Serving the profession's assurance function. (interview with Vice President Dan Guy of the American Institute of Certified Public Accountants) (Interview)by Craig, James L., Jr.
The head of staff of the auditing standards division supports the activities of the Auditing Standards Board and much more.
The CPA Journal: Let's begin with an overview of your responsibilities as Vice President -- Auditing of the AICPA.
Dan Guy: I am the senior start person in the auditing standards division. Our division has responsibility for the Auditing Standards Board and the Accounting and Review Services Committee and all the official releases of those two senior committees. The division is also responsible for nonauthoritative publications such as auditing procedures studies (developed by staff usually with the help of a committee, but not voted upon by a committee), the general audit risk alert, and initiated in 1992, the compilation and review alert. The alerts are not cleared by the ASB or the Accounting and Review Services Committee. The industry alerts produced by the various industry committees--there are 17 of them--are cleared by me and the chairman of the ASB for audit content.
I have no direct responsibility for the industry committees, which are either under the Accounting Standards Division or our Washington, D.C. office. The chair of the ASB and I are responsible for clearing the auditing content of the guides that the committees produce. If we believe there is a particular problem in a guide, we will go to the Audit Issues Task Force or directly to the ASB with that issue.
The Auditing Standards Board at Work
CPAJ: In preparation for our conversation with the chairman and selected members of the Auditing Standards Board, some background would be helpful. How does the Board set its agenda items?
Guy: There are a number of places the issues come from. It may be a practice problem of significance that comes to our attention from our technical hot line, letters from members, or from regulators. We meet regularly with the SEC to learn of problems they see. We have conferences, such as our 1992 Expectation Gap Roundtable and the 1993 Audit Assurance 2000 Conference, where issues are discussed and problems identified. Large firms also request that the Audit Issues Task Force give consideration to practice issues. We have liaison relationships with other organizations--for example, the American Bar Association, Institute of Internal Auditors, Financial Executives Institute, Financial Accounting Standards Board, and Governmental Accounting Standards Board, to name a few--that bring additional problems to our attention.
CPAJ: You mentioned the Audit Issues Task Force. How does that operate?
Guy: The Audit Issues Task Force (AITF) is an advisory group to the Board chairman and me, made up of four or five members of the Board, that meets monthly to discuss emerging audit practice issues.
CPAJ: Does the AITF reach consensus positions and publish those positions in a manner similar to the Emerging Issues Task Force of the FASB?
Guy: The AITF response to each issue varies depending on the conclusions reached during discussions. If a solution is reached quickly and is not controversial, we will communicate that back to the originator of the question and consider it for disclosure to our members in some fashion-- Audit Risk Alert or The CPA Letter are two possibilities. If the issue can not be quickly resolved and impacts a broad range of practitioners, we might make it an agenda item for the full Board. Another choice is to issue an auditing or attest interpretation on the subject. The staff drafts the interpretation. It is reviewed in detail, and approved by the AITF and submitted to the Board for a fatal flaw review.
An example of an issue that went through this process was the SEC's position that the fourth paragraph of auditors' reports highlighting going-concern problems under SAS No. 59 were not being appropriately worded. I placed the subject on the agenda of the AITF and highlighted the SEC's concern in an Audit Risk Alert. Finally, the Board amended SAS No. 59 to require specific wording in a fourth paragraph when going- concern uncertainties are being emphasized.
CPAJ: Who sets the agenda and who makes the assignments to the task forces?
Guy: We have a planning chart which we update six times a year which lists the projects being worked on at all levels. The planning chart is reviewed by the AITF.
When a problem is identified for possible consideration by the Board, a project charge is developed. After discussion by the AITF, the Chairman and I determine the makeup of the task force to handle the project based on the backgrounds and experiences of Board members. I assign a staff person. Task forces are primarily made up of Board members.
CPAJ: Are the task forces permanent?
Guy: Subcommittees are standing groups. In contrast, task forces (with the exception of the AITF) are established for specific projects and go out of business when the project is completed or otherwise terminated. Presently, we only have one subcommittee--the one on computer auditing. Membership on subcommittees and the ASB is approved by the AICPA Board of Directors, membership on task forces is not.
Task forces initially develop an issues paper, from there to drafts of proposed statements for consideration by the Board. The process from start to finish can be as little as two or up to five years.
Board meetings are open to the public, agendas are published in advance, and highlights are available upon request. There is a subscription service that will provide all this information to those interested. We have a newsletter In Our Opinion, which is published four times a year and distributed on a limited basis, principally to those groups that we liaise with.
CPAJ: How is the Board doing in identifying practice problems and in finding solutions?
