Understanding the PCAOB

More about the podcast

• The impact of the PCAOB on audit quality and corporate governance
• The role of internal auditors and audit committees
• Historical context of the Sarbanes-Oxley Act and the creation of the PCAOB
• Prevention of corporate fraud and the significance of audit oversight

Please see below for a transcript from this episode:

Narrator: Welcome to the Corporate Director Podcast, where we discuss the experiences and ideas behind what's working in corporate board governance in our digital tech field world. Here you'll discover new insights from corporate leaders and governance researchers with compelling stories about corporate governance, strategy, board culture, risk management, digital transformation and more.

Dottie Schindlinger: Hi everybody and welcome back to the Corporate Director Podcast, the Voice of Modern Governance. My name is Dottie Schindlinger, executive Director of The Diligent Institute, and I'm joined once again by my co-host Meghan Day strategy leader here at Diligent. Meghan, how are you doing today?

Meghan Day: I am great. Dottie. We have a really exciting show lined up.

Dottie Schindlinger: Yeah, I, I'm really excited about today's show. I we're, so, we're diving into a pretty interesting topic, or I should say interesting for those of us who are governance geeks. Um, and that's the future of the Public Company Accounting Oversight Board, the PCAOB. this is a body that was created, for those of US history buffs or who lived through it. those of us who were old enough to vividly remember it, this was in the wake of the Enron and WorldCom scandals that the PCAOB. PCAOB was created and it was really designed to help restore confidence in corporate audits. But it's been, two decades plus since the Sarbanes Oxley legislation went into effect. And there was a bill tied to the budget bill in Congress that proposed to eliminate the PCAOB and fold its responsibilities into the SEC. now that recently got struck down by the Senate Parliamentarian. But it does beg the question that, the Republicans may still try to do something to get rid of the PCAOB, and so we thought we would have a show today to talk a little bit about what this is anyway, and why should corporate directors care about it, and kind of what's happening out there. And I'm really excited because we are joined by a special guest for our opener here today. We're joined by Mike Levy, who's the CEO of Cherry Hill Advisory. And he is the former chair of the North American Board of the Institute of Internal Auditors. So yay for auditors. Um, and Mike brings really deep experience in audit risk and governance, and we wanted to ask him to come join us for our opening rant today to help us unpack some of the implications of that change. So, Mike, welcome to the show.

Mike Levy: Thanks for having me. Dottie.

Dottie Schindlinger: So tell us your initial thoughts and reactions about the move to get rid of the PCAOB. Good idea. Bad idea.

Mike Levy: So I, as someone that has worked in this industry and has really deep financial audit expertise, uh, internal controls and then internal audit, I'm not a, I'm not in favor of that move. I think one, one distinction that's really important is that. The removal of the PCOB does not remove Sarbanes Oxley as a requirement, so internal controls are still there. The PCAOB was developed as, as you mentioned, early on a as a process to ensure that external audits have the right level of audit quality, and everybody that's been involved in an external audit feels the PCAOBs impact because when PCAOBs do it, PCAOB does inspections. It impacts an external audit, which has downstream impacts. To companies and internal auditors. So as someone that has lived and breathed that my whole career, I would tell you we have felt the PCAOB's impact. You feel the quality. Sometimes you don't agree with the outcomes of it, but that being said. It does drive audit quality, and it does drive better controls and better processes within companies. So it is, it was a concerning things when we saw that part of the, uh, budget package.

Meghan Day: Mike, thinking about our audience of, board members and governance professionals, from a board governance perspective, what would this change mean for audit committees and for the internal audit function?

Mike Levy: So, I think, I think taking those two things separately, I think when we think about board directors and their role, they, yeah, the board directors aren't directly in interacting with the PCAOB, but they are directly impacting interacting with internal auditors and external auditors. So, when you sit through a board meeting, I spent more, more specifically an audit committee meeting where you're talking about results of external audits. The auditors, the external auditors specifically are very commonly referencing what they are doing as it relates to audit quality based on. The results of their inspection. The other piece of hat is when you are selecting an external auditor, very commonly one of the things you're looking at in the selection process is how that audit firm has fared as it related to audit quality. And the key indicator of that is PCOB inspection results. those results, not to go too far into detail, but sometimes get very granular in public. There's like a type one and a type two inspection report, but as a board, as a board member, without that input and that level of data. And frankly the, the knowledge that you know that's happening in the background as it relates to the firm that you've hired. And the key indicator of that is PCOB inspection results. those results, not to go too far into detail, but sometimes get very granular in public. There's like a type one and a type two inspection report, but as a board, as a board member, without that input and that level of data. And frankly the, the knowledge that you know that's happening in the background as it relates to the firm that you've hired. I think it does go to question what else can be done to ensure that you're getting into quality external audits. Because some board members treat external audits indifferent ways. Some treat it as a checkbox compliance requirement. Others treat it the way that they should, which is an audit. An independent evaluation of your financial processes as it relates to external audits and. That's critically important to ensure that as a fiduciary of a company, you're presenting the proper financial results. So that's part of why I get concerned as a, as an auditor. It's like it's redo. It's removing one of the safeguards and guardrails that we have put in place in this process to ensure quality financial statements are issued to shareholders.

