2023 PCAOB Inspections Will Prioritize Fraud, Financial Services, and Crypto
The PCAOB’s inspection staff has released Spotlight: Staff Priorities for 2023 Inspections (Spotlight), its annual preview of the current inspection cycle. For audit committees, Spotlight provides insight into whether the company’s audit might be selected for inspection and into the aspects of the audit that inspectors are likely to review if it is selected. The Spotlight also highlights accounting and auditing challenges to which the committee may want to direct its attention. (For last year’s inspections outlook, see 2022 PCAOB Inspections Preview, June-July 2022 Update.)
The 2023 PCAOB inspections will primarily review fiscal year 2022 audits. The Board’s 2023 inspection plan will consider overall business risks that existed in 2022, including supply chain disruptions; volatility in financial and commodity markets due to such things as inflation, interest rates, and currency fluctuations; deal cancellations and redemptions related to special purpose acquisition companies (SPACs); mergers and acquisitions (M&A) activities, including de-SPAC transactions; and the impact of the remote/hybrid
work environment. In the 2023 inspections, the staff will select some audits for inspection based on risk and some randomly. Approximately 90 percent of the audits selected for review will be subject to a “traditional review” which typically looks at two or three financial statement focus areas. The remaining 10 percent will be subject to “tailored review procedures” which generally focus on only one audit aspect.
The Spotlight discusses ten audit areas or audit types that the PCAOB staff will emphasize in 2023 inspections:
Risk of fraud. Inspections will look at “how the auditors identified and assessed risks of material misstatements due to fraud when planning and performing the audit.”
Auditing and accounting risks. Inspections will focus on financial statement areas that are “material in amount, are complex in nature, require significant judgment, and/or may be particularly susceptible to changes in economic conditions, for both financial reporting and internal controls.” See Financial Reporting and Audit Risks below.
Risk assessment and internal controls. Inspectors will “evaluate the auditor’s procedures to (1) design and implement overall responses that address risks of material misstatement, (2) understand, identify, and test relevant controls, and (3) modify the audit approach based on identified control deficiencies.”
Financial services specific considerations. The inspections staff will select audits of financial services companies that are potentially impacted by risks arising from interest rates, inflation, and uncertainty and volatility in the digital assets markets. “For example, ongoing changes in interest rates can have a material effect on a company’s liquidity position, future income and expenses, valuation of investments in securities, ability to meet margin requirements, ability to meet long-term debt obligations, and ability to continue as a going concern.”
Broker-dealer specific considerations. In inspections of audits of securities broker-dealers, the staff will consider how the auditor addressed the risk of fraud, including the misappropriation of customer assets, and will “place an emphasis on the audit firm’s procedures relating to revenue identified as having a significant risk, internal controls over compliance with the customer protection rules, and review procedures where broker-dealers have filed an exemption report with respect to such rules.”
Digital assets. The inspections staff will focus on audits of public companies and broker-dealers with material digital assets because digital asset activity “presents unique risks, including potential fraud risks due to volatility and lack of regulation.”
M&A, including de-SPAC transactions. For M&A transactions (including de-SPACs), inspectors will evaluate the auditor’s work on “(1) valuation and accounting of financial instruments using complex valuation models, (2) business combinations including reverse mergers, (3) internal control over financial reporting, (4) financial statement presentation and disclosure, (5) significant equity or debt restructuring, and (6) the entity’s ability to continue as a going concern.”
Use of the work of other auditors. Issues that will be reviewed in inspections of audits in which the lead auditor used the work of other auditors include “(1) how other auditors were used (including, but not limited to, those in Russia, Belarus, and Ukraine), (2) how lead auditors may have modified their audit approach [e.g., in light of a remote work environment, or geopolitical instability], (3) whether the use of other auditors in multi-location audits was modified due to restrictions on travel, and (4) the lead auditor’s supervision of the activities of other auditors.”
Quality control. Inspections will assess the audit firm’s quality control procedures, including compliance with PCAOB quality control standards and will “place emphasis on the audit firm’s hiring challenges (which were affected by the “great resignation”) and independence, which is a recurring deficiency.”
Other areas of inspection. Three other areas that inspectors will address in 2023 are critical audit matters (CAMs), cybersecurity, and use of data and technology in the audit. As to cybersecurity, the staff states: “For audits selected for review where a cyber incident has been identified, we will review the audit firm’s response, including whether the auditor assessed the likelihood and magnitude of potential misstatement and how it may have modified its audit approach. In addition, we will review any new or modified firm policies and procedures supporting the audit firm’s own cybersecurity program.”
Financial Reporting and Audit Risks
As to audit areas that present heightened risk, the Spotlight lists nine factors that may increase the risk of inaccurate, incomplete, or untimely financial information and may therefore require changes to the audit procedures:
Unreasonable assumptions and models used to value complex financial instruments and accounting estimates (e.g., derivatives).
Increased volatility in financial and commodity markets due to fluctuations in interest rates and inflationary trends.
Unreasonable assumptions in future financial projections used to account for estimates in business combinations; asset impairment; impairment of goodwill and intangible assets; loss contingencies and valuation allowances; and revenue.
Unreasonable assumptions affecting the timing and amount of revenue recognition due to supply chain disruptions, negative effects of COVID-19, and geopolitical conflicts.
Complexities regarding existence and valuation of inventory due to challenges with inventory build-up and obsolescence.
Challenges with accounting for foreign currency and the effects of foreign currency transaction and translation adjustments on the financial statements, including the statement of cash flows, due to the rising value of the U.S. dollar at public companies with significant foreign operations.
Financial, economic, and business uncertainties that impact the auditor’s evaluation of the public company’s ability to continue as a going concern, such as the public company’s inability to access funds through borrowings due to violation of debt covenants or deal cancellations.
Economic conditions that could adversely affect a public company’s ability to meet certain criteria and/or assumptions, such as whether a public company has the ability and intent to not sell investment securities it has designated as “held-to-maturity.”
Complexities in the public company’s activities that may impact disclosures regarding (1) contingent liabilities, (2) changes in classification of financial instruments between level 2 and level 3, (3) concentrations of credit risk, and (4) related party transactions that may result in omitted, incomplete, or inaccurate disclosures.
PCAOB inspections include the use of “target teams” which review specific issues across many audit firms. During 2023, the target team will focus on public company audits that include risks related to digital assets, first year audits, multi-location audits, and significant or unusual events or transactions.
Comment: The Spotlight provides audit committees with insight into why a company’s engagement may be selected for review this year and why, if selected, the inspectors may concentrate on some aspects of the audit and ignore others. In addition, the Spotlight may be helpful to the audit committee in understanding their auditor’s work plan since areas of PCAOB inspection emphasis this year may also be scrutinized in subsequent inspections. Finally, since the Spotlight reflects the PCAOB’s assessment of enhanced audit and financial reporting risks, it may also aid committees in their oversight of the company’s financial reporting by providing a catalog of accounting and reporting issues that are challenging in the current environment.