The world tends to repeat cycles, and the current attention to deficient audits is reminiscent of the years ushering in the Sarbanes-Oxley Act of 2002. However, this time it is different, as regulators are proactively scrutinizing external auditors and imposing enforcement actions against audit committee chairs.
In a January 25, 2016 speech, Andrew Ceresney, Director of the SEC’s Division of Enforcement, stated: “audit committee members who fail to reasonably carry out their responsibilities, and auditors who unreasonably fail to comply with relevant auditing standards in their audit work, can expect to be in our focus.” Regulators are increasingly holding gatekeepers of the financial reporting process more accountable. According to Mr. Ceresney, the SEC has recently brought cases against three audit committee chairs who either approved public filings they knew were reckless or should have known to be false because of other information available to them. He also mentioned that the SEC settled high-profile cases in recent months against two national audit firms and individual audit partners from those firms pertaining to false and misleading unqualified audit opinions. These are the first cases against national audit firms for audit failures since 2009.
While it is important to understand the regulators’ viewpoints and efforts, the levers for extracting value from the external audit process largely rests with the company. With the audit season concluded for companies with fiscal year-ends synced to the calendar year, now is an ideal time to assess the value of the external audit process. First, let’s visit some recent regulatory developments.
Regulators – What Are The Issues?
In addition to increased SEC enforcement actions, the Public Company Accounting Oversight Board (PCAOB) continues to find relatively high rates of audit deficiencies per their inspections. Earlier this month, the International Forum of Independent Audit Regulators (IFIAR) issued their “Report on 2015 Survey of Inspection Findings“ (Report) from audit regulators’ inspections of the six largest international audit firm networks. The IFIAR comprises independent audit regulators from 50 jurisdictions, including the PCAOB. The Report concluded that 43 percent of inspected audits of listed public interest entities (PIEs) had at least one inspection finding. A PIE is an entity listed on a national securities exchange. This Report uses “finding” and “deficiency” interchangeably. Inspection findings are deficiencies in audit procedures indicating an audit firm did not obtain sufficient appropriate audit evidence to support its opinion. This does not necessarily imply that the audited financial statements were materially misstated.
The Report found the highest number of financial statement audit inspection deficiencies for PIEs in the areas of:
- Internal control testing (23 percent frequency of findings)
- Fair value measurement (18 percent frequency of findings)
- Revenue recognition (15 percent frequency of findings)
- Risk assessment (14 percent frequency of findings)
The Report also found the highest number of firm-wide quality control deficiencies in the areas of:
- Engagement performance (59 percent frequency of findings)
- Independence and ethical requirements (40 percent frequency of findings)
- Human resources (36 percent frequency of findings)
- Monitoring (33 percent frequency of findings)
On the same day the Report was issued, the IFIAR issued a press release entitled “International Audit Regulators Say Pace of Audit Quality Improvement Too Slow; Call for Measurable Improvement By 2019.” This press release states: “IFIAR and the six largest network firms have agreed on a new initiative to improve audit quality globally. The goal is to reduce the number of deficient audits reported by our members in the survey. To provide a means to measure progress, for the first time IFIAR’s working group that engages regularly with the largest global audit firms has set a measurable target for the reduction of audits with findings: a reduction of at least 25 percent in the next four years in audits with at least one finding as reported by the members of this working group.”
Accomplishing this goal will likely not settle the audit quality concern, but at least it is a start. The IFIAR plans to support this objective by encouraging root cause analysis, as well as increased monitoring and dialogue with the six largest international audit firm networks.
A powerful PCAOB staff perspective entitled, “The State of Audit Quality” was given at the AICPA Conference on Current SEC and PCAOB Developments last December by Helen A. Munter, PCAOB Director, Division of Registration and Inspections. Ms. Munter emphasizes that the goal of inspections is not to simply identify deficiencies, but rather “to help auditors improve the quality of their audits and the value that they bring to their clients and to investors.”
