Oversight Hearing on "Accounting and Investor Protection Issues
Raised by Enron and Other Public Companies

Oversight of the Accounting Profession, Audit Quality and Independence,
and Formulation of Accounting Principles."

Thank you for inviting me to testify before the Committee about the important decisions facing the accounting profession, its regulators, and the Congress.

I am Shaun O'Malley. I spent 36 years working in the accounting profession, the last seven of those as Chairman of Price Waterhouse until my retirement in 1995. Since that time, I have served on various corporate and nonprofit boards and audit committees. In 1998, I was asked to serve as Chairman of the Panel on Audit Effectiveness, which was appointed by the Public Oversight Board (POB) at the request of the Securities and Exchange Commission. The Panel was asked to conduct a comprehensive review and evaluation of the way independent audits are conducted and to assess the effects of recent trends in auditing on the public interest.

The Panel was formed in the wake of a number of high profile restatements, which were followed by massive declines in market values of the companies involved. Concerns were raised at that time about the overall reliability of financial statements and, in particular, about the role of auditors. On August 31, 2000 the Panel issued a report in which we made a number of significant recommendations aimed at improving audit quality.⁽¹⁾ I will address what I believe to be the Panel's key recommendations later in my statement.

The Enron debacle has been the catalyst for a reexamination of current methods of corporate reporting and audit oversight. While my testimony will focus primarily on the latter, I first want to comment on the specific issues highlighted by the Enron failure.

Failures in the Corporate Reporting Safety Nets

There exist numerous safety nets in the corporate reporting process - corporate management, the board of directors and audit committee, law firms, auditing firms, securities analysts, capital providers and intermediaries such as commercial and investment banks, credit rating services, the Financial Accounting Standards Board, and the Securities and Exchange Commission. Most, if not all, seemed to have failed in the case of Enron. We need to examine what caused these shortcomings and decide how to remedy them.

As far as I can tell from congressional testimony and press coverage to date, the overriding cause of the Enron failure can best be identified as "systems breakdowns." Practically every element of our system of safeguards failed until it was too late to repair the damage. The list of breakdowns is a long one. It includes:

· The apparent willingness of a number of Enron employees to set aside their responsibilities and to manipulate the numbers, subvert control systems, and mask the true status of Enron's financial condition and performance.

· The apparent willingness of certain senior management personnel to promote off-balance sheet activities for personal gain at the expense of shareholders, employees, and creditors.

· The apparent failure of Enron's Board of Directors and its audit committee to understand what was happening inside the company; their corresponding willingness to accept, without more penetrating inquiries, management and auditors' assurances that accounts were properly stated; and their willingness specifically to waive the company's own ethics rules in order to permit some of the now-infamous off-balance sheet transactions involving company insiders.

· The apparent failure of the auditors to detect irregularities and/or their apparent willingness to support transactions and related accounting and disclosures that do not stand up to scrutiny.

· The unexplained waiver by the SEC of important disclosure requirements for Enron on two occasions, and the Commission's failure to review Enron's financial statements for several years despite an announced step-up in annual report reviews - and despite Enron's huge growth and its position as one of the top ten U.S. companies as measured by revenues.

· The failure of the FASB and the SEC to promulgate timely accounting and disclosure requirements in the face of ever-changing and increasingly complex business transactions, the growth in the use of derivatives, and the increased use of off-balance sheet partnerships and special purpose entities.

· The apparent affirmation of some of the special entity off-balance sheet transactions by the attorneys retained by Enron's chairman.

· The financial analysts' apparent failure to understand adequately Enron's business, financial statements, and results, which led to their recommending the purchase of Enron stock virtually up to the moment of the company's collapse.

· The lenders' apparent failure to gain an accurate picture of Enron's true financial position and operating results, while extending large amounts of credit to the company.

· The apparent failure of debt rating agencies to understand Enron's precarious position until it was too late.

In short, just about every element of our financial system's safeguards failed for an extended period of time, often until the final collapse of the company.

In light of this widespread breakdown of our systems of control and regulation, there is a need to address each element of the system with the goal of repairing what appears to be broken and strengthening controls, accountability, and responsibility. I will leave the task of repairing most of these elements to others and will restrict my recommendations to issues affecting the accounting profession and its governance and oversight.

