The conference keynote was a prerecorded “fireside chat” with newly installed PCAOB chair Erica Y. Williams. Williams was sworn in as the chair of the PCAOB in January 2022, coming from Kirkland & Ellis, where she was a litigation partner. Previously she was a special advisor and associate counsel to President Obama, advising the President as his senior advisor on legal and constitutional issues. Before that, Williams spent 11 years at the SEC serving as deputy chief of staff. The following is an edited transcript of Chair Williams’s conversation with Paquita Davis–Friday, senior associate dean and professor in the Zicklin School of Business at Baruch College. The views expressed are her own and not necessarily those of the PCAOB, other board members, or the staff.
Paquita Davis-Friday: I want to begin with an update on some of the topics we’ve discussed in the past. My first question is: The last time we spoke, we noted that the number of enforcement actions and the magnitude of the penalties have both been trending upward. Has this trend continued? If so, to what do you attribute this pattern? Are PCAOB inspections increasingly effective? Have firms failed to improve the quality of their work? Or do individuals just continue to behave badly?
Chair Williams: In December, I challenged auditors to sharpen their focus and prioritize their efforts to increase audit quality and ensure investors are protected. We found that audits with part 1.A deficiencies increased 5% in our 2021 inspections, to 34%, compared to 29% in the 2020 inspections. And that means that a third of the audits we inspected had deficiencies of such significance that PCAOB staff believed that audit firms failed to obtain sufficient and appropriate audit evidence to support their opinions on the public company’s financial statements or internal controls over financial reporting.
Additionally, comment forms for both U.S. and non-U.S. firms increased further during our 2022 inspections. Now the final inspection reports for the 2022 inspections have not yet been released, but what we do know is that the comment forms usually result in inspection findings in our reports. That means the 2022 reports are likely to have even more deficiencies than the 2021 reports. Together, these facts present a really troubling warning sign.
While our 2023 inspections are well underway, it’s really too early to comment. But the good news is that auditors can take actions to reverse this troubling trend. And that’s why I called on audit firms to take actions necessary to improve audit quality, because at the end of the day quality audits protect people, and that’s what this is all about.
We’ll learn a lot more about the full picture for 2022 when our inspection reports will be released, which is later this year, and there’s no one-size-fits-all answer as to why deficiencies increased in 2021. The causes likely vary from firm to firm. Some firms, though, have told us that the combination of the COVID-19 pandemic, remote auditing, and the great resignation and war for talent made it difficult to remain to maintain stable audit teams and provide training to new hires. But these factors are no longer new, and no one really should be caught off guard by the challenges that they present.
Firms have a responsibility to design and implement solutions to restore and maintain audit quality—the fact that 34% of audits had at least one Part 1. A finding cannot be explained away by the pandemic, and some of the audit deficiencies identified have been recurring for many years, well before COVID-19. Those include auditor independence, which is a critical element of an audit firm’s quality control system and essential to an audit firm’s credibility with investors.
One of the other things that you asked me about was enforcement, so I’ll touch on that. The board and I have made strengthening enforcement a key goal in our strategic plan. As you noted, the PCAOB imposed the highest annual enforcement penalties ever in 2022, and we doubled the number of enforcement actions that we brought from the previous year.
The numbers in 2022 clearly speak for themselves. But there are a lot of different ways to measure success when it comes to stronger enforcement beyond just the overall numbers. Stronger enforcement could look like securing more admissions, not allowing indemnification, effectively using sweeps to protect investors, or pursuing different types of cases. This March, we announced an experienced prosecutor, Bob Rice, as our new enforcement director. Bob’s decades of experience holding wrongdoers accountable will be invaluable to our continued efforts to keep investors protected.
Those who break the rules should know that we won’t be constrained to the types of cases that we’ve brought in the past. And we won’t be limited to the number of penalties that have been assessed before, and they should know that we will seek admissions for wrong-doing in appropriate cases.
The PCAOB’s Agenda Priorities
Davis-Friday: When you assumed the role of chair at the beginning of last year, you set forth an aggressive agenda to modernize the PCAOB and update standards. How would you rate your progress to date?
Williams: Well, thanks to the incredible work of the PCAOB staff, we are making tremendous progress on modernizing and updating our standards to meet today’s challenges.
Last year, we moved forward with finalizing amendments related to the use of other auditors. We also proposed two standards that would replace existing standards. The first addresses confirmation. It’s a process that touches nearly every audit and can be critical tool to help auditors combat fraud and keep investors protected. The second addresses a firm’s system of quality control, which was a watershed moment for the PCAOB, because QC systems lay the very foundation for how firms approach audits.