Dottie Schindlinger: So really it's about auditing the auditors.

Mike Levy: That's exactly what it is

Dottie Schindlinger: And so, so Mike, I think you know, obviously, you make a very compelling case. And, and we thankfully had the opportunity to speak to kind of the two main, protagonists of this story today. We spoke with Sherron Watkins and Cynthia Cooper, who I'll introduce here in just a moment. You know, in talking with them, we were sort of talking about, okay, if this gets eliminated, if these powers go back to the SEC, what is that gonna look like? I'd like to ask you a little bit of a different question, because you've been an internal auditor, you've been on audit committees. You know, let's say that this move goes forward. I know the immediate threat is gone, but if the move goes forward down the road, what would need to change about the way audit committees and internal audit teams function to ensure audit integrity?

Mike Levy: I think, I actually think it in some ways this is the unique value proposition of internal audit within companies. Because in, as an internal auditor, we are not directly impacted by the PCAOB, we have a separate set of standards that's issued by the Institute of Internal Auditors. So, and we just came out with new standard, a new update to those standards this year. that being said, I actually think it could create more of an opportunity for boards and audit committees to lean on internal audit, because in the absence of. Because in, as an internal auditor, we are not directly impacted by the PCAOB, we have a separate set of standards that's issued by the Institute of Internal Auditors. So, and we just came out with new standard, a new update to those standards this year. that being said, I actually think it could create more of an opportunity for boards and audit committees to lean on internal audit, because in the absence of. That safeguarding guardrail with in with within the external audit function, internal auditors still play a very active role in most cases as it relates to financial risk, financial compliance, financial controls as it relates to sox, and many times they are directly interacting with the external auditor. So there might need to be another risk that gets created around audit and maybe considered as part of the internal audit plan so that a board and audit committee can lean more closely on internal audit and say. Hey, how do we get comfortable with these things that we're concerned about? And, it just frankly changes and enhances and evolves the scope of internal audit even further. And, and we've seen that happen quite dramatically over the last few years with the advent of ai with cyber, you know, cyber risk and all of these other emerging risk topics. This just becomes another risk. That internal audit really needs to be equipped in. Helping companies manage and navigate to make sure we protect stakeholder, you know, investor confidence and shareholder confidence at the end of the day.

Dottie Schindlinger: I think that's all really sage advice, so thank you for that. Mike. Um, any sort of best and final that you want to leave our audience and corporate directors with before we listen to our interview?

Mike Levy: I think at the end of the day, when we think about all of the changes and impacts that. We are seeing in the current administration, um, and you know, depending on what side of the aisle you're on, some will view that as good. Some will view that as bad. I think it's really important to impact, to, to think about and impact why we have certain safeguards in place and how audit impacts that, whether it's an external auditor, an internal auditor, and as someone that has been on both sides of that, as both an external and internal auditor. I see value in that on both sides of this, right? Whether it's a Democrat led. Executive Branch or Republican led. I think the value of internal audit is really significant, and as we talk about some of these changes, whether you're in the camp of someone that agrees with them or disagrees. I, I don't think you can contest the fact that having a set of independent validation of the work that is being done within a company is really important for investor and shareholder confidence, and as such is really important to those fiduciaries, like a board that's looking to continue to enhance and move forward in that area.

Dottie Schindlinger: Well, Mike, thank you so much for joining us for this conversation. I think it was really helpful to kind of get the internal audit take on this hot topic. So thank you for joining us.

Mike Levy: Thanks a lot for having me.

Meghan Day: Great to have Mike on the show, and I think it's a perfect segue to tee up this conversation you had Dottie with Cynthia and Sherron.