Role of the Accounting Profession

Accurate financial reporting has long been viewed as the bedrock of strong capital markets. Investor confidence in the reliability of financial statements lowers the cost of capital and increases the effectiveness of the capital markets in allocating resources. Enhancing the effectiveness of audits is key to improving the reliability of financial statements.

In this regard, the primary goal of the Panel on Audit Effectiveness, which I chaired, was to thoroughly review, evaluate, and recommend improvements to the way independent audits are performed and to assess the effects of recent trends in auditing on the public interest. The Panel was appointed in the fall of 1998 by the POB at the request of the SEC. It included retired and active leaders in the audit profession, two former SEC Commissioners, and a staff of experienced auditors.⁽²⁾ Pursuant to the SEC's charge, the Panel undertook a detailed study of the effectiveness of audits, the impact of non-audit services on auditor independence, and the adequacy of the auditing profession's current governance system.

Over a period of two years, the Panel's investigation encompassed a wide range of activities. Its principal effort was its Quasi Peer Reviews, which were in-depth reviews of the quality of 126 audits of SEC registrants in 28 offices of the eight largest accounting firms. In addition to the engagement reviews, meetings with two focus groups were held in most of the 28 offices - one with senior accountants/auditors and the other with audit managers, most of whom work on audits of public companies. This process also included in-depth interviews with the partner-in-charge of the office's audit practice. Panel members attended most of the Quasi Peer Reviews, and the Panel staff planned and directed all of them. The Quasi Peer Reviews were a major source of the Panel's findings and recommendations for improving the conduct of audits.

The Panel's other activities included:

· Focus group meetings with chief financial officers and controllers, internal auditors, peer reviewers, and representatives from the eight largest firms.

· Regular meetings with the Office of Chief Accountant of the SEC throughout the Panel's work to report progress.

· A survey requesting opinions on issues of audit effectiveness, distributed to over 500 selected individuals and organizations representing a wide range of constituencies.

· Public hearings in the early stages of the Panel's work at which 21 organizations testified, including the SEC, auditors, financial statement preparers, analysts, plaintiffs' and defendants' attorneys, standard-setters and educators.

· Reviews of the eight largest firms' audit methodologies, policies and procedures, manuals and other guidance materials, risk management information, professional development activities, and policies and procedures for recruiting, evaluating, compensating, and promoting audit personnel.

· Meetings with representatives of various private sector bodies involved in the governance of the profession.

· Research, with the assistance of the SEC staff, into the causes and circumstances that led to recent SEC Accounting and Auditing Enforcement Releases.

· Analysis of academic, professional, and regulatory literature on the effects of non-audit services on auditor independence.

· Studies of the profession's current governance structure and analysis of alternatives.

· Collection of information on recent international initiatives to strengthen audit effectiveness on a global basis.

· Further public hearings on the May 31, 2000 Exposure Draft of the Panel's Report and Recommendations at which 18 organizations testified including the SEC, auditors, state boards of accountancy, professional organizations, standard-setters, and educators.

· Analysis of 42 comment letters received on the Exposure Draft.

On August 31, 2000, the Panel issued its findings and recommendations, copies of which have been provided to each of you in advance of today's testimony.

The Panel concluded that "while many specific recommendations . . . for improvements in the conduct of audits and the governance of the profession" are necessary, "our report demonstrates that both the profession and the quality of its audits are fundamentally sound."⁽³⁾ This remains my opinion today, although the aforementioned totality of breakdowns in the Enron situation underscores the need to accelerate implementation of many of the Panel's recommendations.

Of the more than 250 pages of its report, the Panel spent three full chapters discussing a host of recommendations targeted to furthering audit quality. Let me emphasize that, at the end of the day, the goal of enhancing audit quality has to be the

primary goal of both private and public sector responses to the problems that Enron and other recent failures highlight. It is a matter of concern to me that, in the context of audit reform, so little is being said in the media about how the various proposed solutions will improve audit quality. Yet that is the issue upon which we must ultimately focus our attention if something positive is to come out of these unhappy events.

The recommendations of the Panel, made prior to Enron's collapse, bear some similarity to many of the proposals discussed in congressional hearings over the last two months, as well as the proposal announced by the SEC. In my testimony, I will describe the thrust of the Panel's recommendations in the context of three themes recurrent in post-Enron proposals for reform: (1) the need for improved audit quality; (2) the call for separation of audit and nonaudit functions; and (3) the proposals for change in the governance of the auditing profession.

