Investor Protection through Audit Oversight

Editor’s Note: The following post comes to us from Lewis H. Ferguson, board member of the Public Company Accounting Oversight Board. This post is based on Mr. Ferguson’s remarks at an SEC Financial Reporting Conference. The views expressed in this post are those of Mr. Ferguson and should not be attributed to the PCAOB as a whole or any other members or staff.

Anyone involved in the financial reporting process deals daily with the hard realities of complexity and rapid change — whether you are a preparer of financial statements, a board or audit committee member, an investor, an independent or internal auditor, a counselor, or a regulator.

Commercial activity is increasingly global. Some financial instruments and transactions are bafflingly complex with values that can only be estimated. Standard setters in the United States and abroad are moving away from historical cost accounting toward fair value accounting, requiring difficult estimates. There is a plethora of new rules and requirements growing out of the Dodd-Frank and JOBS acts in the United States, and all of this is happening in what since 2008 has been the most difficult global economic environment since the Great Depression of the 1930s.

Much as we struggle with these rapid changes and their complexity, regulators also struggle to see around the curve, to be prepared for what is coming tomorrow, and to have tools in their toolbox that will be appropriate for those challenges. In the next session of today’s conference, I will discuss a number of specific initiatives the PCAOB is undertaking to deal with some of these challenges, but in this address I want to focus on one specific area, the challenge of globalization and cross-border financial reporting, auditing and audit oversight.

A bit of background may be useful here. The PCAOB was created by the U.S. Congress in 2002, in response to a crisis stemming from the failures of enterprises like Enron, WorldCom, Adelphia and others. These cases all involved systemic and undetected financial and accounting fraud. Congress concluded that these cases demonstrated that the long established system of auditor quality oversight by the auditing profession itself, known as peer review, was irretrievably broken.

Accordingly, Congress created the PCAOB as an independent, not-for-profit body, whose five members are appointed by the United States Securities and Exchange Commission, to “oversee the audit of public companies that are subject to the securities laws.” The Board’s mission is “protect the interest of investors and further the public interest in the preparation of informative, accurate, and independent audit reports” for U.S. public companies.

From its establishment in 2002, the PCAOB has grown to be an organization with a projected 800 employees by the end of this year located in 16 offices throughout the United States, including in Irvine and Los Angeles.

To prevent capture by the accounting profession, Congress provided that while two of the five PCAOB board members had to be CPAs, no more than two could be. That leaves two of my fellow board members and me, including the PCAOB’s chairman, who are lawyers by training and profession.

The PCAOB was assigned four principal functions by the statute:

1. The first is to oversee and maintain the registration of all auditing firms whether they are located here or abroad that file audit reports with the SEC or participate substantially in the audit of companies that file such reports. In 2010, the Dodd-Frank Act also gave the PCAOB jurisdiction over auditors of registered brokers and dealers and required all such firms to be registered.

Today, 2,380 auditing firms are registered with the PCAOB including 570 firms that audit brokers and dealers. Of the total, 1,465 firms are located in the United States and 915 firms outside the United States in 85 jurisdictions. The largest number of foreign registered firms are in China with 100 firms, including 52 in Hong Kong and 48 in the People’s Republic of China, 66 in India, 64 in the U.K., 48 in Canada and 41 in Australia.

2. The second principal function of the PCAOB is periodically to inspect registered firms that file or participate in the preparation of audit reports of public companies and securities brokers and dealers. Any audit firm with more than 100 issuer audit clients must be inspected annually and at least triennially if they regularly provide audit reports for 100 or fewer issuers.

In 2012, there are currently 9 annually inspected auditing firms. Our inspections are not randomly selected but are selected on the basis of audit risk, focusing on issues, industries, or firms where we believe the greatest risk of audit failure may lie.

Since its inception, the PCAOB has conducted more than 1,950 inspections and examined portions of over 8,200 individual audits. In 2011, for example, for the 10 firms subject to annual inspection in that year, the PCAOB inspectors looked at portions of approximately 340 audits. For the 203 firms inspected on a three-year cycle in 2011, portions of approximately 485 audits were examined, including 42 non-U.S. audit firms located in 15 jurisdictions. We are scheduled to inspect approximately 80 non-U.S. firms in 2012. As part of an interim program for the inspection of brokers and dealers, in 2011 and early 2012, we inspected 10 audit firms, examining portions of 23 separate audits and issued a public interim report on those inspections in August of this year.