While clearly the auditor owns the responsibility of complying with applicable auditing standards, companies have a lot of power toward ensuring that value is derived from the external audit process.
Company Considerations to Extract Audit Value
Here are some ideas toward ensuring a healthy external audit process to maximize value:
- Obtain a high-level understanding of the external audit world. Acquiring a basic knowledge of audit standards and the regulatory audit environment is helpful in understanding the audit perspective. New auditing standards generally draw more attention from regulators in assuring that the new audit procedures are properly applied. For example, PCAOB’s auditing standard number 18 (AS-18) requires more robust audit considerations in three critical areas, including related party relationships and transactions. The increased expectations triggered by AS-18, combined with the PCAOB’s tendency to focus on recently issued standards in their inspections, has audit firms laser-focused on related party transactions. This indirectly can have a significant impact to their audit clients. Refer to “A Focus on Related Party Transactions” for a previous article on this topic. Preparing for sensitive audit areas well before the auditors arrive for fieldwork can greatly reduce stress levels. In addition to acquiring a general knowledge of regulatory interests, ask your auditors to identify the hot buttons they anticipate for the upcoming audit.
- Ask lots of questions. Audit committees need to be comfortable with the auditor’s understanding of risk of material misstatement (RMM) and their audit plan. It is prudent for them to ask plenty of questions to their auditors at audit committee meetings. A red flag should go up if the external auditor simply rolls through their required communications without any discussion. As communicated in PCAOB’s “Audit Committee Dialogue” issued in May 2015, questions to consider include:
- What are the points within the company’s critical systems processes where material misstatements could occur?
- How has the audit plan addressed the RMM at those points?
- What new risks have been identified?
- How have the areas of significant RMM changed since the prior year?
- What is the approach for evaluating the company’s controls over financial reporting for significant unusual transactions or events, such as the acquisition of assets and assumption of liabilities in business combinations, divestitures and major litigation claims?
- What is done to obtain a thorough understanding of the assumptions and methods the company used to develop critical estimates, including fair value measurements?
- Has the engagement team lost key auditors or specialists to other lines of business?
- How are you ensuring that the quality of the audit team will remain high over time?
Audit committees may also want to discuss with their auditors the types of audit deficiencies identified in their PCAOB inspections, as well as how they are addressing them in the their audits.
- Understand how your internal audit function will be leveraged. While there are no requirements for the external auditor to utilize internal audit efforts, standards do require them to consider it. The company, through their audit committee and CFO management team, should be comfortable that internal audit efforts will be considered by the external auditor with a strong appetite to potentially use some of these efforts in support of their opinions. Of course, use of this effort assumes that the external auditor is comfortable with the internal audit function in accordance with external auditing standards.
- Do not treat the audit opinion as a commodity purchase. Not all audit firms and audit teams are the same. Quite the contrary; good and bad audit teams likely exist within all larger and mid-sized firms. Likewise, the size of the audit firm is not always indicative of value. Audit committees need to carefully select and retain firms they feel can best provide value through a robust opinion. In many cases, these audit firms will not be the low-price bidder. The audit firm must be independent, and the audit team must demonstrate plenty of objectivity and professional skepticism.
- Develop an audit improvement plan. Consider what went well and what didn’t during the recent audit cycle. Draft an internal improvement plan, with key conclusions eventually shared with your auditor. The plan should contain audit committee and management objectives and an assessment if they were met. Specific recommendations for improvement should be discussed between the company and the auditor, including actions to mitigate stress points and opportunities to glean more value from the external audit process. A good resource for identifying key elements of a quality audit can be retrieved from the Center for Audit Quality’s “CAQ Approach to Audit Quality Indicators,” published in April 2014.
While the above list is not meant to be exhaustive, it should help trigger ideas to extract more value from the external audit process. Maximizing value rests largely on the company’s shoulders, not the regulators. Don’t let another audit year go by without aligning the external audit process objectives to an action plan to maximize value.
This is an article reprint from the Governance Issues™ Newsletter, Volume 2016, Number 2, published on March 14, 2016.