Darning Socks: Audit Report Proposal Promises More Holes Down The Road

Almost seventy years. That’s how long it’s taken for a regulator to propose substantive changes to the auditor’s report that have a snowball’s chance of happening.

Several commissions examined both the auditor’s responsibilities and the form of the auditor’s report in the 1970s and 1980s. These commissions made several recommendations to change the auditor’s report; however, only a limited number of changes were made in response to these recommendations.

In 2008, the U.S. Department of the Treasury’s Advisory Committee on the Auditing Profession (“ACAP”) recommended that the PCAOB undertake a standard-setting initiative to consider improvements to the auditor’s standard reporting model. The ACAP report noted that “some believe…[that the] standardized wording does not adequately reflect the amount of auditor work and judgment.”

But don’t get too excited. The same sticky issues come up every time, get tossed around and then get dropped until the next scandal or crisis provides an impetus for a discussion again. The financial crisis prompted the PCAOB to get the assignment to dig up the old discussions again in 2008. The auditor reporting model, more or less the same since the 1940s, didn’t address the growing use of judgments and estimates, including those related to fair value measurements of thinly traded securities, especially derivatives. Banks maintained balance sheets pumped up by high valuations for overrated mortgage-backed securities even though market values were dropping like boulders all over. The auditor’s report did nothing to explain the amount of subjectivity and risk of error in the valuation process or warn how quickly the values could go much lower.

Every time the subject of the “boilerplate” auditor’s report comes up, the issue of the current pass/fail model does, too. The binary approach doesn’t allow for a deeper public discussion of how the audit of the financial statements was performed and which problems were encountered along the way that might be of interest to investors.

We’ve been down this road before with no meaningful result. So what is the PCAOB proposing this time?

The latest proposed auditor reporting standard does not eliminate the pass/fail model. Why not?

PCAOB board member Lew Ferguson explains:

There was widespread agreement that the present binary form of the auditor’s reporting model is useful but in a limited way. Many financial statement users indicated that they merely glance at the auditor’s report to make sure that the opinion is unqualified and then move on to other more useful information when analyzing an entity’s financial statements.

So, a pass/fail approach makes it easy for investors to move on to “other useful information” or to see the company may be in serious trouble. But there’s nothing in between and a widespread perception there’s nothing more in the report for investors except useless boilerplate. Right now “other useful information” comes only from the financial statements themselves not the auditor.

Now that audit firm rotation in the US is essentially blocked by the negative vote in a US congressional committee, the PCAOB proposal throws in a requirement for auditor tenure information to satisfy investors who still have the urge to know at least the age of the auditor-client relationship. Audit firms and corporations strongly object to this requirement because it might be “misleading”. Apparently there is no current academic research that definitively answers the question whether long auditor tenure negatively impacts auditor independence and objectivity. I wonder why accounting academic community, funded by research grants from the Big 4 firms and encouraged by Big 4 recruiting of their students, still hasn’t put this important question to bed?

The PCAOB proposal requires that language be added to the report about auditor independence. But it’s not, “Our firm is independent under the auditing standards”, but some more worthless boilerplate such as, “The firm understands the existing standards for auditor independence”, that’s only intended to serve as a reminder to all of the obligations.

Ok, then.

The biggest proposed change, and the one I’d like to focus on, is the new requirement for the auditor to explain in its report all critical audit matters addressed during the audit. If there are no critical audit matters, according to the auditor, the auditor would explain that the auditor determined that none exist.

What’s wrong with this picture?

PCAOB board member Steve Harris:

“…the proposals require an auditor to report on what he or she has identified as “critical audit matters.” These are issues “addressed during the audit” that the auditor determines involved the most difficult, subjective or complex audit judgments, posed the most difficulty in terms of obtaining audit evidence, or posed the most difficulty when forming his or her opinion on the financial statements.

Such a change, if conceived and expressed carefully, might well alter the landscape of the audit report and go a substantial way to meeting the need for communication of areas of high audit risk. The language in today’s proposals, however, does not appear to me to create a rule that will be sure to do that.”

What do I think? I was quoted by the Financial Times on the day the proposal was announced.

“The audit firms are very much against even this mild expansion of what they may be required to say,” said Francine McKenna, a former auditor and a critic of many of the profession’s failings. “They would rather say less not more, because they’re very strongly aligned with management who are concerned about them usurping their role.”

Former Arthur Andersen counsel and blogger at re:Balance Jim Peterson is more blunt:

…no more a “game change” than raising the stakes from a penny to a nickel.

