Currently, the PCAOB is in the middle of a significant change. As many of you know, I joined the PCAOB just under two years ago. When I joined, the SEC had just decided to reconstitute the entire five-member board. The five new board members joined with an understanding that we needed to take a fresh look at the organization and its strategic direction. To help with this endeavor, we felt it was crucial to hear from those most impacted by the PCAOB’s work. Brand-new to our jobs, we needed specific, thoughtful input from our stakeholders on where we should take the PCAOB to best accomplish our statutory mission.
Through our strategic planning outreach, hundreds of stakeholders weighed in on the direction we should take, including investors, audit committee members, academics, auditors, and other regulators, as well as our own employees. We received a clear and consistent message in response: the PCAOB was ripe for change—not incremental change, but transformational change.
Our own assessment of the PCAOB led us to the very same conclusion: we needed to become more effective in improving audit quality. We needed to be more innovative in how we approach our oversight. We needed to engage more often and more directly with investors, audit committees, and other stake-holders. We needed to mature our internal operations, streamline our business processes, and dramatically improve our risk and security posture. And last, but certainly not least, we needed to enhance our culture and cultivate a higher performing work-force.
In unanimously adopting our strategic plan in 2018 and reaf-firming it just two weeks ago, the board expressed a collective commitment to that vision. As a board, we have committed to transforming the PCAOB into a trusted leader that promotes high-quality auditing through forward-looking, responsive, and innovative oversight. We fully intend to stay the course.
By providing assurance over financial statements, the audit serves an essential role in our capital markets. It is well understood that without high-quality, reliable financial information, capital markets do not function efficiently or effectively. The board is committed to driving continuous improvement in the quality of audit services. We fulfill that commitment through our work in inspections, enforcement, and standards setting.
Inspections
Our inspections program is our most public-facing activity. Currently, we are in the midst of a multiyear effort to improve the effectiveness and efficiency of that program.
Through our outreach and engagement activities, we have heard that our inspections reports do not meet the needs of investors, audit committee members, and others, largely because they are too difficult to read and they have too much boilerplate language. We fully agree with that assessment.
Over the past several months, we’ve been engaged in an effort to improve our inspections report format to make it more accessible. In 2020, we will release a reformatted and redesigned report, beginning with our 2018 inspections for the largest U.S. firms. We view the changes to the report as incremental in nature, and we expect to seek input on them and potential future changes. This is a work in progress, and we plan to continue to refine the report over the coming years.
We have also started to communicate more comprehensively about what we observe in our inspections. In other words, we have made progress in moving away from simply reporting the failures that we find. In recent staff documents, we have also published good practices that we believe promote or enhance audit quality. By pointing out good practices, we hope to prompt firms to find opportunities to prevent future quality issues.
Of course, identifying good practices also requires changes to how we conduct our inspections. Most notably, we’ve begun a multiyear journey of emphasizing systems of quality control in our inspections. In 2019, we devoted substantial resources to understanding how the largest U.S. firms defined their quality control objectives and managed the risks associated with achieving those objectives. In 2020, we expect to begin testing those quality control systems in greater depth to determine whether they are operating effectively.
We also deployed our first-ever target team of inspectors in 2019. The objective of this team is to look at specific issues across the entire profession, rather than having different teams at individual firms. This type of horizontal review gives us a more consistent and expansive view of where the profession stands with respect to high or emerging risks in the audit areas. We directed this target team to perform a horizontal review of auditors’ conduct and supervision of multilocation audits. We expect to continue to use the target team approach in 2020.
One final note relates to how we conduct inspections. In 2019, we significantly increased our interaction with audit committees during the inspection process. Historically, we spoke to only about 10% of audit committee chairs for the issuers whose audits we selected for inspection. This year, we requested to speak with every single audit committee chair. To date, we have spoken to nearly 400. We expect to publish soon our first readout of what we heard from them in those conversations. By communicating more directly and more often with audit committee members, we firmly believe we can enhance our effectiveness, and hopefully theirs as well.
During 2019, we made another significant change to our inspections program, albeit an internal one. We formed a new team known as the inspections quality group. For the first time, the PCAOB is examining the way we conduct our inspections. We have tasked this group, staffed by experienced inspectors, with ensuring the consistency, quality, and effectiveness of our inspections activities. The group’s efforts will touch the entire inspections life cycle, from methodology to execution to reporting to remediation.
The early returns from the inspections quality group have been eye opening. In particular, they have confirmed the need for us to monitor the consistency, quality, and effectiveness of our inspections work on an ongoing basis. If we are to demand consistent, high-quality audits, we must conduct consistent, high-quality inspections.
