Print this article | Return to Article | Return to CFO.com
A behind-the-scenes look at the accounting oversight board's auditor inspections reveals why they're so hush-hush.
Sarah Johnson, CFO.com | US
January 26, 2007
As the audit firms' watchdog, the Public Company Accounting Oversight Board is required to release publicly what it finds during its inspections process. But how much to reveal?
The sometimes conflicting demands of effective correction of auditor missteps and the public's right to know creates a "double-edged sword" for the oversight board, according to Susan Lister, national director of audit policy at one of the largest auditors, BDO Seidman. Under the Sarbanes-Oxley Act, the names of the auditors' clients must remain confidential, leaving the PCAOB to strip their public reports of any identifying information. At the same time, this leaves the organization open to criticism about its own lack of transparency.
For an article about what is and isn't shared in the PCAOB's inspections reports, particularly of the Big Four, board member Charles Niemeier responded to CFO.com's questions by E-mail. His remarks amount to a rare inside look at the oversight board's inspections process.
What can the 2005 inspections reports on the Big Four tell us about the audit firms? Are they performing well, or do they have a lot of work to do to improve?
The reports are not designed or intended to rate firms according to a scorecard. Rather, they are intended to focus firms on areas where they can improve. That said, after several years of watching changes and developments in auditing practices, I feel comfortable saying the firms have come a long way in identifying and addressing risks to their audit quality, as a part of our inspections as well as on their own. They can still improve further, and in any event need to remain vigilant against new risks. But I will also repeat what I and others have said since the PCAOB began its annual reviews, which is that each of the firms is capable of the highest-quality auditing.
Accounting experts have said the PCAOB inspections reports are useful as learning tools for audit firms, but they don't seem to be as useful for the public — meaning that at first glance, they seem to render negative judgments. What's your response to that criticism? For example, the 2003 reports helped to put the findings in context by clarifying they should not be used as "balanced report cards" or "ratings tools" — have you thought about putting that language back in later reports?
The primary purpose of PCAOB inspections reports is to further the dialogue between the board and the firm about areas where the firm can improve its auditing. The board explained this principle in its first-ever inspections reports in connection with its 2003 inspections, and it remains applicable to subsequent inspections reports. It's an interesting suggestion to consider repeating that explanation on a year-to-year basis.
What is the true intention of releasing the reports publicly (besides it being a requirement)? It seems natural that people want to read them to grab a takeaway about their firms' performance. Should they not use the reports that way? Why not?
The point of releasing reports publicly is to comply with the Sarbanes-Oxley Act's instruction that the board release portions of its reports "in appropriate detail," subject to a number of confidentiality restrictions. One of those restrictions prohibits the board from disclosing quality-control defects or criticisms unless the firm fails to remediate those defects or criticisms within one year. This is a powerful incentive for firms to remediate, and reflects a legislative judgment that reports should be used as a tool to drive quality improvements inside firms as opposed to a ratings system for public use.
What is the logic in not revealing how many issuers are looked at for each Big Four firm?
In my view, it's not a relevant figure and in some respects could encourage misleading, superficial comparisons between firms. The PCAOB does not use a predetermined number of audits to review in planning for its inspections. Nor do inspections look at any individual audits in their entirety. Rather, inspections cover targeted sections of audits based on the PCAOB's assessment of audit risks at each firm.
Can more identifying information be added to these reports, such as a very vague description of an issuer (for example, if an issuer was a huge company, you could give a rough estimate of its revenues so people would understand it may require tougher audits)?
To my mind, all companies and their investors deserve high-quality audits, not just large companies. Emphasizing the audit of a large company as more important could send both the firm and the public the wrong message. Further, I don't think disclosing information about issuers would be consistent with the Sarbanes-Oxley Act's confidentiality requirements. Thus the public parts of inspections reports purposefully exclude this information.
Has the PCAOB thought about making a summary about each firm, similar to a Good Housekeeping seal (such as by giving a letter grade, or saying something like, "Overall, this firm is doing very well and has just a few areas to work on....")?