3. Our third function is to set auditing and other professional standards. We have an ambitious standard-setting agenda that tackles old and new issues in auditing, particularly issues that surfaced after the recent financial crisis — from improving communications with audit committees to reforming the auditor’s reporting model. In the next session of this conference, I will discuss in more detail the PCAOB’s standard-setting projects.

4. Our fourth and last principal function is to conduct investigations and enforcement proceedings. The Board has the authority to impose disciplinary sanctions, including barring auditors from public company auditing and imposing substantial monetary penalties. Since 2003, the PCAOB has taken 55 disciplinary actions against 42 registered accounting firms and 56 persons associated with registered firms. As part of these enforcement actions, the Board has revoked the registration of 27 firms, barred 43 individuals, and suspended the registration of five individuals and one firm.

These are our four core functions: registration, inspections, standard setting, and investigation and enforcement. Everything the Board does is in support of these functions. Other offices, particularly the Office of Research and Analysis, provides valuable input. ORA’s staff of more than 30 economists and analysts study economic trends and the large bodies of confidential data we collect as part of our inspection process. The broad reach of our activities gives us a unique perspective on the state of audit practice in the United States and abroad, and on the operations of major auditing firms.

When the PCAOB was created in 2002, the United States was essentially alone in the world in having comprehensive regulation of the auditors of public companies that was independent of the profession itself. Initially, Sarbanes-Oxley was seen by many, particularly outside the United States, as an effort to address something that was strictly an American problem. But shortly after the failures of Enron and WorldCom, a series of major accounting failures were uncovered at non-U.S. companies, such as Parmalat, Vivendi, Hollinger, Ahold, Royal Dutch Shell, China Aviation and others.

As a result, many other countries began to adopt independent audit supervisory regimes. Today, just 10 years after the creation of the PCAOB, almost all advanced or emerging market countries have an independent audit regulator.

These regimes differ. Some like the PCAOB are independent agencies; others are housed in the local securities regulator. But they share certain common attributes: they are either government agencies or bodies that are independent of the audit profession; they conduct regular inspections of audit firms; and they possess disciplinary and sometimes licensing and standard-setting powers.

We are grateful that the example of the PCAOB has encouraged the creation of similar, independent audit oversight in other countries — oversight that can only benefit the investors in our national and global markets.

International Cooperation

IFIAR

It is not surprising that these new regulators soon decided that they should form an organization for sharing views and helping each other improve their work. In September 2006, a group of 18 independent audit regulators formed the International Forum of Independent Audit Regulators, to provide a forum for regulators to share knowledge of the audit market environment and the practical experience gained from their independent audit regulatory activity. Only regulators that are truly independent of the auditing profession are eligible for membership which has grown steadily to 43 members today with another 13 candidate members in various stages of the application process.

In addition to the United States, Canada and one South American regulator, most European regulators are members as well as several regulators in the Middle East, and a number of Asian regulators, including those in Japan, Korea, Taiwan, Thailand, Malaysia, Singapore, Sri Lanka, and Australia.

The United States has come to play a leadership role in IFIAR and I was honored recently to be elected Vice-Chair of the organization. IFIAR holds annual plenary meetings at which regulators from around the world meet to exchange information on a variety of topics including general inspection and enforcement findings, standard-setting initiatives and cross-border cooperation. The next such meeting will be in London at the beginning of October. In addition, there are five working groups that meet more frequently and focus on specific issues like standard setting, international cooperation, investor concerns, inspection training and public policy. One of the most important is the last, the Global Public Policy Committee Working Group, that meets three times each year with the leadership of the six global network audit firms to discuss issues of concern to the regulators and the firms. IFIAR also conducts an annual inspection training workshop for audit inspectors from around the world.

