The audit and compliance community rarely sees a stealth news dump from regulators over a long weekend, but we have some now: SEC chairman Jay Clayton is replacing the leading cybersecurity expert on the Public Company Accounting Oversight Board with a White House aide.
Kathleen Hamm, a member of the PCAOB since January 2018, will be out at the end of this month. Succeeding her is Rebekah Gorshorn Jurata, a policy aide serving on the National Economic Council whose LinkedIn profile checks all the boxes for devout Republican and Trump loyalist.
Hamm’s ouster is unprecedented because she had wanted a second term, and until now, any PCAOB board member who wanted to serve a second term was reappointed. Regardless, the SEC began soliciting nominees for Hamm’s seat over the summer. Hamm had even reaffirmed her desire to serve longer (“I am seeking a second term to continue the important work I’ve started to protect investors and the public,” she had said in a statement released by the PCAOB), but her efforts came to naught.
PCAOB board members are appointed by the SEC, and nominees are put forward by the SEC chairman. So the decision not to reappoint Hamm was pretty much Clayton’s. Jurata will now serve a five-year term that expires in October 2024, reportedly with a salary of $500,000.
But wait, there’s more stealth news!
The SEC also announced that commissioner Hester Peirce will lead the agency’s “coordination efforts” with the PCAOB. Peirce is an outspoken proponent of rolling back compliance with Section 404(b) of the Sarbanes-Oxley Act, which requires annual outside audits of companies’ internal control over financial reporting. I mean, Peirce would also probably try to make compliance with all federal securities law optional if she could do it, but 404(b) is one of her fave targets.
So what could these moves mean? How might they matter to compliance and audit professionals? A few ideas come to mind.
Clayton Making His Move?
One obvious theory is that Hamm was getting in the way of Clayton’s agenda, so he ignored calls for Hamm to remain on the board, customary PCAOB practice, and the common sense notion that a cybersecurity expert is worth keeping around — all to put a loyalist on the PCAOB and bring the agency under Peirce’s close oversight, so Clayton can ram his compliance rollback into being more effectively.
We can’t say with certainty whether that was Clayton’s motivation, but the facts fit. Groups such as the Council of Institutional Investors and the CFA Institute both called for Hamm to be reappointed. The CII has rarely been a fan of Clayton’s policies, but you expect that from a group that lobbies for institutional investors. The CFA Institute is much more circumspect about wading into disputes like this, and yet it still did.
Plus, read Hamm’s resume on the PCAOB website. She has extensive experience at the Treasury Department and in the private sector helping to develop cybersecurity policy. Hamm has given several speeches on cybersecurity, the last one coming only 10 days ago.
I’m not saying that Jurata isn’t qualified to serve on the PCAOB, although others might make that argument. I’m saying that the PCAOB needs cybersecurity expertise: someone serving on the board who can think extensively about cybersecurity, internal control, and risk assurance. Hamm has that expertise.
Jurata, however, seems to have nowhere near that expertise. Neither do any of the other four PCAOB board members. So if Jurata’s perspective as a White House policy aide really is so beneficial to oversight of the audit industry, Clayton could have had her replace someone else. He didn’t.
On the other hand, if you’re looking for a reliable vote to weaken SOX internal control audits and otherwise do the bidding of Clayton and PCAOB chairman William Duhnke — well, Jurata does seem to fit that bill.
Speaking of SOX Audits
We last talked about Clayton’s efforts to roll back internal control audits in May. That’s when the agency proposed exempting companies with less than $100 million in annual revenue from compliance with Section 404(b).
Public comments about that proposal arrived throughout the summer. The responses were predictable: companies largely want to see Section 404(b) relaxed, investors largely want it to remain intact. (Audit firms are doing a two-step routine where they say they want 404(b) to remain, but really they’re willing to barter that work away in exchange for more freedom to offer consulting services to audit clients.)
We don’t know when the SEC will act on its proposals, but let’s not kid ourselves: Clayton is going to push this 404(b) proposal over the line. He may go even further — perhaps raising the $100 million revenue threshold, or raising the market cap limit to $250 million so it aligns with the definition of Smaller Reporting Companies, which are already exempt from other disclosures. He could do something wacky like reduce 404(b) audits from annually to every three years. All those ideas have circulated around.
Whatever ultimately gets passed, however, there’s also the reality that audit firms can still strong-arm clients into exhaustive audits of internal control anyway. Like, what are you going to do? Engage in a protracted fight with your firm while the firm is racking up billable hours fighting you? Switch firms and have all sorts of costly disruptions? Audit firms can still push a client around if they want.
Which brings us back to this weekend’s other news: that Peirce is the SEC’s new coordinator for the PCAOB.
Now we have Jurata as one more loyalist vote on the PCAOB, and libertarian Peirce watching the whole board like a schoolmarm who reads too much Ayn Rand. That leaves Clayton in excellent position to weaken 404(b) audits like he wants, because he can also orchestrate the PCAOB’s oversight of audit firms to go easy on SOX auditing.
And hey, why stop there? The same is also true for all the other accounting and auditing measures coming into force lately. That includes the lease accounting standard (arrived in January), critical audit matters (arriving now), and the CECL standards for credit losses (arriving next year).
It’s a nifty power grab on Clayton’s part. Then again, as I’ve said before, he undoubtedly feels the heat to get his agenda done before President Trump implodes in impeachment or gets tossed from office next year. Gotta make hay while the sun shines, even if you toss good PCAOB members over the side to do it.