The Need for Improved Audit Quality

Although the Panel found that an overwhelming majority of the 126 audits it studied were of a high caliber, the Panel also found significant room for improvement in the audit process. Indeed, the Panel made some 150 specific recommendations toward furthering the quality and reliability of audits. I do not intend to discuss each of these recommendations today, many of which pertain to the application of detailed auditing standards. However, I will discuss a number of areas in which I believe the Panel's recommendations were most significant.

New Audit Approach to Detecting Fraud - "Forensic-Type" Procedures. The Panel found that the risk assessment and response process called for under existing Generally Accepted Auditing Standards (GAAS)⁽⁴⁾ "falls short in effectively deterring fraud or significantly increasing the likelihood that the auditor will detect material fraud, largely because it fails to direct the auditing procedures specifically toward fraud detection."⁽⁵⁾ Rather, an auditor's duty is to report fraud if it is discovered,⁽⁶⁾ but not to search actively for it. Such a policy reflects the practical limitations on an auditor's ability to investigate. The enormous cost inherent in uncovering the presence of fraud is rivalled only by an auditor's lack of the means to do so (e.g., the power to subpoena).

The Panel concluded, with respect to the matter of fraud detection, that a dramatic shift in auditors' approach to their audits is not only possible, but necessary. Thus, the Panel recommended that GAAS require auditors, in planning and performing certain phases of their examinations, to suspend the neutrality of their professional skepticism and presume the possibility of dishonesty at various levels of management, including the possibility of collusion.⁽⁷⁾ The Panel further recommended a number of specific forensic measures that should be taken during any audit, with the principal objective of detecting material financial statement fraud.⁽⁸⁾ The Panel believed that this new approach to audits would not only help to discover material fraud before its effects are felt by the market, but would also more likely deter fraud from occurring in the first place.

It is important to note that, even in the event that the Panel's recommendation is adopted, an auditor's ability to investigate fraud will always be limited. Auditors do not possess the power to subpoena documents or testimony, nor are auditors trained experts in the identification of falsified documents. Moreover, clients will not pay auditors for the enormous labor and resources inherent in even the simplest SEC-style investigation. That said, it was the opinion of the Panel that the recommended approach would have a significant impact on the profession's ability to safeguard our markets from fraud.

In this connection, last week, the Auditing Standards Board issued an exposure draft which would, if adopted, replace the current audit standard relating to fraud. I am reviewing the proposal to determine whether it will accomplish what the Panel sought to achieve in its recommendations in this area.

Adopt Clearer and More Specific Audit Standards. All auditors are required to perform audits in accordance with GAAS promulgated by the Auditing Standards Board (ASB) of the AICPA. The SEC historically has accepted GAAS as necessary and sufficient to comply with the requirements of the securities laws that call for independent audits of financial statements.

The Panel noted that the guidance given to auditors in the Statements of Auditing Standards (SASs) issued by the ASB lacks imperatives that compel auditors to take definitive steps in specified circumstances. For example, in some cases an SAS may indicate what an auditor "should" do, while in other cases a SAS might only indicate what an auditor "should consider," allowing significant latitude for the exercise of judgment based on the circumstances of the engagement and on the auditor's assessment of risk and materiality. The Panel believed that auditing standards must provide both reasonable and measurable benchmarks for performance by auditors.⁽⁹⁾ Therefore, the Panel urged the ASB to modify, amend, or improve its standards by making them more specific and definitive.

The Panel also noted that the ASB and its staff issue audit standards and guidance in various, sometimes conflicting forms - e.g., standards, interpretations, audit guides, auditing practice releases, statements of position - without establishing a hierarchy of authority to guide in their application.⁽¹⁰⁾ Without such a hierarchy, auditors find themselves searching for a rule among competing guidelines issued by any number of committees and subcommittees. In response to this problem, the Panel recommended that the ASB define a hierarchy of GAAS and collect existing guidance in a readily accessible source.⁽¹¹⁾ The ASB has since issued an SAS covering the hierarchy of GAAS.

Require Auditors to obtain a Deeper Understanding of the Issuer's Business and Related Internal Controls. The Panel recommended that auditing standards "require auditors to possess a far deeper understanding of the entity's business processes, risks and controls" than is currently called for under GAAS.⁽¹²⁾ This is particularly important, given that today's businesses are far more complex, often technology based, and global in scope than ever before.

