The keynote speaker at the conference was PCAOB Chair Erica Y. Williams. Williams was sworn in as the chair in January 2022, coming from Kirkland & Ellis, where she was a litigation partner. Previously she was a special advisor and associate counsel to President Obama. Before becoming chair, Williams spent 11 years at the SEC serving as deputy chief of staff. The following is an edited and condensed transcript of Chair Williams’s conversation with Paquita Davis–Friday, senior associate dean and professor in the Zicklin School of Business at Baruch College, New York, N.Y. The views expressed are her own and not necessarily those of the PCAOB, other board members, or the staff.
Erica Williams: Everything we do at the PCAOB is driven by our mission to protect investors, and by investors we mean people. Whether that’s workers saving for retirement, families saving for college, or anyone who depends on the integrity of the U.S. capital markets.
The board has set four strategic goals: one modernizing our standards, two enhancing our inspections, three strengthening our enforcement, and four improving our organizational effectiveness.
Inspections and Enforcement
We’ve made significant progress over this past year. For example, our Inspections division has inspected audit firms in more than 30 jurisdictions across the globe, and they recently conducted groundbreaking onsite inspections of firms headquartered in mainland China and Hong Kong. Their work is ongoing. In December, the PCAOB will make determinations as to whether authorities in China have allowed us to inspect and investigate completely for the first time in more than a decade, or whether they have continued to obstruct.
Congress sent a clear message when it passed the Holding Foreign Companies Accountable Act that access to U.S. markets is a privilege, not a right. The PCAOB will accept nothing less than complete access when we make our determinations.
At the same time, this board is approaching enforcement with renewed vigilance. We are rethinking how we identify cases, the type of cases we pursue, and the sanctions we impose.
We’ve more than tripled the dollar amount of penalties imposed against individuals in 2022 as compared to each of the past five years. Over that same period, we’ve quadrupled the average penalty against firms in cases where firms fail to meet PCAOB reporting requirements, and we’ve increased the average penalties against firms and all other cases by about 50%. In the past five years, the PCAOB assessed penalties against individuals less than half the time and firms only about 86% of the time—this year, it’s 100%.
Those who break the rules should know we won’t be constrained by the types of cases the PCAOB has pursued in the past. We won’t be limited to the level of penalties that have been previously assessed.
We’ve taken several steps to improve our organizational effectiveness, including reimagining our approach to stakeholder engagement. As a board, we established two new advisory groups: The Investor Advisory Group and the Standards and Emerging Issues Advisory Group. Both groups bring together extraordinary experts from across the world of auditing and financial reporting. We’ve elevated the voice of our investors by hiring the first ever investor advocate. And we’ve hired a stakeholder liaison to focus on outreach, Todd Cranford.
Those who break the rules should know we won’t be constrained by the types of cases the PCAOB has pursued in the past.
Standards Setting: Quality Control
We are pursuing one of the most ambitious standards setting agendas in PCAOB history, and that is where I would like to focus today.
When the PCAOB was first getting off the ground in 2003, it adopted existing standards on what was intended to be an interim basis. Twenty years later, far too many of those interim standards remain unchanged. But our capital markets don’t stand still. Practices change, technology advances relentlessly. To keep investors protected, our standards must keep up.
Less than a year into this board’s term, we are actively working to update more than 30 standards within 10 standard setting projects. Just before Thanksgiving, the board issued a new quality control standard for public comment. I called it a watershed moment for the PCAOB, and I believe it will improve audit quality because quality control systems lay the very foundation for how firms approach audits.
I want to be clear at the outset that we’ve seen solid evidence of progress over time. We’ve seen significant drop in QC deficiencies from 2011 to 2020. It is also clear that progress has been uneven. Our inspectors continue to find deficiencies related to engagement, performance, independence, personnel management, and other areas.
Violations of QC standards were part of the PCAOB’s largest ever civil penalty, our $8 million settlement with Deloitte Brazil in 2016. More recently, in cases related to inadequate quality control, the board has assessed close to $2 million in penalties and other sanctions over the past 11 months.
Let me be clear: If firms can’t reasonably expect to complete audits with professional competence, they should not undertake those engagements in the first place.
A review of academic research suggests some of the greatest threats to quality control are fueled by profit. For example, studies have found that some firms’ partners reward systems may prioritize revenue generation over professional competency. Researchers have also studied the impact of cost cutting. In one study, some audit staff reported working as many as 20 hours per week past the threshold where they felt audit quality began to deteriorate. Some research suggests that certain partners or offices may depend commercially on significant clients; so, to retain those clients, they may be willing to take risks that the firm as a whole would not.
