1
NARUC – Jackson Hole, October 10, 2007NARUC – Jackson Hole, October 10, 2007
PCAOB
RECENT DEVELOPMENTS & FUTURE PLANS
Mary M. SjoquistSpecial Counsel
October 10, 2007
2
CAVEAT CAVEAT (required by PCAOB Ethics Code)(required by PCAOB Ethics Code)
Any opinions expressed are my own
and may not represent the views
of PCAOB, its board members,
or its staff.
3
OUTLINE OF PRESENTATIONOUTLINE OF PRESENTATION
PCAOB (from the inside-out) Registration & Inspection of audit firms Investigation and Enforcement Standards & rules-setting
Current topics Internal control over financial reporting
(ICFR) -- AS 2 AS 5 Policy issues
4
PCAOB’s UNIQUE ARCHITECTUREPCAOB’s UNIQUE ARCHITECTURE
Not a government agency (?) Organized as private, 501(c)(3) non-profit organization Board members & employees are not government
employees
Yet, PCAOB is vested with significant sovereign powers (subject to SEC oversight and approval)
Authoritative standard setting Regulatory, investigative, & enforcement/disciplinary
authority Self-financing (Accounting Support Fee)
5
PCAOB ARCHITECTUREPCAOB ARCHITECTURE (cont’d) (cont’d)
Independent (by statutory design):
From Accounting Profession Board membership criteria & restrictions
Financial Independence (ASF outside the federal appropriations process) Exempt from APA, FOIA, Sunshine Act, and OPM (civil service) rules Subject, however, to SEC oversight Never independent from Congress!
6
STAFFING & BUDGET LEVELSSTAFFING & BUDGET LEVELS
Total employees* …………..……………..…. 460
Approx. half in Inspections
Year-end (’07) staffing level (planned) .....… 519
Approx. half in Inspections
Budget (2007) ……………………………… $136m
99+ % comes from issuers, not from accounting firms)
*As of June 4, 2007
7
REVIEW – PCAOB’s STATUTORY REVIEW – PCAOB’s STATUTORY RESPONSIBILITIES RESPONSIBILITIES
Registration Inspection Standard-setting Investigations (including
enforcement/discipline)
8
REGISTRATION AND ANNUAL REGISTRATION AND ANNUAL REPORTINGREPORTING
Predicate for any PCAOB action
PCAOB’s authority extends only to registered accounting firms and their associated persons
Inspections Investigations/enforcement/discipline of
registered firmsPCAOB has no direct authority over issuers
9
REGISTRATION UNIVERSEREGISTRATION UNIVERSE
Firms registered by PCAOB..………….…. 1,806*U.S. firms (56%)..……………………….. 991Non-U.S. firms (44%) ..…………………. 815
Foreign countries ……………….. 85
Firms w/ ≥ 1 issuer clients (45% of total)... 815**U.S. Firms (61% of U.S. reg. firms) . …. 605 Non-U.S. firms (26% of non-U.S.
registered firms)…………………. 210
Firms withdrawn from registration …….. 193*
* As of Sept, 2007 ** Source: Audit Analytics, as of 6.30.07
10
NON-U.S. REGISTERED FIRMSNON-U.S. REGISTERED FIRMS
1. China ……………… 782. United Kingdom .... 673. Canada ……….…… 57 4. Australia ………..... 405. India ……………..... 406. German …………… 387. France ………….. 358. Singapore ………… 209. Brazil ……………….. 1710. Mexico ……………… 17
11
MARKET SHARES of MARKET SHARES of REGISTERED FIRMSREGISTERED FIRMS
100% 100% 15,303 Total
1% 43% 6,502 All other
1% 7% 1,120 Biggest
5-8
98% 50% 7,681 “Big 4”
Market
Share –
Revenues
Market
Share
Issuers
Number of
U.S. Issuer
Clients*
Audit
Firms
Source: AuditAnalytics.com and Standard & Poors
*Includes only operating companies (mutual funds, investment companies, trusts, etc. are excluded
12
RULES FOR ANNUAL & SPECIAL RULES FOR ANNUAL & SPECIAL REPORTING REPORTING (proposed May 23, 2007)(proposed May 23, 2007)
Each registered public accounting firm must submit an annual report to the PCAOB [SOX sec. 102(d)]
PCAOB proposed rule would establish the framework for reporting:
Annually (on Form 2)Within 14 days of the occurrence of certain
events (on Form 3)
* Not effective until 21 days after SEC approval
13
ANNUAL REPORTING ANNUAL REPORTING (Form 2)(Form 2)
Registered firms must provide general information about the identity of the firm and office locations, plus
Information related to three broad categories:1. The firm’s issuer-related practice2. Internal and external resources used by the firm to
