PCAOB Spotlight: Update And Preview Of 2020 Inspection Observations
PCAOB Spotlight: Update And Preview Of 2020 Inspection Observations
Improving audit quality through inspections continues to be a priority for the PCAOB. As such, audit committees, management, and auditors can benefit from understanding the staff’s shared observations from the 2020 inspection cycle to inform current year audit plans and their engagement and communications with one another.
In October 2021, the PCAOB issued a Spotlight: Staff Update and Preview of 2020 Inspection Observations to share its observations from its 2020 inspections of public company audits, along with summarizing how the PCAOB continues to change the inspection process. Additionally, the Spotlight features both observations of “good practices” and recurring deficiencies to be mindful of in conducting upcoming audits. Lastly, the PCAOB discusses other observations including cybersecurity and digital assets.
PCAOB Observations of Good Practices Believed to Enhance Audit Quality
Good practices identified with respect to procedures, techniques, or methodologies that are “appropriately comprehensive and suitably designed in relation to an audit firm’s size and the nature and complexity of the audit firm’s practice” included:
Increased training and assistance – Audit firms conducted training sessions focused specifically on addressing the challenges of performing audits remotely, and on areas more significantly impacted by the pandemic (e.g., impairments and going concern), and developed practice aids and other guidance to focus audit teams on potential issues related to the pandemic.
Emphasis on consultations – Audit firms emphasized the importance of consultation and, in some cases, established supplemental consultation requirements including, for example, for issues related to government assistance, changes to materiality, market and business changes impacting accounting, impairment evaluations, and going concern assessments.
Modified client acceptance and continuance procedures – Audit firms added new sections in client acceptance and continuance questionnaires to focus specifically on risks presented by the COVID-19 pandemic.
Real-time monitoring of in-process audit engagements – Certain audit firms have increased the level of real-time monitoring of audits, such as implementing pre-issuance reviews or coaching programs.
Increasing supervision of the work performed by specialists – Many audit firms use auditor specialists, in particular when auditing complex estimates. Some auditors increased their level of oversight of the work of specialists to enhance communications in order to better understand the procedures performed and determine that such procedures are responsive to the risks identified.
Use of practice aids to assist engagement teams in identifying risks for each factor relevant to management’s estimation processes – Certain audit firms developed practice aids that include examples of risks at the assertion level for certain significant accounts involving accounting estimates to help engagement teams identify risks of material misstatement.
The PCAOB continues to note similar deficiencies to those identified in prior years. Potential areas of improvement for all firms remain and we encourage audit committees to be focused on these areas and discuss with the auditor their planned procedures and resulting observations in these areas:
Internal Control Over Financial Reporting (ICFR) – Common deficiencies noted across firms continue to include:
Review elements of management review controls (MRCs)
Selecting relevant controls to test, and testing operating effectiveness
Identifying and selecting controls over completeness and accuracy of information produced by the entity
Evaluating identified control deficiencies
Understanding likely sources of misstatement
Understanding the relationship of risk identified to the evidence obtained
Revenue – deficiencies were identified related to testing revenue under the accounting standard, including:
Evaluation of whether the performance obligation for the services was satisfied
Evaluation of whether customer contracts met the collectability criteria
Sufficient appropriate audit evidence from the related measure of progress
Test of the accuracy and completeness of data or reports produced by the public company used in testing
Deficiencies when using data analysis tools, such as validating the information, evaluating exceptions, or complying with policies and procedures
Please see BDO’s Revenue Recognition News & Resources for information on this topic.
Accounting Estimates - While the PCAOB has observed improvements in auditing accounting estimates, deficiencies continue to occur, particularly in auditing the allowance for loan losses (ALL). Common deficiencies in auditing estimates included:
Evaluation of evidence supporting certain assumption changes from the prior year, or lack of changes
Sufficient appropriate audit evidence to support the assumptions used, or procedures to resolve any known contradictory evidence
Evaluation of the appropriateness of the valuation models and the reasonableness of significant assumptions
Sufficient procedures to resolve any known contradictory evidence when evaluating the recoverability of certain long-lived assets
Inventory - In certain instances, auditors selected for testing controls over the existence of certain inventory, which consisted of review of cycle count results to assess the reliability of the program. The auditor limited their procedures to inquiries of management and did not perform procedures to satisfy themselves as to whether the cycle count program produces results substantially the same as those that would be obtained by a count of all items each year.
Critical Audit Matters - Common deficiencies in this area included:
Auditors performed procedures to determine whether or not matters were critical audit matters but did not include in those procedures one or more matters that met the criteria as a potential critical audit matter
Descriptions of (1) how the critical audit matter was addressed in the audit or (2) the principal considerations that led the auditor to determine that the matter was a critical audit matter
Please visit BDO’s resource hub: The Future of Auditor Reporting is Here for information on this topic.