Dottie Schindlinger: That's great. I can't wait to, share the interview with the audience. Let's give it a listen. Joining us on the Corporate Director Podcast today is Sherron Watkins and Cynthia Cooper. Sherron and Cynthia are both former vice presidents of Enron and WorldCom, respectively. They exposed accounting fraud at those companies for which they were both named Time Magazines, persons of the Year in 2002. Cynthia has also previously served on the PCAOB's standing advisory group. Sherron and Cynthia, welcome to the podcast. Thank you for having us. Thank you. We're excited to be here with you today. So I've just started out with the most precursory introduction of you. Um, I wondered if you could start by giving us a little bit more, because there's so much to your background and so much to the history that you both have lived through. And I'd love to have you each share a little bit more about your career backgrounds and a little bit more about the roles that you played in exposing fraud at the companies that you were working for. So, maybe Sherron, if you don't mind, I'll start with you. Sherron Watkins: I started life as a, an auditor at Arthur Anderson at the time that there were eight big eight accounting firms. And I worked at Anderson for eight years before, working for, a German company, Mattel Gazelle Shaft MG Trade Finance in New York, and then joined Enron in 1993, and I worked for eight years at Enron before the companies collapse and before the fraud. I am a CPA. I had been an auditor, but throughout my career I'd morphed into finance and mergers and acquisitions. I stumbled across accounting fraud, so in a way that makes it easier to report on it because. My hands weren't dirty, so to speak, but in a way, my warnings were really too little, too late. Obviously, Enron collapsed in an accounting scandal, but I was called to testify in front of the House and Senate investigating why a company with the size and stature of Enron could collapse. Without really any warning, you know, so they were investigating, and I guess my testimony helped mark the prosecution trail. There are over two dozen felons associated with Enron executives from Enron, that half of them did prison time, half of them got probation. So, in a way it's the aftermath. It's the fact that there was a whistleblower, but the company didn't listen. what laws could be enacted? What can we put in place, dissect these failures to see what's what? And I think that's the, the reason I considered it a whistleblower, even though I was internal. But the external testimony in front of Congress is what brought bad acts, actions to light.

Dottie Schindlinger: And I know, I'm sure me and many of our listeners vividly remember those hearings. I mean that we were all watching those very avidly while that was happening. And so, Cynthia, I want to bring you into this conversation too, because you also were someone that was, uh, showing up before Congress. So answer that same question. Tell us a little bit more about your background and tell us a little bit more about your role at exposing the fraud in WorldCom.

Cynthia Cooper: Well, Sherron and I have very similar backgrounds in terms of our early careers. I started working in Atlanta for two of the big, at that time, the big eight accounting firms. So Deloitte and Pricewaterhouse. From there went to work for a public company in corporate accounting, and then moved into internal audit. And in 2002, I was the vice president of internal audit at WorldCom. for those who may not remember. WorldCom and Enron because it's been some time. Now. Just as a refresher, these were really two Wall Street darling's, highly respected executives. WorldCom was constantly breaking one record after another. For example, it floated two of the largest debt offerings in corporate history and the largest acquisition in corporate history and the CFO of WorldCom. And Enron both received the CFO of the year award, at WorldCom. Scott Sullivan received this award for his work in mergers and acquisitions. So, these were highly regarded companies, and I had an internal audit department at that time in 2002 of about 40 internal auditors, and we received some schedules that didn't really make sense, and based on a lot of extreme pushback that I was getting. In the company, I asked one of my techie auditors to go into the accounting system and see if he saw anything labeled prepaid capacity. And ultimately we worked at night behind closed doors and we unraveled what became a over $7 billion fraud, $11 billion restatement. And I actually interviewed over 10 executives, so I reported directly to the chair of the audit committee and dotted line to the chief financial officer. In the company, I asked one of my techie auditors to go into the accounting system and see if he saw anything labeled prepaid capacity. And ultimately, we worked at night behind closed doors and we unraveled what became an over $7 billion fraud, $11 billion restatements. And I interviewed over 10 executives, so I reported directly to the chair of the audit committee and dotted line to the chief financial officer.

Dottie Schindlinger: I wanted to have you both on the show

for a very specific reason because I, I know that I ran across a

fantastic op-ed article that the two of you co-authored in the New

York Times in Defense of the Public Company Accounting Oversight

Board, the PCAOB, and I wondered if you could start by just kind of

walking us through a little bit of the history there.

So how did these two scandals at Enron and WorldCom lead to

Sarbanes Oxley? And then how did that kind of lead to the creation of

the PCAOB? And I don't know which of you wants to kind of give us that

history lesson, but that would be really helpful just to level set and

make sure everybody understands what we're talking about.

Sherron Watkins: I'll start with, with, Sox and, and

Cynthia, especially since she's been on the advisory committee, can

talk about the work of the PCAOB, but because there was Enron,

WorldCom, and then. Philadelphia Health South, there were all these

corporate collapses in early 2002, and the legislative effort that

came out of that was called the Sarbanes-Oxley Act or SOX, and it had a

number of provisions it, it wanted. The right expertise on corporate boards. It wanted

independence. But part of the problem that was identified was that,

for instance, with Enron, Arthur Anderson was making around 25 million

a year auditing the company, and 27 million a year with add-on.

Consulting services. So, at what point does that e extra consulting

work become a conflict of interest where it's so important to your

bottom line that you perhaps go soft on the audit?

