By Jim McFie

Who has the ability to examine the audit files of any audit firm?

If one wants to know what the Public Company Accounting Oversight Board (PCAOB) should do, one can go to the website of the PCAOB. To give you the necessary information about the PCAOB, I want to quote in some detail: “The PCAOB is a nonprofit corporation established by (the US) Congress to oversee the audits of public (that is, US quoted or listed) companies in order to protect investors and the public interest by promoting informative, accurate, and independent audit reports. The PCAOB also oversees the audits of brokers and dealers, including compliance reports filed pursuant to federal securities laws, to promote investor protection. The Sarbanes-Oxley Act of 2002, which created the PCAOB, requires that auditors
of US public companies be subject to external and independent oversight for the first time in history. Previously, the profession was self-regulated. The five members of the PCAOB Board, including the chairman, are appointed to staggered five-year terms by the Securities and Exchange Commission
(SEC), after consultation with the chair of the Board of Governors of the Federal Reserve System and the secretary of the Treasury. The SEC has oversight authority over the PCAOB, including the approval of the
Board’s rules, standards, and budget. The Sarbanes-Oxley Act was amended by the Dodd-Frank Wall Street Reform and Consumer Protection Act in 2010. This latter Act established funding for PCAOB activities,
primarily through annual accounting support fees. These fees are assessed on public companies, based on their relative average monthly market capitalization, and on broker- dealers, based on their relative average
quarterly tentative net capital”.

On 17 December 2019, the PCAOB published a Concept Release entitled “Potential Approach to Revisions to
PCAOB Quality Control Standards” in which the PCAOB is seeking public comment on a potential approach to revising the PCAOB’s quality control standards. This potential approach is based on the proposed international standard on quality management, ISQM 1, with certain differences as appropriate for entities
that are subject to PCAOB standards and rules. The International Auditing and Assurance Standards Board (IAASB) is in the process of updating its firm-level quality control (QC) standard and, in February 2019, published a proposed International Standard on Quality Management

1, “Quality Management for Firms that Perform Audits or Reviews of Financial Statements, or Other Assurance or Related Services Engagements”. Proposed ISQM 1 is designed to focus firms’ attention on proactively identifying and responding to quality risks that may affect engagement quality. The proposed
standard includes specific requirements related to current developments not addressed in PCAOB QC standards. It is strange that the PCAOB is actually behind the IAASB in dealing with quality issues. The general view in the accounting profession in the US is that the US leads the world in setting standards in accounting and auditing. Could it be that the PCAOB is now reacting to criticism by publishing this document? On 28 January 2020, Accounting Today published an article written by Jessica Westerman, titled “Is the PCAOB doing enough?” A body in the US, the “Project on Government Oversight” had published on 5 September 2019 a paper, “How an Agency You’ve Never Heard of Is Leaving the Economy at Risk”.

Jessica Westerman in her 28 January 2020 article concluded that it has become clear that the PCAOB is not doing enough to hold accountable the third-party auditors on which investors rely to audit Wall Street’s largest public companies. She pointed out that there is a bill languishing in Congress that could help, and lawmakers must take action.

I want to take you back to the article published on 5 September 2019 by the Project on Government Oversight (POGO). The article begins with a rant similar to something I read a number of years ago
about Mumias Sugar Company, which, with the passing of time, has turned out to be true. POGO, speaking about the PCAOB and addressing the public in the US, claims that a federal watchdog they have probably never heard of is supposed to be protecting their financial security. It is supposed to be policing some of
the biggest and most powerful firms in American business. It is supposed to reduce the risk that, as a result of fraud, error, or corporate incompetence, their financial future goes down the drain. It is supposed to help safeguard any savings the American public has stashed in the stock market, any stake they have in
a pension or retirement fund, and maybe even their paycheck and employment benefits. This federal watchdog that many have probably never heard of is supposed to be protecting their financial security.
POGO claims that in key respects it has been doing a feeble job. It was supposed to help avert man-made disasters like the financial crisis and mortgage-meltdown of a decade ago; the accounting scandals
that destroyed a long list of corporations such as Enron and WorldCom almost two decades ago; and the savings and loan crisis that consumed mountains of taxpayer money in the 1980s and ‘90s – the kind
of catastrophes that can cripple a community, crater the economy, or collapse the financial system. POGO claims that the PCAOB, over its entire history of more than 16 years, when it comes to some of the biggest firms under its jurisdiction, it has taken disciplinary action over only a  tiny fraction of the apparent violations its staff has identified. Meanwhile, the financial penalties it has imposed pale into insignificance compared to the fines it apparently could have imposed. POGO’s report gives some background information on the history of Wall Street. It points out that after the stock market crash of 1929
helped usher in the Great Depression and showed that companies could not be trusted to tell the truth about their financial performance, the government mandated that companies with publicly traded stock
have themselves audited. Today, the Big Four accounting firms (we in Kenya tend to call them audit firms) audit almost half of all publicly traded companies in the

POGO has studied the PCAOB records over the more than 16 years of its life and has found that its inspection reports have cited 808 instances in which the US Big Four performed  audits that were so defective that the audit firms should not have vouched for a company’s financial statements,
internal controls, or both.

United States and almost all the companies in the S&P 500 index of large corporations.  The accounting firms that audit publicly traded corporations have two key responsibilities. First, they issue reports publicly certifying the companies’ financial statements – which encompass potentially market-moving information such as profits, losses, revenue, and debts. Second, they audit and report on the soundness of companies’ internal controls such as computer systems, accounting procedures, and checks and balances meant to
guard against fraud. The PCAOB audits the auditors. One of its jobs is to annually scrutinize a sample of the audits performed by each of the Big Four, and the audits of public companies performed by other audit or accounting firms. The big difference between the PCAOB and regulators in other jurisdictions is that the
PCAOB issues inspection reports assessing the firms’ compliance with auditing rules or standards promulgated by the PCAOB. Another responsibility of the PCAOB is to enforce the rules and the
relevant laws. Under the Sarbanes-Oxley Act 2002 passed by Congress that created the PCAOB, this regulator was given the power to penalize audit firms as much as $2 million per violation for ordinary
violations and as much as $15 million per violation for more serious violations – those that involve intentional or knowing conduct, including recklessness, or, in the wording of the law, “repeated instances of
negligent conduct.”

