About the Panelists
The panel featured Marc Panucci, CPA, deputy chief accountant of the Office of the Chief Accountant, SEC; Megan Zietsman, CPA, the chief auditor and director of professional standards, Office of the Chief Auditor, PCAOB; Tom Seidenstein, chair of the International Auditing and Assurance Standards Board (IAASB); Mike Santay, CPA, chair of the AICPA’s Auditing Standards Board (ASB); and Noel Allen, JD, outside legal counsel for the National Association of State Boards of Accountancy (NASBA). The panel was moderated by Douglas Carmichael, PhD, CPA, the Claire and Eli Mason Professor of Accountancy at Baruch College.
Each panelist presented some brief introductory remarks before a panel discussion featuring each of the panelists. The following is an edited and condensed transcription of those remarks and an edited and condensed summary of the ensuing panel discussion.
Marc Panucci, Introductory Remarks
The topics I wanted to touch on were, first, the Office of the Chief Accountant’s [OCA] perspective on some of the changes at the PCAOB and how they are impacting audit quality. The next topic would be critical audit matters and the OCA’s perspective around the implementation efforts. Then, independence—we’ve had some activity from a rule-making perspective and staff guidance—and then the last topic, internal controls over financial reporting [ICFR].
I work in the Professional Practice Group of the OCA. One of the things we do, and a lot of our focus, is assisting the SEC in the oversight of the PCAOB. It’s been about one year since the PCAOB issued its strategic plan under the new board. There are two broad areas where the PCAOB has made a lot of advancement. One is around outreach. I think we all agree, having outreach and focusing on getting feedback from stakeholders, and understanding what their questions and concerns are, can help focus your regulatory activities and improve audit quality.
The second area is something we’ve been talking a lot about over a number of years: how do you enhance preventive methods? At the OCA, we do that through our pre-filing consultations. The PCAOB has made a lot of progress in this area, and we’re already seeing the benefits. A good example is with critical audit matters.
We didn’t know where this would go when we encouraged dry runs, but audit firms embraced it. Management and audit committees really wanted to understand: How is the audit report going to change? How does that align with their financial reporting disclosures?
What we’re seeing from the dry run process, and now as people go live, is that the guidance is mitigating a lot of those concerns that we see in the standards-setting process. For example, we’re not hearing in any pervasive way that the auditor disclosing original information about the company is chilling the conversation with the audit committee.
How do we keep the momentum up? We’ve only had a limited number of filings, and obviously we’ve got more to come, and then we have the 2020 effective date. For those audits that are yet to come, we encourage the dry runs to continue. We really want to make sure that we get the feedback, because there might be different implementation questions.
The next topic I wanted to touch on was independence. In June, the SEC finalized its amendments to certain aspects of the loan rule. This was an area where we were seeing auditor independence evaluations, but they weren’t impacting objectivity and impartiality. When that’s occurring, you want to step back and say, is the rule really working as intended?
What was finalized is very similar to what was proposed, so what we did in the final amendments is provide additional clarity and guidance. But also, during that rulemaking process, we asked whether there should be other changes to the independence rules. We did get feedback, and our chairman has directed us to think about other recommendations. So the rule-making hasn’t stopped in that area.
The last topic I’ll touch on is ICFR, which will continue to be a focus area for us. We have seen improvements, but internal control continues to be one of those common audit deficiencies. One area where there’s a lot of benefit is when management promotes the benefits of internal controls. I don’t mean just the compliance aspect, but how it’s incorporated into the financial reporting process. For example, they’ll promote good controls even outside of ICFR, whether non-GAAP or other disclosures outside the financials. The more management can define up front its policy processes and controls, again with that preventive mindset, the more it can prevent material misstatements from occurring.
Megan Zietsman, Introductory Remarks
As many of you may know, I joined the PCAOB earlier this year, and it’s certainly been a busy year. I thought I’d briefly overview a couple of the key things.