conduct audits of issuers3. Significant new relationships
Also – affirmation that the firm consents to cooperate with the PCAOB
Form 2 would be due on June 30 with reporting covering the 12-month period ending March 31
14
SPECIAL REPORTING SPECIAL REPORTING (Form 3)(Form 3)
Must be filed within 14 days of occurrence of certain triggering events, e.g.;
A change in the number of issuer audit clients to either more than 100 or less than 101 clients
An audit report that has been withdrawn by the firm and the issuer failed to report it to SEC
An issuer client made unauthorized use of the firm’s name The firm and/or associated persons became
defendant(s) in certain criminal proceedings The firm’s contact person/information has changed
15
SUCCEEDING TO THE REGISTRATION SUCCEEDING TO THE REGISTRATION STATUS OF A PREDESESSOR FIRM (Form 4)STATUS OF A PREDESESSOR FIRM (Form 4)
Establishes the ability and process for a new legal entity to “succeed” to the registration status of a predecessor registered firm
Complete and file a timely Form 4 Affirm cooperation w/ PCAOB Accept responsibility
Succession may be outright or transitional for a period of up to 90 days
16
INSPECTIONS INSPECTIONS (sec. 104(a))(sec. 104(a))
Source: The New Yorker
17
PCAOB INSPECTIONS PCAOB INSPECTIONS ARE NOT PEER REVIEWS ARE NOT PEER REVIEWS
Enhanced degree of professional skepticism vis-a-vis old peer reviews
Inspections are not randomRisk-based for firm, engagement, and
“slices” of engagementsSuspected GAAP violations are
referred to SECPCAOB cannot force restatements
18
INSPECTION FREQUENCYINSPECTION FREQUENCY
Less than half of all registered firms (45 %) are subject to regular inspectionsAnnually for firms w/ > 100 issuer clientsOnce every 3 yrs for firms w/ ≤ 100 issuer
clientsSpecial inspections
At any timeBased on information from any source
19
FOCUS OF PCAOB INSPECTIONSFOCUS OF PCAOB INSPECTIONS
Focus of inspections is on two broad, integrated elements:
Audit Performance – Adherence to professional standards (GAAP, auditing, ethics, independence)
Quality Control – firm’s QC policies and procedures
20
QUALITY CONTROL CRITERIAQUALITY CONTROL CRITERIA
Tone at the top Partner evaluation (admission, assignment of
responsibilities, disciplinary & compensation policies and practices)
Independence (non-audit services, business ventures, alliances, personal financial interests, & commissions and contingent fees)
Client acceptance & retention policies/practices Firm’s internal inspection program Practices for communication of audit policies,
procedures, and methodologies (including training)
Supervision of foreign affiliates
21
INSPECTIONS FACTSINSPECTIONS FACTS
Since PCAOB inception (2003):
Completed field work on > 550 inspections
Issued > 400 inspection reportsExamined portions of audits > 3,000
public companies
22
INSPECTIONS (cont.) INSPECTIONS (cont.) ENGAGEMENT REVIEWS ENGAGEMENT REVIEWS
Meeting with engagement partner & team Review of audit work papers
Audit areas selected based on various factors—including risk assessment, industry issues, inspector's judgment
Comment forms issued at the conclusion of the inspection field work (at practice office)
To ensure that facts are accurately described If firm chooses to respond, must do so in 10
business days
23
FIRM RESPONSE TO DRAFT FIRM RESPONSE TO DRAFT INSPECTION REPORT INSPECTION REPORT
Firm has 30 days to respond to draft report Another opportunity to respond to the inspection
observations (in addition to comment forms) Response can impact the final inspection report
Guidelines for response preparation How to respond to info provided with transmittal letter Confidentiality requests
Factual inaccuracies in report Firm response treated similarly to inspection report
Firm response treated similarly to inspection report
Part I (audit observations) is public Part II (quality-control observations) is nonpublic
24
FINAL INSPECTION REPORTFINAL INSPECTION REPORT
