PCAOB plans further changes on inspections and quality control
Public Company Accounting Oversight Board Chairman William Duhnke said Tuesday the PCAOB with its reconstituted board is making changes in its inspections regime and quality control standards for auditing firms, while also doing more outreach to audit committees.
“Currently, the PCAOB is in the middle of significant change,” he said during a speech at an auditing conference at Baruch College in New York. “I'm pleased to speak to you today about the changes we have underway. As many of you know, I joined the PCAOB just under two years ago. When I joined, the SEC had just decided to reconstitute the entire five-member board. The five new board members joined with an understanding that we needed to take a fresh look at the organization and its strategic direction. To help with this endeavor, we thought it was crucial to hear from those most impacted by the PCAOB's work. Brand-new to our roles, we needed specific, thoughtful input from our stakeholders on where we should take the PCAOB to best accomplish our statutory mission. Through our strategic planning outreach, hundreds of our stakeholders weighed in on the direction we should take — including investors, audit committee members, academics, auditors, other regulators, as well as our own employees. We received a clear and consistent message in response: The PCAOB was ripe for change. Not incremental change, but transformational change.”
He said that as part of those changes, the PCAOB has been doing outreach to audit committees. “This year, we requested to speak with every audit committee chair,” said Duhnke. “To date, we've spoken to nearly 400. We expect to publish soon our first readout of what we heard from them in those conversations.”
The PCAOB is also planning changes in the quality control systems expected of audit firms. “Most notably, we've begun a multi-year journey of emphasizing systems of quality control in our inspections,” said Duhnke. “This year, we devoted substantial resources to understanding how the largest U.S. firms define their quality control objectives and manage the risks associated with achieving those objectives. Next year we expect to begin testing in greater depth those firm quality control systems to determine whether they are operating effectively.”
Duhnke also said the PCAOB has begun using “target teams” of inspectors to look at issues that occur across the auditing profession. “The objective of this team is to look at specific issues across the entire profession, rather than having different teams at individual firms,” he said. “This type of horizontal review gives us a more consistent and expansive view of where the profession stands with respect to high or emerging risk audit areas. In 2019, we directed our target team to perform a horizontal review of auditors' conduct and supervision of multi-location audits. We expect to continue to use the ‘target team’ approach in 2020.”
Quality control standards
When it comes to quality control, the PCAOB is likely to take a different approach than that of the American Institute of CPAs' quality control standards, which were issued in 1997, and which the board had been following.
“We are concerned that those standards, as currently written, are outdated and do not adequately promote audit quality," Duhnke said. "The audit and the audit market have fundamentally changed since the AICPA first issued its quality controls standards. Technology — enabled by data — has changed how, when, and where firms deliver audit services. Firms have modernized their corporate structures and leadership and governance approaches. They have increased the scope and scale of their complex international footprints. They have changed their audit methodologies and refined their approaches to accepting and retaining clients. And they have transformed how they monitor audit quality across their portfolios, both domestically and internationally.”
“Moreover, when the AICPA adopted the current quality control standards, audit firms were not required to audit any clients' internal controls over financial reporting,” he continued.
Duhnke said the PCAOB would be coming out with a concept release proposing changes. "At present, the board is committed to revising the current quality control standards to better meet the needs of the present and future audit environment. We are finalizing a concept release to seek input on potential changes to those standards and we will hold an open meeting later this month on the proposed concept release. In considering the approach we should take in this area, we know that we are not addressing this issue in a vacuum.”
He noted that the International Auditing and Assurance Standards Board recently proposed a standard, ISQM 1, which aims "to focus firms' attention on proactively identifying and responding to quality risks that may have an impact on engagement quality,” said Duhnke. “The proposed standard includes specific requirements related to current developments not addressed in PCAOB standards. Information gathered through our oversight, outreach, and research activities signals that future revisions to the PCAOB's quality control standards should be built on an integrated risk-based framework, similar to Proposed ISQM 1. Many firms that follow PCAOB standards also follow the IAASB standards (or standards based on the IAASB's standards), and we believe it would not be practical to require firms to comply with fundamentally different quality control standards. Indeed, unnecessary differences in standards can detract from audit quality.”
The PCAOB plans to issue its concept release later this month proposing a potential approach for revising PCAOB quality control standards.
The PCAOB is also monitoring implementation of the recent requirements for firms to disclose critical audit matters, or CAMs, and will be issuing a report on its findings.
“We are actively reviewing the initial CAMs that have been issued to date,” said Duhnke. “It is too early, however, to make meaningful observations about them. Our inspection teams have examined a sample of CAMs from large accelerated filers and we will publicly report our observations from our initial inspections and outreach as soon as possible. We'll also continue to focus on any implementation issues that arise, including as we inspect CAMs during our 2020 inspection cycle. We're also focused on analyzing the economic and other effects of CAMs by preparing an interim analysis. ... We will examine how auditors responded to CAM requirements and assess initial downstream effects of the requirements on preparers and issuers. As a secondary objective, we look to gain an initial understanding of whether (and how) investors are using CAMs.”
