Notice to readers: Links are included throughout the text to direct participants to relevant websites. If these websites do not appear when typed into a web browser, copy the links into a search engine to be redirected to the proper web page.
The Public Company Accounting Oversight Board (PCAOB) (the board) is a private-sector, not-for-profit corporation, created by the Sarbanes-Oxley Act of 2002 (the act), to oversee the auditors of public companies in order to protect the interests of investors and further the public interest in the preparation of informative, fair, and independent audit reports. The act also gives the SEC general oversight of the PCAOB.
The PCAOB is required by the act to have five financially literate members (two current or former certified public accountants and three non-CPAs). Members, appointed by the SEC, may not be connected with any public accounting firm other than as retired members receiving fixed continuing payments and, with limited exceptions, may not be employed or engaged in any other professional or business activity.
On November 4, 2019, Rebekah Goshorn Jurata was appointed to the board, which also consists of Chairman William Duhnke III and board members J. Robert Brown, James Kaiser, and Duane DesParte.
The duties of the PCAOB are set forth in Title I of the act. They include the following requirements:
To assist in the development of auditing and related professional practice standards, the PCAOB convened a Standing Advisory Group (SAG) made up of experts from the accounting profession, investment community, and other interested groups. The SAG members serve three-year terms.
The PCAOB’s Investor Advisory Group informs the board on broad policy issues, and other matters affecting the investor community. The board relies on this group to provide high-level advice and insight on matters the board may face in fulfilling its mission to protect investors. Membership is for a term of three years. The members represent a wide range of investor perspectives, and some members are also members of the SAG.
The Center for Economic Analysis, which began operations in 2014, studies the role and relevance of the audit in capital formation and investor protection. Comprised of independent economists and PCAOB staff, the Center advises the board on how economic theory, analysis, and tools can be better used to enhance the effectiveness of PCAOB program areas.
PCAOB auditing standards are grouped into the following categories:
The following is an overview of auditing standards issued by the PCAOB.
Auditing Standard (AS) 1215 is an “umbrella” standard that provides general requirements for documentation the auditor should prepare and retain in connection with engagements to audit financial statements, audit internal control over financial reporting, and review interim financial information. Specific audit documentation requirements are also set out in other professional standards (for example, AS 2401, Consideration of Fraud in a Financial Statement Audit).
Audit documentation is the written record of the basis for the auditor’s conclusions that provides support for the auditor’s representations, whether those representations are contained in the auditor’s report or otherwise. The standard requires it to be prepared in sufficient detail to provide a clear understanding of its purpose, source, and conclusions reached.
The guiding principle of AS 1215 is that, with respect to all relevant financial statement assertions, auditors must document the following:
Documentation must be sufficient to enable an experienced auditor, having no previous connection with the engagement, to understand the procedures, evidence, and conclusions, as well as identify who performed and reviewed the work and the dates (month/day/year) of that performance and review. An experienced auditor is defined in the standard as having “a reasonable understanding of audit activities and has studied the company’s industry as well as the accounting and auditing issues relevant to the industry.”
Audit documentation under AS 1215 is directed to the level of an outside reviewer, and not engagement team members. When preparing and reviewing audit documentation, the auditor needs to remember to document the procedures performed, evidence obtained, and conclusions reached with the perspective of a third-party reviewer in mind. Clear, concise, fully cross-referenced documentation is necessary. As stated in the standard, “audit documentation must clearly demonstrate that the work was in fact performed.” For example, documentation should be in sufficient detail to identify the specific items examined (for example, by invoice number, or by criteria such as “all amounts over $25,000”). Copies of original documents need to be retained only if the specific documents examined will not or are not likely to be retained by the company (for example, a real-time computerized status report of open sales orders), or if retaining copies would facilitate the communication of the procedures performed, evidence obtained, and conclusions reached.
The scope of documentation includes the support for oral presentations to management, such as an oral presentation of the results of a quarterly review, and also includes the support for certain required communications with the audit committee or the board of directors.
Documentation also includes information that demonstrates compliance with independence rules; training and proficiency; and client acceptance and retention.
Significant findings or issues must be documented. Significant issues include the following:
Documentation includes memoranda, confirmations, correspondence, schedules, audit programs, and representation letters. Copies or abstracts of significant contracts or agreements should be retained in the working papers.
The five factors to consider in determining the nature and extent of documentation are as follows:
The standard requires the completion of an engagement completion document for each engagement. Significant issues must be included in this document, as well as issues pertaining to the review of interim financial information.
Reports from specialists on which the auditor relies should be included in the working papers, and should be sufficiently robust (including assumptions, data, and other relevant information) to enable the auditor to carry out responsibilities under AS 1210, Using the Work of a Specialist, or AS 2502, Auditing Fair Value Measurements and Disclosure, as appropriate.
The office issuing the audit report is responsible for ensuring that engagement documentation meets this standard and is retained as required. The documentation must be accessible to or retained by the reporting office. This requirement extends to the work performed by other auditors.
The standard requires that prior to releasing the report, the engagement team in the reporting office must obtain, review, and retain the following documentation for all work at subsidiaries or locations that are material to the financial statements. Other offices (or other firms that are not referred to in the audit report) that are conducting a part of the audit in a different location will also need, at a minimum, to assemble a reporting package containing the following items for the office issuing the report:
Within 45 days from the date the auditor gives permission to use the firm’s opinion (the report release date), a complete and final set of documentation should be prepared (the documentation completion date). During the 45-day period, documentation can be updated, and superseded documents discarded. The added documentation should include the date, the name of the person adding the information, and reason for adding it. After the documentation completion date, no deletions from the file can be made, but documentation can be added to the file if fully documented as previously described. The measurement date for engagements where a report is not issued is 45 days from the completion of fieldwork or the cessation of work.
The auditor must retain documentation for seven years from the report release date, unless another law or regulation requires a longer retention period.
In addition to the requirements of the standard, other regulators or laws may require the retention of additional documentation and records, such as the SEC. Furthermore, AS 1215 does not negate any of the existing state regulations or rules. For example, in New York, state law states that no changes to an electronic audit file can be made after the 45-day limit. The California statute still contains a “rebuttable presumption” rule that states that, in the absence of written documentation, a procedure supported only by oral representation is presumed to have not been performed.
Both the New York and California documentation regulations extend to all engagements performed in those states, and not just public company audits.
AS 1215 also refers to the required pieces of documentation for multilocation engagements in paragraph .12 of AS 1205, Part of the Audit Performed by Other Independent Auditors, when the auditor does not reference the other auditor in the report. In addition, the document must include all cross-referenced, supporting audit documentation for these items. This documentation must be assembled before the release date and the primary auditor should perform a review of the work in one or more of the following ways:
When another auditor is referenced in the report, the auditor should follow the guidance in AS 1205; the documentation requirements outlined for circumstances in which other auditors are not referenced do not apply.
This standard is available on the PCAOB website at https://pcaobus.org/Standards/Auditing/Pages/ AS1215.aspx.
AS 1220 requires an engagement quality review and concurring approval of issuance for each audit engagement and each engagement to review financial information conducted in accordance with PCAOB standards. The objective of the engagement quality reviewer is to perform an evaluation of the significant judgments made by the engagement team and the related conclusions reached in forming the overall conclusion on the engagement and in preparing the engagement report, if a report is to be issued, in order to determine whether to provide concurring approval of issuance.
The standard provides a framework for the engagement quality reviewer to objectively evaluate the significant judgments made and related conclusions reached by the engagement team in forming an overall conclusion. Specifically, the reviewer is required to evaluate
An engagement quality review includes the performance of certain specified procedures; discussions with the engagement partner and other members of the engagement team; and a review of documentation. Specified procedures include the following:
Further, AS 1220 describes the qualifications that any reviewer, whether inside or outside the firm, would be required to meet in order to provide for a high-quality engagement quality review. Accordingly, the standard requires an engagement quality reviewer from within the firm issuing the report to be a partner or another individual in an equivalent position (when the legal structure of the firm is not a partnership). The qualifications for reviewers from outside the firm are consistent with those required for reviewers from inside the firm such that they must meet the competence and other qualification requirements, including a level of knowledge and competence related to accounting, auditing, and financial reporting required to serve as the person who has overall responsibility for the engagement under review.
In addition to the qualifications, the reviewer is required to be independent of the company, perform the review with integrity, and maintain independence. To ensure objectivity, AS 1220 requires a “cooling off” period that prohibits an engagement partner from serving as the engagement quality reviewer for at least two years following the last year as the engagement partner. To address concerns of smaller firms with fewer personnel, the standard exempts firms that qualify for the exemption from the SEC partner rotation requirements from the “cooling off” period under this standard.
Concurring approval of issuance may be provided only when the reviewer is not aware of a significant engagement deficiency after having performed the review required by the standard with due professional care. A significant engagement deficiency exists when (1) for an audit, the engagement team did not obtain sufficient appropriate audit evidence, or, for an interim review, did not perform the necessary procedures, (2) the engagement team reached an inappropriate overall conclusion on the engagement, (3) the engagement report is not appropriate, or (4) the firm is not independent of its client.
Further, the firm may grant permission to the client to use the engagement report (or communicate an engagement conclusion to its client, if no report is issued) only after the engagement quality reviewer provides concurring approval of issuance.
Documentation of the engagement quality review should include identification of the engagement quality reviewer and others who assisted the review, the documents reviewed, and the date of concurring approval of issuance, or if no approval was provided, the reasons for not providing the approval.
AS 1220 can be found at https://pcaobus.org/Standards/Auditing/Pages/AS1220.aspx.
AS 1301 provides a definition of audit committee; retains or enhances existing communication requirements; incorporates certain SEC auditor communication requirements to audit committees; and adds communication requirements that generally relate to requirements in other PCAOB standards. It also includes an appendix that identifies other PCAOB standards and rules that require communication with the audit committee to assist auditors in understanding and communicating all specific matters that require communication.
AS 1301 defines an audit committee as a committee (or equivalent body) established by and among the board of directors of a company for the purpose of overseeing the accounting and financial reporting processes of the company and audits of the financial statements of the company; if no such committee exists, then the audit committee is the company’s board of directors. AS 1301 recognizes that some non- issuers, including brokers and dealers, may have governance structures that do not include boards of directors or audit committees. In those cases, the auditor would identify those persons at the non-issuer company who oversee the company’s accounting and financial reporting processes and audits.
AS 1301 strengthens previous auditor communication requirements in the following ways:
AS 1301 provides communication requirements that inform the audit committee about significant aspects of the audit. Under AS 1301, the auditor is required to communicate the following:
AS 1301 also requires timely communication by the auditor to the audit committee, prior to the issuance of the auditor’s report.
AS 1301 can be found at https://pcaobus.org/Standards/Auditing/Pages/AS1301.aspx.
AS 2201 is a principles-based standard that is designed to allow auditors to exercise professional judgment in focusing effort on those areas that present the greatest risk of a material misstatement occurring in the financial statements, and in reducing testing in those areas of lowest risk. The standard provides direction on how to scale the audit for a smaller or less complex company or portions thereof. The highlights of AS 2201 are as follows:
The standard is available on the PCAOB website at https://pcaobus.org/Standards/Auditing/Pages/AS2201.aspx.
The following summarizes the more significant requirements included within AS 2410 and the related amendments.
The procedures in AS 2410 are intended to be performed in conjunction with the procedures performed during the risk assessment process, which include obtaining an understanding of the company’s relationships and transactions with its related parties. The more significant enhancements are explained as follows.
In obtaining an understanding of the client’s related party relationships and transactions, in addition to the procedures auditors are currently required to perform, AS 2410 requires specific inquiry of management about the background information concerning the related parties (for example, the physical location, industry, size, and extent of operations); the business purpose for entering into a transaction with a related party versus an unrelated party; any related party transactions that have not been authorized and approved in accordance with the entity’s established policies or procedures regarding the authorization and approval of transactions with related parties; and any related party transactions for which exceptions to the entity’s established policies or procedures were granted and the reasons for granting such exceptions.
