State of Audit Quality
What do you believe is the state of audit quality today?
I think it’s unquestionable that over the last couple of decades we’ve seen a dramatic improvement in audit quality. Our basis for saying that is twofold. Financial restatement levels are down significantly and it’s dropped to an 18-year low. That includes, I would like to point out, the financial crisis of 2009. When there are restatements, the severity or the magnitude of the restatement has also declined. Also, investor confidence in the U.S. is pretty robust. You know, here at the CAQ (Center for Audit Quality) we do an annual main street investor survey and in our 2019 main street investor survey, 83% of our respondents see public company auditors as effective in their investor protection goal. 83%. That’s up from 81% the year before in 2018. That’s a pretty high number, but like I always say: trust is very, very hard to earn and it can be gone in a heartbeat. We never rest on the numbers, every day here at the CAQ and the member firms are always looking at how we maintain that trust.
How much do you attribute the fall in financial restatements to the decrease in the number of public companies in the marketplace and even when financial restatements are falling, how do you combat perception from high profile auditing scandals such as Carillion, Ted Baker, BHS, and KPMG? Though financial restatements are falling, there might be this perception that accounting firms are asleep at the wheel.
Well, on the latter question you know, there are thousands of audits that happen every year that are successful and so I know those in the media like to focus on the areas where there’s been concern, but nobody’s writing about the thousands of audits that every year are successful and have no issues. So that’s one way we try to combat that perception. In other words, start talking about what happens when things go right as opposed to what happens when things go wrong because nobody wants to focus on what happens when things go right.
How much would you attribute the decrease in financial restatements to the decline in the overall number of public companies?
Yeah, I can’t make that connection. I can’t make that correlation because I’m not 100% sure what, over 20 years, the total decrease in public companies has been. I would have to think it’s pretty small. I think unquestionably the improvement in audit quality is, in large part, driven by Sarbanes-Oxley–having audit committees specifically oversee the external auditor. Audit committees are 100% independent. Having the very robust independent standards that auditors have coming out of Sarbanes-Oxley. The PCAOB (Public Company Accounting Oversight Board) setting up a new regulator, going from self-regulation of the profession to having a regulator that has inspections. I think a lot of it is driven by those types of reforms, which you now see in the UK they’re starting to look at some of the similar reforms on certain issues that are going on over there.
I would say a large part is Sarbanes-Oxley, but I also think the firms. You don’t have to take my word for it. I mean if you look at what the firms are putting out on their websites and their transparency and audit quality, or quality control reports. They have a slew of information again that people aren’t necessarily reporting on. It talks about how they are taking steps voluntarily to improve audit quality. So I think it’s a two-fold of the reforms from Sarbanes Oxley, maybe in the first five to 10 years, and then how the firms have taken that to heart and really embedded it in their day to day processes.
Upcoming CAQ Initiatives
What are some of the Center for Audit Quality’s key initiatives and how do you think those will help improve the audit profession of tomorrow?
I would say there are two key initiatives, and I might add a third one. The first one would be what we call evolution of the audit and I did talk about this in a recent AICPA National Conference speech. I’m sure you realize it’s unquestionable that investors are asking for and relying on a lot of information outside of the typical historical financial statements and audit financial statements. So examples of that are non-GAAP measures. Non-GAAP by definition is outside of the GAAP financial statements. Key Performance Indicators, again not part of the GAAP financial statements. Sustainability is a very hot topic right now. Long-term value creation. All of these things are outside of the audited financial statements and one thing at the CAQ that we’re really trying to make clear to all the different players in the ecosystem. Obviously regulators know this, but investors primarily, and boards of directors are really shining the spotlight on where the auditor is involved and when or not essentially all that information I just mentioned, the auditor’s not involved generally speaking on that information. So you’re really seeing a whole change in the corporate reporting ecosystem.
The types of company information that’s reported, how companies are valued, technology and data has given rise to unprecedented business models and company structures are moving towards a service and IP-based economy. Then the other component that’s changing in the ecosystem is timeliness of information. First, I think it’s undeniable that when public companies report their earnings, that’s what moves the market. It’s not waiting for the Q or the K to come out. The markets are moving on the earnings release and the analyst presentation. The other component of timeliness is the speed of information today. It doesn’t take but a couple of tweets, as we all know, to have information being circulated throughout the internet and in the market. Whether or not it’s accurate is kind of beside the point, it moves information, and so back to that trust point that I mentioned: companies, the directors, company management, you can lose trust in a heartbeat because of things that are flying around social media or other places. So all of these things say to us, I believe, that there are evolving risks to the system. Why does this matter? Well, the health and stability of the U.S. capital markets depend on consistent, reliable, and comparable information. So of course we at the CAQ believe there is a role for the auditor in that information because of all the core competencies of the auditor: independent judgment, skepticism, standards-based analyses, critical thinking, all of those things translate easily to this other types of information.
