Throughout my career, I’ve been
fortunate to have worked in the capital markets at some pretty interesting times:
as a lawyer in Silicon Valley during the late-‘90s dot-com boom, at the US Securities
and Exchange Commission just after the passage of the Sarbanes-Oxley Act of
2002, and at Citigroup as it emerged from the financial crisis of 2007 to 2009.
As of this posting, I’ve been at the
Center for Audit Quality (CAQ) for just over seven months. And this position is
yet another example of my being in an interesting place at an interesting time.
Why? I see three reasons:
Technology and data have given rise to unprecedented business models and
company structures. We continue to shift to a service- and IP-based economy,
where the massive amount of data generated is now an enterprise asset. Information
Beyond the Financials. Stakeholders have an increased interest in and are relying
on company-reported information outside of the audited financial statements
prepared in accordance with Generally Accepted Accounting Principles (GAAP).
This information could include non-GAAP financial measures; key performance
indicators such as the sales pipeline; intangible indicators of value not
included in the historical financial statements, such as a company’s brand and intellectual
property; environmental, social, and governance (ESG) metrics; and cyber-risk
management or other types of enterprise risk management disclosures. Timeliness
of Information. This refers to two concepts: First, as we all know, unaudited
company earnings releases and analyst presentations are more likely to move
markets than the annual release of audited financial statements. Second, the news
cycle operates at rapid speed, and a negative news story—accurate or not—can
spread quickly and destroy trust and reputations in a flash.The
Role of Auditors: Present and Future
Although I am not a certified public
accountant, my experiences in the capital markets have ingrained in me a deep
appreciation for the audit profession’s purpose and value.
I often say that the public-company auditing
profession is one of those “assumed” or unremarked-upon institutions in the
capital market system. The profession largely operates behind the scenes, and
people tend not to notice when things are going right.
Yet there is so much taking place behind the scenes, and there is also so much that is going right for this profession. Every day, auditors contribute to high-quality, reliable financial statements, which many have referred to as the bedrock of our capital markets system. Auditors do this by reviewing a company’s financials and internal controls; by serving as an independent check on management and as a resource for audit committees; and by bringing their critical thinking, standards-based analytical skills, and skepticism to those complex areas of the financials, such as fair value. The state of audit quality today is high, thanks in no small part to the profession’s enormous efforts to maintain trust and continuously strive to improve.
The health and stability of the US
capital markets depend on consistent, reliable, and comparable information. But
much of the company-reported information I referred to above—on which
stakeholders are relying—does not go through the rigor of independent third-party
At the CAQ, we believe auditors can
help fill these existing and growing gaps in assured information. It’s a
natural evolution for a profession with unique competencies in standards-based
analysis, objectivity, professional skepticism, and critical thinking. Auditors
can enhance confidence in areas such as:
ESG Reporting. Depending on the particular industry, public companies are increasingly issuing stand-alone ESG reports or including ESG metrics and indicators such as gender and/or minority pay gap statistics, greenhouse gas emissions, or other risks to the sustainability of the business in public-facing filings or documents. This information typically is not subject to an independent assessment. Boards should know that auditors can be engaged to perform an attestation of a company’s ESG information.Cybersecurity. Boards should also be aware of the American Institute of CPAs’ cybersecurity risk management reporting framework, SOC for Cybersecurity. According to the CAQ’s Cybersecurity Risk Management Oversight tool, organizations can use the framework to “communicate pertinent information regarding their cybersecurity risk management efforts and educate stakeholders about the systems, processes, and controls they have in place to detect, prevent, and respond to breaches.” The reporting framework also “enables CPAs to examine and report on management-prepared cybersecurity information.”Learn More: To help directors and other market participants get a handle on this evolving environment, the CAQ has released a new resource, The Role of Auditors in Company-Prepared Information: Present and Future. In clear terms, the paper delineates where the auditor’s role begins and ends today in the context of the audit of financial statements. It also highlights the need for the auditor’s role to evolve for the benefit of stakeholders, public company board members, company management, and the markets.
Of course, expanding the auditor’s role
will not happen overnight, and it won’t occur without considerable effort and
dialogue. My CAQ colleagues and others in the auditing profession look forward
to engaging in this dialogue with all of the stakeholders in our capital
markets system, especially our friends in the director community.
We are fortunate to find ourselves
in interesting times. Let’s prepare ourselves now to make the most of them.
Julie Bell Lindsay is the executive director of the Center for Audit Quality.