PCAOB Spotlight: Update and Preview of 2019 Inspection Observations

Improving audit quality through inspections is a priority for the PCAOB. As such, audit committees, management, and auditors can benefit from understanding the staff’s shared observations from the 2019 inspection cycle to inform current year audit plans and their engagement and communications with one another.
 
In October 2020, the PCAOB issued a Spotlight: Staff Update and Preview of 2019 Inspection Observations to share its observations from its 2019 inspections of public company audits along with summarizing how the PCAOB continues to transform the inspection process, including its use of targeted inspections for certain areas. Additionally, the Spotlight features both observations of “good practices” and recurring deficiencies to be mindful of in conducting 2020 audits. Finally, the PCAOB provides insight and reminders into how changing audit technologies and audit tools, along with responding to increasing cyber risks, should be taken into account as part of current cycle audit procedures.

 

Inspection Transformation Activities

The PCAOB is transforming the inspection process in how they plan, conduct, and report and is engaged in the following activities in that regard:

• Incorporating unpredictability into more areas of the inspection process

For example, through the selection of more engagements on a random basis and through including different aspects of the audit in the inspection focus areas.

• Deploying a dedicated inspection team to target specific areas of focus or emerging risk across firms

For example, this has included in the prior year performing targeted reviews of newly disclosed CAMs in the auditor’s report for several identified Large Accelerated Filers, as well as targeting multi-location audits in the most recently completed inspection cycle.

• Expanding inspection procedures to compare approaches firms are taking to monitor systems of quality control

• Refining inspection methodology to focus more on the firm’s system of quality control

For example, through more continuous inspection of elements of the system of quality management as these activities are performed.

• Designing a new format for inspection reports

Earlier in 2020, the PCAOB released the 2019 reports for 2018 inspections for the largest six auditing firms, including BDO, which include new graphics and historical data, including a breakdown of findings observed by industry and by revenue range. In addition, a new Part 1.B has been added to the report that includes deficiencies that do not relate directly to the sufficiency or appropriateness of evidence the firm obtained to support its opinion(s) (as covered in the traditional Part 1.A), but nevertheless relate to instances of non-compliance with PCAOB standards or rules.  

BDO’s most recent PCAOB inspection report can be found here.

PCAOB Observations of Good Practices Believed to Enhance Audit Quality

Good practices identified with respect to procedures, techniques, or methodologies that are “appropriately comprehensive and suitably designed in relation to an audit firm’s size and the nature and complexity of the audit firm’s practice” included:

• Interactive meetings and coaching workshops often tied to “audit milestones” and focused on identifying and assessing risks of material misstatement that led to timely and rigorous risk assessments

• Earlier involvement of the Engagement Quality Control Reviewer

• Narrative descriptions of quality control

• Increased partner involvement when planning tests of controls

• Use of firm specialists during audit planning to assist with the risk assessment

• Implementing coaching programs and refining audit tools for specific audit areas

 

Target Team Activities

In 2019, the PCAOB established a target inspection team focused on current audit risks and emerging topics. The target area most recently completed included multi-location audits based in the U.S. and issuer audits at annually inspected firms in which the U.S. played a role but was not the principal auditor (e.g., referred work). The PCAOB inspectors considered planning and risk assessment topics, principal auditor considerations, and communications between the principal auditor and the other auditor around coordination and independence. The PCAOB observed improved audit quality when regular, consistent communication is evident – e.g., clear referral instructions, site visits performed by the principal auditor, and involvement of an additional Engagement Quality Reviewer by the other auditors. The PCAOB noted that improvements could be made in enhancing documentation of required procedures in compliance with PCAOB Rule 3211, Auditor Reporting of Certain Audit Participants, and improving engagement letter templates to exclude indemnification clauses.
Good practices noted included:

• Requirements to perform engagement quality reviews of audits conducted by other auditors

• Assigning a partner experienced in International Financial Reporting Standards (IFRS) as an additional reviewer on work referred to a U.S. firm

• Automating the collection of global hours to compile the information required for Form AP filings

• Using site visits to obtain additional information

Note: The PCAOB has indicated that for 2020, their target teams are focused on:

1. obtaining an understanding of any changes in a firm’s policies, procedures, or methodologies in response to COVID-19 and

2. reviewing June 30 audits and reviews of interim financial information for issuers affected by the pandemic.

