Editorial Note: We are delighted to present this essay by contributing columnist Rick Kravitz. It is the first of a series of three columns that address the theme of The Evolution of the Public Interest in Accounting.
We welcome contributions by all members of the academic and business communities who maintain an interest in Accounting and the Public Interest. Please direct your queries to Michael Kraten at email@example.com.
As always, when you read the comments of our columnists, please keep in mind that they only speak for themselves. They are not expressing the positions of the AAA or of any other party.
Disclaimer by author Rick Kravitz: The comments and opinions expressed in this article represent the writers’ own personal views and not necessarily those of his employer, or of other organizations that are affiliated with the author. The opinions of this author do not reflect the opinions of the CPA Journal, the New York State Society of CPAs, its board, its executives or its membership.
Over the past two years, the PCAOB, a nonprofit corporation established by Congress, has replaced all five of its board members. Its new chairman, William Duhnke [a former Republican Senate Aide, according to Fortune Magazine], will receive a salary of $673,000 a year.
As a result of the changing of the guard, the PCAOB is now in a perfect position to look back at its accomplishments over its past seventeen years [in 2010, funding was established through annual accounting support fees assessed on public corporations and broker-dealers] and determine its correct path going forward.
This article examines whether the PCAOB, in its 17 year history, has achieved its objectives. Has it improved investor protection? Has it improved financial reporting by auditing auditor work papers? Has it been open, honest and transparent in the reporting of its results? Or was PCAOB’s establishment as a nonprofit corporation, designed to shelter its activities from the public and from FOIA requests?
Other questions need to be answered. Are the deliberations by the PCAOB open to the public or held behind closed doors? Does the public know how much has been collected in penalties or settlements and even the criteria for distributing penalty funds to their merit scholarship program [students in accredited accounting programs]?
The mission of the PCAOB is noble:
“… Oversee the audits of public companies, protect the interests of investors and further the public interest in the preparation of informative, accurate, and independent audit reports…”
But, over the last nine years, the PCAOB has spent over 2 ½ billion dollars. Has this money been spent wisely in service to the public in support of its mission?
(1) The PCAOB Inspection Process
PCAOB inspections [2016 of auditors and brokers] observed deficiencies in 97% of the firms inspected in 2016, compared against 96% in 2015. PCAOB inspectors publicized these deficiencies online and in the press. This nonprofit also reported a 48 % deficiency rate in attestation engagements in 2016, compared against a 55% deficiency rate in 2015. [Fact Sheet: Annual Report on the 2016 Inspections of Broker-Dealer Auditors, August 18, 2017]. For non-broker audits, Audit deficiencies rates [particularly internal control deficiencies] averaged from 32% to around 35% over a five year period [Summary of Inspection Findings of the Big Four and Next Six, August, 2017, the CPA Journal, page 54].
So, let’s go back to the mission of the PCAOB and ask the following; how, exactly, do these findings inspire confidence in the capital markets…and in addition, how do these findings improve investor protection? Were there follow up inspections on these work paper audits -to demonstrate to the inspectors that these error rates could be reduced substantially now that they were identified? I think not. Also, what did the inspectors do to ensure that the auditors corrected these deficiencies? Did they report these to the senior execs of the company, the board of directors, internal auditors and audit committees? If they did, why is it that we don’t see public responses, auditor changes, and responses by the board in public statements regarding these critical audit deficiencies? Were they not told or is there something else in play?
The critical question is whether the work of CPAs is so poor, so inferior, so incompetent, that in its 100 years of audit history and seventeen thousand pages of audit guidance [including the use of specialized audit and risk assessment programs, compliance software, proven statistical and cumulative monetary sampling techniques], that CPA audits are deficient from 30% to almost 100% of the time? Do we actually believe that this 147 billion dollar global industry has product defects in excess of 50%? That licensed practitioners with master’s degrees and specialized training and education failed 1/3 to ½ of the time? Can you imagine if PCAOB extended their review to the AMA, ABA or Society of Mechanical or Electrical Engineers and generated failing grades at this level? What rational organization would accept this? Is this in any way credible, believable – or even make any sense — so 2.5 billion dollars reveals tens of thousands of critical audit deficiencies —will a ten time higher budget of 25 billion dollars then reveal hundreds of thousands more deficiencies? I think not.
I would argue that an accounting firm[s] should be allowed to inspect the inspection reports. I suggest that they would find that most of the identified deficiencies were of little or no material value.
Suggestion: allow an outside accounting firm to audit the PCAOB audits based on GAAS and to determine whether the identified deficiencies have any impact or material effect on the financial statements or whether they were “gotcha” items to justify the $2.5 billion in expenditures.