So that’s one thing at the CAQ that we’re going to be very focused on this year is really raising this awareness and having a dialogue around whether there is a roll up for the auditor in this other information, which we believe there is.
Audit Talent Development
The second big initiative or key initiative I would say is around talent. Talent is both a challenge and an opportunity for the profession. It’s an opportunity because of all the technological advances, and evolving stakeholder needs that I just mentioned really open up exciting possibilities for accountants and auditors to build confidence in the markets. I think there’s a perception of what the auditor’s role is and that perception is not reality anymore. We’re really trying to get out there and talk about what being an auditor in 2020 is all about.
Artificial Intelligence in Audit
One of the most exciting things for me in taking this job on was just how firms are using technology, drones and artificial intelligence. It’s really fascinating and I don’t think students today have an appreciation of that. So really dispelling the stereotypes about what an auditor is. I think the challenge, because what that stereotypical view of an auditor is, but also because with technology we’re seeing a loss of talent. People are looking at going to Wall Street and finance or they’re looking to go to the technology firms. So it’s something that the profession is very focused on, and as a result, we are focused on it as well.
The final thing I’ll mention is the work that the CAQ does with anti-fraud. A lot of people are not familiar with the work that we do. Several years ago, the CAQ established an anti-fraud collaboration between the CAQ, the IIA (Institute of Internal Auditors), FEI (Financial Executives International), and the NACD (National Association of Corporate Directors), where we look at different initiatives. Two will pop this year that we’re really excited about. We actually did one this past year, early December on corporate culture. I think it’s undeniable that a good company culture really dissuades bad actors from taking action on a whole host of things, including financial fraud. So really raising awareness around culture. I think people are a little bit perplexed about how to measure culture or assess culture. So this past December, we really focused on companies’ best practices on how you can assess, evaluate, and change culture.
It was really well received. We had like 2,000 participants in that culture webcast. Now we’re taking it to the next step and we’re going to be issuing a new paper purely on assessing corporate culture. It will build on the webcast that we did last December, and talk about things that companies can do to assess culture. Examples are really drilling down on exit interviews. Why are people leaving? Some companies, now as a best practice, are actually doing whole surveys on culture. So we’re trying to give practical advice on how you get your arms around measuring, assessing, and changing corporate culture.
Another thing that our anti-fraud collaboration is working on is what we call the AAER (Accounting and Auditing Enforcement Release) project. I refer to it as the SEC (U.S. Securities and Exchange Commission) enforcement action project, which is essentially where we partnered with a law firm, Latham & Watkins, and a forensic auditing firm, AlixPartners, to really look at five years’ worth of SEC enforcement actions in the financial reporting fraud space. I’m excited about this because I’m not aware, there’s been some papers that have been done by academics on this topic, but I’m not aware of an organization, like the CAQ and our collaboration partners, that have really drilled down on this and looked at patterns of fraud. Where have we seen fraud? No surprise, revenue recognition is one that comes up a lot, but what were the red flags that were either ignored or not appropriately attended to and how could things have been done different? How could loss of trust in the company, in the market, and in investor value, how could all of that been avoided? I’m excited about this for another reason. I was at the SEC right after Sarbanes-Oxley and I was around when the treasury report came out. It was in 2008 and one of the recommendations in that report, at the time, by the U.S. Treasury was to establish a national fraud center, which would be a database of fraud, and exactly this kind of analysis that I’m talking about the CAQ is doing. That never happened. That recommendation, which is kind of understandable, is that you’d have to really create from a government perspective, a whole kind of database for that, which is a little bit unwieldy. But this is something very similar where you’re looking at a snapshot in time to see what the frauds were, what the patterns were.
We plan to use the analysis to anchor a series of round table discussions this spring. We just had a staff meeting. We’re targeting April or May for the discussions, but that’s not set in stone yet. We also have a publication that goes with that as well. I really think our anti-fraud center is an area I’d like to spotlight more because it’s kind of unique and I’m not aware of anybody else who’s doing anything on that.
