The Honorable Gary Gensler
Securities and Exchange Commission
100 F Street, NE
Washington, DC 20549
Via electronic submission: [email protected]
Dear Chair Gensler:
Congratulations on your recent confirmation as chair of the Securities and Exchange Commission (SEC). I write to you on behalf of the Project On Government Oversight (POGO) to provide several recommendations for the Public Company Accounting Oversight Board (PCAOB) that the commission can implement immediately on its own, and several where the commission can work with Congress to strengthen the laws governing this oversight system. These reforms will help President Joe Biden deliver on his promises to ensure that government will work for all Americans.
POGO is a nonpartisan independent watchdog that investigates and exposes waste, corruption, abuse of power, and when the government fails to serve the public or silences those who report wrongdoing. We champion reforms to achieve a more effective, ethical, and accountable federal government that safeguards constitutional principles.
The commission is facing several pressing issues. These include hot news topics, like GameStop, Robinhood, short selling, and meme stocks, as well as climate risk disclosures and the disclosure of payments by resource extraction issuers. However, addressing these issues should not distract from the commission’s duty to conduct oversight of the PCAOB. In the coming months and years, your agency will play a vital role as the economy begins recovering from the economic downturn caused by the ongoing coronavirus pandemic. This includes ensuring that audit firms thoroughly examine companies’ books to protect investors and Americans’ retirement savings. Making sure that the PCAOB is an efficient and effective enforcer is a critical task.
In wake of the accounting scandals of the early 2000s, Congress passed the Sarbanes-Oxley Act creating the PCAOB, supervised by the SEC, to oversee the audits of public companies. The PCAOB periodically inspects more than 1,700 public accounting firms. Given their size, the PCAOB annually inspects the “Big Four” firms: Deloitte & Touche, Ernst & Young (EY), KPMG, and PricewaterhouseCoopers (PwC).1 According to a 2017 report by Audit Analytics, the Big Four audited 99% of companies in the S&P 500 index of large corporations.2 Furthermore, as of 2019, they audited about 47% of all publicly traded companies in the United States.3
As a nonprofit corporation, the PCAOB is not subject to the Freedom of Information Act, and unlike the SEC’s Rules of Practice,4 the Sarbanes-Oxley Act prevents the board from publicly disclosing pending charges and enforcement proceedings against firms and auditors.5 In the theme of secrecy, POGO is also particularly concerned about reports that the new PCAOB advisory meetings will be held behind closed doors and the meeting minutes will no longer be made public as they previously were, further keeping investors and the public in the dark.6
PCAOB Is Not Effective
Because of the size and value of the companies audited by the Big Four, it is especially important for the PCAOB to ensure the accounting firms are doing their jobs correctly. However, since its inception, the PCAOB has often seemingly ignored improper behavior by accounting firms. This approach has resulted in minimal enforcement actions.
According to a 2019 POGO report, in the board’s first 16 years the PCAOB cited 808 instances where the U.S. Big Four issued audits that were so defective that the audit firms shouldn’t have vouched for a company’s financial statements, internal controls, or both. But in that period, the PCAOB brought only 18 enforcement cases, involving a total of 21 audits, against the U.S. Big Four or employees of the firms.7
Fines and charges by the SEC and PCAOB against the Big Four seem to be inconsequential and have not resulted in increased respect for auditing standards. POGO’s report shows that over the board’s first decade and a half, it could have fined the Big Four a minimum of $1.6 billion. But records indicate that the board fined the firms only $6.5 million—less than one half of one percent of the potential fines. Moreover, as of 2019, the PCAOB had fined individuals at the Big Four firms just $410,000. As POGO noted, this total is less money than a partner at any big accounting firm can make in single year.8
Global revenue at the Big Four accounting firms rose more than 10% in 2018, their strongest annual growth in at least a decade, as they continued a long shift toward consulting over their core auditing businesses. The four firms had $148.2 billion in combined global revenue in fiscal year 2018.9 Considering their substantial revenue, any small penalties they face from the PCAOB do not deter the companies from committing violations.