First up is auditor reporting. The PCAOB has been deeply committed to supporting a successful implementation of these new requirements. We’ve done some of the things that Marc’s described in terms of trying to look for where guidance is needed. We’ve done the guidance, we’ve done a webinar, and we’ve continued to do a lot of outreach, not only to auditors, but also to audit committees and investors. We’ve also completed some initial inspections, and we’re going to be commencing more structured outreach to audit committees and investors. We’re also thinking about how to develop our inspection approach going forward. And we certainly have our ear to the ground to hear if there are things that the PCAOB needs to do in order to make this implementation successful.
Then I thought I’d say a few words around our estimates and specialist standards. They go into effect for 2020 audits. I can’t begin to highlight all the changes that are involved. In short, the new estimate standard replaces three existing auditing standards and puts everything into one overall risk-based approach that addresses all different types of estimates. It’s intended to focus auditors on that risk assessment process and encourage them to put in the effort commensurate with the risks identified. It does retain the three existing approaches that were in the old standards for substantively testing estimates, but it did enhance some of the requirements to include a bit more specificity. It also includes an Appendix A that provides some additional direction to auditors on auditing the fair value of financial instruments, particularly when pricing information is obtained from third parties, such as pricing services and broker-dealers.
With respect to specialists, we took the old specialist standard, which used to deal with both management’s use of a specialist and the auditor’s use of a specialist, and separated the pieces out. We now have new requirements that deal with the different types of specialists. There are some new requirements around evaluating the work of a company specialist, and then we’ve created a common supervisory approach to use for auditor-engaged and auditor-employed specialists, recognizing that obviously there are differences when the specialist is employed by the auditor’s firm as opposed to being separately engaged. These requirements are intended to be risk-based and scalable.
In late summer, we issued some awareness guidance on the related implementation pages on our website. There are four separate documents: an umbrella on auditing estimates, a dive into Appendix A on financial instruments, one that deals with supervising or using the work of an auditor specialist, and one that deals with using the work of a company specialist. Those do not necessarily contain anything that I would call interpretive or explanatory; they try to highlight the more important aspects and are intended to raise awareness.
We have plans to do some webinars in the early part of 2020. We’ve also been engaged in many different forums to figure out what questions are bubbling up. To date, we haven’t heard any questions that we haven’t been able to answer by pointing to the requirements in the standards or the release, but we understand that it’s still early. We’ll continue to monitor that and stand ready to think about what guidance we might need to provide to support the successful implementation of these standards.
I should also mention, we do have a separate workstream on the current expected credit loss [CECL] standard. We’ve had a lot of conversations with banking regulators, we’ve engaged with firms, and we’ve done some specific out-reach to smaller firms that have substantial banking practices. We’ll continue to monitor that and figure out whether we need guidance around the application of our new standards to CECL.
Data and technology is a research project that is very broad and very complex. Early on, it was decided to assemble a task force to help the PCAOB get knowledge about what is going on, what auditors are doing, and which things in the standards are not helpful or that could be set up in different ways to better encourage or support the use of technology.
We’ve worked with the task force to help us prioritize, and they told us data analytics, as used by auditors, and artificial intelligence. But that doesn’t mean that we are not also monitoring other evolving uses of technology, like cryptocurrency. We’ve also worked with the task force to take a deeper dive into our evidence and our risk assessment standards, with a view to thinking about which provisions could better use technology to drive quality.
In 2020, we will be diving into a deeper understanding of how auditors are using technology to respond to risk, and into those related standards. I think what we’ve heard so far is that the standards are not necessarily impeding the ability of firms to innovate and use technology. But on the other hand, they don’t encourage or illustrate how technology might be used in different ways, and they don’t point out what risks or pitfalls there might be. There is an acknowledgment that at some point there’s going to be a need to overhaul the standards. But we’re being quite cautious because we’re also hearing from other firms that there is still a need to preserve the traditional techniques.
