"Center for Audit Quality Update: Profession Proud" Cindy Fornelli Executive Director Center for Audit Quality. December 5, 2016

Transcription

1 "Center for Audit Quality Update: Profession Proud" Cindy Fornelli Executive Director Center for Audit Quality December 5, 2016 AICPA Conference on Current SEC and PCAOB Developments Washington, DC As prepared for delivery. Thank you, John [May], for that introduction. And thank you to Kimberly [Ellison-Taylor] for your inspiring remarks. As you say, the AICPA is indeed "driving action on many fronts." And in those efforts, Kimberly, we appreciate and salute your leadership. Hello to everyone, both here in person and those watching via satellite. I'm pleased to provide this distinguished audience with an update from the CAQ, and I'd like begin by calling your attention to an upcoming milestone. 1

2 Next month, the CAQ will celebrate its 10-year anniversary. On January 30, 2007, we officially announced that we were open for business. January 30, In some ways, that date seems like it belongs to another era. Think about it: In January 2007, Barack Obama was just two years into his first term as a U.S. Senator. In January 2007, A three-year-old startup by the name of Facebook had fewer than 20 million users. It has 1.7 billion users today. And in January 2007, it would be another six months before the very first-generation iphone went on sale That s the iphone that had no App Store, no copy-paste, no video camera, and certainly no Siri. Yet in other ways, January of 2007 feels almost like yesterday. One thing I remember clearly is how the CAQ itself was very much a startup. We had few staff, a barebones website we were even short on some basic office supplies. I still remember having to dash out myself to buy dishes and silverware for our first Governing Board meetings. But, like the iphone in your pocket, the CAQ and the public company auditing profession have come a long way since Over the years, my colleagues and I at the CAQ, along with our public company auditing firm members, have celebrated many high points and moments of success for the entire profession and for our organization. We've also been there as the profession has confronted challenges and even the occasional roadblock. All in all, it's been quite a decade. I am so proud to be part of an organization that's made up of and that represents such exemplary professionals. And as this milestone approaches, I believe everyone who is a part of the public company auditing profession should feel proud: Our members, the AICPA, even our regulators. And let's not forget our collaborative partners throughout the years, including investors, boards of directors and audit committees, internal auditors, preparers, and others. Today, I will focus on seven reasons to be proud seven developments that we at the Center for Audit Quality think should be sources of pride for everyone in this room and those watching remotely. Let's start with a good reason to be proud: Investor confidence. It remains robust. 2

3 Since 2007, the CAQ has commissioned an annual survey of U.S. investors on key confidence measures. We call it our "Main Street Investor Survey," as it targets only retail investors. This year's edition of our survey was our 10 th. And it did not disappoint. In 2016: Seventy-nine percent of American investors expressed confidence in U.S. capital markets. Eighty-one percent said they were confident in investing in U.S. publicly held companies. And three-quarters of investors showed confidence in audited financial information released by public companies. Investors are also strongly confident in many of the entities that have a role in investor protection. I'm pleased to report that for the sixth consecutive year, investors placed the most confidence in independent auditors Auditors earned a confidence rating of 81 percent, and that's an all-time high in our survey. So why are investors so confident? Well there are no doubt many reasons. One of them is that investors may recognize the improvements that we see in the data around financial reporting. Which leads me to the next reason we should all be proud: financial restatements continue their downward trend. 3

4 Earlier this year, Audit Analytics released research showing that overall restatements have steadily trended down since Last year, restatements dropped by 14 percent. What's more, Audit Analytics found that the severity of restatements had declined across all major criteria, including: the negative impact on net income, the average number of days restated, and the average number of accounting issues identified. Now, as with investor confidence, there are undoubtedly many factors that have led to these improvements. In my judgment, a critical factor is heightened focus by all stakeholders on internal control over financial reporting. Effective ICFR helps reduce the risk that financial statements will contain material errors or misstatements. Another factor is the ever-strengthening role of audit committees. And that takes us to our third reason to be proud. Transparency around the oversight of the audit process is increasing. One of the many things that I enjoy about my job is the interaction with public company audit committees across the country and even across the globe. In my travels, I've met with many audit committee members who are keenly aware of the vital role that they play. I see their dedication and even their passion for what they do. But you don't have to take my word alone on this. The numbers tell that story too. They demonstrate a growing commitment to improved transparency by audit committees. Consider data on audit-related disclosure. Last month, the CAQ and Audit Analytics jointly released our third edition of the Audit Committee Transparency Barometer. In essence, the Barometer gauges how audit committees approach the public communication of their responsibility to oversee the external auditor. It measures the robustness of related proxy disclosures for companies in the S&P

