Sarbanes Oxley News February 2013

7/28/2019 Sarbanes Oxley News February 2013

1/76

P a g e | 1

_________________________________________________

Sarbanes Oxley Compliance Professionals Association (SOXCPA)www.sarbanes-oxley-association.com

Sarbanes Oxley Compliance ProfessionalsAssociation (SOXCPA)

1200 G Street NW Suite 800 Washington, DC 20005-6705 USATel: 202-449-9750 Web:www.sarbanes-oxley-association.com

Dear Member,

Sarbanes Oxley continues to be very important notonly in the States, but in more and more countriesaround the world as well.

Today we will start from the PCAOB and the French audit regulator.

PCAOB Enters Into Cooperative Agreement with French AuditRegulator

The Public Company Accounting Oversight Board today announcedthat it has entered into a cooperativeagreement with the French High Councilfor Statutory Auditors (H3C) relating tothe oversight of audit firms subject to theregulatory jurisdictions of bothregulators.

The agreement takes effect immediately.

"France, which is home to a number of companies that have asignificant impact on U.S. and global markets, is an important partner inEurope," said PCAOB Chairman James R. Doty.

"This agreement with the H3C is yet another step forward in ourcontinuous effort to strengthen investor protection across borders."
http://www.sarbanes-oxley-association.com/http://www.sarbanes-oxley-association.com/http://www.sarbanes-oxley-association.com/


2/76

P a g e | 2

_________________________________________________


The PCAOB has reached similar agreements with four other EuropeanUnion member statesthe United Kingdom, Germany, theNetherlands and Spain.

Additionally, the Board has agreements with Switzerland and Norwayand several non-European regulators.

The agreement with the H3C provides a framework for joint inspectionsand allows for the exchange of confidential information in accordance

with the provisions of the Dodd-Frank Wall Street Reform andConsumer Protection Act of 2010 in the U.S. and applicable French law.

The provisions of the Dodd-Frank Act amended the Sarbanes-Oxley Actof 2002 to permit the PCAOB to share confidential information with its

non-U.S. counterparts under certain circumstances.

An agreement on data protection is also part of the cooperativearrangement with France.

"The agreement we have reached with the H3C shows the clearcommitment to strong audit oversight that our organizations share,"said Bruce Wilson, PCAOB Director of International Affairs.

"The PCAOB is looking forward to building upon the close relationship

we have developed with our French counterparts."

Under the Sarbanes-Oxley Act, the PCAOB oversees and inspects allaccounting firms that regularly audit public companies whose securitiestrade in U.S. markets.

More than 900 audit firms currently registered with the PCAOB arelocated outside of the United States in 87 jurisdictions.

Currently, 25 registered firms are located in France.


3/76

P a g e | 3

_________________________________________________


PCAOB Enters Into Cooperative Agreement with Finnish AuditRegulator

The Public Company Accounting Oversight Board today announced

that it has entered into a cooperative agreement with the Auditing Boardof the Central Chamber of Commerce (AB3C) of Finland relating to theoversight of audit firms subject to the regulatory jurisdictions of bothregulators.

The agreement takes effect immediately.

"This agreement with Finland is the Board's sixth with a EuropeanUnion member state regulator and marks our continued progress incross-border audit regulatory cooperation," said PCAOB Chairman

James R. Doty.

"We look forward to working closely with our Finnish counterparts,"Doty said. "We can be significantly more effective together."

The PCAOB has concluded similar agreements within the EuropeanUnion with the United Kingdom, Germany, the Netherlands, Spain and,most recently, France.

Additionally, the PCAOB has agreements in Switzerland and Norway,

and with several non-European regulators in North America, the MiddleEast, Asia, and Australia.

The PCAOB continues to pursue additional agreements with auditoversight authorities in other EU member states and jurisdictionsaround the world.

The agreement with the AB3C provides a framework for jointinspections and allows for the exchange of confidential information in

accordance with the provisions of the Dodd-Frank Wall Street Reformand Consumer Protection Act of 2010.


4/76

P a g e | 4

_________________________________________________


Those provisions amended the Sarbanes-Oxley Act of 2002 to permit thePCAOB to share confidential information with its non-U.S. counterpartsunder certain circumstances.

An agreement on data protection is also part of the cooperativearrangement with Finland.

"The AB3C and the PCAOB both are committed to investor protectionand to having a strong working relationship with each other," said Bruce

Wilson, PCAOB Director of International Affairs.

Under the Sarbanes-Oxley Act, the PCAOB oversees and inspects allaccounting firms that regularly audit public companies whose securitiestrade in U.S. markets.

More than 900 audit firms currently registered with the PCAOB arelocated outside of the United States, spanning 87 jurisdictions.

Currently, five registered firms are located in Finland.


5/76

P a g e | 5

_________________________________________________


Governor Daniel K. Tarullo

Dodd-Frank Act

Before the Committee on Banking, Housing,and Urban Affairs, U.S. Senate, Washington,D.C.

Chairman Johnson, Ranking Member Crapo,and other members of the committee, thank you for the opportunity totestify on implementation of the Dodd-Frank Wall Street Reform andConsumer Protection Act of 2010 (Dodd-Frank Act).

In today's testimony, I willprovide an update on theFederal Reserve's recentactivitiespertinent to theDodd-Frank Act and describeour regulatory and supervisory

priorities for 2013.

The Federal Reserve, in many

cases jointly with otherregulatory agencies, has madesteady and considerable

progress in implementing the Congressional mandates in the Dodd-Frank Act, though obviously some work remains.

Throughout this effort, the Federal Reserve has maintained a focus onfinancial stability.

In the process of rule development,we have placed particular emphasison mitigating systemic risks.


6/76

P a g e | 6

_________________________________________________


Thus, among other things, we have proposed varying the application ofthe Dodd-Frank Act's special prudential rules based on the relative sizeand complexity of regulated financial firms.

This focus on systemic risk is also reflected in our increasinglysystematic supervision of the largest banking firms.

Recent Regulatory Reform Milestones

Strong bank capital requirements, while not alone sufficient to guaranteethe safety and soundness of our banking system, are central to

promoting the resiliency of banking firms and the financial sector as awhole.

Capital provides a cushion to absorb a firm's expected and unexpectedlosses, helping to ensure that those losses are borne by shareholdersrather than taxpayers.

The financial crisis revealed, however, that the regulatory capitalrequirements for banking firms were not sufficiently robust.

It also confirmed that no single capital measure adequately captures abanking firm's risks of credit and trading losses.

A good bit of progress has now been made in strengthening andupdating traditional capital requirements, as well as devising somecomplementary measures for larger firms.

As you know, in December 2010 the Basel Committee on BankingSupervision (Basel Committee) issued the Basel III package of reformsto its framework for minimum capital requirements, supplementing anearlier set of changes that increased requirements for important classesof traded assets.

Last summer, the Federal Reserve, the Office of the Comptroller of theCurrency (OCC), and the Federal Deposit Insurance Corporation


7/76

P a g e | 7

_________________________________________________


(FDIC) issued for comment a set of proposals to implement the Basel IIIcapital standards for all large, internationally active U.S. banking firms.

In addition, the proposals would apply risk-based and leverage capitalrequirements to savings and loan holding companies for the first time.

The proposals also would modernize and harmonize the existingregulatory capital standards for all U.S. banking firms, which have notbeen comprehensively updated since their introduction twenty-five yearsago, and incorporate certain new legislative provisions, includingelements of sections 171 and 939A of the Dodd-Frank Act.

To help ensure that all U.S. banking firms maintain strong capitalpositions, the Basel III proposals would introduce a new common equity

capital requirement, raise the existing tier 1 capital minimumrequirement, implement a capital conservation buffer on top of theregulatory minimums, and introduce a more risk-sensitive standardizedapproach for calculating risk-weighted assets.