The last project that I wanted to touch on is quality control, which is really important for us. We moved it from research to the standards-setting agenda this year. Clearly, the PCAOB standards are old. They haven’t been substantially overhauled since they were adopted as interim standards back when the PCAOB was established. For example, they don’t even take into account how technology is transforming not only how audits are being done, but how firms are using technology as part of quality control and broadly as part of running their businesses.
The standards also don’t even contemplate external regulation, as they were the old AICPA standards written when the PCAOB didn’t exist. They don’t contemplate or even acknowledge the really significant things that are going on in relation to external regulation and, for example, the significant investments that firms have been making around building out monitoring and remediation processes, and investing in governance and leadership.
We do know that the standards need to be updated. We do see the benefit of using a risk-based approach to these standards so they can be scalable, not just down, but up as well. And we see the importance of a robust monitoring and remediation component. That might sound familiar, because we’re not operating in a vacuum. We’ve been monitoring the IAASB’s project, we also understand that the registered firms that we regulate do audits in accordance with other standards. The next step is a concept release that we are preparing for the board to vote on, and that’s intended to seek input on the approach that we will take to overhauling our standards.
Tom Seidenstein, Introductory Remarks
Today, I thought I would give you a sense of the pressures that we at the IAASB face as a global standards setter, and how that may impact the U.S. environment. We’re working closely with the PCAOB, particularly on projects like quality management, it’s so important that we don’t have unnecessary divergences of our standards. Second, I thought I would talk about the strategy for dealing with the challenges that we face. And third, I’ll focus on our current work program, with a particular focus on our approved risk assessment standard, our quality management project, and our new priorities.
I’m very aware that, maybe more so outside the United States, the role of the profession and the standards that govern audit and assurance work is coming under real scrutiny. You can see that in the United Kingdom there are constant questions over the state of the audit profession right now, and there’s a parliamentary inquiry in Australia. These are both jurisdictions that adopt our standards.
We can’t be complacent. And that means we need a board that’s willing to confront the complexity of the standards, the impact of technology, the feedback that we’re getting from inspection regimes and regulatory regimes, and all the emerging public interest issues we’re seeing. How do we make sense of this? We’re in the process of approving our strategy and making sure that the public interest is at the core of everything we do. But also, we’re focused on our three strategic objectives.
I think we’re all used to the formal standards-setting process of today, which hasn’t changed much in the last several decades. It’s marked by long-duration projects and highly formalized procedures. I think those things all have to exist, but this formality favors those with time and resources to participate in the process, and it probably means that there are fewer people who do participate. And I think engagement is really important.
What I anticipate is moving to a more agile standards-setting process. This means more technology and collaborative tools to engage with stakeholders. We don’t really know how our standards are actually being used, at least at the IAASB. One of the things we’re talking about is the emergence of robust inspection regimes that provide meaningful data on how standards are performing. In my old life at the IFRS Foundation, I joked that with the three-legged stool between regulators, auditors and audit standards, and accountants and accounting standards setters, sometimes the legs attach to three different stools. That’s not fair; we interact a lot. But I think in a world in which we’re getting feedback all the time, we could be much more targeted and improve our standards more rapidly.
The role of the profession and the standards that govern audit and assurance work is coming under real scrutiny.
Finally, we need a work program that completes some of our foundational efforts to enhance audit quality so we can move on to other topics. This is the work program the board has on its agenda, and that I effectively inherited. Many of these projects that we list today were efforts to improve the foundations of audit quality and the International Standards on Auditing (ISA). We’re committed to getting these projects done in the next couple of years, and I want to highlight a few that probably will have an impact in the U.S. environment.
ISA 315, identifying and assessing risk of material misstatement, which is effectively the core of audit work, was approved by the board in September. For us, this is a big step forward. It introduced many important new concepts, including inherent risk factors, spectrum of risk, relevant assertions, and significant class of transactions. These will help auditors identify and assess the risk of material misstatement. I think the standard’s also notable in that we’re beginning to address the impact of technology. It will likely lead to a more focused response, which would be in ISA 330, which will probably come under review in the not-so-distant future.