In March, we issued proposed changes to modernize a suite of standards that address core auditing principles and responsibilities, and that suite is known as AS 1000. If it’s adopted, AS 1000 would reorganize and consolidate a group of standards that were adopted on an interim basis by the PCAOB in April 2003, and that addressed the core principles and responsibilities of an auditor, such as reasonable assurance, professional judgment, due professional care, and professional skepticism.
The proposal would also amend certain other standards that address responsibilities that are fundamental to the conduct of an audit. Among other changes, the amendments would first reinforce and clarify an engagement partner’s responsibility to exercise professional care related to supervision and review. And it will accelerate the documentation completion date by reducing the maximum period for an auditor to assemble and complete a final set of audit documentation from 45 days to 14 days.
Of course, while we have made significant progress, we also have a lot of work left to do. When the PCAOB was first getting off the ground, it adopted existing standards on what was intended to be an interim basis. Now, 20 years later, far too many of those interim standards remain unchanged. As this audience knows better than most, our capital markets don’t stand still. They evolve and grow. Practice changes. Technology advances relentlessly with the impact on financial reporting and auditing. To keep investors protected, our standards must keep up.
We are actively working to update more than 30 standards within 10 standards setting projects. And we are currently on track to issue more proposals in 2023, updating our requirements in key areas that include illegal acts by clients, going concern, and technology assisted data analysis. We have four projects on our midterm standards-setting agenda, and that means the staff is hard at work to advance standards setting for those projects, even if the board isn’t expected to take action in the next 12 months. Of course, we also have a separate research agenda, in addition to everything else I mentioned.
I’m very proud of the work of our team and the progress that we’ve made, and the work that we continue to do every day.
Davis-Friday: The PCAOB recently issued a publication highlighting your inspection priorities for 2023. Can you walk us through some of those priorities?
Williams: As we talked about a few minutes ago, increased deficiencies in 2021 inspections and increased comment forms in 2022 inspections really revealed what I call a troubling trend in audit quality, and we’re tackling that head-on in 2023.
Our inspection priorities are designed to stay ahead of new and emerging risks. They are also designed to hold firms accountable and drive improvement in audit quality for investors. That includes increasing focus on fraud, related audit procedures, continuing to prioritize risks related to material digital assets—also known as cryptocurrency—and continuing to select audits in the financial services sector for inspection.
The final inspection reports for the 2022 inspections have not yet been released, but what we do know is that the comment forms usually result in inspection findings in our reports. That means the 2022 reports are likely to have even more deficiencies than the 2021 reports. Together, these facts present a really troubling warning sign.
We will increase our focus on fraud-related audit procedures in accordance with all relevant standards, and we will look at how auditors identified and assessed risks of material misstatements due to fraud when planning and performing the audit.
We will continue to select 2022 fiscal year in audits of identified public companies and broker dealers with material digital assets. And we will continue selecting audits of public companies in the financial services sector that are potentially impacted by the risks of interest rates, inflation, uncertainty, volatility in the digital assets markets, and more.
Of course, these are just some of our priorities. We will also be looking at many other areas, including auditing and accounting risks, risk assessment and internal controls, broker-dealer–specific considerations, mergers and acquisitions, de-SPAC [Special Purpose Acquisition Companies] transactions, and the use of the work of other auditors, quality control, and even more. And we will expand the number of audits our inspectors review for certain annual firms.
We’re also going to continue supporting our target teams. These are teams of inspectors who execute in-depth reviews across audit firms each year. This year, they’re going to focus on audits that include the risk related to digital assets, first-year audits and multi-location audits, and significant or unusual events or transactions.
And of course, our inspection plans are meant to be nimble, so we can adapt if needed, if new risks emerge. Our spotlight publication that details our inspection priorities includes much more information along with helpful reminders for auditors. I encourage everyone to read it carefully.
Davis-Friday: Earlier this week, you announced new enhancements to make inspection reports more transparent. Can you share more about what those changes are and how the additional information will be useful for investors?
Williams: Our inspection reports provide valuable information to investors, audit committees, and others to help inform their decisions, and they help drive audit quality by shining a light on deficiencies.
The board is committed to getting those reports out faster and making them more transparent. To achieve that goal, the PCAOB had to first clear the backlog of reports from previous years. In 2022, the PCAOB issued 283 inspection reports, representing a 73% increase over 2021 and the most reports that PCAOB has approved in one year, leaving us well positioned to continue picking up speed and focus on increasing transparency.