For the first time this year, IFIAR has surveyed its members about their audit inspection findings. Thirty-seven of the 43 IFIAR members responded to the survey and while the results are presently confidential, I can tell you that a striking result of the survey is that other regulators around the world seem to be finding the same types of defects in their inspections that the PCAOB is finding, particularly deficiencies in auditing fair value measurements, testing internal controls, revenue recognition and engagement quality control reviews.

The Global Environment

You might ask why an organization like IFIAR is important. The short answer is that it enables individual regulators to get a better window on the global landscape of audit practice and financial reporting. This is important because the world’s largest enterprises — those that represent the largest share of global economic activity and shareholder wealth — operate globally.

Not only do they sell products globally, but increasingly they purchase raw and component materials, manufacture, distribute, and do research and development globally. One only needs to look at some of the latest signature industrial products, like new automobiles, computer and smartphone products, or the Boeing 787 airliner to realize that these products are produced from designs and components sourced and manufactured in many different countries.

A global company, perhaps operating in more than 100 countries, also has financial reporting activities in many, if not all, of those countries. Any regulator, confined to a view within its own borders, can only see a portion, and often a small portion, of the activities and risks of such an enterprise. Cross-border regulatory cooperation, working together and sharing information, is vital to our common mission to improve the protection of investors who rely on auditors to assure that the financial reports of publicly traded companies are transparent, complete and fairly stated.

Just as the largest corporations in the world have become increasingly global in their operations, their auditors must be able to conduct audits on a global basis. The largest audit firms have grown globally along with their clients.

But unlike their corporate clients, which usually operate globally through a centrally controlled structure of parent and subsidiary entities, the global audit firms operate as an affiliation of individual audit firms.

They are organized and operating under the laws of different political and regulatory jurisdictions joined together in networks where they share clients, training, audit methodologies, and quality assurance practices. They operate under a common name such as Deloitte Touche Tohmatsu, Ernst & Young, PricewaterhouseCoopers, KPMG, Grant Thornton and others.

There are a number of reasons for such structures: local licensing and ownership requirements; different traditions of training and practice; and not least, concern about cross border liability exposure. The global organization of these networks provides common audit methodologies, conducts quality assurance examinations and provides other services. But in the final analysis, the only real power the global leadership has over its individual members is the power to remove a member from the network. This is a very different power from that of the chief executive officer of a global corporation over his or her far flung subsidiaries.

In the audit of a major global corporation, a number of different auditing firms, operating under a single trade name, will cooperate to perform the audit of the corporation’s global operations. Today, the auditor’s report on such a corporation is signed by only one firm in the network and does not reveal whether other affiliated firms participated in the audit or the extent of their participation.

The reality of today’s global business environment means that regulators around the world must do the same thing. We must cooperate effectively with each other if we are to ensure that audit quality remains high and that investors are protected.

Details of the PCAOB’s Cooperative Arrangements with Other Regulators

The PCAOB cooperates closely with audit regulators outside the United States, and the scope of that cooperation is extensive. Since 2005, we have conducted 338 inspections of PCAOB registered firms in 38 different countries.

We have cooperative agreements with 14 foreign regulators in Australia, Canada, Dubai, the U.K., Germany, Israel, Japan, the Netherlands, Norway, Korea, Singapore, Spain, Switzerland, and Taiwan as a result of which we either conduct joint inspections or share inspection findings with regulators in those jurisdictions. We are also actively negotiating such agreements with regulators in a number of other European countries.

We have conducted international inspections, both alone and jointly, with the local regulator. We have found that joint inspections are particularly useful and have conducted them with regulators in Canada, Switzerland, the United Kingdom, Germany, Norway and the Netherlands. We will shortly conduct joint inspections with the Spanish and Korean audit regulators.

In these inspections, we have faced and resolved difficult data protection issues that are of great concern to regulators in the European Union. We have also resolved confidentiality concerns that Swiss regulators have raised. The joint inspections have demonstrated that with a cooperative approach many obstacles can be overcome. In joint inspections each regulator learns from the other and we are convinced that these inspections have improved regulatory oversight both by the PCAOB and by our foreign counterparts.