Guy: Having issued the nine expectation gap standards, the Board is now moving into new waters with issuance of attestation standards on internal control and compliance with laws and regulations. It is stepping out to give guidance on matters that go beyond the traditional historical financial statements. Agreed-upon-procedures is also receiving attention by the Board as a way to satisfy users needs in a very specific way.
I think the Board is forward looking in its goals and objectives. It is seeking to find new ground for independent accountant involvement. Our Audit/Assurance 2000 conference held in 1993 is a perfect example. In summary, that conference:
* Analyzed why the assurance function has lost value;
* Concluded that we should focus on a broader array of information and information processes and allow auditors to evaluate relevance of information and provide interpretive and analytical comments; and
* Recommended the creation of a special committee to develop a strategic plan for an expanded assurance function.
As many independent developments occur in the profession--the Jenkins special committee on financial reporting, the special report of the POB, the report of the Association for Investment Management and Research on financial reporting in the 90s--the Board is preparing to have in place the necessary reporting mechanisms to give the assurances the public needs.
CPAJ: Many practitioners view agreed-upon procedures in a narrow context, perhaps as part of a purchase agreement. Can you be more specific?
Guy: In the last year, we have worked on virtually dozens of new agreed- upon-procedures engagements primarily to satisfy the needs of regulators. A good example is the report we developed working with Federal regulators to give them comfort that gasoline distributors were complying with oxygenation requirements. If we were asked to give examination or audit level assurances about the chemical composition of gasoline, we would have had problems. But we can handle the engagement via agreed-upon procedures. A report of this type must be restricted to named parties. Even in the governmental arena where freedom-of- information legislation is in place, agreed-upon-procedures reports can be issued, assuming there will be no broad or general distribution of the report.
A word of caution is in order. The guidance for agreed-upon-procedures engagements is set forth in several places: elements of a financial statement (SAS No. 35); the bank audit guide forecasts and projections; attestation standards; and compliance attestation. We have a task force on agreed-upon procedures that is seeking to bring the whole practice area into focus in one place and make the guidance more practitioner friendly.
CPAJ: Is the voice of the local practitioner heard by the Board in its deliberations?
Guy: The Board is made up of 15 members: six from the largest firms, one from the academic community, one from government with the remaining presently from local and mid-sized firms. The contribution and dedication of the representatives from small firms is outstanding. Their views are well articulated and represented in the final statements we issue. We compensate Board members. This enables us to go to a small firm with three or four partners and say we want to take 30% to 40% of your best auditor's time. There will be up to 40 days of Board and task force meetings per year. The compensation is $50 per hour up to a maximum of 800 hours. I should add that, as you would expect, the Big Six firms make a major contribution to the Board--they do not request compensation. They provide their member extensive staff assistance and share their internally developed material.
CPAJ: Do you get input from the Public Oversight Board's Quality Control Inquiry Committee? The POB's special report In The Public Interest notes there is a need for better feedback from firms and the POB to standard setters as a result of things learned from "audit failures."
Guy: The POB makes recommendations to us in meetings, letters, and special reports. The recommendations are placed on the AITF agenda for initial consideration before going to the ASB. The AITF meets at least annually with the POB. There is a need for improvement in the process as recognized in the POB's special report. We do need to learn more form audit failures and make sure that "lessons learned" are made available to every auditor. We also need to learn more from audit successes-- situations where we have detected material misstatements.
Important Issues Impacting the Assurance Function
CPAJ: To what extent do you think deficiencies in the audit process contributed to the alleged audit failures in the savings and loan industry? We have had discussions with regulators and they seem to point out two major deficiencies in audits they have seen: a lack of professional skepticism and a willingness to accept the client's position.
Guy: I can't think of any problem with standards that was identified by regulators looking at the S&L mess. I would be hard pressed to cite any problem, beyond the SAS No. 59 issue that has been identified by regulators, since the expectation gap standards became effective. Standards are high level--they focus judgment--they are not cookbooks with recipes for all situations. The guidance on professional skepticism attempts to ratchet up the need for the auditor to be critical, skeptical. Alleged audit failures generally do not bring into question the standards, but rather their application and implementation in a specific situation.
CPAJ: Do you mean to say there were no lessons learned--no major practice issues identified?
Guy: One comes to mind: a procedure or guidance for backup reporting when high level management does not properly respond to illegal acts or other matters that should be brought to the attention of regulators. We have the 8-K requirement for public companies to inform the SEC of disagreements surrounding a change in auditors. But we need a more generally applicable way of letting regulators and other parties know when companies don't take the necessary steps when illegal acts and the like are identified. The recent AICPA support of the Wyden bill, which again only affects public companies, indicates our desire to improve communications where problems are encountered and not quickly disposed of.
