Operational changes, remote procedures, and new risks associated with the coronavirus pandemic have made the audit environment much different than it was in the days before COVID-19.
George Botic, director of the PCAOB’s Division of Registrations and Inspections, provided observations on the new environment Wednesday during the AICPA Conference on Current SEC and PCAOB Developments.
He addressed audit best practices, common and recurring deficiencies identified in PCAOB inspections, reminders related to the pandemic, and other issues.
Key audit takeaways during COVID-19
Certain firms modified their internal monitoring programs to target specific engagements in industries more likely to be affected by COVID, Botic said.
He said firms also emphasized the importance of consultation and in some cases established supplemental consultation requirements for issues including receipt of government assistance, changes to materiality assessments, market changes impacting accounting, and going concern considerations.
The remote environment brought about big changes in inventory observations, with mobile devices and applications used in the process.
“Using real-time video streaming, an engagement team verified the inventory location from its prior knowledge of the facility, had company personnel walk the floor, directed the selection of test counts, and performed the procedures otherwise completed in person using mobile devices,” Botic said. “I will add [that] for virtual inventory, be mindful of the need for portable power banks for the devices and ensure that connectivity is available throughout and around the entire facility.”
The most common deficiencies identified in PCAOB inspections included areas that have been challenges for auditors in the past:
- Auditing revenue. The design and performance of audit procedures to address assessed risk of material misstatement related to revenue was a common challenge for practitioners.
- Auditing accounting estimates. “We continue to identify deficiencies related to auditing estimates, particularly in the area of the allowance for loan loss and estimates used in the accounting for business combinations,” Botic said. “Auditors need to identify and understand the significant assumptions used by the company that are susceptible to manipulation or bias.”
- Internal control over financial reporting (ICFR). Deficiencies in ICFR continue to include insufficient evaluation of whether controls with a review element selected for testing operate at a level of precision that would prevent the detection of a material misstatement, Botic said. “Auditors also did not identify or test controls that sufficiently addressed the risk of material misstatement related to relevant assertions of significant accounts,” he said. “An example would be multiple revenue streams and not testing controls over the significant revenue streams.”
Independence remains a concern
Auditor independence is foundational for high quality, Botic said.
“Auditors are required to be independent of their audit clients both in fact and in appearance,” he said. “We continue to identify deficiencies that suggest that some firms may not have appropriate quality control systems in place to prevent violations of SEC and/or PCAOB independence rules.”
He said PCAOB inspections focus primarily on four areas related to independence. Inspectors:
- Analyze firm-identified violations of independence rules for possible quality control concerns.
- Evaluate compliance with the independence pre-approval rules for significant nonaudit services.
- Review firms’ communications with audit committees concerning independence matters.
- Review the firm’s responses to past inspection quality control concerns. For example, he said, inspectors would review high rates of exceptions noted by the firm’s personal independence compliance testing.
Best practices observed
The PCAOB has noted some good practices developed by firms in their continuing quest to improve audit quality:
- Some firms have created narratives of their own quality control systems and prepared process flow maps linked to quality objectives and controls, Botic said. “These facilitated the monitoring of engagement performance and enhanced the effectiveness of the firms’ root-cause analysis,” Botic said.
- Certain firms have implemented interactive engagement team meetings often tied to particular audit milestones or phases. Coaching workshops among engagement team members also have been implemented, Botic said.
- Partner involvement has been increased at some firms during the planning of tests of controls.
“All these good practices should of course be adjusted for the size of the firm and the size and nature of the engagement,” Botic said.
Emphasis on fraud
New fraud risks have emerged as a result of the pandemic.
Auditors may need to revisit their initial assessment of risks and modify planned procedures accordingly as circumstances evolve, Botic said. He encouraged engagement teams to consider procedures in areas that may be more susceptible to fraud.
Examples of those areas include:
- Estimates or valuations that are largely based on forecasts of future events, particularly given uncertainties in information.
- Management override of ICFR in areas where there have been staff changes, staff downsizing, reporting structure changes, or any change that will impact segregation of duties.
Botic highlighted five takeaways that practitioners should keep in mind as they work toward performing high-quality audits:
- Care and skepticism. Exercising due professional care and professional skepticism remains important in all aspects of audit work. “While due professional care and professional skepticism should be applied at all times, the disruption resulting from COVID surges reminds of their continued importance,” Botic said.
- Risk assessment, understanding client. Performing robust risk assessment procedures and understanding the client’s business is as important as ever. This includes understanding the impact of known and/or potential changes due to COVID-19 and other economic challenges. “Auditors should revisit their initial assessment of risk and modify planned procedures as circumstances evolve,” Botic said.
- Renewed focus on fraud procedures. Botic encouraged auditors to incorporate unpredictability in the audit that is new and different year over year. “The auditor should guard against procedures that become all too predictable,” Botic said.
- Materiality. Botic said auditors should establish a materiality level for the financial statements taken as a whole that is appropriate in light of the circumstances. “Economic challenges may cause the need for the auditor to reevaluate established materiality levels,” he said.
- Supervision. “Given the likelihood of the need for the auditor to evaluate significant assumptions and judgments, audit engagement teams should consider the need for increased involvement of partners and other senior members of the engagement team in these areas,” Botic said.
For more information on accounting and auditing issues amid the pandemic, consult the AICPA’s COVID-19: Audit & Assurance resources.
— Ken Tysiac (Kenneth.Tysiac@aicpa-cima.com) is the JofA’s editorial director.