In the latest of our regular Q&As, we talk to Claudius Modesti, enforcement, investigations director for the PCAOB. An index of previous conversations is available here.
How big is the enforcement staff at the PCAOB?
Right now, we have about 30 professionals in our group, including lawyers, accountants, paralegals, and support staff. We are hiring additional staff this year.
And how are those staffers engaged? Is your group typically responding to whistleblowers, or are you getting information from the PCAOB division that conducts inspections of accounting firms?
We receive potential leads for investigations from a variety of sources, including from the inspections of registered firms, our review of restatements and SEC filings by public companies, tips from whistleblowers, referrals from the SEC, and other sources. Consistent with the PCAOB’s authority and jurisdiction, all of my staff is involved in investigations of possible failures by auditors to comply with professional standards or applicable federal securities laws in auditing publicly traded companies.
Tell us about how you interact with that group, known as the PCAOB Division of Registration and Inspections. When does an inspection get turned over to your enforcement team?
Under our supervisory model of regulation, most deficiencies identified through the inspections of audit firms are addressed through the inspection process and do not become the subject of enforcement activity. If the inspections staff finds potentially serious violations of PCAOB standards or applicable federal securities laws that apply to auditors, they will refer those situations to Enforcement for investigation. We also consult with our Inspections Division and our Office of Research and Analysis about trends and patterns in auditing practices to help inform our ongoing work. The Inspections Division does not conduct investigations and does not work on investigations.
You were previously an Assistant U.S. Attorney for the U.S. Attorney’s office. How did the investigation process there differ from what you’ve instituted at the PCAOB?
I’ve been very lucky to have had the chance to work with the highest caliber professionals, both at the Department of Justice and here at the PCAOB. That’s similar.
But there are many important differences between the criminal investigations I handled at the Department of Justice and the investigations of auditing-related conduct that my Division handles now. For example, the process of gathering evidence generally is cooperative and less adversarial at the PCAOB. The audit firms that are registered with the PCAOB and the people who work for them have a statutory duty to cooperate with our investigations.
Another difference is that many white collar prosecutors and investigators from the Department of Justice have to be generalists. At any one time, they might be investigating bank fraud, identity theft, and insider trading.
Because the PCAOB regulates auditors of public companies, my group, as a part of that regulatory framework, has the ability to focus exclusively on possible violations of PCAOB standards and federal securities laws that apply to auditors. Our lawyers have the advantage of having accomplished accountants with audit experience partnering with them every step of the way in our investigations. We apply and focus our attention on investigating cases of possible audit failure. That’s one of the reasons our Division is a challenging and exciting place to work.
You also spent some time at the SEC’s Division of Enforcement. What did you learn at the SEC that you were able in incorporate into PCAOB processes?
The SEC is justly renowned for the integrity, thoroughness, and fairness of its enforcement program. We promote that same spirit of integrity, thoroughness, and fairness among our people.
The SEC also has some well-developed practices, such as the Wells process, that help provide those who are potentially subject to enforcement actions with a chance to tell their side of the story, typically before any decision to bring charges is made. We have incorporated similar principles in our rules and practices. We’re not only working to bring cases. We’re working to be fair and careful.
A number of members of my staff have prior SEC experience. That has proven helpful in providing insights as to how to manage our cases and to work in parallel with SEC investigations. The PCAOB is applying a new enforcement tool to the auditing profession, all in the context of a regulatory framework that includes other critical tools, such as the Board’s inspections process and audit standard-setting function.
There actually appears to be major differences in approach between the SEC and the PCAOB. The Commission, for example, is going after major fraud at large companies (with a recent focus on accounting fraud, backdating, and FCPA violations), while the PCAOB has typically disciplined tiny firms who have audited companies quoted on the OTC Bulletin Board and Pink Sheet. Why is that, and how do you achieve balance with the larger firms?
I can’t comment about particular investigations we currently may or may not have in our inventory. Those are strictly confidential.
Our job is to use the Board’s enforcement tools to protect investors by remedying and deterring serious auditor misconduct. I think we are accomplishing that through our investigations. When I arrived at the Board, my immediate goal, which we have fulfilled, was to build an accomplished team of attorneys, accountants, and other staff, because you cannot conduct investigations without them. We then began to identify matters that were appropriate for investigation under the authority granted to the Board by the Sarbanes Oxley Act.