In order to plan and conduct an effective audit, an auditor must have a full understanding of an issuer's business and internal controls,⁽¹³⁾ particularly its information systems. An understanding of the internal controls of an issuer helps an auditor to determine how an issuer's financial reporting might go awry. The Panel found that, although auditors generally investigate issuers' internal controls, auditors do so with neither the necessary depth nor the requisite specificity of guidance from the ASB. The Panel therefore recommended that the ASB provide more specific guidance on the required depth of auditor knowledge and understanding about internal controls, as well as the nature and extent of testing of controls.⁽¹⁴⁾ The Panel also recommended that audit firms "place a high priority on enhancing the overall effectiveness of auditors' work on internal controls, particularly with respect to the depth and substance of their knowledge about companies' information systems."⁽¹⁵⁾ The Report noted a number of areas to be addressed by audit firms, including professional development and the increasing need for auditors to have a higher level of technology skills and far more effective participation in audits by information systems specialists.⁽¹⁶⁾

Risk Assessments and Designing Substantive Audit Tests. GAAS includes an audit risk model that requires auditors to use their judgment in assessing risks, selecting an audit approach, and deciding what tests to perform.⁽¹⁷⁾ The model allows an auditor to take a variety of circumstances into account in selecting the audit approach for a particular engagement, including the auditor's understanding of the entity's business and industry and the entity's system of internal controls.⁽¹⁸⁾

For example, if an issuer's internal control over sales and accounts receivable is strong, the auditor might confirm only a limited number of accounts receivable at an interim date and rely in part on the company's internal controls and certain other tests for updating the accounts to year-end. Conversely, if a company's internal controls are not strong, the auditor might confirm a larger number of accounts receivable and do so at year-end.

The Panel believed that professional standards, guidance, and practices with respect to assessing inherent risk need to be strengthened given GAAS's increased emphasis on inherent risk assessments in determining the nature, timing, and extent of audit tests. In addition, because the assessment of inherent risk is such a crucial element of an audit, the Panel recommended that the engagement partner be involved in making the inherent risk assessment.⁽¹⁹⁾ Finally, the Panel encouraged audit firms to review their policies and procedures with respect to linking the risk assessment to the actual nature, timing, and extent of tests performed during the audit.

Top Management of Accounting Firms Must Emphasize the Importance of Quality Audits, Including with Respect to Compensation and Advancement Decisions. The Panel found that messages from accounting firm management to audit personnel do not stress often enough the importance of quality audit work, either in terms of the work's importance to the firm or its role in protecting the interests of the investing public.⁽²⁰⁾ Indeed, the Panel's focus groups strongly indicated that the audit is commonly regarded by the audit firm personnel foremost as a commodity, and one of little value standing alone.⁽²¹⁾ As a result, the Panel recommended that top management of accounting firms emphasize to all audit personnel the importance, both to the firm and to the public, of performing quality audits. According to the Panel, "[t]he message should be a positive, constructive message that is refreshed frequently so it commands attention, rather than becoming a tired slogan that is ignored."⁽²²⁾

In addition, audit firms should ingrain "the importance of the role and responsibility of audit professionals, as well as the concepts of integrity and objectivity, independence, professional skepticism and accountability to the public" at the earliest stages of an employee's training.⁽²³⁾ Furthermore, throughout an employee's tenure, the performance of quality audits should be applauded and publicized, especially in situations where auditors take difficult stands on earnings management issues, issues involving

possible fraud, or contentious accounting issues. In short, the Panel recommended a top-to-bottom reaffirmation within audit firms of their public duties as auditors.

Similarly, the Panel also recommended that audit firms "ensure that performing high quality audits is appropriately recognized as the highest priority in performance evaluations and in compensation, promotion and retention decisions for all personnel."⁽²⁴⁾ The Panel recommended that performance and compensation measures should focus on such matters as (1) the depth of understanding of the client's business, (2) responsiveness to unexpected conditions encountered in an audit, (3) professional skepticism and persistence, and (4) knowledge of accounting standards and principles.⁽²⁵⁾ By emphasizing quality audits in compensation and advancement decisions, the Panel reasoned, the quality of audits will inevitably increase.