Large, internationally active banking firms also would be subject to asupplementary leverage ratio and a countercyclical capital buffer and

would face higher capital requirements for derivatives and certain othercapital markets exposures they hold.

Taken together, these proposals should materially reduce the probabilityof failure of U.S. banking firms--particularly the probability of failure ofthe largest, most complex U.S. banking firms.

In October 2012, the Federal Reserve finalized rules implementing stresstesting requirements under section 165 of the Dodd-Frank Act.

Consistent with the statute, the rules require annual supervisory stresstests for bank holding companies with $50 billion or more in assets andany nonbank financial companies designated by the Financial Stability

Oversight Council (Council).


8/76

P a g e | 8

_________________________________________________


The rules also require company-run stress tests for a broader set ofregulated financial firms that have $10 billion or more in assets.

The new Dodd-Frank Act supervisory stress test requirements aregenerally consistent with the stress tests that the Federal Reserve hasbeen conducting on the largest U.S. bank holding companies since theSupervisory Capital Assessment Program in the spring of 2009.

The stress tests allow supervisors to assess whether firms have enoughcapital to weather a severe economic downturn and contribute to theFederal Reserve's ability to make assessments of the resilience of theU.S. banking system under adverse economic scenarios.

The stress tests are an integral part of our capital plan requirement,

which provides a structured way to make horizontal evaluations of thecapital planning abilities of large banking firms.

The Federal Reserve also issued in December of last year a proposal toimplement enhanced prudential standards and early remediationrequirements for foreign banks under sections 165 and 166 of the Dodd-Frank Act.

The proposal is generally consistent with the set of standards previouslyproposed for large U.S. bank holding companies.

The proposal generally would require foreign banks with a large U.S.presence to organize their U.S. subsidiaries under a single intermediateholding company that would serve as a platform for consistentsupervision and regulation.

The U.S. intermediate holding companies of foreign banks would besubject to the same risk-based capital and leverage requirements as U.S.bank holding companies.

In addition, U.S. intermediate holding companies and the U.S. branchesand agencies of foreign banks with a large U.S. presence would be


9/76

P a g e | 9

_________________________________________________


required to meet liquidity requirements similar to those applicable tolarge U.S. bank holding companies.

The proposals respond to fundamental changes in the scope and scale offoreign bank activities in the United States in the last fifteen years.

They would increase the resiliency and resolvability of the U.S.operations of foreign banks, help protect U.S. financial stability, and

promote competitive equity for all large banking firms operating in theUnited States.

The comment period for this proposal closes at the end of March.

Priorities for 2013

The Federal Reserve's supervisory and regulatory program in 2013 willconcentrate on four tasks:

(1) Continuing key Dodd-Frank Act and Basel III regulatoryimplementation work;

(2) Further developing systematic supervision of large banking firms;

(3) Improving the resolvability of large banking firms; and

(4) Reducing systemic riskin the shadow banking system.

Carrying Forward the Key Dodd-Frank Act and Basel IIIRegulatory Implementation Work

Capital, Liquidity, and Other Prudential Requirements for LargeBanking Firms.

Given the centrality of strong capital standards, a top priority this year

will be to update the bank regulatory capital framework with a final ruleimplementing Basel III and the updated rules for standardized risk-

weighted capital requirements.


10/76

P a g e | 10

_________________________________________________


The banking agencies have received more than 2,000 comments on theBasel III capital proposal.

Many of the comments have been directed at certain features of theproposed rule considered especially troubling by community and smallerregional banks, such as the new standardized risk weights for mortgagesand the treatment of unrealized gains and losses on certain debtsecurities.

These criticisms underscore the difficulty in fashioning standardizedrequirements applicable to all banks that balance risk sensitivity with theneed to avoid excessive complexity.

Here, though, I think there is a widespread view that the proposed rule

erred on the side of too much complexity.

The three banking agencies are carefully considering these and allcomments received on the proposal and hope to finalize the rulemakingthis spring.

The Federal Reserve also intends to work this year toward finalization ofits proposals to implement the enhanced prudential standards and earlyremediation requirements for large banking firms under sections 165 and166 of the Dodd-Frank Act.

As part of this process, we intend to conduct shortly a quantitativeimpact study of the single-counterparty credit limits element of the

proposal.

Once finalized, these comprehensive standards will represent a core partof the new regulatory framework that mitigates risks posed bysystemically important financial firms and offsets any benefits that thesefirms may gain from being perceived as "too big to fail."

We also anticipate issuing notices of some important proposedrulemakings this year.


11/76

P a g e | 11

_________________________________________________


The Federal Reserve will be working to propose a risk-based capitalsurcharge applicable to systemically important banking firms.

This rulemaking will implement for U.S. firms the approach to asystemic surcharge developed by the Basel Committee, which varies inmagnitude based on the measure of each firm's systemic footprint.

Following the passage of the Dodd-Frank Act, which called forenhanced capital standards for systemically important firms, the FederalReserve joined with some other key regulators from around the world insuccessfully urging the Basel Committee to adopt a requirement of thissort for all firms of global systemic importance.

Another proposed rulemaking will cover implementation by the threefederal banking agencies of the recently completed Basel III quantitativeliquidity requirements for large global banks.

The financial crisis exposed defects in the liquidity risk management oflarge financial firms, especially those which relied heavily on short-term

wholesale funding.

These new requirements include the liquidity coverage ratio (LCR),which is designed to ensure that a firm has a sufficient amount of high

quality liquid assets to withstand a severe standardized liquidity shockover a 30-day period.

The Federal Reserve expects that the U.S. banking agencies will issue aproposal in 2013 to implement the LCR for large U.S. banking firms.

The Basel III liquidity standards should materially improve the liquidityrisk profiles of internationally active banks and will serve as a keyelement of the enhanced liquidity standards required under the Dodd-Frank Act.


12/76

P a g e | 12

_________________________________________________


Volcker Rule, Swaps Push-out, and Risk Retention.

Section 619 of the Dodd-Frank Act, known as the "Volcker rule,"generallyprohibits a banking entity from engaging in proprietary tradingor acquiring an ownership interest in, sponsoring, or having certainrelationships with a hedge fund or private equity fund.

In October 2011, the federal banking agencies and the Securities andExchange Commission sought public comment on a proposal toimplement the Volcker rule.

The Commodity Futures Trading Commission subsequently issued asubstantially similar proposal.

The rulemaking agencies have spent the past year carefully analyzingthe nearly 19,000 public comments on the proposal and have madesignificant progress in crafting a final rule that is faithful to the languageof the statute and maximizes bank safety and soundness and financialstability at the least cost to the liquidity of the financial markets, creditavailability, and economic growth.

Section 716 of the Dodd-Frank Act generallyprohibits the provision offederal assistance, such as FDIC deposit insurance or Federal Reservediscount window credit, to swap dealers and major swap participants.

The Federal Reserve is currently working with the OCC and the FDIC todevelop a proposed rule that would provide clarity on how and when thesection 716 requirements would apply to U.S. insured depositoryinstitutions and their affiliates and to U.S. branches of foreign banks.

We expect to issue guidance on the implementation of section 716 beforetheJuly 21, 2013, effective date of the provision.

To implement the risk retention requirements in section 941 of theDodd-Frank Act, the Federal Reserve, along with other federalregulatory agencies, issued in March 2011 a proposal that generally


13/76

P a g e | 13

_________________________________________________


would force securitization sponsors to retain at least 5 percent of thecredit risk of the assets underlying a securitization.

