PCAOB Staff Preview Of 2018 Inspection Observations
For the past several years, the percentage of audit deficiencies for the largest audit firms has remained relatively plateaued at a rate that the PCAOB finds unacceptable and includes a number of recurring audit deficiencies. In recognition of the need to drive improvement in audit quality, the PCAOB has indicated their objective to conduct their inspection activities to provide more timely and relevant feedback to stakeholders. As part of a series of continuing communications, the PCAOB recently issued the Staff Preview of 2018 Inspection Observations, which includes observations and good practices regarding efforts to improve audit quality; areas of common audit deficiencies observed in 2018; observations on technology, implementation of new accounting and auditing standards and rules; and audit committee communications. We encourage audit committees, management teams, auditors, and other stakeholders to review this and other PCAOB resources in anticipation of current year financial reporting.
Background
As part of its Strategic Plan, the PCAOB is raising the bar on enhancing audit quality through focusing on a combination of prevention, detection, and deterrence of audit deficiencies before audit reports are issued and relied upon by cultivating audit firms’ system of quality controls. The fourth leg of the stool is enforcement of regulations through continued inspections and disciplinary actions when warranted. The PCAOB is further considering how and what they are communicating about inspections in order to assist stakeholders in achieving the goal of improved audit quality.
In December 2018, George Botic, PCAOB Director, Division of Registration and Inspections, gave a speech highlighting how the PCAOB is intent on protecting investors through change and the means of taking a “clean sheet” approach with respect to the inspection process. He spoke specifically on how the inspections teams were being transformed and additional leadership positions created to oversee inspection activities. One of the items addressed was the PCAOB’s intention to increase the level of engagement with audit committee chairs to provide insight into the inspection process and gather views of the audit committee. Additionally, he indicated the PCAOB’s plans to share publically practices it identifies that are being employed by audit firms that promote or enhance the quality of audits along with its intention to change both how it reports inspection results and ensures timeliness of such communications.
In this spirit, in December 2018, the PCAOB staff issued the Inspections Outlook for 2019, together with a March 2019 supplement Outlook for Audit Committees, containing a list of sample questions for audit committees to consider throughout the audit cycle when meeting with auditors. Most recently, the PCAOB issued its annual Staff Preview of 2018 Inspection Observations, expanded from prior years to include information with respect to:
Observations and Good Practices Regarding Efforts to Improve Audit Quality
Areas of Common Audit Deficiencies Observed Across Audit Firms Inspected in 2018
The addition of the observations of specific areas and good practices emphasizes the PCAOB Board’s desire to enhance how and what the PCAOB is communicating and to make the process more forward-looking.
Summary: Staff Preview of 2018 Inspection Observations Summary
Observations and good practices regarding efforts to improve audit quality
As with the companies they audit, audit firms must maintain a system of internal controls to maintain (and improve) the quality of their product, the independent audit. The PCAOB reiterates that in their observations, “We have observed fewer inspection findings at audit firms with an engaged leadership team that provides their staff with effective tools, training, and guidance.” In addition, the specific practices noted/observed by the PCAOB positively influenced continued improvement in audit quality and include:
-
Expanding accountability for audit quality beyond the lead engagement partner – expanding accountability for audits to other key leaders such as the engagement quality reviewer, audit quality leaders, technical experts and office leaders. (e.g. rewards or penalizations were directly related to audits they consulted on/reviewed)
-
Developing and refining guidance to help auditors identify and assess risks of material misstatement (RMM) – performing rigorous risk assessments, which were often clearly articulated in internal guidance including steps and expectations in identifying and assessing risks, one example of rigorous risk assessment includes robust team discussions
-
Revising training programs – incorporating case studies and real world examples into training modules allowing professionals to apply concepts
-
Providing additional support from experienced personnel not assigned to the audit – performing independent reviews evaluating planned responses to identified risks, specifically in the areas of frequently occurring deficiencies together with experienced personnel assessing the effectiveness of the audit work performed in responses to assessed risk
-
Establishing a network of specialized professionals to address emerging risks – use of subject matter experts, who serve as a specialized resource and provide the experience needed to address new and emerging risks as well as complex and challenging areas
-
Providing new or enhanced audit tools in areas of significant judgment – providing tools and examples of how to avoid deficiencies that frequently occur (e.g. illustrative examples of evidence necessary to effectively audit areas requiring significant judgement) Audit Quality Report.