Additionally, auditors are required to identify others within the entity to whom inquiries are to be directed, and determine the extent of such inquiries, by considering whether such individuals are likely to have knowledge regarding
Examples of others within the company who may have such knowledge include: personnel in a position to initiate, process, or record transactions with related parties and those who supervise or monitor such personnel; internal auditors; in-house legal counsel; the chief compliance or ethics officer or person in an equivalent position; and the human resources director or person in an equivalent position.
With respect to inquiries directed to audit committees, auditors are required to ask about (1) the audit committee’s understanding of the entity’s relationships and transactions with related parties that are significant to the entity, as well as (2) whether any member of the audit committee has concerns regarding related parties and, if so, the substance of those concerns.
As part of identifying and assessing the risks of material misstatement at the financial statement and assertion level, AS 2410 requires auditors to assess whether the company has properly identified, accounted for, and disclosed its related parties and relationships and transactions with related parties and determined whether such risks of material misstatement are significant. Moreover, AS 2410 requires the auditor to read the underlying contracts or agreements for each related party transaction that is either required to be disclosed in the financial statements or determined to be a significant risk. This differs from current practice, whereby the auditor inspects the underlying contract or agreement. Furthermore, AS 2410 has expanded the population of transactions on which procedures are required to be performed from “identified significant related party transactions outside the entity’s normal course of business” to “each related party transaction that is required to be disclosed or represents a significant risk.” AS 2410 provides some relief in this regard, in that if the applicable financial reporting framework allows for the aggregation of similar related party transactions for disclosure purposes, the auditor may perform the specified procedures for only a selection of transactions from each aggregation of related party transactions, commensurate with the risk of material misstatement.
Communication with the audit committee has been enhanced to require communication of certain matters regarding related parties, including the auditor’s evaluation of the company’s identification of, accounting for, and disclosure of its relationships and transactions with related parties. Communication of other significant matters arising from the audit is also required, and includes
Consistent with the objective of AS 1301, these communications are required to be made in a timely manner.
The amendments regarding significant unusual transactions — which revised AS 2401, Consideration of Fraud in a Financial Statement Audit — strengthen the requirements for the identification and evaluation of significant unusual transactions. These amendments require the auditor to (1) perform procedures to identify significant unusual transactions, (2) perform procedures to obtain an understanding of, and evaluate, the business purpose (or lack thereof) of identified significant unusual transactions, and (3) consider certain factors in evaluating whether significant unusual transactions may have been entered into to engage in fraudulent reporting or conceal misappropriation of assets.
The amendments to existing standards regarding financial relationships and transactions with executive officers require the auditor to perform procedures to obtain an understanding of the company’s financial relationships and transactions with its executive officers. Such amendments are intended to increase the auditor’s attention on incentives or pressures for the company to achieve a particular financial position or operating result. These enhancements address the potential influence a company’s executive officers may exert over the company’s accounting and financial statement presentation. Although this new focus represents an important risk assessment consideration, it is not intended to be an assessment of the appropriateness or reasonableness of executive compensation arrangements.
AS 2410 can be found https://pcaobus.org/Standards/Auditing/Pages/AS2410.aspx.
AS 2701 was adopted by the PCAOB, and approved by the SEC, in the fourth quarter of 2013. AS 2701 requires auditors to perform certain audit procedures when engaged to audit and report on supplemental information accompanying financial statements. Such supplemental information includes the following:
AS 2701 does not apply to schedules prepared pursuant to Regulation S-X, because those schedules are deemed by the SEC to be part of the financial statements.
AS 2701 includes the following requirements, among others, for the auditor to (1) determine that the supplemental information reconciles to the underlying accounting and other records or to the financial statements, as applicable; (2) test the completeness and accuracy of the supplemental information, to the extent that it was not tested as part of the financial statement audit; and (3) evaluate whether the supplemental information, including its form and content, complies with relevant regulatory requirements or other applicable criteria, if any.
AS 2701 can be found at https://pcaobus.org/Standards/Auditing/Pages/AS2701.aspx.
AS 2820 provides guidance about the auditor’s evaluation of, and reporting on, the consistency of financial statements. The standard directs the auditor to recognize, in the auditor’s report, (1) a change in accounting principle or (2) an adjustment to correct a misstatement in previously issued financial statements, if it had a material effect on the financial statements. This standard does not establish new or additional audit requirements. The standard is meant to enhance the clarity of auditor reporting on accounting changes (including both changes in accounting principle that result from the adoption of a new accounting pronouncement and those that do not) and corrections of misstatements, by distinguishing between these events.
Further, the standard aligns the auditor’s reporting responsibilities with the accounting standards, which require disclosure of all restatements, by requiring an explanatory paragraph when the company has restated the financial statements.
Changes in classification do not require recognition in the auditor’s report, except for reclassifications that result from changes in accounting principle or correction of a material misstatement.
The standard also provides guidance on the periods covered by the auditor’s evaluation of consistency.
The standard can be found at https://pcaobus.org/Standards/Auditing/Pages/AS2820.aspx.
AS 6115 establishes a voluntary engagement that allows auditors to report on the elimination of a material weakness in a company’s internal control over financial reporting. The standard was issued in response to both management and report user concerns about the need for a mechanism to provide assurance on management’s assertion concerning the elimination of a material weakness. The assurance that is set forth in the standard is not required by the Sarbanes-Oxley Act of 2002 or other securities laws and is purely voluntary on the part of company management. The objective of an engagement performed pursuant to this standard was to provide assurance on management’s assertions about whether a previously reported material weakness continued to exist. Highlights of AS 6115 include the following:
The SEC has provided the following guidance regarding acceptable methods and forms to use in filing both management’s and the auditor’s report.
The standard is available at https://pcaobus.org/Standards/Auditing/Pages/AS6115.aspx.
The following eight auditing standards provide guidance on all stages of a risk-based audit, from initial planning through evaluation:
The board issued these standards so that an appropriate risk assessment process would be applicable and reflected in all public company audits; however, the process is not expected to be a one-size-fits-all approach to risk assessment, and as such, the standards have incorporated guidance about how the risk assessment process can be tailored to a company’s size and complexity.
The risk standards also provide guidance on the integration of the audit of the financial statements with the audit of ICFR. AS 2201 describes a risk-based audit of ICFR that should be fully integrated with the audit of financial statements. The risk standards describe the auditor’s responsibilities for assessing risk, responding to risk, and evaluating audit results in the context of an integrated audit of financial statements and ICFR, which should help auditors better understand how certain procedures required by AS 2201 can be integrated with financial statement audit procedures.
The auditor’s responsibilities for considering fraud during the audit have been integrated into the applicable risk assessment standards. This integration is intended to prompt auditors to make a more thorough assessment of fraud risks and to modify audit plans to address identified fraud risk factors. This integration is intended to eliminate the sometimes mechanical approach to the consideration of fraud that the board had noted in inspections and encourages a more thoughtful and thorough assessment of fraud risks.
The sections can be found at https://pcaobus.org/Standards/Auditing/Pages/default.aspx.
In October 2017, the SEC approved the PCAOB’s new auditor reporting standard, AS 3101, The Auditor’s Report on an Audit of Financial Statements When the Auditor Expresses an Unqualified Opinion, as adopted by the PCAOB in June 2017. The SEC also approved related amendments to certain other PCAOB standards and redesignated paragraphs that address departures from the auditor’s unqualified opinion and other reporting circumstances as AS 3105, Departures from Unqualified Opinions and Other Reporting Circumstances.
The new standard and related amendments retain the pass/fail opinion in the existing auditor’s report, but significantly change the existing auditor’s report through the following requirements:
The communication of each CAM in the auditor’s report will include the following:
The standard generally applies to audits conducted under PCAOB standards; however, communication of CAMs is not required for audits of emerging growth companies, brokers and dealers, investment companies other than business development companies, and employee stock purchase, savings, and similar plans. Auditors of these entities may choose to voluntarily include CAMs in the auditor’s report. The other requirements of the final standard apply to these audits.
The PCAOB adopted a phased approach to the effective date for the new standard and amendments to provide accounting firms, companies, and audit committees more time to prepare for implementation of the critical audit matter requirements, which are expected to require more effort to implement than the other improvements to the auditor’s report.
The final standard and amendments will take effect as follows:
New auditor reporting provisions | Effective date |
Report format, tenure, and other improvements | Audits for fiscal years ending on or after December 15, 2017 |
Communication of CAMs for audits of large accelerated filers | Audits for fiscal years ending on or after June 30, 2019 |
Communication of CAMs for audits of all other companies | Audits for fiscal years ending on or after December 15, 2020 |
The PCAOB plans to conduct a post-implementation review of the new standard to ensure it is working as intended and does not lead to any unintended consequences.
The standard and related amendments can be accessed at https://pcaobus.org//Rulemaking/Docket034/2017-001-auditors-report-final-rule.pdf
Additionally, the PCAOB has developed a fact sheet on the standard, which may be helpful in understanding the main provisions of the standard. It is available at https://pcaobus.org//News/Releases/Pages/fact-sheet-auditors-report-standard-adoption-6-1-17.aspx
On December 20, 2018, the PCAOB adopted a new auditing standard, Auditing Accounting Estimates, Including Fair Value Measurements, and amendments to other PCAOB auditing standards. The standard strengthens and enhances the requirements for auditing accounting estimates by establishing a single standard that sets forth a uniform, risk-based approach.
The new standard replaces three existing standards by establishing a single standard that sets forth a uniform, risk-based approach. Auditing Accounting Estimates (AS 2501) will be updated and retitled Auditing Accounting Estimates, Including Fair Value Measurements (AS 2501). Two other standards, Auditing Fair Value Measurements and Disclosures (AS 2502) and Auditing Derivative Instruments, Hedging Activities, and Investments in Securities (AS 2503), will be superseded.
The new standard builds on the common approaches in AS 2501, AS 2502, and AS 2503 and strengthens existing requirements by adding the following:
Also on December 20, 2018, the PCAOB adopted amendments to its auditing standards that strengthen the requirements that apply when auditors use the work of specialists in an audit. The amendments are designed to increase audit attention in areas where a specialist is used and to align the applicable requirements with the PCAOB's risk assessment standards.
The Board is amending two existing auditing standards, AS 1105, Audit Evidence, and AS 1201, Supervision of the Audit Engagement. The Board is also retitling and replacing AS 1210, Using the Work of a Specialist, with a new AS 1210, Using the Work of an Auditor-Engaged Specialist. These amendments strengthen existing requirements by adding the following:
For use of the work of a company's specialist:
For use of the work of an auditor's specialist:
The final standards apply to all audits conducted under PCAOB standards. Subject to approval by the Securities and Exchange Commission, the final standards and related amendments will take effect for audits of financial statements for fiscal years ending on or after December 15, 2020.
The PCAOB Release adopting the new standards and related amendments can be accessed at the following web addresses.
https://pcaobus.org/Rulemaking/Docket043/2018-005-estimates-final-rule.pdf
https://pcaobus.org/Rulemaking/Docket044/2018-006-specialists-final-rule.pdf
Additionally, the PCAOB has developed fact sheets on the adopted standards and amendments, which may be helpful in understanding the main provisions. They are available at:
Proposed amendments relating to the supervision of audits involving other auditors, and proposed auditing standard, Dividing Responsibility for the Audit with Another Accounting Firm
On April 12, 2016, the PCAOB proposed for public comment a new auditing standard, along with related amendments, to strengthen the requirements that apply to audits that involve accounting firms and individual accountants outside the accounting firm that issue the audit report. Among other things, the proposed new standard and amendments would apply a risk-based supervisory approach, and would require more explicit procedures regarding the lead auditor’s involvement in the work of other auditors through enhanced communication and more robust evaluation of the other auditors’ qualifications and work.