We encourage audit committees and management teams to access our COVID-19 Accounting, Reporting and Other Related Considerations publication and visit BDO’s COVID-19 Resource Center for up to date information regarding the pandemic.

Recurring Deficiencies

The PCAOB continues to note similar deficiencies where potential areas of improvement for all firms remain:

• Revenue – deficiencies related to design and performance of audit procedures addressing assessed risk of material misstatement – e.g., auditors did not:

  • consider other relevant factors along with the contract in validating performance obligations or allocating prices

  • evaluate whether the issuer had an enforceable right to payment prior to recognizing revenue

  • perform any procedures to test the issuer’s evaluation about whether products created and sold to a specified customer had an alternative use

• Independence – include financial relationship requirements under SEC Regulation S-X Rule 2-01 and PCAOB Rules 3524 and 3526

• Accounting Estimates – particularly around evaluation and testing of reasonableness of (1) qualitative factors in auditing Allowance for Loan Losses (ALL) and (2) projections used in later years of a forecasted period for a business combination as well as testing the accuracy and/or completeness of the issuer’s data used to develop estimates

• Internal Control Over Financial Reporting (ICFR) – Common deficiencies noted across firms continue to include:

  • Insufficient evaluation of whether tested controls with a review element operated at a level of precision that would prevent or detect material misstatements

  • Lack of identification and testing of controls that sufficiently addressed risks of material misstatement related to relevant assertions of certain significant accounts (e.g., testing only one stream of multiple revenue streams)

  • Lack of identification and testing controls over accuracy and completeness of system-generated reports used in the operation of management review controls (MRCs)

Refer to BDO’s Management Review Controls Mini Guide

 

Technology

In response to the changing environment and risks and opportunities associated with emerging technologies, the PCAOB reviewed new software being used by auditors and cited that some firms employ policies and procedures to test the design and operation of such tools prior to engagement team use, while other firms that used third party tools did not test the tools nor the reliability of the data used as audit evidence.
Additionally, the PCAOB reviewed how the auditors responded to the following areas:

• Use of distributed ledgers – Certain of the annual inspected firms have provided training to staff and implemented consultation processes for clients that are using distributed ledger technology, receive consideration in the form of digital assets, or hold investments in digital assets; while some triennially inspected firms were noted as deficient for not performing procedures to evaluate the relevance and reliability of audit evidence over the existence and valuation of digital assets, more specifically crypto assets, recorded at year-end – e.g., reliance on third party reports without adequate testing.

• Cybersecurity – The PCAOB is focused on instances of cybersecurity incidents experienced during the audit period and how the auditor considers such incidents in the auditor’s risk assessment process and their response to identified risks of material misstatement. Specifically, the PCAOB noted that while the auditor may have evaluated the severity and impact of the cyber incident, there was no consideration of whether the auditor’s identification or assessment of RMMs were affected that may have required modifications to the nature, timing, and extent of audit procedures or impact on ICFR.

Audit Committee Communications

The PCAOB cites in this Spotlight that they found instances where triennially inspected firms failed to communicate all significant risks identified during audit planning – including changes to those risks – to the audit committee. In BDO’s opinion, this continues to serve as a good reminder for all auditing firms about the importance of the timeliness of communications with the audit committee and the importance of communicating when aspects of the auditor’s risk assessment and planned audit approach and strategy change over the course of the audit.

 

Next Steps

We encourage audit committees, management, as well as our own professionals to review the guidance referenced in this Alert alongside the PCAOB’s Spotlight. We further invite you to participate in BDO’s continuing education series via our upcoming and archived webinars and other thought leadership and resources included within BDO’s Center for Corporate Governance and Financial Reporting. We further encourage robust dialogue between [or among??] our clients and our engagement teams around audit quality.

 

---