Are you in compliance?

Don't miss out! Sign up today for our weekly newsletters and stay abreast of important GRC-related information and news.

Get updates on Compliance Week offerings, including new features, databases, research, and other resources, along with announcements of upcoming Webcasts, conferences, seminars, CPE/CLE opportunities and more.

Published every Thursday, Compliance Week Europe offers a condensed summary of risk, audit, and compliance news either originating in Europe, or of special interest to European compliance professionals. This newsletter will follow developments by the European Commission, as well as those of national governments across the region, or any U.S.-based news that might have consequence across the Atlantic. Frequency: weekly; Thursday a.m.

A fresh edition of Compliance Week delivered via e-mail and online every Tuesday morning, relentlessly focused on the disclosure, reporting and compliance requirements of our 25,000+ paying subscribers.

Published every Friday, Compliance Weekend was launched at the behest of subscribers, and offers a quick Plain English review of the week's key developments. We hope you enjoy this supplement to Compliance Week's Tuesday edition.

PCAOB Asks: Who Is Doing Your Audit?

Tammy Whitehouse | June 5, 2012

Public companies might be surprised to learn that much of their external audit is performed by a firm other than the one they hired, says the audit profession's top regulator.

James Doty, chairman of the Public Company Accounting Oversight Board, said during a keynote address at Compliance Week 2012 that he's concerned companies and their investors have too little information on exactly who is doing the audit work relied on for making investment decisions. “Who performs your audit?” he asked. “If you thought of the firm whose name is at the bottom of the audit report, you are likely not entirely correct.”

As companies have expanded their reach into other countries, audit firms have done the same, said Doty. “Audits today, particularly of the largest U.S. companies having global operations, often have half or more of the audit performed abroad,” he said. “In most such cases, that means the principal audit firm, whose name appears on the audit report, uses affiliates of the primary auditor and members of its network of firms to conduct the foreign portion of the audit.”

That's unsettling to a regulator to Doty, who is wrestling with his counterparts in numerous other countries to gain access to those firms to inspect their work. Audit regulators in many countries -- most notably China, Hong Kong, and a number of countries in the European Union -- cite conflicts with their own national laws and privacy concerns as reasons for blocking PCAOB access to firms whose work is relied on by U.S. investors. The PCAOB is responsible for overseeing 900 firms in 88 countries outside the United States, but so far has conducted only 300 inspections in more than 35 countries.

“Based on the inspections that we have been able to perform and our inability to perform others, we know there are significant risks in audits performed in some of these foreign jurisdictions,” he said. “this should be a concern for investors and for those charged with corporate governance. The risk of fraud is greatest in the shadows.”

Doty says he's making progress in gaining access to firms in China, hopeful that his inspectors will be able to observe China's own inspectors as they conduct their own inspections perhaps by the end of 2012. The board also has struck agreements with countries such as Germany, the United Kingdom, Dubai, the Netherlands, Taiwan, Israel, Japan, Norway, and others. It is hoping those agreements will serve as models to continue gaining access to other countries where its inspectors are not permitted.

In the meantime, the board is developing a standard to require audit firms to disclose in their audit reports the names of other public accounting firms, including a firm's own affiliates, as well as individual accountants not employed by the principal audit firm, who contributed to the audit. The proposal also would require firms to disclose the name of the engagement partner who oversees the audit. Doty says the Securities and Exchange Commission's Division of Corporation Finance has also begun requiring companies to disclose in their management discussion and analysis when parts of its audit arise from jurisdictions that are not accessible to the PCAOB.

“There has been strong investor support for inclusion of this information in the auditor's report,” Doty said. He said the board is on track to finalize the standard in 2012.