The proposed new standard, AS 1206, Dividing Responsibility for the Audit with Another Accounting Firm, would supersede AS 1205. Proposed AS 1206 would retain, with modifications, many of the requirements of AS 1205, including the requirement that a lead auditor disclose in its audit report which portion of the financial statements was audited by each auditor. Proposed AS 1206 would also require the lead auditor to
The board’s proposal would also make the following changes to existing PCAOB auditing standards:
Comments on the proposed standard and related amendments were due in July 2016. The proposed auditing standard and amendments can be accessed at https://pcaobus.org//Rulemaking/Docket042/2016-002-other-auditors-proposal.pdf
In September 2017, the PCAOB issued a supplemental request for comment on a proposal designed to strengthen existing requirements regarding a lead auditor’s use of other auditors. Following the initial April 2016 proposal, the board received comments asking for clarification to some provisions and requesting changes to other provisions. In response to the comments received, the PCAOB proposed certain incremental clarifications and modifications to the requirements, primarily related to the following topics in the 2016 proposal:
The proposed clarifications are intended to increase the lead auditor’s involvement in, and evaluation of, the work of other auditors and impose a uniform approach to the use of other auditors by
The comment period closed and the PCAOB staff is currently analyzing the comments received to determine its next steps.
Attestation Standard Nos. 1 and 2 (collectively, the “attestation standards”) were adopted by the PCAOB, and approved by the SEC, in the fourth quarter of 2013. The board also adopted related amendments to certain PCAOB standards, including amendments regarding documentation and amendments to require engagement quality reviews of the examination and the review engagements. The attestation standards and amendments were effective for examination engagements and review engagements for fiscal years ending on or after June 1, 2014.
These attestation standards coincide with the effective date of corresponding amendments to SEC Rule 17a-5. Pursuant to SEC Rule 17a-5, the audits of brokers and dealers, including attestation engagements, are required to be performed under PCAOB standards. The amendments to SEC Rule 17a-5 established a requirement for the annual report to contain a compliance report or an exemption report. These reports contain information regarding broker and dealer compliance with key SEC financial responsibility rules that the SEC believed the amendments enhance its ability to oversee the financial responsibility practices of registered brokers and dealers, including the safekeeping of customer assets.
The attestation standards establish a framework of specific procedures that are required for auditors to opine or conclude on a broker’s or dealer’s statements or assertions in compliance reports and exemption reports required by SEC Rule 17a-5, respectively. Furthermore, both of the attestation standards emphasize coordination between the examination engagement or review engagement, the audit of the broker’s or dealer’s financial statements, and audit procedures performed on the supplemental information.
The attestation standards can be found at https://pcaobus.org/Standards/Attestation/ Pages/default.aspx.
On December 4, 2017, the PCAOB issued Staff Guidance, Changes to the Auditor’s Report Effective for Audits of Fiscal Years Ending on or After December 15, 2017, to help audit firms in implementing changes to the auditor’s report under AS 3101, The Auditor’s Report on an Audit of Financial Statements When the Auditor Expresses an Unqualified Opinion. This staff guidance was subsequently updated on December 28, 2017, and August 23, 2018. The staff guidance covers key changes to the auditor’s report, including changes relating to the disclosure of auditor tenure, a statement on auditor independence, and a required explanatory paragraph on ICFR in certain circumstances. The guidance also provides a high-level overview of the requirements relating to critical audit matters (CAMs).
The new standard requires that the “Opinion on the Financial Statements” section be the first section, immediately followed by the “Basis for Opinion” section. Additionally, section titles have been added to the auditor’s report to guide the reader. Appropriate section titles are to be included for explanatory and emphasis paragraphs, such as when a going concern explanatory paragraph is included within the auditor’s report.
The new standard requires that the auditor’s report be addressed to the shareholders and the board of directors, or equivalents for companies not organized as corporations. The staff guidance includes the following examples of addressees for companies not organized as corporations:
Auditors can assess, based on the individual circumstances, whether to voluntarily include additional addressees in the auditor’s report.
The new standard requires a statement in the “Basis for Opinion” section that the auditor is a public accounting firm registered with the PCAOB (United States) and is required to be independent with respect to the company in accordance with U.S. federal securities laws and the applicable rules and regulations of the SEC and the PCAOB.
The new standard requires a statement in the auditor’s report containing the year the auditor began serving consecutively as the company’s auditor. The disclosure of tenure should reflect the entire relationship between the company and the auditor, taking into account firm or company mergers, acquisitions, or changes in ownership structures. For example, when a company acquires another company, if the acquirer’s current auditor continues serving as the combined company’s auditor, auditor tenure would continue; however, if the acquired company’s auditor is selected to serve as the combined company’s auditor, auditor tenure would begin at that time. Auditor tenure is not affected by the company’s status as a public company. If a company went public and maintained the same auditor, auditor tenure will include the years before and after the company became subject to SEC reporting requirements.
The staff guidance states that in determining the year the auditor began serving consecutively as the company’s auditor, the auditor will look to the year when the firm signs an initial engagement letter to audit a company’s financial statements or when the firm begins performing audit procedures, whichever is earlier. The staff guidance provides the following examples on determining auditor tenure:
If auditors cannot readily determine when an initial engagement letter was signed, they can determine tenure based on their own records, the company’s records, or publicly available information, such as company filings available on the SEC’s Electronic Data Gathering, Analysis and Retrieval (EDGAR) system.
In the absence of other evidence about when the auditor signed an initial engagement letter or began performing audit procedures, tenure can be determined based on the year in which the auditor first issued an audit report on the company’s financial statements or, if earlier, the auditor’s estimate of when work would have commenced to enable the issuance of such report.
If there is uncertainty as to the year the auditor began serving consecutively as the company’s auditor, the auditor should state that the auditor is uncertain and provide the earliest year of which the auditor has knowledge. The staff guidance provides the following example of such a statement:
For an investment company that is part of a group of investment companies, the new standard requires that the auditor’s statement regarding tenure will contain the year the auditor began serving consecutively as the auditor of any investment company in the group. The staff guidance provides the following example to illustrate this:
The updated guidance clarifies the following:
In certain circumstances, management is required to report on the company’s ICFR, but such report is not required to be audited. In such cases, the auditor is required to include explanatory language to that effect in the “Basis for Opinion” section. The annotated example included in the staff guidance illustrates this presentation by adding the following explanatory language:
Additionally, the requirements for auditor reporting on management reports on ICFR have been updated to conform to the new standard. Updated examples are included in AS 2201, as amended.
If an audit of ICFR is performed — whether pursuant to SEC rules, the rules of another regulator, or otherwise — such explanatory language in the Basis for Opinion section would not be included.
Additionally, the updated guidance clarifies that if the auditor issues separate reports on ICFR and the financial statements, the required paragraph referencing the separate report should appear in the Opinion on the Financial Statements section, immediately following the opinion paragraph. Auditor tenure is not required to be disclosed in the auditor's separate ICFR report.
Explanatory language is to be added when management is required to report on ICFR but an audit of ICFR is not performed, representing a key change to the list of circumstances in which explanatory language is required. The staff guidance also explains that if an audit report includes an emphasis of matter paragraph, an appropriate section title is to be used.
Some PCAOB standards specify the location of required explanatory language within the auditor's report. The updated guidance states that if the auditor is required to include explanatory language in the auditor's report but the location is not specified, the language may be placed where the auditor considers appropriate.
When an emphasis paragraph is included in the auditor’s report, the updated guidance states that it is not appropriate for the auditor to use phrases such as “with the foregoing [following] explanation” in the opinion paragraph. The updated guidance also clarifies that the emphasis paragraph may be placed where the auditor considers appropriate, with an appropriate section title.
If the auditor voluntarily decides to provide information about certain audit participants that is required to be reported on PCAOB Form AP, Auditor Reporting of Certain Audit Participants, the auditor should include an appropriate section title. The auditor may include information about the engagement partner, information about the other accounting firms, or both. If the auditor includes information about the other accounting firms in the auditor’s report, all other accounting firms required to be disclosed on Form AP must be included in the auditor’s report.
Note: AS 1301, Communications with Audit Committees, now requires engagement teams to provide to and discuss with the audit committee a draft of the auditor’s report prior to issuance.
The staff guidance provides an overview of requirements to disclose CAMs and reminds auditors that CAMs may be included voluntarily before the effective date or for entities for which the requirements do not apply. Communication of CAMs is not required for audits of emerging growth companies; brokers and dealers; investment companies other than business development companies; and employee stock purchase, savings, and similar plans.
The appendix in the updated guidance includes the following topics:
The most recent staff guidance is available at https://pcaobus.org/Standards/Documents/PCAOB-Auditors-Report-Guidance-8-23-18.pdf
On March 18, 2019, the PCAOB released three staff guidance documents to support implementation of the new CAM requirements. Auditors will be required to communicate CAMs in the auditor’s report under PCAOB AS 3101, The Auditor’s Report on an Audit of Financial Statements When the Auditor Expresses an Unqualified Opinion, according to the following timeline:
Category of filer | Effective date |
Audits of large accelerated filers | Audits for fiscal years ending on or after June 30, 2019 |
Audits of all other companies to which the requirements apply | Audits for fiscal years ending on or after December 15, 2020 |
The staff guidance consists of: (1) A Deeper Dive on the Determination of CAMs, (2) Implementation of Critical Audit Matters: The Basics, and (3) Staff Observations from Review of Audit Methodologies. The following provides a brief summary of each of the staff guidance documents; however, the staff guidance should be read in its entirety to ensure a complete understanding of the CAM requirements.
This staff guidance provides responses to frequently asked questions that arose during firm pilot testing and dry runs, as follows:
AS 3101 uses the word especially, instead of most, to clearly indicate that there could be multiple CAMs and that matters are assessed on a relative basis within the specific audit. In determining CAMs, the auditor should consider each of the criteria in the CAM definition: a CAM may involve especially challenging auditor judgment, especially subjective auditor judgment, especially complex auditor judgment, or some combination thereof. When communicating CAMs, auditors may choose to identify which of the three criteria specifically apply to each CAM. However, labeling a matter as challenging, subjective, and/or complex is not a substitute for the required description of the principal considerations as to why the matter is a CAM.
Some audit areas are inherently more challenging, subjective, or complex than others, regardless of the auditor’s experience, knowledge, and resources. For example, accounting estimates generally involve subjective assumptions and measurement uncertainty and may involve complex methods. The requirements for determining CAMs should be applied in the context of the facts and circumstances of the specific audit. Differences in auditors’ judgment, as well as in the nature, timing, and extent of the audit response required, will affect the determination of CAMs.
Some matters may always require especially challenging, subjective, or complex auditor judgment, and may be determined to be CAMs every year. Other matters may be CAMs in a single period or intermittently. For example, implementation of a new accounting standard or accounting for a significant unusual transaction may require especially challenging, subjective, or complex auditor judgment only in the year in which they occur. Furthermore, the audit of deferred tax assets accounts and disclosures may involve especially challenging, subjective, or complex auditor judgment only in years when additional auditor judgment and effort is necessary to assess the entity’s ability to utilize net operating loss carryforwards.
Significant events (e.g., natural disasters, cybersecurity breaches) or matters relating to the business and regulatory environment (e.g., significant regulatory changes, new accounting standards, significant changes in the economic or business environment, significant changes in government operations or policy) could affect the financial statements and become a subject of communications between the auditor and the audit committee. When evaluating such events or matters for purposes of determining CAMs, auditors would consider the relevant audit impact, which will largely depend on the nature, timing, and extent of the required audit response.
The evaluation and determination process for control deficiencies does not relate to a financial statement account or disclosure, and therefore the existence of a control deficiency would not, in and of itself, be a CAM. However, a control deficiency may relate to controls over one account and/or disclosure or multiple accounts and/or disclosures, or the ineffective controls may have a pervasive effect on the financial statements. If auditing the affected account balances and disclosures involved especially challenging, subjective, or complex auditor judgment, the auditor would determine one or more CAMs. The deficiency may then be among the considerations that led the auditor to determine such CAMs.