(2) Should A Public Agency Make Its Information Public?
Should the new board now disclose the names of companies that they review; make the information public? Clearly, the reputation of an auditing firm impacts a company’s decision to choose an outside auditor. If an outside auditor behaves badly, shouldn’t the company’s investors know this? Shouldn’t the public who invests in these companies and the institutional investors and the 401k plan participants know this? Clearly, reputation has a critical impact on auditor choice – The significant number of changes in auditors in South Africa informs us of this –bad audits have significant consequences.
Suggestion: provide the names of the companies whose work papers were audited to the public in the spirit of free and open capital markets.
(3) The Connection Between PCAOB Inspections And The Detection/Prevention Of Fraud
Can we connect the PCAOB audits of auditor work papers to the accuracy of the company’s financial reports? Can we correlate PCAOB inspections to financial restatements? Why do we not know what impact PCAOB audits have on financial restatements and the behavior of the reporting entity? Is there any? Is this not of critical importance to the public that should be made public?
The greatest corporate failures in global history occurred during the existence of the PCAOB. So if their risk assessment techniques were valid, then PCAOB audits ought to have selected many of these failed or failing enterprises [ERM risk assessments, internal control risk, materiality risk, independence risk and others]. In fact, there should be a close relationship between the PCAOB’s ‘picks” of failed companies such as AIG [arguably one of the largest global failure in corporate history], Lehman Brothers, Merrill Lynch, MF Global, Countrywide, GE, Chipotle Grill, Wells Fargo, Steinhoff, Satyam, Mattel and others.
So, public disclosure of these work papers would affirm that PCAOB selection criteria was correct; their methodology for picking companies was valid; their risk assessment programs were accurate and it was auditor failure that allowed fraudulent financials….that PCAOB audits of auditor work papers had been ignored.
And if PCAOB audited the audit work papers of say Toshiba, Colonial Bank, Clayton Homes, and Miller Energy, or looked at internal control and Enterprise risk of Carillon, how could they have failed to uncover audit deficiencies that led to audit failures of these failed institutions who falsified their financials?
The public should know where the multibillions of dollars were spent. And that in their reviews, PCAOB uncovered weaknesses in internal controls at Wells Fargo, cyber risk failures at Equifax and fraud at the top at Colonial Bank. If PCAOB methodology was of great value, shouldn’t investors know this, in order to make more informed investment decisions? Why is this information not public?
Suggestion: make this information public.
(4) Regulation In Perspective
Perhaps, with the new board, it is time to look for a better regulatory model other than self-regulation or government oversight by PCAOB. John Coffee, Corporate Governance Law Professor at Columbia University Law School [Gatekeepers, Oxford University Press, page 365], argues that “the SEC’s experience with both attorneys and accountants suggests that it is difficult for a regulatory agency to supervise a profession for long…as scandals subside, a return to normalcy becomes predictable, and professional autonomy return is re-established. “
Is there a blended form of regulation that might work? Might a process similar to that in the UK of supervised self-regulation be looked at more closely in the States to improve outcomes? Especially if the findings of the PCAOB were made public and the judgment was that PCAOB’s audits of the auditor’s work papers failed miserably in their mission to protect the public interest and uncover defective or fraudulent financial statements of public corporations?
Suggestion: look at other governance and oversight models at other international stock exchanges and determine whether any are of greater value to the investing public.
(5) Board Compensation: Does This Make Sense?
But let’s go further into this self-regulatory body and ask what else does not make sense. If we were recruiting for the board, would we look for competency in auditing? Would we then pay each former board member an average of $540,000 a year in salary – more than the SEC Chair, more than the president of the United States? Would we compensate an attorney, a Senate and White House aid with little or no auditing experience over $672,000 a year? Does this make sense? Should public accounting firms, who pay their salaries, have no input whatsoever on who governs the governed or is presided over other than by their peers.
Suggestion: align compensation with the expertise and qualifications of the candidate.
(6) Board Composition: Does This Make Sense?
What else does not make sense? The composition of the new board, three attorneys and two CPAs stills leaves voting control in the hands of attorneys. This is remarkably similar to the composition of the last board. In the current Board, two members had audit experience and none had recent audit experience. Only one Board member has any recent experience in auditing public companies. Another was controller of a corporation. The Director of Inspections, with 14 years of institutional memory resigned effective May, 2018.
Suggestion: in a democratic society, the board should reflect its constituency. Their prior decisions should be the principle indicator of the ethical decisions they would be making in the future.