Quality control is complex. To ensure investors are protected, we have to get the standard right. As with any standards-setting project, we ask two questions: What is needed to ensure that investors are best protected? And what changes are needed to achieve that goal?
For quality control, that starts with the risk-based approach. We know that risks vary from firm to firm, and effective QC Systems should too. A one-size-fits-all approach is not the best way to keep investors protected. The proposed standard requires all registered firms to identify their specific risks and design a QC System that includes policies and procedures to guard against those risks.
Firms that perform engagements such as audits for public companies or SEC-registered broker dealers would also be required to implement and operate their QC Systems to comply with the proposed standard, including executing the developed policies and procedures, monitoring the operation of the policies and procedures, and taking remedial actions where policies and procedures are not operating effectively.
The proposal would ensure accountability by requiring annual reporting on QC System effectiveness to audit committees of every issuer or broker-dealer client on a new Form QC to the PCAOB. Form QC must be personally certified by both the individual assigned ultimate responsibility and accountability for the firm’s QC System as a whole, and the individual assigned operational responsibility and accountability for the QC System. Simply designing elaborate processes on paper won’t be enough. Firm leadership will have a personal stake in delivering results and additional incentives to fix problems quickly.
Stakeholder input has been critical in developing this proposal. Like all of our standards-setting projects, our economic analysis team studied potential changes in the context of costs, benefits, and potential unintended consequences.
We also considered the QC Standards recently adopted by the International Auditing and Assurance Standards Board [IAASB] and the AICPA. While most risk-based systems share a similar structure, we are proposing several important requirements to go beyond their provisions to address the U.S. Regulatory environment, the needs and priorities of investors, and other PCAOB statutory mandates.
Unlike other organizations, the PCAOB standard was highly informed by our inspection data and observations. This information helped us to understand what’s going right and what’s going wrong with quality control at audit firms.
It just so happens that we were urged to take this view by two Baruch professors, Douglas Carmichael and Thomas Ray, in a 2020 comment letter on our QC Concept release. Doug and Tom suggested that we work closely with the inspectors and draw on their knowledge and experience. Putting all these ingredients together—strong use of inspection data, awareness of the economic and standard setting environment, stake-holder outreach, and economic analysis—I believe we got it right.
Our proposal sets out a standard that could be applied by firms of varying sizes and complexity. It provides a framework for a QC System that is grounded in proactively identifying and managing risk to quality. Then it sets up a feedback loop, one powered by ongoing monitoring that is designed to drive continuous improvement, and the reporting requirements foster accountability.
QC is foundational, but it is just one project on our agenda. We are also on track to issue a proposal on the confirmations project before the end of this year. Our confirmation standard, which addresses a process that touches nearly every audit, hasn’t been substantially changed since 2003. That’s unacceptable, because confirmation is a powerful means for auditors to obtain external evidence, and can be an important tool for auditors to address fraud risks.
We need to bring more young people into the field. We need to expand the diversity of young people who see accounting as a potential career path.
After confirmation, we are on track to issue several more proposals in 2023, updating our requirements in key areas that include illegal acts by clients, going concern, the PCAOB’s attestation standards, and topics addressed by our AS1000 series standards, such as due professional care. We also plan to issue a proposal on how our standards should be changed to address the design and performance of audit procedures using data analysis. In addition to everything I just mentioned, we also have four projects on our midterm standard setting agenda.
I am here today as the chair of the PCAOB, just two generations away from Alabama crop farmers. My grandmother kept her money under her mattress, because she didn’t trust the banks, let alone the stock market. When I became the first person in my family to go to law school, I chose to go into securities and enforcement. I wanted to go after cheaters, because I understood that in order to help people like my grandmother and my community build wealth, we first have to build trust in the capital markets. By holding wrongdoers accountable, I could help bolster the integrity and confidence in the financial system. Quality audits do the same.
The heart of what we do is about people. When we talk about protecting investors, we’re talking about people: workers saving for retirement, parents saving to help with tuition, and anyone who depends on the status of our capital markets to invest and pursue their version of the American dream. All of those people depend on quality, accurate audits to make decisions that impact their futures. So, don’t let anyone tell you accounting is boring. It’s all about people.
