Auditors balk at regulator’s push to expand their role
Proposals on fraud detection, cyber risk and more would take auditors far outside the parameters of their specialty, they say. The Public Company Accounting Oversight Board says the changes are needed.
Auditors are pushing back against recent proposals by the U.S. audit regulator that they say would significantly expand their responsibilities with needless extra work, but which many investors argue would help provide the transparency they have long sought.
The Public Company Accounting Oversight Board says change is necessary. The regulator wants firms to take on a greater role in detecting fraud, as well as begin disclosing nearly a dozen new metrics about their operations and audits. Yet another proposal calls for more details on audit fees and cybersecurity risks, plus a confidential submission of financial statements.
In general, auditors support the board’s fervor under Chair Erica Williams in trying to modernize auditing standards. But three recent proposals—sometimes described by auditors as a pile-on—would load firms with added work and costs, particularly as they struggle to find and keep skilled personnel.
They are sounding increasingly harried.
“If they were to go through with all of these proposals, I think it would be a radical overhaul of the profession," summed up Allison Henry, vice president of professional and technical standards at the Pennsylvania Institute of Certified Public Accountants.
Meanwhile, some investors favor the PCAOB’s tighter requirements, which would give them more insight into whether the company audits are worth the money they ultimately pay for them.
Of the three proposals, the one that has most inflamed the profession is an effort to get auditors to be more proactive in flagging possible fraud and other illegal activity by their clients. Last June, the PCAOB took a vote on it, which produced a rare split: Duane DesParte and Christina Ho—the only two certified public accountants on the five-member board—opposed it.
“Auditors are CPAs, not legal experts," Ho said in her dissent. “The new requirements will significantly expand auditors’ need for expertise from lawyers, legal experts and possibly other specialists, resulting in a substantial increase in audit fees."
So incensed were audit firms that several called for the PCAOB to issue a revised proposal.
With auditors still smarting from the compliance proposal, this month the board unveiled two more proposals, one requiring firms to report 11 new data points, ranging from auditor retention to partner involvement and work experience. The other proposal focuses on cybersecurity risk and audit fees.
The PCAOB’s stated mission is to protect investors. And since the 2022 ascent of Chair Williams, it has conducted sweeps to root out wrongdoing by audit firms, and is working to update standards and make inspections more efficient and transparent, it says. The PCAOB has approved stronger requirements around how firms verify outside evidence on their clients and supervise outside auditors, and has issued eight proposals, including the recent three. Part of its focus is updating dozens of rules intended to be temporary, some of which refer to outmoded technology, like fax machines.
“The PCAOB is committed to modernizing standards that have been outdated for decades in order to best protect investors in today’s world, and the public comment period is critical to that effort," a spokeswoman for the regulator said. “We are grateful to everyone who has submitted comments and are carefully weighing all input."
But audit firms want laser-clarity around the new, more demanding PCAOB proposals in order to avoid audit deficiencies and regulatory sanctions, which can carry reputational and monetary costs.
“What’s contributing to this epic battle, if you will, is that any of these things in a standard might seem reasonable until you’re sitting across the table from an inspector and that’s not in public view and those words can have nuance," said Colleen Boland, associate professor of accounting at University of Wisconsin-Milwaukee and a former PCAOB senior economic research fellow.
Ho and DesParte have expressed dismay at the PCAOB’s broadening agenda. DesParte, whose term ended in October, said last June he was increasingly concerned the PCAOB is incrementally imposing new auditor responsibilities in ways that will expand the breadth and cost of audits and “fundamentally alter the role of auditors." (George Botic, a former PCAOB inspections head as well as a CPA, succeeded DesParte on the board and hasn’t opposed any proposals since he joined.)
Ho, the lone dissenting vote on this month’s cyber-related proposal, lamented the board’s “apparent zeal" in issuing new burdens and responsibilities that “may end up breaking the public company auditing profession’s back."