Form AP - Common deficiencies include instances where auditors did not file, or timely file, their reports on Form AP; and where an auditor’s Form AP either contained inaccurate information or omitted information related to the participation in the audit by certain other accounting firms.
Observations Related to Quality Control
The PCAOB performs QC procedures to obtain and/or update its understanding and assess the effectiveness of an audit firm’s QC system. Some of its procedures focus on specific QC system areas across all firms, while other procedures are customized for each inspected firm based on the firm’s structure and size, past and current inspection observations, procedures performed in prior inspections, and other factors. The PCAOB noted the following QC concerns based on their procedures:
Independence - Independence is a critical element to be addressed by a firm’s QC system and remains an area for improvement. In 2020, the PCAOB continued to identify violations of financial relationship requirements of Rule 2-01 of Securities and Exchange Commission Regulation S-X. The PCAOB also observed deficiencies related to PCAOB Rule 3524, Audit Committee Preapproval of Certain Tax Services, and PCAOB Rule 3526, Communication with Audit Committees Concerning Independence.
Engagement Quality Reviews – Engagement quality reviews remain an area of concern. The PCAOB continues to observe instances where it identified deficiencies in areas that require the engagement quality reviewer’s evaluation; or with the engagement quality reviewer’s objectivity.
Internal Monitoring – The PCAOB also observed situations where it identified deficiencies through its inspection procedures that were not identified through an audit firm’s internal inspection procedures directed to the same engagements.
A strategic goal of the PCAOB is to anticipate and respond to the changing environment, including emerging technologies and related risks and opportunities. As part of achieving this goal, the PCAOB reviewed how auditors are responding to technology developments, namely cybersecurity incidents and distributed ledger technologies.
Cybersecurity - Cybersecurity incidents remain prevalent, and the risks to public companies continue to evolve, presenting a risk of financial loss, disruption, or damage to the reputation of an organization. The PCAOB continues to review audits of public companies that experienced a cybersecurity incident during the audit period. The PCAOB observed in its reviews how the auditor considered the cybersecurity incident in their risk assessment process and, if applicable, in their response to identified risks of material misstatement.
Distributed Ledger Technologies and Digital Assets – The PCAOB continues to observe limited instances in which public companies used distributed ledger technology to support recording a digital asset in their general ledger. When transactions are material and selected for review, it has identified deficiencies in which the auditor did not perform procedures to evaluate the sufficiency and appropriateness of audit evidence obtained over the existence and valuation of crypto assets recorded at year-end.
Changes in the PCAOB 2020 Inspection Approach
In the prior year, the PCAOB detailed the transformation in how it plans, conducts, and reports its inspection process, and how it engages with its stakeholders. For the 2020 Staff Update, the following items were noted as changes to the PCOAB’s approach to addressing the challenges of the COVID-19 pandemic:
The PCAOB conducted all inspections remotely, adjusting the inspection approach to consider the impact of COVID-19 on the audits of public companies, refining the planned quality control (QC) procedures, and providing insights to inform stakeholders on the PCAOB’s oversight activities related to the COVID-19 pandemic.
The PCAOB tailored or enhanced certain aspects of its inspection procedures including taking discrete steps to understand audit firms’ considerations of, and responses to, the effect of the pandemic on audits of financial statements and internal control over financial reporting and interim reviews.
The PCAOB accelerated its selection and review of audits potentially impacted by COVID-19 by selecting a sample of audits of public companies with fiscal years ended primarily between March 31, 2020 and June 30, 2020, (i.e., so that the PCAOB could understand sooner how audits were being performed during the pandemic).
The PCAOB performed supplemental QC procedures by planning an increased focus on reviewing changes made by audit firms to their QC systems in response to the COVID-19 pandemic.
Lastly, the PCAOB provided audit firms with an optional 45-day deferral from inspections at the onset of the pandemic.
As a reminder, as facts and circumstances change related to an entity’s operations, market factors, or the regulatory or the economic environment in which it operates, the audit committee, management and the auditor should be communicating timely. The auditor should then evaluate how the nature, timing and extent of audit procedures and audit responses should change, including a re-assessment of fraud risk factors and fraud risks that if significant should be communicated timely.
We encourage audit committees, management, as well auditors to review the guidance referenced in this Alert alongside the PCAOB’s Spotlight, and encourage robust dialogue around audit quality. We further invite you to participate in BDO’s continuing education series via our upcoming and archived webinars and other thought leadership and resources included within the BDO Center for Corporate Governance.