The Concept Release requests comments on the concept of proposing rules requiring registered firms to make and document clear assignments of responsibility for implementation of Quality Control. Although supportive of the objective to clarify supervisory responsibilities, PwC does not believe separate rulemaking is necessary. Rather, the firm believes that this effort should be implemented through the quality control projects already on the Board's agenda. In addition, if the Board were to undertake separate rulemaking in this area, PwC supports a general framework of assignment and documentation rather than prescriptive rules.
Office of the Secretary
Public Company Accounting Oversight Board
1666 K Street, N.W.
Washington, D. 20006-2803
November 3, 2010
RE: PCAOB Rulemaking Docket Matter No. 031, Application of the "Failure to Supervise" Provision of the Sarbanes-Oxley Act of 2002 and Solicitation of Comment on Rulemaking Concepts
We appreciate the opportunity to respond to the Public Company Accounting Oversight Board's ("PCAOB" or the "Board") Release No. 2010-005:Application of the "Failure to Supervise" Provision of the Sarbanes-Oxley Act of 2002 and Solicitation of Comment on Rulemaking Concepts (the "Concept Release").
We support the Board's continuing effort to promulgate standards and rules that promote audit quality. In the past, we have encouraged the Board to increase the depth of, and accelerate the timing of, public involvement in its rule-making process, and we believe that the issuance of a concept release is a positive step towards this goal. In general, we believe that a concept release can provide increased transparency to the Board's rule-making agenda and will provide input at the formative stage as the Board considers whether to propose a new standard or rule.
We also continue to believe that the quality of the rule-making process could be further enhanced by more directly involving experienced members of the profession in the development of proposed rules, through establishment of task forces or otherwise. In particular, if the Board elects to consider significant changes to the quality control (QC) standards related to the assignment and documentation of various supervision responsibilities, or if the Board decides to commence a separate rulemaking on supervision, we recommend that the Board engage representatives from firms of all sizes to assist it in ensuring that the Board's proposed requirements can be met by all while still achieving the objectives of the Board.
In the remainder of our letter, we wish to emphasize three principal points:
Point 1:While we support the Board's objective to clarify supervisory responsibilities and to enhance documentation of these responsibilities, we believe that this effort should be implemented through the QC projects already on the Board's agenda. We do not believe that a separate rulemaking on supervision is necessary. If the Board nonetheless decides to institute such a rulemaking, it should not do so before it has completed the QC project.
We support the Board's desire to provide more clarity relating to the assignment of various supervisory responsibilities within a firm, as well as to enhance the documentation of those responsibilities. Additional clarity in this area could have a positive impact on audit quality. Although we agree with the Board's objectives, we believe that separate specific rulemaking in the area of supervision is not necessary and, as discussed below, may result in unintended consequences which do not promote improved audit quality.
We note that the PCAOB's Office of the Chief Auditor's (OCA's) current standard-setting agenda includes a project to consider certain revisions to the QC standards. Also in process are the Auditing Standards Board's (ASB's) Clarification and Convergence projects, which will make adjustments to the AICPA's quality control standards and how quality control standards are implemented on individual engagements. In addition, changes have already been made to ISA 220 (Redrafted), Quality Control for an Audit of Financial Statements and ISQC 1 (Redrafted), Quality Control for Firms that Perform Audits and Reviews of Financial Statements, and Other Assurance and Related Services Engagements. Consequently, firms have and will continue to enhance the level of detail and documentation of their quality control policies and procedures.
We recommend that the scope of the OCA's upcoming project on the Quality Control Standards include clarification of the documentation requirements in the existing QC standards. For example, QC 20 currently states, "Although communication ordinarily is enhanced if it is in writing, the effectiveness of a firm's system of quality control is not necessarily impaired by the absence of documentation of established quality control policies and procedures." The Board could consider revising the existing standards to incorporate a requirement for additional documentation relating to supervision and monitoring within the QC standards that meets Board's objectives. We believe that supervision requirements would be better defined in the context of existing QC and auditing standards, which are designed to establish comprehensive professional standards governing how firms conduct audits, than in separate stand-alone rules overlaid on top of applicable QC and auditing standards.