The agencies have reviewed the substantial volume of comments on theproposal and the definition of a qualified mortgage in the recent final"ability-to-pay" rule of the Consumer Financial Protection Bureau(CFPB).

As you know, the CFPB's definition of qualified mortgage serves as thefloor for the definition of exempt qualified residential mortgages in therisk retention framework.

The agencies are working closely together to determine next steps in therisk retention rulemaking process, with a view toward crafting a

definition of a qualified residential mortgage that is consistent with thelanguage and purposes of the statute and helps ensure a resilient marketfor private-label mortgage-backed securities.

Improving Systematic Supervision of Large Banking Firms

Given the risks to financial stability exposed by the financial crisis, theFederal Reserve has reoriented its supervisory focus to look morebroadly at systemic risks and has strengthened its micro-prudentialsupervision of large, complex banking firms.

Within the Federal Reserve, the Large Institution SupervisionCoordinating Committee (LISCC) was set up to centralize thesupervision of large banking firms and to facilitate the execution ofhorizontal, cross-firm analysis of such firms on a consistent basis.

The LISCC includes senior staff from various divisions of the Board andfrom the Reserve Banks.

It fosters interdisciplinary coordination, using quantitative methods toevaluate each firm individually, relative to other large firms, and as partof the financial system as a whole.


14/76

P a g e | 14

_________________________________________________


One major supervisory exercise conducted by the LISCC each year is aComprehensive Capital Analysis and Review (CCAR) of the largest U.S.banking firms.

Building on supervisory work coming out of the crisis, CCAR wasestablished to ensure that each of the largest U.S. bank holdingcompanies

(1) Has rigorous, forward-looking capital planning processes thateffectively account for the unique risks of the firm and

(2) Maintains sufficient capital to continue operations throughout timesof economic and financial stress. CCAR, which uses the annual stresstest as a key input, enables the Federal Reserve to make a coordinated,

horizontal assessment of the resilience and capital planning abilities ofthe largest banking firms and, in doing so, creates closer linkagebetween micro-prudential and macro-prudential supervision.

Large bank supervision at the Federal Reserve will include more of thesesystematic, horizontal exercises.

Improving the Resolvability of Large Banking Firms

One important goal of post-crisis financial reform has been to counter

too-big-to-fail perceptions by reducing the anticipated damage to thefinancial system and economy from the failure of a major financial firm.

To this end, the Dodd-Frank Act created the Orderly LiquidationAuthority (OLA), a mechanism designed to improve the prospects for anorderly resolution of a systemic financial firm, and required all largebank holding companies to develop, and submit to supervisors,resolution plans.

Certain other countries that are home to large, globally active bankingfirms are working along roughly parallel lines.


15/76

P a g e | 15

_________________________________________________


The Basel Committee and the Financial Stability Board have devotedconsiderable attention to the orderly resolution objective by developingnew standards for statutory resolution frameworks, firm-specificresolution planning, and cross-border cooperation.

Although much work remains to be done by all countries, the Dodd-Frank Act reforms have generally put the United States ahead of itsglobal peers on the resolution front.

Since the passage of the Dodd-Frank Act, the FDIC has beendeveloping a single-point-of-entry strategy for resolving systemicfinancial firms under the OLA.

As explained by the FDIC, this strategy is intended to effect a creditor-

funded holding company recapitalization of the failed financial firm, inwhich the critical operations of the firm continue, but shareholders andunsecured creditors absorb the losses, culpable management is removed,and taxpayers are protected.

Key to the ability of the FDIC to execute this approach is the availabilityof sufficient amounts of unsecured long-term debt to supplement equityin providing loss absorption in a failed firm.

In consultation with the FDIC, the Federal Reserve is considering the

merits of a regulatory requirement that the largest, most complex U.S.banking firms maintain a minimum amount of long-term unsecureddebt.

A minimum long-term debt requirement could lend greater confidencethat the combination of equity owners and long-term debt holders wouldbe sufficient to bear all losses at the consolidated firm, therebycounteracting the moral hazard associated with taxpayer bailouts whileavoiding disorderly failures.


16/76

P a g e | 16

_________________________________________________


Reducing Systemic Risk in the Shadow Banking System

Most of the reforms I have discussed are aimed at addressing systemicrisk posed by regulated banking organizations, and all involve action theFederal Reserve can take under its current authorities.

Important as these measures are, however, it is worth recalling that thetrigger for the acute phase of the financial crisis was the rapid unwindingof large amounts of short-term funding that had been made available tofirms not subject to consolidated prudential supervision.

Today, although some of the most fragile investment vehicles andinstruments that were involved in the pre-crisis shadow banking systemhave disappeared, non-deposit short-term funding remains significant.

In some instances it involves prudentially regulated firms, directly orindirectly.

In others it does not.

The key condition of the so-called "shadow banking system" that makesit of systemic concern is its susceptibility to destabilizing funding runs,something that is more likely when the recipients of the short-termfunding are highly leveraged, engage in substantial maturity

transformation, or both.

Many of the key issues related to shadow banking and their potentialsolutions are still being debated domestically and internationally.

U.S. and global regulators need to take a hard, comprehensive look atthe systemic risks present in wholesale short-term funding markets.

Analysis of the appropriate ways to address these vulnerabilitiescontinues as a priority this year for the Federal Reserve.


17/76

P a g e | 17

_________________________________________________


In the short term, though, there are several key steps that should betaken with respect to shadow banking to improve the resilience of ourfinancial system.

First, the regulatory and public transparency of shadow bankingmarkets, especially securities financing transactions, should beincreased.

Second, additional measures should be taken to reduce the risk of runson money market mutual funds.

The Council recently proposed a set of serious reform options to addressthe structural vulnerabilities in money market mutual funds.

Third, we should continue to push the private sector to reduce the risksin the settlement process for tri-party repurchase agreements.

Although an industry-led task force made some progress on these issues,the Federal Reserve concluded that important problems were not likelyto be successfully addressed in this process and has been usingsupervisory authority over the past year to press for further and fasteraction by the clearing banks and the dealer affiliates of bank holdingcompanies.

The amount of intraday credit being provided by the clearing banks inthe tri-party repo market has been reduced and is scheduled to bereduced much further in the coming years as a result of these efforts.

But vulnerabilities in this market remain a concern, and addressingthese vulnerabilities will require the cooperation of the broad array of

participants in this market and their federal regulators.

The Federal Reserve will continue to report to Congress and publicly onprogress made to address the risks in the tri-party repo market.


18/76

P a g e | 18

_________________________________________________


In addition to these concrete steps to address concrete problems,regulators must continue to closely monitor the shadow banking sectorand be wary of signs that excessive leverage and maturity transformationare developing outside of the banking system.

Conclusion

The financial regulatory architecture is stronger today than it was in theyears leading up to the crisis, but considerable work remains to completeimplementation of the Dodd-Frank Act and the post-crisis globalfinancial reform program.

Over the coming year, the Federal Reserve will be working with otherU.S. financial regulatory agencies, and with foreign central banks and

regulators, to propose and finalize a number of ongoing initiatives.

In this endeavor, our goal is topreserve financial stability at the leastcost to credit availability and economic growth.

We are focused on the monitoring of emerging systemic risks, reducingthe probability of failure of systemic financial firms, improving theresolvability of systemic financial firms, and building up buffersthroughout the financial system to enable the system to absorb shocks.

As we take this work forward, it is important to remember thatpreventing a financial crisis is not an end in itself.Financial crises are profoundly debilitating to the economic well-beingof the nation.

Thank you for your attention. I would be pleased to answer anyquestions you might have.

Notes

Daniel K. Tarullo took office on January 28, 2009, to fill an unexpiredterm ending January 31, 2022.