That’s because the PCAOB is playing it small all the way. Board member Steven Harris emphasized “the need not to change what auditors do, but to change how they report what they do” (The emphasis is his, not mine). Board member Lewis Ferguson concurred, noting that “the standard does not require the auditor to do any additional work.”

To focus on what auditors currently do, however, misses entirely the point of investor concern. The famous and misunderstood “expectations gap” has never been about what auditors do. The gap does not even exist, in the minds or the behavior of investors until it bursts forth after a major corporate fraud or failure…

And on the subject of whether the proposal is money in the bank for auditor defense lawyers, Peterson nails it:

One thing is for sure – the PCAOB anxiety about creating a bull market in boilerplate language is well founded. Defensive file-stuffing will prevail, as the Big Four prepare for the double-layered second-guessing in their future PCAOB inspections. Not only “Why was this issue not deemed a ‘critical audit matter’?” – but also “How did you decide that this ‘critical’ matter did not require disclosure?”

So, it may be safely predicted that every Big Four client will have some minimum number of “critical audit matters.”

Lawyers who sue audit firms on behalf of investors must meet a requirement under the Private Securities Litigation and Reform Act (PSLRA) to plead, with particularity, the “strong inference”of scienter. Scienter is the intent to deceive, manipulate, or defraud. That’s what’s necessary if plaintiffs want to sustain their allegations in a securities claim under the Securities and Exchange Act of 1934 Section 10(b).

The “strong inference” of scienter requirement is a significant decision point in the auditor litigation process. Did the auditor knowingly participate in the fraud or with conscious disregard of the fraud being committed or was its audit so deficient as to be reckless? The standard of recklessness is very stringent when the defendant is an external auditor. The accounting practices must be proven to have been so deficient that the audit amounted to no audit at all, or “an egregious refusal to see the obvious, or to investigate the doubtful,” or that the accounting judgments which were made were such that no reasonable accountant would have made the same decisions if confronted with the same facts.

It’s at this point that a lot of lawsuits against auditors get dismissed or, if there’s something there, they settle. Big Four audit firms rarely go to trial. Will new disclosures in the audit report encourage plaintiffs to try out all new arguments claiming something in the new disclosures (or something missing from them) should put their case through the “strong inference” gate? Courts will have no precedent to instruct them what to do with whatever new language develops. Will the next decade or more be spent sorting it out, similar to what the courts went through after the PSLRA was enacted? We debated, and still debate, what the “strong inference” requirement means and how to apply it.

So I asked some lawyers, one defense lawyer and two plaintiffs lawyers, if they believe the new “critical audit matters” would have an impact on how they litigate auditor liability cases.

Steven Singer at Bernstein Litowitz Berger & Grossman who represents investors who sue auditors:

I think the proposals will potentially provide investors with useful information, and I do not think they will make it easier for plaintiffs to prove scienter on the part of an auditor. If an auditor is doing its job properly, it has nothing to worry about from these proposals.

Bennett Lasko at Drinker Biddle who represents audit firms sued by investors:

The new standard will create a new set of ways ‘for the BLBG’s of the world’ to try to allege scienter. It’s a list of new items that plaintiffs can raise at the pleading stage, and the courts will need many years to develop a body of precedent and resolve whether the new allegations are or aren’t sufficient.

Steven Thomas of Thomas, Alexander & Forrester, has a lot to say about the issue, as usual. Thomas sues audit firms on behalf of investors and is, right now, getting ready to go to trial — Yes, go to trial — against Deloitte on behalf of the trustee in bankruptcy of fraudster loan originator Taylor Bean and Whitaker.  (That trial is scheduled to start in Miami on October 21 of this year.)

This is not about whether it makes it harder or easier for plaintiffs and their lawyers. The only thing that matters is that auditors need to do their job. The PCAOB proposal is a small step in that direction. I don’t think it makes them harder or easier to sue. Generally, we can already tell by talking to the audit client whether the auditor missed a critical issue, and a review of the workpapers provides similar confirmation.

I think the bigger issue is if this broken industry can be fixed. I think the answer is no. Private auditors have demonstrated, repeatedly, that they ignore their public duty provided for in their own ethical rules. Private auditors have demonstrated, repeatedly, that their incentive is look out for themselves, not investors. The grand bargain struck with the auditing profession—auditors get a law compelling public companies to hire them and auditors in exchange for this monopoly owe “ultimate allegiance” as the “public watchdog” to the “public”—has been breached.

I believe the answer is to take audits away the accounting firms and provide for audits through the PCAOB. Then the accounting firms will not have to worry about Steven Thomas or any other plaintiffs’ lawyer for their audits.

I’d love to hear what you think.