610 likes | 758 Views
NARUC – Jackson Hole, October 10, 2007. PCAOB RECENT DEVELOPMENTS & FUTURE PLANS Mary M. Sjoquist Special Counsel October 10, 2007. CAVEAT (required by PCAOB Ethics Code). Any opinions expressed are my own and may not represent the views of PCAOB, its board members,
E N D
NARUC – Jackson Hole, October 10, 2007 PCAOB RECENT DEVELOPMENTS & FUTURE PLANS Mary M. Sjoquist Special Counsel October 10, 2007
CAVEAT (required by PCAOB Ethics Code) Any opinions expressed are my own and may not represent the views of PCAOB, its board members, or its staff.
OUTLINE OF PRESENTATION PCAOB (from the inside-out) • Registration & Inspection of audit firms • Investigation and Enforcement • Standards & rules-setting • Current topics • Internal control over financial reporting (ICFR) -- AS 2 AS 5 • Policy issues
PCAOB’s UNIQUE ARCHITECTURE • Not a government agency (?) • Organized as private, 501(c)(3) non-profit organization • Board members & employees are not government employees • Yet, PCAOB is vested with significant sovereign powers (subject to SEC oversight and approval) • Authoritative standard setting • Regulatory, investigative, & enforcement/disciplinary authority • Self-financing (Accounting Support Fee)
PCAOB ARCHITECTURE (cont’d) Independent (by statutory design): • From Accounting Profession • Board membership criteria & restrictions • Financial Independence (ASF outside the federal appropriations process) • Exempt from APA, FOIA, Sunshine Act, and OPM (civil service) rules • Subject, however, to SEC oversight • Never independent from Congress!
STAFFING & BUDGET LEVELS • Total employees* …………..……………..…. 460 • Approx. half in Inspections • Year-end (’07) staffing level (planned) .....… 519 • Approx. half in Inspections • Budget (2007) ……………………………… $136m • 99+ % comes from issuers, not from accounting firms) *As of June 4, 2007
REVIEW – PCAOB’s STATUTORY RESPONSIBILITIES • Registration • Inspection • Standard-setting • Investigations (including enforcement/discipline)
REGISTRATION AND ANNUAL REPORTING Predicate for any PCAOB action • PCAOB’s authority extends only to registered accounting firms and their associated persons • Inspections • Investigations/enforcement/discipline of registered firms • PCAOB has no direct authority over issuers
REGISTRATION UNIVERSE Firms registered by PCAOB..………….…. 1,806* U.S. firms (56%)..……………………….. 991 Non-U.S. firms (44%) ..…………………. 815 Foreign countries ……………….. 85 Firms w/ ≥ 1 issuer clients (45% of total)... 815** U.S. Firms (61% of U.S. reg. firms) . …. 605 Non-U.S. firms (26% of non-U.S. registered firms)…………………. 210 Firms withdrawn from registration …….. 193* * As of Sept, 2007 ** Source: Audit Analytics, as of 6.30.07
NON-U.S. REGISTERED FIRMS • China ……………… 78 • United Kingdom .... 67 • Canada ……….…… 57 • Australia ………..... 40 • India ……………..... 40 • German …………… 38 • France ………….. 35 • Singapore ………… 20 • Brazil ……………….. 17 • Mexico ……………… 17
RULES FOR ANNUAL & SPECIAL REPORTING (proposed May 23, 2007) Each registered public accounting firm must submit an annual report to the PCAOB [SOX sec. 102(d)] • PCAOB proposed rule would establish the framework for reporting: • Annually (on Form 2) • Within 14 days of the occurrence of certain events (on Form 3) * Not effective until 21 days after SEC approval
ANNUAL REPORTING (Form 2) • Registered firms must provide general information about the identity of the firm and office locations, plus • Information related to three broad categories: • The firm’s issuer-related practice • Internal and external resources used by the firm to conduct audits of issuers • Significant new relationships • Also – affirmation that the firm consents to cooperate with the PCAOB • Form 2 would be due on June 30 with reporting covering the 12-month period ending March 31
SPECIAL REPORTING (Form 3) Must be filed within 14 days of occurrence of certain triggering events, e.g.; • A change in the number of issuer audit clients to either more than 100 or less than 101 clients • An audit report that has been withdrawn by the firm and the issuer failed to report it to SEC • An issuer client made unauthorized use of the firm’s name • The firm and/or associated persons became defendant(s) in certain criminal proceedings • The firm’s contact person/information has changed
