Is your auditor and audit committee prepared for areas that will be the focus of PCAOB inspections?
On April 17, 2023, the PCAOB (the Board) issued Spotlight: Staff Priorities for 2023 Inspections outlining their priorities for 2023 inspections. The 2023 inspection plan primarily covers the review of 2022 fiscal year-end audits and focuses on various financial reporting and audit risks, particularly those resulting from new or emerging business risks influenced by both internal and known external factors that were present during 2022, such as volatility in financial and commodity markets due to inflation, interest rates, and currency fluctuations; disruptions in supply chains; ongoing impact of the remote/hybrid work environment and other risk factors.
The Board reviews a large number of filings in their inspection process and the spotlight highlights their approach to selecting which audits to inspect and reflects key areas of financial statement reporting that companies and their auditors should consider when performing their audits.
Risk of Fraud
Inspectors will focus on fraud-related audit procedures performed in accordance with AS 2110,Identifying and Assessing Risks of Material Misstatement, AS 2401, Consideration of Fraud in a Financial Statement Audit, and AS 2405, Illegal Acts by Clients. They will look at how the auditors identified and assessed risks of material misstatements due to fraud and related controls when planning and performing the audit.
Auditing and Accounting Risks
Inspectors will examine procedures performed by the auditor to identify, assess, and respond to audit and accounting risks, including those related to financial reporting and disclosures.
Risk Assessment and Internal Controls
Inspectors will evaluate the auditor’s procedures to: (1) design and implement overall responses that address risks of material misstatement, (2) understand, identify, and test relevant controls, and (3) modify the audit approach based on identified control deficiencies. They will consider the auditor’s response to uncertainties in the economic and geopolitical environment that may cause modifications to the public company’s or broker-dealer’s operating structure and business processes that may affect its flow of transactions, financial reporting processes, and the timing and operation of related controls, including information technology and review controls.
Financial Services Specific Consideration
Interest rates, inflation, as well as uncertainty and volatility in the digital assets markets, have resulted in increased risks to the financial services sector and require significant management and auditor consideration. Inspectors plan to review public companies in the financial services sector and place emphasis on audit areas that are more prone to such risks – e.g., a company’s liquidity position, future income and expenses, valuation of investments, and going concern.
Broker-dealer Specific Considerations
Inspectors will continue to understand how the auditor addressed the risk of fraud and place emphasis on the audit firm’s procedures relating to revenue identified as having a significant risk, internal controls over compliance with the customer protection rules, and review procedures where broker-dealers have filed an exemption report with respect to such rules.
Digital Assets
The PCAOB will continue to select 2022 fiscal year-end audits of identified public companies and broker-dealers with material digital assets since activity is continuing to increase and has significantly higher fraud risk due to volatility and lack of regulation. Inspectors will complete review procedures on selected audits of identified public companies with material digital assets and consider the audit firm’s policies and procedures, including training, consultations, and the development of audit tools and techniques specific to digital assets.
Merger and Acquisition (M&A) Activities (including De-SPAC transactions)
For M&A transactions (including de-SPACs), inspectors will evaluate the auditor’s work on the following: (1) valuation and accounting of financial instruments using complex valuation models, (2) business combinations including reverse mergers, (3) internal control over financial reporting, (4) financial statement presentation and disclosure, (5) significant equity or debt restructuring, and (6) the entity’s ability to continue as a going concern. For more information on this area, the PCAOB released Spotlight: Inspection Observations – Audits of Special Purpose Acquisition Companies and De-SPAC Transactions.
Use of the Work of Other Auditors
Inspectors will place emphasis on various challenges when using the work of other auditors to better understand: (1) how other auditors were used (including, but not limited to, those in Russia, Belarus, and Ukraine), (2) how lead auditors may have modified their audit approach, (3) whether the use of other auditors in multi-location audits was modified due to restrictions on travel, and (4) the lead auditor’s supervision of the activities of other auditors.
Quality Control
Inspectors will continue to perform quality control (QC) procedures, including assessing firm compliance with existing PCAOB QC standards, primarily through inquiry, review of public company and broker-dealer audits, and inspection of certain audit firm documentation. There will be emphasis on the following areas:
Other Areas of Inspection
Additionally, the staff continues to deploy a “target team” of inspectors to gather information. The target team was established in 2019 to execute in-depth reviews across audit firms gathering information that extends beyond traditional inspection procedures. This year’s target team focus will include risks related to digital assets, first year audits, multi-location audits, and significant or unusual events or transactions. Additionally, as a part of ongoing efforts to enhance inspections, the report notes that the number of audits reviewed will increase.
Reminders for Audit Committees
The role and responsibilities of the audit committee are constantly evolving due to various external factors and regulatory requirements. The audit committee’s priorities should take into consideration the inspection areas that the PCOAB has identified. In addition, the PCAOB reminds audit committee members of the importance of audit execution, auditor independence, and the audit firm’s quality control system in driving audit quality for the protection of investors.
Audit committees need to be confident in their expectations that their auditors will hold audit quality to the highest standard of performance. Audit quality has been a top priority for the Board over the past several years – especially, with the November 2022 proposal of QC 1000, A Firm’s System of Quality Control. While comments received in response to this proposed standard are currently under review, firms are actively preparing for this standard to go into effect.
Reminders for Auditors
Step one in any audit is ensuring that the auditor comprehends the public company or broker-dealer’s business and environment. It is essential to understand the events, conditions, and activities that might impact the risks of material misstatement and especially, material misstatement due to fraudulent activities. The potential for fraud should be at the forefront of decision making. These risks can drastically impact the audit work performed and the auditor’s duty to ensure that evidence is appropriate and sufficient.
With the current economic and geopolitical environment being so volatile, economic implications for inadequate financial reporting and noncompliance with laws and regulations need to be considered.
Digital transformation is a necessity and unavoidable. Auditors need to prepare for the risks that come with technological advancement and increasing frequency of cybersecurity attacks. Breaches may require modification to the planned audit approach and therefore, make designing and performing audit procedures to address cybersecurity risk an evolving area of focus for auditors and regulators.
As always, audit teams need to keep top of mind the importance of exercising due professional care as well as professional skepticism. It’s important to embrace a framework, as auditors define matters, specify objectives, identify possibilities, gather and analyze information, reach conclusions and reflect upon their judgment process. It’s the auditors’ responsibility to perform the iterative actions of coaching, consulting, avoiding traps and biases, documenting, and communicating. If the auditor combines this process with their technical and industry-specific knowledge, they should have the tools necessary to safeguard against evolving risks, implement adequate procedures, and make high-quality judgments. At the end of the day, it’s all about risk mitigation.
We encourage audit committees and management to review the PCAOB’s guidance and engage one another as well as the auditor in dialogue about the specific facts and circumstances relevant to the organization’s business that may impact the execution of the audit and overall quality of the audit and resulting financial statements.