In recent years, the Public Company Accounting Oversight Board’s (PCAOB) inspections scope and new standards have influenced the audit process. Last year was a relatively quiet year for the PCAOB on the standards-setting front, yet it still conducts annual inspections of the major audit firms. That is why, in our recent issue of The Bulletin outlining the 2019 audit committee agenda, we recommended that audit committee members remain vigilant in audit areas where significant deficiencies have been found in recent years in PCAOB inspections. This vigilance extends to watching for signals from the PCAOB as to where its inspections team will focus in the coming year, as those areas are likely to receive special attention from the accounting firms.
As if on cue as we move into the 2019 audit cycle, the PCAOB published another Staff Inspection Brief on March 14, 2019, highlighting its strategic focus on enhanced engagement with key external stakeholders, including audit committees. The brief is intended to help audit committees and registered public accounting firms understand and comply with PCAOB Auditing Standards and is useful for preparers and issuers to understand issues that impact their auditors and regulators.
This March Staff Inspection Brief is a follow-up to the PCAOB’s December 6, 2018, Staff Inspection Brief, in which the board provided its Inspections Outlook for 2019, with a focus on audit committee considerations and a few minor updates.
It’s always useful to track the PCAOB’s roadmap, which summarizes areas of significant audit risks targeted by the board’s inspectors. This roadmap provides insights about areas that not only are of interest to auditing firms, but also affect how preparers and issuers track, process and report financial information.
In this Flash Report, we highlight some of the most notable areas the PCAOB underscored in its briefs. The full March 14 Staff Inspection Brief can be found here and the December 6, 2018, Staff Inspection Brief can be found here.
Inspection Focus Areas for 2019
As detailed in the PCAOB’s just-released outlook along with the board’s December 2018 brief, 2019 staff inspections are focused on several key areas, including:
- Technological developments. The board is focusing on an array of technology advancements affecting today’s audits, including the use of software audit tools, and auditors’ responses to digital assets like cryptocurrencies, initial coin offerings and distributed ledger applications. Inspections also continue to place a high focus on audit procedures used to address the ongoing threat of cybersecurity risks. Given the increasing number of cybercrime occurrences, it’s not surprising the board is emphasizing this area.
- Audit firms’ actions addressing past inspection findings. The board continues to review areas of repeat deficiencies in internal controls over financial reporting, revenue recognition, allowance for loan losses, other accounting estimates, and responses to the risks of material misstatement such as consideration of any changes in external factors affecting the company.
- Audit procedures related to new accounting standards. These relate specifically to the effectiveness of internal controls designed to address revenue recognition (ASC 606 and IFRS 15), lease accounting (ASC 842 and IFRS 16), current expected credit losses (ASC 326), and financial instrument accounting (ASC 815 and IFRS 9).
- Audit Quality Indicators (AQIs). The board is assessing audit firms’ use of AQIs to monitor audit work and staff deployment, and whether they are discussing the results with audit committees. The PCAOB is gathering information on how firms are using AQIs in an effort to enhance discussions on the essential factors that firms may use as part of their monitoring procedures to prevent, detect, deter and remediate audit deficiencies. The board states it will collaborate in 2019 with those who collect data and conduct research on the quality of audits to develop more thought leadership around AQIs.
- Implementation of the new auditor’s reporting model requirements. This includes the reporting of “critical audit matters” (CAMs). In 2017, the PCAOB adopted a new standard (AS 3101) to enhance the usefulness of the auditor’s report. The new standard required changes to the basic elements of the auditor’s report, including the disclosure of auditor tenure, which are already in effect. In addition, impending future changes will require the auditor to communicate CAMs arising from the audit of the financial statements that involved, among other things, especially challenging, subjective or complex auditor judgment, and the response that the auditor had to those matters.
