Global audit regulation – It’s not your grandfather’s audit report anymore William Kinney University of Texas at Austin (member: IAASB) Conference on Regulation and the Audit Industry University of Oklahoma Norman, Oklahoma May 18, 2012 Outline • Background on audit regulation in the U.S. vs. rest of the world • 2012 geo-political economy regulatory issue: Three approaches to change in a global market • Research Opportunities in Audit Regulation via Theory development, Archival Studies, Experiments – What you can add 1. Questions about Accounting and Auditing standards • Would it be good to have information comparable in relevance and reliability for all public companies around the globe? • Is standardized world-wide financial reporting possible? • What about voluntary standards – set “in sun shine” by independent experts in the public interest with – global independent oversight, and – patchwork enforcement by stock exchanges, public interest groups, global network firms, and national governments? Three uses of standardized audited financial information • by management – to better run the business • by investors and creditors – to make investment and lending decisions • by those charged with governance (including governments) – to make intervention decisions Can national private partnerships be expected to serve the global public interest? Financial reporting laws, regulations, and standards across borders EU law/ EC directives/ Sec. reg.?? US law/ Sec. reg. UK law/ Sec. reg.? FR law/ Sec. reg.? •UK national •FR national •US national FRF&AudStds FRF&AudStds Global Financial ReportingFRF&AudStds Framework and Auditing Standards •LSE rules •Borse rules •NYSE rules •UK private lit. •FR private lit. •US private lit. US culture/ contracts/ governance A, Inc. B, Inc. C Corp. UK culture/ contracts/ governance D, Inc. E, Inc. F Corp. Who will interpret and enforce these FRFs and AudStds? Will they differ? FR culture/ contracts/ governance G, Inc. H, Inc. I Corp. U.S. Financial Reporting Regulators post-2002 SEC FASB GAAP PCAOB Internal Control (COSO) Measurement criteria Aud. Stds. QuCtl. Stds. Indep Stds. Inspect/ Enforce Application of criteria E.U. Financial Reporting Regulators (with member differences*) 2008 EU (none) National? IASB IFRS x Turnbull, Venoit,… IAASB ISAs Qual Ctl stds Indep x Inspect/ enforce ISAEs Measurement criteria Application of criteria * Red Italics means national regulations only (i.e., jurisdictional version) International Federation of Accountants (IFAC) • Mission: to serve the public interest, IFAC will continue to strengthen the worldwide accountancy profession and contribute to the development of strong international economies by establishing and promoting adherence to high-quality professional standards, furthering the international convergence of such standards and speaking out on public interest issues where the profession’s expertise is most relevant. • Standards: IAASB (auditing), IESBA (ethics), IAESB (education), IPSASB (public sector accounting) Top Ten differences in design and operation of IAASB and PCOAB IAASB PCAOB • Global by design • Some global influence via inspections of foreign filers • Market-driven services (e.g., no ICFR audits) • Public interest objective – no ability to Inspect/ Enforce • Statute-driven (domestic crisis politics as force) • Investor protection objective Inspections drive Enforcement (but not Standards) • Mandated by U.S. law, no cost effectiveness test • May read summaries, but won’t assist independent research • Voluntary adoption (quality of standards is raison d'être) • Sponsors and commissions scholarly research Top Ten differences in design and operation of IAASB and PCOAB (cont’d) IAASB • Developed in sunshine • Diversity (9 practice members, 9 not), 18 Tech Advisors, 8 IFAC staff, Task Forces, other experts, PCAOB • Unknown - not much sunshine • Three non-CPAs, two CPAs (no practice members) 24 standards staff, SAG? CAG, SME, SMP, NSS • Audit expertise on Board • Independent in selection, oversight, oath (only Ch. Is paid) • No expertise necessary • Staff is hired/paid by Board • Independent oversight by PIOB • Oversight by SEC personnel (but to date, no public reports) (appointed by Monitoring Group: Basel Group, WorldBank, IOSCO, Int. Assoc. of Insurance Supervisors, observed by Financial Stability Forum and Int. Fed. of Independent Audit Regulators) Adoption of ISAs around the globe • 100+ countries (CN, MX, BZ, UK, GR, FR, IT, AU, CH, JN, Pakistan, SA, Kenya . . .) • • • • Global network firm/ gov. methodologies European Commission? PCAOB? Statements of key players on U.S. adoption: – U.S. Government Accountability Office – IOSCO (U.S. SEC is a member, oversees PCAOB) – U.S. Chamber of Commerce Known barriers to PCAOB adoption of ISAs? Primary technical differences between IAASB’s ISA’s and PCOAB’s AS’s IAASB • • • • • PCAOB No IC audit – enhanced IC reporting? Group audits – no reference to Component auditor Confirmations – no special status • IC audits – all major processes • Fraud and FV audit guidance revised 2006-2011 Documentation to support audit conduct • Group audits – reference to Component auditor optional Confirmations required – even if not deemed reliable Fraud and FV audit guidance per AICPA, circa 2003 Documentation to support inspections – “didn’t document, then didn’t do it” • • ISA Financial Audit for each important assertion and identified process (with enhanced reporting) CR = 1 DR Choice IR Adjustments/ corrections CR < 1 If due to IC Def.