19/76

P a g e | 19

_________________________________________________


Prior to his appointment to the Board, Mr. Tarullo was Professor ofLawat Georgetown University Law Center,where he taught courses ininternational financial regulation, international law, and banking law.

Prior to joining the Georgetown Law faculty, Mr. Tarullo held several

senior positions in the Clinton administration.

From 1993 to 1998, Mr. Tarullo served, successively, as AssistantSecretary of State for Economic and Business Affairs, Deputy Assistantto the President for Economic Policy, and Assistant to the President forInternational Economic Policy. He also served as a principal on boththe National Economic Council and the National Security Council.From 1995 to 1998, Mr. Tarullo also served as President Clinton's

personal representative to the G7/G8 group of industrialized nations.

Mr. Tarullo was born in November 1952 in Boston, Massachusetts. Hereceived his A.B. from Georgetown University in 1973 and his M.A. fromDuke University in 1974. In 1977, Mr. Tarullo received his J.D. (summacum laude) from the University of Michigan Law School, where heserved as Article and Book Review Editor of the Michigan Law Review.


20/76

P a g e | 20

_________________________________________________


Financial Services Sector

Draft recommendations to theChartered Institute of Internal

Auditors

Covering Letter

Following the crisis in the financial system over the past few years a widespread review of governance in financial institutions has been taking

place.

It was inevitable that the role of Internal Audit would be brought intothat process.

Whilst there has not been extensive criticism of InternalAudits part inthe financial crisis, some would say that this reflects too low anexpectation of what Internal Audit could, and should have, delivered.

Given this, and a number of individual failings detected during theregulatory process, the Financial Services Authority requested that theChartered Institute of Internal Auditors develop a code to set out theexpectations of internal audit functions in the financial sector.

I was therefore pleased to have been invited by the Institute to chair aCommittee aimed at identifying reasonable expectations of internalaudit in UK financial institutions.

I was also very pleased that we were able to attract a range of highlyqualified people on to the Committee.

The Committee includes not only internal audit directors but also non-executive directors and people with skills in executive and risk

management, regulation and governance.


21/76

P a g e | 21

_________________________________________________


Of course internal auditors already work in compliance with standardspromulgated by the Institute.

However these standards are not industry specific and in particular donot meet all the current expectations of internal audit in significant UKfinancial institutions.

In this document, we set out recommendations to the CharteredInstitute which, we believe, address these expectations.

These recommendations for the most part supplement, rather thanreplace, the existing standards.

They are informed not only by the work of the Committee but also by the

significant and thoughtful responses to our call for evidence.

These responses, and a number of meetings with internal audit directorsof large banks and insurance companies, have impressed me with thequality of work performed by internal audit.

Whilst there were doubtless examples of poor internal audit work, andineffective internal audit functions, leading up to the financial crisis I donot subscribe to the view that all internal audit functions are in drasticneed of improvement.

However these draft recommendations, if implemented, are likely to leadto significant change for some organisations and are likely to affect allinternal audit functions of UK financial institutions to some extent.

Emphasising the need for proportionality we have kept the draftrecommendations at a fairly high level.

Whilst we believe that the recommendations are relevant to internalaudit functions in all UK financial institutions, and the UK operations of

overseas institutions, the detailed recommendations may not all beapplicable in smaller institutions.


22/76

P a g e | 22

_________________________________________________


We also stress that implementation of some of these recommendations isa matter for the Board; Internal Audit cannot deliver them bythemselves.

We nowwelcome comments on this draft Guidance, at the latest by 12April 2013, which will be made publicly available via the IIA website afterthe consultation period.

All responses to this document should be sent to Chris Spedding,Secretary to the Committee, via [email protected].

We will be holding a number of open meetings in March to receive oralfeedback and are very open to individual meetings.

Introduction and BackgroundThe recommendations included in the following Guidance are made bythe Committee to the Chartered Institute of Internal Auditors in the UKand are designed to provide a benchmark for effective Internal Audit inFinancial Services in the UK.

The intended audience for this Guidance includes Chief InternalAuditors, Executive and Non-Executive Directors and the Regulatorybodies.

The Guidance should be applied in conjunction with the existingInstitute of Internal Audit International Professional PracticesFramework (IPPF), which includes the International Standards for theProfessional Practice of Internal Auditing (the IIA Standards).

It includes some elements covered by the Basel Committee on BankingSupervisions paper on the Internal Audit functions in banks.

The recommendations are designed to provide incremental Guidance to

existing standards, such as the IIA Standards and Basel paper.


23/76

P a g e | 23

_________________________________________________


In the course of the Committee consultation, and through discussionwith the regulators supervisory teams, examples of non-conformance tothese existing standards were identified.

These include key risk areas that were not included in the scope, riskassessment and audit plan of Internal Audit; audit opinions (particularlysatisfactory audit opinions) with insufficient workand/or evidence of

work to fully support and justify the opinion; and audits in which theaudit work programme included the operating effectiveness, but not thedesign adequacy, of processes and controls.

The Committee views these instances as examples of Internal Auditpractice that does not meet the existing IIA Standards and expectationsof the profession, as opposed to areas requiring incremental Guidance.

The Committee emphasises the importance of full conformance to theattribute and performance principles, as defined in the IIA Standards, asthe basis for robust Internal Audit.

The consultation process through which this Guidance was createdsought input from a range of stakeholders with interest in the riskmanagement, governance and control of financial institutions.

This included the Chartered Institute of Internal Auditors; the Bank of

England; the Financial Services Authority (representatives from both thefuture Prudential Regulation Authority and the Financial Conduct

Authority); audit practitioners from across the sector, including banking,insurance, asset management and building societies; Executive andNon-Executive Directors of financial organisations; governmentrepresentatives; rating agencies; professional services firms; andconsumer groups.

In the course of our consultation, the Committee asked a range ofquestions around the role, scope and position of internal audit in the

organisations governance and risk management frameworks.


24/76

P a g e | 24

_________________________________________________


The responses received highlight the range of practice across theindustry, with a varying degree of uniformity of practice and aspirationbetween organisations.

There was a general consensus around the importance of theindependence of Internal Audit; both independence from ExecutiveManagement authority, from the Risk Management and Compliancefunctions, and from executive decision making responsibilities.

There was also strong support for an unrestricted scope of InternalAudit, and for greater clarity and consistency of Internal Audits role inauditing areas such as strategy, culture, risk appetite and key corporateevents.

Areas in which there was a greater divergence of response include therole and extent of Internal Audit involvement in challenging strategicdecision making;

whether there are circumstances in which it would be appropriate forInternal Audit to report to a Board Risk Committee rather than to the

Audit Committee, the nature of Internal Audits Executive reporting lineand who this line should report into (e.g. CEO / CFO);

and the appropriateness of the Chief Internal Auditor having the right to

attend Executive Committee meetings. In these areas, the Committeehas formed a view based on both the responses received and Committeediscussion.

Proposed Recommendations of the Committee

A. Role and mandate of Internal Audit

1. The primary role of Internal Audit should be to help to protect theassets, reputation and sustainability of the organisation.

It does this by assessing whether all significant risks are identified andappropriately reported to the Board and Executive Management;


25/76

P a g e | 25

_________________________________________________


assessing whether they are properly controlled; and by challengingExecutive Management to improve the effectiveness of governance, riskmanagement and internal controls.

The role of Internal Audit should be articulated in an Internal AuditCharter, which should be publicly available.

B. Scope and priorities of Internal Audit

2. Internal Audits scope should be unrestricted

In setting its scope, Internal Audit should independently determine thekey risks that face the organisation, including emerging and systemicrisks, and how effectively these risks are being managed.

There should be no impediment to Internal Audits ability to challengethe executive and to report its concerns.

