Head of Audit Efficiency Panel Speaks Out



Head of Audit Effectiveness Panel Speaks Out

F ormer Price Waterhouse LLP Chairman Shaun F. O’Malley found himself with little free time after he became chairman of the Panel on Audit Effectiveness two years ago. But despite the fact that the panel completed its massive report on the state of independent corporate audits in August, his pace still has not slowed.

To balance what he feels has been uneven press coverage of the panel’s findings and recommendations, O’Malley sat for a JofA interview to explain their significance and the reasoning behind them.

The audit risk model

Panel members assessed current auditing practices by examining 126 audits performed by the eight largest firms over a two-year period. This was the raw material upon which the panel based many of its findings and recommendations. (See sidebar, "The Panel's Mission Strategy.")

Following its review of the firms’ audits, the panel concluded that the model for financial statement audits (the “audit risk model”) generally was appropriate but needed to be updated and enhanced and that auditors should more consistently apply the principles underlying it. The model employs a preaudit assessment to identify high-risk areas on which auditors should focus most of their time and effort.

O’Malley emphasized the importance of tailoring the audit to the findings of the risk assessment: “First you evaluate risk; then you develop an audit program to focus on high-risk areas. This is more effective than having auditors focus only on the size of the account or having them go down the balance sheet or the profit and loss statement, account by account, without regard to risk or the control environment.”

About the time the panel was formed, O’Malley said, SEC Chief Accountant Lynn Turner expressed concern that the profession’s reliance on the risk-based model might be impairing audit effectiveness. (See sidebar, "Who's on the Panel.") "O’Malley understood the reason for Turner’s apprehension. “Using the risk-based model often reduced the amount of substantive audit work,” he said. “But its real purpose was to enable auditors to apply their resources more effectively to areas needing special attention, not to perform less-thorough audits.

“The question is whether the risk-based model can be implemented successfully and consistently in today’s environment. We believe it can. Auditors who use it and develop a greater knowledge of the business and control environment can design audits that more effectively focus on high risks and weak controls,” he said.

Even so, the panel found that, on some of the audits it reviewed, the model was out of date and inconsistently implemented. “It failed to include the concept of engagement risk, did not clearly include fraud risk within the concepts of inherent risk or control risk and was not specific enough,” O’Malley said.

The panel had noticed instances “in relatively identical circumstances, where firm A looked at a sample of several hundred items and firm B looked at a sample of 10,” O’Malley said. Such variations in application contributed to the panel’s finding that auditors did not apply the audit model consistently.

“Those critical of the profession say economics drove this,” he said. “But I don’t think so. Even if you had a perfectly executed risk-based audit, misstatements still could have remained. You will never eliminate fraud—a prime source of misstatements—but implementing our recommendations would increase the possibility of detection and help deter fraud.”

How to recognize “cooked” books

The panel also recommended auditors use forensic auditing procedures to focus on those aspects of financial reporting with the highest incidence of fraud. “That was our way of addressing the issue of fraudulent reporting head-on,” O’Malley said.

He added that panel members were particularly concerned about the level of auditing performed on nonstandard journal entries, which often can shield questionable items from scrutiny and, therefore, merit auditors’ special attention.

“But,” O’Malley said, “in approximately 30% of the audits we looked at, auditors’ review of nonstandard entries was not what it should have been. That was probably the most upsetting of all our findings.”

Deploying information technology staff

The panel’s report called for more effective participation in audits by information technology (IT) specialists. “Today, in order to conduct effective audits of public companies, auditors need help from IT staff who provide a working knowledge of complex systems and the controls surrounding them,” O’Malley said.

Yet even though auditors commonly enlist the aid of such specialists, the panel said auditors need to improve their own knowledge of systems and that IT specialists should strive to better understand the objectives of the audits in which they participate.

Stalemate on auditor independence

The panel was divided over the need to evaluate auditor independence. “A number of us believed that, since the Independence Standards Board had been founded with the full approval and cooperation of the firms, the SEC and the AICPA, the independence issue was in the right hands,” O’Malley recalled. “But other members of the panel insisted we add it to our agenda, and, in the interest of thoroughness, we obliged them.”

Still, the panel was unable to agree on whether firms should be barred from providing consulting services to their public audit clients, O’Malley said. “Given more time, the panel might have been able to reach consensus,” O’Malley said. “The answer lies somewhere between a complete ban and the idea that anything goes.

“There’s already some proscription of services. Auditors can’t do executive recruiting, they can’t provide certain legal or actuarial services and they can’t keep the books. The question of whether to ban other services could be resolved by looking at the three or four problematic areas and making a decision. I thought that’s why we had the ISB,” he said.

“Ultimately, the SEC needs to make up its mind. If it wants to rule on every aspect of independence, it should do away with the ISB,” O’Malley continued. “But the SEC helped form the ISB, so it should empower, support and encourage the ISB to do the job it was created for. I expect there will be an attempt to keep the ISB intact, but the question is whether it will be an interpreter of SEC pronouncements or a truly independent rule maker.”