The next project I want to focus on is our quality management (QM) standards. We put out three proposals early in 2019. We’re in the process of reviewing and addressing the comment letters. QM is a change in verbiage from quality control, because we view it as a much more iterative process. We’re doing this because there are concerns about audit quality globally. Expectations of stakeholders to ensure quality as part of the firm’s strategy, and under the iterative basis, have grown. And there are issues of scalability and complexity about the existing standard, both upward and downward. We’ve adopted a risk-based approach to ensure proactive management of quality and continual improvement to ensure that the standards are adaptable to future circumstances and scalable. Our goal is also to have a more integrated system. Quality control is an issue of compliance, but it’s also an issue of strategy. It’s embedded in the governance and leadership of the firm, in the culture.
I’m thrilled that Megan’s participating in the process, and we have active participation from all U.S. stakeholders. We’re committed to making sure that we don’t diverge, because having two systems globally will not be useful.
Let me wrap up with a few other things that are on our agenda. We get complaints all over the world about complexity of standards setting. But the reality is that this part of the economy is highly complex and probably needs complex standards. Eighty-five percent of the economy is small and medium enterprises. How do you manage that standards-setting environment where you’re trying to serve both?
We put out a consultation document to deal with less complex entities and audits of less complex entities. Do we need a separate standard for less complex entities? Do we need more guidance or do we have to write the standards in a different way so that they are scalable? My commitment right now is that we have to set a clear path forward. This isn’t a question of endless debate.
When I’m in Europe, and maybe here as well, the two issues that come up most often are going concern and fraud. We will be tackling them. We’re in the process of researching the right steps forward and the scope.
Hopefully when we get done with my three-year term, you will see a board that remains highly responsive to public interest issues and has innovated in such a way in that people have greater trust in the quality of international standards.
Mike Santay, Introductory Remarks
I’ll run through our projects fairly quickly. At the Auditing Standards Board [ASB], we look to converge. We look at international convergence with the IAASB, and also at minimizing the differences between our standards with the PCAOB, because we recognize that many firms do both public and private company audits. We also look at whether there are specific nonissuer quality or practice issues in the U.S. that the board needs to consider. Finally, we look at whether we are sufficiently forward-looking in adapting to changes in the business environment.
On recently issued standards, I think the challenge is making sure that people don’t forget that we changed the auditor report for nonissuers. That’ll be effective for next year. The form of the report was revised, similar to what the IAASB and the PCAOB did. We wanted to do a “big bang” of effective changes, so we didn’t allow for early adoption. We did not require key audit matters for nonissuers. There is a standard that would support the reporting on those if the auditor’s engaged to report on them, but they’re not required for nonissuers.
A few other standards we changed—mainly on convergence and auditing disclosures—including an IAASB project to enhance auditors’ work on disclosures and a collective look at some of the PCAOB standards that came out on audit committees, related parties, and supplemental information. We’ve adapted and revised the standards to adopt some of the changes the PCAOB made—those are Auditing Standards [AS] 16, 17, and 18. We converged as best we could with where the IAASB and PCAOB standards were.
We also just recently approved materiality. The definition of materiality is basically linked to the question, “Would a matter affect a reasonable user of the standards?” It doesn’t sound too different from the current definition, but the words are a bit different, and we felt jurisdictionally we should align with where FASB and the PCAOB are.
We also voted out a new agreed-upon procedures [AUP] standard. This is, for those of you who play in this arena, going to be life-changing a bit, because we’re allowing for a general-use AUP report. That hasn’t been published yet. When we think about adapting to current practices and what would be beneficial, both from a public interest perspective and also from a perspective of firms having more flexibility in what they report on, we think these are positive changes. And I know the IAASB has an AUP standard that they’re also looking to approve next week, so I think we’re fairly converged with that.
As to things that we’re working on, the first would be audit evidence. We’re forward-looking on proposed changes to what we mean by “sufficient appropriate audit evidence.” The board issued an exposure draft on this, and we got a lot of comments. The primary objectives were to examine questions like: How are we thinking about changes to technology? How are businesses processing transactions? How are firms auditing? What audit techniques are being used, and how do we need to think about what persuasive audit evidence really means? Are there technology platforms that we can use to refine our risk assessments to test better? I think it’s more of a mindset change than an audit change.
