Joe Howell on the PCAOB, Audits and Compliance – Part I

Joe Howell

"Howell explained the PCAOB is a board that was quasi-governmental, was created by Congress, and is part of Sarbanes-Oxley Act of 2002 (SOX). It has two main functions, the first being the creation of the new audit standards for the auditing of public companies. It is also charged with auditing the auditors and issuing inspection reports to help auditors improve the quality of their work."

Howell believes that the audit standards set by the PCAOB have changed the way that companies perform and how their auditors audit them in significant ways, through their inspection reports. These audit inspection reports were not designed to test random audits. They were designed to test those audits that had the largest amount of audit judgment contained within them. These inspection reports issued by the PCAOB themselves have been, in many ways, damning and certainly embarrassing.

Howell noted that over the past few years, there has been about a 39% to 40% average failure rate for the Big Four. In some instances, one went up to nearly 50%, but the most recent report from BDO, an international network of public accounting, tax and advisory firms that perform professional services, issued recently found a 73% failure rate. Now, audit firms resent the term “failure” and they push back on it and they preferred to call it “deficiency”, but if one were to take one of those audit inspection reports and look at it and do a quick CTRL-F in Adobe Acrobat to see what the number frequency of the word “fail” is, you will find it hundreds of times.

But Howell did not simply level his criticism at the auditors, as he believes the auditor will never understand the client’s business or its controlled environment as well as the client. It is the responsibility of the audit client to understand their own controls so they can correctly explain their function to the auditors. This is a key insight for any Chief Compliance Officer (CCO) or compliance professional. You must know your compliance internal controls so that you can adequately explain them to your auditors.

From Howell’s perspective, “the audit client is the generator of the material, they are in the business, they have years of experience. The auditor may come and audit them, really one major time of year, but will be there three or four times a year talking to them, but they have other clients as well in other industries. They will never be as familiar with that client’s business as the client.” Yet this also means that when the PCAOB is speaking to the auditors, they are vicariously speaking to the audit clients, too.

Howell said that precision is often involved in another area of audit failure. From reviewing auditor work papers, it might note the client reviewed something or did something, yet there would be no discussion of whether the internal control might detect this or that kind of error or an error of a certain size. As Howell put it, “What’s the precision of that control? Would it have missed a freight train or would it have found something that would have been as small as a drop?”

For the latest information and news, visit The Workiva Press Page.