And Anderson was also a WorldComs auditor, so it was

apparent that something needed to be addressed within the accounting

profession. They had been policing themselves, but was that accurate?

Sarbanes-Oxley, an act required CEOs to certify financial statements. You

could no longer use the Ken Lay defense, Enron's, CEO, who claimed,

Hey, I'm not an accountant. You know, we have, that's what we have, Arthur Anderson for

now. Upper management had to certify these financial statements.

You know, it fairly represents the condition of the company. internal

controls had to be adequate. there was an anti-retaliation provision

to protect whistleblowers that was put in, but they created the PCAOB,

an independent organization that would in effect police the auditing

firms.

Dottie Schindlinger: So, Cynthia, that's a good segue to you.

What does the PCAOB actually do?

Cynthia Cooper: So, the PCAOB is the only independent

organization that oversees the quality of audits and audit firms that

audit public companies must be registered with the PCAOB. And each

year they do many inspections across these firms.

For the big firms they inspect every year. For the

smaller firms, they inspect every three years. And in addition to

that they set standards. For audit firms and they can actually

enforce, uh, they've been doing a lot of enforcement lately when there

are problems with the audit quality.

Dottie Schindlinger: So, I'd love to now transition a little

bit to today. We, so thank you for that history lesson. It's helpful to

just kind of ground everybody and reminding us what actually happened

and what this is. But now, um, there are some moves in Congress to

change things. So, Cynthia, maybe I'll start with you. If you could

share a little bit about what's being talked about, what's being

contemplated, sort of where are we today and what would that mean?

Cynthia Cooper: Sure. So, there is a provision in the

current budget reconciliation Bill that's now. Before the Senate, to

abolish the PCAOB and move any PCAOB functions into the SEC. And this

is what really, caused us to write this op-ed piece because the PCAOB

is a critical guardrail for the public interest for corporations, for

board members in terms of mitigating risk.

And it's the last line of defense. Firms are the last line

of defense when it comes to financial reporting, so we wanted to make

sure that people didn't forget the history, that this provision did

not remain in the bill without people understanding that there are

going to be perhaps an unintended consequence.

Dottie Schindlinger: And I'd love to expand on that a little bit. If the PCAOB were to be abolished and the

responsibilities that they have go to the SEC, what, what would the

net effect of that be? What, you know, what would sort of that mean in

terms of audit quality and oversight?

Cynthia Cooper: Well, the SEC has a very broad mandate, and

the PCAOB has a very narrow mandate simply looking at.

Quality across audit firms. The SEC also has, had about a

16% reduction in staffing recently based on, buy doge cuts and

buyouts. Our belief is that it would dilute the effectiveness of the

PCOB Also, in terms of how the budget is funded for the PCAOB, it's

not funded through taxpayer dollars.

Quality across audit firms. The SEC also has, had about a

16% reduction in staffing recently based on, buy doge cuts and

buyouts. Our belief is that it would dilute the effectiveness of the

PCOB Also, in terms of how the budget is funded for the PCAOB, it's

not funded through taxpayer dollars.

It's funded through assessed fees, from public companies,

and so, this would really move the burden to the taxpayer.

[00:18:48] Dottie Schindlinger: So Sherron, I want to bring you into

this conversation too, and just maybe have you share with us a

reflection on, and I know you did this very well in the op-ed, but

what would this mean for companies?

Like, how is this, you know, what, what would this play out

for companies and for their shareholders?

Sherron Watkins: The reality of, of this, it's really

getting rid of the PCAOB and asking that those duties be done within

the SEC. So realistically it's gone. So, I want to point out though that

this is like. A guardrail is like speed limits.

You could remove all those things and that doesn't mean

every car is going to go sliding off the cliff or everyone's going to speed

and have tons of wrecks. But the fact that there are speed limits and

occasionally police officers monitoring those speed limits, that there

are guardrails, it is protecting you from what could be fatal

accident. Will companies hopefully, prepare and, and produce and

publish correct financial statements? I hope so. But remember, we're

having them audited for a reason because there have been incentives

that would make people maybe manipulate their financial statements a

bit. Hence, we have auditing firms. So, it's just another layer of protection that helps our

capitalist system be the envy of the world. And without it, we

mentioned that the PCAOB now has an ability to review Chinese auditing

firms, but prior to that review, a company went public in the US and it was fraud. You want to prevent Enrons. Now some people would say, if you're speeding and you have a wreck, you caused your own demise, but perhaps an innocent life was lost. You can't imagine the kind of demise a company like Enron collapsing and WorldCom collapsing did. It made small businesses, certain customers go under. It wasn't just that, all the employees that lost their jobs and their pensions. It has such a ripple effect. As you know, the Houston economy, for instance, and I'm sure the Jackson economy. It's,you really want to avoid these things. We could all drive around without seat belts and make, and perhaps have nothing happen, but we all wear seat belts on the off chance that something bad could happen .It wasn't just the, all the employees that lost their jobs

and their pensions. It has such a ripple effect. On a, on, you know,

the Houston economy, for instance, and I'm sure the Jackson economy.

it's, you really want to avoid these things. we could all drive around

without seat belts and make, and perhaps have nothing happen, but we

all wear seat belts on the off chance that something bad would happen.