We have a mix of investigations that cover the gamut of public company audits by size and complexity. We do not limit our investigations to any particular size audit firm or public company audit. Typically, the larger the public company, the more involved and complex the investigation of the company’s audit and auditors. If you investigate that type of audit, you have to consider a large trove of evidence, often relating to several audit years and periods. Sometimes you also have to examine the conduct of numerous audit personnel, particularly when there is turnover in the audit engagement team. For those audits, you occasionally have to consider information from the public company itself, which we often accomplish by coordinating our investigations with parallel SEC investigations.
The PCAOB came under fire early for not taking enforcement seriously; to date, only seven accounting firms have been censured or had their registrations revoked, and all were tiny firms as mentioned above. That’s led many public company executives to grumble that regulators are tough on companies, but light on auditors. Do you think that the downfall of Andersen has made the Board overly cautious in its approach to Big 4 enforcement?
I don’t believe the Board is overly cautious, and in making our recommendations to the Board, we do not give any audit firm a pass, based on size or anything else. In our investigations, we go where the evidence leads us. At the appropriate time, depending on the seriousness of the misconduct and other factors, we make recommendations to the Board about which sanctions should be imposed. In any case, regardless of audit firm size, our sanctions recommendations focus on investor protection. One consideration that also comes into play is the impact of the proposed sanctions on the audit firm’s practice. Often the firm’s practice still is serving the public capital markets, here and/or abroad.
What are your thoughts on auditor liability caps?
I do not have a particular position on auditor liability caps. Private civil litigation against auditors does not have an impact on our investigations, and I have not observed any impact upon private civil litigation against auditors from our investigations. Our investigations are confidential under the Sarbanes-Oxley Act and the Board’s rules. Regardless of what is going on in the sphere of private civil litigation, we do our job of investigating and seeking discipline of auditors who fail to uphold the public trust. One of the protections the Board offers investors, which private civil litigation does not, is the ability to bar auditors, when serious violations are found, from auditing public companies.
Many have argued that the PCAOB inspection and enforcement regime are partly responsible for the explosion of SOX 404 costs at public companies; in other words, overly aggressive inspections have pushed auditors to do extra work in order to avoid negative comments or enforcement, which in turn has forced those auditors to be even more aggressive in their audits. What are your thoughts on that view?
I haven’t heard anyone suggest that our enforcement efforts have increased the costs of compliance under Section 404 of Sarbanes-Oxley. I don’t believe that is the case. We take a measured and careful approach in our investigations and enforcement work. We have no interest in pursuing trivial or hyper-technical violations of PCAOB standards or the federal securities laws.
As for the Inspections Division, it can best address questions about its work. I know the staff has put strong emphasis on inspecting the efficiency as well as the effectiveness with which audit firms handle audits of internal controls.
According to the PCAOB, the inspection process has focused on how efficiently the firms performed audits pursuant to AS No. 2. That standard is now widely acknowledged to be too “rules-based“ and is currently being replaced by a more “top-down, risk-based“ standard referred to as AS No. 5. How do you think inspections and enforcement might change in light of the new standard?
Once again, I think I should leave it to my colleagues in Inspections to discuss their work. As for our enforcement work, we focus on seriously deficient auditing practices that pose a threat to investors and our capital markets. Any enforcement work that we might undertake with respect to AS No. 5 would be consistent with that approach.
Over the past three years, the SEC and PCAOB have made great strides cultivating relationships with securities regulators and standard-setters in the EU and the Far East. What’s your vision for cross-border auditor oversight as the global markets converge?
Our Division is committed to cooperative and productive relationships with foreign regulators who share authority over the auditors within our jurisdiction. We can learn from these regulators how they have handled problems over audit quality similar to those we confront. When our enforcement work implicates a foreign registered auditing firm, we coordinate internally with the Board’s Office of International Affairs and other appropriate Board divisions and offices to determine the best course of action.
One of the qualities I look for in the staff I hire is that combination of curiosity, humility, and commitment that leads people to try to do their jobs better every day, and to learn from others whenever possible. I think that same spirit helps regulators learn from each other as we work to promote best practices to protect investors and help promote healthy and robust capital markets.
Thanks, Claudius.
Modesti stresses that the views expressed in this Q&A are his, and do not necessarily express the views of the Public Company Accounting Oversight Board or its staff.
No comments yet