If a significant deficiency was considered in determining that a matter was a CAM, the auditor would describe the relevant control-related issues over the matter without using the term significant deficiency in the auditor’s report. If material weaknesses are identified, they are reported by the entity, and therefore that term is permitted to be used in a CAM description.
The critical accounting estimates that management is required to disclose in MD&A may overlap with CAMs, but they are not the same. Although some critical accounting estimates (or components of those estimates) may be the subject of CAMs, not all critical accounting estimates necessarily would be. Furthermore, the source of CAMs is broader than just critical accounting estimates (i.e., all matters communicated or required to be communicated to the audit committee).
The factors relevant to identifying significant risks (see paragraph 71 of AS 2110, Identifying and Assessing Risks of Material Misstatement) overlap with, but are not identical to, the criteria used in determining CAMs. For example, if responding to a significant risk did not involve especially challenging, subjective, or complex auditor judgment, the auditor would not determine that a related CAM exists. Conversely, responding to risks of material misstatement that are not significant risks may involve especially challenging, subjective, or complex auditor judgment, particularly when the risks relate to financial statement areas that involve greater degrees of judgment and estimation. In such instances, the auditor may determine that one or more CAMs exist.
Audit strategy decisions may be indicative of the reasons that a matter was a CAM and be included in the description of how a CAM was addressed in the audit. For example, audit strategy may affect the following:
In communicating CAMs, auditors are required to refer to the relevant financial statement accounts or financial statement disclosures, rather than to disclosures outside the financial statements. Company disclosures outside of the financial statements, however, may be relevant in the context of CAM communication. When describing CAMs in the auditor’s report, the auditor is not expected to provide information about the company that has not been made publicly available by the company (i.e., information that the company has made available through all means, including SEC filings, press releases, and other public statements), unless such information is necessary to describe the principal considerations that led the auditor to determine that a matter is a CAM or how the matter was addressed in the audit.
The staff guidance notes the following with regard to this CAM definition:
The auditor should also consider factors specific to the audit when determining whether a matter is a CAM.
CAMs are required to be communicated only for the current audit period. When the current period’s financial statements are presented on a comparative basis with those of one or more prior periods, the auditor may communicate CAMs relating to a prior period.
The description of the principal considerations that led the auditor to determine that the matter was a CAM should be specific to the circumstances, avoid standardized language, and provide a clear, concise, and understandable discussion of why the matter involved especially challenging, subjective, or complex auditor judgment.
In describing how the CAM was addressed in the audit, the auditor may describe any, or a combination, of the following:
When describing CAMs, the auditor is not expected to provide information about the entity that has not been made publicly available by the entity, unless such information is needed to describe the principal considerations that led the auditor to determine that a matter is a CAM or how the matter was addressed in the audit.
The auditor may not use language that could be viewed as disclaiming, qualifying, restricting, or minimizing the auditor’s responsibility for the CAMs or the auditor’s opinion on the financial statements. Language used to communicate a CAM also should not imply that the auditor is providing a separate opinion on the CAM or on the accounts or disclosures to which they relate.
The staff guidance also notes that certain introductory language is required for the CAM section in the auditor’s report.
The audit documentation is required to be in sufficient detail to enable an experienced auditor, having no previous connection with the engagement, to understand the determinations made to comply with the provisions of AS 3101. For matters determined to be CAMs, the description in the auditor’s report will generally suffice as documentation. For matters determined not to be CAMs, the amount of documentation required could vary with the circumstances.
The staff guidance notes that the engagement quality reviewer is required to evaluate the engagement team’s determination, communication, and documentation of CAMs.
Any matter communicated as a CAM should have been discussed with the audit committee, and the auditor is required to provide a draft of the auditor’s report to the audit committee and discuss the draft with them. The auditor may also discuss with management and the audit committee the treatment of any sensitive information.
CAMs are not a substitute for required explanatory paragraphs (e.g., when there is substantial doubt about the entity’s ability to continue as a going concern, or a restatement of previously issued financial statements). There could be situations in which a matter is a CAM and also requires an explanatory paragraph, such as going concern.
If a matter that the auditor considers emphasizing meets the definition of a CAM, the auditor would provide the information in the CAM section of the auditor’s report, and would not be expected to also include an emphasis paragraph.
The PCAOB’s Office of the Chief Auditor reviewed CAM methodologies, practice aids, training materials, and examples (“methodologies”) submitted by 10 U.S. audit firms that collectively audit approximately 85% of large accelerated filers, and observed the following:
The PCAOB also created a new auditor’s report implementation page to provide information, resources, and training regarding implementation of AS 3101, with an emphasis on how auditors are preparing to identify and communicate CAMs.
In June 2016, the PCAOB issued staff guidance for firms filing Form AP, Auditor Reporting of Certain Audit Participants, that provides greater detail regarding the provisions of Rules 3210 and 3211. This guidance was subsequently updated in January 2017 and then again in February 2017 to clarify some matters set out in Rule 3211.
The staff guidance provides an overview of the filing requirements for Form AP and includes examples of filing requirements in specific situations, such as IPOs, mutual fund formations, reverse mergers, reissued audit reports, and dual-dated audit reports. The guidance also specifies that filing a Form AP is not required for attestation engagements, reports issued for interim reviews, and non-issuer audits conducted in accordance with PCAOB standards.
The staff guidance provides detail on when and how to amend a Form AP. Amendments to Form AP are required to correct information that was incorrect at the time the form was filed or provide information that was omitted from the form and was required to be provided at the time the form was filed. The amendment process should not be used to update information reported on Form AP that was accurate or based on a reasonable estimate at the time of the initial filing.
Detail is provided in the staff guidance regarding the engagement partner disclosure on Form AP, including how to report the partner’s name and partner ID. Examples are given for certain situations, including how to report a partner’s name change on Form AP and assigning partner IDs.
Additionally, the staff guidance offers information on the participants to include and exclude from the Form AP disclosure requirements regarding other accounting firms. The guidance specifies that other accounting firms include affiliated firms, such as firms in a global network, and nonaffiliated firms. Items excluded from Form AP’s disclosure requirements include audit hours attributable to the engagement quality reviewer; the person who performed the review pursuant to SEC Practice Section 1000.45, Appendix K; specialists engaged but not employed by the auditor; an accounting firm performing the audit of entities in which the issuer has an investment that is accounted for using the equity method; internal auditors, other company personnel, or third parties working under the direction of issuer management or the audit committee who provided direct assistance in the audit of ICFR; and internal auditors who provided direct assistance in the audit of the financial statements.
If other accounting firms participated in the audit, the firm filing Form AP is required to compute the extent of participation of each other accounting firm in the most recent period’s audit as a percentage of total audit hours. According to the staff guidance, total audit hours in the current period’s audit are hours attributable to the financial statement audit; reviews pursuant to AS 4105, Reviews of Interim Financial Information, for the fiscal year covered by the audit; and the audit of ICFR. Although nonaccounting firms — such as offshore service centers and tax consulting firms — are not identified on Form AP, the staff guidance indicates that hours incurred by nonaccounting firm participants should be included in the computation of total audit hours and allocated among the principal auditor and the other accounting firms participating in the audit on the basis of which accounting firm commissioned and directed the applicable work of the nonaccounting firm.
Actual audit hours should be used if available, according to the staff guidance, but if actual audit hours are not available because, for example, a statutory audit is being conducted concurrently, the firm filing Form AP may use a reasonable method to estimate the hours. The staff guidance also states that the firm filing Form AP should document in its files the computation of total audit hours on a basis consistent with AS 1215, Audit Documentation.
The staff guidance provides detail regarding completing the information required in Form AP for other accounting firms individually contributing 5% or more of total audit hours, including specific situations regarding the other accounting firm’s legal name, the headquarters, and firm ID. Guidance is also provided regarding the information required in Form AP for other accounting firms individually contributing less than 5% of total audit hours.
Furthermore, the staff guidance specifies the information to be included in the audit report if the auditor decides to provide voluntary disclosure in the audit report about the engagement partner or other accounting firms participating in the audit.
The staff guidance also provides an illustrative example regarding how to complete Form AP for the engagement partner disclosure, as well as the disclosure regarding the names, locations, and extent of participation of other accounting firms whose work constituted 5% or more of the total audit hours, and the disclosure regarding the number and aggregate extent of participation of other accounting firms whose individual participation was less than 5% of total audit hours.
Lastly, the staff guidance provides information on the mechanics of filing a new or amended Form AP by using a web form or an XML file.
The staff guidance was updated in January 2017 to address a few minor technical clarifications. The most significant change in the updated guidance was to add an explanation of the filing deadline for issuers that do not file reports with the SEC. The staff guidance was further updated in February 2017 to provide guidance to firms on the treatment of professional staff in secondment arrangements. According to the updated staff guidance, another accounting firm participates in an issuer audit if any of its principals or professional employees performs work on the audit that is supervised under AS 1201 (formerly AS No. 10), Supervision of the Audit Engagement. Supervision of a professional employee in a secondment arrangement, however, does not necessarily mean that the other accounting firm participated in the audit. Professional employees in a secondment arrangement in which a professional employee of an accounting firm in one country is physically located in another country, in the offices of another accounting firm, for at least three consecutive months, performing audit procedures with respect to entities in that other country (and not performing more than de minimis audit procedures over the term of the secondment in relation to entities in the country of his or her employer) should be treated as if they were employed by the accounting firm to which they were seconded.
The most recent staff guidance is available at https://pcaobus.org/Standards/Documents/2017-02-16-Form-AP-Staff-Guidance.pdf.
Staff Audit Practice Alerts highlight new, emerging, or otherwise noteworthy circumstances that may affect how auditors conduct audits under the existing requirements of PCAOB standards and relevant laws. Auditors should determine whether and how to respond to these circumstances based on the specific facts presented. The statements contained in Staff Audit Practice Alerts are not rules or standards, because they have not followed due process; however, they contain useful information about how to apply the auditing standards in certain circumstances and may focus on areas that the inspection staff has noted as areas for auditor focus. All of the Staff Audit Practice Alerts are available on the PCAOB’s website at http://pcaobus.org/Standards/Pages/Guidance.aspx.
In October 2017, the PCAOB released Staff Audit Practice Alert No. 15. The auditing matters discussed in this alert are relevant to the auditor’s consideration of implementation of the new revenue standards issued by both FASB and IASB, and are applicable for both interim reviews and year-end audits. Additionally, the alert points out that certain matters discussed in the alert may be applicable to auditing the implementation of the new accounting standards on leases and credit losses.
The alert discusses the following:
The matters discussed in the alert are applicable to both planning and performing audit procedures with respect to revenue. The alert also contains a caveat indicating that although the alert highlights certain areas, it is not intended to identify all areas that might affect audit risk arising from the implementation of the new revenue standard, nor is it a substitute for the relevant auditing standards.
The complete text of Staff Audit Practice Alert No. 15 is available at https://pcaobus.org/Standards/QandA/SAPA-15-revenue-accounting-standard.pdf
Staff Audit Practice Alert No. 14 emphasizes that improperly altering audit documentation in connection with a PCAOB investigation or inspection violates PCAOB rules and can result in disciplinary action with severe consequences. The alert also points out that improperly altering audit documentation is inconsistent with an auditor’s professional duty to act with integrity and as a gatekeeper in public securities markets.
The alert summarizes PCAOB audit documentation requirements under AS 1215, Audit Documentation. The alert also emphasizes that PCAOB Rule 4006, Duty to Cooperate with Inspectors, includes an obligation not to provide improperly altered documents or misleading information in connection with the board’s inspection processes.
According to the alert, in the past several years, the board has sanctioned firms and individuals for violating both their obligation to cooperate with board inspections and the requirements of AS 1215, as a result of those firms and individuals improperly deleting, adding, or altering documentation in connection with an inspection. PCAOB enforcement staff have recently discovered evidence of additional instances of improperly altered audit documentation, including documents that were created shortly in advance of, or during, an inspection, and then backdated. The alert further states that failures to cooperate with a board inspection or investigation can result in a board disciplinary action and significant sanctions, including revoking a firm’s PCAOB registration, barring an individual from further association with any registered firm, and imposing civil monetary penalties.