If the Board decides to update the documentation requirements within the QC standards, we would, depending upon the scope of the proposed changes, still encourage the Board to solicit feedback from firms of all sizes and consider the unintended consequences discussed below. We believe, as discussed below, the requirements should be more general in nature to allow for differences on how firms are structured and operated. We believe these more general requirements could enhance clarity while avoiding confusion and limiting certain unintended consequences. In any event, we recommend deferring any additional rulemaking until the related QC standards have been updated and the Board has had an opportunity to evaluate the firms' experience following adoption of those revised standards, as well as any other changes made or that will be made by firms in response to the new standards.
Point 2: Even if the Board were to undertake a separate rulemaking regarding supervision, we believe any rules should be in the form of a general framework rather than prescriptive rules. Any effort to prescribe specific rules to be followed by all firms, regardless of size or structure, could have unintended consequences.
The Board has requested comment in Part II of the Concept Release regarding how a rule relating to supervision might be crafted and input on potential unintended consequences of such a rule.
If the Board decides to move forward with separate rulemaking, we support a general framework for assignment of supervisory responsibilities and documentation of those assignments, not prescriptive rules. Consistent with QC 20, the size, structure, and nature of the practice of the firm should be considered in the determination of the extent of documentation of the responsibility for monitoring of the execution of quality control policies and procedures.
For example, documentation of established quality control policies and procedures, including supervisory responsibilities, would generally be expected to be more extensive in a large firm than in a small firm and in a multi-office firm than in a single office firm. In addition, the responsibility for management of a firm will likely be different from the supervisory responsibilities bearing directly on the performance of audits and will vary based on the size and structure of a firm. Also, there may be many ways to demonstrate supervision; therefore, a general framework will hopefully prevent the documentation requirements themselves from dictating how a firm can demonstrate appropriate supervision.
We believe that prescribing specific requirements related to the assignment and documentation of supervision may result in defining supervisory responsibilities in a linear, top-down manner which is inconsistent with how decision-making among engagement teams and "supervisory personnel" actually occurs. Significant judgments and decisions are often made within firms with input from various persons outside of the engagement team. The engagement leader is ultimately responsible for communicating the firm's position on accounting, auditing and reporting matters to the client. However, prior to communicating a position to a client on a matter involving significan. judgment—for example, regardin. the acceptability of client accounting policies, practices and disclosures or the form of accountants' report—engagement leaders are expected, and in certain instances, required to consult with other professionals. Often these consultations involve multiple individuals who are not, and should not be, considered a "supervisor."
Similarly, the assignment of an engagement leader to an audit engagement may take into account information about the qualifications, performance, tenure, existing engagement staffing and geographic location that may require input from several individuals in the supervisory mix. This fluid approach enhances audit quality by facilitating the right combination of professional input at the right time, but the mix will necessarily vary in differing situations. The formulation of a more specific linear chain of direct responsibility may discourage this important group dynamic in decision making by encouraging only narrow involvement of a designated individual "supervisor.". Informal consultations and discussions may also be discouraged, as individuals may not want to participate in a matter for fear of being subjected to potential sanctions for "failure to supervise" notwithstanding that they had only indirect, but valuable, involvement in a matter. Finally, it should be emphasized that audit failures generally do not result from a lack of supervision by individuals outside of the audit team and an audit failure should not be viewed as evidence of lack of supervision. Detailed identification of a required supervisory chain may, however, inappropriately imply direct causation in each case.
As a result, the Board should consider each of these unintended consequences when considering any future changes to the documentation of the supervision model.