Limits on PCAOB Inspections and their Effects on Investors

I want to talk now about some of the limits to the PCAOB’s ability to inspect non-U.S. audit firms registered with us and the potential risks this poses to U.S. investors. The PCAOB currently is prevented from inspecting the U.S.-company related audit work and practices of PCAOB-registered firms in certain European countries, China, and — to the extent their audit clients have operations in China — Hong Kong.

In Europe, the obstacles to inspection center around the requirement to satisfy the individual country’s data protection requirements under European Union law. After some delay, we are now making progress and have cooperative agreements with several European Union regulators. We continue to negotiate with others.

Where the PCAOB is not able to conduct inspections, investors in U.S.-traded companies who rely on the audit reports of firms’ in those countries are deprived of the potential benefits of PCAOB inspections of those firms.

To better inform investors about our inspections, the PCAOB publishes on its website a list of more than 400 companies whose auditors are located in jurisdictions where obstacles to PCAOB inspections exist. The list is derived from annual reports filed with the PCAOB by registered public accounting firms.

China

Now, let me turn to China. As you are probably aware, in the past year or so, alleged serious financial frauds and attendant accounting problems have been disclosed involving a number of China-based companies whose securities are registered outside of China, particularly in the United States, Singapore and, to a lesser extent, Europe.

Not more than a decade ago, Chinese firms began to access foreign capital markets. Two types of Chinese companies sought access to U.S. capital markets, smaller enterprises that had difficulty accessing the very restricted Chinese domestic capital markets and some of the largest state-owned enterprises in industries such as petroleum and telecommunications. At the same time some of the largest global companies, including U.S companies, began to engage in extensive operations in China.

The smaller companies most commonly sought access to U.S. markets by merging with existing, registered U.S. shell companies in reverse mergers. The larger companies filed initial public offerings.

A PCAOB Research Note showed that, in the United States alone, between January 1, 2007 and March 31, 2010, 159 Chinese companies entered the U.S. securities markets using reverse mergers and generated market capitalization of $12.8 billion. These transactions represented the largest share of the reverse merger market during that period. In the same period, 56 Chinese companies, including a number of very large state-owned enterprises completed U.S. IPOs and had an aggregate market capitalization of $27.2 billion.

Seventy-four percent of these reverse merger companies were audited by U.S.-based audit firms and China-based audit firms audited the balance, but all of these firms were registered with the PCAOB.

As major U.S. companies like General Motors, IBM, Microsoft, Apple Computer, Proctor & Gamble, General Electric and Walmart began to build extensive operations in China, the China and Hong Kong based affiliates of the global network audit firms began to play an increasing role in the consolidated audits of those companies.

Beginning in the latter part of 2010, alleged financial frauds and serious accounting issues were revealed at a number of the smaller Chinese reverse merger companies. To date, 67 of these China-based issuers have had their auditor resign, and 126 issuers have either been delisted from U.S. securities exchanges or “gone dark” — meaning that they are no longer filing current reports with the SEC. Billions of dollars of market capitalization of such companies have been lost in U.S. securities markets and it is fair to say that all of these smaller China-based companies listed on U.S. securities exchanges have suffered serious losses of both market value and investor confidence as a result of the problems of other companies.

The number of China-based companies that have successfully filed an initial public offering in the United States in the past year has slowed to a trickle. We understand that smaller Chinese companies have also suffered similar adverse consequences in other non-U.S. and non-Chinese markets.

At present, the PCAOB does not have cooperative agreements with either the China Securities Regulatory Commission or China’s Ministry of Finance which share jurisdiction over Chinese accountants. The CSRC has jurisdiction over the 53 accounting firms, including the affiliates of the global network firms, that are authorized to file audit reports with respect to companies listing securities on the Chinese domestic securities markets in Shanghai and Shenzhen. The MOF licenses all accountants in China and has jurisdiction over more than 7,000 accounting firms in China, including some of the firms registered with the PCAOB.

Under Chinese law, it is illegal to remove audit work papers from China. At the present time, Chinese authorities will also not permit any non-Chinese regulator to conduct inspections on Chinese soil. As a result, it is impossible for the PCAOB or other regulators to inspect China-based audit firms or to assess the quality of such firms registered with it. This limitation also applies to the affiliates of the global network firms that perform audit work on the audits of the Chinese operations of the large global companies operating in China.

