In 2018, the Public Company Accounting Oversight Board (PCAOB) inspected over 160 audit firms and reviewed portions of roughly 700 public company audits in the United States and abroad. On May 6, the PCAOB published its Staff Preview of 2018 Inspection Observations. Although the publication is aimed at external auditors, it provides important insights for organizations preparing for audits. Protiviti analyzed the findings in our latest Flash Report. Here’s an overview.
Common Audit Deficiencies
The PCAOB noted a general lack of rigor in testing controls and risk assumptions, and a failure to adequately challenge accounting estimates of allowances for loan and lease losses, the effects of business combinations, and the fair value of financial instruments.
Many of these deficiencies were identified in areas covered within the scope of engagement quality reviews (EQRs) but were not noted in those reviews — a sign the board suggests may indicate that auditors relied too heavily on management interviews, or summary memos, rather than independent validation.
Companies should take note of these concerns, as they point to areas in which companies might reasonably expect increased emphasis in their next external audit.
Implementation of New Standards
A significant portion of the 2018 inspections focused on how companies are preparing to adopt new accounting standards, including new rules on revenue recognition, lease accounting, current expected credit losses (CECL), and financial instrument accounting.
The board also discussed with audit firms their preparedness for the 2019 implementation of “critical audit matters” (CAMs). The new standard requires changes to the basic elements of the auditor’s report, including the disclosure of auditor tenure and a statement from auditors addressing their response to any audit matters that were especially complex, or subjective.
Technology
- Cybersecurity risk: The PCAOB noted that in approximately 10% of the inspected audits, the company had experienced a cybersecurity incident during the audit period. In most cases, external auditors considered these incidents in their risk assessments and modified their audit procedures to address potential impacts on controls and data.
- Software audit tools: Although the PCAOB did not observe current widespread use of emerging technologies like artificial intelligence (AI) and robotic process automation (RPA) in its 2018 audit inspections, it did note that audit firms are actively considering such technologies in the development of their future software audit tools. (For further insight on how such emerging technologies are changing the audit landscape, read Protiviti’s recent research reports on the use of artificial intelligence/machine learning and robotic process automation.)
Observations of Good Audit Practices
Lastly, the board identified several good audit practices that would be helpful for reporting companies to know, including:
- Expanding accountability for audit quality beyond the lead engagement partner
- Developing and refining guidance to help auditors identify and assess risks of material misstatement
- Revising auditor training and risk awareness programs
- Providing additional support from experienced personnel not assigned to the audit
- Establishing a network of specialized professionals to address emerging risks, and
- Providing new or enhanced audit tools in areas of significant judgment.
These “good practices” may be a precursor to issuers regarding things their external auditors may incorporate into the audit process.
The PCAOB inspection process continues to evolve, and it is important that issuers not only prepare for the new areas of emphasis, but also continue to focus on areas that the PCAOB emphasized in Staff Inspection Briefs of prior years, including auditor independence, information produced by entity (IPE), non-financial assets, accounting for loan and lease losses and receivables.
The full Staff Preview of 2018 Inspection Observations can be found here.