PCAOB Spotlight on Staff Priorities for 2023 Inspections
PCAOB Spotlight on Staff Priorities for 2023 Inspections
Is your auditor and audit committee prepared for areas that will be the focus of PCAOB inspections?
On April 17, 2023, the PCAOB (the Board) issued Spotlight: Staff Priorities for 2023 Inspections outlining their priorities for 2023 inspections. The 2023 inspection plan primarily covers the review of 2022 fiscal year-end audits and focuses on various financial reporting and audit risks, particularly those resulting from new or emerging business risks influenced by both internal and known external factors that were present during 2022, such as volatility in financial and commodity markets due to inflation, interest rates, and currency fluctuations; disruptions in supply chains; ongoing impact of the remote/hybrid work environment and other risk factors.
The Board reviews a large number of filings in their inspection process and the spotlight highlights their approach to selecting which audits to inspect and reflects key areas of financial statement reporting that companies and their auditors should consider when performing their audits.
The planned areas of PCAOB focus in 2023 include:
Inspectors will focus on fraud-related audit procedures performed in accordance with AS 2110, Identifying and Assessing Risks of Material Misstatement, AS 2401, Consideration of Fraud in a Financial Statement Audit, and AS 2405, Illegal Acts by Clients. They will look at how the auditors identified and assessed risks of material misstatements due to fraud and related controls when planning and performing the audit.
Inspectors will examine procedures performed by the auditor to identify, assess, and respond to audit and accounting risks, including those related to financial reporting and disclosures.
Inspectors will evaluate the auditor’s procedures to: (1) design and implement overall responses that address risks of material misstatement, (2) understand, identify, and test relevant controls, and (3) modify the audit approach based on identified control deficiencies. They will consider the auditor’s response to uncertainties in the economic and geopolitical environment that may cause modifications to the public company’s or broker-dealer’s operating structure and business processes that may affect its flow of transactions, financial reporting processes, and the timing and operation of related controls, including information technology and review controls.
Interest rates, inflation, as well as uncertainty and volatility in the digital assets markets, have resulted in increased risks to the financial services sector and require significant management and auditor consideration. Inspectors plan to review public companies in the financial services sector and place emphasis on audit areas that are more prone to such risks – e.g., a company’s liquidity position, future income and expenses, valuation of investments, and going concern.
Inspectors will continue to understand how the auditor addressed the risk of fraud and place emphasis on the audit firm’s procedures relating to revenue identified as having a significant risk, internal controls over compliance with the customer protection rules, and review procedures where broker-dealers have filed an exemption report with respect to such rules.
The PCAOB will continue to select 2022 fiscal year-end audits of identified public companies and broker-dealers with material digital assets since activity is continuing to increase and has significantly higher fraud risk due to volatility and lack of regulation. Inspectors will complete review procedures on selected audits of identified public companies with material digital assets and consider the audit firm’s policies and procedures, including training, consultations, and the development of audit tools and techniques specific to digital assets.
For M&A transactions (including de-SPACs), inspectors will evaluate the auditor’s work on the following: (1) valuation and accounting of financial instruments using complex valuation models, (2) business combinations including reverse mergers, (3) internal control over financial reporting, (4) financial statement presentation and disclosure, (5) significant equity or debt restructuring, and (6) the entity’s ability to continue as a going concern. For more information on this area, the PCAOB released Spotlight: Inspection Observations – Audits of Special Purpose Acquisition Companies and De-SPAC Transactions.
Inspectors will place emphasis on various challenges when using the work of other auditors to better understand: (1) how other auditors were used (including, but not limited to, those in Russia, Belarus, and Ukraine), (2) how lead auditors may have modified their audit approach, (3) whether the use of other auditors in multi-location audits was modified due to restrictions on travel, and (4) the lead auditor’s supervision of the activities of other auditors.
Inspectors will continue to perform quality control (QC) procedures, including assessing firm compliance with existing PCAOB QC standards, primarily through inquiry, review of public company and broker-dealer audits, and inspection of certain audit firm documentation. There will be emphasis on the following areas:
- Talent: Hiring procedures and policies will be under review and inspectors will test policies and procedures around the hiring of professionals to ensure that they possess the characteristics to perform competently. Additionally, inspectors will work to understand the audit firms’ policies around supervision of the engagement team members, as well as by the audit firms’ shared service centers or designated centers of excellence.
