On August 30, the Public Company Accounting Oversight Board (PCAOB) published a Staff Inspection Brief that offers guidance into the plan, scope and objectives of its 2017 inspections of registered auditors and their audits of issuers.
This is the third year that the PCAOB has provided auditors a roadmap into its inspection process, and as in past years, the organization’s 2017 Staff Inspection Brief is intended to help investors, auditors and others understand the areas of significant audit risks targeted by PCAOB inspectors and to encourage auditors to improve audit quality. The report provides insight into areas that not only are of interest to auditing firms, but also areas that will affect how preparers and issuers track, process and report financial information. Therefore, we believe it is important for public companies to familiarize themselves with the report and prepare accordingly.
Inspection Focus Areas
While the PCAOB’s Inspection Briefs generally provide valuable information on several different issues, this year we think that public companies should focus their attention on three particular areas that the PCAOB has marked for scrutiny – new accounting standards, information technology and financial reporting. Over the past several months, in fact, Protiviti has highlighted these topics in various reports aimed at educating companies about their growing relevance. These three areas are discussed in further detail below:
New Accounting Standards: The PCAOB’s inspections will evaluate changes firms may have made in the processes and/or the procedures that firms plan to undertake in light of new accounting standards issued by the Financial Accounting Standards Board (FASB) related to revenue recognition and lease accounting. For certain issuer audits, inspectors will discuss with auditors how they are addressing the pending accounting changes with issuers and other matters related to audits.
FASB introduced the new revenue recognition standard in May 2014 but later deferred its effective date by a year, to years beginning after December 15, 2017, for public companies, and to years beginning after December 15, 2018, for non-public organizations (effectively January 1, 2017 and 2018, or the first day of the fiscal year for non-calendar-year public and private companies, respectively). As detailed in a previous Flash Report, the new standard establishes a core principle that calls for companies to recognize revenue in a manner that depicts the transfer of promised goods or services to customers in an amount that reflects the consideration to which the company expected to be entitled in exchange for those goods or services. It also includes a five-step process to achieve the core principle, and companies can choose from two alternatives to transition to the new standard.
Similarly, in March last year we issued a Flash Report on the FASB’s new standard for accounting for leases, which goes into effect for years beginning after December 15, 2018, for public companies and one year later for private firms. This new standard will require lessees to recognize a lease liability and a right-of-use-asset for all but short-term leases (less than one year) as of the date on which the lessor makes the asset available to the lessee. It amounts to a significant change in accounting for leases by lessees, and companies need to ensure the lease inventory is reliable throughout the enterprise, evaluate the supporting systems and data, look for embedded leases, and consider other implications.
Information Technology: PCAOB inspectors will review the use of software audit tools by auditors, as well as audit procedures performed to assess and address the risks of material misstatement to financial statements posed by weak cybersecurity. Given the increasing occurrences of cyber crime, it’s not surprising that the PCAOB is placing emphasis on this area.
Likewise, companies are beginning to recognize the crucial role of the IT audit function. According to results from A Global Look at IT Audit Best Practices, our most recent IT audit benchmarking study conducted in partnership with ISACA, boards and executives ranked cybersecurity as the No. 1 technology challenge for the first time in the six years that we’ve conducted the survey. What’s more, the survey results revealed that a growing number of executives and IT audit leaders are taking greater interest and a more active leadership role in the IT audit function. Among other issues, companies may want to consider how thoroughly their current audit plan assesses cybersecurity risk, whether the internal audit team has the right skills to evaluate IT risks and related controls, and the extent to which leadership grasps cyber threats.
Financial Reporting Areas: PCAOB inspectors also will focus on areas that may involve significant judgment, estimates and subjectivity from management and/or auditors, such as the auditor’s consideration of the entity’s ability to continue as a going concern, and income tax disclosures. Some of the more prevalent issues in regard to estimation processes include those identified in prior years:
- Evaluating impairment analyses for goodwill and other long-lived assets
- Valuations of assets and liabilities acquired in business combinations
- Valuation of illiquid equity securities and debt instruments
Audit procedures related to the above and other accounting estimates, including other fair value measurements used in financial reporting, continue to be a focus of the PCAOB this year due to the increased risk of material misstatement that the estimates may pose to the financial statements. Preparers should ensure robust processes and controls over how estimates were developed, including management’s validity of data used in the estimation and evaluation of management’s assumptions, inputs and methodologies that are significant to the estimate.
While financial reporting is an area of significant relevance to public companies, we also recommend that organizations preparing for an initial public offering familiarize themselves with the issues.
PCAOB Inspections staff will also be looking at other areas of potential audit risk. These include:
Recurring audit deficiencies – These typically are areas that experience the most frequent and recurring deficiencies, including procedures related to the audit of internal control over financial reporting, assessing and responding to risks of material misstatement, and audit accounting estimates.
Economic factors – Economic conditions that may affect audits include Brexit and its influence on Europe’s financial markets, the high rate of M&A activity, and fluctuations in oil and gas prices.
New Form PA reporting requirements – These relate to the implementation of new PCAOB audit rules and related amendments designed to give investors and financial statement users information about partners and accounting firms that participate in an issuer’s audit.
Multinational audits – These relate to work performed by other firms at the request of the principal auditor, as well as the principal auditor’s reliance on the work of other auditors.
Firm’s system of quality control – This includes policies and procedures to identify “root causes” of audit deficiencies and positive quality events, monitor and maintain independence, perform engagement quality reviews, and apply professional skepticism throughout the audit.
Inspection Selection Process
The 2017 inspections cover 2016 audits, with inspectors generally focused on audit work of the most challenging areas, including financial statement accounts and disclosures that require a higher degree of management judgment. Where relevant, audit work related to internal control over financial reporting is also being selected for review. The PCAOB typically does not select audit engagements or areas of inspection randomly, and the selection of audits does not necessarily reflect the representative sample of a firm’s audits. This year, the PCAOB plans to review roughly 195 firms, including 11 in the United States that conducted audit reports for more than 100 issuers, as well as 55 non-U.S. firms in 26 jurisdictions.
The PCAOB inspection process continues to evolve, and it is important that issuers not only prepare for the new areas of emphasis, but also continue to focus on areas that the PCAOB emphasized in Staff Inspection Briefs in prior years, including but not limited to auditor independence, information produced by entity (IPE), non-financial assets, allowance for loan losses, and receivables. Our experience is that PCAOB seems to never take any area of focus off the list.