Please ensure Javascript is enabled for purposes of website accessibility

Imagine the Chaos If the PCAOB Starts Naming and Shaming Audit Deficiency Clients

Business concept illustration of a businessman being pointed by giant fingers

In its desperate quest to appear as though it does something of value to capital markets, the PCAOB is considering putting company names to inspection report deficiencies according to a recent story by Wall Street Journal. Currently, the PCAOB refers to clients as Issuer A, B, C etc. and includes only the client’s industry. Here’s an example from KPMG’s sketchy 2022 PCAOB inspection report:

A Part IA deficiency like the one in the screenshot above is of such significance that the PCAOB believes the firm had not obtained sufficient appropriate audit evidence to support its opinion on the issuer’s financial statements and/or ICFR at the time it issued its audit report. “In other words, the reported deficiencies had to be so serious that, in our view, the audit firm could not provide reasonable assurance that the financial statements were free from material misstatement due to error or fraud,” explained former board member J. Robert Brown Jr. (that’s a mouthful) in this 2020 speech “Seeing Through the Regulatory Looking Glass: PCAOB Inspection Reports.”

So you can imagine the comments that will pour in from companies if this idea gains any traction. And you thought NOCLAR was controversial.

The idea:

America’s auditing regulator is exploring whether it should reveal the names of companies that received deficient audits of their financial information as part of its inspection reports, a hot-button issue that in the past was weighed but not acted on.

“That’s an issue that we have definitely heard, and it’s under consideration,” Public Company Accounting Oversight Board Chair Erica Williams told The Wall Street Journal, referring to investor feedback. “There have been previous boards that have focused on that issue, and so we’re looking at the work that they’ve done there.”

PCAOB staff are looking into this issue as it has for years under previous boards, Williams said. No formal consideration is under way, meaning the staff could recommend the issue be added to the agenda or drafted as a proposal for the board to vote on, but hasn’t yet, she said.

“Like every issue that comes to us, we take a look at it and take it under consideration,” Williams said. “This issue, which is a longstanding one, is one that the staff is still taking into consideration.”

Regulator Explores Naming Companies Tied to Auditing Deficiencies Amid Investor Pushback,” Wall Street Journal May 6, 2024

As it stands, the PCAOB doesn’t require firms to disclose to the client if an audit is up for inspection but the PCAOB inspectors sniffing around the audit committee usually gives it away. Clients don’t know if deficiencies were found unless the firm chooses to disclose this to the client.

From PCAOB Release No. 2012-003, Information For Audit Committees About the PCAOB Inspection Process [PDF]:

The Sarbanes-Oxley Act of 2002 does not, however, permit the Board to make public, or otherwise to share with an audit committee, all of the information obtained by the Board that could assist an audit committee in carrying out its role. Because of restrictions in the Act, many PCAOB inspection reports include a portion that is nonpublic. By law, the Board cannot disclose to an audit committee the nonpublic portion of an inspection report or other nonpublic inspection information – including whether the inspection identified deficiencies in the audit that the audit committee oversees – and the Board cannot compel an audit firm to disclose such information to an audit committee. Beyond the public portion of an inspection report, voluntary disclosure by the inspected audit firm is an audit committee’s only means of obtaining information concerning a PCAOB inspection.

Going back to that looking glass speech linked above, ex-board member Brown suggested three disclosures the PCAOB could make, one of which is name-and-shame:

First, the PCAOB could disclose in the inspection reports the identity of issuers where the audit deficiencies occurred.

Second, the PCAOB could disclose in the inspection report for each firm a complete list of the issuers whose audits were inspected that year.

Third, we could at least publish on a regular basis (every three years, for example), a list of all public companies whose audits are inspected. This would at least provide insight into our engagement selection process and provide greater accountability to investors and other stakeholders.

Apparently name-and-shame was a controversial topic going back to the early days of the PCAOB. Not so much inside the Board but at the SEC. This is from a 2019 POGO investigative report on “an agency you’ve never heard of” (a.k.a. the PCAOB):

The board has argued that the law prohibits it from naming the affected corporations.

Kayla Gillan, one of the first board members, told POGO that was a matter of interpretation on which the original board was divided. Gillan said she favored disclosure. The SEC, which held sway, opposed naming the affected companies and worried that naming them would hurt their stock prices, Gillan said.

“I personally thought [that] was a frivolous argument,” Gillan said.

The Sarbanes-Oxley Act says inspection reports shall be “made available in appropriate detail to the public”—subject to a section of the law discussing confidentiality “and to the protection of such confidential and proprietary information as the Board may determine to be appropriate, or as may be required by law.”

Former board member [Lewis H.] Ferguson said the law “is ambiguous.”

“I think there was a sense that the issuers themselves”—the audited companies—“would have gone berserk” if their names were disclosed, Ferguson said.

How an Agency You’ve Never Heard of Is Leaving the Economy at Risk,POGO September 5, 2019

Imagine the possibilities! This could be the most chaotic thing the PCAOB has done in the 20 years since it was born out of the ashes of Enron. We’re all for it.

Regulator Explores Naming Companies Tied to Auditing Deficiencies Amid Investor Pushback [Wall Street Journal]

2 thoughts on “Imagine the Chaos If the PCAOB Starts Naming and Shaming Audit Deficiency Clients

  1. I go further. The PCAOB should disclose all audits it inspects. Suppose it inspects 55 E&Y audits in a year. I want to see 55 names. This way we can see which audits the PCAOB did not inspect. Then ask why not. The investing public has a right to know what the PCAOB is doing and not doing.
    Investors can ask why the PCAOB inspects an audit of a SEC registrant with $10 million in market cap and ignores Microsoft.

  2. Never going to happen. Would highlight that approximately zero ‘audit failures’ result in a restatement.

Leave a Reply

Your email address will not be published. Required fields are marked *