5 This year's Barometer shows that from 2014 to 2016, there has been double-digit growth in the percentage of companies disclosing information in several key areas of external auditor oversight. These areas include the appointment of the external auditor, tenure of the audit engagement, compensation of the audit firm, selection and rotation of the engagement partner, evaluation of the audit firm. The data is clear. Audit committees are working to provide the marketplace with more meaningful information about the audit process and the audit committee's oversight role. What's more, the Barometer provides numerous examples of where audit committees are tailoring their disclosures specifically to their companies, rather than relying on boilerplate or generic approaches. These trends are encouraging, given the vital role that audit committees play, both in audit quality and in our system of investor protection. The public company auditing profession appreciates and celebrates that role. That's why we always stand ready to collaborate with audit committees. And that brings us to a fourth reason to be proud. The profession continues to foster dialogue on crucial topics for audit committees and other members of the financial reporting supply chain. The CAQ and its member firms are providing tools that can help audit committees and others grapple with issues that are top of mind. One of those topics is the use of non-gaap financial measures. The discussion around non-gaap is sometimes framed as whether non-gaap measures are either good or bad. The reality, of course, is more nuanced. Much depends on how these measures are used. To help audit committees navigate these complexities, the CAQ this year produced a publication titled, Questions on Non-GAAP Measures, a Tool for Audit Committees. Our non-gaap tool presents a set of questions that are grouped under three simple categories: transparency, consistency, comparability. 5

6 In offering these groups of questions, our intent was not to create a mechanical "check the box" exercise for audit committees. Rather, it was to spur meaningful dialogue that can help deepen an audit committee s understanding of why and how management is presenting non-gaap measures, and whether that usage is transparent, consistent, and comparable. Building on this work, the CAQ just this week released a new whitepaper, titled Non-GAAP Financial Measures: Continuing the Conversation. Like our non-gaap tool, this publication presents a set of questions not just for audit committees but also for other key players: from investors to investment bankers, from securities lawyers to standard setters. On Wednesday morning of this conference, non-gaap issues will be explored at a session with outstanding panelists. I encourage you to attend. And while I'm plugging panels, let me also flag tomorrow's session on revenue recognition, where you'll get to hear from both auditors and preparers. Like the AICPA, the CAQ is closely tracking the topic of revenue recognition. In fact, next week, the CAQ will release another resource titled, Preparing for the New Revenue Recognition Standard: A Tool for Audit Committees. This publication also provides sample questions that audit committees can ask management about two things: (1) their readiness to comply with the new revenue recognition standard and (2) how they are approaching implementation of that standard. This tool is yet another example of how we in the public company auditing profession are fostering the dialogue that is so important as we tackle challenging matters. Which leads me to my fifth reason to be proud: the profession's proactive work on cybersecurity. As we think about cybersecurity, we should start with some important context. In a complex, global economy, decision-makers need reliable and comparable information more than ever. 6

7 While maintaining a strong focus on its current responsibilities, the public company auditing profession must also continue to find ways to meet future stakeholder needs for the benefit of investors and the capital markets. Kimberly discussed the exciting work that the AICPA is doing to introduce a level of consistency in cybersecurity that does not yet exist. Throughout 2016, working hand in hand with the AICPA, the CAQ has interfaced with key groups, including audit committees, internal auditors, company management, investors, and academics. To these groups, we have taken two important messages. First, given the immense scale and complexity of the cybersecurity challenge, every sector of the economy, public and private, must do its part to promote cybersecurity resiliency. Second, the auditing profession is in a strong position to play an important role in fostering instructive conversations about cybersecurity risk management. The profession can bring to bear its core values, including independence, objectivity, and skepticism. It can also leverage its deep expertise in providing independent evaluations in a variety of contexts, including information security and privacy. Many CPA firms have built substantial cybersecurity practices and capabilities that enable them to advise companies in all aspects of cybersecurity risk management. As we've talked to stakeholders, we have gathered their feedback. And what have they had to say? Plenty. Let's focus on just a few key points. One, stakeholders want objective evaluations of cybersecurity risk management programs. Two, stakeholders emphasize the importance of a market-driven approach. After all, companies are not identical, even within the same sector or industry. The AICPA's proposed framework reflects this reality. For the framework, the AICPA has developed criteria that will give management the ability to consistently describe its cyber risk management program. It is also developing guidance to enable the CPA to provide independent assurance on the effectiveness of the program. At the entity level, the framework has three key components. The first is Management's Description of the entity's cybersecurity risk management program. The second is Management's Assertion to the presentation of their description and that the controls management implemented are operating effectively. The third component in this approach is the CPA's Opinion on that description, and the operating effectiveness of the controls. This framework will be voluntary and principles-based. It will also map to several well-established cybersecurity management frameworks. This flexible approach will enable companies to communicate their cybersecurity risk management program in a manner that is tailored to their needs and the evolving cybersecurity landscape. That's important, and not just for companies and markets. As we've heard from policymakers, harnessing the power of the private sector on cybersecurity will be essential for our national security too. 7

