In October 2020, the PCAOB issued a Spotlight: Staff Update and Preview of 2019 Inspection Observations to share its observations from its 2019 inspections of public company audits along with summarizing how the PCAOB continues to transform the inspection process, including its use of targeted inspections for certain areas. Additionally, the Spotlight features both observations of “good practices” and recurring deficiencies to be mindful of external audit firms conducting 2020 audits. Finally, the PCAOB provides insight and reminders into how changing audit technologies and audit tools, along with responding to increasing cyber risks, should be taken into account as part of current cycle audit procedures and Internal Controls Over Financial Reporting (ICFR) assessments.
This alert is focused on deficiencies identified by PCAOB on the financial statement audits and ICFR assessments completed by audit firms. For a complete PCAOB spotlight, refer to this alert.
The PCAOB continues to note similar deficiencies where potential areas of improvement for all firms remain:
- Revenue – deficiencies related to design and performance of audit procedures addressing the assessed risk of material misstatement – e.g., auditors did not:
- consider other relevant factors along with the contract in validating performance obligations or allocating prices
- evaluate whether the issuer had an enforceable right to payment prior to recognizing revenue
- perform any procedures to test the issuer’s evaluation about whether products created and sold to a specified customer had an alternative use
- Independence – include financial relationship requirements under SEC Regulation S-X Rule 2-01 and PCAOB Rules 3524 and 3526
- Accounting Estimates – particularly around evaluation and testing of reasonableness of (1) qualitative factors in auditing Allowance for Loan Losses (ALL) and (2) projections used in later years of a forecasted period for a business combination as well as testing the accuracy and/or completeness of the issuer’s data used to develop estimates
- Internal Control Over Financial Reporting (ICFR) – Common deficiencies noted across firms continue to include:
- Insufficient evaluation of whether tested controls with a review element operated at a level of precision that would prevent or detect material misstatements
- Lack of identification and testing of controls that sufficiently addressed risks of material misstatement related to relevant assertions of certain significant accounts (e.g., testing only one stream of multiple revenue streams)
- Lack of identification and testing controls over accuracy and completeness of system-generated reports used in the operation of management review controls (MRCs)
Additionally, the PCAOB reviewed how the auditors responded to the following areas:
- Use of distributed ledgers – Certain of the annual inspected firms have provided training to staff and implemented consultation processes for clients that are using distributed ledger technology, receive consideration in the form of digital assets, or hold investments in digital assets; while some triennially inspected firms were noted as deficient for not performing procedures to evaluate the relevance and reliability of audit evidence over the existence and valuation of digital assets, more specifically crypto assets, recorded at year-end – e.g., reliance on third-party reports without adequate testing.
- Cybersecurity – The PCAOB is focused on instances of cybersecurity incidents experienced during the audit period and how the auditor considers such incidents in the auditor’s risk assessment process and their response to identified risks of material misstatement. Specifically, the PCAOB noted that while the auditor may have evaluated the severity and impact of the cyber incident, there was no consideration of whether the auditor’s identification or assessment of RMMs were affected that may have required modifications to the nature, timing, and extent of audit procedures or impact on ICFR.
We encourage audit committees and management to review the guidance referenced in this alert alongside the PCAOB’s Spotlight for ICFR focus areas and cybersecurity. At Centri, we are here to assist you with your ICFR needs, from addressing PCAOB focus areas to helping your company meet the growing external audit demands of ICFR and cybersecurity governance.
About Centri Business Consulting, LLC
Centri Business Consulting provides the highest quality advisory consulting services to its clients by being reliable and responsive to their needs. Centri provides companies with the expertise they need to meet their reporting demands. Centri specializes in financial reporting, internal controls, technical accounting research, valuation, and CFO and HR advisory services for companies of various sizes and industries. From complex technical accounting transactions to monthly financial reporting, our professionals can offer any organization the specialized expertise and multilayered skillsets to ensure the project is completed timely and accurately.
For more information, please visit www.CentriConsulting.com
Two Penn Center
1628 JFK Boulevard, Suite 500
Philadelphia, PA 19103
New York Office
530 Seventh Avenue
New York, NY 10018
8310 South Valley Highway
Englewood, CO 80112