This week’s announcement represents a significant step in that effort. For the first time, our reports will include a specific section on independence violations. This is something that we’ve heard directly from investors that they would find useful. The new enhancements also include more information on findings related to fraud procedures, and the identification and assessment of the risks of material misstatements; and additional commentary in Part 1.A, such as whether the audit was the firm’s first audit of an issue, or whether the firm had identified serious risk or fraud risk for areas in which the PCAOB inspection staff identified deficiencies. We also include new charts for annually inspected firms to clearly show firm and engagement partner tenure for public companies.
Holding Foreign Companies Accountable
Davis-Friday: During our last discussion, you mentioned the Holding Foreign Companies Accountable Act and the PCAOB’s efforts to inspect and investigate Chinese firms in particular. There have been some encouraging reports that the PCAOB has received complete access to audits of Chinese companies. Can you give us an update on the PCAOB inspections in mainland China, and what progress has been made, and what challenges remaining.
Williams: There is no question that investors are better protected today because we were able to force China to open up the books for the first time in history last year. I again want to thank Congress for passing the Holding Foreign Companies Accountable Act [HFCAA], and for shortening the time. The HFCAA gave us the leverage to force China to the table in 2022, but we must continue holding their feet to the fire, and the shortened timeline really gives us additional leverage to do that. Opening up China’s books last year was really only the beginning of our work to inspect and investigate in China. We are continuing to demand complete access, and we will act immediately to reconsider 2022’s determination should China obstruct, or otherwise fail to facilitate our access at any time.
I really want to emphasize that point. We do not have to wait until the end of the year to revisit our determination, and we will not hesitate to act if we need to. Our teams are already continuing to pursue investigations and make plans to resume regular inspections in 2023 and beyond when we made our announcement last year, and that work continues.
The firms we selected last year added 40% of the total market share of U.S. listed companies from Hong Kong and mainland China, and we are on track to inspect firms auditing 99% of the total market share by the end of this year.
As I’ve said, we will accept nothing less than complete access. The law requires no loopholes and no exceptions. At the same time, our staff is working hard to complete the 2022 inspection reports swiftly and thoroughly so we can share them with investors.
Preliminarily, I can say that the PCAOB staff have identified numerous potential deficiencies as part of their 2022 inspections, and any deficiencies are troubling. At the same time, it is not unexpected to find numerous deficiencies in jurisdictions that are being inspected for the first time, and the potential deficiencies identified by PCAOB staff in the firms in mainland China and Hong Kong are consistent with the types and number of findings that PCAOB has encountered in other first-time inspections across the world.
The fact that we found those potential deficiencies is a sign that the inspection process worked as it’s supposed to. And that is exactly why Congress passed the HFCAA in the first place—so we could open up the books, identify potential problems and begin the work of holding firms accountable to fix them. And that’s exactly what we’re doing.
Davis-Friday: Last week, the PCAOB issued guidance for auditors talking about the importance of professional competence and skepticism. Can you share what is meant by competence and skepticism, and why they are so crucial to audit quality?
Williams: Professional skepticism is an attitude that includes a questioning mind, and it is critical to planning and performing high-quality audits and ensuring investors are protected. To apply professional skepticism effectively, auditors should understand the business of the companies they are auditing and the business climate those companies operate in.
While an auditor specialist can assist an auditor in various aspects of an audit, the auditor is required to have sufficient knowledge of the subject matter being addressed to properly supervise the engagement. For example, an auditor must know enough to be able to communicate the objectives of the specialist’s work, determine whether that person’s procedures meet the auditor’s objectives, and evaluate the results of the person’s procedures.
Without the necessary expertise, firms should not accept the engagement. The recently released Auditor’s File library reminds auditors of the importance of critically assessing the firm’s capabilities, obtaining proper understanding of the company they are auditing, and performing work with due professional care and professional skepticism. Of course, these matters are particularly important in circumstances where changes to economic conditions or other factors affect the company.
Davis-Friday: When we last spoke, the big news item was the collapse of the FTX Cryptocurrency Exchange. FTX was not publicly traded, and therefore was outside of the PCAOB’s jurisdiction. Have there been any developments in how the PCAOB is thinking about the impact of cryptocurrency on financial reporting?
Williams: The PCAOB is committed to vigorously enforcing our standards wherever they apply. And as we discussed earlier, the PCAOB prioritizes inspections and enforcement actions, where appropriate, of audit engagements involving digital assets within our jurisdiction.