“If we ‘break’ the profession in the name of investor protection," she said, “are we really protecting investors?"
The two have given voice to concerns swirling through the profession, highlighting the animus between the regulators and the regulated, said Jackson Johnson, president of Johnson Global Advisory, which advises accounting firms.
“Firms are less fearful to push back and engage in a dialogue because of the pace of proposals," he said. “They believe if we don’t do something, this could be a runaway train."
Frauditors?
Auditors—in letters to the PCAOB, at a recent roundtable and in interviews—have vociferously argued against the proposal that could make them responsible for detecting and heading off corporate malfeasance, a job they say is more the bailiwick of company managers than auditors. Auditor independence could also be harmed, they say, also adding that the skills and legal expertise needed are beyond their professional abilities.
One well-known case from the last decade is used to bolster the argument for auditors’ role in catching fraud. KPMG, in a 2016 letter to senators, said it was aware of client Wells Fargo’s illegal acts at the center of a sales-practices scandal. But it didn’t report the bank to authorities because the effects weren’t financially significant and therefore not within the auditor’s scope. At the time, KPMG also said it hadn’t surfaced any information that wasn’t already known to management.
Some investors also believe there is general reluctance to report illicit activity at clients. External auditors initially detect fraud just 4% of the time, compared with tips from employees and customers at 42%, according to a 2022 study from the Association of Certified Fraud Examiners.
For investors, violations of the law can create liabilities that companies might need to disclose in their financials, possibly denting their brand and market valuation. Investors also want auditors to be more skeptical of management’s work, in particular whether executives have adequately assessed that there are no significant errors in their financials, according to Sandy Peters, senior head of advocacy at the CFA Institute.
“If management doesn’t have a complete list [of laws relevant to their operations], but has a process that’s reasonable, I think that’s something that we want auditors to look at," Peters said at a PCAOB-led roundtable on the issue last month. “And it may require they use legal expertise."
Some investors say the losses they might suffer as a result of, say, securities fraud are typically far greater than whatever they might recoup in monetary settlements—let alone what auditors would have to invest to comply with such a rule. The cost of fraud to investors is significant, at about $800 billion a year, said Luigi Zingales, a finance professor at the University of Chicago, citing his published research.
Investors—91% of them—would accept some increase in costs to bolster auditor responsibilities under the compliance proposal, with a majority saying they wanted no more than a 30% increase, according to a February survey by the Center for Audit Quality, a professional group.
The Colorado Public Employees’ Retirement Association, a pension fund, suggested the regulator explore ways to reduce costs for smaller audit firms, said Amy McGarrity, chief investment and operating officer at Colorado PERA and member of the PCAOB’s investor advisory group.
“We don’t want transparency at any cost," she said. “We want relevant regulation that’s going to improve outcomes."
Disclosing More
For years, though, investors have clamored for some of the changes outlined in the three recent proposals.
Additional disclosure, for instance, would provide more data for shareholders to evaluate audit quality, which could result in increased votes against companies’ auditors in their annual nonbinding votes on key company matters, said Brandon Rees, deputy director of corporations and capital markets at the labor federation AFL-CIO. Investors often oppose companies’ choice of auditors when they consider the amount of fees charged for nonaudit services excessive.
“Auditors are afraid that institutional investors will start using the auditor-ratification vote as a meaningful way to hold them to account," Rees said.
Observers also sense that the PCAOB might be trying to get as much done as possible ahead of the November U.S. presidential election, which could derail certain projects if a new administration were elected.
But professional groups aren’t giving up—even if they lose this round. They will likely continue to fight the compliance proposal and perhaps even seek legislation to clamp down on the PCAOB, said Henry at the Pennsylvania Institute of CPAs. The compliance proposal could become a rule sometime before the end of this year.
“Even if it’s enacted, we need to continue to push back," she said.
Write to Mark Maurer at mark.maurer@wsj.com
topics
