The United States Securities and Exchange Commission (SEC), as the financial reporting watchdog, and the Public Company Accounting Oversight Board (PCAOB), as overseer of the auditors, are continually challenged to maintain a consistent approach in performing their regulatory function. For example, in January 2021, the SEC approved a revision to the auditor independence rules that the PCAOB had issued in November pursuant to SEC changes instituted last summer. The new rules loosened up loan relationships between individuals related to a company and its auditors that were deemed inconsequential and not jeopardizing independence. Auditors welcomed what was considered an onerous and overreaching regulation while investors were understandably wary.
Recently, J. Robert Brown, upon stepping down from his position as a Board Member of the PCAOB, gave his impressions in an article titled The Future of Audit Oversight
. Also in January 2021, the Anti-Fraud Collaboration (AFC) issued a new report, Mitigating the Risk of Common Fraud Schemes: Insights from SEC Enforcement Actions.
The AFC was formed by the by the Center for Audit Quality (CAQ), Financial Executives International (FEI)
, The Institute of Internal Auditors (The IIA), and the National Association of Corporate Directors (NACD). Rounding out the January coverage, the FEI shared the viewpoints of those inside the corporate ranks, with their report, Where Are We Now? The Story of ICFR at Large Public Companies as Told by Financial Executives.
Brown offers suggestions to drive more effective fulfillment of the PCAOB’s responsibility for investor protection in the midst of the monumental changes brought about by the pandemic, continued undetected financial frauds, investors seeking assurance elsewhere, and the growing influence of environmental, social and governmental factors. Brown points out that while the PCAOB was established to take over where self-regulation had fallen short, the standards initially employed by the PCAOB were largely taken from those governing self-regulation, and are still in need of updating. At its core, the PCAOB is designed to provide the independence lacking at the audit firm level, where maximizing adherence to standards stands in conflict with the goal to maximize profits. Also, a balance of principles and rules is necessary. To illustrate, Brown indicates the lack of precision in describing terms such as inconsequential and material, as well as questioning whether required “unpredictable” audit procedures have in reality become too predictable.
Brown goes on to encourage stepping back to consider the big picture issues during inspections, so as not to get bogged down with a checklist approach to standards and requirements compliance. Following up on enforcement matters should include assessing audit firm disclosure requirements and maintaining the public database of auditor information. Especially relevant nowadays are the Chinese audit firms which are tasked with gaining Chinese governmental approval for the release of workpapers to the PCAOB inspectors.
Overriding Brown’s concerns is the need for the audit profession to take steps to retain relevancy. With investors now having a variety of other readily available sources for company information and analysis, auditors need to aggressively embrace continual technological changes and implement updated audit techniques. The PCAOB is called upon to involve and communicate with investors to stay apprised of their needs and desires.
The Anti-Fraud Collaboration’s report offers insights into the financial reporting fraud that Brown includes in his concerns. The AFC reviewed a couple hundred of the SEC’s Accounting and Auditing Enforcement Releases (“AAERs”) from the 2014-2019 timeframe with a goal to “provide observations on higher risk areas that are susceptible to fraud and insights into what companies can do to identify and mitigate these types of fraud risks more effectively.”
The January 2021 issue of the Audit & Accounting Alert covered the Association of Certified Fraud Examiners (ACFE) broad-based global report on occupational fraud. The AFC report focuses more narrowly on financial statement fraud uncovered in SEC public company filings. The most prevalent frauds found were:
- improper revenue recognition
- reserves manipulation (e.g., inadequate reserves for known liabilities)
- inventory misstatement
- impairment issues
While there were multiple root causes, the study also found misleading or inaccurate financial statement disclosures, material weaknesses in internal controls, and unsupported journal entries. Characteristics that often played a part in the frauds involved tone at the top, high-pressure environments, business challenges, and lack of adequately experienced personnel. The motivations tended to be familiar ones, such as pressure to meet analyst expectations, increased supplier costs, and slowing demand for products. With the pandemic, these circumstances can only expect to become more prevalent.
The AFC report concludes that “the key to protecting companies against fraud is vigilance, a continued resolve to exercise skepticism, and attention to the potential risks. Companies should remain focused on the fundamentals—controls, processes, and environments that impact financial recordkeeping and decision-making—and company-specific risks by conducting regular risk assessments.”
Over and against the PCAOB and SEC positions, the Financial Executives International (FEI) published a report on January 19, 2021, Where Are We Now? The Story of ICFR at Large Public Companies as Told by Financial Executives
, that airs the objections of those from within the corporate domain, citing the onerous and impractical documentation requirements coupled with a lack of adequate guidance. Nevertheless, when considering Internal Controls over Financial Reporting (ICFR), Andrej Suskavcevic, CAE, President and CEO of Financial Executives International and Financial Education & Research Foundation, emphasized that finance executives “remain committed to fostering a healthy ICFR ecosystem.”
The FEI report states that the COSO framework is widely followed, but that additional concrete guidance and real-world examples are sought. Especially difficult areas for designing, implementing, and operating controls include non-routine transactions, the income tax provision, and access to data. Conversely, documentation requirements are sensed as excessive for control areas such as routine estimates, data processing and disclosures. Furthermore, while acknowledging the need to better keep up with technological changes, respondents were hesitant to implement new advances, voicing concerns for a lack of qualified personnel and the prospect of additional control risks brought on by the changes. Even so, the new technologies are expected to have a helpful impact on reducing risk in areas such as those addressing the failure to prevent material misstatements, unauthorized alteration of accounting information, failure to detect material misstatements by the external auditors, and failure to detect material misstatements internally.
The ongoing commitments of the PCAOB, SEC and FEI, and the positive tension among these and similar organizations, as they mutually pursue efforts toward the improvement of financial reporting, bodes well for the benefit of companies, auditors, regulators and investors, alike.
Further details can be found at The Future of Audit Oversight
, Mitigating the Risk of Common Fraud Schemes: Insights from SEC Enforcement Actions
, and Where Are We Now? The Story of ICFR at Large Public Companies as Told by Financial Executives
(The Future of Audit Oversight | PCAOB (pcaobus.org)
), (Mitigating the Risk of Common Fraud Schemes - Mitigating the Risk of Common Fraud Schemes (thecaq.org)
, and (FERF Report Reveals Biggest ICFR Pain Points for Large Public Companies - FEI (financialexecutives.org)