To reduce the risk of improper alteration of audit documentation in connection with a PCAOB inspection, the alert states that registered firms should take action to assure that (1) work papers are properly archived; (2) work papers, once archived, are not improperly altered; and (3) the documentation provided to PCAOB inspectors for an audit is the original archived documentation for that audit (supplemented, as appropriate, in accordance with AS 1215).
Registered firms or individuals that become aware of any improper alteration of audit documentation in connection with a board inspection or investigation should report that information. They can do so by contacting PCAOB staff in the Division of Registration and Inspections or the Division of Enforcement and Investigations, or by contacting the PCAOB Tip and Referral Center, including anonymously. In addition, in appropriate circumstances, individuals may use their firm’s internal whistleblower and complaint systems to report improper alteration of audit documentation or other suspected misconduct. The alert also points out that voluntary and timely self-reporting of misconduct, including violations of the obligation to cooperate with board inspections or investigations, may be a factor in determining whether to impose sanctions against a firm or person and what sanctions to impose.
Staff Audit Practice Alert No. 13 was issued to remind auditors that the existing PCAOB standards remain in effect, notwithstanding the recent changes to U.S. generally accepted accounting principles (U.S. GAAP) about disclosure of uncertainties about a company’s ability to continue as a going concern.
The alert explains that auditors should look to the applicable financial reporting framework, whether U.S. GAAP or International Financial Reporting Standards (IFRS), to assess management’s going concern evaluation and the related financial statement disclosures. Furthermore, auditors are reminded that the requirements under AS 2415, The Auditor’s Consideration of an Entity’s Ability to Continue as a Going Concern, for the auditor’s evaluation, and reporting when substantial doubt exists, have not changed and continue to be in effect. A determination that no disclosure is required under U.S. GAAP or IFRS, as applicable, is not conclusive as to whether an explanatory paragraph is required under AS 2415. The alert emphasizes that auditors should make a separate evaluation of the need for disclosure in the auditor’s report in accordance with AS 2415.
The PCAOB issued Staff Audit Practice Alert No. 12 to highlight certain PCAOB auditing requirements related to aspects of auditing revenue in which significant auditing deficiencies have been frequently observed by the PCAOB’s inspections staff. The matters discussed in this alert are applicable to both planning and performing audit procedures with respect to revenue. Because revenue is often significant to a company’s operating results, it is particularly important for the engagement partner and other senior engagement team members to focus on these matters and for engagement quality reviewers to consider these matters when performing reviews.
The following summarizes the more significant topics discussed in this alert; however, all audit professionals should read the alert in its entirety. The alert contains reminders and considerations that may be applicable in the conduct of any audit, not just those of issuers. Moreover, the matters discussed in the alert are likely to continue to have relevance to auditing revenue under the recently issued accounting standard on revenue recognition.
Testing revenue recognition, presentation, and disclosure
Testing the recognition of revenue from contractual arrangements
As it relates to construction-type or production-type contracts, inspections staff identified instances in which auditors failed to perform audit procedures to (1) test management’s estimated costs to complete projects; (2) test the progress of the construction or production contracts; or (3) evaluate the reasonableness of the company’s approach for applying the percentage-of-completion method of accounting. With respect to multiple-element arrangements, inspections staff noted instances in which auditors failed to (1) evaluate each of the deliverables to determine whether they represented separate units of accounting, and (2) test the value assigned to the undelivered elements.
The alert highlights the importance of gaining an understanding of the company, its environment, and internal control that includes understanding the company’s key products and services and contractual terms of sales transactions, because such an understanding will assist auditors in determining the specific audit procedures to test whether revenue was properly reported. Furthermore, the alert explains that revenue recognition often involves accounting estimates, such as estimates of future obligations under the terms of sale in the contract. Depending on whether the estimate is a fair value estimate or other type of estimate, the auditor should apply either AS 2502 or AS 2501.
Evaluating the presentation of revenue — Gross versus net revenue
Inspections staff observed instances in which auditors failed to perform sufficient procedures to evaluate whether a company’s presentation of revenue on a gross basis (the company has the primary obligation to the customer) versus a net basis (the company is acting in the capacity of an agent) was in conformity with the applicable financial reporting framework. The alert emphasizes the importance of determining whether a company is a principal or agent in a transaction.
Testing whether revenue was recognized in the correct period
The risk of material misstatement involving revenue recognition in the incorrect period may be a risk of error or a risk of fraud. The alert explains that when designing and performing cutoff procedures, the auditor should plan and perform audit procedures that address the risk of material misstatement, in particular, determining that the procedures are designed to (1) detect the type of potential misstatement related to the risk and (2) obtain sufficient relevant and reliable evidence. An example of a typical cutoff procedure is to test sales transactions by comparing sales data for a sufficient period before and after year-end to sales invoices, shipping documentation, or other appropriate evidence to determine that the revenue recognition criteria were met and the sales transactions were recorded in the proper period.
Evaluating whether the financial statements include the required disclosures regarding revenue
The alert emphasizes that the auditor should develop expectations about the disclosures necessary for the company’s financial statements to be presented fairly in conformity with the applicable financial reporting framework to identify and assess the risks of material misstatement related to omitted, incomplete, or inaccurate disclosures. Specifically, when evaluating the disclosures, the auditor is required to perform the following, among other things:
Additionally, the alert emphasizes that the evaluation of disclosures also involves the evaluation of the effect on the financial statements of uncorrected misstatements in disclosures, such as omitted, incomplete, or inaccurate disclosures.
Other aspects of testing revenue
Responding to fraud risks associated with revenue
Inspections staff have observed deficiencies in some auditors’ responses to fraud risks associated with revenue. Examples include failures to do the following:
PCAOB standards require the auditor to presume that there is a fraud risk involving improper revenue recognition and to evaluate which types of revenue, revenue transactions, or assertions may give rise to such risks in the company being audited. The alert emphasizes that auditors who merely identify revenue as having a general risk of improper revenue recognition without attempting to assess ways in which revenue could be intentionally misstated may find it difficult to develop meaningful responses to the identified fraud risks.
When responding to fraud risks, it is important to seek reliable evidence that would be difficult for potential perpetrators to manipulate and to incorporate an element of unpredictability in audit procedures.
Testing and evaluating controls over revenue
When the auditor plans to assess control risk for a relevant assertion of a significant account and disclosure at less than the maximum by relying on controls — and the nature, timing, and extent of planned substantive procedures are based on that lower assessment — PCAOB standards require the auditor to obtain evidence that the controls selected for testing are designed and operating effectively during the entire period of reliance. Inspections staff have observed instances in which auditors relied on controls to reduce substantive testing, but such reliance was unsupported because the testing of controls was insufficient (for example, auditors failed to test controls for the entire period), the results of control tests identified deficiencies indicating controls were ineffective, or procedures to test the design and operating effectiveness of the company’s controls were insufficient because they did not address the relevant assertions.
When deficiencies in controls over revenue on which the auditor plans to rely are detected, the PCAOB standards require the auditor to
Applying audit sampling procedures to test revenue
Inspections staff observed deficiencies in the design and performance of sampling procedures used to test revenue transactions, including the following:
When determining the number of items to test for a substantive test of details, PCAOB standards require consideration of the tolerable misstatement for the population, the allowable risk of incorrect acceptance, and the characteristics of the population. Although auditors may use either a statistical or nonstatistical sampling method, the size of a sample using a nonstatistical method will be comparable to, or larger than, the size of a statistically determined sample.
In selecting a representative sample, items may be selected randomly, systematically, or haphazardly. The following are not representative selection methods:
Additionally, each sample item selected should be subject to the planned audit procedures. In circumstances in which supporting documentation may be missing, the auditor’s treatment of unexamined items will depend on their effect on the evaluation of the sample. If the auditor’s evaluation of the sample results would not be altered by considering those unexamined items to be misstated, it is not necessary to examine the items. If, however, considering those unexamined items to be misstated would lead to a conclusion that revenue contains a material misstatement, the auditor should consider alternative procedures to obtain sufficient evidence to form a conclusion. Moreover, the auditor should consider the reasons for his or her inability to examine the items and implications for the risk assessment, including fraud risk, the integrity of management, and other possible effects.
Performing substantive analytical procedures to test revenue
It is important for auditors to design their substantive procedures to provide the necessary level of assurance regarding the assertion being tested. The level of assurance needed depends on (1) the risk of material misstatement, considering reliance on controls when appropriate; and (2) the assurance provided by other substantive procedures directed to the same assertion as the analytical procedure. As the assessed risk of material misstatement increases, the level of assurance needed from substantive procedures also increases. It is important to note that under PCAOB standards, substantive analytical procedures alone are not sufficient to respond to fraud risks or other significant risks; therefore, tests of details are also needed in such situations.
Staff Audit Practice Alert No. 12 highlights the following areas where the substantive analytical procedures for testing revenue were insufficient in some instances:
Testing revenue in companies with multiple locations
Inspections staff have observed instances in which auditors did not test, or test sufficiently, revenue at individual locations that had specific risks, including fraud risks, for which there was a reasonable possibility of a material misstatement. In one example, entity-level controls were relied upon to reduce substantive testing of revenue at certain locations, but the effect of identified deficiencies in those controls was not considered. In another example, the auditor planned to use the work of internal auditors for certain locations, but the auditor failed to evaluate whether the work of the internal auditors addressed certain identified risks associated with those locations.
When a company has operations in multiple locations or has business units that generate or process revenue, the auditor is required to determine the extent to which audit procedures should be performed at selected locations or business units in gathering sufficient appropriate audit evidence. In determining the amount of audit attention to devote to a location or business unit, the auditor is required to correlate such audit attention with the degree of risk of material misstatement. AS 2101 lists the following factors that are relevant to assessing the risk of material misstatement associated with a location or business unit and the determination of audit procedures:
In recent years, the PCAOB inspections staff has observed a significant number of audit deficiencies in audits of ICFR. This staff alert addresses such deficiencies, so that auditors can take note of such matters when planning and performing their audits of internal control. Specifically, the alert discusses the topics in the following sections.
Risk assessment is a key element of the top-down approach, and underlies the entire audit process. The PCAOB’s general inspection report cites the improper application of the top-down approach as a potential root cause for the deficiencies noted in audits of internal control. The alert includes a table to illustrate how certain risk assessment procedures required by AS 2110 can be coordinated with procedures that are performed under AS 2201. The alert also points out that performing walkthroughs is an effective way to obtain an understanding of internal control and satisfy the requirements of AS 2110 and AS 2201 concurrently.
The alert also reminds auditors that the components of a potential significant account or disclosure might be subject to significantly different risks. Further, different risks of material misstatement affecting the same assertion of an account or disclosure might arise at different points within the company’s processes. If risks differ among components, the auditor might need to select and test different controls to support a conclusion that the controls adequately address the risks to the account or disclosure.
According to the alert, inspections staff also observed instances in which firms did not sufficiently test controls in multilocation engagements. PCAOB standards require the auditor to assess the risks of material misstatement to the consolidated financial statements associated with the location or business unit and correlate the amount of auditing attention devoted to the location or business unit with the degree of risk. AS 2101 lists factors that are relevant to (1) assessing the risk of material misstatement associated with a location or business unit and (2) determining the necessary audit procedures.
PCAOB inspections staff noted that, in some instances, firms placed undue emphasis on testing management review controls and other detective controls without considering whether they adequately addressed the assessed risks of material misstatement of the significant account or disclosure. In particular, auditors in certain instances failed to identify and sufficiently test controls that addressed the risks of material misstatement for revenue, inventory, financial instruments, and pension plan assets.
The alert further points out that internal control also applies to infrequent processes and nonrecurring transactions outside the normal course of business, and the auditor should directly test the controls over those processes or transactions if they present a risk of material misstatement of the financial statements. Performing substantive audit procedures to determine whether the nonrecurring transaction was recorded properly does not, by itself, provide the auditor with evidence of the effective design and operation of the company’s control over such transactions.
