The PCAOB has issued Spotlight: Staff Update and Preview of 2021 Inspection Observations (Preview Report), a staff summary of the Board’s 2021 inspections. These “aggregate observations” on the results of the 141 audit firm inspections (encompassing 690 public company audits) performed during the 2021 inspection cycle are a preview of the 2021 inspection reports, many of which have not yet been publicly released. The Preview Report is intended for investors, auditors, and financial reporting stakeholders generally, and, in the staff’s view, “audit committees may also benefit from the use of this publication as a reference point when speaking with and evaluating their auditors.”
In contrast to last year (see PCAOB Staff Summary of 2020 Inspections: Fewer Findings, But Still Room for Improvement, September-October 2021 Update), the results of the 2021 inspections suggest that deficiencies are increasing:
The staff expects that approximately 33 percent of inspected engagements will have one or more deficiencies that will be discussed in Part I.A of the individual audit firm’s inspection report, up from 29 percent in 2020. (Part I.A of an inspection report discusses deficiencies that were of such significance that, in the PCAOB’s view, the audit firm did not obtain sufficient appropriate audit evidence to support its opinion on the financial statements and/or internal control over financial reporting.) PCAOB Chair Erica Williams described this increase in Part I.A deficiencies as “a warning signal that the audit profession needs to sharpen its focus on improving audit quality and protecting investors.”
Part I.B deficiencies also increased in 2021. The staff expects that approximately 40 percent of the 691 audits reviewed will have one or more deficiencies discussed in Part I.B of the inspected firm’s inspection report, up from 26 percent in 2020. (Part I.B describes instances of noncompliance with PCAOB standards or rules that do not relate directly to the sufficiency or appropriate-ness of evidence the audit firm obtained to support its opinions.) A significant portion of the increase in Part I.B deficiencies was driven by an increase in deficiencies related to critical audit matters (CAMs), particularly among triennially inspected audit firms (those with fewer than 100 public company audit clients). Most of these CAMs-related deficiencies involved failures to include in the work papers every matter that should have been analyzed as a potential CAM and do not necessarily mean that additional CAMs should have been communicated in the auditor’s report.
Many inspection reports will include both Part I.A and Part I.B deficiencies. More than half --approximately 55 percent -- of the audits the PCAOB reviewed in 2021 will have one or more Part I.A and/or Part I.B deficiencies, up from 44 percent in 2020.
2021 Inspections Objectives and Approach
The PCAOB’s 2021 inspections -- all of which were conducted remotely -- had two main objectives, responding to the financial reporting and audit risks arising from the COVID-19 pandemic and increasing the overall unpredictability of inspections by including a higher percentage of random selections and non-traditional focus areas. As to the later objective, 39 percent of annual firm engagement selections were random, up from 23 percent in 2020. Nontraditional focus areas included cash and cash equivalents, deposit liabilities, debts, accruals, and foreign currency translations.
The 2021 inspections made use of a target team – inspectors who reviewed emerging audit risks and topics across inspected firms. The 2021 target team’s focus included audit firms’ procedures concerning fraud, cash and cash equivalents, special purpose acquisition companies (SPACs) and de-SPAC transactions, and financial reporting and audit risks arising from the pandemic. See PCAOB Reports 2021 Target Team Observations, September-October 2022 Update.
The 2021 inspections continued to identify the same audit deficiencies that have been common for many years. The report states that that staff expects “audit firm leadership to address the recurring nature of these deficiencies” and threatens that “recurring deficiencies may warrant action, such as * * * referring firms to the Division of Enforcement and Investigations for potential investigation or disciplinary action for failing to comply with PCAOB standards.” These recurring deficiencies include:
Deficiencies in auditing ICFR. The top ICFR audit deficiencies in 2019 to 2021 inspections comment forms were: Testing controls with a review element (35 percent of total 2021 ICFR audit deficiencies), identifying and selecting controls to test (22 percent of total 2021 ICFR audit deficiencies), and testing controls, other than review controls (15 percent of total 2021 ICFR audit deficiencies).
Deficiencies in financial statement audits. The top financial statement audit areas with deficiencies in 2019 to 2021 inspections comment forms were revenue and related accounts, (35 percent of total 2021financial statement audit deficiencies), inventory (9 percent of total 2021 financial statement audit deficiencies), and expected credit losses (9 percent of total 2021 financial statement audit deficiencies).
Deficiencies that did not directly affect audit evidence. The areas with deficiencies related to compliance with other PCAOB standards and rules (i.e., Part I.B deficiencies) in 2019 to 2021 inspections comment forms were CAMs (31 percent of total 2021 Part I.B deficiencies), audit committee communications (26 percent of total 2021 Part I.B deficiencies), and Form AP (12 percent of total 2021 Part I.B deficiencies).