POGO has studied the PCAOB records over the more than 16 years of its life and has found that its inspection reports havecited 808 instances in which the US Big Four performed audits that were so defective that the audit firms should not have vouched for a company’s financial statements,
internal controls, or both.

Yet, despite those 808 alleged failures, the PCAOB has brought only 18 enforcement cases against the US Big Four or employees of those firms. Those cases involved a total of 21 audits. POGO claims that
if the 808 audits cited as fatally flawed in the inspection reports were as bad as the reports said, it appears that the regulator could have fined the audit firms more than $1.6 billion, yet since it began its
work, the regulator has fined the US Big Four a total of just $6.5 million – less than one half of one percent of the potential POGO has also complained loudly that the PCAOB is headed by ex-partners of the Big Four audit firms.

At one time the World Bank was about to force Kenya to create a body similar to the PCAOB. But who has the ability to examine the audit files of any audit firm? The answer is qualified auditors. The US
approach to dealing with matters is to call a press briefing, and tell all and sundry about the problem. Unfortunately, it appears “modern” to do things the US way. One example is when you ask a Kenyan
today “How are you?”, she or he will think it smart to answer “I am good”, little knowing that many uneducated, and even educated, USers do not know that verbs are qualified by adverbs and not by adjectives: the average USer probably does not even know what an adjective or an adverb
is. When qualifying the verb “be”, an educated person will use the adverb “well”. “How are you?” “I am well”.

Going back to Jessica Westerman’s article in Accounting Today on 28 January 2020, she points out that a law professor pointed out that POGO’s report “suggests [PCAOB enforcement] is a toothless body
of law.” She goes on to point out that two weeks after POGO published its report, Congress answered its call for increased transparency. On 19 September 2019, the House of Representatives passed the
PCAOB Whistleblower Protection Act of 2019, which incentivizes whistleblowers to report suspected violations of PCAOB rules, securities laws governing the preparation and issuance of audit reports, and
the obligations and liabilities of the accountants who prepare and issue those reports, accounting professional standards, and the act itself. The act’s sponsor, Sylvia Garcia from Texas, expressly cited the
POGO report in her House testimony, noting that the act would “implement a key recommendation that [POGO] made in a recent report” and calling the act “just one small tool in the toolbox of making
sure that transparency and the investor faith it generates in this country continue.” This new act prohibits employers from retaliating against individuals who report suspected violations directly to the
Board, or who initiate, testify in, or assist in PCAOB investigations or enforcementproceedings. Like the SEC whistleblower award program, the act would also protect whistleblowers who report concerns internally
to their supervisors,

At one time the World Bank was about to force Kenya to create a body similar to the PCAOB. But who has the ability to examine the audit files of any audit firm? The answer is qualified auditors.
The US approach to dealing with matters is to call a press briefing, and tell all and sundry
about the problem. Unfortunately, it appears “modern” to do things the US way.

which encourages self-policing. Whistleblowers who experience retaliation could bring claims against their employers for reinstatement, double back pay, and attorney’s fees and costs. Building on the success of the SEC’s whistleblower award program, under which 62 whistleblowers have been awarded approximately $381 million since 2003, the act also offers whistleblowers up to 30 percent of the fines collected from a successful enforcement action resulting from information that they provided to the PCAOB.

In language identical to that creating the SEC whistleblower program, the act exempts from eligibility for an award any whistleblowers who “gain the information through the performance of an audit of financial statements required under the securities laws and for whom such submission would be contrary to the
requirements of section 10A of the Securities Exchange Act of 1934.” Although the independent auditors who are the primary subjects of this exemption might have the most intimate knowledge of the accounting wrongdoing at which the act is aimed, the exemption reflects Congress’s best attempt at encouraging
whistleblowers to come forward without rewarding individuals – like independent auditors – who already are required by law to disclose relevant information.

Opponents of the act have criticized it as duplicative of the SEC whistleblower  award program and its attendant workplace protections, which incentivize whistleblowers to report suspected violations
of securities laws to the commission. But the act would go some way toward fulfilling the unrealized promise of the PCAOB as a more specialized “watchdog over other watchdogs” by deploying the board’s
unique accounting expertise to better protect US financial markets. Cognizant of the potential for overlapping enforcement actions, lawmakers included a provision to require coordination between
the PCAOB and the SEC’s Office of the Whistleblower so as to improve efficiency, avoid duplicative efforts, and promote cost-sharing between the agencies, when possible.

The act, which is supported by the National Whistleblower Center, the Institute of Internal Auditors, and Public Citizen, would provide financial whistleblowers with another avenue for reporting their concerns of misconduct, as well as an opportunity to be compensated for the serious professional risk that those
efforts entail. It is now under consideration by the Senate Committee on Banking, Housing, and Urban Affairs. Westerman urges senators to take action to build on the success of the SEC whistleblower
award program and pass, in her view, this much-needed legislation in 2020. Will it improve the effectiveness and efficiency of the PCAOB? Probably not. Auditors are  really the only persons who can inspect the work of other auditors – and to call oneself independent sounds good but is something difficult to put into practice.

FCPA Dr. Jim McFie is a fellow of the Insititute of Certified Public Accountants of Kenya