Video
Have you seen evidence that auditors are taking the initiative?
I tell accounting firms that the American people have lost confidence in the profession. That's why we inspect them. It's irrelevant if they think that's a bum rap; we represent the public interest. If they are caught, say, giving tax-shelter advice — and there's a whole new series of stories about XYZ firm giving tax-shelter advice — the American people will decide those firms do not have the judgment to be trusted. So my very strong advice is, don't do the stuff that will lead to that conclusion. Are we seeing progress? Yes. Was Rome built in a day? No. But the trend is right.
You're now conducting full-scale inspections of the auditing firms. What do they entail?
Last year, the PCAOB did limited inspections. The statute requires annual inspections of any firm that does more than 100 public audits. So this year, we will be doing much more thorough inspections of the Big Four, plus the other four American accounting firms that audit more than 100 public companies. Once every three years, we are also required to inspect all other auditors of public companies.
Part of the work will be a very intense look at the overall management and conduct of the firm, what we call "tone at the top." Are they getting the message across that audit is their most important product? Are good auditors being compensated for being good auditors — not for bringing in collateral business, the cancer that destroyed Arthur Andersen?
We will also be looking at individual audit engagements. Last year we examined 16 in each Big Four firm. This year we will be doing several hundred each. The reviews are very thorough. We review the work papers, interview the engagement partner, the partner that reviewed the engagement partner's work, and then talk with people involved in the audit, to see whether this message of absolutely high-quality audits is being carried to the rank and file.
Will the interview extend to the people who are being audited — the companies?
Generally not. Last year there were telephone discussions in quite a number of cases with the chairpersons of some audit committees. This year [the issuers audited] will be slanted heavily toward high-risk engagements, and a random sample of others. But, generally speaking, we will be looking at the auditor rather than the auditee.
Obviously, these inspections are supposed to identify what needs to be changed. What in your view will constitute a weakness?
All kinds of things. Let's say we discover that the issuer has made what appears to be an accounting mistake. Since we are not in the accounting-theory business but rather the audit business, we would say to the auditor and the issuer, "We question your application of GAAP." Then, if they wished to appeal to a different authority, they could go to the SEC.
On the other hand, if we felt that the audit firm simply was not conducting very high-level audits, that would be a quality issue. Depending on the gravity of it, we would say, "This is so serious we will [open] an investigation with the possibility of an enforcement action," or, "We want this fixed within the next 12 months and the details will remain confidential." Our capabilities [range] from quiet advice to putting them out of business.
You say that you won't be talking to clients. Yet some CFOs are preparing their finance staffs for PCAOB audits as well as potential SEC inspections.
They are making a leap that I'm not sure I agree with. It would happen if we were so confused by what was going on in an audit that we simply had to go to the issuer. But it certainly wouldn't be a frequent event.
How do you respond to auditors' insistence that it isn't their job to detect fraud?
We have a very clear view that it is their job. If we see fraud that wasn't detected and should have been, we will be very big on the tough and not so [big] on the love.
Ultimately, is there a silver bullet for preventing fraud?
To have auditors understand that, with relatively few exceptions, they should find it. To me, the relatively few exceptions are those cases where you would have some extremely dedicated, capable crooks. In most cases, though, the crooks are either not that smart or they don't cover their tracks that well.
The firms have a 12-month window to fix weaknesses without disclosing them. Companies don't receive the same treatment under Section 404. Isn't that a double standard?
That aspect of the statute is clearly controversial. The positive side is that 12 months is not a very long time, and therefore it puts tremendous pressure on the audit firms to get things fixed. But should the statute have been written so that [weaknesses] are immediately cleared with the public? I don't know, because I didn't write the statute. I deal with it as it was written. [Overall, however,] I think the algebraic total is that it's a good thing.
Did you anticipate how all-consuming Section 404 would be for companies?
For companies with strong internal controls, essentially they have to document them; that is not all-consuming. If, on the other hand, a company does not have particularly good internal controls, my attitude is that they should have. I don't have a lot of sympathy for the scrambling they have to do. I have great sympathy for the small and midsize companies that in some cases actually have very good internal controls, but are much less formal than a large, complicated company.
Reader Comments» Post a comment