Management reviews typically involve comparing recorded financial statement amounts to expected amounts and investigating significant differences from expectations. Many management review controls are entity-level controls, but may also be found within activity level controls. AS 2201 provides that entity- level controls vary in nature and precision, and the alert lists certain factors that can affect the level of precision of an entity-level control.
As with other types of controls, the auditor should obtain evidence about how a management review control is designed and operated to prevent or detect misstatements. The alert also states that testing the operating effectiveness of a management review control typically involves obtaining and evaluating evidence about (1) the steps performed to identify and investigate significant differences; and (2) the conclusions reached in the reviewer’s investigation, including whether potential misstatements were appropriately investigated and whether corrective actions were taken as needed.
To provide further illustration, the alert includes an example of the steps involved in a test of a management review control.
Inspections staff have observed instances in which firms did not sufficiently test controls over the completeness and accuracy of system-generated data or reports used in the operation of those controls. The alert reminds readers that PCAOB standards require the auditor to obtain an understanding of the manual and automated controls used by the company, including the IT general controls (ITGCs) that are important to the effective operation of the automated controls. The auditor also should obtain an understanding of specific risks to a company’s internal control resulting from IT. Further, when testing an IT-dependent control, the auditor should also test the IT controls on which the selected control relies.
PCAOB standards also require evaluating the severity of identified control deficiencies, including IT control deficiencies. Such an evaluation involves assessing the effect of the deficiency on important IT- dependent controls and, in turn, the likelihood and magnitude of potential misstatements. Deficient IT controls might impair the effectiveness of multiple controls across multiple accounts; in those situations, it may be necessary to assess the combined severity of those impaired controls in conjunction with the original deficient IT control.
Inspections staff have identified instances in which firms tested significant controls at an interim date and either did not perform any testing, or used inquiry alone, to update the results of their testing. The alert states that when auditors test controls at an interim date, “roll-forward” procedures are required to update the interim test results to year-end. The amount of evidence needed from the roll-forward procedures depends on the nature of the control tested at the interim date and the results of those tests; the sufficiency of evidence obtained at the interim date; the length of the roll-forward period; and whether there were any significant changes in internal control since the interim date.
AS 2201 provides that inquiry might be a sufficient roll-forward procedure when the aforementioned factors indicate a low risk that the controls are no longer effective during the roll-forward period. When inquiry is not sufficient, the additional evidence to cover the roll-forward period cannot be inferred from the absence of misstatements detected by substantive procedures.
Inspections staff have identified situations in which firms used the work of others, such as internal audit, who performed tests of controls without establishing a sufficient basis for using that work. PCAOB standards provide that the extent to which the work of others can be used, as well as the extent of the auditor’s evaluation of the others’ work, depends on the risk associated with the control being tested; and the competence and objectivity of the persons whose work the auditor plans to use.
The alert also offers a reminder that when using the work of others that provide direct assistance, the auditor should supervise that work, including reviewing, testing, and evaluating the work.
Inspections staff have observed instances in which firms failed to sufficiently evaluate the severity of identified control deficiencies, including failures to do the following:
Additionally, control deficiencies might be identified during the audit of the financial statements as well as the audit of internal control. PCAOB standards require auditors to evaluate the effect of the findings of the substantive procedures performed in the financial statement audit on the effectiveness of internal control.
The alert points out that evaluating whether a control deficiency, or a combination of control deficiencies, results in a material weakness requires professional skepticism and careful analysis. Auditors who perform a cursory evaluation of deficiencies might reach premature conclusions without appropriately considering critical information, such as considering only the amount of identified misstatements, without evaluating the potential exposure; or assessing deficiencies in isolation, without considering other deficiencies in combination.
Because of the nature and importance of the matters covered in this alert, the engagement partner and senior engagement team members should focus on the aforementioned areas, and engagement quality reviewers should keep these matters in mind when performing their engagement quality reviews. Auditing firms also should consider whether additional training of their auditing personnel is needed.
Staff Audit Practice Alert No. 10, Maintaining and Applying Professional Skepticism in Audits
Staff Audit Practice Alert No. 10 was issued in 2012. Based on its observations from oversight activities, the PCAOB has observed that certain circumstances can impede the application of professional skepticism and allow unconscious biases to occur, including incentives and pressures from inherent conditions in the audit environment, scheduling and workload demands, or an inappropriate level of confidence or trust in management. This staff alert provides guidance on the requirement to appropriately apply professional skepticism throughout the audit.
Professional skepticism is defined as an attitude that includes a questioning mind and a critical assessment of audit evidence, and is essential to the performance of effective audits under PCAOB standards. The auditor is also required, under PCAOB standards, to exercise due professional care in planning and performing the audit and in preparing the audit report, and due professional care requires the exercising of professional skepticism. Professional skepticism is particularly important in audit areas that involve significant management judgments or transactions outside the normal course of business.
Applying professional skepticism is also important when planning and performing audit procedures to address fraud risks. The auditor should not be satisfied with less than persuasive evidence because of a belief that management is honest. When applying professional skepticism in response to assessed fraud risks, auditors may modify the planned audit procedures to obtain more reliable evidence regarding relevant assertions, or obtain sufficient appropriate evidence to corroborate management’s explanations or representations, such as through third-party confirmation, use of a specialist engaged or employed by the auditor, or examination of documentation from independent sources.
The alert also cites certain specific instances in which PCAOB inspectors and enforcement officials found that auditors did not appropriately apply professional skepticism.
Incentives and pressures to build or maintain a long-term audit engagement, avoid conflicts with management, provide an unqualified audit opinion prior to the filing deadline, achieve high client satisfaction, keep audit costs low, or cross-sell other services can all undermine the application of professional skepticism. Furthermore, over time, auditors may develop an inappropriate level of trust in management. In addition, scheduling and workload demands can put pressure on engagement teams to complete their work too quickly.
Firms’ quality control systems can help engagement teams improve the application of professional skepticism, including the following:
The engagement partner is responsible for setting an appropriate tone that emphasizes the need for the engagement team to maintain a questioning mind throughout the audit and to exercise professional skepticism in gathering and evaluating evidence. It is also important for the engagement partner and other senior engagement team members to be actively involved in planning, directing, and reviewing the work of engagement team members. In directing the work of others, senior engagement team members, including the engagement partner, may possess knowledge and experience that may assist less experienced engagement team members in applying professional skepticism.
It is ultimately the responsibility of each individual auditor to appropriately apply professional skepticism, including the following areas:
The risk assessment approach set out in the PCAOB standards is intended to focus auditors’ attention on those areas of the financial statements that are higher risk and therefore most susceptible to misstatement. This includes considering events and conditions that create incentives or pressures on management or create opportunities for management to manipulate the financial statements. The evidence obtained from the required risk assessment procedures should provide a reasonable basis for the auditor’s risk assessments, which then should drive the auditor’s tests of accounts and disclosures in the financial statements.
The risk assessment procedures required by PCAOB standards also should provide the auditor with a thorough understanding of the company and its environment, to help identify unusual transactions or matters that warrant further investigation, and to provide a basis for the auditor to evaluate and challenge management’s assertions.
In higher risk areas, the auditor’s appropriate application of professional skepticism should result in procedures that are focused on obtaining evidence that is more relevant and reliable, such as evidence obtained directly and evidence obtained from independent, knowledgeable sources. If audit evidence obtained from one source is inconsistent with other audit evidence, the auditor should perform the audit procedures necessary to resolve the matter and determine the effect, if any, on other aspects of the audit.
The alert lists the following examples of audit procedures that reflect the need for professional skepticism:
In determining whether the financial statements are materially misstated, the auditor should take into account all relevant audit evidence, regardless of whether the evidence corroborates or contradicts the assertions in the financial statements. Areas that reflect the need for the auditor to apply professional skepticism include the following:
Staff Audit Practice Alert No. 9 was issued in 2011 and expands the guidance provided in Staff Audit Practice Alert No. 3, Audit Considerations in the Current Economic Environment. Although many of the risks discussed in Staff Audit Practice Alert No. 3 are still relevant, Practice Alert No. 9 highlights the PCAOB risk standards as they relate to the economic environment.
Changing economic conditions may require the auditor to reassess the appropriateness of the planned audit strategy, materiality levels, risk assessments, and planned audit responses.
Audit planning and materiality considerations. The nature and extent of planning activities depend in part on any changes in circumstances that occur during the audit. For example, in an audit with operations in multiple locations, changes in regional economic conditions might affect the associated risks in those locations, which could in turn affect the locations selected for testing or the extent of testing at selected locations. Changing economic conditions may also require the auditor to re-evaluate materiality if materiality was initially established using estimated or preliminary financial information.
Risk assessment. Examples of risk assessment procedures that may provide particularly relevant information in identifying and assessing the risks of material misstatement in the current economic environment include
Further, the auditor should evaluate whether the prior years’ information remains relevant and reliable in a changing economic environment. For example, when performing an analytical procedure in the current economic environment, prior-period financial information may not be appropriate to use in developing an expectation.
Communication among engagement team members about significant matters affecting the risks of material misstatement are to continue throughout the audit, and such communication is particularly important when conditions change. For instance, the results of the brainstorming discussion among the key engagement team members about how and where they believe the company’s financial statements might be susceptible to material misstatement due to fraud may need to be updated to reflect additional fraud risks.
Identifying fraud risks and other significant risks. In identifying and assessing risks of material misstatement, the auditor should determine whether any risks are significant risks. One of the factors that should be evaluated in determining which risks are significant is whether the risk is related to recent significant economic developments. Accordingly, risks of material misstatement that may be particularly susceptible to changes in the economic environment are to be evaluated in this context.
Planned audit response. As the assessed risks of material misstatement change during an audit, corresponding changes to the planned audit response may be necessary. Depending on the circumstances, the changes may be pervasive, as might be the case with respect to the valuation of significant accounts at year-end, because of a high degree of volatility in market conditions. In addition, volatile market conditions could make substantive analytical procedures less effective, because such an environment negatively affects the plausibility and predictability of relationships among financial and nonfinancial data.
When testing management’s process for determining fair value measurements or estimates, the auditor should perform procedures commensurate with the related risk, including considering whether significant assumptions such as the following are supported by the available evidence:
Audit evidence consists not only of information that supports management’s assertions, but also information that may contradict such assertions.
Bias in accounting estimates. The auditor should evaluate whether differences between estimates best supported by the audit evidence and estimates included in the financial statements, which are individually reasonable, indicate a possible bias. For example, a lack of consistency in assumptions used to support different assumptions used in the goodwill impairment test that are inconsistent with revenue assumptions used to accrue discretionary compensation might be indicative of management bias.
If the auditor identifies bias in management’s judgments, the auditor should evaluate whether the effect of that bias, together with the effect of uncorrected misstatements, results in material misstatement. The auditor should also evaluate whether the initial risk assessments remain appropriate.
Consideration of changes to accounting standards. Since the issuance of Staff Audit Practice Alert No. 3, certain accounting requirements have been amended. In particular, Practice Alert No. 9 emphasizes FASB Accounting Standards Codification (ASC) 350, Testing Goodwill for Impairment, which allows companies to first assess qualitative factors to determine whether it is more likely than not that the fair value of a reporting unit is less than its carrying value as a basis for determining whether it is necessary to perform the two-step goodwill impairment test. When the auditor reviews and tests a company’s process for assessing such qualitative factors, considerations should include
If the auditor believes there is substantial doubt about the company’s ability to continue as a going concern for a reasonable period of time, the auditor should (1) obtain information about management’s plans that are intended to mitigate the effect of such conditions or events, and (2) assess the likelihood that such plans can be effectively implemented. For example, if management is relying on a significant shareholder’s pledge of financial support, consideration should be given to the effect of current economic conditions on the shareholder’s ability to provide such funding. Another important consideration in the current economic environment is the willingness of a third party to continue to provide financial support.