3. For the avoidance of doubt, Internal Audit should include within itsscope:

a. The design and operating effectiveness of governance structures andprocesses of the organisation.

b. The strategic and management information presented to the Board

Internal Audit should include within its scope the processes and controlssupporting strategic decision making, and based on this work, whetherthe information presented to the Board and Executive Management iscomplete, accurate and fairly represents the benefits, risks andassumptions associated with the strategy and associated business model.

c. The setting of, and adherence to, risk appetite

Internal Audit should assess whether the risk appetite has beenestablished and reviewed through the active involvement of the Board


26/76

P a g e | 26

_________________________________________________


and Executive Management, and is accurately embedded within theactivities, limits and reporting of the organisations businesses.

d. The risk and control culture of the organisation

Internal Audit should include within its scope the risk and controlculture of the organisation.

This should include assessing whether the processes (e.g. appraisal andremuneration) and actions (e.g. decision making) are in line with the

values, ethics, risk appetite and policies of the organisation.

Internal Audit should consider the attitude and assess the approachtaken by all levels of management to risk management and internal

control.

This should include managements actions in addressing known controldeficiencies as well as their regular assessment of controls within theirareas.

e. Risks of poor customer outcomes, giving rise to conduct orreputational risk

Internal Audit should evaluate whether products, services and

supporting processes are designed in line with conduct regulation, andthe organisations customer strategy, values and standards.

Internal Audit should evaluate whether the organisation is acting withintegrity in its dealings with all customers and in its interaction withrelevant markets.

f. Capital and liquidity risks

Internal Audit should include within its scope the management of the

organisations risks relating to capital and liquidity and other regulatoryrisks.


27/76

P a g e | 27

_________________________________________________


g. Key corporate events

These events include significant business process changes, introductionof new products and services, outsourcing decisions and acquisitions/divestments.

Internal Audit should decide if these events are sufficiently high risk towarrant involvement on a real time basis.

In doing so Internal Audit will evaluate whether the key risks are beingadequately addressed (including by other forms of assurance, e.g. third

party due diligence) and reported.

Internal Audit should also assess whether the information being used in

the decision making is, to the extent possible, complete, accurate andbalanced and whether the related procedures and controls have beenfollowed.

h. Outcomes of processes

Internal Audit should evaluate the adequacy and effectiveness of thedesign, as well as the implementation, of the organisations policies and

processes.

As part of this evaluation, Internal Audit should consider whether theoutcomes achieved by the implementation of these policies and

processes are in line with the objectives, risk appetite and values of theorganisation.

4. Prioritisation of Internal Audit work

Internal Audit should make a risk-based decision as to which areaswithin its scope should be included in the audit planit does not have tocover all of the potential scope areas every year.


28/76

P a g e | 28

_________________________________________________


In setting its priorities and deciding where to carry out more detailedwork, Internal Audit should focus on the areas where it considers risk tobe higher, as well as taking into account the wishes of the Board andBoard Committees.

Both the determination and the assessment should be informed, but notdriven, by the views of management or the Risk function.

5. Risk assessment

Internal Audits risk assessment should be all-encompassing, taking intoaccount business strategy and objectives and the full range of risks thathave an impact on the organisation; combine a bottom up and top downassessment of risk; and take into account potential future

or emerging risks on a continuous basis.

6. Internal Audit planning

Internal Audit plans should be approved by the Audit Committee*.

They should have the flexibility to deal with unplanned events to allowInternal Audit to prioritise emerging risks.

Changes to the audit plan should be considered in light of Internal

Audits ongoing assessment of risk.

Items removed from Internal Audits plans should be reported, withappropriate justification, to the Audit Committee*.

C. Reporting results

7. Internal Audit should be present at, and issue reports to, both theBoard Audit Committee and the Board Risk Committee and any otherBoard Committees as appropriate.


29/76

P a g e | 29

_________________________________________________


The nature of the reports will depend on the remits of the respectiveCommittees.

8. Internal Audits reporting to the Audit and Risk Committees shouldinclude:

- a focus on significant control breakdowns together with a robustroot-cause analysis;

- any thematic issues identified across the organisation;- an independent view of managements reporting on the risk

management of the organisation, including a view on managementsremediation plans (which might include restricting further business

until improvements have been implemented) highlighting areaswhere there are significant delays; and

- at least annually an assessment of the overall effectiveness of thegovernance, and risk and control framework of the organisation,together with an analysis of themes and trends emerging fromInternal Audit work and their impact on the organisations risk

profile.

D. Interaction with Risk Management, Compliance and

Finance

9. Internal Audit should not be part of, nor responsible for, the RiskManagement, Compliance or Finance function.

10. Internal Audit should include within its scope an assessment of theadequacy and effectiveness of the Risk Management, Compliance andFinance functions.

In evaluating the effectiveness of internal controls and risk managementprocesses, in no circumstances should Internal Audit rely exclusively onthe work of Risk Management, Compliance or Finance.


30/76

P a g e | 30

_________________________________________________


Internal Audit should always examine for itself, an appropriate sample ofthe activities under review.

11. Internal Audit should exercise informed judgement as to when toplace reliance on the work of Risk Management, Compliance or Finance.

To the extent that Internal Audit places reliance on the work of RiskManagement, Compliance or Finance function, that should only be aftera thorough evaluation of the effectiveness of that function in relation tothe area under review.

E. Independence and authority of Internal Audit

12. The Chief Internal Auditor should be at a senior enough level within

the organisation (normally expected to be at Executive Committee orequivalent) to give him or her the appropriate standing and authority tochallenge the Executive.

Subsidiary and divisional Heads of Audit should also be ofa senioritycomparable to the senior management whose activities they areresponsible for auditing.

13. Internal Audit should have the right to attend Executive Committeemeetings and any other key management and decision making fora.

This right of attendance is for the duration of the meeting, and willenable Internal Audit to gain an understanding of the business and

provide perspectives on risk and control.

14. Internal Audit should have sufficient and timely access to keymanagement information and a right of access to all of the organisationsrecords, necessary to discharge its responsibilities.

15. The primary reporting line for the Chief Internal Auditor should be to

the Chairman of the Board of Directors.


31/76

P a g e | 31

_________________________________________________


The Chairman may wish to delegate responsibility for the reporting lineto the Chairman of the Board Audit Committee or, exceptionally, theChairman of the Board Risk Committee, providing this Committee isconstituted exclusively of independent Non-Executive Directors.

The reporting line should take into account the respective mandates ofthe Board Audit Committee and the Board Risk Committee, and mustavoid any impairment to internal audits objectivity.

16. The Audit Committee* should be responsible for appointing theChief Internal Auditor and removing him/her from post.

17. The Chairman of the Audit Committee* should participate in settingthe objectives of the Chief Internal Auditor and appraising his/her

performance although it would be expected that the objectives andappraisal would take into account the views of the Chief Executive.

18. The Chairman of the Audit Committee* should be responsible forrecommending the remuneration of the Chief Internal Auditor.

The decision should be ratified by the Remuneration Committee.

The remuneration of the Chief Internal Auditor and Internal Auditstaff should be structured in a manner such that it avoids conflicts of

interest, does not impair their independence and objectivity and shouldnot be directly linked to the short term performance of the organisation.

19. Subsidiary and divisional Heads of Audit should report primarily tothe Group Chief Internal Auditor, except insofar as prohibited by locallegislation or regulation.

This includes the responsibility for setting budgets and remuneration,conducting appraisals and reviewing the audit plan.

20. In order to protect the objectivity and independence of InternalAudit, the Audit Committee* should determine an appropriate interval to


32/76

P a g e | 32

_________________________________________________


consider the need to change the Chief Internal Auditor and should havea similar policy for divisional and subsidiary heads.

