IOSCO to Examine Contingencies for Failure of Global Audit Firm

Under the direction of SEC Chairman Christopher Cox, an IOSCO task force will examine financial audit plans as part of regulatory contingency plans for a disruption in audit services. Among other things, the task force will focus on transparency and governance of audit firms, including the intersection of governance with both firm viability and audit quality. The task force will also focus on the scope of audit reports, including varying levels of assurance in different circumstances, the possibility of enhanced disclosure of the bases for different levels of assurance, and the potential role of joint audits.

Because of the interdependent nature of investing and capital-raising, and the existence of global audit firm networks, an audit firm contingency or crisis in any one jurisdiction has the potential to affect the delivery of audit services in other jurisdictions. In addition, the growth in audit firm concentration limits choice and availability of audit services, particularly in the case of audits of large multinational issuers. With less choice for alternative auditors, the potential loss of one of the remaining global firms could further affect the availability of audits for global companies.

IOSCO flatly rejects the notion that any audit firm is too big to fail. Thus, it is possible that at times an audit firm’s exit may be unavoidable or even desirable from a regulatory and investor protection perspective.

Effective contingency planning must move on two tracks. The preventive measures track involves activities that a regulator may regularly undertake on a basis to support audit quality, bolster audit availability, and monitor the likelihood of events that could lead to market disruptions that threaten investor confidence. The crisis management track relies on the regulator’s advance preparation of an action plan for use in a contingency situation that develops into a crisis. Crisis management also includes gathering information and evaluating and updating whatever plan has previously been prepared for use should a crisis arise.

As part of contingency planning, regulators should engage in ongoing communications with auditor oversight authorities, such as the PCAOB, on measures that promote audit quality and auditor accountability. The dialogue with the audit standard setter could include issues involving the establishment of auditing standards, audit firm compliance with standards, audit firm policies for quality controls and for managing engagement risk, and how audit firms monitor, verify and enforce compliance with standards.

Securities regulators should also consider providing information for audit committees charged with hiring the outside auditors and overseeing their conduct. The information provided could include the nature of the auditing environment from an issuer standpoint, as well as the nature of regulatory actions that could give rise to sanctions against audit firms in a market.