8 So the CAQ and its member firms, working closely with the AICPA, will continue to be a part of the conversation around cybersecurity. And that leads me to the sixth reason to be proud: the profession's constructive rapport with standard setters and regulators. As our very presence in this room today demonstrates, the profession is comfortable coming together to exchange views. While we may not always agree with our regulators, we communicate and engage with each other to advance our shared goal of enhancing investor confidence and public trust in the capital markets. We recognize that effective regulation helps to build and maintain strong markets and enhance audit quality. An excellent example of the profession's constructive engagement with policymakers is the fight against financial reporting fraud. The Anti-Fraud Collaboration, which brings together top organizations in the financial reporting supply chain, has interfaced regularly in recent years with the SEC's fraud group. One outgrowth of this engagement has been a set of 2016 workshops focused on findings from an analysis of SEC enforcement actions. These workshops brought together regulators and those in the financial supply chain for a robust discussion of accounting policies and ICFR. The Anti-Fraud Collaboration has aggregated insights and takeaways from these workshops into a report that we will publish next month. As another example of our work with policymakers, I'll flag an event taking place next week. On December 13, the Collaboration will hold a free CPE webcast on the SEC s Cooperation Program. With participation from the SEC, the webcast will provide insights into the decision-making processes that individuals, companies, and regulators go through when investigating securities violations. It will also illuminate the benefits of cooperating with regulators in an investigation. Fighting fraud is just one example of our constructive engagement with regulators. Through webcasts, member alerts, and other means, we are working with regulators to clarify the auditor's role. 8

9 This is critical. We must continue our efforts to close the so-called "expectations gap" so that investors and other financial statement users have a solid understanding of what auditors do. So in the year ahead, we will continue to engage on key issues, ranging from implementation of Form AP to the auditors use of specialists. And now, a final reason for us all to be proud; we are building awareness and telling the story of careers in auditing like never before. I've saved this item for last. It's perhaps the most important. New technology, such as greater use of data analytics and artificial intelligence, continues to change the way auditors work, making the audit stronger and better. So more than ever, the public company auditing profession needs the best and brightest. We must redouble our efforts to ensure that today's students are getting the skills they need. We must make sure those students are aware of all the many positive attributes of a career in accounting and auditing. This is particularly important given competition for talent from technology, finance, and other sectors of the economy. Now, the AICPA has been hard at work in the talent arena for many years, with award-winning initiatives such as Start Here Go Places, and This Way to CPA. At the CAQ, we are building on these efforts with a special focus on public company auditing. Our talent initiative has taken many forms, including in-depth research on how younger people perceive auditing, as well as outreach to educators and other key constituencies. In these efforts, fostering diversity in public company auditing is a top priority. We are building upon the efforts by firms and the AICPA to promote diversity and inclusion as part of a high-performing profession. 9

10 We're also continuing to spread the word on social media about careers in auditing. This past September, the CAQ and its members led a second annual social media "blitz" highlighting the benefits of a career in auditing and the important role that auditors play in capital markets. Using the hashtag #AuditorProud, individuals and organizations from students on up to CEOs posted 16,000 messages, pictures, and videos about auditing and what a career in auditing can offer. That's twice the number of messages generated in our 2015 blitz. As this map shows, the geographic reach of #AuditorProud day was far and wide: from Australia to Argentina, from Pakistan to Peru. Each dot represents a location from which #AuditorProud-tagged messages were posted during the blitz. In the aggregate, as these messages were shared and re-shared across social networks, the blitz reached millions of people across more than 100 countries. It was a wonderful, global celebration of auditing, one that few of us could have imagined back in January of The CAQ plans to continue this social media tradition next year, and we hope you'll all be a part of it. At the conference and beyond, remember these seven reasons we can be profession proud: One: Investor confidence is robust. Two: Financial restatements continue to decline. Three: Transparency around the audit process continues to grow. Four: The public company auditing profession is fostering conversations on non-gaap information, revenue recognition, and other key issues. Five: We are a proactive voice in the discussion around cybersecurity. Six: We are well regulated, and our engagement with policymakers is strong and constructive. 10

11 And seven: The profession is working steadfastly and innovatively to attract the auditors of tomorrow. Yet this list is only the beginning. Like the dots on the #AuditorProud map, there are many reasons for all of us to be profession proud. And I know we will hear about many of them throughout this conference. Judging by the hard work we are currently doing, ten years from now, the CAQ and the public company auditing profession will be even stronger than we are today, to the benefit of companies, investors, and markets. For that, we can all be profession proud. Thank you. 11