CPAJ: The observation made by regulators that auditors seem to get too cozy with their clients or at the least don't view situations in a realistic fashion continues to be a source of concern. What could or should the AICPA have been doing to shore up this perceived weakness?
Guy: Some of this finger pointing when financial reporting fails is from a lack of understanding of the level of assurance an audit gives--the age old expectation gap. The audit process is designed to reduce information risk associated with financial statements; it does not reduce business risk. Is this a good investment or an acceptable credit risk? Don't get me wrong. I believe auditors need to be more skeptical and less accommodating. But I think this is happening as the profession suffers through this period of scrutiny and self-examination. The nine expectation gap standards have not had their day in court. For example, we know that some auditors do not understand nor have come to grips with their responsibility to detect fraud. It's crystal clear that the standards require the auditor to assess the risk of irregularity or fraud and to design the audit to detect material fraud. But there is still denial in the profession. If a material fraud was not detected, the audit will be called into question as to why a reasonable, prudent auditor exercising a healthy professional skepticism in a non- accommodating way did not detect and deal with the fraud. That's what standards require.
CPAJ: Jake Netterville, past chairman of the MCPA, in announcing the AICPA's commitment for improved financial reporting made the statement that fraud detection is our job. "Our goal is 100% detection." To meet Mr. Netterville's goal, will standards have to be modified?
Guy: No I don't think so. Standards articulate bedrock requirements, not goals. Our goal is 100% detection, but the standard--SAS No. 53-- appropriately recognizes that an audit is subject to the inherent risk that material fraud will not always be detected by the prudent auditor.
CPAJ: Last year, the AICPA had an expectation gap roundtable to examine the effectiveness of those new standards. Many attendees seemed to feel the roundtable demonstrated the standards had been effective in reducing expectations, but with the need to do more with regard to illegal acts. Don Chapin of the GAO on the other hand felt that the roundtable demonstrated just the opposite. What is your view?
Guy: The papers that came out of the roundtable and the general tone of the two-day discussion that took place clearly support the first view. The papers have recently been published and are there for all to study. The AITF recently created a project to restudy SAS No. 56, Analytical Procedures, based on the recommendations made at the roundtable. We also have a staff effort underway that is looking at the completeness of the "red flags" in relation to one of the papers and other published materials. Bottom line--we recognize that the expectation gap standards are not perfect--they are not cast in concrete--but they do represent a major step forward.
Internal Control Reporting
CPAJ: The COSO report on internal control has been out for a while now. The GAO, a now very active critic of the profession, has said that this is still another example where we have failed to step forward. In GAO's view the expectation gap standards didn't work, and now COSO, which also doesn't do iL
Guy: COSO is a major development in terms of parties that have an important role to play in internal control structure coming together to develop a framework. I think the framework is where GAAP was in the 1940s in terms of a benchmark. It is a starting point from which to build. There was a real need for all the parties involved to get together to put together a framework that sets forth a common understanding. We now have to be careful not to oversell internal control. There are limitations to its effectiveness. Internal control is not going to eliminate fraud. But history will show that the development and publication of COSO was a watershed event--a major step forward in the public interest
CPAJ: The GAO seems to believe that auditor reporting on internal control is a significant way that auditors can step forward and better sense the public. It claims internal-control reporting of S&Ls would have led regulators to take more timely action in stopping the hemorrhaging in the midst of that crisis.
Guy: No doubt, internal-control reports issued under the attest standards are effective tools for regulators and audit committees and boards of directors--these two groups are in a position to respond to deficiencies noted. For a long time, I had major reservations about the utility of internal control structure examinations, especially to groups other than regulators and boards. However, after reading Chapter Nine, "Where Were the Auditors?" in Anatomy of a Fraud, which is about the PTL affair, I had what some would call an awakening. In fact, today, I believe the utility of internal control examinations exceeds the cost and we need to do more.
The Profession at a Cross Road
CPAJ: The profession in some ways seems to be going in two directions. CPAs in the non-public arena, because of TRA 86, have experienced an increased concentration of their work in the busy season. To manage their businesses, they sometimes seek to put off issuing financial statements and tax returns. In other words, they seek to spread the work. On the other hand, in the public sector, promptness and timeliness are very important. The Association for Investment Management and Research says there are two major principles in financial reporting-- timeliness and reliability. They would even suggest giving up auditor assurances to get the information more quickly.
Guy: In order to have believable financial information either the process that produces the information--that is, the control structure-- or the financial information itself must be audited or reviewed. Perhaps both the process and the output should be audited. I don't believe that auditor involvement necessarily hinders timely reporting. In fact, to offer a personal view, I would not serve on an audit committee of a public company today unless they had timely reviews of the quarterly financials.