After internal staff review, staff presents draft report to the Board
PCAOB Board must vote to issue reports
Public portion of report posted on PCAOB’S web site; entire report is transmitted to SEC and to state boards in which the firm is licensed
25
OUTLINE of PCAOB OUTLINE of PCAOB INSPECTION REPORTS INSPECTION REPORTS
Part I - public Provides overview of firm size, legal structure and
summary of inspection observations
Part II – “non-public” (but not always) II.A details the inspection observations and is non-
public II.B-x discusses criticisms of, and potential defects in,
the firm's quality control policies and practices (becomes public if QC deficiencies are not corrected w/in 12 mos.) Also discusses other audit performance issues (e.g., independence)
26
INSPECTION REPORTS INSPECTION REPORTS (cont’d)(cont’d)
Part III – non-public Provides guidance to the firm on addressing
quality control criticisms: It is the firm’s responsibility to address the criticisms
and potential defects 12-month remediation period
Report may recommend that the firm review audits that were not inspected
Report may include an “imminent disciplinary paragraph”
Part IV – public May include portions or all of firm's responses to
the draft report
27
12-Mo. REMEDIATION PROCESS12-Mo. REMEDIATION PROCESS
Final inspection report accompanied by a transmittal letter Provides PCAOB contact information Guidelines for communicating with PCAOB during this process Encourages firm to start a dialogue as soon as practicable Firm should be proactive during remediation period
Firm response Written submission addressing each quality control criticism or potential defect must be
received within 12-mos from release of final report to firm Describe steps/actions taken or planned Narrative supported with documentary evidence where possible
Periodic notification 6-month reminder letter 60-day reminder letter
PCAOB’s remediation standard is “good- faith effort”
28
TOP “10” INSPECTION "Hot Topics"TOP “10” INSPECTION "Hot Topics"
1. Revenues 2. Expenses
3. Estimates 4. Contractual arrangements 5. Equity transactions 6. Inventory 7. Going concern 8. Internal control 9. Principal auditor
10. Concurring partner 11. Independence
29
PUBLIC INSPECTION-RELATED PUBLIC INSPECTION-RELATED DOCUMENTS DOCUMENTS
Visit: www.pcaobus.org/Inspections/index.aspx
“4010” Reports Second-yr implementation of AS 2 Inspections observations on fraud Initial implementation of AS 2
Non-4010 reports Statement on approach to inspections Statement on issuance of inspection reports Process for Board determinations re: remediations
30
STANDARD SETTINGSTANDARD SETTING
SOX directs PCAOB to establish for auditors of public companies:
Auditing standards Attestation standards Quality control standards Ethics standards Independence standards
31
AUDITING STANDARDS ISSUEDAUDITING STANDARDS ISSUED
Interim Standards – Pre-existing audit standards “to be used on an initial, transitional basis”
AS 1 – References in Auditors' Reports to the Standards of the PCAOB
AS 2 – An Audit of Internal Control Over Financial Reporting Performed in Conjunction with an Audit of Financial Statements (superseded by AS 5)
AS 3 – Audit Documentation AS 4 – Reporting on Whether a Previously Reported
Material Weakness Continues to Exist AS 5 – An Audit of Internal Control Over Financial
Reporting That is Integrated with an Audit of Financial Statements (to replace AS 2)
32
2007 STANDARDS-SETTING AGENDA2007 STANDARDS-SETTING AGENDA
Principles of Reporting (to address FASB’s proposed No. 154 and the GAAP hierarchy)Proposed by Board 4.03.07
Engagement Quality Review Risk Assessment (incl. fraud risk)Related PartiesConfirmations Specialists (including use of
specialists in fair-value measurements)
33
FUTURE STANDARD-SETTINGFUTURE STANDARD-SETTING (POSSIBILITIES) (POSSIBILITIES)
Auditing fair valueCommunication w/ audit committeesCodification of PCAOB standardsQuality control
34
INVESTIGATIONS & INVESTIGATIONS & ENFORCEMENT….. ENFORCEMENT…..