In an attempt to address these problems, the PCAOB has intensified its dialogue with both the China Securities Regulatory Commission and the MOF over the past year. Both we and the Chinese regulators recognize the importance of improving audit quality and investor protection.

For the PCAOB, an agreement with China is important not only because of the risks investors face, but because of the size and rapid growth of the Chinese economy. Almost 5 percent of PCAOB registered firms are based either in China or Hong Kong, the largest group of non-U.S. firms.

Chinese authorities say that we should rely on their oversight of auditors. They have two principal concerns. The first is that any action by a foreign regulator on Chinese soil, even a mere inspection, could violate Chinese sovereignty. This concern has deep historical roots, specifically relating to the humiliations that China suffered at the hands of Western powers in the nineteenth and early twentieth centuries.

The second concern grows out of China’s very expansive state secrecy laws. There has been a concern expressed that inspection of audit work papers, particularly work papers from the audits of state-owned enterprises, could lead to disclosures of state secrets.

The question for both countries is how to conduct inspections in ways that respect national sovereignty and the legitimate regulatory goals of both countries. As mentioned earlier, we have been able successfully to navigate or balance these seemingly competing interests in a number of countries around the globe.

As a first step toward further cooperation, we are working toward and have tentatively agreed on observational visits where PCAOB inspectors would observe the Chinese authorities conducting their own audit oversight activities and the Chinese could observe the PCAOB at work. This would not be a substitute for a PCAOB inspection but would be a trust building exercise between regulators. Initially, such observations would focus on quality control examinations of the audit firm being examined rather than a substantive review of a specific audit. We hope such exercises will build trust and lead to further cooperation.

The ultimate goal for the PCAOB is to achieve a level of cooperation with the Chinese authorities that will enable us to have enough information and confidence that we could issue inspection reports on those China-based audit firms that prepare or participate substantially in the preparation of audit reports filed in the United States.

There is, however, a second and complicating issue with China and Hong Kong. Both the PCAOB and the SEC are in discussion with Chinese authorities about cooperation in connection with investigative activities. Both agencies are seeking the cooperation of the Chinese authorities in obtaining documents in appropriate investigations. Although we remain hopeful that breakthroughs will be achieved, to date difficulties remain.

Despite our hopes, the question arises as to what happens if we are not able to achieve an agreement on regulatory cooperation with the Chinese. Any firm that registers with the PCAOB is legally obligated to cooperate with us and provide documents and potentially testimony if requested in connection with an inspection or investigation. A refusal to cooperate, either in an inspection or an investigation, could subject the firm to PCAOB sanctions even if motivated by compliance with local laws that restrict such cooperation. One possible sanction could be revocation of a firm’s PCAOB registration. Any company audited by such a firm would either have to get a new audit opinion signed by a firm registered with the PCAOB or risk being in violation of SEC and stock exchange rules.

The stakes in this matter are very high. But U.S. financial authorities have a primary responsibility to protect the integrity of our capital markets and the interests of U.S. investors. We believe the Chinese authorities are aware of the seriousness of this matter and we are hopeful that we will be able to work out satisfactory arrangements. We continue to engage in dialogue with the Chinese authorities, but at this time it remains uncertain where this dialogue will ultimately lead.

Other Steps to Improve Transparency in Audit Reports Affecting Global Enterprises

The PCAOB has also proposed another step to increase the transparency of the audits of global enterprises. Today, the typical audit report for a U.S-listed company is a one-page document. It provides general information about how every audit must be conducted and states that the audit complied with applicable standards. It gives the firm’s opinion on the company’s financial statements, including internal controls over financial reporting where appropriate, and concludes with the signature of the firm that issued it.

In this era of global networks firms, that signature does not tell the full story. An audit report on a multi-national company may carry the signature of one audit firm, but gives the reader no hint about the key participants in the audit, including whether portions of the audit were conducted by an affiliated firm in the global network or by another auditor. The audit report also gives no information about how the audit work was allocated among firms.

