Douglas R. Carmichael: a coordinated effort; The chief auditor for the U.S. PCAOB says his group is using a team approach as it begins tough inspections of accounting firms

Internal Auditor, June, 2004 by Michael Barrier

IN APRIL 2003, DOUGLAS R. CARMICHAEL SHOULDERED ONE of the biggest jobs in the reform effort growing out of this decade's corporate scandals when he took on the position of chief auditor and director of professional standards for the U.S. Public Company Accounting Oversight Board (PCAOB). Barely a year old, the PCAOB was created by the U.S. Congress in 2002 under the landmark Sarbanes-Oxley Act, passed the same year. The private-sector, nonprofit organization is charged with restoring investors' trust in the integrity of independent audit reports, so badly damaged by colossal accounting failures like those at Enron, WorldCom, and Tyco. In his new position, Carmichael serves as the board's chief technical adviser.

The board has begun pursuing its mission through thorough oversight of audit firms. Every firm that audits public companies must register with the PCAOB. As PCAOB Chairman William J. McDonough has said, "Registration of a public accounting firm is not automatic upon our receipt of an application." The PCAOB must first "determine that registration of the applicant is consistent with the board's responsibilities under [Sarbanes-Oxley] to protect investors and to further the public interest in the preparation of informative, fair, and independent audit reports for public companies."

[ILLUSTRATION OMITTED]

Auditors cannot escape disciplinary action by withdrawing their registration--the PCAOB must approve withdrawals, too. PCAOB inspectors will scrutinize large accounting firms every year, examining everything from partners' compensation to quality control measures, with an eye toward assessing each firm's compliance with the rules established by the PCAOB and the U.S. Securities and Exchange Commission (SEC).

The PCAOB has been developing its own professional standards for external auditors, while temporarily adopting the American Institute of Certified Public Accountants' (AICPA) Generally Accepted Auditing Standards, or transitional standards, as they existed April 16, 2003. On March 9, responding to a timetable set by Congress, the PCAOB approved a new standard governing external auditors' evaluation of internal controls. That standard, the second to be adopted, is probably the standard of greatest interest to internal auditors, who have often monitored such controls. The new standard still requires approval by the SEC, which invited public comment in April and is expected to act on the standard in the coming months.

Carmichael, now 62 years old, has significant experience in dealing with issues like those the PCAOB is charged with addressing. Before accepting his present job, he was director of the Center for Financial Integrity at Baruch College, City University of New York, where he was also the Wollman Distinguished Professor of Accountancy. Before joining Baruch College in 1983, he was vice president, auditing, at the AICPA, where he played a leading role in the development of auditing and accounting standards.

Internal Auditor spoke with Carmichael soon after the PCAOB's March 9 meeting.

Do you see the PCAOB's role in preventing corporate scandals as one of setting specific standards, or one that's most effective by way of its very existence as a body dedicated to good corporate governance?

Many of the recent corporate scandals could have been prevented or detected much sooner if a regulatory body like the PCAOB had been in existence. The board will affect the business community on many levels, and one will be simply the deterrent effect. The board won't necessarily be taking credit for companies' positive actions that result from the PCAOB's scrutiny. I would expect our inspections to turn up problems, for example, but we won't be announcing, "We found this problem," because the important thing is to get the problem corrected. There will be companies dealing with questionable financial practices as a result of our activities, and I think that auditors, knowing that we'll be looking at their activities, will be more likely to raise issues with their clients and get them taken care of promptly.

What were the key changes in the recently approved standard that affect the internal audit profession, compared with the draft standard released for public comment?

We allowed considerably more flexibility and room for exercising professional judgment when the independent auditor is deciding the areas where the work of internal auditors will be used. Instead of having a long list of things that could or couldn't be done, we developed criteria. Those criteria are modeled after what was in the AICPA's Statements on Auditing Standards (SAS) No. 65, on using the work of internal auditors in a financial statement audit. There's just more room for flexibility in deciding how to use the work of others, particularly internal auditors.

How much independent auditors rely on internal auditing really depends on the quality of the internal audit function. That reliance should be directly proportional to the quality of the function. And it's essentially up to the company itself to demonstrate the quality of its internal audit function.