PCAOB Inspections Outlook for 2019

As part of the overall strategic plan and reevaluation of how inspections of public company audits are planned, conducted, and reported on, the PCAOB has released its objectives and potential focus areas for planned 2019 inspections of issuers and brokers and dealers. We encourage audit committees, management and auditors to review this alert and BDO’s insights along with our related alert on the PCAOB’s Five Year Strategic Plan.

BACKGROUND

In early December 2018, the PCAOB issued an Outlook on its objectives and potential focus areas for planned 2019 inspections of audits of issuers and brokers and dealers. This Outlook outlines ongoing inspections transformation efforts and provides an overview of various areas of inspection focus for 2019 to be aware of in consideration of ever enhancing audit quality initiatives to bolster the capital markets.

PCAOB TRANSFORMATION OF INSPECTION APPROACH

The PCAOB recently approved and announced its five year strategic plan and further outlined its approach to evaluating and transforming its audit inspection process. The PCAOB has placed significant emphasis on driving finding rates down through cultivation of strong preventative controls within firms’ systems of quality controls. As such, the 2019 inspection process will include the PCAOB’s consideration of topics such as the procedures inspection teams perform on the review of specific audit engagements and a deeper focus on audit firm systems of quality control, the approach to selecting engagements for inspection and areas of inspection focus, and how and what the PCAOB communicates about such inspections. The PCAOB is further considering how to make the process forward-looking and how to more effectively consider evolving risks, environmental factors, and the changing needs of stakeholders. Many of these projects are noted as being long-term in nature, with the expectation that certain other projects are to have an effect on the 2019 inspections cycle.

BDO is supportive of this approach and will continue to align with and incorporate these areas of emphasis within our own efforts to advance audit quality. We share our thoughts below with respect to certain of the evolving areas of the PCAOB’s announced focus and the impact we anticipate for audit committees and management of our issuer clients as well as for our engagement team professionals.

KEY AREAS OF INSPECTION FOCUS

The PCAOB has indicated the following potential areas of focus for inspections performed in 2019 which we shall explore further:

• Audit Firms’ Systems of Quality Control

• Independence

• Recurring Inspection Deficiencies

• External Considerations

• Cybersecurity Risks

• Software Audit Tools

• Digital Assets

• Audit Quality Indicators

• Changes in the Auditor’s Report

• Implementation of New Accounting Standards

Audit Firms’ Systems of Quality Control – The PCAOB intends to perform a deep dive into the design and operating effectiveness of such systems and how these promote an audit firm’s culture of audit quality and responsiveness to risks, scoping in the organization’s structure, complexity of firm practices, and the knowledge and experience of its professionals. Critical processes to be reviewed in depth include engagement acceptance and continuance decisions, firms’ internal audit monitoring programs, engagement performance and management of staff. Additionally, this area of focus will expand understanding of whether or not firms design policies and perform audit procedures to evaluate whether their issuer clients are establishing and maintaining appropriate codes of conduct and compliance programs related to fraud, bribery, corruption, and other violations of law, including inadvertent violations that may have a direct and material effect on financial statements.

BDO Insight:

While not a new area of review, the PCAOB has signaled to audit firms during the 2018 inspection process as well as in public speeches, including a recent speech¹ made by PCAOB Board member, Kathleen Hamm, that audit firm quality control is a vital aspect of effective corporate governance in ensuring the performance of better audits. For the past several years, the percentage of audit deficiencies for the largest audit firms has remained plateaued at a rate that the PCAOB finds unacceptable. In response, the PCAOB is raising the bar through focusing on a combination of prevention, detection, and deterrence of audit deficiencies before audit reports are issued and relied upon. The fourth leg of that stool is enforcement of regulations through disciplinary actions when warranted.