Enhanced Communication with Audit Committees. There are several auditing standards that govern independent auditors' communications with audit committees. In general, the standards require that auditors inform audit committees about significant accounting policies and their application, management judgments and the process used in formulating particularly sensitive accounting estimates, significant audit adjustments, disagreements with management, consultation by management with other accountants, major issues discussed with management prior to being retained, and difficulties encountered in performing the audit.⁽²⁶⁾ In addition, two new standards regarding auditor's

communications to audit committees were recently issued. The first requires auditors to communicate uncorrected misstatements, the effects of which management believes are immaterial. The second requires auditors to discuss their judgments about the quality, not just the acceptability, of the entity's accounting principles and the estimates underlying the financial statements.⁽²⁷⁾

Notwithstanding these requirements, the Panel advocated that stronger relationships be established between auditors and the boards of directors and their audit committees that recognize that auditors are ultimately accountable to the board of directors and the audit committee as representatives of the shareholders.⁽²⁸⁾ The Panel further recommended the development of explicit mutual expectations of the board and audit committee, management, and the auditors as an essential first step in the process of developing a stronger relationship among these parties.⁽²⁹⁾ Finally, the Panel recommended that the auditor and company management advise the audit committee of the company's plans to hire any of the audit firm's personnel into high-level positions. On this last point, I personally believe the audit committee should be tasked with approving the hiring of any audit firm personnel above a certain level who worked on the company's audit.

Auditor Independence/Scope of Services

As the Panel's report stated, "Independence is fundamental to the reliability of auditors' reports. Those reports would not be credible, and investors and creditors would

have little confidence in them, if auditors were not independent in both fact and appearance."⁽³⁰⁾ The Panel noted that the effect of providing nonaudit services on auditor objectivity has long been an area of concern. We therefore focused specific attention on this issue. A full discussion of auditor independence is contained in Chapter 5 of the Panel's Report.

As an initial matter, let me state that the Panel fully supported the role of the Independence Standards Board (ISB), a body constituted by the joint effort of SEC and the accounting profession. The work of the ISB resulted in a clear definition of auditor independence, a comprehensive inventory of the potential threats to independence, and a listing of the ways such threats could be eliminated or satisfactorily mitigated. Most importantly, out of this work came a methodology for addressing independence issues based on a conceptual framework, not simply upon a set of wooden rules.

To the dismay of many in and out of the profession, the ISB was effectively terminated by the SEC's rule-making initiative in 2000 - the outcome of which was an essentially pragmatic, but incomplete resolution, which lacked a conceptual framework for addressing independence issues. I would very much like to see the restoration of ISB's conceptual framework and methodology so that emerging independence issues can be addressed and guidance developed promptly and consistently.

The SEC's November 2000 rule prohibits the provision of many nonaudit services to audit clients. However, two important services were not adequately addressed in the rule. These services constitute a significant part of the nonaudit services being performed by audit firms: 1) financial information systems design and implementation, and 2) internal audit outsourcing. Engagements to design and implement financial information systems often involve large numbers of professionals, last two to three years in duration, and generate substantial fees. Internal audit outsourcing refers to a company hiring its auditor for the purpose of conducting an internal audit.

All five major firms now have agreed to the proscription of such services to audit clients, and the AICPA also has supported that position with respect to public companies. The net result of the combined action of the SEC and the elimination of the two services I have described takes substantial amounts of the so-called "consulting" dollars off of the accounting firms' table and greatly reduces the magnitude of the nonaudit services issue.

In light of concerns that had been raised in prior years regarding the effects of these types of services on auditor independence, the Panel on Audit Effectiveness included in its review a study of engagements relating to issuers who received both audit and nonaudit related services from the auditing firm. Of the 126 public-related audit engagements studied, the Panel identified 37 engagements in which services other than audit and tax had been provided.

As stated in the Report, the Panel's reviewers did not identify any instances in which providing nonaudit services had a negative effect on audit effectiveness.⁽³¹⁾ To the contrary, the Panel found, "[O]n roughly a quarter of such engagements, the reviewers concluded that such services had a positive impact on the effectiveness of the audit."⁽³²⁾ The additional knowledge of the company's business and the skill sets enhanced by the performance of nonaudit services actually assisted the work of the audit team.

