SEC oversight of the PCAOB: The Commission has general oversight authority over the PCAOB, including in the following areas:
- Appointment of PCAOB members: The Commission has the authority to appoint PCAOB board members, in consultation with the Secretary of the Treasury and the Chair of the Federal Reserve. Two seats are to be occupied by individuals who are or have been certified public accountants.
- Opportunity to review rules and standards: The SEC has the opportunity to vote on PCAOB rules and standards before they take effect. The SEC can vote to approve or disapprove PCAOB rules and standards but cannot amend them.
- Budget approval: The SEC must approve the PCAOB budget.
- Hear appeals: The SEC has the authority to review and modify final disciplinary sanctions imposed by the Board.
The PCAOB has the authority to set standards governing:
- How auditors conduct audits of public companies and broker-dealers
- Auditor ethics and independence
- Audit firm system of quality control
To develop its standard-setting agenda, the PCAOB has the ability to utilize information obtained from inspections as well as input received from stakeholders such as its Standing Advisory Group, which includes representatives from investor groups, the audit profession, public company board members and academics.
Over the past several years, some stakeholders have raised questions about the process used to establish the PCAOB’s standard-setting priorities, as well as the length of time it takes to finalize standards and rules.11 This has resulted in a number of changes that are currently being implemented (see “Revised PCAOB standard-setting process”).
The PCAOB issues its standards in proposed form before they are finalized, providing a comment period for external stakeholders. Recent and current standard-setting projects include those related to auditor transparency, revisions to the auditor’s reporting model, supervision of other auditors, auditing accounting estimates and fair value measurements, and the auditor’s use of the work of specialists.
In addition to standard setting, PCAOB staff periodically issue practice alerts to draw attention to emerging audit issues or risks. Recent alerts have highlighted audit risks associated with the current economic environment and certain emerging markets.
Under SOX, the PCAOB is required to inspect a registered audit firm at an interval based on the number of public companies that the firm audits. Firms that perform annual audits of more than 100 issuers are inspected annually, while other firms are inspected at least every third year. During inspections, the PCAOB staff typically looks at firmwide quality controls as well as a sample of audit engagements.
The PCAOB indicates that it uses a variety of factors to select the audits it inspects, including its assessment of the risk that a public company’s financial statements may contain a material misstatement.
Inspections are intended to provide an independent review of audit quality and highlight opportunities for improvement within audit firms, both at the individual audit level and with respect to a firm’s system of quality control. Inspection results can be used to identify areas in which additional audit guidance, training, practice reminders or enhanced skills may be needed.
The PCAOB Remediation Framework
Over time, the PCAOB has sought to provide additional transparency into its process for evaluating a firm’s activities to address quality control findings identified through inspections. In 2013, it issued staff guidance related to this process, which highlighted five criteria PCAOB inspection staff apply when assessing a firm’s remediation process, often referred to as the “remediation framework”:
- Change – does the remedial step represent a change to the firm’s system of quality control that was in effect at the time the quality control concern was identified?
- Relevance – is the remedial step responsive to and does it specifically address the quality control criticism described in the inspection report? Is a root cause analysis appropriate?
- Design – is the remedial action designed to remediate the quality control criticism?
- Implementation – was the remedial step implemented within 12 months? If not, has the firm made appropriate progress?
- Execution and effectiveness – has the remedial step achieved the proposed effect that it was designed to have?
While this framework has not garnered the same attention that new PCAOB audit standards would receive, we believe it has had a significant positive impact on audit quality. The framework encourages audit firms to examine their understanding of the root causes of the identified quality control concerns. In some cases, this has led to additional investment and focus by firms on their processes to consider the root causes of identified deficiencies. Confronting root causes allows for the design and execution of more effective remediation activities, resulting in more timely improvements in audit quality. We believe that such improvements have been a key driver in the decreasing trend in inspection findings over the most recent inspection periods.
The PCAOB’s enforcement staff investigates and sanctions individual auditors and audit firms for violations of laws, regulations and professional standards. The PCAOB’s disciplinary powers include the authority to impose civil monetary penalties on individual auditors or the audit firm, temporarily or permanently revoke an audit firm’s registration with the PCAOB (which would prevent it from performing audits of public companies and/or broker-dealers), place limitations on the operations of a firm or individual auditor and bar an individual auditor from association with registered audit firms. It also can punish firms and auditors that do not cooperate with PCAOB investigations and inspections and may refer matters to the SEC and other relevant authorities.