The fundamental objective of inspections reports is to facilitate the PCAOB's dialogue with individual firms to identify and find ways to address risks to the firm's audit processes. Through the report, the board zeroes in on certain issues for the firm to address. There would be little value in diverting inspections resources away from areas that may present risks in order to identify things that don't present risk and so don't require specific attention by the firm.
Are the number of the audit deficiencies that came out of the big accounting firms what could be expected? Do you predict a certain percentage of deficiencies when going into a firm?
The PCAOB doesn't approach inspections with preconceived expectations about the number or percentage of deficient audits that an inspection may find.
Has the PCAOB ever given a completely clean report (meaning it found no mistakes at an accounting firm)? Is that possible?
The PCAOB has done so on a number of occasions after inspections of small firms. Also, in larger firm inspections, even now PCAOB inspections find no errors in some audits and practice areas it selects for review. I think it's reasonable for firms to shoot for no errors in any aspect of its audits, but given the complexity of the large firms' audits, I think it would be unrealistic to expect a day when neither the PCAOB nor the firms themselves find audit risks that merit attention on a going-forward basis.
Have you noticed progress? Have firms used your reports as a learning tool to make changes in their process?
I'm a big believer in the remedial dialogue envisioned and established by the Sarbanes-Oxley Act, and after more than three years of conducting inspections, I think both our inspections and firms' own initiatives are driving improvements. That doesn't mean firms don't still have further to go. Nor does it mean that new challenges won't continue to require vigilance to maintain high audit quality.
What are the benefits to focusing on the most high-risk areas and high-risk clients? Are you more likely to turn up audit deficiencies?
Reviewing higher-risk areas of audit practice and higher-risk aspects of individual audits is more likely to identify matters firms should focus on to maintain or improve audit quality. Individual audit deficiencies are not inevitable, though, and I would expect even in higher-risk areas that firms adequately address the risk in their audit. That's what good auditing is about. They don't always do so, and when they don't, the PCAOB inspection focuses them on correcting the deficiency and preventing recurrence.
How are those high-risk areas determined?
Risk changes and thus requires reevaluation every year. A company that has had several restatements to correct errors in the past year could present some red flags. Another example is complicated or obtuse accounting and disclosure.
PCAOB board member Bill Gradison has said the PCAOB is trying to preserve the integrity of the accounting profession. How can the PCAOB further reach that goal?
The Sarbanes-Oxley Act charges the PCAOB to protect the interest of the investing public in informative, accurate, and independent audit reports on public company financial statements. The PCAOB can be a catalyst for positive change, and may be in some respects a guiding light, but it's up to the profession to preserve its integrity.
How do you respond to complaints about the timeliness of these reports? Is there a staffing issue or a backlog of inspections?
Looking at the program as a whole today, I don't understand there to be a backlog. There has not been any delay in the performance of inspections, and the development of inspections reports has not interfered with the PCAOB's ability to communicate with the firms in any way. Although the PCAOB has met significant challenges in hiring the accountants it needs to conduct inspections, I believe the timing of reports has been due more to internal operational processes, such as the need to develop from a blank page an approach to reporting on an inspections process that itself was new. While I wouldn't rule out minor tweaks along the way, this approach is now fairly well established. Of course, after field work is completed, inspectors do engage in considerable dialogue with firms to discuss matters identified in field work, and under the statute, firms will always have 30 days to review their draft report before issuance. But at this point, the time between completion of an inspection and issuance of a report should be shorter in the future.
When do you start inspections again for the Big Four?
The PCAOB generally commences inspections procedures at the large firms in the spring. Planning for those inspections commences sufficiently in advance of that time. The first annual inspections of the four largest firms was in 2003, so 2007 will be the fifth year. During 2007, we will be looking primarily at audits performed in 2006.
Is the PCAOB changing the outline of the inspections reports for 2006? What has the PCAOB decided works and what doesn't for these reports?
The PCAOB's inspectors have only just completed 2006 field work, but at this time at least I'm not aware of any plans to change the outline of inspections reports. I think the existing model adequately conveys to firms the areas they need to focus on for improvement. I think your suggestion that the PCAOB include the contextual background that it provided in its first reports is worth considering, though.