However, based on an independent survey and public hearings, we found that many people continue to be concerned "that the performance of non-audit services could impair independence or that there is at least an appearance of the potential for impairment."⁽³³⁾

Thus, the Panel did not reach unanimity with regard to a recommendation in this area. Rather, the Panel published a statement in support of an exclusionary ban on nonaudit services to audit clients, as well as a statement against such a ban.

The Panel did agree on the importance of the independence issue, and, therefore, made a number of recommendations in furtherance of the need for close monitoring of proposed nonaudit services. Among these recommendations, the Panel provided "guiding principles" to be considered by audit committees in contemplating whether to hire the company's auditor to provide certain nonaudit services.⁽³⁴⁾ According to the SEC's November 2000 rule on independence, the Panel's guiding principles "represent a thoughtful and appropriate approach to these issues by audit committees, and [the SEC] encourage[d] audit committees to consider the Panel's recommendations."⁽³⁵⁾

It is my own opinion that the profession's decision to forego financial information systems design and implementation and internal audit outsourcing services to audit clients is correct. Despite the lack of evidence that these services in fact erode the independence of auditors, the evidence is strong that such services are perceived as a threat to independence. Furthermore, both services should typically be performed by the management of an issuer, not by its auditors.

With respect to other nonaudit services, I believe the conceptual framework that was under development by the ISB as the underlying rationale for independence standards - that the ISB would develop as necessary -- would have provided a meaningful and proper way to distinguish which services should be allowed and which not. Whether the ISB's framework were to be applied by one of the audit profession's self-regulatory organizations or by a regulatory organization yet to be formed is less important than the need for some type of framework that will identify independence threats and provide guidance on appropriate safeguards in areas where acceptable practice is unclear or existing practice should be improved. Furthermore, it is my opinion that audit committees should take it upon themselves to review each nonaudit engagement with the company's auditor pursuant to the ISB's standards and the guiding principles set forth in the Panel's Report.

However, a rule banning all nonaudit services to audit clients would throw out the baby with the bath water, while failing to increase the level of auditor independence. Indeed, in light of the Panel's findings of the importance of an auditor's knowledge of the company and the importance of the auditor possessing related information technology skills, I believe banning all nonaudit services for audit clients could hinder audit effectiveness.

A Change in Governance of the Audit Profession

The accounting profession's combination of public oversight and voluntary self-regulation is extensive and overlapping, and yet in certain respects, insufficient to accomplish the goals of monitoring the activities of the profession, providing disciplinary action where appropriate, and establishing ethical standards and rules that will lead to enhanced public confidence in the profession. A veritable alphabet soup of organizations provides governance for the profession, a summary of which appears in Appendix C of the Panel's report. Yet, despite this extensive network of oversight (and, indeed, in part because of it), the Panel concluded that the profession's self-regulatory system suffers from certain limitations, some of which may be inherent in a voluntary system.⁽³⁶⁾

Specifically, the Panel found that the current system of governance (1) lacks sufficient public representation; (2) suffers from divergent views among its members on what should be the profession's priorities; (3) implements a disciplinary system that is slow and ineffective; (4) lacks efficient communication among its various entities and with the SEC; and (5) lacks unified leadership and oversight.⁽³⁷⁾

In light of these significant shortcomings, the Panel recommended that there be a strengthened, unifying oversight body to help ensure the effective working of the governance system. In the Panel's opinion, the experience and expertise of the

independent POB would serve as a sound foundation for such an organization. We believed that, pursuant to a new charter, an expanded POB could aggressively oversee the profession's standard setting, monitoring, disciplinary, and special review functions. The POB would therefore serve as the oversight body to whom the SEC, the state boards of accountancy, the auditing profession, and the public would look for leadership.

Under the Panel's proposal, the POB would have the sole authority to determine the profession's financial obligations to the POB and the sole authority to determine its

expenditures. The POB would also approve of the appointment of the chairs of various self-regulatory bodies (such as the ASB, which would continue to establish auditing standards) and approve all other appointments to such bodies; evaluate whether the funding of those bodies is sufficient for them to meet their mandates; and oversee the evaluation, compensation, hiring, and promotion of many of the entities' employees. The Panel also recommended the creation of a coordinating task force, composed of the chairs of each body within the POB's oversight, that would be responsible for sharing information related to each body's activities.⁽³⁸⁾

Although membership of the POB already consists primarily of non-accountants, the Panel recommended that members be term-limited and nominated by a committee comprised of members of public and private institutions that are most concerned with the quality of audits and financial reporting. Members of these same constituencies would also comprise an advisory council to advise the POB on issues related to audit quality and financial reporting matters. And finally, the Panel recommended that the POB be given the authority to commission special reviews related to significant professional matters that affect the public's confidence in the audit profession.