Audit Talent Development
You covered a lot of different areas in that answer and I’d like to go back to a few of them. Number one, you talked about talent. I know a lot of these CPA firms such as the Big Four are looking for not just accountants now, but engineers and people with a technology background. When you hire those types of employees, how do you manage their lack of understanding of financial accounting principles and auditing procedures? Is the expectation of these firms that these employees have both an accounting and technology background or will there be some sort of intermediary between technology and financial accounting areas to help bridge the gap in knowledge?
Well, I need to preface my response on this to say I really encourage you to talk to the firms because I’m not in the weeds on their individual training programs. But I can tell you this, in just the eight months I’ve been in this job, the firms have very, very robust training programs.
You’re probably aware of the AICPA and the work that they’re doing with NASBA (National Association of State Boards of Accountancy) on the CPA exam. My understanding, and again, this is an AICPA-led project that we stay in touch with. Right now for the CPA exam, you need to have a fundamental baseline knowledge of accounting and auditing as well as tax. The work that the AICPA and the NASBA are doing, individually by state, is adding another baseline of technology. That’s not done yet and that’s going to take time. So I think the firms are already stepping in and training their people that they hire for the technology team, as well the new cutting edge auditing standards and processes that they have in place.
I’ll definitely talk more with the firms, but your perspective is you think these firms will continue to hire accounting talent and train for technology rather than going the reverse way of hiring engineers and training for accounting?
I can’t say that 100%. I think they’re opening their doors to all kinds of different backgrounds. To be honest with you, I don’t have any numbers or examples off the top of my head, but I have heard the head of the assurance of one of the Big Four saying they’re looking at accounting, auditing, and they’re looking at technology-based backgrounds. They’re looking at English majors. It’s where you get great critical thinking. A lot of times it’s a liberal arts, so I don’t want to say that they’re not doing that. I just don’t have the data or the examples to tell you. I would say I would not close the door and just say firms are hiring accounting and auditing.
Sustainability, non-GAAP Reporting, and KPIs
I want to talk more about the subjects of sustainability, non-GAAP reporting, and KPIs. I asked the PCAOB Chairman Duhnke at the AICPA conference about these areas and auditing’s role in the integrity of that type of information. He said, “Our statutory responsibility is to ensure compliance with our standards and our standards applied to the audit effect on the financial statements. These areas are outside of our purview.” Can you talk about what you believe the audit’s function is in presenting this type of information to stakeholders? How do you see that type of information being audited in the near future or what’s the role of the audit function there?
Well a couple of things. First, this evolution of the audit initiative that the CAQ has with our members. It is a market driven solution or a market driven initiative. So I’ve certainly heard the same thing from the PCAOB. Quite frankly, I’ve heard the same thing from the SEC. Which is this type of expanding the role of the auditor from a regulatory perspective is not on their agenda. I get that. We get that. But you can’t stop what’s happening in the market. And like I said, the market is changing despite what the regulators are looking at so we are looking at a market driven discussion and initiative. If you see assurance being provided on this information, it’s already starting to happen in the sustainability space. Now, I don’t want to speak completely to sustainability because I do think non-GAAP and KPI is a lot more widespread and it’s a lot more built into company’s releases of information. But sustainability is one area that I can point to where you’re starting to see auditors being asked to provide assurance on not entire sustainability reports, not even if there’s part of sustainability that’s making its way into the 10-K. You’re starting to see auditor assurance on snippets or portions of that information, not the entire set of information.
It’s not just the Big Four and the audit firms though, you’re also seeing these engineering firms pop up in the sustainability space being asked to provide assurance on that information. From our perspective here at the CAQ, is that really a solution that you want where you have engineering firms that don’t have the same standards and are not subject to the same regulation as the audit firms are with the PCAOB?
That’s the question that we think should be absolutely considered. But we certainly believe that the auditor brings the core competencies and the skill set that is necessary to provide assurance on that information. I certainly think, at least from an SEC perspective, part of their mission is efficient and fair markets and capital formation, but also a huge portion of their mission is investor protection. It’s unquestionable that investors are asking for this information and they are getting the information, not maybe according to one standard like they would like. But you have to start looking at the reliability of that information. So we certainly think there is a role for the auditor in providing assurance on that information from a trust perspective.
When you see companies like BlackRock, and I don’t know if you saw the letter from Larry Fink that he put out that BlackRock is planning on moving more of its investments into sustainability funds, does that make you nervous that these organizations are moving forward with this type of information that isn’t audited and that the audit function as a whole could play a lesser role in the type of information that’s going out to these stakeholders?