SUCCEEDING TO THE REGISTRATION STATUS OF A PREDESESSOR FIRM (Form 4) • Establishes the ability and process for a new legal entity to “succeed” to the registration status of a predecessor registered firm • Complete and file a timely Form 4 • Affirm cooperation w/ PCAOB • Accept responsibility • Succession may be outright or transitional for a period of up to 90 days
INSPECTIONS (sec. 104(a)) Source: The New Yorker
PCAOB INSPECTIONS ARE NOT PEER REVIEWS • Enhanced degree of professional skepticism vis-a-vis old peer reviews • Inspections are not random • Risk-based for firm, engagement, and “slices” of engagements • Suspected GAAP violations are referred to SEC • PCAOB cannot force restatements
INSPECTION FREQUENCY • Less than half of all registered firms (45 %) are subject to regular inspections • Annually for firms w/ > 100 issuer clients • Once every 3 yrs for firms w/ ≤ 100 issuer clients • Special inspections • At any time • Based on information from any source
FOCUS OF PCAOB INSPECTIONS Focus of inspections is on two broad, integrated elements: • Audit Performance – Adherence to professional standards (GAAP, auditing, ethics, independence) • Quality Control – firm’s QC policies and procedures
QUALITY CONTROL CRITERIA • Tone at the top • Partner evaluation (admission, assignment of responsibilities, disciplinary & compensation policies and practices) • Independence (non-audit services, business ventures, alliances, personal financial interests, & commissions and contingent fees) • Client acceptance & retention policies/practices • Firm’s internal inspection program • Practices for communication of audit policies, procedures, and methodologies (including training) • Supervision of foreign affiliates
INSPECTIONS FACTS Since PCAOB inception (2003): • Completed field work on > 550 inspections • Issued > 400 inspection reports • Examined portions of audits > 3,000 public companies
INSPECTIONS (cont.) ENGAGEMENT REVIEWS • Meeting with engagement partner & team • Review of audit work papers • Audit areas selected based on various factors—including risk assessment, industry issues, inspector's judgment • Comment forms issued at the conclusion of the inspection field work (at practice office) • To ensure that facts are accurately described • If firm chooses to respond, must do so in 10 business days
FIRM RESPONSE TO DRAFT INSPECTION REPORT • Firm has 30 days to respond to draft report • Another opportunity to respond to the inspection observations (in addition to comment forms) • Response can impact the final inspection report • Guidelines for response preparation • How to respond to info provided with transmittal letter • Confidentiality requests • Factual inaccuracies in reportFirm response treated similarly to inspection report • Firm response treated similarly to inspection report • Part I (audit observations) is public • Part II (quality-control observations) is nonpublic
FINAL INSPECTION REPORT • After internal staff review, staff presents draft report to the Board • PCAOB Board must vote to issue reports • Public portion of report posted on PCAOB’S web site; entire report is transmitted to SEC and to state boards in which the firm is licensed
OUTLINE of PCAOB INSPECTION REPORTS • Part I - public • Provides overview of firm size, legal structure and summary of inspection observations • Part II – “non-public” (but not always) • II.A details the inspection observations and is non-public • II.B-x discusses criticisms of, and potential defects in, the firm's quality control policies and practices (becomes public if QC deficiencies are not corrected w/in 12 mos.) Also discusses other audit performance issues (e.g., independence)
INSPECTION REPORTS (cont’d) • Part III – non-public • Provides guidance to the firm on addressing quality control criticisms: • It is the firm’s responsibility to address the criticisms and potential defects • 12-month remediation period • Report may recommend that the firm review audits that were not inspected • Report may include an “imminent disciplinary paragraph” • Part IV – public • May include portions or all of firm's responses to the draft report