Historically, we spoke to only about 10% of audit committee chairs for the issuers whose audits we selected for inspection.
Enforcement
As part of the board’s strategic plan, we affirmed our commitment to enforcing accountability and deterring improper conduct. When registered firms and their associated persons violate PCAOB standards and rules, we will take prompt action to hold them accountable. Currently, we are prioritizing our enforcement efforts to address those issues that pose the greatest risk to investors and are most likely to deter improper conduct.
Most recently, the board has placed a renewed emphasis on investigating significant audit failures, and we have issued several settled orders in priority matters in 2019. Those matters cover violations related to auditor independence, ICFR [internal control over financial reporting] audits, quality control systems, engagement quality reviews, and other important areas of the audit.
Unfortunately, we also continue to see instances where firms and their associated persons failed to cooperate with board inspections and enforcement activities. We have issued sanctions in a number of noncooperation matters during 2019, and we will continue to focus on this area moving forward.
Standards Setting
I’ll now turn to our standards-setting efforts, beginning with our project on quality control systems. The board views a strong system of quality control as crucial to promoting consistent, high-quality audits. We also view it as foundational to our shift towards a more preventative regulatory approach. We believe the quality of audit services will continue to improve if firms focus on identifying and mitigating the risks that they face in effectively executing the audit.
In my view, our current quality control standards do not adequately prompt firms to do that, as evidenced by what we continue to observe in some of our inspections. At present, the PCAOB uses quality control standards that the AICPA developed and issued in 1997. Those standards require registered firms to design and implement a quality control system that provides reasonable assurance that their personnel comply with applicable professional standards and the firm’s standards of quality.
We are concerned that those standards, as currently written, are outdated and do not adequately promote audit quality. The audit and the audit market have fundamentally changed since the AICPA first issued its quality control standards. Technology enabled by data has changed how, when, and where firms deliver audit services. Firms have modernized their corporate structures and leadership and governance approaches. They have increased the scope and scale of their complex international footprints. They have changed their audit methodologies and refined their approaches to accepting and retaining clients. And they have transformed how they monitor audit quality across their portfolios, both domestically and internationally.
Moreover, when the AICPA adopted the current quality control standards, audit firms were not required to audit any client’s internal controls over financial reporting. The PCAOB did not exist. Against the backdrop of these significant changes, we believe the current standards may not be sufficiently resilient to remain relevant.
The board is committed to revising the current quality control standards to better meet the needs of the present and future audit environments. We are finalizing a concept release to seek input on potential changes to those standards, and we will hold an open meeting later this month on the proposed concept release.
We know that we are not addressing this issue in a vacuum. The IAASB recently proposed a standard, ISQM [International Standard on Quality Measurement] 1, which is designed to focus firms’ attention on proactively identifying and responding to quality risks that may have an impact on engagement quality.
The proposed standard includes specific requirements related to current developments not addressed in PCAOB standards. Information gathered through our oversight, outreach, and research activities signals that future revisions to the PCAOB’s quality control standards should be built on an integrated risk-based framework similar to the proposed ISQM 1.
Many firms that follow PCAOB standards also follow the IAASB standards, and we believe it would not be practical to require firms to comply with fundamentally different quality control standards. Indeed, unnecessary differences in standards can detract from audit quality. We plan to address these and other issues by considering later this month the issuance of a concept release on a potential approach for revising PCAOB quality control standards. We hope to obtain a diverse set of perspectives on the concept release. We encourage your participation in the process and look forward to receiving your comments.
Let me briefly touch on some of our other standards-setting activities. We have finally begun to see the first audit reports that include critical audit matters [CAM]. We are actively reviewing the initial CAMs that have been issued to date. It is too early, however, to make meaningful observations about them. Our inspection teams have examined a sample of CAMs from large accelerated filers, and we will publicly report our observations from our initial inspections and outreach as soon as possible.
The board is committed to revising the current quality control standards to better meet the needs of the present and future audit environments.
We will also continue to focus on any implementation issues that arise, including as we inspect CAMs during our 2020 inspection cycle. We’re also focused on analyzing the economic and other effects of CAMs by preparing an interim analysis. The primary objective of that analysis is to evaluate whether early evidence from CAM implementation suggests significant costs or unintended consequences. We will examine how auditors respond to CAM requirements and assess initial downstream effects of the requirements on preparers and issuers.
As a secondary objective, we look to gain an initial understanding of whether and how investors are using CAMs. It’s important to note that the interim analysis will not be an evaluation of the overall effect of the auditor’s reporting model. Some potential effects may take additional time to materialize or stabilize. We do, however, expect to address the overall effect of the standard through our broader post-implementation review, which will take more time to complete.