As further perspective, the PCAOB has created a new senior position – Quality Control Leader – to coordinate initiatives around quality control across all inspection programs and identify insights to be shared with the marketplace. Specifically, the PCAOB will be intent on understanding where audit firms may have opportunities to enhance the design and implementation of their control protocols across several inter-related areas:

1. The PCAOB selection approach will continue to be risk-based taking into account the size, complexity, and risk profile of audit firms, including past inspection results, identified weaknesses, as well as known changes in controls.

2. The PCAOB will consider the control and governance environment and tone at the top along with processes audit firms have in place to cascade audit quality down through its professionals and to further self-identify and assess particular risks they face to delivering PCAOB compliant audits. PCAOB inspection team assessments will help inform how firms identify timely negative audit quality and prevent “risky” audit behavior and activities. This information, in turn, would then be used to help in selection of individual audit files as well as focused areas for review within those files and remediation determinations.

3. The gathering of firm-level audit quality indicators (AQIs) firms use in planning, managing, and monitoring audit work, and deploying their professionals. This includes AQIs that firms share with audit committees. This signals a revised interest in AQIs,² outside of the PCAOB simply monitoring developments in this area. Refer to further information below.

4. Audit firms’ responsiveness to emerging and disruptive technologies and their impacts on audit methodologies, systems, and policies and overall audit quality.

Concurrent with the inspection focus is a multidisciplinary approach to assessing existing PCAOB quality control standards that will further be informed through active discussions with the PCAOB’s Investor Advisory Group as well as the Standard Advisory Group. The objective is to enhance current standards to incorporate a risk-informed and integrated approach, incorporate how auditor professional ethics and values are reinforced through quality controls, along with consideration of changing audit practices. The latter includes such things as the increasing use of audit firm shared service centers, evolving approach to internal controls, or emerging risk management methodologies (e.g., COSO). Ultimately, the goal is for such standards to be both universally acceptable while being scalable for both small and large firms.

BDO continues to engage in discussions with the PCAOB and is monitoring effects and enhancements to our audit processes and our firm system of quality control to reinforce audit quality and the services we are providing to our clients and to increase the confidence of the capital markets more broadly.

Independence – Recognizing that independence contributes to public trust in the quality of audit services, the PCAOB intends to assess audit firm independence preventative controls, compliance with and knowledge of independence rules, and the impact on independence of non-audit services.

BDO Insight:

Audit firms, including BDO, each have significant departments of professionals who oversee the daily compliance activities regarding independence requirements. Firms that have robust policies, procedures and reporting mechanisms to ensure independence in both fact and appearance will better serve the overall goal of ensuring audit quality. Increasingly complex and changing relationships within client business structures and the need for evolving systems and continual communication with clients that enable timely tracking are very important. In addition, having dynamic standard setting along with regulations regarding non-audit services that are responsive to both the need for independence along with required business, industry, and technical knowledge that audit firms draw on within their specialty practices across their firms can further help achieve audit quality objectives. We encourage audit committees, management and auditors to have robust dialogues and procedures around independence that occur throughout the audit cycle. Refer here for more on BDO’s focus on independence.

Recurring Inspection Deficiencies – Review of the remedial actions that firms are taking in response to previous inspection findings and consideration of the timing and progress of audit firm work, tools and techniques used to identify and define root causes of deficiency findings and the action steps and monitoring mechanisms firms deploy to address and prevent recurring deficiencies. Audit finding themes continue to include deficiencies in auditing internal control over financial reporting, revenue recognition, allowance for loan losses, and other accounting estimates, including fair value measurements (e.g., goodwill and intangible assets) along with deficiencies related to assessing and responding to identified risks of material misstatement.

BDO Insight:

Developing a deep understanding of the causes of recurring matters is essential to employing effective actions to eliminate those matters; therefore, the PCAOB is interested in the methods firms use to design and implement effective actions. The PCAOB provides supplemental guidance within Staff Inspection Briefs as well as its Annual Report on Inspections of Brokers and Dealers for your reference. Additionally, we provide continuing educational opportunities and encourage attendance by our clients and require attendance by our professionals. Such events, along with additional thought leadership publications, tools and practice aids, are accessible via BDO’s Center for Corporate Governance and Financial Reporting. For more on BDO and the PCAOB inspection process, refer here.