21. If Internal Audit has a secondary Executive reporting line, thisshould be to the CEO in order to preserve independence from any

particular business area or function.

F. Resources

22. The Chief Internal Auditor should ensure that the audit team has theskills and experience commensurate with the risks of the organisation.

This may entail recruitment, secondment from other parts of theorganisation or co-sourcing with external third parties.

23. The Chief Internal Auditor should provide the Audit Committee*with a regular assessment of the skills required to conduct the workneeded, and whether the Internal Audit budget is sufficient to allow thefunction to recruit and retain staff with the expertise and experiencenecessary to provide effective challenge throughout the organisation andto the executive.

24. The Audit Committee* should be responsible for approving theInternal Audit budget.

25. The Board of Directors should confirm in the annual report that it issatisfied that Internal Audit has the appropriate resources.

G. Quality assessment

26. The Board or the Audit Committee* is responsible for evaluating theperformance of the Internal Audit function on a regular basis.

In doing so it will need to identify appropriate criteria for defining the

success of Internal Audit.


33/76

P a g e | 33

_________________________________________________


Delivery of the audit plan should not be the sole criterion in thisevaluation.

27. Internal Audit should maintain an up-to-date set of policies andprocedures, and performance and effectiveness measures for the InternalAudit function.

Internal Audit should continuously improve these in light of industrydevelopments.

28. Internal Audit functions of sufficient size should develop a qualityassurance capability, with the work performed by individuals who areindependent of the delivery of the audit plan.

The function should have the standing and experience to meaningfullychallenge Internal Audit performance and to ensure that Internal Auditjudgements and opinions are adequately evidenced.

The quality assurance review should include Internal Auditsunderstanding and identification of risk and control issues, in addition tothe adherence to audit methodology and procedures.

This may require the use of resource from external parties.

The quality assurance work should be risk-based to cover the higherrisks of the organisation and of the audit process.

The results of these assessments should bepresented directly to theAudit Committee* at least annually.

29. In addition the Audit Committee* should obtain an independent,external assessment at appropriate intervals.

This could take the form ofperiodic reviews of elements of the function,

or a single review of the overall function.


34/76

P a g e | 34

_________________________________________________


The conformance of Internal Audit with the recommendations includedin this Guidance should be explicitly included in this evaluation.

The Chairman of the Audit Committee* should oversee and approve theappointment process for the independent assessor.

H. Relationships with Regulators

30. Nature and purpose of the relationship

The Chief Internal Auditor, and other senior managers within InternalAudit, should have an open, constructive and co-operative relationshipwith regulators which supports sharing of information relevant tocarrying out their respective responsibilities.

31. Compliance with the Statements of Principle and Code of Practice forApproved Persons, and the UK Corporate Governance Code

As a significant influence function, the Chief Internal Auditor must fullycomply with the relevant provisions of the Statements of Principle andCode of Practice for Approved Persons, the UK Corporate GovernanceCode, and other obligations specific to Internal Audit as set out in therelevant regulators handbook.

I. Wider considerations

32. The Board Committees and senior management should set the righttone from the top to ensure support for, and acceptance of, Internal

Audit at all levels of the organisation.

33. The Financial Reporting Council should considerwhether additionalguidance is needed with regard to the respective role and mandate of theBoard Audit and Risk Committees in relation to their interaction withInternal Audit, including what should be expected from a good Internal

Audit function with reference to the recommendations included in thisGuidance.


35/76

P a g e | 35

_________________________________________________


* In the interest of simplicity and clarity, this document has assumedthatInternal Audits primary reporting line is to theAudit Committee.

Please refer to recommendation 15 for the Committee recommendationrelating to Non-Executive reporting lines.

About the Chartered Institute of Internal Auditors (IIA)

The IIA is the only body focused exclusively on internal auditing and weare passionate about supporting, promoting and training the

professionals who work in it.

We have been leading the profession of internal auditing for over 65years.

Our International Standards and Code of Ethics unite a globalcommunity of over 180, 000 internal auditors in 190 countries.

We are committed to enhancing the recognition and professionalism ofinternal audit in the UK and Ireland, through:

Dynamic leadership of the profession which maximises our membersreputation and influence individually and collectively.

Technical excellence through our International Standards and Code of

Ethics.

All members across the globe work to the same International Standardsand Code of Ethics.

We have 8,000 members in all sectors in the UK and Ireland.

High quality support to our members throughout their careers, whichenables them to continually develop their professional knowledge, skillsand experience and provides other services of value to members in their

roles.


36/76

P a g e | 36

_________________________________________________


These things, enacted through our staff, members and volunteers andwith the support of our suppliers and partners, make a significant andunique contribution to the success of all organisations.


37/76

P a g e | 37

_________________________________________________


Protecting Investors by Seizing theOpportunity to Strengthen Audit Quality

Jeanette M. Franzel, PCAOB Member AmericanAccounting Association Midyear Conference and

Doctoral ConsortiumNew Orleans, LA

I am honored to be here today at the mid-yearauditing section conference of the American

Accounting Association (AAA).

Before I get started, I must tell you that the viewsI express today are my personal views and do not necessarily reflect the

views of the Board, any other Board member, or the staff of the PCAOB.

In preparing for this conference, I noted that the theme for the AAA'supcoming annual conference in August deals withviewing currentsignificant challenges as "Brilliantly Disguised Opportunities."

This is a fantastic theme, and I thought I'd take the opportunity to getall of us thinking along these lines now, as we begin 2013.

The "brilliantly disguised opportunity" I want to talk to you about todayis strengthening audit quality in the aftermath of the recent financial

crisis.

We find ourselves, once again, forced to evaluate the integrity of theassurance provided to the financial markets through financial reportingand auditing.

All participants in the supply chain of financial reporting and auditing,as well as the regulators and corporate governors, need to seize the"opportunities" we are currently facing to instill lasting change that will

protect investors and help ensure that we can continue to pass alongopportunity and prosperity to future generations of Americans.


38/76

P a g e | 38

_________________________________________________


Each of you, tooas educators of students entering the accountingprofession and as researchers on the issues we are facing, plays a keyrole in the solutions.

At the PCAOB, we are taking on an ambitious list of significant issues tohelp ensure investor protection and high quality audits now and for thelong term.

Today, I will discuss four of these key issues in audit oversight and ourplans for change: audit quality, professional skepticism, inspections andremediation, and standard setting.

Audit Quality, Professional Skepticism, Inspections andRemediation, and Standard Setting

We've all heard those words before.

Two are about how auditors do their work -- audit quality andprofessional skepticism; and the others are about how the PCAOB doesits work -- inspection and remediation, and standard setting.

In 2013, the Board is looking at them anew. In revising our strategic planlast year, we stepped back, took stock, and looked at these issues with along term view.

As the PCAOB marks its 10th anniversary this year, it is appropriate andnecessary to evaluate our progress.

The PCAOB is a relatively new regulator and still has work to do toestablish sustainable regulatory approaches for the long term, whileremaining nimble and responsive to emerging risks and issues.

The Board's recently updated strategic plan[1] reflects this. Its near term

priorities for 2013 include:


39/76

P a g e | 39

_________________________________________________


Audit Quality: identifying audit quality measures, with a longer termgoal of tracking such measures for domestic global network firms andreporting changes in these measures over time;

Inspection Findings: enhancing the PCAOB's processes and systems torefine the analysis of PCAOB inspection findings, including comparativeanalysis across firms over time, to further inform the investing publicand PCAOB's standard-setting and other regulatory activities;

Inspection Reports: improving the timeliness, content and readability ofinspection reports;

Remediation Determinations: improving the timeliness of remediationdeterminations and providing additional information on the PCAOB's

remediation process;

Standard Setting: enhancing the framework for the PCAOB's standard-setting process and the related project-tracking information provided tothe investing public; and

Audit Committees: enhancing the PCAOB's outreach to, and interactionwith, audit committees to constructively engage in areas of commoninterest, including auditor independence and audit quality.