* DR Opinion on MM Adj/Corr to Aud. Com If due to IC Def* Sig. Def. to Aud. Com Financial audit Enhanced reporting + * If due to MW analyze material and/or numerous year-end adjustments as to cause and report to investors if due to MW in ICFR. 70% of MW firms identified via (per Audit Analytics coding of ICFR filings with SEC). Report on MW Bedard and Graham The Accounting Review 2010 • Studied 144 audits under AS 2, multiple firms • Access to work papers and personnel • Found: 3,990 internal control deficiencies 15 firms had material weaknesses 11 associated with corrections/adj 2. Auditor’s reports - 2012 Diagram 1: Illustration of the “information gap” (IAASB 2011) Available to users Financial statements and other public information Users Auditor’s report Private and undisclosed Entity information Entity information relevant to the audit Information about audit scope, process and findings For which of these three areas do user’s seem to want information??? IAG Survey on “Improving the Auditor’s Report” 3/16/11 • Who is the IAG and can we trust them? • What are their complaints? • What are their suggestions for possible change? • Do their suggestions: – Extend the auditor’s audit procedures (and thus raise audit cost)? – Report something that is not already discussed with the Audit Committee? – Go beyond disclosures required by GAAP? – Harm the company with competitors? IAG excerpts (3/16/11) Beyond GAAP? What is “FS Risk?” Beyond GAAP? What Criteria? 2.a PCAOB proposals (Concepts Release 2011) 1. AD&A: views on “significant matters” including “audit risks identified, audit procedures and results, and auditor independence . . . auditor’s views on the financial statements, estimates, policies, ‘close calls’” 2. Required “emphasis of matter” para. for AD&A in 1. 3. Auditor assurance on other information: MD&A, nonGAAP information in earnings releases (re: AU 550). 4. Clarification of language in standard auditor’s report: reasonable assurance, responsibility for fraud, management’s and auditor’s responsibilities for statements, and other information. 2.b EC proposals: (Statutory Audits of Public-Interest Entities 11/11) Article 22: The auditor’s report: 2. Shall, at least: (h) describe extent of direct verification vs. system testing; (j) detail the level of materiality applied; (k) identify key areas of risk of material misstatement; (l) describe “situation of entity” including ability to meet future obligations and thus going concern ability; (m) assess significant internal control deficiencies identified during the audit; (q) Identify each member of the audit engagement team. 4. Shall be < 4 pages in length (<10,000 characters). 5. Shall be signed and dated [by partner] 2.c IAASB “bridging” solution (Invitation to Comment, June 2012) • Combines, refines, and synthesizes national regulators’ “wish lists” into an integrated whole acceptable on a global basis. • Expands auditor’s report to: – – – – Maintain “report card grade” Clarify “going concern” Explain “risk-based” and terminology Provide “auditor commentary” (EoM, OM) • Can it meet national regulators’ demands? Independent Auditor’s Standard Report (Proposed) Report on FS (ISA 700 today) Report on FS Opinion We have audited . . . Basis for Opinion Management responsibilities Going Concern assumption valid . . . Auditor responsibilities Auditor Commentary (2 – 10 items) Opinion Respective responsibilities Management, TCWG Auditor Report on other req’d information: Audit firm/ engagement partner/ date Report on other req’d information: Audit firm/ date 3. Ten Broad Research questions • Auditor Commentary: – Input: what criteria? not required by GAAP or law. confidentially applies. can auditors interpret FS “meaning?” – Output: Can users understand audit procedure implications? Does commentary imply “piecemeal opinion” on item? • Effect of a) explicit “going concern” assurance and b) explicit management statement per IFRS vs. US GAAP? • Limits imposed by: “issuer pays” model and auditor as “assurer” rather than “originator” of information • The auditor’s “true client” is: management, audit committee, investors, potential investors? • Is independent AC a suitable substitute for investors? Ten broad research questions (cont’d) • Economics of control process information: what do individual users need? And at what cost? • PCAOB sets, inspects against, and enforces it own standards – incompatible? what are the perils? • Can Inspection Comments identify bad extant standards? • Mechanism design and theories for voluntary standards in global economy with national enforcement • International treaties and agreement for national governments to cede decision authority viable for global enforcement? Conclusion • There are problems with and questions about standardized global financial reporting • No single “silver bullet” solution, but • Apparent demand for – market-driven mechanisms (broadly defined) – expertise of independent public interest groups – appropriate oversight at all levels with appropriate national government enforcement • What mechanism design do you like best . . . and why?