Well, I wouldn’t say it makes us nervous. I think it makes us nervous from a participant in the market ecosystem. Just because these are evolving risks and for lack of a better method regulatory change often comes as a result of a big blow up in the market. Think Sarbanes-Oxley, which was a pretty big blow up with Enron and WorldCom. You got a lot of change as a result of that. I think that’s way regulators sometimes move and we’re trying to have a discussion about this because we do believe that these are evolving risks to the overall ecosystem. Obviously, auditors alone cannot change what’s required and we cannot change market practices. This is a discussion that we believe needs to be had with investors, with public companies, board members, with companies in our management. Again, just to keep an eye on what are the evolving risks to the ecosystem and what can we be doing to combat those evolving risks or to deal with them before there’s a blow up. That’s the way I think the policy is made. The thing I’ll say about, and you kind of alluded to this, is the auditor’s role diminishing because of all this new information? I don’t see historical financial statements going away anytime soon and that’s a little bit sarcastic. I think the bedrock, and we all agree and when I say we all agree, I think the markets, investors, and everyone would say regulators, and I think Jay Clayton has said this in the past, the bedrock of our market is the financial statements that companies put out. The public company and capital markets. I don’t see that going away anytime soon and I also don’t see that going away even when there are recessions. That’s one thing that we try to talk to future talent about, which is there’s always going to be a mandatory requirement to have audited financial statements. So I don’t see that going away anytime soon.
Critical Audit Matters
Pivoting to critical audit matters, what role does the CAQ believe critical audit matters or CAMs will play in the state of audit quality moving forward?
Well first of all, I don’t necessarily equate CAMs with audit quality. I think that audit quality, like we talked about at the start of the call, I think the state of audit quality is very strong and that’s even before CAMs came into existence. So I don’t necessarily equate CAMs with the overall state of audit quality. What I can say is that I do think CAMs are another component of enhanced transparency to investors around the audit and potentially going back to that investor trust and confidence and overall investor information. I think CAMs will go a long way to assisting in that. CAMs are not fundamentally changing how the auditors do their job, but do require more information to be communicated and the auditor’s report, but it’s not changing the overall process in current programs that the firms have in place in dealing with a quality audit and performing a quality audit.
I don’t equate the two. I guess generally I would say I don’t think CAMs will have much of an impact on necessarily state of audit quality. I do think it will help transparency and overall information in the market. It’s another piece of information in the market. I’m hopeful, and we’ve only been through the first wave on June 30, but we have the next wave coming up this month and actually more next month. I wouldn’t say that CAMs really would impact the level of communication between the auditor and the audit committee. PCAOB auditing standards already require a wide range of topics to be discussed and communicated to the audit committee and I don’t see CAMs necessarily changing that. As a matter of fact, I’ve heard from several audit committee members that if an audit committee is hearing things for the first time from the auditor as a result of the discussion around the disclosures from CAMs, that’s probably not a good thing. What we’ve been hearing is the opposite, which is that there’s been a lot of communication between the auditor and the audit committee and quite frankly, company management and other members of a company, the preparer community, around what’s going into the CAMs. What is a CAM and what isn’t a CAM? It’s not necessarily been a surprise and I think that’s a good thing.
How do you anticipate investors using CAM communications or do you anticipate investors using them?
It’s a good question. CII (Council of Institutional Investors) put out something at the end of last December. I think that was public. Where I think it was the first reaction we’ve seen from at least one particular investor group on CAMs. I don’t have a lot of intel yet as to how investors are going to view this information. Again, it’s just an additional component of the overall piece of information in the market. Not surprisingly, I think you would see in the CIIPs (Critical Information Infrastructure Protection) that they want more information that’s not required in the PCAOB standard. I think more to come on this after the February year-end filers. We will have a lot more information and you might start to see how more investors are picking this information and how are they using it?
What is your personal opinion on the most recent changes to auditor independence?
My personal opinion is that it’s a little bit of tweaking and it’s necessary over 20 years since the audit independent standards were adopted. There’s been new forms of investment in the capital market system that need to be taken into account and a lot of what the SEC has proposed is really tweaking and not fundamentally changing the overall robust independent standards that exist. I think there’s been some articles saying that the SEC is looking to completely dismantle the independent standards. That’s just not true. The SEC put a lot of examples in their proposal and in their press release for a good reason to really make clear the types of situations they’re looking at addressing, which in my opinion do not in any way impair auditor independence when it comes the audit of the company’s financial statements. They did that for a reason, which is to make clear what they’re doing and what they’re not doing. So I would encourage everybody in the media and elsewhere to take a look at those examples. We’re talking very, very targeted tweaks.