Global audit regulation – It’s not your grandfather’s audit report anymore

William KinneyUniversity of Texas at Austin

(member: IAASB)

Conference on Regulation and the Audit Industry University of Oklahoma

Norman, OklahomaMay 18, 2012

• Background on audit regulation in the U.S. vs. rest of the world

• 2012 geo-political economy regulatory issue: Three approaches to change in a global market

• Research Opportunities in Audit Regulation via Theory development, Archival Studies, Experiments – What you can add

Outline

• Would it be good to have information comparable in relevance and reliability for all public companies around the globe?

• Is standardized world-wide financial reporting possible?

• What about voluntary standards – set “in sun shine” by independent experts in the

public interest with– global independent oversight, and – patchwork enforcement by stock exchanges,

public interest groups, global network firms, and national governments?

1. Questions about Accounting and

Auditing standards

• by management – to better run the business

• by investors and creditors – to make investment and lending decisions

• by those charged with governance (including governments) – to make intervention decisions

Three uses of standardized audited financial information

Can national private partnerships be expected to serve the global public interest?

Financial reporting laws, regulations, and standards across borders

A, Inc. B, Inc. C Corp.

• US national FRF&AudStds• NYSE rules• US private lit.

• UK national FRF&AudStds• LSE rules• UK private lit.

US law/ Sec. reg.

UK law/ Sec. reg.?

US culture/ contracts/ governance

FR law/ Sec. reg.?

G, Inc. H, Inc. I Corp.

• FR national FRF&AudStds• Borse rules• FR private lit.

FR culture/ contracts/ governance

D, Inc. E, Inc. F Corp.

UK culture/ contracts/ governance

EU law/ EC directives/ Sec. reg.??

Who will interpret and enforce theseFRFs and AudStds? Will they differ?

Global Financial Reporting Framework and Auditing Standards

U.S. Financial Reporting Regulators post-2002

SEC

FASB

GAAP

Measurement criteria Application of criteria

PCAOB

Inspect/Enforce

Aud.Stds.

QuCtl.Stds.

IndepStds.

Internal Control(COSO)

E.U. Financial Reporting Regulators (with member differences*) 2008

EU (none)National?

IASB

IFRS

IAASB

ISAs QualCtl stds Indep

Measurement criteria Application of criteria

Inspect/ enforce

x

* Red Italics means national regulations only (i.e., jurisdictional version)

xTurnbull,Venoit,…

ISAEs

International Federation of Accountants (IFAC)

• Mission: to serve the public interest, IFAC will continue to strengthen the worldwide accountancy profession and contribute to the development of strong international economies by establishing and promoting adherence to high-quality professional standards, furthering the international convergence of such standards and speaking out on public interest issues where the profession’s expertise is most relevant.

• Standards: IAASB (auditing), IESBA (ethics), IAESB (education), IPSASB (public sector accounting)

Top Ten differences in design and operation of IAASB and PCOAB

• Global by design

• Market-driven services (e.g., no ICFR audits)

• Public interest objective – no ability to Inspect/ Enforce

• Voluntary adoption (quality of standards is raison d'être)

• Sponsors and commissions scholarly research

• Some global influence via inspections of foreign filers

• Statute-driven (domestic crisis politics as force)

• Investor protection objective Inspections drive Enforce-

ment (but not Standards)• Mandated by U.S. law, no

cost effectiveness test• May read summaries, but

won’t assist independent research

IAASB PCAOB

Top Ten differences in design and operation of IAASB and PCOAB (cont’d)

• Developed in sunshine • Diversity (9 practice members, 9

not), 18 Tech Advisors, 8 IFAC staff, Task Forces, other experts, CAG, SME, SMP, NSS

• Audit expertise on Board• Independent in selection,

oversight, oath (only Ch. Is paid)

• Independent oversight by PIOB (appointed by Monitoring Group: Basel Group, WorldBank, IOSCO, Int. Assoc. of Insurance Supervisors, observed by Financial Stability Forum and Int. Fed. of Independent Audit Regulators)

• Unknown - not much sunshine • Three non-CPAs, two CPAs

(no practice members) 24 standards staff, SAG?

• No expertise necessary• Staff is hired/paid by Board

• Oversight by SEC personnel(but to date, no public reports)

IAASB PCAOB

Adoption of ISAs around the globe• 100+ countries (CN, MX, BZ, UK, GR, FR, IT, AU, CH, JN,

Pakistan, SA, Kenya . . .)• Global network firm/ gov. methodologies• European Commission?• PCAOB?• Statements of key players on U.S. adoption:

– U.S. Government Accountability Office– IOSCO (U.S. SEC is a member, oversees PCAOB)– U.S. Chamber of Commerce

Known barriers to PCAOB adoption of ISAs?

Primary technical differences between IAASB’s ISA’s and PCOAB’s AS’s

• No IC audit – enhanced IC reporting?