The panel recommended that public representation on the eight-member ISB be held at four, with the profession’s representation reduced from four to three. “Even though every formal ISB vote has been 8-0,” O’Malley said, “the panel agreed it sent a message that the public interest is paramount.

“The professional literature states clearly that the appearance of independence is important and it is. On the other hand, auditors perform many valuable professional services that do not compromise independence. The vast majority of the investing public grasps that and leaves those decisions to the SEC, the ISB, the AICPA and individual audit committees, and that’s as it should be.

“In 37 of the audits we looked at, consulting services were rendered. We checked to see whether they improved the effectiveness of the audit, had a negative effect or were neutral in that respect. In 25% of the cases, providing consulting services helped make the audit more effective and the effects were neutral in the other 75%. In no case was auditor independence found to be impaired. Neither our findings nor the long history of auditing supports a complete ban.”

How much power for the POB?

O’Malley expressed disappointment in the ongoing controversy over the POB’s proposed new charter, which would expand its oversight powers (see “SEC Renews Push for More Oversight of Auditors,” JofA, Jul.00, page 16) . “In a situation like this,” he said, “no one—not the firms or the SEC or the AICPA—is going to get everything he wants. So, there has to be compromise. The guiding principle should be what is best for the investor, for the profession and for the public perception of the profession and its commitment to independence and excellence.”

Is there a possibility that the proposed POB charter would enable it to go well beyond oversight—into management?

O’Malley considered a hypothetical situation in which the AICPA would have to get POB approval when appointing the heads of the ASB and the SECPS. “Would that advise-and-consent process constitute management by the POB?” O’Malley asked. “No, it would not.” He added, however, that if the charter called for the POB itself to make those appointments, that would be management, not self-regulation.

Going global: The firms can lead

In the international arena, O’Malley said he sees nations’ securities commissions wielding real power. “They determine whether or not you can access capital markets,” he said. “Without their support, there will be no global agreement on auditing standards.

“Our stock markets are the most popular and successful in the world because of the trust and confidence investors have in them. That would evaporate if corporate financial reports weren’t backed by effective audits.

“But fortunately the trend in the international public markets is toward higher standards—ones closer to our own,” he said. “We can expect maybe not all the disclosures but at least the basic ones. However, the leaders of the world’s audit firms must continue to champion those standards.”

O’Malley nevertheless played down the idea of imminent international consensus on auditing standards. “Even in the best of circumstances, I don’t see this happening anytime soon,” he said.

The measure of success

“We on the panel felt that our role was driven to some degree by the headlines—the huge restatements by Waste Management, Cendant and other companies, followed by their massive losses in market capitalization,” O’Malley said. “That, more than anything else, is why the panel was formed. If, in the future, there are fewer headlines like those, our work will be more than justified,” he concluded.

The report and recommendations can be downloaded from the panel’s Web site at www.pobauditpanel.org .

—Robert Tie

The Panel’s Mission and Strategy

“This was probably the most exhaustive study of auditing and the profession that has ever been undertaken,” O’Malley told the JofA.

Formed as part of a number of SEC-sponsored initiatives to improve the quality of corporate financial reporting, the panel looked closely at the way audits were conducted—how the firms that performed them supervised, planned and executed them—and how the profession governed itself, with a particular focus on how that influenced audit effectiveness.

In a statement accompanying the report, O’Malley said the panel’s recommendations, if implemented, would “improve the reliability of financial statements, enhance their credibility, contribute to investors’ confidence in the profession and improve the efficiency of the capital markets.”

Who’s on the Panel

Besides O’Malley, who has had 40 years of auditing experience, the panel includes two former SEC commissioners (Bevis Longstreth, counsel to Debevoise & Plimpton and Aulana L. Peters, partner of Gibson, Dunn & Crutcher), as well as representatives from industry (Dennis H. Chookaszian, executive committee chairman, CNA Financial and chairman and CEO, mPower; Paul Kolton, steering committee chairman, FASB business reporting research project and former chairman and CEO of the American Stock Exchange; and Ralph S. Saul, former chairman of the board of CIGNA Corporation) and accounting education (Louis Lowenstein, Simon H. Rifkind Professor Emeritus of Finance and Law, Columbia University and Zoe-Vonna Palmrose, PricewaterhouseCoopers Professor of Auditing, University of Southern California).


Keeping you informed and prepared amid the coronavirus crisis

We’re gathering the latest news stories along with relevant columns, tips, podcasts, and videos on this page, along with curated items from our archives to help with uncertainty and disruption.


Building process maps: Template and instructions

Documenting your financial close process and finding opportunities for automation are more important than ever. Our customizable slide deck has instructions, a risk assessment questionnaire, and bonus checklists that will help you map out your process.