Less boilerplate in inspection reports
The PCAOB is also planning to overhaul its inspection reports to have less boilerplate language in them.
“We have heard that our inspections reports do not meet the needs of investors, audit committee members and other users, largely because they are too difficult to read and include too much boilerplate language,” said Duhnke. “We fully agree with that assessment. Over the past several months, we've been engaged in an effort to improve our inspections report format to make it more accessible. Next year, we will release a reformatted and redesigned report, beginning with our 2018 inspections for the largest U.S. firms. We view the changes to the report as incremental in nature and we expect to seek input on them and potential future changes.”
He noted that over the past year, the PCAOB has started to communicate more comprehensively about what it observes in its inspections. “In other words, we have made progress on moving away from simply reporting the ‘failures’ we observe. In recent staff documents, we have also published ‘good practices’ that we believe promote or enhance audit quality,” said Duhnke. “By pointing out good practices, we hope to prompt firms to find opportunities to prevent future quality issues.”
The PCAOB has also created some new positions, including a chief risk officer, chief compliance officer, chief information security officer, and several experts in project and portfolio management.
“After hiring our first chief risk officer, we launched the PCAOB's first-ever enterprise risk management program this year,” said Duhnke. “We developed formal plans and systems to identify and respond to business continuity concerns as well as other security threats and incidents. And, most recently, we developed a new suite of performance metrics that will assist us in measuring our progress towards completing our strategic goals.
"After 15 years, the PCAOB sort of developed its own internal culture, and I think the five board members have decided that it needs a refresh," Duhnke explained. "And that's what we're after. What we’ve asked them to do all across the board — all of our disciplines, not just administrative or inspections or standard-setting or what have you — is to relook at the way we do things and ask them to come up with ways to do things better so that we can produce a better result and change that culture from 'This is the way we used to do things and the way they’ve always been done' to 'How do we change things to make it better?' That's the culture shift.”
The PCAOB has been working on its first-ever human capital plan to make some of these changes. It also launched a learning management system to help staff with professional growth, and is looking to issue a new compensation and career progression philosophy.
"We've also begun to revamp how we communicate internally," Duhnke continued. "We hired an internal communications specialist and recently developed and launched the organization's first internal communications plan, with an aim of communicating more often and more effectively with all PCAOB staff.”
Duhnke was asked about some recent controversies at the PCAOB, including an editorial in The New York Times from former SEC Chairman Arthur Levitt criticizing the changes at the board and saying its mission was being compromised with a decline in inspections.
“The only people who know what's going on at the PCAOB are the people working at the PCAOB,” said Duhnke. “So let me tell you, I disagree with the vast majority of what former Chairman Levitt wrote. Our inspections ebb and flow slightly from year to year. So to say our inspections are down, they may be by one, two, three or four, but the next year they'll be up by one, two or three or four. To make some sort of sweeping conclusion about our inspections being down is incorrect. As far as the quality control, we agree, and we're trying to move as quickly as possible on that front because we believe strongly that the focus on quality control is going to generate a preventive model that we're seeking to stop the deficiencies before they happen. So we're focusing not only internally on our own standard-setting, but also working closely with the firms about how they're doing it and how they're implementing it."
"We're changing a lot of things," he continued. "We're changing the way the organization is structured. We're changing the staff that are running the operation. We're seeking a different culture and a different approach to be more effective over time. And for some people, that's not what they're seeking. And so I think what you see in some of the press articles are that response. But that's ... not the response I'm getting from our people internally.”
Accounting Today asked Duhnke about accusations that the PCAOB had become more politicized with the addition of a new board member, Rebekah Goshorn Jurata, who came from the White House, and a whistleblower complaint filed about the staff overhaul (see SEC replaces PCAOB board member with White House aide).
“I think the board is completely comfortable with the direction we’re taking,” he responded. “I think the SEC is completely comfortable with the direction we've taken. Some people obviously are not comfortable with the direction we’ve taken and have become very vocal about it. But that's not going to deter us. We’re just going to press on.”
He disagreed that the board had become more political or partisan. “I just don't know what that means,” said Duhnke. “These are all pretty professional people. I don't know what being political at the PCAOB is. … I'm not aware of any policies or decisions that are trying to be exercised by any particular political entity or not on the PCAOB. We're just doing our job.”
He also denied that the PCAOB is taking a deregulatory turn: “I think we're doing what we’re supposed to be doing, hopefully in a better way than we've been doing it before,” said Duhnke. “That's the goal.”