35
And DISCIPLINEAnd DISCIPLINE
36
ENFORCEMENTENFORCEMENT & INVESTIGATION& INVESTIGATION
The Board may investigate possible violations by registered public accounting firms or their associated persons of: any provision of the Sarbanes-Oxley Act “the rules of the Board” “the provisions of the securities laws relating to
the preparation and issuance of audit reports and the obligations and liabilities of accountants with respect thereto, including the rules of the Commission issued under the Act,” or
professional standards The Board may impose appropriate sanctions if
violations are found
37
DISCIPLINE – sanctions, options, & DISCIPLINE – sanctions, options, &
flexibility flexibility Censure or bar from association w/
registered firms Require professional training Civil monetary penalties:
<$750,000 person (each violation) <$15,000,000 firm (each violation)
Suspension of registration (nuclear bomb) “…any other appropriate sanction…”
38
SOURCES OF INVESTIGATIONSSOURCES OF INVESTIGATIONS
Issuer disclosures (SEC filings) Auditor changes Restatements
Public news sources Tips Other regulators Other PCAOB divisions and offices
Office of Research & Analysis Division of Registration and Inspections
39
REFERALS TO PCAOB’S DEIREFERALS TO PCAOB’S DEI
Board may choose to use its investigative resources instead of relying on its supervisory (inspections) processes, e.g.:
Conducting audits with insufficient care Inability to conduct audits with
sufficient competence
40
INVESTIGATIONSINVESTIGATIONS (cont'd)(cont'd)
The Act requires confidentiality of information (as it does for inspections) PCAOB may share information with the SEC,
DOJ, or other agencies enumerated in SOX May also share w/ state accountancy boards May not share w/ non-U.S. regulators (SOX sec. 105)
Coordination with SEC’s Div. of Enforcement is standard practice
41
COMMON TYPES OFCOMMON TYPES OF INVESTIGATIONS INVESTIGATIONS
Violations of professional standards
"Audit failure" or “bust” — issuer's financial statements are not in accordance with GAAP and auditor should have detected the misstatement
Non-GAAP departures e.g., Independence violations
42
CERTAIN FINDINGS (examples)CERTAIN FINDINGS (examples)
Firm's engagement as auditor continued after firm principal accepted client's offer to serve on its board of directors
Firm used the work of other auditing firms to report on issuer's financial statements and did not refer to the work of the other firms in its audit report. Firm assumed complete responsibility for the work of the other auditing firms
Firm consulted with other auditors and relied on the other auditor's work papers, but did not plan or perform audit procedures sufficient to issue an audit report
Repeated failure to confirm accounts receivable and failure to perform any procedures other than obtaining management representations
Issuer filed financial statements including a document it claimed was an audit report with Form 10-KSB. Auditor had neither issued the audit report nor completed the audit at the time of the issuer's filing. Auditor did not inform issuer's Board of Directors as required under Section 10A(b)(2) of the Securities Exchange Act
43
AUDITING STANDARD No. 5AUDITING STANDARD No. 5
AS 5
AN AUDIT OF INTERNAL CONTROL OVER FINANCIAL
REPORTING THAT IS INTEGRATED WITH AN AUDIT OF FINANCIAL STATEMENTS
44
CHRONOLOGYCHRONOLOGY
Jul. ‘02 – SOX signed into law Mar. ‘04 – PCAOB adopts AS 2 Jun. ’04 – SEC approves AS 2
SEC subsequently provides compliance extensions to non-accelerated files
Accelerated filers have had 3 yrs ICFR experience under AS 2
Dec. ‘06 – PCAOB proposes AS “5” (& SEC proposes mgmt. guidance
May ‘07 – AS 5 adopted by PCAOB (& SEC issues mgmt. guidance) July ’07 – SEC approves AS 5 (& mgmt. guidance)
45
SOURCES OF FEEDBACKSOURCES OF FEEDBACK
Inspections experience over 3 yrs of ICFR audits Two public reports (“4010” reports)
Standing Advisory Group (SAG) Active working groups Roundtables (2 held) SEC’s Advisory Committee on Smaller Public
Companies (final report) Small Business Forums (20 held to date) 170+ formal comments to AS “5” proposal Capitol Hill (and the media) “Over the transom”
46
AS 5 – A “NEW & IMPROVED” AS 2AS 5 – A “NEW & IMPROVED” AS 2 (and to a lessor degree, to Dec, 2006 proposal)(and to a lessor degree, to Dec, 2006 proposal)
Compared w/ AS 2:
Shorter, clearer, and organized more logically
Less prescriptive (i.e., less rules-based & more principles-based)
Allows for more auditor judgment
47
Important GoalsImportant Goals
Focus the audit of internal control on the most important matters
Eliminate procedures that are unnecessary to achieve the intended benefits
Make the audit clearly scalable to fit any company’s size and complexity
Simplify the standard
48
Focus the Audit of Internal Control Focus the Audit of Internal Control on the Most Important Matterson the Most Important Matters
Risk assessment underlies the entire audit process described by AS No. 5, including - The determination of significant accounts and
