Thanks for an interesting question.
Although I was well aware of Sarbanes-Oxley, I was not very familiar
with the work of the PCAOB, so your question provided me a good
opportunity to learn about this important and powerful group.
The PCAOB has to be one of the oddest government-created bodies in
existence -- a private, non-profit organization with all the authority
of a federal regulatory body!
The people who head up this group have certainly been on the receiving
end of a lot of the criticism levelled at SOX, and -- contrary to my
initial suppositions -- have not been shy about voicing their opinions
In sum, their main response seems to be -- give it some time! This is
a new law, with newly-implemented programs, and we need some time to
work things out, maximize the benefits, and rid ourselves of any
unproductive costs of implementation.
Here are some relevant excerpts from two of the most recent
presentations given by PCAOB Board members:
This first speech provides a broad overview of the implementation of
both SOX and the PCAOB, and addresses the major criticisms of the law,
particulary Section 404.
The Costs & Benefits of Sarbanes-Oxley Section 404
Remarks of PCAOB Board Member Daniel L. Goelzer
21st Annual Washington Economic Policy Conference
National Association of Business Economics
March 21, 2005
...This speech discusses some of the issues that have arisen regarding
the costs and benefits of internal control reporting under Section 404
of the Sarbanes-Oxley Act.
...The importance of strong controls is beyond question, and it might
be assumed that directors and senior executives would rush to embrace
anything that minimizes the risk that the financial statements that
they must sign off on are materially inaccurate. There is evidence
that many executives do view Section 404 in that light and that it is
serving its purpose.
...There is, however, also considerable concern about costs and
counter-productive Section 404 impacts. As to some implementation
issues that have been raised
...It has been suggested that Section 404 reporting is diverting large
amounts of executive time and company resources away from the
fundamental profit-making objectives of the business.
...Section 404 is also sometimes cited as a major incentive to go
private or to refrain from going public.
...Specific criticisms seem to fall into two categories -- that the
way the requirement is being implemented has resulted in unintended
consequences, and that the costs of Section 404 exceed the benefits
...One of the most common charges is that, as a result of internal
control reporting, companies can no longer look to their auditors for
advice on difficult accounting issues.
...AS [Auditing Standard] No. 2 is not intended to erect a wall
between auditors and clients. Auditors have long advised public
companies on accounting issues and on internal control matters;
Auditing Standard No. 2 does not preclude that kind of advice and
...A second complaint is that AS No. 2 leaves too much -- or too
little -- room for auditor judgment and that more -- or less --
detailed guidance is needed.
...Because companies and their financial reporting systems vary so
widely, it is hard to see how the Board could define more precisely
how controls should be tested
...At the same time, some companies have charged that auditors are
taking advantage of the flexibility AS No. 2 affords and are
performing costly but unnecessary tests on the ground that their
efforts are ?required by the PCAOB.?
...Since AS No. 2 contains few specific requirements, statements like
this are almost never true. Further, the Board is committed to using
its inspection program to ensure that auditing firms are properly
applying AS No. 2 and are not using it as an opportunity to generate
fees through unnecessary work.
...Another frequent charge is that auditors have adopted a ?check the
box? mentality about control testing and are focusing on minutiae that
could not possibly affect the financial statements.
...While it is necessary for the auditor to understand the overall
control system and to ?walk through? the operation of all significant
processes, the focus should indeed be on what is material to the
financials, not on the trivial.
...Perhaps the most serious charge is that small companies are being
disproportionately burdened because auditors are not tailoring their
procedures to the client.
...Smaller, less complex businesses typically need less complex
controls, and the work of the auditor should reflect that fact. The
Board stressed this point in both the proposing and adopting releases
for Auditing Standard No. 2. Board members have stated publicly that
we will also use our inspection program to make sure that smaller
companies are not subjected to needless cost and burdens. Internal
control auditing, like financial statement auditing, is not a
...None of this addresses the argument that, whatever its benefits,
Section 404 is imposing costs that are out of proportion.
...Based on the most recent survey of its members, Financial
Executives International says that the expected average first-year
cost is 27,000 hours of internal time for companies with an average of
$5 billion in sales. As to anticipated total costs of compliance, FEI
found that the average first year expenditure was $4.36 million,
including $1.34 million in internal costs; $1.30 million in audit fees
and $1.72 million in external costs (consulting and software).
...Of course, to keep these numbers in perspective, it is necessary to
also bear in mind the billions in investor wealth that were lost in
the Enron and WorldCom collapses alone, coupled with the very real
costs of public cynicism concerning the integrity of our financial
markets that those and similar cases generated. But, I would certainly
agree that Section 404, like any other regulatory requirement, should
be able to stand the scrutiny of cost-benefit analysis.
