The SEC approved PCAOB Auditing Standard No. 16, Communications With Audit Committees, and related amendments to PCAOB standards that were designed to help external auditors communicate effectively with audit committees during public company audits.
All U.S. public companies, including emerging growth companies as defined in the Jumpstart Our Business Startups (JOBS) Act, P.L. 112-106, will be required to comply with the standard.
The standard is designed to facilitate effective two-way communication, and is aimed at external auditors because the PCAOB has no authority over audit committees. It requires auditors to:
- Establish the terms of the audit engagement with the audit committee and record them in an engagement letter.
- Give audit committees an overview of the audit strategy, including the timing of the audit, significant risks identified, and significant changes to the planned audit strategy or risks.
- Reveal the identities of others involved with the audit, including internal auditors or other independent auditing firms.
- Provide information regarding the company’s accounting policies, practices, estimates, and significant unusual transactions.
- Give an evaluation of the quality of the company’s financial reporting, including conclusions about critical accounting estimates and the company’s financial statement presentation; difficult or contentious matters for which the auditor consulted outside the engagement team; the auditor’s evaluation of the company’s ability to continue as a going concern; and difficulties encountered in performing the audit.
The standard, available at tinyurl.com/ate8vy6, is effective for audits of financial statements with fiscal years beginning on or after Dec. 15, 2012.
Center for Audit Quality (CAQ) Executive Director Cindy Fornelli said in a comment letter, available at tinyurl.com/a5antxm, that the standard will contribute to investor protection because it should improve audit quality and audit committees’ oversight. The CAQ is affiliated with the AICPA.
Insufficient testing of controls and failure to properly evaluate control deficiencies were among the common findings that led the PCAOB to issue a summary of observations from 2010 inspections of audits of internal control over financial reporting (ICFR).
The PCAOB released a 31-page report on deficiencies in firms’ audits of ICFR. The report, available at tinyurl.com/auywqhf, does not identify individual audits, but includes information summarized from inspections.
Deficiencies found under PCAOB Auditing Standard No. 5, An Audit of Internal Control Over Financial Reporting That Is Integrated With an Audit of Financial Statements, were included in the report, which was issued to help inform auditors on common problems to avoid.
In 46 of the 309 audit engagements inspected by the PCAOB in 2010 that were referenced in the report, the PCAOB found that the firm had failed to obtain enough evidence to support its audit opinion on the effectiveness of internal control.
In an additional 50 of the 309 audit inspections, the PCAOB found what it considered to be deficiencies in firms’ quality-control systems that required remediation. Those deficiencies did not mean the audited companies had materially misstated financial statements or had inadequate internal controls. Rather, the deficiencies generally indicated failure by engagement teams to comply with their firms’ methodologies, according to the report.
The most commonly identified deficiencies named in the report were firms’ failures to:
- Identify and test controls that are intended to address the risks of material misstatement.
- Sufficiently test the design and operating effectiveness of management review controls that are used to monitor the results of operations, such as:
- Monthly comparisons of budget and actual results to forecasts for revenues and expenses.
- Comparisons of other metrics, such as profit margins and certain expenses as a percentage of sales.
- Quarterly balance sheet reviews.
- Obtain sufficient evidence to update the results of testing of controls from an interim date to the company’s year end (the roll-forward period).
- Sufficiently test the system-generated data and reports that support important controls.
- Sufficiently perform procedures regarding the use of the work of others.
- Sufficiently evaluate identified control deficiencies and consider their effect on both the financial statement audit and the audit of internal control.
“We encourage all auditors to … consider the items noted in planning and performing public company audits,” the CAQ’s Fornelli said in a statement. “We also encourage preparers and audit committee members to familiarize themselves with the report as it may contain observations that might be useful in improving upon the design or operating effectiveness of internal controls over financial reporting.”