- Independence: Independence continues to be an area where deficiencies are identified. Inspectors will work to understand and assess an audit firm’s monitoring of independence throughout the audit and professional engagement period. This includes the audit firm’s identification and assessment of violations of its own policies and procedures for possible QC concerns.
- Critical Audit Matters (CAMs): Inspectors will continue to focus on audit firms’ compliance with the requirements for CAMs, particularly the effects of macroeconomic factors on auditor’s judgments as well as triennially inspected firms that will undergo their first inspection since the implementation of CAMs.
- Cybersecurity: As reliance on technology increases, so does the risk of cybersecurity attacks. For audits selected where a cyber incident has been identified, inspectors will review the audit firm’s response, including whether the auditor assessed the likelihood and magnitude of potential misstatement and how it may have modified its audit approach. Inspectors will also review any new or modified firm policies and procedures supporting the audit firm’s own cybersecurity program.
- Use of Data and Technology: Increased technological evolution in the audits of financial statements and the effectiveness of internal control over financial reporting will force inspectors to inquire about changes in the auditor’s use of technology-based tools in assessing and responding to risks of material misstatement whether due to error or fraud.
Additionally, the staff continues to deploy a “target team” of inspectors to gather information. The target team was established in 2019 to execute in-depth reviews across audit firms gathering information that extends beyond traditional inspection procedures. This year’s target team focus will include risks related to digital assets, first year audits, multi-location audits, and significant or unusual events or transactions. Additionally, as a part of ongoing efforts to enhance inspections, the report notes that the number of audits reviewed will increase.
Reminders for Audit Committees
The role and responsibilities of the audit committee are constantly evolving due to various external factors and regulatory requirements. The audit committee’s priorities should take into consideration the inspection areas that the PCOAB has identified. In addition, the PCAOB reminds audit committee members of the importance of audit execution, auditor independence, and the audit firm’s quality control system in driving audit quality for the protection of investors.
Audit committees need to be confident in their expectations that their auditors will hold audit quality to the highest standard of performance. Audit quality has been a top priority for the Board over the past several years – especially, with the November 2022 proposal of QC 1000, A Firm’s System of Quality Control. While comments received in response to this proposed standard are currently under review, firms are actively preparing for this standard to go into effect. BDO is committed to maintaining high audit quality and has been preparing voluntary public audit quality reports that provide further information about our people, processes, innovations, and quality control system. Please refer to our 2022/2021 Audit Quality Report.
Reminders for Auditors
Step one in any audit is ensuring that the auditor comprehends the public company or broker-dealer’s business and environment. It is essential to understand the events, conditions, and activities that might impact the risks of material misstatement and especially, material misstatement due to fraudulent activities. The potential for fraud should be at the forefront of decision making. These risks can drastically impact the audit work performed and the auditor’s duty to ensure that evidence is appropriate and sufficient.
With the current economic and geopolitical environment being so volatile, economic implications for inadequate financial reporting and noncompliance with laws and regulations need to be considered.
Digital transformation is a necessity and unavoidable. Auditors need to prepare for the risks that come with technological advancement and increasing frequency of cybersecurity attacks. Breaches may require modification to the planned audit approach and therefore, make designing and performing audit procedures to address cybersecurity risk an evolving area of focus for auditors and regulators.
As always, audit teams need to keep top of mind the importance of exercising due professional care as well as professional skepticism. It’s important to embrace a framework, such as BDO’s Professional Judgment Framework, as auditors define matters, specify objectives, identify possibilities, gather and analyze information, reach conclusions and reflect upon their judgment process. It’s the auditors’ responsibility to perform the iterative actions of coaching, consulting, avoiding traps and biases, documenting, and communicating. If the auditor combines this process with their technical and industry-specific knowledge, they should have the tools necessary to safeguard against evolving risks, implement adequate procedures, and make high-quality judgments. At the end of the day, it’s all about risk mitigation.
Next Steps for All
We encourage audit committees and management to review the PCAOB’s guidance and engage one another as well as the auditor in dialogue about the specific facts and circumstances relevant to the organization’s business that may impact the execution of the audit and overall quality of the audit and resulting financial statements.
We invite you to explore additional resources of interest and educational programming via the BDO Center for Corporate Governance and BDO Center for Accounting Standards & Reporting Matters.