External Considerations – External factors that impact the risk of material misstatements stem from a variety of sources and may emerge during the course of the period under audit. As such, the PCAOB reminds us that an auditor’s risk assessment procedures should be continuous throughout the audit. Inspection procedures will consider evaluating firms’ responses to elevated risks of material misstatement due to external considerations, including assessing how firms adjust the nature, timing, and extent of their audit procedures. Additionally, the PCAOB will assess firms’ evaluation of audit evidence, including consideration of evidence obtained through external sources, such as industry or economic data that potentially contradicts management assertions.

BDO Insight:

As part of BDO’s Statement of Audit Quality Intent, we consider how external factors impact our delivery of audit quality across our systemic audit strategy built around innovating future audits, responsiveness to the market, developing our professionals, leading by accountability and the control environment that determine and monitor the actions we take to drive audit quality. The external factors we consider as we execute on our audit strategy and intent stem from the business environments our clients operate in, corporate governance structures, competitive forces, the regulatory environment, sustainability and innovative disruptions, investor and shareholder expectations, as well as accounting and reporting complexities.

Cybersecurity Risks – Cyber risk and the evolving complexity relative to incidents and breaches of information systems remain at the forefront of risk assessment and the potential for material misstatement to companies’ financial statements.

BDO Insight:
Continuing education on cyber threats and understanding the organization’s cyber threat landscape and controls to mitigate, respond to, and disclose both risks and occurrences of breaches in a timely manner remain a priority for both the PCAOB as well as the SEC. Of particular interest is the SEC’s February 2018 cybersecurity disclosure guidance as well as a recent SEC Report of Investigation.³ For further insight, refer to BDO’s 2018 Cyber Governance Survey results and related webinar along with Cybersecurity – Resources Boards Want to Know About archive. For more on how BDO approaches cybersecurity, refer here.

Software Audit Tools – As firms continue to develop and use software audit tools, including the increasing incorporation of analytical tools, artificial intelligence, etc., the PCAOB intends to monitor whether the firms are effectively using these tools and applying appropriate due care and professional skepticism when they do.

BDO Insight:
As with many audit firms, BDO continues to deploy significant resources to exploring and deploying software to make our audits more effective and efficient and be responsive to complexities in client transactions. As part of this innovation to the audit, we assess new or changes to existing policies and procedures when developing and utilizing such to ensure adherence to professional standards. For more on what BDO is doing with respect to audit innovation refer to BDO’s Innovating Future Audits.

Digital Assets – Similar to the monitoring of software audit tools, the PCAOB will evaluate auditors’ responses to risks associated with digital assets (e.g., cryptocurrencies, initial coin offerings, and uses of distributed ledger technology such as block chain). This includes consideration of audit firm independence, client acceptance and retention decisions, resource management, and planned audit procedures.

BDO Insight:
We are continuing to develop resources in assessing risk management strategies in the auditing of digital assets, as well as producing certain thought leadership and continuing education in the form of in-person events and programming discussing the impacts of these evolving risk areas. For more information, refer to BDO’s Innovating Future Audits.

Audit Quality Indicators (AQIs) – As indicated above, the PCAOB plans to consider how firms may be using AQIs to monitor their audit work and assignment of staff and whether such AQIs are being discussed with audit committees. The PCAOB has further signaled it is looking to collaborate further with those who collect data and conduct research on the quality of audits to develop more thought leadership around AQIs.

BDO Insight:
By way of example, the Center for Audit Quality (CAQ), in conjunction with the larger audit firms including BDO, is continuing its work on audit quality indicators⁴ and disclosures and continues to gather insight and perspective from the auditing profession through its working group and monitoring of evolving, voluntary audit quality reports being produced annually by many auditing firms, including BDO.⁵ The work being promoted by the CAQ builds upon previous thought leadership and stakeholder engagement performed to better understand the needs and expectations around AQIs.

