– It’s not your Global audit regulation grandfather’s audit report anymore

Global audit regulation – It’s not your
grandfather’s audit report anymore
William Kinney
University of Texas at Austin
(member: IAASB)
Conference on Regulation and the Audit Industry
University of Oklahoma
Norman, Oklahoma
May 18, 2012
Outline
• Background on audit regulation in the U.S. vs. rest
of the world
• 2012 geo-political economy regulatory issue: Three
approaches to change in a global market
• Research Opportunities in Audit Regulation via
Theory development, Archival Studies, Experiments
– What you can add
1. Questions about Accounting and
Auditing standards
• Would it be good to have information comparable in
relevance and reliability for all public companies
around the globe?
• Is standardized world-wide financial reporting
possible?
• What about voluntary standards
– set “in sun shine” by independent experts in the
public interest with
– global independent oversight, and
– patchwork enforcement by stock exchanges,
public interest groups, global network firms, and
national governments?
Three uses of standardized
audited financial information
• by management – to better run the
business
• by investors and creditors – to make
investment and lending decisions
• by those charged with governance
(including governments) – to make
intervention decisions
Can national private partnerships be expected
to serve the global public interest?
Financial reporting laws, regulations, and
standards across borders
EU law/ EC directives/ Sec. reg.??
US law/ Sec. reg.
UK law/ Sec. reg.?
FR law/ Sec. reg.?
•UK national
•FR national
•US national
FRF&AudStds
FRF&AudStds
Global
Financial ReportingFRF&AudStds
Framework and Auditing
Standards
•LSE rules
•Borse rules
•NYSE rules
•UK private lit.
•FR private lit.
•US private lit.
US culture/
contracts/
governance
A, Inc. B, Inc.
C Corp.
UK culture/
contracts/
governance
D, Inc. E, Inc.
F Corp.
Who will interpret and enforce these
FRFs and AudStds? Will they differ?
FR culture/
contracts/
governance
G, Inc. H, Inc.
I Corp.
U.S. Financial Reporting Regulators
post-2002
SEC
FASB
GAAP
PCAOB
Internal
Control
(COSO)
Measurement criteria
Aud.
Stds.
QuCtl.
Stds.
Indep
Stds.
Inspect/
Enforce
Application of criteria
E.U. Financial Reporting Regulators
(with member differences*) 2008
EU (none)
National?
IASB
IFRS
x
Turnbull,
Venoit,…
IAASB
ISAs
Qual
Ctl stds Indep
x
Inspect/
enforce
ISAEs
Measurement criteria
Application of criteria
* Red Italics means national regulations only (i.e., jurisdictional version)
International Federation of Accountants
(IFAC)
• Mission: to serve the public interest, IFAC will
continue to strengthen the worldwide accountancy
profession and contribute to the development of
strong international economies by establishing and
promoting adherence to high-quality professional
standards, furthering the international convergence of
such standards and speaking out on public interest
issues where the profession’s expertise is most
relevant.
• Standards: IAASB (auditing), IESBA (ethics), IAESB
(education), IPSASB (public sector accounting)
Top Ten differences in design and
operation of IAASB and PCOAB
IAASB
PCAOB
• Global by design
• Some global influence via
inspections of foreign filers
• Market-driven services (e.g.,
no ICFR audits)
• Public interest objective –
no ability to Inspect/ Enforce
• Statute-driven (domestic
crisis politics as force)
• Investor protection objective
Inspections drive Enforcement (but not Standards)
• Mandated by U.S. law, no
cost effectiveness test
• May read summaries, but
won’t assist independent
research
• Voluntary adoption (quality
of standards is raison d'être)
• Sponsors and commissions
scholarly research
Top Ten differences in design and
operation of IAASB and PCOAB (cont’d)
IAASB
• Developed in sunshine
• Diversity (9 practice members, 9
not), 18 Tech Advisors, 8 IFAC
staff, Task Forces, other experts,
PCAOB
• Unknown - not much sunshine
• Three non-CPAs, two CPAs
(no practice members) 24
standards staff, SAG?
CAG, SME, SMP, NSS
• Audit expertise on Board
• Independent in selection,
oversight, oath (only Ch. Is paid)
• No expertise necessary
• Staff is hired/paid by Board
• Independent oversight by PIOB
• Oversight by SEC personnel
(but to date, no public reports)
(appointed by Monitoring Group:
Basel Group, WorldBank, IOSCO,
Int. Assoc. of Insurance Supervisors,
observed by Financial Stability Forum
and Int. Fed. of Independent Audit
Regulators)
Adoption of ISAs around the globe
• 100+ countries (CN, MX, BZ, UK, GR, FR, IT, AU, CH, JN,
Pakistan, SA, Kenya . . .)
•
•
•
•
Global network firm/ gov. methodologies
European Commission?
PCAOB?
Statements of key players on U.S. adoption:
– U.S. Government Accountability Office
– IOSCO (U.S. SEC is a member, oversees PCAOB)
– U.S. Chamber of Commerce
Known barriers to PCAOB adoption of ISAs?
Primary technical differences between
IAASB’s ISA’s and PCOAB’s AS’s
IAASB
•
•
•
•
•
PCAOB
No IC audit – enhanced IC
reporting?
