PCAOB Compliance Proposal Draws Heat
Comment letters have begun to arrive for the Public Company Accounting Oversight Board’s proposal to have auditors look for compliance and legal violations at their client companies. So far the idea has plenty of critics — although plenty of that criticism is stuff compliance officers will like to hear.
The PCAOB’s proposal is to require audit firms to look more aggressively for compliance and legal violations at their client companies, and then report any such violations more promptly to the company’s board of directors. The proposed new auditing standard is out for public comment until next week, and as of today the agency had already received 15 comment letters in response.
The headlines are two. First, numerous commenters worry that the proposed standard would force auditors to act as lawyers sniffing out possible legal violations — something auditors are not naturally suited to do since, ya know, they’re not lawyers. Audit fees would also quite predictably go sky high, for relatively little improvement in investor protection.
Second, however, is that numerous commenters also called for compliance officers to play a greater role in this process. After all, who would know better about possible compliance violations than the chief compliance officer?
For example, Gerry Zack, chief executive officer of the Society of Corporate Compliance & Ethics, published an open letter to SCCE members on July 20 urging them to submit comments to the PCAOB. Zack called the proposal “mostly quite positive” (which is a step further than I’d go), but what really caught my attention was this passage:
A critical step in drawing important conclusions about the compliance program’s ability to prevent, identify and investigate compliance issues should involve speaking with the person who has direct responsibility for the program. The standard refers to making inquiries of “others” likely to have knowledge about instances of noncompliance. Why not require auditors to make this inquiry with the head of compliance? Who is best suited to discuss the state of compliance — hopefully it’s the chief compliance officer.
Zack also suggested that the auditor should talk with the audit committee about its oversight of the ethics and compliance program as well.
Other commenters echoed Zack’s points. Susan Wong, compliance officer at Advocate Aurora Health in Milwaukee, submitted a letter saying, “These changes do not go far enough. In evaluating the compliance program’s ability to prevent, identify and investigate compliance issues, it is important that auditors talk to the chief compliance officer.” She then also urged that auditors be required to talk to whichever committee of the board oversees compliance and integrity.
Tom Birmingham, a self-proclaimed “long-time compliance and ethics practitioner” in the energy sector, told the PCAOB that the compliance officer has “tremendous insight on the culture, management, and operations of an organization. Auditors would be well served to engage these functions as part of audits and investigations, particularly those of an operational nature.”
A bundle of other compliance officers submitted additional comments along similar lines, and I wouldn’t be surprised if we see more in coming weeks. Clearly Zack’s message to the membership had its intended effect.
On the Auditors’ Side…
The audit community had a very different perspective on things. They saw the proposed new standard as a distraction from auditors’ primary job of auditing the financial statements — distracting enough that for some public companies, the audit might not be completed by required filing deadlines.
Case in point is a letter from Jeffrey Johanns, chair of the professional standards committee of the Texas Society of Certified Public Accountants. One of his key objections:
Conducting a financial statement audit applying the [proposed standard] would greatly increase the amount of time necessary to perform the audit, thus significantly increasing costs and audit fees. Significant unnecessary additional pressure on the ability to complete the annual financial statement audit in the required time frames would also occur.
Johanns also worried that (1) auditors would need to hire legal expertise to identify potential compliance and legal violations, which again would push up audit fees; and (2) that auditors would become so worried about potential liability for missing a legal violation that they might shift their focus away from the financial statement part of the audit. Which, let’s remember, is what we’re supposedly paying auditors to do.
We also have an interesting letter from the Audit Committee Council, an association of corporate board directors that acts under the auspices of the Center for Audit Quality, a lobbying group for the audit industry. The Audit Committee Council also opposed the PCAOB proposal for all the reasons we’ve heard from the audit community all along: the scope of the proposal is too broad, it forces auditors to act like lawyers, and it will drive up the costs of the audit without a commensurate benefit to investors.
The Audit Committee Council didn’t expressly say the PCAOB should kill its proposal, but did say any final new standard “should keep the auditor focused on [violations] that could materially impact the financial statements.”
What might that look like? Well, U.S. accounting rules require companies to accrue contingency funds for penalties and lawsuits related to compliance violations, along a spectrum of “remote,” “reasonably possible” to “probable” likelihood of a penalty. Maybe this standard could operate on a similar scale, the Council suggested.
One important point: We have not yet seen any comments from the Big 4 audit firms. I know those folks are working on it, and their comments will be especially important because they’re probably the only audit firms that could actually handle what the PCAOB is proposing here — and even then, my sources inside the Big 4 generally think this is a terrible idea.
What Happens Next
What happens next is more comment letters, probably a bundle just before the Aug. 7 deadline and then more letters after that. (Most agencies don’t pay too much heed to the posted deadlines, so don’t let that stop you if you have something to say.) Then the PCAOB will digest the comments and either release a final standard for adoption at some future date or perhaps issue an entirely new proposal to start the process all over again.
For now, I’m struck that compliance officers generally support the proposal’s aims, while auditors warn about its practical implications for corporations. Quite simply, this is a noble idea that could cost companies an exorbitant amount of money, for relatively little new assurance to investors. I’m all for compliance officers playing a strong, vital role in their enterprises, but are we really sure that juice is worth the squeeze?