And I want to point out that the big scandals that we've seen

lately. Theranos, the blood testing, which was a rip off of

venture capital folks. no audited financial statements. FTX, the

crypto, scandal, no audited financial statements. So, you can see

that the audited financial statements does help bring security and trust to the system. This is just removing an additional guardrail, but we do so at our peril.

Dottie Schindlinger: It seems to me like there's a lot at

stake for corporate directors in this, right? Because I think that,

you know, the job of a corporate director is not getting any easier

anytime soon. and the job's already hard enough. Not to have this extra protective measure seems like a missed opportunity if it goes away.

Cynthia Cooper: I'll add that it's a huge increase in risk

if the PCAOB goes away for board members and corporations, and the

capital markets.

Dottie Schindlinger: I think that's very true. So, what can

we do? It's been approved by the house. It's in the Senate. We're recording this on June 16th. This will go to the air in a few days here. Anything that we should encourage

our audience to think about doing?

Cynthia Cooper: Well, I think we want to make sure

that we have smart, balanced controls. Nobody wants

overregulation that weighs down the economy and, you know, doesn't

allow the United States to be competitive.

But we need these basic smart guardrails. And the PCAOB is

one of those basic guardrails. And so, I think what board members can

do is, speak up, use their voice. Reach out to senators, speak at

events, write articles, let their voices be heard because it really

is, the last hour at this point to encourage the Senate to strike this

provision of the budget bill.

[00:22:47] Dottie Schindlinger: one of the things I'd love to ask the

two of you, 'cause I know the two of you have been sort of in this

fight for a long time, You, you have been very much on the vanguard of

speaking for ethics and transparency and accountability across,

corporate life. And so, I would imagine the PCAOB important

Guardrail. But probably kind of a minimum guardrail. Are there other

things that we should be arguing for to provide better protection so

that we don't have, for example, another big financial collapse like

we saw in 2008? You know? Are there other things in in your minds that

could be helpful to ensure a more transparent corporate

environment?

Sherron Watkins: The last line of defense is the corporate

board. I mean, they are the fiduciary duty, they are the ones

supervising management. And I taught at UNC for four years. It

was a corporate governance, leadership and ethics course for MBA

students. And I always use those annual corporate director surveys.

Pricewaterhouse puts one out; Spencer Stewart puts one out.

And it's always alarmed me that a large percentage of boards

think that at least one board member should be replaced, so what's

going on there? Why aren't they having assessments? Why isn't it

working? You know, that they feel like they've got some dead weight on

the board.

Additionally, some of the newer surveys say that like up to

57% of boards have not discussed the company's position on social

issues. That's been very important this last year. I mean, Target got

stuck with a DEI problem and boycotts. Budweiser had a problem a few

years ago, but on the flip side, chase and Costco, and I think Apple

spoke up about supporting their DEI policies and even put it to a

shareholder vote, you know, so they were being proactive.

In these social areas, but for something close to 57, 60%

of board members saying they haven't even discussed it, that's

alarming. And a large percentage, something like 70% say they think

management is perfectly skilled at addressing AI. And AI is too much of a

moving target to say, yeah, we're happy. Our management, they know

what's going on with AI.

AI hallucinates, air Canada got themselves in trouble

because they're bought. told a customer a policy that wasn't true.

They got taken to court over it. you know, this, this is a changing

environment and it still alarms me. on the flip side, you've got

activists like Elliot Investments that is really changing the board

makeup and the company policies of Southwest Airlines.

I think it's the most dynamic board environment that has

existed in the last 20 years. I really do.

Dottie Schindlinger: Cynthia, anything that you would want to

add in terms of other provisions we should be considering?

Cynthia Cooper: Well, I think one thing that is important is

to, instead of deregulating and just throwing everything out, that,

you know, we've worked so hard to build for so many years to really

speak up for evolving.

Cynthia Cooper: Well, I think one thing that is important is

to, instead of deregulating and just throwing everything out, that,

you know, we've worked so hard to build for so many years to really

speak up for evolving.

Instead of throwing the whole piece of legislation out the

window, history continues to repeat itself. So, we see these crises, then Congress comes in and passes acts. Then time passes. Memory fades

and we start to deregulate. We did the same thing with Class Sigal,

and we can see that that had some very, bad consequences that if you

read the stories of Enron and Worldcom, you'll see how that helped to

set the stage for both of these scandals.