Changes in the Auditor’s Report – In addition to changes to basic elements of the auditor’s report effective in 2017, the PCAOB Auditing Standard 3101 (AS 3101) will feature adoption of the disclosure of critical audit matters (CAM) within the auditor’s report for issuers beginning with larger accelerated filers for audits of fiscal years ending on or after June 30, 2019 and for other issuers for audits of fiscal years ending on or after December 15, 2020.⁶ The PCAOB, along with the SEC, is particularly interested in monitoring the results from “dry runs” the firms and their issuer clients are engaged in currently to aid in the implementation of this new and comprehensive standard and understanding unintended consequences or challenges that may result from adoption of this standard.

BDO Insight:
We, along with other larger audit firms, are conducting dry runs to better inform both our clients and our professionals about the implementation process for CAM reporting and help in the design of processes, policies, procedures and tools to convey required information within our auditor reports. We are sharing these experiences with clients, regulators, as well as through our work with the CAQ. This further includes preparing ongoing thought leadership and educational opportunities to support our clients and engagement teams and to be made broadly available as part of our related and evolving resources. Additionally, the CAQ has timely released Critical Audit Matters: Lessons Learned, Questions to Consider, and an Illustrative Example as a practical tool to share early observations from dry runs—observations that should be valuable for audit committees, investors, auditors, and others in the financial reporting ecosystem. It also provides key questions—derived from the dry run experiences to date—that audit committees and others should consider, along with an illustrative example of a CAM communication.

Implementation of New Accounting Standards – With the implementation of significant accounting standards that are effective (revenue recognition), are soon to be effective (leases), or will be effective in the near future (financial instrument accounting and expected credit losses), the PCAOB is focused on changes in firms’ auditing processes and procedures including both the implementation and disclosures of these new and significant standards. Emphasis will be placed on areas that require management judgment and how auditors have addressed related internal controls for both the implementation period and the post-implementation accounting and disclosure periods. This further includes review of auditors’ independence processes with respect to providing assistance to companies as they implement the standards. Additionally, the PCAOB is mindful and will continue to monitor impacts on evolving auditing standards – for example the pending PCAOB standard on Auditing Accounting Estimates, including Fair Value Measurements.

BDO Insight:
BDO continues to provide a significant amount of thought leadership and guidance in these areas to our professionals and to our clients – both from management’s and the audit committees’ perspectives. Be on the lookout for our yearend reviews of Accounting, SEC Matters and our Audit Committee In Focus publications to be posted to our BDO Center for Corporate Governance and Financial Reporting.

NEXT STEPS

We encourage audit committees, management and our audit professionals to remain abreast of the PCAOB’s focus and communications. BDO will continue to provide thought leadership and educational opportunities in this regard. For more information on how BDO is delivering on our audit quality intent, we encourage you to review our most recent voluntary Audit Quality Report and speak to your engagement team leaders with any questions you may have.

---

1 Refer to the November 30, 2018 “Quality Control: The Next Frontier” speech delivered by Kathleen Hamm during the University of Tennessee’s The Neel Corporate Governance Distinguished Speaker Series.
2 Refer to 2015 PCAOB Concept Release on Audit Quality Indicators.
3 Refer to the SEC’s Report of Investigation Pursuant to Section 21(a) of the SEC Act of 1934 Regarding Certain Cyber-Related Frauds Perpetrated Against Public Companies and Related Internal Accounting Controls Requirements for further information.
4 Refer to numerous resources produced by the Center for Audit Quality available at: https://www.thecaq.org/policy-issue/audit-quality-indicators.
5 Refer to BDO’s voluntary Audit Quality Reports for 2018, 2017 and 2016 for further information.
6 AS 3101 excludes the communication of CAMs for audits of brokers and dealers; investment companies other than business development companies; employee stock purchase, savings, and similar plans; and emerging growth companies.