Technological changes are already making an impact on how auditing firms are carrying out their audits.
The Center for Audit Quality and the U.S. Chamber of Commerce’s Center for Capital Markets Competitiveness co-hosted a virtual event Wednesday examining the future of audit quality and how it’s being affected by developments in auditing software.
“Since the passage of Sarbanes-Oxley, or SOX for short, restatements have fallen, and some overseas, such as the U.K. and Germany, are looking to the American system as a path forward to improving audit quality,” said Tom Quaadman, executive vice president of the Center for Capital Markets Competitiveness. “Legislative requirements to regulatory implementation of SOX, the creation of the PCAOB, have been important, but other developments get overlooked. Auditors no longer pore over ledger books. Instead they are using cutting-edge technologies to strengthen the audit and provide investors with more and higher-quality information.”
The audit profession has relied heavily on technology during the COVID-19 pandemic to do audits remotely. “Looking back at the past 18 months, despite the uncertainty in the economy and the unprecedented disruption in business operations, companies and boards have continued to deliver transparent financial reporting,” said Kelly Grier, U.S. chair and Americas managing partner at Ernst & Young. “Audit teams have risen to the challenge and evolved, fulfilling their commitment to deliver high-quality audits and serve the public interest, which is at the heart of our responsibilities as auditors, and the profession has remained very steadfast and focused on investing in the future.”
Like EY, PricewaterhouseCoopers has worked to develop cutting-edge auditing technology. “We invest heavily in technology so that we’re able to test what management is doing in their core systems as well,” said Wes Bricker, vice chair and U.S. Trust Solutions co-leader at PwC, and a former chief accountant at the Securities and Exchange Commission. “Machine learning is one example. Scanning contracts, understanding the key terms within those contracts, how it lines up with the accounting literature as we’re evaluating and adding confidence to the reporting within financial statements and those disclosures. It really starts with data. As a firm, PwC has invested in this heavily to make sure that we’re analyzing full populations where it’s relevant and where it’s appropriate. It’s a little bit like when the tide goes out and you see everything on the ocean floor. You can see everything on the ocean floor perhaps by sampling, and that’s a relevant technique, but if you can take all of the water out or if you can look at all of the transactions within your system, you can not only better identify risk and conduct a risk assessment, but you can also better understand the contours: what’s the nature of the activity, what should we focus on and what should we be communicating, either to management, providing feedback, or to the audit committee or to stakeholders through our audit report.”
The panelists also discussed the impact of the Sarbanes-Oxley Act of 2002, which led to the creation of the Public Company Accounting Oversight Board and other requirements for audit firms. “I believe that SOX did make some real positive contributions to the culture and the behavior at publicly traded companies,” said Jeff Mahoney, general counsel at the Council of Institutional Investors. “Many investors agree that the officer certification requirements in SOX — even though those are sometimes challenged in litigation by certifying officers — those requirements I believe increase the level of personal responsibility of many company officers with respect to the quality of their company’s financial reports. And second, the internal control requirements of SOX, including 404(b), have in my view improved the reliability of companies’ internal control disclosures to investors and the public, and the overall quality of financial reporting.”
Sarbanes-Oxley also led to more education about the importance of financial controls. “We were able to educate anybody that had a relatively senior role in the organization,” said Kathy Waller, former CFO of Coca-Cola. “They knew exactly what they needed to do. They understood the certifications. They understood what it meant to certify and what was on the line. So from my perspective it took a great culture to begin with and enhanced it because people were more aware and they were certainly more focused on getting to that appropriate disclosure at the end.”
CAQ CEO Julie Bell Lindsay asked Dan Goelzer, a founding member of the PCAOB, about the recent changes at the board, where SEC chairman Gary Gensler has decided to replace virtually all the board members (
Goelzer first listed several things that he thinks the PCAOB has done right, including its inspection program, particularly when it comes to audits of internal controls over financial reporting and judgments on whether an engagement team had gathered sufficient evidence to support its opinion, as well as how it handled inspections of non-U.S. audit firms, including those in China. But he would like to see the future board members, when they’re eventually appointed, focus on several items on the agenda.
“The PCAOB has to be more transparent about what its policy goals and standard-setting objectives are,” said Goelzer. “There’s been a lot written about the fact that it disbanded two advisory groups that had operated for a number of years. I think the public has been left a bit more in the dark about what the board’s priorities and objectives are and I hope that will be corrected because confidence in auditing and the profession depends a lot on confidence in the PCAOB, and that depends on transparency about its work. Second, I think the PCAOB needs to do something to revitalize its standard-setting program. When we started the board, we envisioned that we adopted the existing AICPA auditing standards and over time we would go through all those standards, modernize them or determine whether revisions were necessary. That was done to some degree, but in the last few years the board really hasn’t done a lot of standard-setting in core auditing areas, and in particular I don’t think it’s done as much as it needs to in terms of updating the standards to address the technology revolution in auditing.”
He would also like to see changes in the inspection reports. “Third, I think the board ought to think about more transparency with respect to inspection reports,” said Goelzer. “The prior board did take some steps in that direction. But I think today it’s hard for readers to get a sense of how serious or how far-reaching particular part 1 audit deficiencies are. I think this is something that might be integrated with audit quality indicators that the prior panel referred to. By including those in the inspection report, readers might get a better idea of how well firms are doing, rather than getting readers to count the number of part 1 deficiencies and make comparative judgments based on that. Fourth, I think it’s important that the PCAOB modernize its quality control standards. It’s put out a concept release on that subject, but quality control is obviously fundamental to what the firms do, and I think the PCAOB needs to move ahead with that project. Fifth, perhaps less popular with the profession, but I think the PCAOB needs to ask Congress to make its enforcement process more transparent. Today PCAOB enforcement cases are nonpublic until they’re resolved. I think that hampers the PCAOB’s work and efforts. It makes the SEC more reluctant to let the board pursue cases which the commission might also pursue itself.”