I’ll address one final point related to our standards setting. While the PCAOB has historically issued staff guidance, we have been working to make our staff guidance timelier and more useful. For example, we issued a series of CAM guidance documents to provide answers on frequently asked questions as auditors were implementing the new requirements. We plan to continue to take this proactive approach in all aspects of our oversight work, as we aim to be more transparent and accessible. We welcome your feedback on our efforts and are always open to suggestions.
Emerging Technologies
I’ll turn now to our second strategic priority. The board understands the audit environment is changing and is committed to anticipating and reacting to the corresponding risks and opportunities. We have focused significant resources on understanding those technologies that most affect auditing and financial reporting. We have a team within our Office of the Chief Auditor dedicated to monitoring the development and implementation of emerging technologies and analyzing the implications of those developments for our auditing standards.
We strongly believe that our standards, as well as our other oversight activities, should not impede innovations that support the preparation of informative, accurate, and independent audit reports. In general, we have heard that our current standards do not impede the use of technology; at the same time, we have also heard that our standards do not explicitly encourage the use of technology.
Technology advancements are not uniform across the audit marketplace. The largest firms are investing heavily in new technology-enabled tools and techniques. By contrast, midsize and small audit firms continue to employ more traditional audit tools and techniques. To the extent we consider future changes to our standards, we will need to take account of the distinctions in the marketplace. We will continue to monitor this area aggressively with intent to stay ahead of the curve. One way we are doing so is by relying on the input from our own data and technology task force.
Internally, we’ve also begun to make changes for our own data and technology strategy. This year, we hired our first-ever chief data officer and subsequently appointed him to serve also as our director of information technology. He is responsible for defining our data technology strategy, determining the resources we need to implement it, and then spear-heading the implementation across the various PCAOB divisions and offices. To be candid, we are far behind where we should be in these areas, and I look forward to advancing the ball as quickly as we can over the coming years.
Engagement and Outreach
I’ll turn now to our goal of enhancing transparency and accessibility through expanded engagement and outreach to our stakeholders. For the first time ever, we hired a stakeholder liaison to lead our out-reach efforts to investors, audit committees, and preparers. Ms. Erin Dwyer is serving as a direct point of contact and resource for these stakeholders and is actively implementing a new engagement strategy for us.
We have hosted a number of roundtables for investors and audit committees. We are encouraged by the attendance at these events, as well as the enthusiasm shown by the investors and audit committee members who have attended. We expect to host more of these events in 2020 to continue this important dialogue.
In addition to the roundtables, we’re also ramping up our presence at other relevant events. Over the last several months, the PCAOB has been present at events attended by more than 800 investors and 600 audit committee members. Our key take-away from our expanded outreach is that there continues to be a strong desire to interact more often and directly with us.
Aside from investors and audit committee members, we’ve also recently begun to improve our outreach to financial statement preparers, and we intend to focus further on that outreach in 2020. In short, we look forward to continuing to expand and improve our stakeholder engagement.
Technology advancements are not uniform across the audit marketplace. To the extent we consider future changes to our standards, we will need to take account of the distinctions in the marketplace.
Internal Improvements
Let me now turn briefly to some of our internal-facing efforts to improve the efficiency and effectiveness of the PCAOB itself. We identified a need to improve our operational excellence, and in response to that need, we created and filled some significant positions: a chief risk officer, a chief compliance officer, chief information security officer, and several experts in project and portfolio management.
After hiring our first chief risk officer, we launched the PCAOB’s first-ever enterprise risk management program this year. We developed formal plans and systems to identify and respond to business continuity concerns, as well as other security threats and incidents. And most recently, we developed a new suite of performance metrics that will assist us in measuring our progress toward completing our strategic goals.
In 2019, we drafted the PCAOB’s first-ever human capital strategic plan. We also launched a brand-new learning management system to assist our staff in their professional growth and development. Soon we expect to issue a new compensation and career progression philosophy to increase transparency and engagement with our employees.
We’ve also begun to revamp how we communicate internally. We hired an internal communications specialist and recently developed and launched the organization’s first internal communications plan, with an aim of communicating more often and more effectively with all PCAOB staff.
These are just a few of the examples of the dozens of initiatives we have underway to achieve operational excellence and to implement our strategic plan. Much more remains to be done, however. With high expectations, we expect to continue the hard work of transforming the PCAOB into a trusted leader.
Audience Q&A
Tom Ray, Baruch College:
I have two questions. One, you had a very significant amount of contact with the audit committee members and other investors. I wonder if you could give us a bit of insight on what you’ve heard from them. And the other, you’ve talked about the culture at the PCAOB and trying to change that. Maybe you could describe for us what culture you’re looking for.
