On February 3, the Public Company Accounting Oversight Board released previously nonpublic portions of the 2021 inspection reports of Deloitte & Touche and Grant Thornton. Board criticisms of a firm’s quality control system appear in Part II of a firm’s inspection report, and, under the Sarbanes-Oxley Act, Part II is nonpublic when the report is issued. If the firm does not, in the PCAOB’s view, satisfactorily address a quality control criticism within 12 months, the Board makes the criticism public. For both Deloitte and Grant Thornton, the quality control deficiencies that the Board found in its 2021 inspection are identical to deficiencies that the Board found in its 2020, 2019, and 2018 inspections and has previously made public.
The now-public quality control criticism in Deloitte’s 2021 inspection report is that Deloitte’s system of quality control did not provide reasonable assurance that Deloitte personnel will comply with the firm’s policies and procedures concerning independence-related regulatory requirements.
Deloitte conducts periodic audits of a sample of its personnel to monitor compliance with firm independence policies. In the reviews Deloitte conducted during the 12 months ending December 31, 2020, the firm found that 20 percent of partners and principals and 33 percent of managing directors and managers who were audited had not reported financial relationships that were required to be reported under the firm’s policies. The inspection report states: “This high rate of non-compliance with the firm’s policies, which are designed to provide compliance with applicable independence regulatory requirements, provides cause for concern, especially considering that these individuals are required to certify on a semi-annual basis that they have complied with the firm’s independence policies and procedures.”
The date of Deloitte’s 2021 inspection report is November 4, 2022. Therefore, the PCAOB’s disclosure of this portion of the 2021 report indicates that Deloitte failed to persuade the PCAOB that, as of November 4, 2023, it had satisfactorily remediated the deficiency related to compliance with the firm’s financial relationship reporting policies.
2021 is the fourth year for which the PCAOB has found that Deloitte failed to remedy this deficiency. On July 23, 2024, the Board made public the same finding in Part II of Deloitte’s 2020 inspection report. See PCAOB Discloses a Criticism of Deloitte’s Internal Independence Reporting – Again, August 2024 Update. The Board also released this finding in Part II of Deloitte’s 2019 inspection report. And, on January 24, 2023, the Board disclosed the same finding in Part II of Deloitte’s 2018 inspection report. See PCAOB Makes Public a 2018 Criticism of D&T’s Quality Control, February-March 2023 Update. These quality control lapses relate to Deloitte’s internal procedures, and there is no indication that they resulted in violations of the SEC’s or PCAOB’s independence rules.
During the past year, the Board has made public substantially the same quality control deficiency concerning each of the other three largest firms. See PCAOB Discloses Three 2019 Criticisms of EY’s Quality Control, July 2024 Update; PCAOB Discloses Non-Public Portions of 2018 and 2019 KPMG Inspection Reports, April 2024 Update; and 2019 Inspection PricewaterhouseCoopers LLP (portion of Part II made public on July 13, 2023).
The PCAOB made public three quality control criticisms in Grant’s 2021 inspection report:
Testing Controls. Grant’s system of quality control does not provide reasonable assurance that the work performed by the firm’s personnel to test controls will meet the requirements of the Board’s auditing standards. In five audits, the inspectors concluded that Grant “did not identify and test controls, or test aspects of certain controls, that sufficiently addressed the risks of material misstatement related to relevant assertions of certain significant accounts.” In addition, the inspection team “identified instances in which the firm did not identify and test, or sufficiently test, controls over the accuracy and completeness of data or reports used in the operation of controls.”
Reliance on Data or Reports. The firm’s system of quality control does not provide reasonable assurance that the work performed by the firm’s personnel to establish a basis for reliance on company-prepared data or reports will meet the requirements of the PCAOB’s standards. The inspection team identified five audits with deficiencies related to unwarranted reliance on data or reports. In three of these audits, “the firm did not identify and test controls over the accuracy and/or completeness of certain data or reports that the issuer used in the operation of controls that the firm tested.” In four audits, “the firm did not perform procedures, or sufficient procedures, to test the accuracy and/or completeness of certain data or reports that it used in its substantive testing, or in the alternative, test controls over those data or reports.”
Supervision of the Audit. Grant’s system of quality control does not provide reasonable assurance that supervisory activities, including engagement partner reviews of audit work, will meet the requirements of the Board’s auditing standards. This finding is based on the inspection team’s identification of deficiencies in seven audits that the engagement partner should have identified and appropriately addressed. In four of these audits, the engagement team identified a significant risk, including in some cases a fraud risk, in an area in which the inspection found a deficiency.
The date of Grant’s 2021 inspection report is November 4, 2022. Therefore, the release of these portions of the report indicates that Grant failed to persuade the PCAOB that, as of November 4, 2023, it had satisfactorily remediated these three quality control deficiencies.
On October 24, 2024, the Board made public the same findings in Part II of Grant’s 2020 inspection report. See PCAOB Releases 2020 Criticisms of Grant’s Quality Control, November 2024 Update. Grant’s 2019 inspection report also included these deficiencies and was made public. Similar deficiencies also appeared in Grant’s 2018 inspection report.
***
Audit committees of Deloitte and Grant clients may want to discuss with their engagement partner how the firm is addressing these matters and the changes it has made since the PCAOB’s determination that the deficiencies were not remediated. Because Grant’s deficiencies relate to the conduct of audits, audit committees of Grant clients may also want to inquire whether the deficiencies might have affected their company’s audit.
Comments