In October 2011, the Board proposed amendments to PCAOB auditing standards that would require audit reports to disclose the name of the audit engagement partner as well as the identity of other independent audit firms or persons that provided 3 percent or more of the total hours in the most recent audit.

These amendments, if approved by the Board and the SEC, would serve two purposes. First, they would give investors more information about which firms are actually performing work in the audit which many investors have told us they want; and second, they would make publicly available the names of firms that have provided more than 3 percent of the total audit hours but are located in jurisdictions where the PCAOB cannot yet conduct inspections. Investors can then make a more informed decision about the quality of the firms participating in a company’s audit.

Some Issues in International Registrations and Inspections

Finally, I want to address an issue we have faced in connection with the registration of certain non-U.S. audit firms as well as certain findings in international inspections. As mentioned above, U.S. securities laws require that any company with securities traded in U.S. markets be audited by an accounting firm registered with the PCAOB. Registration subjects each firm to the oversight activities assigned to the PCAOB for the protection of investors including inspections and enforcement.

In 2010, the PCAOB began to request additional information from certain firms applying for registration. Essentially, we asked the firm to provide assurance — including written confirmation from its national regulatory authority — that the PCAOB would be able to inspect the firm. We have requested such information from applicants from China, Hong Kong and certain European countries. To date, one firm’s registration has been rejected by the Board because it could not offer that assurance, and several other firms’ applications were, at the firms’ request, essentially put on hold until they are able to provide this assurance. Some of those applications have since been approved as the Board reached agreements with the regulators.

Since 2005, the PCAOB has inspected portions of more than 825 audits performed by 213 registered firms based outside the United States. Seven years of international inspections have revealed that too often auditors are missing some basic things and making troubling errors, including errors in the timing and documentation of a company’s revenue recognition; overreliance on managements’ estimates of such things as contingency and warranty reserves, allowances for doubtful accounts in financial institutions, hard to value financial instruments, and obsolete or overvalued inventory. These problems are not confined to inspections of non-U.S. firms and we have seen similar deficiencies in the audits of U.S.-based auditors.

Many of these problems could be solved if auditors approached their jobs with a higher degree of independence, objectivity and, perhaps most important, professional skepticism. Auditors are supposed to challenge management, and the PCAOB would like to see more auditors do so. In the same vein, PCAOB inspections continue to find that firms are deficient in aspects of their internal governance.

More specifically, in an international context, our inspectors have found deficiencies in the quality control mechanisms within the global network firms, in the supervision by the principal auditor of work performed by affiliated firms and in their referral of work to non-affiliated firms or specialists. We continue to pursue these issues actively directly with individual firms, with the leadership of the global auditing network firms, and through our role as a member of the Global Public Policy Committee Working Group of IFIAR which meets with the leadership of the global practice firms three times each year. That Working Group has concentrated on questions around professional skepticism, engagement quality control review, group audits, revenue recognition, sovereign debt issues, the role of the audit committee and the auditor’s reporting model.

Conclusion

In the economic crisis that reached its nadir in 2008 we saw well-known companies — notably Lehman Brothers — whose bankruptcies eclipsed the failures of Enron and WorldCom in 2002.

What is more sobering is that the economic climate remains uncertain, with weak job growth in the United States, uncertainty inside the European Community and a slowing of business growth in China. Despite these uncertainties globalization of the world economy continues apace.

This is just the time that investors most need protection. We may claim a large company as our own because its headquarters is within our national borders, but, more likely than not, the company is doing business globally and seeking capital in markets in other countries.

As a consequence, it is the duty of all of us involved in the financial reporting process, whether as preparer, manager, audit committee member, auditor, counselor or regulator to work to ensure that financial reports are complete, transparent, and fairly stated, wherever the operations they reflect are located. We owe that to investors who are, after all, our fellow citizens.

Both comments and trackbacks are currently closed.

One Trackback

  1. […] full article via Investor Protection through Audit Oversight — The Harvard Law School Forum on Corporate Governance…. Share OptionsPrintEmailMoreFacebookLinkedInStumbleUponTwitterPinterestRedditDiggTumblrLike […]