...This is the first time through an entirely new process for both
companies and their auditors. ?Learning curve? costs are inevitable.
While it is difficult to estimate how much is first year cost and how
much will be recurring, it seems clear that, as managements and
auditors gain experience with this new requirement, the costs will
...while much of the cost is up-front, many of the benefits of
stronger controls and regular review of controls will appear over
time. One could fairly expect that there will be fewer restatements,
fewer SEC financial reporting cases, and fewer successful private
actions involving accounting fraud as a result of Section 404.
However, it will take several annual reporting cycles before we can
determine whether these benefits are, in fact, accruing.
This recent speech focuses more directly on the impact of SOX on
accounting firms, and the concerns of that particular industry:
PCAOB Update: Lessons Learned in 2004
PCAOB Board Member Kayla J. Gillan
At the Institute of Internal Auditors
2005 Financial Services Conference
May 23, 2005
...?Internal control over financial reporting?, a.k.a., ?Section 404.?
With apologies to Sir Winston Churchill, never in the field of human
endeavor have so many been so stirred to emotion by so few words.
...Why did a Wall Street Journal editorial recently call Section 404
the ?most notorious part? of the Sarbanes-Oxley Act?5 Well, we also
know that, for many years, as companies have striven to identify and
eliminate so-called non-productive costs, internal control systems
have generally not been well-maintained. Despite what I understand
have been repeated calls from internal auditors, some company
executives have chosen not to spend money to keep these controls
current. We know too that, as price pressures continued to force
accounting firms to reduce their audit fees during the ?80s and ?90s,
the decision to streamline audit procedures was often at the cost of a
more comprehensive review of internal control.
...Through Section 404, Congress recognized that control effectiveness
is closely linked to the reliability of financial reporting.
...What were auditors afraid of? I believe that they were (and in many
respects still are) afraid of the unknown.
...Looking at these events, it?s no wonder that ? as the profession
tried to grasp the implications of moving from a self-regulatory to an
independent oversight model ? many were uncertain as to how much they
needed to change existing practices so as not to run counter of the
PCAOB. (Let me stress here that, in my opinion, every firm that we
have encountered to date ? through our inspection work and other
activities ? has demonstrated a sincere effort to understand what the
new regulatory model expects of them and to respond appropriately.
None have demonstrated a ?dig-in-your-heels? mentality, and for this I
think the profession as a whole deserves high praise. I am not sure
that my own profession, lawyers, would have reacted in such a positive
...many auditors did more low-level work than was necessary under AS2,
but more importantly, some auditors didn?t do the ?right? work ? that
is, they lost sight of those areas that posed the highest risk of
potential fraud. These auditors also often caused their audit clients
to use a similar approach. I believe that this behavior was directly
related to auditors? uncertainty ? and the fear that that uncertainty
created ? regarding how the PCAOB will hold them accountable for
compliance with AS2, and the impact that a negative PCAOB assessment
might have on the firms? continued business viability.
...It also largely contributed to the overriding concern expressed by
the business community, that is that Year 1 costs were simply too high
to be sustainable, and that they exceeded anticipated benefits.
...When I say that many auditors did more low-level work than was
necessary, or didn?t always do the ?right? work, I don?t intend to
suggest a negative judgment about all auditor performance during 2004.
I understand why auditing firms ? under intense pressure to
fundamentally change the way in which many of them operated as
businesses while also trying to implement an entirely new and complex
auditing standard ? reacted as they did.
...the PCAOB released additional guidance that responds to what we
consider to be inappropriate and unintended implementation of AS2
during 2004. This guidance took the form of two documents: a Board
Statement of Policy, and further Staff FAQs.
...I characterize our goals as ?the 4 ?Cs??: we wanted to ?
--change overly mechanistic approaches;
--confirm the need for balance, rationally applying AS2 to meet the
unique circumstances at each company; and we will
--continue to evaluate whether additional guidance or changes are necessary.
...I believe that auditor uncertainty as to how the PCAOB inspection
process will hold them accountable for compliance with AS2 contributed
greatly to 2004?s hyper-conservatism. To address this issue squarely,
the Board?s Policy Statement describes how we will conduct our 404
inspections. We will look for audits that suffer from poor planning
and risk assessment; we will not use our own ?compliance checklist?;
and we will not second-guess good faith audit judgments. We are more
interested in helping (advising, prodding, demanding) auditors to get
this right than we are in chalking up a high volume of formal negative
I trust this information fully answers your question.
However, please don't rate this answer until you have everything you
need. If you would like any additional information, just post a
Request for Clarification to let me know how I can assist you further,
and I'm at your service.
All the best,
search strategy -- Google and Google News searches on [ pcaob ],
followed by an in-depth exploration of the PCAOB website.