- Audit firms’ systems of quality control. This includes reviews of audit firm culture, policies, procedures and consistency regarding audit quality. In 2019, the board intends to increase its focus on the design and operating effectiveness of such systems by analyzing how audit firms’ systems of quality control promote a culture of audit quality and risk responsiveness, identifying and reviewing in greater depth those aspects of firms’ quality control processes that are critical to audit quality, and understanding if the firms design policies and perform procedures to evaluate whether the companies they audit have appropriate codes of conduct and compliance programs to avoid fraud, bribery, corruption and other violations of law.
- Auditor independence. Over the last several years, the PCAOB has focused on recurring deficiencies related to auditor independence, including audit firms’ monitoring procedures that fail to identify independence. The board views these recurring deficiencies as an indicator that some firms and their personnel either do not understand applicable independence requirements sufficiently or do not have appropriate controls in place to prevent violations.
Audit Committee Questions
In its most recent brief, the PCAOB also suggests some questions for audit committees to ask their auditors on current issues of inspection focus. The brief addresses several categories of questions, including auditor response to identified risks, changes in the auditor’s report, implementation of new accounting standards, quality control protocols, auditor independence, PCAOB inspection results and corrective actions, and possible indicators to audit quality.
Don’t Forget – Prior Areas of PCAOB Focus Still Apply
Of course, the PCAOB’s past areas of focus in its inspections have not vanished. They remain fair game and include areas that involve significant judgment, estimates and subjectivity from management and/or auditors, such as the auditor’s consideration of the entity’s ability to continue as a going concern, and income tax disclosures, among other areas. Some of the more prevalent issues concerning estimation processes include those identified in prior years:
- Evaluating impairment analyses for goodwill and other long-lived assets;
- Valuations of assets and liabilities acquired in business combinations; and
- Valuation of illiquid equity securities and debt instruments.
The PCAOB continues to focus on the auditor’s procedures related to the above, as well as other accounting estimates, including fair value measurements used in financial reporting, due to the increased risk of material misstatement that such subjective and judgmental estimates may pose to the financial statements. Audit committees should inquire of preparers regarding the processes and controls over how estimates are developed, including management’s validation of data used in the estimation and the degree of the precision of the evaluation of management’s assumptions, inputs and methodologies that are significant to the estimate.
In addition, the PCAOB is looking at other areas of potential audit risk. These include the impact of economic factors, referred work performed by other audit firms on multinational audits and information produced by entities for use by the auditor.
Summary – Three Key Considerations for Issuers
As 2019 unfolds, we offer the following observations and advice:
The PCAOB inspections process continues to mature – As such, issuers will likely see new demands this year from their auditors due to the introduction of new and evolving PCAOB focus areas. New accounting pronouncement financial statement areas such as revenue recognition, lease accounting and CECL will heighten focus on the new pronouncement transition process as well as new process-level control areas, likely resulting in more effort by management to support the attestation process over audits of both financial statements and internal control over financial reporting. While preparers need to be keenly aware of new areas, our experience is that potential exposure areas never seem to come off the PCAOB’s target list. So be ready.
A word on registrant maturity – Seasoned filers should have an easier time preparing and mitigating new exposure risks. However, newly public companies, as well as those preparing for an IPO, might find the level of audit scrutiny increased while transitioning from “AICPA audit” preparation levels to a more deeply focused “PCAOB audit” preparation level, which typically means lower materiality thresholds and a real-time auditor focus on the current internal control environment. So be prepared.
The PCAOB is watching for repeat deficiencies – The PCAOB (as well as the SEC) has a heightened focus this year on so-called “repeat” internal control deficiencies and the process being followed (or the struggles) of remediating them, especially as they relate to revenue recognition, allowance for loan losses, intangible assets, goodwill, cybersecurity vulnerabilities, and other subjective and judgmental accounting estimates that create inherent risks of material financial statement misstatement. We recommend that issuers and preparers strive to ensure remediation design effectiveness early in the process, obtaining real-time auditor concurrence and applying a rigorous operating effectiveness testing protocol throughout the period under audit.