The Public Company Accounting Oversight Board’s annual inspections program includes a “target team” which examines how auditors handled specific issues on a cross-firm basis. The target team inspectors focus on emerging audit risks and topics that the PCAOB staff believes could have important implications for audits. The Board has stated that the target team “executes in-depth reviews across audit firms using information-gathering inspection procedures that extend beyond traditional inspection procedures.” In a new publication, Spotlight: Observations From the Target Team’s 2022 Inspections, the PCAOB staff summarizes the target team’s work in 2022, including deficiencies observed, good practices identified, and key insights.
The 2022 target team looked at three areas – first post-initial public offering (IPO) audits, including both companies that engaged in traditional IPOs and those that became public via a merger with a special purpose acquisition company (SPAC); audit firm use of shared service centers (SSCs); and climate-related matters that impacted financial reporting. (For a discussion of the PCAOB’s report on the findings of its 2021 target team, see PCAOB Reports 2021 Target Team Observations, September-October 2022 Update.)
Traditional IPOs and De-SPAC Transactions
The 2022 target team reviewed 20 post-IPO audit engagements. Sixteen of these companies became public as the result of a de-SPAC transaction (i.e., a merger with a SPAC), while four were the product of traditional IPOs. One of the six largest U.S. global network firms performed each of the 20 audit engagements.
The target team identified deficiencies in four (20 percent) of the de-SPAC transaction audits. All deficiencies related to revenue. These deficiencies involved the auditor’s failure to –
Identify a departure from GAAP in the presentation of deferred revenue.
Perform procedures to test, or test controls over, the accuracy and completeness of labor hours used as an input to record revenue.
Perform sufficient substantive procedures to test the reasonableness of the percentage of completion used by the public company to estimate revenue.
Identify and evaluate the significance of an inconsistency in the description of a transaction in a note disclosure and the description of the transaction in Part I of the public company’s annual report filed on Form 10-K.
Evaluate the specific review procedures that control owners performed to assess the reasonableness of forecasted hours used as an input to record revenue.
Sufficiently evaluate the severity of a control deficiency to determine whether the deficiency, individually or in combination with other deficiencies, was a material weakness.
Identify and test controls over the reconciliation of time-and-materials data with the general ledger.
Identify and test controls over the presentation of deferred revenue.
In reviewing the post-IPO audits, the target team also observed certain “good practices” – features of particular audits that, in the target team’s view, enhanced audit quality. These good practices included the use of valuation specialists in situations where a specialist was not required under firm policy; consultation with the firm’s professional practice group on particular accounting and auditing issues, including where the firm’s audit methodology did not require consultation; use of technology-based tools, such as data analytics; and voluntarily adding a partner with relevant industry experience to the engagement team in order to assist in reviewing fraud risks.
Shared Service Centers
In 16 of the 20 post-IPO audits reviewed, the engagement team made use of a firm SSC. The target team report describes an SSC as –
“an entity – affiliated with one or more audit firms – that mostly provides resources and services remotely to core engagement teams. SSC personnel traditionally serve in staff or senior associate roles of an engagement team. The services provided are typically more traditional standardized audit procedures, such as testing the mathematical accuracy of schedules prepared by the public company. SSCs may be based inside and/or outside the U.S. and may or may not be subsidiaries of the U.S. audit firm.”
The target team did not identify any audit deficiencies related to the use of SSCs. Among other things, the target team noted that the U.S. engagement team was ultimately responsible for all audit work that an SSC performed. Observations related to the U.S. engagement team’s overall control of the audit included:
The lead engagement partner determined the scope of audit procedures that the SSC performed.
Formal communication and reporting lines were established between the SSC and the U.S. audit firm.
The U.S. engagement team determined and managed the extent of SSC interactions with the audit client. In most cases, the audit firm required a U.S. engagement team member to be involved in such interactions.
All audit firms restricted SSC personnel from serving as final workpaper reviewers.
Climate-Related Matters
The target team reviewed ten audit engagements, performed by five of the six large firms, focusing on the risk that climate-related matters could materially affect the public company’s financial reporting. The ten companies were in four industry sectors – Consumer Discretionary, Energy, Industrials, and Materials. Each of the ten companies had a market capitalization exceeding $800 billion. The target team reviewed how climate-related considerations affected the financial statement audit. The team also reviewed company climate-related disclosures, including disclosures in public sustainability reports.
All ten engagement teams considered the potential impact of climate-related matters as part of audit
planning and risk assessment, and the target team did not identify any audit deficiencies related to climate risk. Target team observations with respect to climate risk included:
All five audit firms issued internal guidance highlighting, among other things, the importance of management’s key assumptions and judgments in assessing the impact of climate-related commitments on the preparation of the financial statements, including such issues as potential impairment of nonfinancial assets, estimated useful lives of property, plant, and equipment, and going concern assessments.
All five audit firms provided firm specialists to assist engagement teams in conducting risk assessment procedures when the impact of climate-related matters could be material to the financial statements.
All five audit firms issued external guidance, including educational material, noting the firm’s expertise in climate-related matters.
One engagement team stated that it met frequently with management and the audit committee to discuss climate-related matters. That engagement team noted that climate matters were included as a standing agenda item for upcoming audit committee meetings.
Comment: For audit committees, the most interesting feature of the 2022 target team Spotlight is that it underscores the PCAOB’s focus on auditor use of shared service centers and on the impact of climate-related risks on financial reporting and auditing. (The PCAOB is also focused on IPOs and SPACs, but only a small number of audit committees will have been involved in such transactions.) Audit committees should consider asking their engagement partner to describe the role that SSCs played in the company’s audit and how climate-related risks affected audit planning and execution. The observations in the Spotlight could be helpful in framing these discussions. More generally, the target team Spotlight could be useful to the audit committee in understanding what aspects of the company’s future audits are likely to attract PCAOB inspection staff attention.
Комментарии