Assessing and Tracking Audit Quality

The first of these near term priorities that I want to talk about today isassessing and tracking audit quality.

Ten years after the establishment of the PCAOB, it is fair to ask, "Whatis the present state of audit quality?" and "Has audit quality improvedsince the enactment of the Sarbanes-Oxley Act?"

We've had many stakeholders and members of the profession tell us thatthey believe audit quality has improved, and we, at the PCAOB, tend toagree.


40/76

P a g e | 40

_________________________________________________


PCAOB inspections, however, continue to find serious audit deficienciesin public company audits on a regular basis.

In addition, the results of our first round of inspections of audits ofbrokers and dealers are troubling.

In pursuing our core mission of protecting investors through auditoversight, the Board has a number of initiatives targeted at improvingmajor areas of audit practice that establish audit quality.

In light of the many financial reporting and auditing crises over recentdecades, I find it surprising that a generally understood and measurableconcept of audit quality has not emerged.

This issue was raised at the outset of the recent financial crisis in arecommendation of the Department of the Treasury's AdvisoryCommittee on the Auditing Profession (ACAP).

The committee recommended that the PCAOB study the feasibility ofdeveloping key indicators of audit quality and effectiveness.

And, earlier this week, the International Auditing and AssuranceStandards Board issued a consultation paper on a proposed frameworkfor audit quality that sets out key attributes that are conducive to audit

quality.

A recent synthesis paper,Audit Quality: Insights from the AcademicLiterature, notes that despite more than two decades of research, there islittle consensus about how to define, let alone measure, audit quality.

Furthermore, the various stakeholders in the financial reporting processhave different views as to what constitutes audit quality.

While some might define a quality audit in terms of audit inputs -- such

as whether auditors follow standards -- investors and audit committee


41/76

P a g e | 41

_________________________________________________


members may focus on certain audit outcomes -- demanding that auditsuncover fraud, for instance.

Many have also viewed audit quality in terms of the absence of negativeoutcomes such as restatements, litigation, or subsequently discoveredmaterial problems.

The divergence in views on audit quality has contributed to the"expectations gap" over what an audit should be.

This has persisted for decades, and also causes a divergence indefinitions of what constitutes an audit failure.

PCAOB uses its own definition of audit failure in inspection reports.

It is a deficiency of such significance that the firm, at the time it issuedits audit report, failed to obtain sufficient appropriate evidence tosupport its audit opinion on the financial statements and/or on theeffectiveness of internal control.

Under the definition, deficiencies include instances where a firm did notidentify or address appropriately financial statement misstatements orimproper disclosures, as well as failures by the firm to follow auditingstandards.

The Board has made it a 2013 priority to identify audit quality indicators.

A longer term goal is to track such measures for domestic global networkfirms and report on those measures over time.

This project is already underway and will include the identification ofaudit quality measures in the areas of audit process and results, as wellas the development of methods for objectively measuring those auditquality indicators.


42/76

P a g e | 42

_________________________________________________


Because of the complexity of these issues, our process for developingthese measures likely will be iterative.

Due to the multi-dimensional nature of audit quality, a "balancedscorecard" approach with various indicators and measures likely will benecessary.

I anticipate that the development, measurement, and analysis of auditquality indicators will inform PCAOB policy making and provide keyinformation about the state of audit quality across firms and over time.

The results of this process will also provide us with information forreviewing, adding context to, or clarifying our current definition of"audit failure" for our inspection reports.

In my view, the PCAOB's project on audit quality indicators andmeasures will represent a significant development in helping to advanceaudit quality and the reliability of audits now and in the long term.

The PCAOB is in a unique position to observe, track, and measure manyaspects of audit quality inputs and provide benchmarking information tofirms, promote firm accountability, and provide transparency and usefulinformation to investors and other stakeholders.

Such information will be useful in the marketplace as well, so thatinvestors and audit committees can demand better audit quality andshift audit firm competition over price to competition over quality.

Auditors' Use of Professional Skepticism in Audits

A key element of audit quality is the auditor's use of professionalskepticism.

Professional skepticism is particularly important in those areas of theaudit that involve significant management judgment or transactions


43/76

P a g e | 43

_________________________________________________


outside the normal course of business, and the auditor's consideration offraud.

These are often the high risk areas of the audit.

PCAOB inspections have identified numerous audits with deficiencieswhere auditors did not consistently and diligently apply professionalskepticism.

In many of those cases, the audit teams did not obtain sufficientappropriate evidence to support their audit opinions.

This issue has been of such prevalence that we have identified theapparent failure to appropriately apply professional skepticism as a

systemic quality control issue in some firms.

In addition, as part of the Board's outreach on auditor independenceover the past 18 months, a major theme that the Board heard from a

variety of stakeholders was the need for professional skepticism to beemphasized more in the education, training, and standard setting forauditors, as well as in the firms' cultures, tone at the top, and systems ofquality control.

On December 4, 2012, PCAOB issued Staff Audit Practice Alert No. 10:

Maintaining and Applying Professional Skepticism in Audits toemphasize and remind auditors of the requirement to appropriatelyapply professional skepticism throughout audits.

It provides specific examples of audit deficiencies in which a lack ofprofessional skepticism was at least a contributing factor.

The Practice Alert includes examples that raise concerns about a lack ofprofessional skepticism, such as instances in which engagement teamsdid not:


44/76

P a g e | 44

_________________________________________________


- obtain an understanding of the specific methods or assumptionsunderlying estimates;

- evaluate the significance ofevidence that supported values otherthan those closest to the issuer's recorded prices;

- test beyond inquiring of management the significant assumptionsunderlying valuations;

- question whether certain assets were potentially impaired, despiteevidence that the carrying amount may not be recoverable; and

- question an issuer's use of a GAAP exception even though doing soconflicted with the plain language of the exception and with the

firm's internal accounting literature.

The Practice Alert also identifiespossible impediments to theapplication of professional skepticism, including:

unconscious biases and other circumstances that cause auditors togather, evaluate, rationalize, and recall information in a way that isconsistent with client preferences;

incentives and pressures in the audit environment such as pressures to

build or maintain a long term audit engagement, avoid significantconflicts with management, provide an unqualified audit opinion prior tothe issuer's filing deadline, achieve high client satisfaction ratings, keepaudit costs low, or cross-sell other services; and

scheduling and workload demands that put pressure on engagementteams to complete their assignments too quickly, which might leadauditors to seek evidence that is easier to obtain rather than evidencethat is more relevant and reliable, to obtain less evidence than isnecessary, or to give undue weight to confirming evidence without

adequately considering contrary evidence.


45/76

P a g e | 45

_________________________________________________


Finally, the Practice Alert contains a discussion of how firms canpromote the appropriate application of professional skepticism on auditsthrough a robust system of quality control.

A number of firms are currently undertaking significant initiatives inresponse to PCAOB inspection findings to better understand the factorsthat influence the application of professional skepticism on their audits.

To do this, they need to evaluate the specific factors that led to any lackof, or impairments to, the application of skepticism.

This is a difficult but crucial area to get right in auditing.

As described in a recent literature synthesis on this topic, professional

skepticism is a multi-dimensional concept that remains difficult todefine and measure.

It is often difficult to determine if a lack of skepticism is the primarycause of audit deficiencies, and if so, which factors led to the lack ofskepticism.