Also, we tried to flow through the standard some of the work that’s being done around skepticism, and places where we can encourage more skepticism, similar to what the estimate standard has done. We’re looking to a final vote on that next year.
We also have some conforming amendments, because when you change the auditor’s report, there are a lot of standards that have sample reports in them and requirements about what they look like. We had to look at the special-purpose frameworks. We looked to change the reporting on an element, as well as the interim review report, the integrated audit report that some nonissuers do, and compliance frameworks.
One last thing: we did our own strategy consultation, and that’s out there for comment right now. Some of the elements of what we’re trying to do include questions like, how are we doing with stakeholder outreach? How could we do better with implementation review? For nonissuers, do we need more feedback on the impact of our standards, or where we need to focus more in the nonissuer world? Hopefully we’ll get some good feedback on that.
We’re also looking at exams and reviews, where the attestation standards come into play. We’re starting to see more sustainability reporting, and the possible need for assurance over that, so we really looked hard at this. You start to get outside of the basic financial reporting processes. Right now, in assertions required, management needs to go first. Is there an opportunity for the auditor to just report on a subject matter and the criteria at a company, and not require an assertion? The IAASB has that in ISAE 3000 under direct engagements. I think there are different uses for that, but I don’t think it’s as prevalent.
We broke estimates into two phases, practically. Things like pricing sources, auditing investments, and fair value are a bit of a different animal for nonissuers. We took that and bundled it with the specialist standard that the PCAOB has adopted, because they go hand in hand.
The IAASB has had an approved standard on noncompliance with laws and regulations [NOCLAR] for a few years now. We have been discussing the impact of that in the context of or state board rules and AICPA confidentiality rules. It gets a bit complicated with respect to what auditors should be required to report in a NOCLAR. We have a project proposal to pick up from an ASB perspective, particularly focusing on communications between successor and predecessor auditors. I’m sure we’re going to have some really interesting board discussions on that one.
The challenge of the profession is to imagine the direction of what constitutes real progress and how to accomplish that on a timely basis.
The last one is special-purpose frameworks. We are in a fair presentation world. When we issue an audit report, it has a fair presentation framework. But is there a window where we can adopt a compliance framework that makes sense, that doesn’t get abused in the U.S.?
We are also tracking some big-ticket projects, including fundamental changes to risk assessment. We’ve been monitoring the IAASB project, and we think that we’re going to have an exposure draft on risk assessment in 2020. Quality control is a hugely significant project, and especially impactful on smaller firms. We are very much engaged in what the IAASB is doing, and we’ll have our own exposure drafts as this project starts to finalize. Group audits is another project that’s on the docket.
I want to finish with a book by Leonard Spacek, In Search of Fairness in Financial Reporting to the Public. I have this book on my desk, and one of the things that he says in the foreword is, “A profession has a responsibility irrespective of public opinion, government fiat, and current practice to look ahead, to see what the problems will be and how they should be resolved in advance. Real progress is not the acceptance of comfortable evolution. It is evolution under pressure to move faster. The responsibility to perform this function, to educate the public properly, is ours as professional leaders, even though the burden of not moving fast enough falls heavier on the leaders than on the laggards.”
That resonated with me when Tom was talking about the challenges that the IAASB is facing. Searching for fairness is not easy. Opinions on what is the real purpose and how to measure it are difficult and widespread. As accountants, we like to anchor to what has worked, or what we think is working. The challenge of the profession is to imagine the direction of what constitutes real progress and how to accomplish that on a timely basis. It’s important for all of us stakeholders to work together on that. I’m hopeful we’re working to make the kind of progress that Spacek envisioned.
