PCAOB Chair Erica Williams had some strong words for guardians of capital markets in remarks she made (virtually) at the Council of Institutional Investors (CII) Fall Conference on September 22: “[T]his Board is approaching enforcement with a renewed vigilance.”
As our strategic plan makes clear, this Board is approaching enforcement with a renewed vigilance.
While we cannot talk about ongoing enforcement actions, I can assure you: we intend to use every tool in our enforcement toolbox and impose significant sanctions, where appropriate, to ensure there are consequences for putting investors at risk and that bad actors are removed. This includes substantial monetary penalties and significant or permanent individual bars and firm registration revocations.
We are looking at how we identify cases, the types of cases we pursue, and the sanctions we impose.
She outlined three areas in which the PCAOB will flex its muscle to discourage bad audit behavior, two of them sound a bit like overzealous policing and would probably get the ACLU involved were the PCAOB a law enforcement entity and not the designated watchdog of audits. Those areas are:
- Expanding the case identification process.
- Expanding the types of cases the PCAOB is pursuing.
- Making sanctions count.
Let’s take a deeper look at what she said.
PCAOB Sweeps and If You See Something, Say Something
“We are strengthening the process for our inspections team to refer potential violations they find for investigation and enforcement,” she said. The PCAOB is looking for patterns “and conducting more sweeps.” Sweeps enable the PCAOB to get “additional information from a number of firms at the same time on areas where we suspect that violations may be occurring,” she said. This will make it harder for firms “violating our rules and standards to hide.”
She encouraged the public to report potential violations and directed them to the PCAOB website to learn more about how to snitch to the PCAOB report potential violations.
Williams previously referenced PCAOB sweeps in vaguely threatening remarks made in July on the 20th anniversary of SOX:
In the past five years, the PCAOB assessed penalties against individuals less than half of the time and firms only about 86% of the time. This year it’s 100%.
We are also pursuing enforcement actions involving certain types of violations for the first time.
And we are taking steps to proactively seek out wrongdoing by increasing the use of sweeps against firms where there may be a violation of our standards or rules.
Those who break the rules should know that the PCAOB means business.
We intend to use every tool in our enforcement toolbox and impose significant sanctions, including substantial penalties, to ensure there will be consequences for putting investors at risk.
“It Only Happened Once” Won’t Cut It
For her second threat, Williams said the PCAOB is expanding the types of cases they are pursuing. And audit firms saying “oopsie, we promise we won’t do that again” is not going to fly.
“For any violation of PCAOB standards that is serious enough to put investors at risk, the excuse that ‘it only happened once’ simply won’t cut it,” she said. “We will not hesitate to bring cases that hinge on only a single, serious wrongful act, whether reckless or negligent.” Surely this will bode well for the issue of declining interest in the partner track at large firms because who doesn’t want to live every moment in fear of the PCAOB destroying your life and livelihood as an audit partner.
She goes on to say the Board is not just pursuing individual wrongdoing but “holding firms accountable in more situations, including for failing to appropriately staff or respond to the risks of an audit.”
That last point is not good news for critically understaffed audit firms. The talent shortage has long been wreaking havoc on the profession and with the accounting pipeline drying up faster than Lake Mead, there doesn’t seem to be much relief on the horizon (if anything, things are getting worse). This isn’t solely a matter of firms struggling to find talent, there is no talent to find. Add to that the issue of baby boomer retirements and an entire class of auditors who were trained by Zoom at the beginning of the pandemic now reaching the point where they are expected to train associates below them despite they themselves still struggling and…well. It’s not good. See also: The Audit Profession’s Inability to Retain Talent Poses a Serious Threat to Audit Quality published here on June 9, 2022. 66 percent of new hires hired into accounting/finance functions at U.S. accounting firms are assigned to audit according to AICPA data. Will it be enough?
“We are going after cases where firms’ quality controls aren’t up to standard to keep investors protected,” Williams added. God help audit firms.
Fines, Fines, Fines
Alright, third and last point in the PCAOB’s three-point plan to get tough on audit firms: making sanctions count.
“Under this Board, we’ve more than doubled our average penalties against individuals compared to the last five years,” she said. “This includes the largest money penalty ever imposed on an individual in a settled case.” You’ll note, and this ties back to the first point about the PCAOB hoping the public will tip them to potential violations that should be investigated, the PCAOB does not pay informants or whistleblowers. They do, however, fine the shit out of firms. Or they are now, anyway.
In its first 16 years, the PCAOB brought only 18 enforcement actions and levied just $6.5 million in fines against Big 4 accounting firms. A 2019 Project On Government Oversight (POGO) report said that number could have been $1.6 billion had the PCAOB taken a more aggressive stance on fines for poor auditing:
Since the audit cop opened for business in 2003, its inspection reports have cited 808 instances in which the U.S. Big Four performed audits that were so defective that the audit firms should not have vouched for a company’s financial statements, internal controls, or both.
Yet, despite those 808 alleged failures, the audit cop has brought only 18 enforcement cases against the U.S. Big Four or employees of those firms. Those cases involved a total of 21 audits.
If the 808 audits cited as fatally flawed in the inspection reports were as bad as the reports said, it appears that the audit cop could have fined the audit firms more than $1.6 billion—that’s billion, with a “b.”
OK but let’s get back to present day. The PCAOB has increased average penalties against firms by more than 65% and Williams drops a number that should inspire quivering from deep within the bowels of audit partners everywhere: “In the past five years, the PCAOB assessed penalties against individuals less than half of the time and firms only about 86% of the time. This year it’s 100%.”
At the current rate, 2022 financial penalties are projected to be $2.3 million, almost the value of fines from 2021 and 2020 combined, wrote Accounting Today in July.
100% penalties. Record fines. Sweeps. If these threats are to be taken seriously, the PCAOB is no longer playing around. It took 20 years but better late than never I suppose.
Read her full remarks here.