Specifically,was it a problem with the auditor recognizing that apotential issue exists that may require more work or effort (lack ofskeptical judgment)?

Orwas it a failure of the auditor to change behavior in response to anissue that was recognized (lack of skeptical action)?

What were the specific characteristics and circumstances attributable tothe auditor, the evidence, the client, and the audit environment that mayhave contributed to or caused the lack of appropriate professionalskepticism in an audit?

The PCAOB will continue to focus on the appropriate application of

professional skepticism in our inspections and our discussions with thefirms.


46/76

P a g e | 46

_________________________________________________


This is an area where the firms could benefit from academic thoughtleadership, research, and application tools.

I encourage youin the auditing section of the AAA -- to considerways to provide relevant research results to the firms, and to assist firmsin developing and implementing potential tools, such as surveys andother metrics, for tracking and assessing how professional skepticism isapplied on audits.

We would like to hear your ideas, too.

Inspections and Remediation

The third subject I'd like to talk to you about todayalso among the

Board's 2013 prioritiesis our inspections and our oversight of therelated remediation of identified deficiencies in firms' systems of qualitycontrol.

As you know, the largest PCAOB-registered public accounting firmsthose auditing more than 100 issuersare inspected annually by thePCAOB.

Firms that issue 100 or fewer issuer audit reports each year are subject toinspection at least every three years.

During 2012, the PCAOB inspected nine firms that audited more than100 issuers in 2011.

As we were conducting the 2012 inspections, we were also issuing theinspection reports for the 2011 inspections of these firms.

During 2012, we issued the 2011 inspection reports for six of the nineannually inspected firms.

In addition, during 2012, the PCAOB conducted 244 triennial inspectionsat 167 domestic and 77 foreign firms.


47/76

P a g e | 47

_________________________________________________


The length of time it takes to complete preparation of the inspectionreports has been an ongoing challenge for the PCAOB, but we'verecently made significant progress in clearing a backlog of olderinspections.

During 2011, the Board processed numerous older inspection reports,issuing a total of 344 inspection reports that year. (As a reference point,the Board conducted a total of 254 inspections during the previous year.)

During 2012, the Board continued to make progress in clearing most ofthe remaining backlog of older inspection reports.

The Board issued a total of 257 inspection reports during 2012. (Thiscompares to a total of 213 inspections conducted during 2011.)

The Board also is working through the related remediationdeterminations that follow the issuance of inspection reports.

Firms are given 12 months from the date of the inspection report toremediate any deficiencies noted in their quality control systems, whichare included in the nonpublic Part II of the reports.

Otherwise, they face publication of that portion of the inspection report.

As we become more current in our issuance of inspection reports andremediation determinations, we are taking a fundamental look at our

processes for issuing these reports.

We want to develop processes and tracking metrics to help improve theoverall timeliness of these reports and to prevent backlogs fromoccurring in the future.

In addition, we plan to conduct a thorough review of the content andreadability of our inspection reports.


48/76

P a g e | 48

_________________________________________________


This review will include proactive outreach to users, such as yourselves,to help us identify ways to improve the usefulness of the reports.

Before I move on, let me talk a minute about our inspection findings.

As I'm sure you know, the number of serious deficiencies we reportedspiked in our 2010 inspections, and remained high in the 2011inspections.

Common areas where we found audit deficiencies included revenuerecognition, fair value of financial instruments, testing and evaluatinginternal controls, related party transactions, the auditor's assessment ofand response to fraud risk, and the auditing of equity financinginstruments, among others.

Quality control findings in the nonpublic Part II of our inspectionreports focus on issues that may have caused the audit performancedeficiencies reported in Part I, as well as other aspects of the firm'smanagement of its audit practice that could negatively impact auditquality.

Some examples of areas of specific concern that have appeared in Part IIinclude problems in the areas of professional skepticism, internalinspections, and firms' quality control processes related to specific

aspects of auditing, such as testing and evaluating internal control overfinancial reporting, fair value, and other areas.

The Board regularly engages in constructive dialogue with firms toencourage them to improve their practices and procedures.

Successful remediation and sustained improvements in audit quality areclearly the goals of this process.

Fortunately, we have seen most firms take their responsibilities for

remedial efforts and improvements seriously.


49/76

P a g e | 49

_________________________________________________


Based on the timing of the related remediation periods and the firms'efforts in those areas, it is reasonable to expect that firms would achievesignificant improvements in their PCAOB inspection results for theaudits of the 2012 financial statements -- which will be inspected during2013 -- in those areas identified as problems during the 2010 and 2011inspections.

I would also hope that we see some improvements emerge in the firms'inspection results for the 2012 inspection cycle in comparison to the 2010inspections.

Standard-Setting Activities

Lastly, I'd like to speak to you today about 2013 enhancements in the

area of standard setting.

The PCAOB is uniquely positioned to use its insight from inspectionactivities to improve existing auditing standards to support high qualityaudits to protect investors and the public interest.

As we look to what the PCAOB has accomplished through its standardsetting, and what still needs to be done, we have taken on an ambitious

project to broadly reexamine our standard-setting approach.

In our current strategic plan, we included a new strategy for standardsetting for audits of emerging growth companies, in light of the recentlyenacted Jumpstart Our Business Startups Act (JOBS Act).

We expect to continue to devote significant time and resources topreparing analyses to assist the Securities and Exchange Commission inmaking determinations under this Act regarding the applicability of newPCAOB standards to emerging growth companies, as well as continuingto explore ways to further incorporate economic analysis into ourrulemaking processes.


50/76

P a g e | 50

_________________________________________________


For the long term, we are doing the work necessary to establish a visionand framework to guide and prioritize our standard-setting activities.

Such a framework would be flexible and adjustable to respond toemerging risks and trends.

As part of this framework, we will consider using a combination ofvarious approaches and related criteria for standard-setting projects,depending on the circumstances.

We are thinking about the different categories or "tracks" for ourstandards projects.

For instance,when we determine that a project is necessary because of

unique circumstances related to U.S. issuers, we choose to take on aproject even if other standard-setting organizations are not dealing withthe issue.

In other cases, there may be issues that other standard-settingorganizations have raised or have acted upon where we can leverage that

work to varying degrees in our own related projects.

As part of these efforts,we are looking to find a mechanism to eliminatethe notion of "interim" standardsthe title we use for the original

AICPA standards the Board adopted when it began operations back in2003.

We have a 2013 project entitled, "Reorganization of PCAOB AuditingStandards."

This project involves developing an approach to integrating andreorganizing the interim auditing standards (referred to as "AU") withthe auditing standards issued by the Board (referred to as "AS").


51/76

P a g e | 51

_________________________________________________


This project is intended to make it easier for users to navigate thestandards and facilitate users' ability to compare PCAOB standards tothe International Standards on Auditing (ISA) and other standards.

This reorganization project is included in the Board's recently releasedstandard -setting agenda.

The agenda has been updated and improved with a new format whereprojects are divided into six month increments.

It will be updated periodically.

The new format allows for greater flexibility, while also providing greatertransparency into ongoing developments.

The agenda is highly ambitious.

The following five projects are scheduled for action in the first half of2013:

Related parties (adoption or re-proposal)

Reorganization of PCAOB standards (proposal)

Auditor's reporting model (proposal)

Auditor's responsibilities with respect to other accounting firms,individual accountants, and specialists (proposal)

Audit transparency: identification of the engagement partner (adoptionor re-proposal)

The timing oftwo other potential 2013 standard-setting projects isdependent on third parties:

Audits of brokers and dealers (dependent on SEC rulemaking)


52/76

P a g e | 52

_______________________

Documents

Sarbanes Oxley News February 2013