Point 3: A legal framework for liability that assumes a hierarchical model of supervision based on the broker-dealer model would be inconsistent with the collaborative, judgment-based process involved in the auditing process. The Board's legal analysis risks extending potential liability to a myriad of persons who may participate in the auditing process within the firm and who may be deemed to be "supervisory personnel" in hindsight.
While we recognize that Part I of the Concept Release only sets forth the PCAOB's views on legal matters and does not seek comment, we are nonetheless concerned about aspects of the Board's articulation of its standards for imposing failure to supervise sanctions. We are concerned that the Board provides no meaningful guidance on firms' and individual's responsibilities regarding supervision. This increases the possibility that sanctions will be imposed based on a post-hoc evaluation of the circumstances.
A top-down, compliance-oriented model of supervision that may be appropriate to ensure that broker-dealers comply with anti-fraud laws in their dealings with customers should not be applied rigidly in defining the proper role and liability of "supervisory personnel" in a professional organization. The inherent potential conflicts between the broker and its customer1 are not present in the auditing relationship. Moreover, audits are often large and highly complex undertakings that involve many people and substantial time to complete, particularly when the issuer is a large enterprise with disparate operations and complex accounting issues. Audits involve the exercise of substantial judgment. In this context, it is overly simplistic to analogize the inherently qualitative supervisory principles already embodied in the relevant auditing and QC standards (as they may be modified) to the anti-fraud compliance purpose of supervision for broker-dealers.
The Board declines to define "supervisory personnel" or describe what factors would be relevant in determining whether someone failed to supervise. The Board indicates that “[a]ny associated person in the firm, even the most senior personnel of very large firms, could be a ‘supervisory person’ . . . depending on the nature of their responsibility, ability or authority in relation to the conduct of the associate person who commits a predicate violation." This portends the possibility that many others within the firm—including geographic or sector leadership, senior management, national office personnel, engagement quality review partners, or in house counsel—can be held liable, based on the Board's post hoc characterizations of what such persons could have or should have done to "supervise"—i.e., prevent—others' activities. We do not think such an open-ended scope for failure to supervise liability is appropriate or warranted.
Our concerns are heightened by the Board's emphasis on the open-ended phrase "or otherwise" in Sarbanes-Oxley section 105(c)(6)(A), which the Board appears to interpret to allow it to impose failure to supervise liability even where there is no violation of any specific rule or standard defining what constitutes appropriate supervision. Moreover, the Board largely dismisses another important element of the statute—the “safe harbor” of section 105(c)(6)(B). Section 105(c)(6)(B) restricts the Board’s power to impose sanctions on an associated person in cases where the firm has adopted reasonable compliance procedures and the associated person has discharged his or her responsibilities and had no reason to believe the compliance procedures were not being complied with. The Board’s interpretation of this section as nothing more than an “affirmative defense” is not supported by the language of the statute and raises additional concerns that the Board will not apply any meaningful standards in seeking to impose failure to supervise liability.
To layer on top of the existing professional standards a legal requirement for "supervision" by others not directly responsible for an audit, purportedly in order to detect and prevent violations of law and/or professional standards by the engagement team, is unlikely to materially advance the objectives of those professional standards. Yet it may discourage free exchange and consultation with others in the firm if those persons believe that by doing so they may be deemed "supervisory personnel" and thereby incur additional legal liability.
We appreciate the opportunity to express our views and would be pleased to discuss our comments or answer any questions that the PCAOB staff or the Board may have. Please contact Michael Gallagher (973-236-4328), Jeff Johanns (973-236-5637), or Brian Richson (973-236-5615) regarding our submission.
1 See, e.g., Smith Barney, Harris Upham & Co., Rel. No. 34-21813, 1985 WL 548567, at __ (1985) (noting "the inherent tension between productivity and adequate supervision in light of the competitive conditions presently confronting the securities industry. A production-oriented policy raises the concern that some broker-dealers may overlook compliance related difficulties by employees who are top salesmen.")