A Glance Inside the PCAOB’s Inspection Process
The PCAOB inspection process continues to evolve, and it is important that issuers not only prepare for the new areas of emphasis but also continue to focus on areas that the PCAOB emphasized in Staff Inspection Briefs in prior years. Here are the particular areas that PCAOB has marked for scrutiny that public companies should focus on this year.
On August 30, the Public Company Accounting Oversight Board (PCAOB) published a Staff Inspection Brief that offers guidance into the plan, scope and objectives of its 2017 inspections of registered auditors and their audits of issuers.
This is the third year that the PCAOB has provided auditors a roadmap into its inspection process, and as in past years, the organization’s 2017 Staff Inspection Brief is intended to help investors, auditors and others understand the areas of significant audit risks targeted by PCAOB inspectors and to encourage auditors to improve audit quality. The report provides insight not only into areas that are of interest to auditing firms but also areas that will affect how preparers and issuers track, process and report financial information. Therefore, it is important for public companies to familiarize themselves with the report and prepare accordingly.
Some of the notable areas of focus and takeaways from the PCAOB’s August 2017 Inspection Brief follow. The PCAOB’s full Staff Inspection Brief can be found here.
Inspection Focus Areas
While the PCAOB’s Inspection Briefs generally provide valuable information on several different issues, this year, public companies should focus their attention on three particular areas that the PCAOB has marked for scrutiny – new accounting standards, information technology and financial reporting.
New Accounting Standards
The PCAOB’s inspections will evaluate changes firms may have made in the processes and/or the procedures that firms plan to undertake in light of new accounting standards issued by the Financial Accounting Standards Board (FASB) related to revenue recognition and lease accounting. For certain issuer audits, inspectors will discuss with auditors how they are addressing the pending accounting changes with issuers and other matters related to audits.
The FASB introduced the new revenue recognition standard in May 2014 but later deferred its effective date by a year- to years beginning after December 15, 2017, for public companies, and to years beginning after December 15, 2018, for non-public organizations (effectively January 1, 2017 and 2018, or the first day of the fiscal year for non-calendar-year public and private companies, respectively). The new standard establishes a core principle that calls for companies to recognize revenue in a manner that depicts the transfer of promised goods or services to customers in an amount that reflects the consideration to which the company expected to be entitled in exchange for those goods or services. It also includes a five-step process to achieve the core principle, and companies can choose from two alternatives to transition to the new standard.
Similarly, the FASB’s new standard for accounting for leases goes into effect for years beginning after December 15, 2018, for public companies and one year later for private firms. This new standard will require lessees to recognize a lease liability and a right-of-use-asset for all but short-term leases (less than one year) as of the date on which the lessor makes the asset available to the lessee. It amounts to a significant change in accounting for leases by lessees, and companies need to ensure the leased inventory is reliable throughout the enterprise, evaluate the supporting systems and data, look for embedded leases and consider other implications.
PCAOB inspectors will review the use of software audit tools by auditors, as well as audit procedures performed to assess and address the risks of material misstatement to financial statements that are posed by weak cybersecurity. Given the increasing occurrences of cybercrime, it’s not surprising that the PCAOB is placing emphasis on this area.
Likewise, companies are beginning to recognize the crucial role of the IT audit function. According to the most recent IT audit benchmarking study conducted by Protiviti in partnership with ISACA, boards and executives ranked cybersecurity as the top technology challenge for the first time in the six years that they have conducted the survey. What’s more, the survey results revealed that a growing number of executives and IT audit leaders are taking greater interest and a more active leadership role in the IT audit function. (For additional information, visit here. Among other issues, companies may want to consider how thoroughly their current audit plan assesses cybersecurity risk, whether the internal audit team has the right skills to evaluate IT risks and related controls, and the extent to which leadership grasps cyber threats.
Financial Reporting Areas
PCAOB inspectors also will focus on areas that may involve significant judgment, estimates and subjectivity from management and/or auditors, such as the auditor’s consideration of the entity’s ability to continue as a going concern and income tax disclosures. Some of the more prevalent issues in regard to estimation processes include those identified in prior years:
- Evaluating impairment analyses for goodwill and other long-lived assets
- Valuations of assets and liabilities acquired in business combinations
- Valuation of illiquid equity securities and debt instruments
Audit procedures related to the above and other accounting estimates, including other fair value measurements used in financial reporting, continue to be a focus of the PCAOB this year due to the increased risk of material misstatement that the estimates may pose to the financial statements. Preparers should ensure robust processes and controls over how estimates were developed, including management’s validity of data used in the estimation and evaluation of management’s assumptions, inputs and methodologies that are significant to the estimate.
While financial reporting is an area of significant relevance to public companies, organizations preparing for an initial public offering should familiarize themselves with the issues.
PCAOB Inspections staff will also be looking at other areas of potential audit risk. These include:
Recurring audit deficiencies – These typically are areas that experience the most frequent and recurring deficiencies, including procedures related to the audit of internal control over financial reporting, assessing and responding to risks of material misstatement and audit accounting estimates.
Economic factors – Economic conditions that may affect audits include Brexit and its influence on Europe’s financial markets, the high rate of M&A activity and fluctuations in oil and gas prices.
New Form PA reporting requirements – These relate to the implementation of new PCAOB audit rules and related amendments designed to give investors and financial statement users information about partners and accounting firms that participate in an issuer’s audit.
Multinational audits – These relate to work performed by other firms at the request of the principal auditor, as well as the principal auditor’s reliance on the work of other auditors. Of note, there has been a fair amount of PCAOB enforcement action against the member firms of several of the annually inspected audit firms.
Firm’s system of quality control – This includes policies and procedures to identify root causes of audit deficiencies and positive quality events, monitor and maintain independence, perform engagement quality reviews and apply professional skepticism throughout the audit.
Inspection Selection Process
The 2017 inspections cover 2016 audits, with inspectors generally focused on audit work of the most challenging areas, including financial statement accounts and disclosures that require a higher degree of management judgment. Where relevant, audit work related to internal control over financial reporting is also being selected for review. The PCAOB’s focus has primarily been on high-risk clients and financial statement areas, thus it is not necessarily representative of the overall work of the audit firms. This year, the PCAOB plans to review roughly 195 firms, including 11 in the United States that conducted audit reports for more than 100 issuers, as well as 55 non-U.S. firms in 26 jurisdictions.
The PCAOB inspection process continues to evolve, and it is important that issuers not only prepare for the new areas of emphasis, but also continue to focus on areas that the PCAOB emphasized in Staff Inspection Briefs in prior years, including but not limited to auditor independence, information produced by entity (IPE), non-financial assets, allowance for loan losses and receivables.