For information on how BDO establishes and executes on our internal systems of quality control, we invite you to refer to our most recent Audit Quality Report.
Areas of common audit deficiencies observed across audit firms inspected in 2018
-
Internal Control over Financial Reporting – Deficiencies in ICFR related to insufficient auditor testing of the design and operating effectiveness of controls that include a review element as well as not obtaining an understanding or evaluating activities performed and factors considered by the control owner when reviewing reasonableness of certain estimates and assumptions. Additionally, auditors did not select controls for testing that address the specific RMM. Refer to BDO’s recent alert Understanding ICFR for more details and resources.
-
Risk Assessment and Revenue – Deficiencies were noted in both design and performance of audit procedures related to revenue (e.g. both in obtaining appropriate evidence and in selecting adequate transactions.)
-
Accounting Estimates – This area has been included in past observations and continues to provide deficiencies in all areas (allowance for loan and leases losses, accounting for business combinations, and the fair value of financial instruments). Refer to the PCAOB release for specific examples in the above mentioned areas. Note: The PCAOB has released a new auditing standard (AS 2501) aimed at addressing these issues, Auditing Accounting Estimates, Including Fair Value Measurements which may assist in providing auditors with guidance on exercising professional skepticism and in evaluating management’s views. The standard is effective for audits of fiscal years ending on or after December 15, 2020.
-
Engagement Quality Review – Deficiencies noted related to failing to identify relevant deficiencies, placing too much reliance on discussions with engagement teams, or limiting reviews to summary memos.
Observations on technology, implementation of new accounting and auditing standards and rule, and audit committee communications
The PCAOB’s 2018 inspections included observations obtained from audit reviews and discussions with firm leadership, engagement teams, and audit committee members in the following areas:
-
Cybersecurity Risk – With cyber security incidents noted in 10% of the audits inspected, it is important for auditors to take steps to become aware of such incidents, and incorporate them into their risk assessment and modify their audit procedures as necessary.
-
Software Audit Tools – The use of analytical tools may enhance auditors’ identification of high risk transactions, as was observed with auditors using data analytics as part of risk assessment involving large volumes of transactions (e.g. revenue and journal entry testing). While the PCAOB did not observe the use of artificial intelligence or robotic process automation in their 2018 review, they did observe firms actively considering the use of such technology in the future.
-
Implementation of New Standards and Rules
-
Accounting Standards – Firms continue to revise their audit methodology and train professionals in light of the numerous new accounting standards becoming effective. The firms are further continuing the dialogue with companies regarding implementation including related controls and will need to evaluate the impact on the financial statements.
-
Form AP – The PCAOB observed inconsistencies in its requirements to disclose the engagement partner and certain other accounting firms that participated in the audit within Form AP as incomplete or not being timely submitted.
-
Changes in the Auditor’s Report – The first wave of changes to the auditor’s report were observed (e.g. audit tenure) to be effectively implemented. Further inquiry was made into firms’ preparation to implement required disclosures related to Critical Audit Matters (CAM). Note: In May, the PCAOB issued staff guidance on the communication of CAMS in addition to the three additional staff guidance documents released in March 2019 related to CAM implementation.
-
-
Audit Committee Communications – Deficiencies were noted regarding auditors’ failure to communicate significant risks to audit committees, specifically fraud risk related to management override of controls. While these deficiencies were noted in triennially inspected firms, such communications are equally important in all audits.
Next Steps
We encourage audit committees, management, and our audit professionals to remain abreast of guidance and resources being issued relative to ICFR and dialogue regularly about such matters throughout the audit process. Please stay tuned for additional thought leadership and educational opportunities from BDO’s Center for Corporate Governance and Financial Reporting.
SHARE