Thank you so much for your comments, and I’m thrilled that my colleagues were able to contribute to the QC Project.
As you know, FTX has been in the news recently. Just yesterday, BlockFi filed for Chapter 11 bankruptcy protection, and the SEC indicated that BlockFi securities probably should have been registered. However, neither of them is publicly traded, so they weren’t under the PCAOB’s jurisdiction. How is the PCAOB thinking about the impact of cryptocurrency on auditing in general?
Our team is constantly adjusting to be responsive to new and emerging risks across the globe, and our inspections team has prioritized inspections of audit engagements involving cryptocurrencies.
I want to offer a word of caution to investors about what it means to be registered with the PCAOB—and what it doesn’t mean.
As you point out, the PCAOB only has jurisdiction over the audits of public companies and broker dealers. FTX was not a public company, and therefore the PCAOB could not inspect its audits.
At the same time, FTX touted the use of auditors that were registered with the PCAOB. It’s important to understand that. PCAOB-registered firms only have to follow PCAOB standards and rules when they’re auditing public issuers or broker-dealers under our jurisdiction. We don’t have authority to inspect their audits of other clients like FTX, so we were not able to evaluate their work on those engagements, or hold them accountable for insufficient work.
We do, however, publish audit reports for audits those firms conduct that are under our jurisdiction, and those reports can inform investors about the quality of the work performed on those audits. I encourage all investors and audit committees to ask questions. If a firm touts itself is being PCAOB-registered, look at our inspection reports and be cautious about drawing conclusions where the PCAOB doesn’t have jurisdiction.
This is the 20th anniversary of the Sarbanes-Oxley Act [SOX]. What do you believe has been the PCAOB’s greatest contribution, and what work remains to be done?
There is no question that audit quality has improved over the last 20 years. Multiple academic studies have found that PCAOB inspections drive and improve audit quality both in the U.S. and other countries where the PCAOB has inspection access. Evidence shows that an increase in audit quality has bolstered investor confidence and the credibility of the financial reporting system.
There is actually a study that compares the market response to earnings announcements in 10-K filings before and after the PCAOB’s existence, and they found both stronger stock price reaction, and an increase in trading volume, following the creation of the PCAOB. This indicates that investors have more confidence in acting on the information that they’re receiving from financial reporting when they know the PCAOB is on the case. The authors of that study noted that their results show that the public audit oversight can enhance reporting credibility, and that credibility is priced into the capital markets. Continuing to strengthen that credibility is a top priority.
There is a lot that’s changed over the past 20 years, but our mission to protect investors remains the same. We do believe that there’s still room for improvement, which is why we are working to modernize our standards and enhance our inspections and straighten our enforcement.
Many of the standards you are looking to change haven’t been updated in nearly 20 years. Can you tell us about the process the PCOAB goes through when considering changes to the standards?
We always start with two questions: First, what is needed to ensure that investors are best protected, and what changes are needed to achieve that goal?
The answers are informed by a range of our activities, such as our oversight; our engagement with investors and other stake-holders, including through our advisory groups; discussions with the U.S. SEC staff; activities of other regulators and standards setters; and other relevant inputs and developments. When considering changes to our standards, it includes those inputs, but we also consider our economic analysis, and we analyze the potential impact of changes in the context of cost/benefits and possible unintended consequences. Each proposal or adopting release we issue includes an economic analysis that addresses each of those areas.
Our plan to modernize our standards does seem daunting, but I believe that we are up for the challenge. And I can’t say enough about the incredibly talented staff that we have working on these projects.
You referenced the PCAOB’s recent work to inspect and investigate Chinese firms. Can you share more about the work and the next steps?
Sure. The PCAOB inspects and investigates registered public accounting firms in more than 50 jurisdictions around the world. For more than a decade, our access to inspect and investigate registered public accounting firms in the People’s Republic of China and Hong Kong had been obstructed. So in 2020, Congress passed the Holding Foreign Companies Accountable Act [HFCAA]. It sent a strong message that access to the U.S. capital markets is a privilege, not a right.
Beginning in 2021, after three consecutive years of the PCAOB’s determination that positions taken by authorities in the People’s Republic of China obstructed the PCAOB’s ability to inspect or investigate registered public accounting firms in China and Hong Kong completely, the companies audited by those firms would be subject to a trading prohibition on the U.S. markets, and that trading prohibition would be imposed by the SEC.