I believe that a strengthened POB would have served the interests this Committee seeks to protect. Unfortunately, the POB has all but disbanded. There are, however, many similarities between the Panel's proposal and those being discussed by the SEC and the Congress. In theory, I am in favor of the creation of an organization to oversee the accounting profession, whether it is created by regulation or by legislation. If carefully structured to ensure effective oversight, disciplinary proceedings, and rule-making in an unpoliticized environment, such an organization could serve the same purpose we had in mind for an expanded POB.

There are important considerations, however, in structuring a new entity to carry out these responsibilities:

First, it must be decided whether the new organization will assume an oversight role similar to that proposed by the Panel, or whether it will assume some or all of the responsibilities of existing self-regulatory bodies. With regard to the latter possibility, the Committee may wish to consider the following:

· One advantage in having Congress establish a new organization to assume the peer review, investigatory, and disciplinary functions of the profession is that Congress can provide statutory confidentiality protection for the materials, interviews, and findings developed as part of the organization's review and/or disciplinary processes. These processes in the past have been hampered by distrust and by concerns that the materials developed were not protected. Providing confidentiality will expedite and vastly improve the review, investigatory, and disciplinary processes.

· The ASB should remain the appropriate entity for establishing auditing standards, but I believe that an expanded POB - or if Congress determines, a new organization - should oversee the ASB's activities to the extent of appointing its chair and approving appointments of the remainder of the ASB and regularly evaluating its performance. This type of oversight could help assure that the ASB continually re-examines and timely addresses auditing issues that arise in the review and disciplinary activities conducted by the new oversight entity.

· The proposed new organization should not have the power to set, or even influence, the issuance of accounting standards. FASB today is beset with political pressure that directly hampers efficiency and, in some cases, the substance of the standard-setting process. However, FASB, in my view, remains the right entity for determining accounting standards. The most important step Congress can take in improving accounting standards is to ensure that FASB is adequately funded and free from undue political influence.

Second, a new organization must remain independent from the profession, while remaining cognizant of current issues and trends affecting the profession. Congress or the principal regulator should determine an appropriate ratio of members from the profession versus public members. Moreover, the organization's funding should not be, in fact or appearance, reliant on the profession.

Third, the Congress should work hard to ensure that the oversight organization is sufficiently staffed and funded to carry out its sizeable mandate. Already, the SEC struggles to keep up with its oversight responsibilities. If a new organization assumes the review responsibilities currently undertaken as part of the industry's peer review system, it will have to do the job that now is done by many hundreds of experienced employees, managers, and partners assigned by their firms to conduct peer reviews. It will be extremely difficult, if not impossible, as well as costly for a new organization to hire, train and supply the hundreds of experienced staff that will be necessary to conduct reviews of the entire public audit profession.

Fourth and finally, I am aware of various efforts at the State level in the wake of Enron's collapse to provide greater substantive regulation of auditors. Congress should take steps to ensure that national accounting firms are subject to a clear and consistent set of regulations and do not find themselves guided by multiple, potentially conflicting, sets of rules. Such a system not only would be costly for accounting firms, but it might actually create, rather than close, holes in audit oversight and could harm the efficiency of the capital markets.

Mandatory Rotation

Let me comment briefly on one recent proposal that I do not support.

There have been recent suggestions that audit effectiveness would improve by forcing issuers to change auditors every few years. I believe such a requirement would undermine audit effectiveness. The findings of the Panel reinforced the commonly-held understanding that audit effectiveness increases proportionately with an auditor's familiarity with an issuer's business, its inherent risk factors, and its internal controls. In light of the growing complexity of today's business operations - in terms of technology, business processes, financial control procedures, and globalization - such knowledge, accumulated over time by members of the audit team, is critical to effective auditing.

The empirical evidence supports this notion. A study conducted by the AICPA into over 400 cases of alleged audit failure between 1979 and 1991 indicated that the alleged failures occurred almost three times as often when the auditor was performing his first or second audit of the company. Similarly, the 1987 Treadway Commission's review of fraud-related cases revealed that a "significant number involved companies that had recently changed their independent public accountants . . . ."