Common Deficiencies in 2021 Inspections
The Preview Report discusses in detail common deficiencies in 2021 inspection reports. Examples of these include:
Insufficient evaluation of whether controls with a review element selected for testing operated at a level of precision sufficient to prevent or detect material misstatements. In these instances, the auditors did not evaluate the review procedures that control owners performed, including the procedures to identify items for follow-up and the procedures to determine whether those items were appropriately addressed.
Deficiencies related to the design and performance of audit procedures to identify and address assessed risks of material misstatement related to revenue. Revenue-related deficiencies included failure to evaluate sufficiently whether contractual performance obligations were satisfied and failure to evaluate the allocation of the transaction price to performance obligations.
Deficiencies related to the use of such technology-based tools. These deficiencies included the failure, when testing revenue transactions, to sufficiently evaluate the implications of exceptions identified by a technology tool.
Deficiencies in auditing estimates. For example, in some instances auditors failed to evaluate the reasonableness of significant assumptions used in a financial statement forecast to determine the fair value of acquired assets.
Failure to identify and/or test any controls over, the accuracy and completeness of company-produced data or reports used in the auditors’ substantive procedures. The failure to test controls over information provided to the auditor by the client affected such matters as testing the cost of inventory or evaluating the reasonableness of inventory reserves when the auditor used the entity-provided information as part of its audit procedures.
Incomplete CAM discussions. In some instances, auditors, when communicating a CAM in their report, did not accurately describe how the CAM was addressed in the audit or the principal considerations that led the auditor to determine that the matter was a CAM.
The Preview Report also identifies deficiencies in auditor communications with the audit committee. Common audit committee communications deficiencies include:
Auditors did not communicate to the audit committee the names, locations, and planned responsibilities of other accounting firms or other engagement team members, including the use of shared service organizations.
Auditors did not inform the audit committee of critical accounting policies and practices used by the public company, including the reasons why certain policies and practices were considered critical.
Auditors did not provide the audit committee with a copy of the management representation letter or of another material written communication between management and the auditor.
Quality control systems
The 2021 inspections included procedures to update the staff’s understanding of the design and operating effectiveness of the inspected firm’s quality control system. The Preview Report describes quality control deficiencies found as a result of these procedures, including:
Independence. For a number of triennially inspected audit firms, including many non-U.S. firms, the inspectors identified instances where audit committee pre-approval was not obtained for certain audit-related services, non-audit services, or tax services. Additionally, some audit firms had a high rate of non-compliance by audit firm personnel with respect to reporting their financial relationships into firm monitoring systems.
Supervision of audits and engagement quality review. The 2021 inspections identified audit deficiencies in areas that the engagement partner should have identified and appropriately addressed, e.g., engagement partner failures to address significant risks identified by the engagement team. Inspectors also found deficiencies related to the engagement quality reviewer’s evaluation of the engagement, such as audit documentation that was insufficient to support the review or the failure to obtain a reviewer’s approval before issuing the audit report.
Internal monitoring. In some instances, the inspection staff identified audit deficiencies that were not identified through the firm’s internal inspection of the same audit area of the same engagement. In other cases, firms failed to perform internal inspections.
The Preview Report also describes “good practices” that the staff observed in various areas. The staff encourages auditors to consider how these practices may apply to their audit engagements and to implement changes “proactively to enhance audit quality in the public interest and to help ensure compliance with PCAOB standards and rules.” Such practices include:
Use of a “template” to facilitate the engagement team’s testing of the design and operating effectiveness of controls that include a review element.
Development of tools to track every matter communicated or required to be communicated to the audit committee in order to ensure that all potential CAMs were considered.
Use of technology-based tools for early detection of potential personal independence violations. Such tools include a tool that compares time charged by firm personnel to financial holdings and a tool that imports information from employee broker-dealer accounts directly into the firm’s tracking mechanisms.
Establishment of “milestone programs” to track the progress of supervision and review procedures. Such a program captures relevant steps of the audit, tracks compliance, and monitors whether partners and engagement quality reviewers focus on key working papers or audit procedures that addressed significant risks.
Comment: As noted above, the PCAOB staff suggests that audit committees may want to use the Preview Report as a “reference point” when evaluating their auditor. The report also provides insight into issues the PCAOB is likely to focus on in inspections and into what it regards as the audit areas likely to generate deficiencies. Audit committees may want to discuss with their auditor how it plans to address such areas. As a corollary, the Preview Report may be useful to audit committees in understanding what aspects of the company’s future audits are likely to attract the PCAOB inspection staff’s attention. Auditors, whether or not they received adverse PCAOB comments on particular recurring audit deficiencies in the past, can be expected to devote attention to these areas in anticipation of possible future PCAOB scrutiny. Therefore, the Preview Report may also aid audit committees in understanding their auditor’s risk assessment and resource allocation decisions and in discussing these matters with the engagement team.