Noel Allen, Introductory Remarks
There are several fronts that NASBA and the state boards have been working with over the past year. We recently concluded a letter of intent toward a mutual recognition agreement with South Africa. NASBA, along with the AICPA, worked together in entering into mutual recognition agreements to make it possible for professionals who come from one country to the other without having to completely comply with all local registration requirements.
NASBA’s also primarily responsible for the model rules, and in that arena, one of the recent changes is allowing for continuous testing for the CPA exam. There are also new rules with regard to continuing professional education, recognizing “nanolearning,” and a number of other modernizations, as well as rules with regard to peer review, in particular enhancing transparency.
Together with the AICPA, work on the Uniform Accountancy Act continues. Of course, the NOCLAR issue is there on the table. The ASB is playing an important part in contributing to that, as well as international standards, working toward trying to have a practical solution that works at the state level. A lot of these things, like the confidentiality obligations, are actually a function of state law or state rules, and they have to be implemented with that in mind. If you violate the confidentiality obligation that you have under a state law, you’ve violated confidentiality, even if it otherwise looks like a good idea under NOCLAR. We’re working on ironing out some of those challenges.
Also under the auspices of the Uniform Accountancy Act, we’re looking at requiring additional experience for those who are managing or directly responsible for audits and attest work. This would not be part of the credential for licensing, but it would be part of that requisite experience or requisite competency.
NASBA and the state boards are also working in a broad effort to get more consistent state-by-state adoption by reference of the AICPA’s Code of Professional Conduct. It’s an imperfect proposition at this point, but at least a lot of progress has been made. We refer to applicable standards, be they ASB, SEC, PCAOB, or IAASB. Those are still, by and large, implemented not by contract as much as by state regulation. You get your license from the state, and you can lose it if you violate applicable standards. And that’s where the adoption by reference comes into play.
Unfortunately, for some states, that can be a two- or three-year process. By the time the exposure has gone around, been approved, and the standard adopted, we still are two years away from it becoming an effective rule at the state level. Some states allow evergreen standards, but many states require you to adopt each new one as it occurs.
In other categories, NASBA has devoted a considerable amount of effort and time to working with and directly assisting state boards. This is an era of broad antiregulatory sentiment; in a couple of instances, the states were proposing that anyone can do everything that a CPA does except call themselves a CPA. NASBA has worked at each state level to minimize those sorts of anti–consumer protection type of changes.
NASBA also submits comment letters with regard to the exposure drafts that are coming out, taking a position, and trying to offer a perspective on state regulation and consumer protection. At the same time, there is a continued initiative with regard to increasing diversity, not only in the profession, but also among the state boards and regulators themselves.
Finally [there] is the evolution of the CPA and the profession, with a thought toward broadening who comes in and how they get there, whether it’s having some core parts of the exam with expanded optional parts, or other experience models to be a CPA. We want to ensure that there’s that same commitment to quality, but at the same time acknowledge that the profession is changing, the regulation is changing, and there’s a greater need for technology expertise. I think this is an exciting new initiative, and we’re working with AICPA on this.
Megan, I know the PCAOB is going to be issuing a concept release on quality control. Why are you doing that instead of going ahead with the standard?
The project’s been around for a long time. The board realizes that the world is moving on, and that the IAASB has been making a significant amount of progress in terms of overhauling its standards.
We do think it’s important that we go into the proposal as informed as we can be in terms of the approach we should take, and how we might deal with specific things that are unique to our environment. We could go straight to a proposal, but that would take longer, and then the risk is, if we have chosen an approach that ultimately doesn’t land well, we’ve spent a lot of time to develop something that we’re going to have to redo. There’s no guarantee that by trying to seek early input, we avoid having to go through rounds of re-proposal. But I think the idea is that then we have a better chance of expediting the process.
Another big thing that we will use the concept release for is to gather input on things that we should be taking into account for our economic analysis. In essence, the economic analysis consists of four key things: describing the need for the rule, developing the baseline for measuring the rule’s impacts, considering reasonable alternatives, and analyzing the economic impacts of the standard and the alternatives. The concept release provides the opportunity to seek additional input, which then enables us to build out the analysis that would support the proposal.
