The PCAOB staff has issued its 2023 list of questions to aid audit committees in communicating with their auditors. Spotlight: Audit Committee Resource “suggests questions that may be of interest to audit committee members to consider amongst themselves or in discussions with their independent auditors, particularly given today’s economic and geopolitical landscape.” The 2023 question list is an updated version of last year’s suggestions. See We Have Some Questions for You. The PCAOB Releases a New Audit Committee Resource, August 2022 Update.
The Audit Committee Resource contains 38 questions, arranged under ten topics. The topics, and examples of the questions, are listed below:
Risk of Fraud (five suggested questions). Examples:
Did the auditor identify any new risks of fraud in the current year audit? If not, what procedures did the auditor perform to identify risks of fraud, and were any procedures different from the prior year?
Did the auditor’s inquiries of management include whether possible illegal acts, such as potential noncompliance with sanctions and other laws or regulations, have occurred? If any acts were identified, what was the impact on the audit? (No question regarding legal compliance was included in last year’s list. The PCAOB has recently proposed to expand the auditor’s responsibilities to identify instances of noncompliance with laws and regulations. See PCAOB Proposes to Expand Auditor Responsibility for Financial Statement Fairness and for Legal Compliance, May-June 2023 Update.)
Risk Assessment and Internal Controls (seven suggested questions). Example:
What has the auditor done to understand and/or select and test relevant controls? Has appropriate testing of data been performed for the data used in the operation of those selected and tested controls? Have management review controls been properly tested?
Auditing and Accounting Risks (six suggested questions). Examples:
When a restatement exists in the public company’s disclosures, what were the auditor’s procedures to assess the sufficiency of management’s materiality conclusion? What observations does the auditor have regarding management’s analysis? (This question appears to be based on concerns SEC Chief Accountant Paul Munter has expressed regarding restatement materiality determinations. See Acting SEC Chief Accountant Warns Against Bias in Restatement Materiality Decisions, March 2022 Update.)
How did the auditor consider potential management bias in developing significant estimates and assumptions? What observations, if any, did the auditor make about potential management bias during the audit?
Digital Assets (three suggested questions). Example:
Does the auditor utilize any specialized technology-based tools with respect to digital assets in its audit? How has the use of these tools affected the nature, timing, and extent of audit procedures performed to address risks of material misstatement related to digital assets? (Regarding audit committee oversight of reporting and audit issues associated with digital assets, see Digital Assets: The Audit Committee’s Journey Continues in this Update.)
Merger and Acquisition Activities (four suggested questions). Example:
How did the auditor evaluate risks, if any, concerning mergers and acquisition activities? If the public company has been involved in a de-SPAC (special purpose acquisition company) transaction, what were the auditor’s key considerations in evaluating management’s determination of the accounting acquirer?
Use of the Work of Other Auditors (four suggested questions). Example:
Are there other participating accounting firms that play a substantial role in the audit? If so, are they registered with the PCAOB and subject to PCAOB inspections? (The questions suggested under this topic mirror those SEC Chief Accountant Paul Munter has suggested that audit committees should ask regarding the participation of other auditors in the company’s audit. See SEC Chief Accountant Discusses Audit Committee Oversight of Other Auditors, April 2023 Update.)
Talent And its Impact on Audit Quality (three suggested questions). Example:
Did the “great resignation” cause the audit firm to experience difficulties recruiting and retaining staff? If so, what is the audit firm doing to attract and retain talent to ensure that all engagement team members have appropriate levels of competency, degree of proficiency, training, and supervision?
Independence (two suggested questions). Example:
What are the audit firm’s policies or procedures for identifying, evaluating, and addressing any threats to independence, in fact or appearance? What processes are in place to ensure all relationships that may reasonably bear on independence are properly communicated to the audit committee?
Critical Audit Matters (one suggested question). Example:
How has the auditor considered whether there is any audit matter that involved challenging, subjective, or complex auditor judgment? What preliminary determinations were made that ultimately did not result in the reporting of a critical audit matter?
Cybersecurity (three suggested questions). Example:
How did the auditor’s identification and assessment of possible risks of material misstatement consider changes to the cyberthreat landscape?
Comment:The PCAOB’s suggested questions are a useful starting point for a dialog with the auditor on key audit issues. In each area, additional questions could be formulated, depending on the company’s specific circumstances. Audit committees could also use many of the suggested questions as a basis for discussion with management as part of the committee’s oversight of the company’s financial reporting and internal controls. The ten topics in the 2023 Spotlight: Audit Committee Resource overlap to a large degree with the 2023 inspection priorities that the PCAOB staff has recently outlined. See 2023 PCAOB Inspections Will Prioritize Fraud, Financial Services, and Crypto, May-June 2023 Update. Audit committees considering issues to discuss with their auditor might want to review these two publications together.