• Group audits – no reference to Component auditor

• Confirmations – no special status

• Fraud and FV audit guidance revised 2006-2011

• Documentation to support audit conduct

• IC audits – all major processes

• Group audits – reference to Component auditor optional

• Confirmations required – even if not deemed reliable

• Fraud and FV audit guidance per AICPA, circa 2003

• Documentation to support inspections – “didn’t document, then didn’t do it”

IAASB PCAOB

ISA Financial Audit for each important assertion and identified process (with enhanced reporting)

+ analyze material and/or numerous year-end adjustments as to cause and report to investors if due to MW in ICFR.

* 70% of MW firms identified via (per Audit Analytics coding of ICFR filings with SEC).

Reporton MW

Adj/Corr toAud. Com

IR

CR < 1 DR

Adjustments/ corrections

Opinionon MM

Choice

Adj/Corr toAud. Com

DR CR = 1

Sig. Def. toAud. Com

If due to IC Def.*

If due to MW

If due to IC Def*

Financial audit

Enhanced reporting

Bedard and GrahamThe Accounting Review 2010

• Studied 144 audits under AS 2, multiple firms

• Access to work papers and personnel• Found:

3,990 internal control deficiencies 15 firms had material weaknesses 11 associated with corrections/adj

Diagram 1: Illustration of the “information gap” (IAASB 2011)

Available to users

Financial statements and other public information

Users

Information about audit scope, process and findings

Entity information relevant to the audit

Entity information

Private and undisclosed

Auditor’s report

For which of these three areas do user’s seem to want information???

2. Auditor’s reports - 2012

IAG Survey on “Improving the Auditor’s Report” 3/16/11

• Who is the IAG and can we trust them?• What are their complaints?• What are their suggestions for possible

change?• Do their suggestions:

– Extend the auditor’s audit procedures (and thus raise audit cost)?

– Report something that is not already discussed with the Audit Committee?

– Go beyond disclosures required by GAAP?– Harm the company with competitors?

IAG excerpts (3/16/11)

BeyondGAAP?

What is “FS Risk?”

BeyondGAAP?What Criteria?

2.a PCAOB proposals(Concepts Release 2011)

1. AD&A: views on “significant matters” including “audit risks identified, audit procedures and results, and auditor independence . . . auditor’s views on the financial statements, estimates, policies, ‘close calls’”

2. Required “emphasis of matter” para. for AD&A in 1.3. Auditor assurance on other information: MD&A, non-

GAAP information in earnings releases (re: AU 550).4. Clarification of language in standard auditor’s report:

reasonable assurance, responsibility for fraud, management’s and auditor’s responsibilities for statements, and other information.

2.b EC proposals: (Statutory Audits of Public-Interest Entities 11/11)

Article 22: The auditor’s report:2. Shall, at least:

(h) describe extent of direct verification vs. system testing; (j) detail the level of materiality applied; (k) identify key areas of risk of material misstatement; (l) describe “situation of entity” including ability to meet

future obligations and thus going concern ability; (m) assess significant internal control deficiencies

identified during the audit;(q) Identify each member of the audit engagement team.

4. Shall be < 4 pages in length (<10,000 characters). 5. Shall be signed and dated [by partner]

2.c IAASB “bridging” solution(Invitation to Comment, June 2012)

• Combines, refines, and synthesizes national regulators’ “wish lists” into an integrated whole acceptable on a global basis.

• Expands auditor’s report to:– Maintain “report card grade”– Clarify “going concern”– Explain “risk-based” and terminology– Provide “auditor commentary” (EoM, OM)

• Can it meet national regulators’ demands?

Independent Auditor’s Standard Report (Proposed) (ISA 700 today)

Report on FS Report on FS

Report on other req’d information:

Respective responsibilities

Opinion

Basis for Opinion

Going Concern assumption valid . . .

Auditor Commentary (2 – 10 items)

Management, TCWG

Auditor

Audit firm/ engagement partner/ date

We have audited . . .

Opinion

Management responsibilities

Auditor responsibilities

Report on other req’d information:

Audit firm/ date

3. Ten Broad Research questions• Auditor Commentary:

– Input: what criteria? not required by GAAP or law. confidentially applies. can auditors interpret FS “meaning?”

– Output: Can users understand audit procedure implications? Does commentary imply “piecemeal opinion” on item?

• Effect of a) explicit “going concern” assurance and b) explicit management statement per IFRS vs. US GAAP?

• Limits imposed by: “issuer pays” model and auditor as “assurer” rather than “originator” of information

• The auditor’s “true client” is: management, audit committee, investors, potential investors?

• Is independent AC a suitable substitute for investors?

Ten broad research questions (cont’d)

• Economics of control process information: what do individual users need? And at what cost?

• PCAOB sets, inspects against, and enforces it own standards – incompatible? what are the perils?

• Can Inspection Comments identify bad extant standards?

• Mechanism design and theories for voluntary standards in global economy with national enforcement

• International treaties and agreement for national governments to cede decision authority viable for global enforcement?

Conclusion

• There are problems with and questions about standardized global financial reporting

• No single “silver bullet” solution, but • Apparent demand for

– market-driven mechanisms (broadly defined)– expertise of independent public interest groups– appropriate oversight at all levels with appropriate

national government enforcement• What mechanism design do you like best

. . . and why?