When prospective financial information is particularly significant to management’s plans, the auditor should request management to provide that information. In considering the adequacy of support for significant assumptions underlying that information, the auditor should consider whether the assumptions are consistent with current economic conditions.
The alert explains that to identify and assess the risk of omitted, incomplete, or inaccurate disclosure, the auditor should develop expectations about the disclosures that are necessary for the company’s financial statements to be presented fairly. Further, key engagement team members should discuss (1) the company’s selection and application of accounting principles, including disclosures, (2) the susceptibility of the financial statements to material misstatement due to error or fraud, and (3) how fraud might be perpetrated or concealed by omitting or presenting incomplete or inaccurate disclosures.
When evaluating whether the financial statements are fairly presented, the newly effective risk standards require the auditor to evaluate the disclosures, including, among other things, (1) evaluating whether the financial statements and disclosures are informative of matters that may affect their use, understanding, and interpretation, and (2) considering whether the form, arrangement, and content of the financial statements and disclosures are appropriate, encompassing matters such as the terminology used, the amount of detail given, the classification of items in the statements, and the bases of amounts set forth.
Evaluation of disclosures also involves evaluation of the effect on the financial statements of uncorrected misstatements in disclosures, such as omitted, incomplete, or inaccurate disclosures. In this regard, qualitative considerations are particularly important when evaluating misstatements that are more narrative in nature, such as those relating to risks and uncertainties or loss contingencies where an estimate has not yet been disclosed.
Staff Audit Practice Alert No. 8 provides guidance on risks of misstatement due to fraud that auditors may encounter in audits of companies with operations in emerging markets, and the responsibilities of auditors to address those risks.
Fraud risks may arise from internal or external factors. For this reason, the auditor obtains an understanding of the company and its environment as part of the risk assessment process and determines whether one or more fraud risk factors are present. This understanding includes the following, for example:
In addition to the incentives, pressures, and opportunities usually considered in audits of public companies, the alert reminds the auditor to consider any unique characteristics of the emerging market company or its environment that might result in specific fraud risks. For example, a company in an emerging market might have a dominant presence because it is the single largest employer in a region, or it may exercise control over raw materials on which other companies in the region depend. Further, the company’s management may have strong ties with the local or state government. In such circumstances,
Further, a company in an emerging market might be created as a spin-off from a larger private or state- owned entity, such that the operating components of the larger entity may be among the company’s largest suppliers or customers. In certain instances, the same individual or group that controls the company might also control the company’s suppliers and customers. Such situations might provide opportunities for management to enter into undisclosed side agreements with related parties or collude to create false documentation to support fictitious transactions.
Auditors are required to design and implement audit responses to address identified and assessed fraud risks. Further, we are required to perform substantive procedures that are responsive to the assessed fraud risks, including procedures to address the risk of management override of controls.
Confirmation procedures
When performing confirmation procedures to address fraud risks, the auditor should confirm amounts included in the company’s financial statements with a knowledgeable and objective third party. If there is a risk of interception or alteration of a confirmation request or response, the auditor should take appropriate action to address that risk. For example, if the auditor uses a courier to expedite the delivery of confirmation requests, the courier should be reliable and independent from management to ensure that the confirmation requests are delivered directly to the intended recipient. If there is a heightened risk of management interference in the process, it might be necessary to deliver the confirmation request personally and observe the intended recipient of the confirmation request complete the response in order to communicate directly with an independent and knowledgeable source.
In determining whether the intended recipient of a confirmation request is objective, the auditor should ensure that the company’s management does not have any influence over this individual to provide false or misleading information. If there is a heightened risk that the intended recipient is susceptible to management influence, the auditor should consider whether the response provides appropriate evidence and whether other procedures are necessary.
Revenue recognition
The auditor should presume that there is a fraud risk involving improper revenue recognition and evaluate which types of revenue, revenue transactions, or assertions may give rise to such risks. The auditor should also exercise professional skepticism, which requires the evaluation of evidence from all sources rather than relying solely on management representations and the company’s performance. For example, if the auditor performs analytical procedures regarding revenue, and management represents that a significant unexpected increase from the prior year results from increased production, the auditor should obtain evidence to corroborate this representation and critically evaluate whether the company is capable of producing the additional output. Also, if conditions indicate that a document may not be authentic, or the terms or conditions have been modified and the modifications have not been disclosed, the auditor should perform additional procedures, such as obtaining documentation directly from the company’s customers or suppliers to compare it to documents provided by management.
Transactions with related parties
It is not uncommon for companies in emerging markets to be owned or controlled by a small group of individuals or a family. These individuals often serve as the senior members of the company’s management, and also may control some of the entities that the company does business with, such as customers or suppliers. Accordingly, transactions with related parties may play a significant role in the company’s operations. For this reason, the auditor should be alert to the risk of undisclosed related party transactions or side agreements.
PCAOB standards require the auditor to evaluate whether the accumulated results of auditing procedures and other observations affect the assessment of the fraud risks made throughout the audit and whether the audit procedures need to be modified to respond to those risks. Matters indicating a heightened risk of fraud may include
Restrictions on the scope of the audit imposed by the company’s management or by circumstances, such as the inability to obtain sufficient appropriate audit evidence or an inadequacy in the accounting records, may require the auditor to qualify the audit opinion or to disclaim an opinion.
Client acceptance and engagement assignments
In performing client acceptance and continuance assessments for clients with operations in emerging markets, the auditor needs to consider his or her ability to perform audits in emerging markets and the ability to supervise or assume responsibility for that work in accordance with PCAOB standards. When the auditor uses the work of accountants outside the auditor’s own firm, the auditor should take into account the knowledge, skill, and ability of each engagement team member from outside the firm. Further, making appropriate engagement assignments and coordinating the auditor’s response with another auditor necessarily entails overcoming any language barriers. In some audits of companies in emerging markets, key engagement team members might be from outside the country in which substantially all of the company’s operations, its top management, or the other auditor is located. In those circumstances, the auditor should take the necessary steps to enable effective communication among the engagement team members, effective communication between the auditor and the company’s personnel or the other auditor, and effective review of documentation prepared in a foreign language.
Illegal acts
During the course of the audit, the auditor may determine that violations of laws or regulations may constitute illegal acts. If the illegal act results in uncorrected misstatements of even relatively small amounts, the auditor should determine whether it has a material effect on the financial statements. If the auditor concludes that an illegal act has or is likely to have occurred, AS 2405, Illegal Acts by Clients, requires the auditor to determine that the audit committee, or others with equivalent authority and responsibility, is adequately informed with respect to the illegal act. Also, Section 10A(b) of the Exchange Act imposes additional requirements on auditors that apply when the auditor detects an illegal act.
Staff Audit Practice Alert No. 7 was issued in response to allegations that surfaced in the fall of 2010 that banks may have misrepresented the quality of mortgages sold, and that those banks could be required to repurchase the affected mortgages. The alert advises auditors that the possible risks associated with mortgage and foreclosure-related activities could have audit implications, such as accounting for litigation or other loss contingencies and related disclosures.
The alert emphasizes certain requirements of AS 2505, Inquiry of a Client’s Lawyer Concerning Litigation, Claims, and Assessments. This standard states that in order to identify litigation, claims, and assessments, and to become satisfied with the accounting and reporting of such matters, the auditor should gather audit evidence relevant to the following factors:
AS 2505 also explains that audit procedures undertaken for other purposes (such as reading minutes of board meetings, or inspecting contracts or loan agreements) may identify litigation, claims, or assessments. The alert further reminds auditors to obtain a letter from the client’s lawyer to help corroborate the information provided by management regarding litigation, claims, and assessments.
Often, companies involved in mortgage and foreclosure-related activities estimate and accrue amounts for other than legal contingencies. This alert reminds auditors that AS 2501, Auditing Accounting Estimates, establishes requirements regarding obtaining and evaluating audit evidence for these other accounting estimates such as those related to various representations and warranties. For example, the auditor should consider the company’s experience in making accounting estimates in past periods, as well as the auditor’s relevant industry experience; however, changes in facts, circumstances, or a company’s procedures may cause factors other than those considered in the past to become significant to the accounting estimate.
According to AS 2501, when evaluating the reasonableness of the company’s accounting estimates, the auditor should consider the subjective and objective factors included in the estimate. When considering the reasonableness of estimates relating to mortgage loan repurchase losses, this alert points out that these factors may include estimated levels of defects based on the company’s review or experience, default expectations, investor repurchase demand, or appeal success rates.
FASB ASC 450-20 requires that when a loss is not both probable and estimable, an accrual is not recorded, but disclosure is required when there is a reasonable possibility that a loss or an additional loss has been incurred. Companies involved in mortgage and foreclosure-related activities may need to include new disclosures or expand existing disclosures regarding litigation and other contingencies or estimates. The alert states that companies that sold or securitized loans, but that may not have complied with representations and warranties, may be forced to repurchase such loans. These companies may need to disclose or enhance their existing disclosures regarding their potential exposures.
In addition, the alert points out that auditors should read the other information accompanying the interim and annual financial statements contained in reports filed with the SEC, including the Management’s Discussion and Analysis of Financial Condition and Results of Operations sections of annual reports and other filings, to assess whether this information or manner of its presentation is materially inconsistent with the financial statements or audit report.
Auditors have a responsibility to communicate with the audit committee regarding management estimates. Other communication with the audit committee includes the clarity and completeness of the company’s financial statements, which include related disclosures and a discussion of items that significantly affect the accounting information included in the financial statements. The alert states that in appropriate circumstances, this discussion would include the auditor’s view on disclosures relating to representations and warranties that were made in connection with securitization activities.
AS 4105, Review of Interim Financial Information, requires the auditor to make inquiries regarding unusual or complex situations that may have an effect on the interim information, such as changes in estimated loss contingencies, or trends and developments affecting accounting estimates. If the auditor believes that the interim financial information may not be in conformity with generally accepted accounting principles in all material respects, this alert reminds the auditor to make additional inquiries or perform other procedures to determine whether any material modifications should be made to the interim financial information. AS 4105 provides additional requirements when the auditor believes that a material modification should be made to the interim financial information.
If the potential risks associated with mortgage and foreclosure-related activities or exposures change significantly during the audit, auditors should modify the overall audit strategy and the audit plan as needed. As an example, the alert cautions auditors to consider how documentation issues in the loan origination process at a bank may affect the auditors’ initial risk assessment, overall audit strategy, and the audit plan. The alert also warns that an increase in the volume of foreclosures or loan repurchases could affect the risks associated with related controls.
Section 1122 of the SEC’s Regulation AB requires an attestation report by a registered public accounting firm on a servicer’s assessment of compliance with servicing criteria. These criteria include (1) maintaining collateral or security on pool assets as required by the transaction agreements, and (2) initiating, conducting, and concluding loss mitigation or recovery actions as required by the transaction agreements.
In adopting Regulation AB, the SEC provided that PCAOB AT section 601, Compliance Attestation, applies to the preparation of these attest reports and generally requires that, in assessing whether the servicer has complied with the criteria, an auditor should consider risk factors similar to those of a financial statement audit, as well as factors relevant to the compliance engagement. The alert states that, for example, the auditor should consider whether the servicer or its parent has identified noncompliance as part of an internal investigation, internal audit, or other compliance review.
In 2010, the PCAOB issued Staff Audit Practice Alert No. 6. The board’s inspection staff observed certain situations whereby it seemed that U.S. registered public accounting firms had all or most of the audit performed by another firm or by assistants engaged from outside the firm (including firms and assistants located in another country) without complying with PCAOB standards applicable to using the work and reports of another auditor and supervising assistants. Prompted by those observations, Alert No. 6 was issued as a reminder to registered firms concerning a firm’s responsibilities when using the work of other firms or using assistants from outside the firm.
