The Public Company Accounting Oversight Board’s top targets for its 2017 inspections include how auditors have handled audits of internal control over financial reporting, their assessment of and response to the risk of material misstatement, and their procedures for obtaining an understanding of and testing estimates, including fair value.
These areas make up a third of the areas identified in a recent PCAOB report.
In accordance with the Sarbanes-Oxley Act, the PCAOB inspects firms that audit public companies and establishes audit standards for those firms. To maximize the efficiency and impact of their inspections process, the PCAOB selects issuers and audits to examine based largely on a risk-based assessment.
Top three areas of focus
According to the PCAOB, “Inspections staff typically focuses on audit areas that present auditing challenges and significant audit risk, including risks of material misstatement in the financial statements, as well as areas of recurring audit deficiencies both within and across firms.”
The most frequent and recurring audit deficiencies, as noted in these excerpts from the PCAOB report, are:
- Internal control over financial reporting, including the sufficiency of auditors’ procedures performed to identify, test, and evaluate controls that address the auditors’ assessed risks of material misstatement, including auditors’ testing of controls that contain a review element.
- Assessing and responding to risks of material misstatement, including (1) the sufficiency of testing the design and operating effectiveness of controls; (2) whether the substantive procedures were specifically responsive to fraud risks and other significant risks of material misstatement; (3) the evaluation of the presentation of the financial statements, including the accuracy and completeness of the disclosures; and (4) the evaluation of relevant audit evidence that appeared to contradict certain assertions in the financial statements.
- Auditing accounting estimates, including fair value measurements, evaluating impairment analyses for goodwill and other long-lived assets, and the valuations of assets and liabilities acquired in business combinations. PCAOB inspectors will continue to look closely at auditors’ procedures to understand how estimates were developed, as well as auditors’ testing of data and evaluation of the assumptions used by management that are significant to the estimate.
Additional areas of focus for 2017 inspections include:
- Audit areas potentially affected by economic factors, including but not limited to Brexit, interest rates, and continued fluctuations in oil and natural gas prices. (A potential addition to this list could be the potential direct and indirect impact of Hurricanes Harvey and Irma.)
- Financial reporting areas, including a list of traditionally high-risk areas, plus a focus on the auditor’s consideration of the entity’s ability to continue as a going concern, and evaluation of income tax reporting and disclosures.
- New accounting standards: Inspections staff expect to gain an understanding of changes firms may have made in their processes and / or the procedures that firms plan to undertake in light of new accounting standards. For certain issuer audits, inspections staff are discussing with the auditor (1) how it is addressing pending accounting changes with the issuer, (2) communications related to management’s readiness or technical ability with the audit committee, and (3) the process to ensure the auditor maintains independence with respect to the issuer’s implementation of the new standard(s).”
- Multinational audits. Inspection selections may include referred work engagements as well as the audit work performed by the principal auditor with respect to the decision to use the work of the other auditor.
- Information technology: Inspections staff are evaluating the processes firms use to analyze data to meet audit objectives. They also are noting whether engagement teams are effectively using the tools and evaluating the results and applying due care, including professional skepticism. Additionally, the PCAOB is looking at audit firms’ assessment of cybersecurity risks related to the risk of material misstatement, whether auditors modified their procedures according to those risks, and related documentation.
- Audit firms’ system of quality control, including root-cause analyses, independence, engagement quality review, and skepticism.
Further details can be found in the PCAOB’s Staff Inspection Brief: Information about 2017 Inspections.