Quality control has been a focus of inspections. Are there particular things you’ve learned from that inspection process that you’re going to focus on in the concept release?
Of course. A lot of information comes to the standards-setting group from the activities of our inspectors. The board does obviously strongly believe that a strong system of quality control is foundational to the performance of quality audits. If all you’re trying to do is to fix discrete problems on discrete engagements, it’s like Whac-A-Mole. The way to get to the root causes is to actually get into the way in which the firm manages its systems.
We’re learning a lot about what the firms are doing. Like I mentioned, the PCAOB standards are pretty old; they don’t even contemplate external regulation. As a result of adapting to being regulated, firms have invested a tremendous amount of time, effort, and energy in the monitoring and remediation processes and root cause analysis.
The PCAOB standards are pretty old; they don’t even contemplate external regulation.
The last things I would mention are the importance of governance and leadership as the foundation for the system. That’s not really something that’s captured well in the standard, but we’re using what we’re learning to inform what we might think about in a future standard.
The IAASB and the ASB have projects on quality control. To what extent is there going to be any convergence?
Our hope is that we are converged to an outcome that’s useful for the world, because we don’t want to have multiple systems. Of course, we’re three independent standards-setting boards, but I would also assume that the PCAOB and ASB are closely monitoring our consultation process. But there is a lot of pressure globally for us to finalize these standards. There is no end destination in standards setting. We’re all seeking perfection, but there won’t be an endpoint. At some point, we’ll reach a conclusion, and we’ll continue to improve going forward.
This is why it’s important for us at the ASB to engage in what the IAASB is doing. I think we have been actively involved in monitoring. We provided comment letters. Bob Dohrer, our chief auditor at the ASB, is an IAASB board member. We’re very much engaged in the direction of the quality management project. I can’t speak for the whole board, but from a framework perspective, I think we get it. I think the challenge is going to be the implementation, and taking a fairly static process for many firms and flipping that.
Marc, do you have any views on the importance of quality control?
We certainly support the PCAOB from an inspection process, focusing on the quality controls, because I think the more firms can make those enhancements and think about it from a quality control perspective, like Megan said, something will come up.
Those engagement inspections will continue. But are there ways to enhance those quality controls to help prevent those violations from occurring in the first place? From our perspective, it starts with quality controls, when you think about building that foundation and having a high-quality audit.
Megan, you said you hadn’t received too many questions on estimates and specialists, but what kinds of questions have you received?
I think the majority of the questions we’ve heard so far have been related to things that are in the rule or that we can answer by pointing to the release. I would encourage everybody to think about this sooner rather than later, given that the standards are about to go into effect, and let us know if there are things that you’re struggling with.
Do you have any tips for people on implementing the new standard and particular things to watch out for?
If you haven’t already, it would be a good idea to start getting familiar with the new requirements. A lot of what’s in these new standards, to varying degrees, are things that are already in place in firms, but not all firms are at the same place. But I think it is important to make sure that staff are properly trained.
One of the most important aspects of both of the new sets of standards is that they put a significant emphasis on risk assessment; that really forms the foundation for what comes afterwards. And, clearly, risk assessment doesn’t come at the end of the audit, it comes at the beginning.
The AICPA standards actually have quite a bit on auditing level 3 investments, although they don’t call it that. Mike, what can we expect to see in the future?
What we’ve looked at to start with is the exposure draft focused on the estimate standard that both the PCAOB and the IAASB adopted. We’re just getting through comment letters now, and we’re looking at starting with the IAASB as the framework, and then bringing in some of the PCAOB requirements.
Our exposure draft looked at a section in the AICPA standards, AU-C 501, where there were some specific requirements about auditing fair value. Rather than keep those and try and beef them up to address some of the changes in the estimate standard, we took a lot of that guidance and moved it as application guidance into this proposal. We tried to put it in the context of the overall audit estimate standard.
