Audit Regulators Vow a Tougher Regime
November 12, 2022
The PCAOB pushes for harsher enforcement while the SEC urges audit firms to "apply an appropriate fraud lens throughout the audit."
Two years ago, the Public Company Accounting Standards Board (PCAOB) was on the ropes. Its investor advisory group accused it of abandoning its core mission, media were reporting an unhealthy internal climate, and U.S. senators Elizabeth Warren and Bernie Sanders were calling for a complete personnel overhaul.
With a near-all-new board and new chair put in place by the Biden administration in 2021, the watchdog for public company audits now appears to have gained back some mojo. But with that mojo, the PCAOB is promising auditors an uncompromising, tougher regulatory regime for the auditing profession.
To drive the optimal behavior of the auditor, you really have to keep the carrot and stick in balance. — Duane Desparte, PCAOB Member
That was in evidence November 7 and 8 at Financial Executive International’s Corporate Financial Reporting Insights conference in New York.
The PCAOB and the SEC, its parent regulator, are making it clear that the “new” PCAOB will be (1) increasing enforcement activity and imposing stiffer penalties and (2) holding auditors responsible for failures to spot fraud perpetrated by issuers, particularly fraud that harms investors.
At the FEI event, PCAOB member Duane Desparte – the only holdover from the pre-2021 PCAOB house-cleaning — said the board’s audit inspectors work to have constructive, open dialogues with audit teams and avoid “a gotcha kind of approach.”
But enforcement holds people accountable, Desparte also said, and drives “deterrence for similar behavior in the future. To drive the optimal behavior of the auditor, you really have to keep the carrot and stick in balance.”
One of the five primary goals of the PCAOB’s 2022-2026 strategic plan, which is being voted on next week, is “strengthen enforcement.” In September, after the draft plan’s release, PCAOB Chair Erica Williams, former associate counsel to Barack Obama, promised “renewed vigilance” to ensure “there are consequences for auditors that put investors at risk and to be certain “that bad actors are removed” from serving as public company auditors. Williams also vowed substantial monetary penalties and significant or permanent individual bars and firm registration revocations.
Indeed, the strategic plan states that the PCAOB will consider enforcement actions even in instances of violation where it has never brought charges before. And, according to Williams, “it will seek admissions of wrongdoing in appropriate cases – for example, where the conduct is intentional or egregious.”
While few auditors reject strong standards enforcement, some in the industry see a move away from the traditional “supervisory approach” of the PCAOB, which emphasizes audit inspections and standard-setting.
“Why enforcement needs strengthening with a more assertive approach to bringing enforcement actions… and imposing more significant penalties eludes,” wrote Tom Quaadman, executive vice president of the U.S. Chamber of Commerce in his public comment on the PCAOB’s strategic plan.
Calling the new enforcement goal “a solution in search of a problem,” Quaadman said an enforcement-heavy approach would “create uncertainty around the standards of conduct for auditors in an already challenging environment.”
Given the work the accounting industry is doing to alleviate the shortage of young people choosing it as a career, Quaadman said, “it seems antithetical for the PCAOB to be focused on elevating enforcement with a more assertive approach and harsh messaging.”
In PwC’s comment to the strategic plan, the auditing giant pointed out that because responding to investigations can be time-consuming and costly, “enforcement inquiries and investigations should be reserved for those facts and circumstances where addressing issues through the inspection process is unlikely to be sufficient.”
The other battlefront being opened up comes from the Securities and Exchange Commission, in particular by Paul Munter from the office of the chief accountant (OCA), whose professional practice group oversees the PCAOB.
Munter released an in-depth statement on October 11 underscoring the need for audit firms to catch corporate malfeasance during external audits.
A critical aspect of the independent auditor’s role is the responsibility with respect to fraud detection, he said. “This is particularly true [now] because any changes to the macroeconomic and geopolitical environment in which companies operate may result in new pressures, opportunities, or rationalizations for fraud,” Munter wrote.
He pointed out that auditors have always had a responsibility to detect material misstatements in the financials, whether due to error or fraud, “obviously, subject to reasonable assurance.”
While this may not sound controversial on its face, to the Big Four and the auditing industry it is.
As Tiffany Couch of Acuity Forensics wrote in CFO in 2018, “An audit is a very specific type of financial engagement that is executed to determine whether a company’s financial statements are ‘reasonably stated.’ And while assessing fraud risk is part of those engagements, the procedures associated with most audits are not sufficient to actually root out and prove fraud.”
Munter is not a fan of that explanation.
“That tends to lead to a conversation of what auditors are not responsible for, before you get into a conversation about what auditors are responsible for. — Paul Munter, SEC Office of the Chief Accountant
“Oftentimes, when you have a conversation with audit leadership about responsibility for fraud you first hear about the expectation gap,” he told the FEI audience this week (the difference between what the public and financial statement users believe auditors are responsible for and what auditors themselves believe they’re responsible for).
“That tends to lead to a conversation of what auditors are not responsible for, before you get into a conversation about what auditors are responsible for,” Munter said.
Munter asserted that PCAOB inspection reports of the last several years show instances where “auditors haven’t done an appropriate job of risk assessment, particularly with respect to fraud risk, or they haven’t taken those fraud risks and adequately incorporated them into the audit plan.”
Neither the SEC nor the PCAOB are signaling a change in the scope of the auditor’s responsibilities. Munter insisted. His October statement was intended to be a reminder of responsibilities “and a reinforcement of the need to be unbiased [and] maintain an appropriate level of professional skepticism.”
The PCAOB does have standard-setting projects in the works this year and next that address the quality of audits directly. They include a project to revise quality control standards for audit firms and a potential revision to standards for the auditor’s evaluation and reporting of a client’s ability to continue as a going concern.