William Duhnke:
You’ll see on the investor and audit committee members, it ranges anywhere from “PCAO-who?” to “Why don’t you talk to us more?” to pretty well-informed and sophisticated interactions, so it’s all across the board. On the investor side, I’d say we have a lot more of the “PCAO-who?” response. They’re not quite sure who we are, and if they’ve heard of us, they’re not quite sure what we do and how we do it.
We do spend some time talking about the basics. How do we inspect? How do we set standards? What are interactions with audit committees? They’re very interested in our interactions with audit committees, although we do have to remind them we do not have jurisdiction over audit committees. We do view them as a force multiplier for us, because they’re after the same thing we’re after—higher-quality audits. So we try to have that interaction to be pretty robust.
On the investor side, it’s a similar discussion when it comes to jurisdiction. It’s sometimes hard to separate the SEC from the PCAOB and what we each do, respectively, and we spend a lot of time explaining what we do. But I think over time, they’ll get more sophisticated about us and how we do our work.
Audit committees have a wide range as well, from the largest international corporations to smaller institutions. But all are very interested to know about our inspections activity. They’re very interested to see how we’re redoing the report format so it’s more readable and accessible.
Especially on the audit committees, they’re just happy to hear from us. Previously, the PCAOB was not very interactive, and now we’re being very proactive on our interactivity. I think they’re happy to see that we’re accessible and they can reach out and talk to us.
As far as internal culture goes, what we’re looking for is hard work and excellence. We have a large group of people who are hard workers and very excellent at what they’re doing, but after 15 years, the PCAOB developed its own internal culture, and I think the five board members have decided that it needs a refresh.
Steve Percoco, security analyst:
About a month ago, Arthur Levitt wrote an oped in The New York Times raising concerns that the PCAOB’s mission was being compromised. Could you address some of the concerns that former Chairman Levitt raised in that op-ed?
Duhnke:
I disagree with the vast majority of what former Chairman Levitt wrote. Our inspections ebb and flow slightly from year to year, so to make some sort of sweeping conclusion about our inspections being down is incorrect.
As far as quality control, we agree. We’re trying to move as quickly as possible on that front because we believe strongly that a focus on quality control is what’s going to generate the preventative model that we’re seeking. We’re not only focusing internally on our own standards setting, but also working closely with firms about how they’re implementing it.
We’re changing the way the organization is structured. We’re changing the staff running the operation. We’re seeking a different culture and a different approach to be more effective. And for some people, that’s not what they’re seeking, and so I think what you see in some of the press articles is that response. But that’s not what’s happening inside. That’s not the response I’m getting from our people internally. Everybody has their own motivations, but our motivation is to increase audit quality, and the only way we’re going to do that is changing the way we’re doing things because we’re not increasing it by doing it the way we’ve always been doing it.
Douglas Carmichael, moderator:
What kinds of changes can people expect to see in the new inspection reports?
Duhnke:
Definitely a format change. They’re going to be shorter. They’re going to be less verbose. They’re hopefully going to be clearer and more concise. We’re also, to the extent that it’s helpful, going to use more graphics, numbers, and tables to give people a better sense of what we’re finding. You’re going to see a different way of talking about the findings we make; hopefully that will be clearer and more decipherable to the readers.
Carmichael:
I also have a question on the inspections quality group. What’s going to happen if they find a problem or a deficiency in the inspections?
Duhnke:
If they find a deficiency, we’ll deal with it in the context of what they found. The group was set up as an internal review of how we’re doing our work, how we’re implementing our methodologies, and how we’re carrying out our processes and our approach to inspections. And we’ve learned a lot from their results.
I think the short answer is, if deficiencies are identified, they’ll be expressed just like they always are. But internally, the more significant finding is that we need to be better at being consistent across our inspections profile. What we found is you can be in one firm and have one experience, and you can be in a different firm and have a completely different experience. It shouldn’t be that way. In addition, I expect you’ll see a more significant focus on the way we train and monitor our own implementation of our training.
Carmichael:
One innovation in inspections has been targeted procedures across firms. What did you learn from that? What can we expect to see in the future?
Duhnke:
We’re still in the process of putting together what we’ve learned from that. In this particular instance, this is the first time we’re doing it, so not only are we putting together the findings and conclusions, but we’re also trying to evaluate the value of that effort and how we can increase it. But we’ve definitely determined that it’s useful to have that cross-firm view of topics, as opposed to engagement-specific inspections, and we’re going to continue that. As soon as we finish our work, we’ll try to publish what we find.