We created a target team of inspectors who focused specifically on emerging audit risks, including cryptocurrency. We will complete review procedures on selected audits of identified public companies with material digital assets. This supplemental work will provide further opportunities to consider an audit firm’s policies and procedures, including training, consultations, and the development of audit tools and techniques specific to digital assets.
At the same time, we are working to help educate investors about the PCAOB’s jurisdiction and what it means for an audit to be conducted under PCAOB Standards, so they are less likely to be misled. In fact, our newly created Office of the Investor Advocate issued its first-ever investor alert earlier this year, warning investors to exercise caution with “proof of reserve” reports that fall outside of the PCAOB’s jurisdiction.
Davis-Friday: The PCAOB does not have jurisdiction over every audit. How can you help the average consumer of financial information understand the difference between those that fall within the jurisdiction and those that don’t?
Williams: The PCAOB’s jurisdiction is spelled out in the Sarbanes-Oxley Act and the Exchange Act. Under the law, our authority extends to audits of public companies and certain SEC-registered broker-dealers. Within that jurisdiction, we have three key tools to protect investors. The first is standards. As we talked about earlier, the PCAOB is currently pursuing the most ambitious standards setting agenda in PCAOB history. The second is inspections, and each year we inspect about 200 audits and 800 audit engagements in more than 30 jurisdictions around the world. The third is enforcement. And as we discussed earlier, we are using every tool in our toolbox to hold wrongdoers accountable.
Although the number of public companies with material digital asset investments or activities is currently relatively small, our inspections have emphasized reviewing the audits of public companies with material digital assets, investments, or activities for a number of years. And that focus will continue this year.
Each of these key areas serves a function on its own, but they are strongest when they work together. High standards set the foundation for high-quality audits. High-quality inspections tell us where our standards could be improved, and they also shine a light on deficiencies that can lead to investigations and enforcement actions. Strong enforcement actions ensure compliance with our standards and inform where we should focus our inspections.
Davis-Friday: How are the audits of crypto and financial service companies different from other audits? What unique risks are inherent to these non-traditional audits?
Williams: Regarding crypto, it is interesting to consider what we mean by a crypto company. So for the purpose of an audit, we are thinking about companies with material digital asset investments or activities. And that can mean what your average investor thinks of as a crypto company may not be exactly what we are thinking of. It also could mean that a company in an unrelated line of business that has material digital assets on its books, they could also be thinking about that—a company that is in an unrelated line of business that has material assets on its books, perhaps as an investment. In any case, it’s important to remember that the PCAOB jurisdiction only applies to public companies or registered broker dealers.
So although the number of public companies with material digital asset investments or activities is currently relatively small, our inspections have emphasized reviewing the audits of public companies with material digital assets, investments, or activities for a number of years. And that focus will continue this year.
Audits involving digital assets do present unique risks and challenges for the auditor, and before accepting a new public company as an audit client, firms should ensure that they have the necessary skills and expertise. Because of the auditing challenges posed by digital assets, client acceptance should be given careful consideration.
Some of the unique risks include potential fraud risk, due to volatility or the existence of ownership, and this requires both an appropriate risk assessment and audit response. Audit firms may not have staff with the expertise to identify and assess risks related to digital assets, and may not appropriately tailor their audit procedures to address these risks. And these are things that we’re looking at carefully in our inspections and through our target team.
Separately, as we discussed earlier, the PCAOB will continue selecting audits of public companies in the financial services sector that are potentially impacted by risks to interest rates, inflation, uncertainty, and volatility in the digital assets markets, and more.
These risks require significant management and auditor consideration. For example, ongoing changes in interest rates can have a material effect on companies’ liquidity, position, future income, and expenses, valuation of investments in securities, ability to meet margin requirements, ability to meet long-term debt obligations, and ability to continue as a going concern.
Our reviews will place an emphasis on audit areas that are particularly sensitive to these risks. Some of those are detailed in our inspection priority spotlight that we discussed earlier.
The Use of Specialists
Davis-Friday: To what extent does the PCAOB play a role in assessing the quality of services provided by third-party companies; for example, like those preparing proof-of-reserve reports?
Williams: As we discussed earlier, the PCAOB’s jurisdiction applies only the audits of public companies and SEC-registered broker-dealers. Anything outside that scope is beyond our jurisdiction, and that includes proof of reserve reports, which are not audits. As the PCAOB Office of the Investor Advocate warned in their investor advisory earlier this year, proof of reserve reports are inherently limited and customers should exercise extreme caution. We’re relying on them to conclude that there are sufficient assets to meet customer liabilities.