I know there have been a number of failures, as well, where the company's auditors had been on the scene for many years. But logic simply tells you - and the recommendations of our Panel support this - that knowledge of and experience with the audit client's business, internal controls, and culture form the basis for an effective audit. I firmly believe that mandatory rotation would introduce inefficiencies and greater costs and, in the end, would diminish, rather than enhance, audit quality.

Conclusion

Our capital markets are not broken. They may have been bent, but they are wonderfully resilient and have stood the test of time. I believe that much can and should be done by the accounting profession itself to improve audit effectiveness. I also believe that much can and should be done by other professionals and entities that comprise the safety nets that combine to build confidence in our capital markets and protect the investing public. And, I believe that Congress certainly can play a constructive role in holding the type of hearings that have been undertaken by this Committee and, if necessary when all of the facts are gathered, by crafting legislation in the public interest. I do want to urge caution in whatever legislative proposals are advanced, because I fear that a hastily-crafted package could potentially harm, rather than help, the cause of audit reform.

I appreciate the opportunity to give you my views, and, going forward, I will be pleased to assist this committee in whatever manner would be most helpful.

Notes:

¹ The Panel on Audit Effectiveness, Report and Recommendations, August 31, 2000 ("Report").

² See September 28, 1998 letter from Lynn Turner, Chief Accountant of the SEC, to A.A. Sommer, Chairman of the Public Oversight Board, Report, Exhibit 1.

³ Letter from Shaun O'Malley to the POB and Other Interested Parties, preceding the Report.

⁴ Beginning in 1948, the membership of the American Institute of Certified Public Accountants (AICPA) adopted 10 statements referred to as "generally accepted auditing standards" or GAAS. The Auditing Standards Board (ASB), a senior technical committee of the AICPA, has responsibility for interpreting GAAS through Statements on Auditing Standards (SASs). The SASs and the 10 GAAS statements are referred to collectively as generally accepted auditing standards. Report at 2.3.

⁵ Report at 3.46. See SAS 82.

⁶ An auditor also may have a legal obligation to report fraud to the audit committee and, ultimately, to the Commission under certain circumstances. See Section 10A, Securities Exchange Act of 1934, 15 U.S.C. 78j-1.

⁷ Report at 3.51

⁸ Id.

⁹ Standards need to be reasonable in that they should not force auditors to adhere to rules that do not take into account the myriad of circumstances that may exist on audits. To serve as effective measures of the quality of performance, however, auditing standards need to provide clear, concise and definitive imperatives for auditors to follow.

¹⁰ Report at 2.220-222

¹¹ Report at 2.232

¹² Report at 2.26.

¹³ Internal control is "a process - effected by an entity's board of directors, management, and other personnel - designed to provide reasonable assurance regarding the achievement of objectives in the following categories: (a) reliability of financial reporting, (b) effectiveness and efficiency of operations, and (c) compliance with applicable laws and regulations." SAS No. 78, cited at Report at 2.50. Controls that are relevant to an audit are those that pertain to or impact the entity's preparation of financial statements for external purposes.

¹⁴ Report at 2.77.

¹⁵ Report at 2.78.

¹⁶ Id.

¹⁷ In order to determine the depth of testing necessary for a particular item on an issuer's financial report, an auditor must first assess the risk that the item is misstated. For example, complex transactions are more easily misstated than simple ones; an auditor will therefore assess a complex transaction to be high risk and test that transaction more thoroughly than others.

¹⁸ Report at 2.7.

¹⁹ Report at 2.49.

²⁰ Report at 4.3.

²¹ Report at 4.4.

²² Report at 4.5.

²³ Id.

²⁴ Report at 4.21.

²⁵ Id.

²⁶ Report at 2.205.

²⁷ Report at 2.205.

²⁸ Report at 2.216.

²⁹ Id.

³⁰ Report at 5.1.

³¹ Report at 5.18.

³² Id.

³³ Report at 5.20.

³⁴ Report at 5.29. The Panel recommended that, in determining the appropriateness of a particular service, one guiding principle should be whether the service facilitates the performance of the audit, improves the client's financial reporting process, or is otherwise in the public interest. Id.

³⁵ 17 CFR 210, at 24.

³⁶ Report at 6.15.

³⁷ Report at 6.15.

³⁸ Report at 6.23-25.