In December 2021, the Board issued its first determination under the HFCAA. It stated that positions taken by authorities in the PRC prevented the PCAOB from inspecting, investigating completely in mainland China and Hong Kong. So in August of this year, after many months of negotiations, the PCAOB secured the most detailed and prescriptive agreement ever signed with Chinese authorities, guaranteeing complete access to inspections and investigations, at least on paper.
Then, in September, the PCAOB staff began actually conducting oversight activities with respect to firms in mainland China and Hong Kong, and we are now putting that agreement to the test. In the coming weeks, my board members and I will evaluate what we’ve learned during that onsite activity, and we will announce before the end of the year whether the 2021 HFCAA determination related to those firms in China and Hong Kong will be affirmed, modified, or vacated. I just want to be clear that U.S. law demands complete access, and we will accept nothing less when we are making our determination this year.
When you visited us in May, I asked if you believe major changes will be necessary to maintain audit quality, and you spoke about the QC Proposal. Now that you’ve had nearly a year under your belt, and the board has completed its strategic plan, how would you respond to that question?
With respect to whether major changes are needed: One of the things that hasn’t changed over the past 20 years is our core mission. Protecting investors was the reason the PCAOB was created and protecting investors is what drives everything we do today, and we are singularly focused on that mission. While it is true we have an ambitious agenda, we aren’t charting new territory; we’re just using the tools that Congress gave us to their highest and best purpose.
You also spoke about how the PCAOB is approaching enforcement with renewed vigilance. In light of your background as a litigator, why is this important?
I spent seven years as a trial attorney at the SEC. During that time, I literally spent hours on the phone talking to investors who had been scammed out of their life savings by crooks, and I carry those stories with me when I talk about protecting investors. We are safeguarding investors’ retirement, their children’s college fund, and their dreams.
That’s why we take enforcement so seriously. We can’t afford not to remove bad actors from the profession. Punishing wrong-doers is what protects investors, and it really promotes deterrence. Strengthening enforcement is a key focus for this board.
You also mentioned your family history and that you’re the first in your family to go to law school. You’re the first woman and person of color to chair the PCAOB as part of the most diverse board in PCAOB history. How would you say that diversity has impacted the work of the PCAOB?
I strongly believe that regulators should reflect the people we serve. I’m proud to serve alongside the most diverse board in the PCAOB history, and I really see every day how our diversity of backgrounds and perspectives makes us stronger, and ultimately serves us to better protect investors.
And I will say that diversity at the Board level isn’t enough. We’re also trying to use our influence to help improve diversity throughout the profession and within our own staff. Every single time I meet with a firm, one of the first questions I ask is what they’re doing to promote diversity in their workforce.
Within the PCAOB, we’ve started to take a number of initiatives. Number one, we reconstituted and reaffirmed our affinity, groups, and we’re in the process of creating our first ever Diversity Council. We have an intern program with competitive pay to make it possible for young professionals from all backgrounds to afford to take time away from school and intern with the PCAOB. We recently launched an honors program with the hopes of giving attorneys right out of law school or clerkships the opportunity to join the PCAOB. And then we reconstituted our advisory groups, and we deliberately sought out diverse voices to join.
Could you say more about what you are doing to increase the pipeline of people entering the profession, and what we might be able to do in academia and audit firms?
I’m really passionate about this. We need to bring more young people into the field. We need to expand the diversity of young people who see accounting as a potential career path. And so at the PCAOB, we’re working to do our part through our scholarship program.
This academic year, we awarded 250 students from colleges and universities in the U.S., $10,000 each to pursue accounting degrees. More than half of the scholarships in the last five years went to diverse applicants, and the scholarships really do make careers in auditing possible for the best and brightest students, no matter their background. And that’s our goal—the money that we collect from penalties and our enforcement proceedings go 100% to funding these scholarships.
We are always looking to partner with schools. We’re interested in students pursuing opportunities in public service. And we really just want to continue to increase that pipeline of folks entering the audit profession, and also entering into public service, such as at the PCAOB.
I think the PCAOB is a wonderful place to work. I can’t say enough about our talented and dedicated staff. Without them, we could not accomplish our mission.
We’re working hard to foster a diverse and inclusive workplace culture. I have personally met with every division and office at the PCAOB in what I call “a chat with the chair.” Those discussions have provided me an opportunity to engage directly with our team about how we can best support them. We’re continuing to make changes to radically improve our overall employee experience, and I’m dedicated to doing that.