disclosures and relevant assertions, The selection of controls to test, and The determination of the evidence necessary for a
given control. More clearly focuses auditors on
identifying control weaknesses before they allow material misstatements
Emphasizes the importance of fraud risk and anti-fraud controls to assessing risk
49
Objective 2 – ELIMINATE Objective 2 – ELIMINATE UNNECESSARY PROCEDURES UNNECESSARY PROCEDURES
Eliminate the requirement to assess management's evaluation process
Allow special considerations for subsequent years' audits
Encourage greater use of the work of others Eliminate the “principal evidence” provision
Recalibrate the walkthrough “requirement” by focusing on objectives to be achieved
Provide risk-based multi-location direction Eliminate the "large portion" provision
50
Eliminate Procedures that Are Unnecessary to Achieve Eliminate Procedures that Are Unnecessary to Achieve the Intended Benefitsthe Intended Benefits
Removes the detailed requirements to evaluate management's evaluation process
Permits consideration of knowledge obtained from the auditor's previous years’ audits
Removes barriers to using the work of others by eliminating the "principal evidence" provision
Clarifies that the top-down approach describes the auditor’s sequential thought process in identifying risks and the controls to test
51
Objective 3 – SCALE STANDARD TO Objective 3 – SCALE STANDARD TO COMPANY SIZE & COMPLEXITY COMPANY SIZE & COMPLEXITY
Improved direction on scaling the auditNatural extension of the risk-based
approachApplicable to companies of all sizes (and
complexities)Shortened the separate “Scaling the
Audit” section and incorporated discussion of scaling concepts throughout the standard
52
Eliminate Procedures that Are Unnecessary to Eliminate Procedures that Are Unnecessary to Achieve the Intended Benefits (cont.)Achieve the Intended Benefits (cont.)
Allows auditors to tailor their top-down approach to the facts and circumstances of a particular engagement
Focuses the performance requirements for a walkthrough on fulfilling certain important objectives
53
Make the Audit Clearly Scalable to Fit Any Make the Audit Clearly Scalable to Fit Any Company’s Size and ComplexityCompany’s Size and Complexity
Discussion of scaling concepts throughout the standard
Discussion of the attributes of smaller and less complex companiesLarger companies may have some business
units or processes that may be less complex than others
54
Tailoring the Audit in the Planning Tailoring the Audit in the Planning PhasePhase
Factors that might indicate less complex operations include: Fewer business lines; Less complex business processes and financial
reporting systems; More centralized accounting functions; Extensive involvement by senior management in
the day-to-day activities of the business; and Fewer levels of management, each with a wide
span of control.
55
Simplify the StandardSimplify the Standard
Reduces granularity and redefines key terms in a simpler way
Clarifies that the auditor’s evaluation of materiality for an audit of internal control is the same as the audit of the financial statements
Alignment of terms between the standard and SEC’s management guidance
56
Evaluating Identified DeficienciesEvaluating Identified Deficiencies
Auditor must evaluate the severity of each control deficiency that comes to their attention To determine whether the deficiencies, individually
or in combination, are material weaknesses
Auditor is not required to search for deficiencies that, individually or in combination, are less severe than a material weakness.
57
GOING FORWARD w/ AS 5GOING FORWARD w/ AS 5
PCAOB will monitor AS 5’s implementation PCAOB will adjust its inspection program
to be consistent w/ AS 5 PCAOB is developing tailored guidance
and education for auditors applying AS 5 On-going project in cooperation w/ small-
company auditors PCAOB will continue “Forums on Auditing
in the Small Business Environment” 8 forums scheduled for 2007 (see web site)
58
COMPLIANCECOMPLIANCE DATES for AS 5DATES for AS 5
For accelerated filers, for fiscal years ending on or after Nov. 15, 2007
AS 5-based ICFR audits for non-accelerated filers are first required for fiscal years ending on or after Dec. 15, 2008
Earlier adoption of AS 5 is ok
59
FOR MORE INFO on AS 5FOR MORE INFO on AS 5
The Standard & the Releasehttp://www.pcaobus.org/Rules/Docket_021/i
ndex.aspx
The Press Release & Fact Sheethttp://www.pcaobus.org/News_and_Events/
News/2007/05-24.aspx
60
POLICY QUESTIONS POLICY QUESTIONS
What are the responsibilities of being a public company (and what are the implications for auditors of public companies)? Are they less merely because of company size?
Is it sound public policy to provide small-company investors with less protection? Exemption from 404 requirements? “404-Lite”? Would it even matter? (toothpaste theory)
How much “change” can firms reasonably absorb?
Should SOX be amended? “Be careful what you ask for”
61
FOR MORE INFORMATIONFOR MORE INFORMATION
www.PCAOBUS.org