Close

Are you in compliance?

Don't miss out! Sign up today for our weekly newsletters and stay abreast of important GRC-related information and news.

A Focus on Transparency—of Auditing

Scott Taub | September 22, 2015

One of the key goals in financial reporting is transparency—the ability for a reader of financial reports to “see through” the reports to understand the underlying business. Standards from the Financial Accounting Standards Board are intended to promote transparency, and auditors check that the financial statements are prepared in accordance with those standards. A clean audit opinion tells readers that they can trust what they see in, and what they see through, the financial statements.

The audit, though, is opaque. Other than people who have performed audits, not many know what is done. The auditor’s report explains the limitations of an audit, to tamp down the “expectation gap” where the public believes auditors do more than they actually do; the report provides no information about the audit itself. The words in every clean audit report are identical, while the work behind each one is very much customized.

The opacity is mitigated somewhat by audit committees and the Public Company Accounting Oversight Board. Audit committees provide independent oversight of auditors, but they aren’t present during the audit, and the information required to be provided to them isn’t all that extensive—so the public knows little about how the audit committee fulfills its audit oversight responsibilities. The PCAOB can see every bit of audit work if it desires, but the public has virtually no visibility into the PCAOB’s work, and audit committees only know what the auditor tells them.

Perhaps investors should trust the system enough to feel comfortable about the quality of audits without knowing more about them. But it’s clear that a lot of people don’t. And now several initiatives aim to add some transparency to auditing.

Auditors

The PCAOB actually has a project titled “Audit Transparency,” whose goal is to make public the name of the lead audit partner and information about firms other than the signing auditor that participated in the audit. All this will accomplish is to make public a few pieces of information that audit committees already know. Still, it’s a step in the direction of transparency.

Even with its modest goals, it’s taken years of discussion for the PCAOB to come close to finalizing its Audit Transparency requirements, and that may be delayed further, as the SEC has at least raised the possibility in its concept release that the information should come from the audit committee rather than the auditor.

Another PCAOB project aims to require auditors to tailor their report somewhat, by requiring that the report include information on the most significant issues encountered in the audit. This would provide readers some idea of where the auditors perceived the greatest risks or faced the greatest difficulties in concluding that the accounting was correct. Most likely, the underlying accounting matters would already be discussed in the financial reports, but getting the auditor’s viewpoint would add another dimension to the information.

Finally, we have a recent concept release from the PCAOB on Audit Quality Indicators. This project involves considering measures that might provide insight into the quality of audits, such as:

  • Percentage of audit work performed by experienced auditors;
  • Workload of audit personnel;
  • Use of technical experts and specialists;
  • Experience of audit personnel;
  • Results of independent surveys of firm personnel;
  • Correlation between quality ratings and compensation;
  • Internal enforcement of independence requirements;
  • Amount of investment in training and audit infrastructure.

Among the questions the concept release is whether the example measures are useful, who they should be provided to, and how they can best be used.

Any reporting of AQIs would make this kind of information available for the first time on a broad basis. Audit committees might well be the best audience, as AQIs would provide a tool that could help them better focus their audit oversight. The PCAOB could use the information to identify areas where audit firms do things differently, and perhaps focus inspections more effectively. If the information were provided to investors, they would have their first real insight into the quality of auditors. And even if the information weren’t provided to investors, that the PCAOB and audit committees have it might give investors more comfort when they are asked to trust the system.

Audit Committees

Audit committee charters are publicly available, and committees are required to make limited disclosures about things like whether the committee reviewed the financial statements and discussed a short list of topics with the auditor. But no significant disclosure is provided regarding how the audit committee does its work or what matters it spends time on.

The Securities and Exchange Commission, however, has issued a concept release on whether more communication from the audit committee should be required. The release solicits comment on a number of things the audit committee could potentially be required to disclose, including:

  • Information about the nature of communications between the auditor and audit committee, instead of just the fact that the communications occurred;
  • Frequency of meetings between the audit committee and auditor;
  • How long the same audit firm has been used;
  • Information about the audit committee’s consideration of the auditor’s PCAOB inspection report and internal quality review reports;
  • The process used to choose (or reappoint) the auditor, including whether and how the committee assessed audit quality and sought proposals from other firms.

Disclosure of any of this would be a huge change in the amount of information available about the audit committee’s work.

While the PCAOB does not have oversight of audit committees or public reports, it rightly believes that encouraging effective oversight by audit committees is consistent with the PCAOB’s mission of ensuring high-quality audits. To that end, the PCAOB issued in May what is intended to be the first in a series of documents that provides audit committees (and, since the documents are publicly available, the public) insights about findings of the PCAOB inspections. The audit committee communication also provides suggestions of things the audit committee might discuss with the auditors in areas in which the PCAOB has noticed frequent audit problems.

The past 15 years have seen a significant increase in the responsibilities of audit committees, but the current initiatives go much further toward suggesting how audit committees should fulfill those responsibilities than any past initiatives have.

Where Is It All Going?

Clearly, progress in audit transparency comes slowly. Even with its modest goals, it’s taken years of discussion for the PCAOB to come close to finalizing its Audit Transparency requirements, and that may be delayed further, as the SEC has at least raised the possibility in its concept release that the information should come from the audit committee rather than the auditor. Still, other jurisdictions require similar disclosure, so it seems likely that it will get done.

More significantly, other jurisdictions also have started requiring auditor’s reports to discuss what the PCAOB terms “critical audit matters,” and investors, auditors, and regulators have seen value in the reports. Given that, it seems likely that the United States will reach that point too. Companies should begin talking with their auditors about what kinds of things might be reported if the proposed changes come to fruition.

The desire to help audit committees makes it likely that the PCAOB will at least identify some AQIs that would be useful to audit committees and the PCAOB itself, even if public reporting might not happen due to concerns about usefulness, liability, and the release of proprietary information.

It also seems clear that some additional disclosure from the audit committee will come of the SEC’s concept release, if only because the required communications between the auditor and audit committee have increased and it makes sense to mirror those changes in the audit committee’s reporting to investors.

Reading the audit committee-focused SEC and PCAOB releases, however, has me a bit concerned. They both suggest to me that there may be an expectation gap (like the one faced by auditors) between what regulators think audit committees do and what they really do. The PCAOB document suggests that audit committees consider asking questions far more detailed than any audit committee I’ve ever been around actually asks. And the SEC document seems to imply that processes and procedures should exist for audit committee actions that are performed infrequently. I hope that the level of detail in these documents doesn’t mislead the public into believing that audit committees do more in this area than they actually do.

More broadly, neither of these documents acknowledges, except in passing, many other things that audit committees do beyond oversight of auditors. Perhaps the most useful outcome of these audit committee-related efforts might be a broader dialogue on what audit committees ought to be expected to do and what they shouldn’t. Their time is often spent on matters like cyber-security, enterprise risk, and compliance, in addition to financial reporting oversight. If they aren’t spending as much time on the audit as regulators and investors want, perhaps these projects will bring that to light.

In any event, the momentum toward providing transparency into the audit process is as strong as it has ever been. Examples from other jurisdictions show that much of this can be done and can be useful. That some increased reporting is coming to the United States is virtually certain. It’s time to start thinking about it, and getting involved in the process while there is still time to affect the outcome.