Last year, in responding to a question from Representative Brad Sherman (D-CA), chair of the House Committee on Financial Services Subcommittee on Investor Protection, Entrepreneurship and Capital Markets, PCAOB Chairman William D. Duhnke III testified that he believed that audit restatements reaching an 18-year low showed an improvement in audit quality. Duhnke added that he thought this could be attributed to the board’s inspection reports and enforcement actions.10 This is troubling because the rate of audit deficiencies in the most recent annual inspection of the Big Four firms for which the PCAOB has reported results varies between 20% and 50%.11 In other words, according to the PCAOB, between one-fifth and one-half of the audits of the biggest U.S. corporations do not comply with auditing standards. The Big Four, the PCAOB, and Congress should not be impressed or satisfied with this rate of audit quality.
A series of scandals involving the Big Four further demonstrates that the firms have not been deterred by the PCAOB’s inspection and enforcement regimes. In 2019, KPMG payed a $50 million penalty for hiring PCAOB employees to learn inside information on the oversight board’s plans in order to cheat on upcoming inspections and exams.12 Also in 2019, the SEC charged Deloitte Japan with knowingly violating auditor independence rules.13 In 2018, the PCAOB fined Deloitte Canada $350,000 for failing to maintain independence over three consecutive audits.14 In 2016, EY paid $11.8 million for audit failures that included failing to detect years-long fraud schemes designed to inflate earnings.15 And, according to a November 2019 whistleblower disclosure, Mattel and its auditor, PwC, allegedly buried an accounting error that increased the company’s reported loss for the third quarter by $109 million.16
The Revolving Door
We must also point out a systemic conflict-of-interest problem: SEC executive staff and PCAOB inspectors largely come from the Big Four. Indeed, a 2020 POGO report found that as of November 2019, according to profiles on the LinkedIn professional networking site, more than 40% of PCAOB employees had worked for the Big Four. Our research also found that, also according to LinkedIn profiles, more than 160 people working for the Big Four had previously worked for the PCAOB. For current employees who went directly from the Big Four to the PCAOB or vice versa, half of the LinkedIn profiles POGO analyzed indicated they did so with a gap of two months or less.17
The career of Wes Bricker, the former chief accountant of the SEC, demonstrates how the revolving door can introduce conflicts of interest that undermine enforcement in PCAOB’s work. These conflicts of interest can make the public wonder who the audit board is actually working to protect—the industry or investors. These fears are compounded given that the PCAOB hasn’t met with an internal advisory group tasked with promoting the interests of investors since 2018, and are further compounded by the fact that the group was dissolved earlier this year.18 Mr. Bricker came from PwC, became chief accountant at the SEC, and then left to rejoin PwC as its vice chair. Right after Mr. Bricker’s departure, the SEC sanctioned PwC with a nominal fee of just under $8 million for having violated independence on 19 public company engagements.19 This fine pales in comparison to the firm’s self-reported global revenue of $42.4 billion in fiscal year 2019.20 This example illustrates the improper relationship when officials rotate between industry and the regulator.
Another fundamental issue that the SEC needs to examine is how the current auditing system discourages auditors from reporting issues. As POGO reported, “audit firms have a built-in conflict of interest: They are hired by the companies they audit.”21 Researchers at the Walton College at the University of Arkansas found that auditors’ reputations suffer when they identify issues with companies’ audits.22 The researchers found that auditors who flag weaknesses are “perceived as less attractive in the audit market,” and as a result, this “disincentivizes auditors from disclosing internal-control information that could make their clients look bad.” Making their clients look bad could hurt their firm’s chances of being rehired by the client, or even the auditor’s own hiring prospects at other firms. How can we ensure audit quality when the system itself discourages proficient and accurate auditing?
To assist you in addressing the issues we’ve outlined, we are enclosing a list of policy recommendations made by POGO. This country cannot afford another economic crisis, and the Public Company Accounting Oversight Board has a responsibility to do everything in its power to ensure that regulators are adequately policing auditors. In order for the PCAOB to succeed in its mission, the SEC must do a better job of holding it accountable.
Again, congratulations on your confirmation, and thank you for your consideration of this matter. Should you have any questions, please contact Tim Stretton at [email protected].