Group audits – no reference to
Component auditor
Confirmations – no special status
•
IC audits – all major processes
•
Fraud and FV audit guidance revised
2006-2011
Documentation to support audit
conduct
•
Group audits – reference to
Component auditor optional
Confirmations required – even
if not deemed reliable
Fraud and FV audit guidance
per AICPA, circa 2003
Documentation to support
inspections – “didn’t document,
then didn’t do it”
•
•
ISA Financial Audit for each important assertion
and identified process (with enhanced reporting)
CR = 1
DR
Choice
IR
Adjustments/
corrections
CR < 1
If due to IC Def.*
DR
Opinion
on MM
Adj/Corr to
Aud. Com
If due to IC Def*
Sig. Def. to
Aud. Com
Financial audit
Enhanced reporting
+
*
If due to MW
analyze material and/or numerous year-end adjustments as to cause and
report to investors if due to MW in ICFR.
70% of MW firms identified via (per Audit Analytics coding of ICFR filings with SEC).
Report
on MW
Bedard and Graham
The Accounting Review 2010
• Studied 144 audits under AS 2, multiple
firms
• Access to work papers and personnel
• Found:
3,990 internal control deficiencies
15 firms had material weaknesses
11 associated with corrections/adj
2. Auditor’s reports - 2012
Diagram 1: Illustration of the “information gap” (IAASB 2011)
Available to users
Financial
statements and
other public
information
Users
Auditor’s
report
Private and
undisclosed
Entity information
Entity information
relevant to the
audit
Information about
audit scope,
process and
findings
For which of these three areas do user’s seem to want information???
IAG Survey on “Improving the
Auditor’s Report” 3/16/11
• Who is the IAG and can we trust them?
• What are their complaints?
• What are their suggestions for possible
change?
• Do their suggestions:
– Extend the auditor’s audit procedures (and thus
raise audit cost)?
– Report something that is not already discussed
with the Audit Committee?
– Go beyond disclosures required by GAAP?
– Harm the company with competitors?
IAG excerpts (3/16/11)
Beyond
GAAP?
What is “FS
Risk?”
Beyond
GAAP?
What
Criteria?
2.a PCAOB proposals
(Concepts Release 2011)
1. AD&A: views on “significant matters” including “audit
risks identified, audit procedures and results, and
auditor independence . . . auditor’s views on the
financial statements, estimates, policies, ‘close calls’”
2. Required “emphasis of matter” para. for AD&A in 1.
3. Auditor assurance on other information: MD&A, nonGAAP information in earnings releases (re: AU 550).
4. Clarification of language in standard auditor’s report:
reasonable assurance, responsibility for fraud,
management’s and auditor’s responsibilities for
statements, and other information.
2.b EC proposals:
(Statutory Audits of Public-Interest Entities 11/11)
Article 22: The auditor’s report:
2. Shall, at least:
(h) describe extent of direct verification vs. system testing;
(j) detail the level of materiality applied;
(k) identify key areas of risk of material misstatement;
(l) describe “situation of entity” including ability to meet
future obligations and thus going concern ability;
(m) assess significant internal control deficiencies
identified during the audit;
(q) Identify each member of the audit engagement team.
4. Shall be < 4 pages in length (<10,000 characters).
5. Shall be signed and dated [by partner]
2.c IAASB “bridging” solution
(Invitation to Comment, June 2012)
• Combines, refines, and synthesizes national
regulators’ “wish lists” into an integrated
whole acceptable on a global basis.
• Expands auditor’s report to:
–
–
–
–
Maintain “report card grade”
Clarify “going concern”
Explain “risk-based” and terminology
Provide “auditor commentary” (EoM, OM)
• Can it meet national regulators’ demands?
Independent Auditor’s Standard Report
(Proposed)
Report on FS
(ISA 700 today)
Report on FS
Opinion
We have audited . . .
Basis for Opinion
Management responsibilities
Going Concern assumption valid . . .
Auditor responsibilities
Auditor Commentary (2 – 10 items)
Opinion
Respective responsibilities
Management, TCWG
Auditor
Report on other req’d information:
Audit firm/ engagement partner/ date
Report on other req’d information:
Audit firm/ date
3. Ten Broad Research questions
• Auditor Commentary:
– Input: what criteria? not required by GAAP or law. confidentially
applies. can auditors interpret FS “meaning?”
– Output: Can users understand audit procedure implications?
Does commentary imply “piecemeal opinion” on item?
• Effect of a) explicit “going concern” assurance and b)
explicit management statement per IFRS vs. US GAAP?
• Limits imposed by: “issuer pays” model and auditor as
“assurer” rather than “originator” of information
• The auditor’s “true client” is: management, audit
committee, investors, potential investors?
• Is independent AC a suitable substitute for investors?
Ten broad research questions (cont’d)
• Economics of control process information: what do
individual users need? And at what cost?
• PCAOB sets, inspects against, and enforces it own
standards – incompatible? what are the perils?
• Can Inspection Comments identify bad extant
standards?
• Mechanism design and theories for voluntary standards
in global economy with national enforcement
• International treaties and agreement for national
governments to cede decision authority viable for global
enforcement?
Conclusion
• There are problems with and questions about
standardized global financial reporting
• No single “silver bullet” solution, but
• Apparent demand for
– market-driven mechanisms (broadly defined)
– expertise of independent public interest groups
– appropriate oversight at all levels with appropriate
national government enforcement
• What mechanism design do you like best
. . . and why?