12-Mo. REMEDIATION PROCESS • Final inspection report accompanied by a transmittal letter • Provides PCAOB contact information • Guidelines for communicating with PCAOB during this process • Encourages firm to start a dialogue as soon as practicable • Firm should be proactive during remediation period • Firm response • Written submission addressing each quality control criticism or potential defect must be received within 12-mos from release of final report to firm • Describe steps/actions taken or planned • Narrative supported with documentary evidence where possible • Periodic notification • 6-month reminder letter • 60-day reminder letter • PCAOB’s remediation standard is “good- faith effort”
TOP “10” INSPECTION "Hot Topics" 1. Revenues 2. Expenses 3. Estimates 4. Contractual arrangements 5. Equity transactions 6. Inventory 7. Going concern 8. Internal control 9. Principal auditor 10. Concurring partner 11. Independence
PUBLIC INSPECTION-RELATED DOCUMENTS Visit: www.pcaobus.org/Inspections/index.aspx “4010” Reports • Second-yr implementation of AS 2 • Inspections observations on fraud • Initial implementation of AS 2 Non-4010 reports • Statement on approach to inspections • Statement on issuance of inspection reports • Process for Board determinations re: remediations
STANDARD SETTING SOX directs PCAOB to establish for auditors of public companies: • Auditing standards • Attestation standards • Quality control standards • Ethics standards • Independence standards
AUDITING STANDARDS ISSUED • Interim Standards – Pre-existing audit standards “to be used on an initial, transitional basis” • AS 1 – References in Auditors' Reports to the Standards of the PCAOB • AS 2 – An Audit of Internal Control Over Financial Reporting Performed in Conjunction with an Audit of Financial Statements (superseded by AS 5) • AS 3 – Audit Documentation • AS 4 – Reporting on Whether a Previously Reported Material Weakness Continues to Exist • AS 5 – An Audit of Internal Control Over Financial Reporting That is Integrated with an Audit of Financial Statements (to replace AS 2)
2007 STANDARDS-SETTING AGENDA • Principles of Reporting (to address FASB’s proposed No. 154 and the GAAP hierarchy) • Proposed by Board 4.03.07 • Engagement Quality Review • Risk Assessment (incl. fraud risk) • Related Parties • Confirmations • Specialists (including use of specialists in fair-value measurements)
FUTURE STANDARD-SETTING (POSSIBILITIES) • Auditing fair value • Communication w/ audit committees • Codification of PCAOB standards • Quality control
ENFORCEMENT& INVESTIGATION • The Board may investigate possible violations by registered public accounting firms or their associated persons of: • any provision of the Sarbanes-Oxley Act • “the rules of the Board” • “the provisions of the securities laws relating to the preparation and issuance of audit reports and the obligations and liabilities of accountants with respect thereto, including the rules of the Commission issued under the Act,” or • professional standards • The Board may impose appropriate sanctions if violations are found
DISCIPLINE – sanctions, options, & flexibility • Censure or bar from association w/ registered firms • Require professional training • Civil monetary penalties: • <$750,000 person (each violation) • <$15,000,000 firm (each violation) • Suspension of registration (nuclear bomb) • “…any other appropriate sanction…”
SOURCES OF INVESTIGATIONS • Issuer disclosures (SEC filings) • Auditor changes • Restatements • Public news sources • Tips • Other regulators • Other PCAOB divisions and offices • Office of Research & Analysis • Division of Registration and Inspections
REFERALS TO PCAOB’S DEI Board may choose to use its investigative resources instead of relying on its supervisory (inspections) processes, e.g.: • Conducting audits with insufficient care • Inability to conduct audits with sufficient competence
INVESTIGATIONS(cont'd) • The Act requires confidentiality of information (as it does for inspections) • PCAOB may share information with the SEC, DOJ, or other agencies enumerated in SOX • May also share w/ state accountancy boards • May not share w/ non-U.S. regulators (SOX sec. 105) • Coordination with SEC’s Div. of Enforcement is standard practice