And so, it's important for board members to make sure that

they understand history, to make sure that they are putting the right

things on their agendas. Regulation, for example, keeping up with this

changing environment. And what does that mean? For our internal risk

landscape, how do we need to change internally, what we're doing if we

continue down this path of deregulation?

And there are a couple of other things I would recommend.

One is really understanding the role of the PCAOB and using the

PCAOB's inspection reports as a tool to help understand how your audit

firm is performing against other audit firms and what deficiencies the

PCAOB has identified.

Dottie Schindlinger: That is great advice.

Well, listen, before we let you go, there are three

questions we like to ask every guest that joins us on the show. So if

you'll indulge me. The first question, and maybe I'll, I'll throw this

first to you, Cynthia. What do you think will be the biggest

difference between boardrooms today and 10 years from now?

Cynthia Cooper: Great question. I think that we will

continue to see the composition of the board change. I think the

capabilities of the board will need to change over the next decade as

we have, I think, increased velocity of risk. And so, the board will

also need to keep up with that, that speed of risk that we see. I

think AI will definitely transform how boards are consuming information,

how they're assessing performance and detecting risk. And we'll also

continue to see deregulatory pressures as the executive branch moves

to spur innovation and capital formation and ease the regulatory

burden on organizations. And so, I think that will shift a lot of the responsibility and risk internally to boards

and organizations. I think we'll also need to move boards so that

they are rebalancing their board agendas. There are a lot of really

critical risks that aren't always included on board agendas, like the

Health of the Culture, the whistleblower program, it's oversight.

A lot of the responsibility and risk internally to boards

and organizations. I think we'll also need to move boards so that

they are rebalancing their board agendas. There are a lot of really

critical risks that aren't always included on board agendas, like the

Health of the Culture, the whistleblower program, it's oversight.

The tone at the top, understanding pressure, and I think

that, you know, boards really need to take a hard look at their

agendas because failures in culture we know often proceed fraud

failures and also elevating strategic foresight so that boards are

really moving beyond just regulatory compliance.

Providing oversight of past performance and they're really

looking to the future, that they're looking at strategy and the risk

to strategy. Looking at assumptions underlying the strategy and

utilizing internal audit. I think internal audit is, is an

organization or a group that's often underutilized.

Boards need to really pull internal auditors in, especially

if we're deregulating and the, a lot of the risk is going to be moving

internally and make sure that the internal audit function is more

focused on strategic oversight. Instead of auditing and assessing very

detailed transactional controls, make sure they're looking at the

strategy execution and the embedded risk and that they are, you know,

looking at.

Whether we're over expanding or over-leveraging, they're

looking at third party risk. They're looking at the effectiveness of

the hotline. And internal launch can really help boards by providing

independent assessments of organizational culture and the hotline

as well. So I think looking at how you're utilizing internal audits

important, and I think when we're looking at board expansion.

We should also look at including more CAEs. So, most boards,

of public companies include at least one big four partner, but

very few include chief audit executives. And I think as boards move to

having more members that are probably heard of the T shape, and that

includes board member who has very deep expertise in at least one

area.

And then broad expertise and can connect dots and

chief audit executives are probably as close as you're going to come

To someone who would be a polymath. They're systems thinkers.

They often have deep expertise across many different areas of an

organization, and they're able to really connect dots.

And so that's, you know, I think, groups like Diligent

and, and other organizations that had databases of potential board

members, I would love to see that expanded to include more chief audit

executives. And then the last thing is just really, you know, for

boards to keep, an eye on what's going on with regulation,

deregulation, and then what's going on with the SEC.

Because if we are deregulating, the SEC may well move to

balance that by. Having organizations have more robust disclosure, for

example, disclosing whether or not they've assessed the organizational

culture disclosing. Whistleblower program usage and performance, and

disclosing whether they've actually even analyzed the inherent risks

to the strategic plan and whether their internal audit groups are

covering emerging hot topic errors, areas like, you know, emerging

risks, data privacy would be one.

Because if we are deregulating, the SEC may well move to

balance that by. Having organizations have more robust disclosure, for

example, disclosing whether or not they've assessed the organizational

culture disclosing. Whistleblower program usage and performance, and

disclosing whether they've actually even analyzed the inherent risks

to the strategic plan and whether their internal audit groups are

covering emerging hot topic errors, areas like, you know, emerging

risks, data privacy would be one.

Looking at pressure points across the organization. So

I would look to potentially see more disclosure. Requirements as a

counterbalance to deregulation.

Dottie Schindlinger: Sherron, I'm eager to ask you this

next question, and that is, what's the last thing that you read or

watched or listened to that made you think about governance in a new

light?

