assets/pwc-audit-quality-report-2016.pdf
 See, Public Company Accounting Oversight Board Strategic Plan: Improving the Quality of the Audit for the Protection and Benefit of Investors 2016 — 2020, available at: https://pcaobus.org/About/Administration/Documents/Strategic%20Plans/2016-2020.pdf