The Public Company Accounting Oversight Board has released Spotlight: Observations From the Target Team’s 2023 Inspections. The Board’s annual inspections program includes a “target team” -- a group of inspectors that conduct reviews across many audit firms with a focus on specific emerging audit risks and other issues. The Spotlight report on the target team’s 2023 work summarizes the team’s observations, including deficiencies the team identified and good practices. For a discussion of the 2022 target team activities, see PCAOB Target Team Zeroed in on First-time Audits, Shared Service Centers, and Climate, January 2024 Update.
In 2023, the target team focused on reviewing audits that included risks in three areas: (1) material crypto asset activities, (2) multi-location audits, and (3) significant or unusual events or transactions. Because of banking sector instability in 2023, the target team also focused on the interim reviews of certain banks. The team’s observations on these interim reviews are described in another Spotlight report, Bank Financial Reporting Audits.
The target team Spotlight report describes inspection results (i.e., any audit deficiencies the team uncovered), observations (matters of interest concerning audit performance that the team noted), and good practices (audit procedures or methodologies the team saw that may contribute to audit quality). Below are some highlights for each target team focus area.
Crypto Assets
Most of the deficiencies the team identified were in audits involving crypto assets. In five audits, performed by three firms, the inspectors found deficiencies related to--
The auditor's response to the risks of material misstatement with respect to crypto asset revenue recognition.
In the ICFR audit, testing the design and operating effectiveness of controls over various aspects of safeguarding crypto assets.
Sufficiency of audit evidence related to information used in testing controls.
Reporting on Form AP of non-U.S. audit participants.
Determination of the independence of engagement team members.
The team’s observations concerning audits involving crypto assets included discussion of--
Possible audit deficiencies in the testing of information technology application controls.
The audit implications of differing company approaches to controls over crypto asset private keys.
Auditor responses to the risk of material misstatement when the audit client used a third-party custodian.
The team also noted that in two of the 77 public company audits it inspected, a critical audit matter was identified with respect to crypto asset transactions. Both of these CAMs related to auditing the existence and rights and obligations assertions over crypto assets “due to the nature and extent of the audit effort required to assess whether the public company controls the private cryptographic keys.”
Good practices in audits involving crypto asset activity included the use of specialists in pricing desk services or crypto assets and staffing the engagement with team members possessing specialized skills related to crypto assets.
Multi-Location Audits
In two of the multi-location audits that the target team reviewed, it identified deficiencies in the accuracy of the Form AP information concerning other audit firms that participated in the audit. The same firm was the principal auditor in both cases.
The team’s observations from its multi-location audit reviews included discussion of--
Modification of audit strategy in response to newly identified risks identified, such as potential impairment charges on Russian assets, de-designation of Russian ruble hedges, suspension of operations in Russia, and establishment of reserves for receivable balances of customers in Russia, Belarus, and Ukraine.
No group auditor site visits at certain locations due to pandemic travel restrictions in China or events in Russia and Ukraine. Instead, the group auditor increased interactions with component teams through remote meetings, video calls, and virtual reviews.
Group auditor visits to Hong Kong as an alternative to visiting mainland China. In this case, the firm's Hong Kong office had full access to the China component team's audit work papers. In another audit, the group auditor used U.S. secondees on rotation in China to review work papers.
Good practices in multi-location audits included an audit firm that required documentation of the results of internal or external inspections of component auditors. Another good multi-location audit practice is a requirement that component auditors include in the final set of audit documentation a clearance memo affirming that the group auditor’s referral instructions were completed via firm-provided practice aids. Such memos were required in all multi-location audits the target team reviewed.
Significant or Unusual Events or Transactions
Examples of significant or unusual events or transactions that the team reviewed included cybersecurity events or data breaches, gains or losses from lawsuits, interruptions to operations from natural disasters, and early retirement or restructuring of debt. The Spotlight describes no deficiencies in audits involving significant or unusual events or transactions.
The target team observed that, in three audits, issues involving legal contingencies, a restructuring event that resulted in the impairment of intangible assets, acquisitions, and cybersecurity events were considered as possible CAMs. The Spotlight does not indicate whether any of these issues resulted in a CAM in the auditor’s report.
Good practices in engagements involving significant or unusual events of transactions were voluntary consultations on novel accounting issues and the use of specialists, such as valuation specialists, in the planning, scoping, and risk assessment procedures related to such events or transactions.
# # #
The Spotlight states that, during 2024, target team inspection activities will focus on the following topics:
Initial audits by a successor auditor.
Risk assessment.
Auditor’s assessment of a public company’s use of artificial intelligence.
Biotech startups.
Audit firms’ usage of shared service centers.
Cash flow statement, segment reporting, and earnings per share.
Audit Committee Takeaways
The target team Spotlight could be useful to an audit committee in understanding what aspects of the company’s audits are likely to attract PCAOB inspection staff attention. In addition, audit committees of companies where any of the 2023 focus areas are an aspect of the audit may want to review those topics in the Spotlight report as preparation for discussing with the auditor how it intends to address these issues in future audits.
Komentarze