(7) Cost Of Inspections
Does this make sense? The PCAOB spent over 2 ½ billion dollars on audit inspections between 2010 and 2019. The big four handle public audits of U.S. issuers, accounting for more than 98% of global market capitalization [August 2017, CPA Journal, pg. 52, Boland, Daugherty, Dickins and Johns-Snyder].” A result of strong quality control and peer review at all large firms, has PCAOB determined whether it is actually the standardized audit programs and uniform work papers within the firm that are deficient according to their audit manual and the audits themselves
Suggestion: open the PCAOB audit inspection manual and examine the inspection steps to determine whether their manual actually is in accordance with generally accepted auditing standards and generally accepted accounting principles and conforms with standards and practice promulgated by the global standard setters.
(8) PCAOB Budget Creep
If we were overseeing the budget of the PCAOB, we would notice that their budget grew by over 18% during between 2010 and 2018. Their staff grew by over 30% [to over 851 staff members]. In contrast, auditor concentration increased during this time and the number of registered firms with PCAOB declined by almost 20%, while the number of listed publicly traded US companies decreased by the same amount. Moreover, during PCAOB’s existence, publicly traded firms declined by almost 50%. How can this then be justified in terms of workload and staffing
Regarding staff, on the other hand, might we conclude that there is a correlation between the number of PCAOB staffers, the number of audits and the increasing number of deficiencies? Do staff auditors at PCAOB have to fill a quota of auditor dings?
A crucially important outside of the box question, however, is whether the public interest is served by PCAOB when, the explosive growth of non-public enterprises [out of the regulatory system in what my former corporate securities attorney/author, Larry Ribstein calls ‘going dark’] owned/managed by hedge funds, private equity, and other institutional investors remain unregulated and uninspected? Does this make any sense at all from a regulatory perspective?
Suggestion: expand PCAOB reach to the unregulated but audited private investment sector similar to the CMA in London. If it touches the shareholder investor over a certain dollar amount it requires auditor oversight.
(9) Auditing Internal Control
Internal control audit deficiencies were the highest in the top three areas in PCAOB’s Staff Inspection Brief [Previewing 2016 Inspection Findings, PCAOB November, 10, 2017] from 2016 inspections and other years.
Internal control over financial reporting deficiencies were in the 30% plus range [Auditing the Auditor: Insights from PCAOB Inspection Reports/GAAP Dynamics, 6/9/2015]. Studies regarding public expectation is that auditors uncover fraud, principally through an examination of internal control. Perhaps it is worth noting Lee Seidler’s comments from the classic forensic and fraud text [Crumbly, Heitger, page 405, Forensic and Investigative Accounting, 4th edition]. “…Much of the auditor’s work and examination time is based on a faulty assumption that separation of duties within the corporation prevents fraud…an albeit unsupportable assumption.” So was the time spent by PCAOB in finding deficiencies in the audits of internal controls, money well spent – spent wisely? To what end? Does it make sense, when uncovering fraud is a principal obligation no longer assumed by auditors? And if PCAOB identified weaknesses, did they uncover the fraud that impacted investors in the insolvent or bankrupt companies mentioned earlier?
(10) Giving Voice To Consequence
PCAOB levies fines against auditors for audit failures. But in its 16 year history, has bad behavior ever been deterred by the PCAOB, especially when the largest corporations self-insure and use offshore captives and receive special tax breaks? Just a cost of doing business? What if there were additional consequences to bad behavior? Might the PCAOB consider other penalties other than civil fines? Is jail time an option? Certainly other regulatory bodies in the UK, Germany and South Africa apply this?
Many years ago, around the time of the Public Oversight Board, it was suggested that an NTSB type board of experts could be assembled to look at each audit failure; report on what exactly occurred, determine the causes of failure, call out the violators and make this information public –put the issue before a tribunal who would adjudicate on a case by case basis, which would, as well, provide guidance on future audits….Would this not provide better guidance on prevention than secret inspections drawn from a secret inspection manual?
Another suggestion is that a new Board might be comprised of auditors, government overseers and outside investor representatives. Would a trial board review audit failures, base its decisions on precedent, adjudicate fairly and impartially in a public forum, and have the ability to apply civil and criminal provisions from an expanded tool bag? Might this improve audit quality? All in the public domain?
Might a modified form of self-regulation then work? Would Colonial Carter, former president of the NYSSCPA, [who was the only CPA to testify before Congress and the SEC in support of our grant of a monopoly to audit public companies] once more provide the right answer as to who audits the auditor? Would we all be morally and ethically correct if we responded in unison “Our conscience” as did Colonel Carter unabashedly before Congress in 1933?