Sherron Watkins: I read it a few years ago, but I'm

rereading it for my book club and that's the book Sand Worm and

it is about, you know, cyber-attacks, really Russia to Ukraine, but it

spread out.

It impacted a lot of Western companies, but I'm rereading it.

The fact that almost the link to internet to, you know, actually mess

with hardware, with electric grids, with power plants, with any kind

of manufacturing facility, there's always supposedly a little bit of a

back door so that certain key people can get in and operate remotely

and those.

Those things offer an avenue in so sand worm, I would

I highly recommend that people read that book. I should have the author's

name at my fingertips, but I don't. It probably came out in 2019. it's

an excellent read on cybersecurity risks that almost everyone faces.

And then I think AI is such an unknown and the fact that this big

budget bill. Also preclude states from regulating AI for the next 10

years. Oh, that ought to be setting off alarm bells everywhere.

Dottie Schindlinger: Totally agree. and I'mg oing to ask this

last question of both of you. So, Cynthia, I'll start you with you.

What is your current passion project?

Cynthia Cooper: My current passion project, I have several. One is, speaking to students. So, I speak to a lot of universities, ethics and leadership, helping to prepare the

next generation for ethical dilemmas they might face in the workplace

and how to stop step back, think them through, and make the right

choices. And I've written a book, extraordinary Circumstances where I

go through my experiences and lessons learned at WorldCom.

One is, speaking to students. So I speak to a lot of

universities, ethics and leadership, helping to prepare the

next generation for ethical dilemmas they might face in the workplace

and how to stop step back, think them through, and make the right

choices. And I've written a book, Extraordinary Circumstances where I

go through my experiences and lessons learned at WorldCom.

And I wrote it in present tense because I wanted everyone

to be able to put themselves in the shoes of other people, whether

it's the people who became complicit with the fraud board members,

members of the external audit team, perhaps imagined that they were

following my team and me as we identified and reported the fraud.

And think about what decisions they might have made along

the way and how those choices would have impacted not only them. But

other people. So that's one of the things that I am very passionate

about. And I also am passionate about helping organizations and boards

to understand how they can strengthen governance to, to really

understand this invisible layer of pressure and fear and misguided

loyalty that sometimes goes unnoticed and helping to bring that to the

Surface, helping organizations to build high performance speak up

cultures, making sure that they have a very strong, effective,

anonymous reporting mechanism that people feel safety in speaking up.

That organizations, send out, engagement surveys every year because

none of these frauds happen in a vacuum.

People know all these big scandals involve

collusion, usually people working at the very highest levels of the

organization. And so, one of the best ways to find out if things are

going on in your organization is simply to ask. Ask the people, send

out regular surveys, and that will uncover a lot.

And I think that people often over rely on internal

controls. I think that's actually one of the reasons that some of

these frauds. Went undetected for long periods of time because if you

have collusion at the top of an organization, you can bypass most of

those basic, internal control. So, it really is critically important to

make sure you have a strong ethical culture and a strong anonymous

reporting mechanism, and that these issues don't stay buried within

the organization, but making sure that they rise to the level of the board.

Dottie Schindlinger: Sherron, I want to ask you the same

question. What is your current passion project?

Sherron Watkins: It's a little bit more of a 50,000 foot

level. I'm interested in the fact that belonging is so important to

all of us. We have various churches, we belong to, clubs, groups.

Athletic sporting teams, and it's in line with some of the things

Cynthia was saying about loyalty.

We don't want to rock the boat. We want to belong, we want to stay

belonging to that tribe that we picked. And, from my perspective I

move around a lot in some of the Evangelical Christian circles you

know, there's so many people that feel like to belong, they have to

vote a certain way. And we now have ugly Christian nationalism in our

country and we have speakers just reading the words of Jesus from

Matthew 25 that when you saw someone hungry, naked, thirsty, you did something and they're calling that

socialist garbage, so they want to belong to a tribe so much. They're,

but they're also claiming to be Christian. So my passion project is

more around those arenas because I've seen very good people make some

horrible choices that I think, go against what their soul really

believes.

Dottie Schindlinger: I just want to say thank you both to Cynthia Cooper and

Sherron Watkins. Thank you for joining us on the podcast today and

sharing your perspective. I think this was incredibly valuable. So

thank you for joining me on the show once again.

Sherron Watkins: Thanks for having us too.

Cynthia Cooper: Thank you, Dottie.

Dottie Schindlinger: We've been joined today by Cynthia

Cooper and Sherron Watkins. Both are stalwart fighters against fraud and whistleblowers

of fame from Enron and WorldCom. Thank you so much for joining us on

the show.

Meghan Day: First of all, Dottie, I want to be in a book

club that is reading Sand Worm. I'm going to have to get that information

from Sherron. What Cynthia said about history repeating itself, and

this is the opportunity to evolve and not tear it all down is so

important to me. Scammers are going to scam. We know this and why are we weakening one of the last lines of defense

against financial fraud?

