SOX compliance professionals, prepare yourselves: the SEC has announced plans for new leadership at the Public Company Accounting Oversight Board, which could eventually bring significant changes in how audits and SOX compliance are managed.
SEC chairman Jay Clayton put events into motion Friday afternoon, with a quiet announcement that current PCAOB chairman Jim Doty “has agreed to continue to serve as chairman… as we commence the process for appointing his successor and new board members.”
Translation: Doty is on his way out, and other board members as well.
This is not a surprise. Doty has been chairman since 2011. His term formally expired in October 2015, and he has been serving in an acting capacity since then. Most of the five-member board is in similar position. One seat is vacant. Board member Jeanette Franzel and is serving beyond the expiration of her terms, like Doty. Board member Steven Harris is serving a valid term that expires in two months. Only Lewis Ferguson has a term that extends beyond this year, to 2019.
So the Republican-leaning SEC, which must appoint PCAOB board members by majority vote, could replace four of five board members within months.
Before we get to the implications of that, let’s first give credit to all PCAOB board members for their years of service in a thankless job. Clayton did as much in his announcement, praising Doty for six years of leadership to rebuild what had been a battered agency in 2011. Ferguson has been at the PCAOB since 2011, Franzel since 2012, and Harris since all the way back in 2008.
Doty midwifed important advances in SOX compliance and financial auditing. He (and the other board members) pushed auditors to take more of a risk-based approach; adopted new standards for evaluating related parties and significant transactions; and adopted a rule for naming audit partners on an engagement. All the while, the PCAOB did its usual job of inspecting audit firms and their work, disciplining auditors for misconduct, and forging ties with other audit industry regulators overseas.
Most recently, Doty led the charge for a new, more modern and useful auditor’s report. That rule still awaits final approval from the SEC, and I sometimes wonder whether Clayton might pause that one. Regardless, Doty has accomplished much. I’ve had the honor of meeting Doty and numerous other PCAOB board members over the years. They have all been thoughtful, smart professionals determined to help the profession.
What Happens Next
What comes next is a call for nominations, a review of nominees by SEC staff, and a thorough selection process—that still, of course, results in a PCAOB favorably disposed to Clayton’s views as SEC chairman. We don’t know how long the replacement process might take, although my guess is that it will take many months, at least. But one of Clayton’s top objectives is to roll back SOX compliance requirements. Tilting the PCAOB toward that line of thinking will help him get there.
The dream (for Clayton and conservatives, at least) would be to increase the number of companies exempt from Section 404(b) of SOX. That provision requires companies to have an annual audit of internal control over financial reporting. Non-accelerated filers— that is, those with a market capitalization below $75 million— are exempt. Clayton & Co. want to increase that threshold, possibly to $500 million or more.
Clayton couldn’t get there alone. Raising the 404(b) limit would require an act of Congress. Conservatives in the House did hold a hearing about SOX compliance rollbacks in July. In the real world, however, lawmakers still need to draft legislation and get it passed through both chambers of the legislative branch; lord knows when that might happen. At the rate the Republican Party is incinerating its credibility with voters, it may never happen at all.
So Clayton probably has more ability to drive changes in SOX compliance right now than Congress does, because Clayton can move on that front administratively: by changing the leadership at the PCAOB, who could then change priorities for inspections, auditing standards, and so forth.
Clayton could only do so much, but he could do it more quickly than Congress. And if his approach works well enough, he could avoid the politically messy fight that SOX reform might entail in Congress; he could say the SEC and PCAOB achieved substantively similar results without the more drastic step of legislative change.
The Conversations to Come
Could the SOX compliance world benefit from a fresh look at Section 404(b)? Sure. Some audit firms do take their audits of internal control too far. My favorite recent story is an audit firm that reportedly wouldn’t accept management’s review of internal controls because the managers’ tick-marks on a checklist were “insufficiently tick-like.” Another person claims a management review of controls was rejected because managers “didn’t document what was in your mind at the time.”
Perhaps those stories are exaggerations made to prove a point. But the very fact that they might also be true tells us that some ICFR audits go to extremes that are more trouble than they’re worth. The challenges are in how audit firms accept evidence, or in their standards for assurance (management only needs to provide reasonable assurance, not absolute), or in demands for documentation.
Those challenges are all consequences of how Section 404(b) is administered. Others might say that’s precisely the point of Section 404(b), that it’s supposed to drive audit firms to take a more skeptical view of management claims about internal control. Rejecting a tiny dot on a checklist as insufficiently tick-like—well, that’s what skepticism is.
We could debate those points endlessly. The plain truth of things, however, is that Clayton has enormous power to influence that debate, and he just announced that he plans to use it.
Correction: In an earlier version of this post, I incorrectly stated that Ferguson was also serving in an expired term. As now noted above, his term expires in 2019.