Under AS 1000, “Responsibilities and Functions of the Independent Auditor,” the board requires that an audit report issued under PCAOB standards expressly disclosed that PCAOB standards apply. If it doesn’t have that disclosure, the audit was not performed under PCAOB standards.
Davis-Friday: Last year, the Board issued a request for comment on the initial impact of new requirements for auditing accounting estimates and using the work of specialists. Can you talk a little more about how that works?
Williams: On occasion, audits that fall under the PCAOB’s jurisdiction may require specialized skill or knowledge to perform appropriate risk assessment, plan, or perform audit procedures, or evaluate audit risks, and in those cases auditors may choose to engage a specialist to provide assistance. A specialist is defined as a person possessing specialized skill or knowledge in a particular field other than accounting or auditing. The auditor is required to follow specific PCAOB rules when supervising an auditor-engaged specialist.
As I mentioned earlier, in order to properly apply professional skepticism, the auditor must have sufficient knowledge of the subject matter, even when engaging a specialist to assist on an audit. For example, an auditor must know enough to be able to communicate the objectives of the specialist’s work, determine whether that person’s procedures meet the auditor’s objectives, and evaluate the results of that person’s procedures.
Under PCAOB rules, the auditor is responsible for supervising the work of an auditor specialist, and that includes assessing whether the specialist has the necessary degree of objectivity to exercise impartial judgment on all issues encompassed by the specialist work related to the audit.
The bottom line is, whether or not an auditor uses a specialist on an audit engagement, the auditor is ultimately responsible for the audit opinion they sign, and for ensuring all PCAOB rules and standards are properly followed, and it is the auditor who answers to the PCAOB if they are not.
Davis-Friday: This is consistent with what we’re thinking in academia about how students have to be prepared across the entire spectrum, as opposed to just into narrow specializations. You mentioned the Office of the Investor Advocate. Can you let us know a little more about that office, and how investors can make use of it?
Williams: This board of the PCAOB thought it was critically important to elevate the voice of investors, and so we created a new office and hired an office of investor advocate lead, Saba Qamar. Part of her role is to make sure that she’s engaging with investors, so that we understand what the investors are looking for with respect to our standards, in our inspections, and even our enforcement. And she also is charged with trying to make sure that we are communicating effectively with investors. I mentioned earlier that she put out an alert on proof-of-reserve reports. Other publications that have come and will continue to come from the Office of the Investor Advocate are on simplifying and explaining our standards.
We’re really in excited about continuing our engagement with investors and other stakeholders, and with making sure that we are putting out publications that are informative to investors and stake-holders to help inform them about the PCAOB’s work.
Fostering the Next Generation
Davis-Friday: We’re hosting this at Baruch College, which means that one of the things that we think about is how we are going to prepare students for the future of financial reporting. Can you tell us a little bit more about opportunities at the PCAOB for our students?
Williams: I think it is critically important that we bring more young people into the field of accounting and expand the types of young people who are seeing accounting as a path for them. Without them, we can’t continue to improve audit quality, or to uphold the integrity of our markets and protect investors.
We at the PCAOB are thinking about this issue on two fronts, both what can we do internally at the PCAOB and how we can use our influence to impact the broader profession. At the PCAOB, one of the ways that we are trying to use our influence internally is through our scholarship program; we’re working to do our part through this program. This last academic year, we have awarded 250 students from U.S. colleges and universities with $10,000 each, to pursue accounting degrees, and more than half of the scholarships in the last five years went to diverse applicants. These scholarships help make careers in auditing possible for the best and brightest students, no matter their backgrounds. We are expanding that program this year. I’m looking forward to awarding even more scholarships to students in 2023.
We are also pressing diversity. Every time I meet with firms, I raise the issue of diversity and ask what they are doing to help improve the diversity of the profession, and also the pipeline of young people who are interested in going into accounting. With respect to additional internal efforts, we constituted and reinvigorated our affinity groups here at the PCAOB, and we have created our first-ever Diversity Council. We also have developed an internship program that has competitive pay, and that makes it possible for young professionals from all backgrounds to try to afford to intern with the PCAOB.
We also have reconstituted our advisory groups, and we are deliberately seeking out diverse voices to help us forward our mission. We’ve hired a number of diversity professionals, including our diversity inclusion manager, to help us continue to do even more. Continuing to foster the development and interest of young people in this profession is a key priority for us here at the PCAOB.