Dottie Schindlinger: I mean, that's the thing, right? Like,

so when I read their op-ed in the New York Times, I, I really just

couldn't sit on my hands. I had to ret right out to them to say, this

was really well, well written, very interesting. And would you come on

the show and talk about it?

Because you know what? Regardless of the fact that now Congress has decided not to eliminate the PCAOB as part of the budget

bill, which looks like it wasn't allowed. you know, it, who knows

what's going to happen, and there's, there's such a move for

deregulation. And I think sometimes, you know, you can kind of fall

into the trap, especially if you're in a corporate director of sort of

just lulling yourself into thinking, well, deregulation always equals

something good, right? We want to have more freedom. We, we don't want to have our

hands tied. We want to be able to do the things that we need to do to

grow our businesses. But this is a good example of were

without protections in place, things can go off the rails really

quickly and you can find yourself on the board of a toxic asset.

I mean, I'm fairly certain that the Board of Enron and the

Board of WorldCom didn't fully understand what was happening at those

companies. I mean, keep in mind, these were two companies that were

regularly getting applauded by the likes of McKinsey and others as

like the most ethical companies and the greatest places to work. And so from the outside looking in, it just looked. Like

these were such stable, fabulous companies, you know, very well run.

And of course, when you look under the hood, and if you talk to anyone

on the internal audit team, including either Sherron or Cynthia at

their respective companies, you find out that things are absolutely

not going well.

That there are some very real problems happening and,

and some things are, are going to need to come to light. And when they do

come to light. You know, those board members, I'm certain, had

a very difficult time finding other board seats. I'm sure it was

destructive to their careers. And let's face facts, it destroyed

800,000 lives.

So many people were impacted by the implosion of those

companies and that had ripple effects for like the next decade. That's

not minor. You know, that's not a minor thing, and, and we all need

those protections. I don't care whether you're a board member, whether

you're a consumer, whether you're an executive at a company.

We all need someone minding our backs, you know, watching

our backs and just making sure everything is okay so that we can do

our jobs well and feel good about the jobs we're doing.

Meghan Day: Yep. And if you think about the job of a

corporate director these days, eliminating something like this could

mean more risk, more responsibility, potentially less clarity on audit

oversight. And honestly, that'sprobably thelast thing a director

needs right now.

Dottie Schindlinger: Well, that's exactly right. The truth

is like, you know, if you think about it in this regard, the more

regulation you eliminate. The more personal liability falls on the

head of the director, right? Because who else is there mining the

store, right? If there's no other, you know, if there's no oversight

body, if there's no government assistance here, it's all on your head

and the chips will fall where they may and. You as a director are not

necessarily in the trenches enough to really know what's going on all

the time, and that just feels very, very, very risky to me.

So I, you know, as a director myself, I, you know, look,

I'm not necessarily in favor of every regulation. I do think there's a

lot of dumb ones out there, but I think something like the PCAOB. Just

makes so much sense, you know, having some level of standard, some

level of quality, looking at audits, looking at audit firms and making

sure that they're all on the up and up and that they're all according

to standard and being done.

That just makes total sense to me off the soapbox.

We just had to share that with you. I mean, again, disagree with us.

If you do, and give us a shout if you do. I mean, it would be

interesting to hear a dissenting view, quite frankly. I mean, I, I

feel pretty compelled, talking to Sherron and Cynthia and, and

certainly to Mike Levy as well.

But, we'd be totally open to hear a dissenting view. I

always, you know, interested to hear multiple sides of an issue, so

feel free to give us shout at contact@podcastatdiligent.com. Well, Meghan,

that wraps up another episode of the Corporate Director Podcast, the

Voice of Modern Governance. I'd like to say a few special thank yous,

first and foremost to our audit and whistleblower champions, Sherron

Watkins and Cynthia Cooper and Mike Levy for joining us for the

Opening Conversation.

Podcast producers, Kira Ciccarelli, Steve Clayton and Laura

Klein, our sponsors of the show, including PWC, KPMG, Wilson Sonsini

and Meridian Compensation Partners, and most especially, thank you to

Diligent for sponsoring our show. If you like the show, please give us

a rating on your podcast player of choice and drop us a line at podcast@diligent.com. You can also listen to more episodes

and see more from The Diligent Institute by going to diligent.com/

resources. Thank you so much for listening.

Narrator: You've been listening to the Corporate Director

Podcast. To ensure that you never miss an episode, subscribe to the

show in your favorite podcast player.

If you'd like to learn more about corporate governance and

tools to help directors do their job better, visit www.diligent.com.

Thank you so much for listening. Until next time.