CPAJ: The regulators say the profession is so liability conscious that it does not want to take on additional responsibilities. Clearly, the profession must identify the needs of users of financial statements, and step forward to provide those needs. But the liability problem is real and must be somehow contained in order to provide an environment where these new services can be performed.
Guy: We should not retrench in response to the liability risks. The ASB, in considering user needs for additional assurance services, tries not to get overly concerned or hogtied over the liability problems. That's not to say we ignore them. Our foremost concern is user needs and the public interest. Later in the process we examine the liability consequences. For example, the deliberations leading to the expectation gap standards put the liability issues aside and focused on user and the public needs. If we wrote standards strictly driven by liability concerns that were out of sync with the public interest, we would be nothing more than a trade organization and should go out of business.
CPAJ: How do we get firms to step forward and begin to offer and promote new kinds of services?
Guy: First, I think CPAs will increasingly recognize the business potential of expanded services, especially in the attest domain. Of course, the expansion must take place in areas where malpractice risks are reasonable. I think that we will be pushed out of our complacency by the requirements of regulators and legislation. An example is the Federal Deposit Insurance Corporation Improvement Act of 1991 with its requirements for assurances on internal controls over financial reporting and compliance with certain laws and regulations. One of the most promising areas for future services is in performing agreed-upon procedures. We can go into a murky area, agree with the client and regulator on what needs to be done, do what has been agreed to, and report the findings. The future of agreed-upon procedures is very bright. I also think that the strategic plan that will eventually spring forth from the Audit/Assurance conference will point the way to significant future service opportunities.
CPAJ: Government Auditing Standards, often referred to as the Yellow Book, is under revision. The Board has a new attestation standard on compliance testing. SAS No. 68, Compliance Auditing, gives guidance to independent accountants when reporting under the single audit act. How do these all fit?
Guy: The compliance attestation standard does not cover or affect audits done under the Single Audit Act or OMB Circulars A-128 and A-133. It would be used, for example, in satisfaction of the compliance requirements of the FDIC Improvement Act of 1991 and all other compliance engagements not reported on under SAS 68. In 1994, we hope to replace SAS No. 68 with more generic guidance so that every time there are revisions to the Yellow Book or OMB circulars we don't have to revise the SASs.
CPAJ: How do you feel the recommendations of the Jenkins' Committee will impact the auditing standards?
Guy: I sense that its recommendations as well as the AcSEC proposed SOP on risks and uncertainties will lead to an emerging importance of "soft data," which the independent accountant should report on in some fashion. It is important to distinguish here between forecasts of financial results and soft information that may become an increasing part of historical financial statements. They are two separate animals. The historic statements are the means of assessing accountability. Forecasts are the means for entities to set forth what they expect will happen given a set of disclosed assumptions. Both historic statements and forecasts are enhanced when independent accountants give assurances on them. It would be prudent for the profession to sell two services on the two kinds of information. The answer is not to make the historical financial statements more prospective in nature. In summary, Jenkins will recommend major changes in the financial reporting arena and perhaps in audit reporting as well. Those recommendations will have to be considered by both accounting and auditing standards setters.
Advice for the Practitioner with Few Audits
CPAJ: There are many CPAs that have relatively small accounting and auditing practices. Many do one or two audits and even more do only reviews and compilations. How can they manage to practice successfully with the information overload that faces them?
Guy: My advice would be to restrict the practice to areas in which the practitioner has expertise and is up-to-date. For example, if I had a practice that was principally in taxes and business consulting and a client had a need for financial statements, I might explore the acceptability of cash or income tax basis financial statements. If the client needed GAAP statements, I might steer them to a practitioner who had the expertise. It would not be that I couldn't master the GAAP requirements; rather the concern would be a decision about the investment in time needed to keep up with GAAP measured against the fees I could charge. I might be better off studying the Revenue Reconciliation Act of 1993. It is important to remember that GAAP is the same for audited, reviewed, and compiled financial statements. GAAP certainly adds a few degrees of technical complexity to an accounting practice. And, if you are doing audits in addition to compilation and reviews, there are a few more degrees of complexity to consider.
CPAJ: Dan, thank you for your frank and insightful observations about the workings of the Board and the accounting profession.
The CPA Journal is broadly recognized as an outstanding, technical-refereed publication aimed at public practitioners, management, educators, and other accounting professionals. It is edited by CPAs for CPAs. Our goal is to provide CPAs and other accounting professionals with the information and news to enable them to be successful accountants, managers, and executives in today's practice environments.
©2009 The New York State Society of CPAs. Legal Notices
Visit the new cpajournal.com.