COMMON TYPES OF INVESTIGATIONS • Violations of professional standards • "Audit failure" or “bust” — issuer's financial statements are not in accordance with GAAP and auditor should have detected the misstatement • Non-GAAP departures • e.g., Independence violations
CERTAIN FINDINGS (examples) • Firm's engagement as auditor continued after firm principal accepted client's offer to serve on its board of directors • Firm used the work of other auditing firms to report on issuer's financial statements and did not refer to the work of the other firms in its audit report. Firm assumed complete responsibility for the work of the other auditing firms • Firm consulted with other auditors and relied on the other auditor's work papers, but did not plan or perform audit procedures sufficient to issue an audit report • Repeated failure to confirm accounts receivable and failure to perform any procedures other than obtaining management representations • Issuer filed financial statements including a document it claimed was an audit report with Form 10-KSB. Auditor had neither issued the audit report nor completed the audit at the time of the issuer's filing. Auditor did not inform issuer's Board of Directors as required under Section 10A(b)(2) of the Securities Exchange Act
AUDITING STANDARD No. 5 AS 5 AN AUDIT OF INTERNAL CONTROL OVER FINANCIAL REPORTING THAT IS INTEGRATED WITH AN AUDIT OF FINANCIAL STATEMENTS
CHRONOLOGY • Jul. ‘02 – SOX signed into law • Mar. ‘04 – PCAOB adopts AS 2 • Jun. ’04 – SEC approves AS 2 • SEC subsequently provides compliance extensions to non-accelerated files • Accelerated filers have had 3 yrs ICFR experience under AS 2 • Dec. ‘06 – PCAOB proposes AS “5” (&SEC proposes mgmt. guidance • May ‘07 – AS 5 adopted by PCAOB (& SEC issues mgmt. guidance) • July ’07 – SEC approves AS 5 (& mgmt. guidance)
SOURCES OF FEEDBACK • Inspections experience over 3 yrs of ICFR audits • Two public reports (“4010” reports) • Standing Advisory Group (SAG) • Active working groups • Roundtables (2 held) • SEC’s Advisory Committee on Smaller Public Companies (final report) • Small Business Forums (20 held to date) • 170+ formal comments to AS “5” proposal • Capitol Hill (and the media) • “Over the transom”
AS 5 – A “NEW & IMPROVED” AS 2(and to a lessor degree, to Dec, 2006 proposal) Compared w/ AS 2: • Shorter, clearer, and organized more logically • Less prescriptive (i.e., less rules-based & more principles-based) • Allows for more auditor judgment
Important Goals • Focus the audit of internal control on the most important matters • Eliminate procedures that are unnecessary to achieve the intended benefits • Make the audit clearly scalable to fit any company’s size and complexity • Simplify the standard
Focus the Audit of Internal Control on the Most Important Matters • Risk assessment underlies the entire audit process described by AS No. 5, including - • The determination of significant accounts and disclosures and relevant assertions, • The selection of controls to test, and • The determination of the evidence necessary for a given control. • More clearly focuses auditors on identifying control weaknesses before they allow material misstatements • Emphasizes the importance of fraud risk and anti-fraud controls to assessing risk
Objective 2 – ELIMINATE UNNECESSARY PROCEDURES • Eliminate the requirement to assess management's evaluation process • Allow special considerations for subsequent years' audits • Encourage greater use of the work of others • Eliminate the “principal evidence” provision • Recalibrate the walkthrough “requirement” by focusing on objectives to be achieved • Provide risk-based multi-location direction • Eliminate the "large portion" provision
Eliminate Procedures that Are Unnecessary to Achieve the Intended Benefits • Removes the detailed requirements to evaluate management's evaluation process • Permits consideration of knowledge obtained from the auditor's previous years’ audits • Removes barriers to using the work of others by eliminating the "principal evidence" provision • Clarifies that the top-down approach describes the auditor’s sequential thought process in identifying risks and the controls to test