The PCAOB’s Audit Firm Inspection Reports

On January 11, 2007, the Public Company Accounting Oversight Board (PCAOB) released its annual inspection reports of Ernst & Young LLP and KPMG LLP. The reports can be found here and here. The PCAOB is required by law to annually inspect each accounting firm that audits more than 100 public companies. The agency’s reports on E & Y and KPMG are based on inspections done in 2005 of the firm’s audits of companies’ 2004 financial results. (The PCAOB previously released its reports of PWC and Deliotte & Touche.) If this seems like a long time ago to you, you are not alone.

As noted in a January 12, 2007 Wall Street Journal article (here, registration required), there have been "criticisms from investors and members of corporate audit committees that the agency is taking too long in getting the reports out and [the board] has pledged to try and speed up the process this year."

The E & Y and KMPG reports cite multiple audit failures by both firms. The PCAOB identified 10 E & Y public company audits and 11 KPMG public company audits for criticisms. The E & Y report says that in "some cases" the errors appeared "likely to be material to the issuer's financial statements" and the KPMG report says that in "one case" the result was likely to be material. However, according to its policies, the PCAOB does not identify the companies that had their audits cited. The PCAOB also does not make their entire inspection reports available publicly. The PCAOB’s statement of policy about issuing its reports, here, explains the statutory constraints on its ability to publicly release portions of the inspection reports that deal with criticisms that the audit firm has addressed within 12 months of the inspection. The statutory constraints also prohibit disclosure of information obtained from accounting firms and their clients.

While the PCAOB’s restrictions on its reports are statutorily compelled, the constraints produce a report that reveals relatively little, particularly with respect to the deficiencies noted. In the reports, each deficiency is separately identified and described, but only in the most general terms. The brevity of the descriptions prevent the reader from making any meaningful assessment about the deficiency, including any assessment of the deficiency’s seriousness or its impact on the reported financial condition of the audit client. The disclosure constraints are statutory, but the resulting reports are of relatively little use to investors and others (e.g., D & O insurance underwriters) who would certainly like to know more about the problems that were cited. For example, which problems were the ones that were likely to have been material? How material? What does it mean to say that in "some cases" the deficiencies in the E & Y reports were material -- how many of the 10 E & Y audits cited, and which ones?

In addition, the PCAOB’s constraints on individual accounting firm’s inspections may be statutory, but arguably there are no statutory constraints on aggregate statistical information about the PCAOB’s inspections. The White Collar Fraud blog (here) has an interesting post about his unsuccessful efforts to obtain aggregate statistical information from the PCAOB, including the percentage of inspections that result in audit deficiencies by each firm. For example, the KPMG report says only that PCAOB inspectors visited 14 of 89 KPMG offices. That doesn't tell us how many KPMG audits they reviewed; the inspectors found 11 KPMG audits with concerns, but did they review 11, 110 or 1100 audits to find the 11 violations? It clearly makes a difference. The D & O Diary agrees that the PCAOB should provide more statistical information about its inspections. There may be statutory constraints on its disclosures about individual inspections, but where the PCAOB is not constrained, it should make more information available, including specifically aggregate statistical information. I also wonder whether it would be possible for the PCAOB, consistent with its statutory constraints, to provide sufficient information for inspection report readers to be able to assess the seriousness and impact of deficiencies noted.

A January 12, 2007 CFO.com article entitled "Failing Grades for E & Y, KPMG" can be found here.


Specter Reintroduces Thompson Memo Bill: As The D & O Diary previously noted (here), even though the McNulty Memo has replaced the Thompson Memo, there are still calls for a legislative remedy to the attorney-client privileges of employees who find themselves subject to criminal allegations. According to a January 10, 2007 CFO.com article entitled "Specter Re-Ups Thomspon Memo Battle" (here), Senator Arlen Specter has reintroducted the proposed bill he had previously advanced to try to circumvent the Thompson Memo. The CFO.com article quote Specter as saying that even though the McNulty Memo reflects "some improvement," it still allows prosecutors to seek privilege waivers, which he says will "erode the attorney-client relationship."

Senator Spector’s bill, originally entitled The Attorney-Client Privilege Protection Act of 2006, can be found here.

The Blogosphere Gets Respect: Amid the media coverage (for example, here) surrounding the lawsuit that Cisco Systems has filed against Apple over the use of the iPhone name, one particular detail caught my eye. That is, Cisco Systems declared its public position with respect to the lawsuit in a blog post (here), by its General Counsel, Mark Chandler. (Full disclosure: Chandler coincidentally happens to be a family friend.) As others have previously noted, blog posts increasingly are an important component of corporate media communication.

The public dignity accorded the blogosphere got a boost earlier this week when SEC Chairman Christopher Cox acknowledged during a speech that he "uses blogs to gauge public reaction to securities issues." (Refer here.) Not only that, but Cox previously posted a comment (here) on the blog of Sun Microsystems CEO Jonathan Schwarz. The SEC is also looking at whether blogs can be used to satisfy the disclosure requirements of Reg. FD.

As Professor Stephen Bainbridge noted with respect to Cox’s comments on his (Bainbridge’s) Business Associations blog (here), blogs represent increasingly important means "to communicate with lawyers, judges, and, it would seem, regulators" and that academics (or, I would assert, anyone) who wants to reach those audiences should have or have access to a blog. Cisco Systems clearly feels the same way.

Commissioner Cox, if you are reading this, you should know that you are cordially invited to guest post on my blog, anytime. Seriously. You don’t even need to call ahead.

PLUS D & O Symposium: The 2007 Professional Liability Underwriting Society (PLUS) D & O Symposium is only days away. The 2007 Symposium will take place on January 31 and February 1, 2007, at the Marriott Marquis in New York City. I will be co-Chairing this year’s Symposium with my good friends Ivan Dolowich and Jeffrey Lattman. Among the many panelists and speakers will be such luminaries as Linda Thomsen, the head of the SEC Enforcement Division; Nell Minow, the founder and editor of the Corporate Library; and Charles Elson, Director of the John L. Weinberg Center for Corporate Governance at the University of Delaware, as well as many other distinguished speakers and guests. The keynote speaker will be former Senator and Secretary of Defense George Mitchell. The entire program schedule can be found here. The Registration materials are here. I look forward to seeing everyone there.