What we left in 501, we want to look at. We’re trying to take this appendix and the pricing source that the PCAOB adopted and get more feedback. We’re forming a task force to look at that and how those are addressed in nonissuers. Because we think the risks are different. Will we come up with a separate standard? Maybe. There’s an audit guide out there on auditing financial instruments that we’re not sure is being used. Would some guidance be better positioned in an audit guide? We’re looking into it.
You forget, when you’ve had 10 years of expansion, that life is good in the valuing-of-investments world, and it’s a little bit easier than it was when the turmoil started with the financial crisis.
It’s a very important area. You forget, when you’ve had 10 years of expansion, that life is good in the valuing-of-investments world, and it’s a little bit easier than it was when the turmoil started with the financial crisis. I think the challenges that drove a lot of those projects forward haven’t been around in a little bit, but that’s not to say that they won’t be around soon.
The AICPA has a very good accounting and valuation guide, but the audit guidance could be beefed up. Have you thought about melding those together?
That’s part of the challenge. We’re asking some of our board members, “Are you using these guides? Are they helpful? Should we just keep it as accounting? Do we need to beef up the auditing?” And that was part of not slowing down the overall estimates project. That’s why we split this up, so we could focus on it in the context of the guides as well as the standards.
There’s quite a bit of new guidance on using specialists. Have you thought any about doing anything to bring more focus to specialists having an “audit attitude”?
It’s a good question, and an important one as it relates to an audit team saying, “Oh, I got my valuation specialist.” They throw it over the fence, the specialist does some work on it and sends a report back, and the team says, “We’re done,” without really digging in on whether they had the right specialists with the right background. The AICPA’s been working toward getting more consistency in the application of those, and I think that’s a work in process.
Megan, I have a few questions related to some comments you made about the preexisting standards that were adopted back in 2003. I wondered if you could elaborate. What of the current standards do you regard as deficient? Are you going to be issuing a concept release on overhauling the standards? What are your plans, and what should we look for?
The PCAOB standards are a bit of a hodgepodge of old things and new things, and obviously, the process to pull them together was more of a reorganization than a codification. We do have active projects on our research agenda to look at things like the loss in reg standards, other information, going concern, those kinds of things. I’ve been working on trying to see exactly where those projects are, and we certainly will be engaging with our board to figure out what the next steps are.
I think the idea is that we would try to clean off the projects we have on the respective agendas, and then think more broadly about what do we do with what is left. But I think it’s really early at the moment, so I can’t talk too specifically or definitively about exactly what we might do or when that might happen.
What’s going to happen with the going concern standard?
I can’t really answer that other than to say we are continuing to look at how that standard has been applied, how the staff guidance that was issued some years ago is being applied, what is in practice happening, and what our inspectors are seeing. That remains an active consideration.
I will also say that we have been monitoring going concern activities around the world, and clearly in the U.K. in particular, with the new standard that the FRC approved earlier this year. All of that factors into what we might ultimately do.
This question is for the PCAOB and the SEC: Are there any considerations you’re giving to try to reduce the number of material weaknesses being reported, whether through quality control standards or other activities?
I think when you look at the history of reporting material weaknesses, it seems like the only time a material weakness was reported was when there was a material misstatement. And so there was a lot of discussion of whether there was underreporting of material weaknesses occurring.
Now, I think, we have seen improvement. People do realize you have to think about that magnitude analysis when you have a control deficiency, and what is reasonably possible. And quite honestly, at least in my experience, when there is a material weakness, management takes a step back and says, “You know what? We just didn’t have a control designed to mitigate against that risk.” A lot of times, it’s a design failure compared to an operating effectiveness failure. And I’m not sure there’s a whole lot you can do from a guidance perspective, because that really gets to management’s risk assessment process and the design of their controls.
I’m not sure I have too much more to add, other than I don’t think it’s the auditor’s job to eliminate or reduce material weaknesses. But I think in the whole area of internal control, a tremendous amount has clearly happened. I think that there have been significant enhancements in internal control from the preparer side, and auditors have gotten a lot better in terms of thinking about how to audit controls.