The alert reminds auditors that AS 1205, Part of Audit Performed by Other Independent Auditors, does not allow an auditor to take responsibility for the work of another auditor that has essentially audited an issuer’s financial statements in their entirety, even if the firm complies with the other requirements in AS 1205. AS 1205 also does not apply to the use of another auditor’s work if that work is anything other than an audit of the financial statements of one or more subsidiaries, divisions, branches, components, or investments of the issuer.
Additionally, a firm can serve as principal auditor only when the firm’s own participation in the audit is sufficient. In determining the sufficiency of its participation in the audit, the firm should consider, among other things, the materiality of the portion of the financial statements the firm audited, the extent of the auditor’s knowledge of the overall financial statements, and the importance of the components that the firm audited. The alert emphasizes that if an issuer has no significant domestically located operations, a registered public accounting firm that does not play a significant part in the audit of the foreign operations is highly unlikely to be able to serve as the issuer’s principal auditor. A lack of sufficient participation cannot be overcome by using the work of the other auditor, even if the firm assumes responsibility for that work.
When AS 1205 applies and the firm can serve as principal auditor, the following requirements of AS 1205 must be performed by the principal auditor:
If the principal auditor has substantial doubt about any financial statement assertion of material significance, the principal auditor should perform additional procedures to obtain sufficient competent evidence, including participating in discussions regarding the accounts with management personnel or making supplemental tests of such accounts, or both. If sufficient competent evidence cannot be obtained, the principal auditor must express a qualified opinion or disclaim an opinion.
The alert also points out that the principal auditor cannot omit the procedures outlined in AS 1205 because of language differences, nor satisfy those requirements by simply referencing to documents that the principal auditor does not understand.
According to the alert, some key factors to consider in determining the appropriate extent of the firm’s involvement in audit work performed by assistants engaged from outside the firm (including planning, performing, and supervising the audit work) include the following:
The alert also includes a reminder that the engagement quality reviewer should evaluate the significant judgments made by the engagement team and the related conclusions reached in forming the overall conclusion on the engagement. The engagement quality reviewer should fulfill this responsibility by reviewing the engagement completion document and confirming with the engagement partner that there are no significant unresolved matters. The firm may permit the client to use the audit report only after the engagement quality reviewer provides concurring approval of issuance.
The PCAOB issued Staff Audit Practice Alert No. 5 in 2010 to highlight certain areas as described in the following sections regarding auditor responsibilities with respect to significant transactions. The alert provides guidance to auditors when assessing and responding to risks of material misstatement associated with significant transactions during reviews of interim financial information and annual audits.
The auditor should gain an understanding of the nature of the company’s business, its organization, and its operating characteristics, including the types of products and services the company offers. The auditor should also consider matters affecting the company’s industry, such as the industry’s accounting practices, competitive conditions, and financial trends and ratios. The auditor should then consider whether such information about the company and its industry is indicative of one or more fraud risk factors, including significant unusual transactions.
The alert also emphasizes that one of the objectives in performing preliminary analytical review procedures is to identify significant unusual transactions, and auditors should consider the results of these procedures when identifying the risks of material misstatement due to fraud.
Further, when performing an audit of internal control over financial reporting, auditors should evaluate (1) whether the company’s controls (including controls over significant unusual transactions, particularly those that result in late or unusual journal entries) sufficiently address the risks of material misstatement due to fraud, and (2) whether controls to address the risk of management override of other controls are appropriately designed and implemented and, where controls are tested, operate effectively.
The alert reminds the auditor that he or she should consider any identified significant risks of material misstatement in determining the nature, timing, and extent of audit procedures; assigning staff; or requiring appropriate levels of supervision. The alert also emphasizes the importance of professional skepticism when considering the risk of material misstatement due to fraud associated with significant unusual transactions.
As part of the overall responses to the risks of material misstatement due to fraud, auditors should consider management’s selection and application of significant accounting principles, including those related to significant unusual transactions. Auditors should also consider whether the collective application of accounting policies indicates a bias on the part of management that could result in a material misstatement. When examining journal entries and other adjustments for evidence of possible material misstatement due to fraud, the auditor should bear in mind that inappropriate entries or adjustments may be applied to accounts that contain significant unusual transactions. The auditor should also evaluate whether analytical procedures performed at the end of the audit reveal a previously unidentified risk of material misstatement resulting from significant unusual transactions.
In evaluating whether significant unusual transactions are the result of fraud or misappropriation of assets, auditors should consider whether the following circumstances exist:
If the company has entered into a significant unusual transaction and there is a high combined level of inherent and control risk, the auditor should consider confirming the terms and amounts of the transaction with the other parties.
Further, significant findings or issues, including significant unusual transactions, must be documented in an engagement completion document, which should be reviewed by the engagement quality reviewer. The engagement quality reviewer should also evaluate whether (1) appropriate consultations have taken place on difficult or contentious matters, and review the documentation of such consultations, and (1) appropriate matters have been communicated, or identified for communication, to the audit committee, management, and other parties, such as regulatory bodies.
Alert No. 5 points out that consultation with others may be appropriate when considering significant unusual transactions. Such consultation may be with persons within or outside the firm, assuming they have appropriate levels of knowledge, competence, judgment, and authority.
Auditor judgment concerning the “fairness” of the overall presentation of financial statements are applied within the framework of generally accepted accounting principles, which recognizes the importance of reporting transactions and events in accordance with their substance. As such, auditors should consider whether the substance of significant unusual transactions differ materially from their form.
The presentation of financial statements in conformity with generally accepted accounting principles also includes adequate disclosure of material matters. If management omits from the financial statements, or accompanying notes, information that is required by generally accepted accounting principles, the auditor should determine the effect on the audit report.
In addition, the auditor should read the other information accompanying the interim and annual financial statements contained in reports filed with the SEC, such as the Management’s Discussion and Analysis of Financial Condition and Results of Operations section of annual reports and other filings, which may contain discussion of significant unusual transactions. The auditor should consider whether that information or the manner of its presentation is materially inconsistent with the financial statements. If the auditor concludes that there is a material inconsistency or a material misstatement of fact, the auditor should determine whether the financial statements, the audit report, or both require revision. If the auditor concludes that the financial statements or audit report do not require revision, the auditor should request the company to revise the other information.
The alert emphasizes that auditors are to communicate with the audit committee regarding the methods used to account for significant unusual transactions. In addition, the alert highlights the need for auditors to discuss with the audit committee judgments about the quality, not just the acceptability, of the company’s accounting principles applied in its financial reporting.
During a review of interim financial information, the auditor should make inquiries of members of management who have responsibility for financial and accounting matters about, among other things, significant unusual transactions that may affect the interim financial information, and significant unusual transactions occurring or recognized in the last several days of the interim period. If the auditor becomes aware of information that leads him or her to believe that the interim financial information may not be in conformity with generally accepted accounting principles in all material respects, the auditor should make additional inquiries or perform other procedures to provide a basis for communicating whether he or she is aware of any material modifications that should be made to the interim financial information.
If significant unusual transactions have been identified during a review of interim financial information, the auditor should communicate such matters to the audit committee, or determine that such matters have been communicated to the audit committee by management.
Staff Audit Practice Alert No. 4, issued in 2009, provides guidance for annual audits and reviews of interim financial information in light of the guidance issued by the FASB regarding Fair Value Measurements.
In performing procedures under AS 2502, Auditing Fair Value Measurements and Disclosures, the auditor is required to, among other things, obtain an understanding of the company’s process for determining fair value measurements and disclosures and of the controls associated with fair value measurements. Based on the auditor’s assessment of the risk of material misstatement, the auditor should test the entity’s fair value measurements and disclosures. The auditor’s substantive tests of the fair value measurements may involve (a) testing management’s significant assumptions, the valuation model, and the underlying data, (b) developing independent fair value estimates for corroborative purposes, or (c) reviewing subsequent events and transactions.
The auditor is also required to evaluate a company’s conclusions about the need to recognize an impairment loss. When a company has recognized an impairment loss, the auditor should obtain evidence supporting the impairment adjustment recorded and determine whether the impairment adjustment is in accordance with GAAP.
In addition, the auditor should read the other information accompanying the interim and annual financial statements contained in reports filed with the SEC. The auditor should consider whether such information is materially inconsistent with the financial statements. If the auditor concludes that there is a material inconsistency, or becomes aware of information that he or she believes is a material misstatement of fact, the auditor should determine if the financial statements, the audit report, or both should be revised. If the auditor concludes that no revision is necessary in the financial statements or audit report, the auditor should request the company to revise the other information.
Staff Audit Practice Alert No. 3 assists auditors in identifying matters related to the economic environment that might affect audit risk and require additional emphasis. The alert highlights certain areas only and is not intended to identify all areas that might affect audit risk in the economic environment or serve as a substitute for the relevant auditing standards. All audits of issuers must be conducted in accordance with the standards of the PCAOB. The practice alert is organized into the following six sections:
This section describes how the economic environment could have an effect on the overall audit considerations related to planning, fraud, internal controls, substantive procedures, and communications with audit committees.
Planning. With respect to planning, the alert reminds auditors that as the audit progresses, planned audit procedures may need to be modified based on a reassessment of audit risks as a result of an updated understanding about how recent economic conditions may affect a company’s financial reporting. Consideration of these matters assists the auditor in the following ways:
The alert emphasizes that as a result of a higher risk assessment, the auditor may consider altering the nature, timing, or extent of procedures such that the extent of procedures applied is expanded, procedures are performed closer to period end, or the nature of procedures are modified to obtain more persuasive evidence. Similarly, in an audit of ICFR, to address any increased risk that a material weakness could exist, the amount of audit attention to higher risk areas will be necessary.
Fraud. The risk of misstatement due to fraud is another area that may be affected by the economic environment. The auditor’s assessment of this risk and the contributing factors should be ongoing throughout the audit. Examples of risk factors presented in the alert include the following:
Additionally, as set out in AS 2401, Consideration of Fraud in a Financial Statement Audit, auditors should ordinarily presume that there is a risk of material misstatement relating to revenue recognition.
To respond to the risks of material misstatement due to fraud, the alert summarizes guidance from AS 2401 and sets out three ways to respond:
Internal control considerations. Areas where additional attention may be required are presented in the staff alert. These include the company’s entity-level controls (specifically those related to the control environment and the company’s risk assessment process) and those controls related to certain significant accounts, disclosures, and relevant assertions, such as those over the development of inputs and assumptions for valuation matters, asset recoverability or impairment, and the use of external specialists, to name a few of the more significant controls. Further, the loss of employees integral to the operation of controls is another consideration described that should be considered in assessing the risk that deficiencies in internal control may exist. This includes consideration of the adequacy of segregation of duties and monitoring controls.
Controls intended to address the risk of material misstatement due to fraud and management override of controls include the following:
Effect on substantive procedures. Examples of modifications to planned substantive procedures as a result of deteriorating conditions in the environment are presented in the alert and include the following:
Communications with audit committees. Communications with audit committees will also be affected as a result of changes in the economic environment, such that discussions about accounting estimates and accounting principles will need to be more robust. The alert points out that with respect to estimates, the auditor should determine that the audit committee is informed about the process used by management in formulating particularly sensitive accounting estimates and about the basis for the auditor’s conclusions regarding the reasonableness of those estimates. With respect to the accounting principles used by management in the preparation of the financial statements, the alert reminds the auditor to discuss the quality of those principles and not just the acceptability of such.
The alert describes the kinds of investments that may present complexities in valuation because of the difficult conditions in the financial markets. These types of investments include auction rate securities, commercial paper, mortgage-backed or other asset-backed securities, alternative investments (such as hedge funds or private equity investments), collateralized debt obligations, and other such investments.
The following sources of guidance are available with respect to valuing these types of investments:
Additional auditing guidance is available from the following sources:
The significance of the recent changes in the economy and financial markets has an effect on the audit of accounting estimates. In the past, the auditor would have considered, among other things, the company’s historical experience in making past estimates, as well as the auditor’s experience in the industry; however, changes in facts, circumstances, or a company’s procedures may cause factors different from those considered in the past to become significant to the accounting estimate in the current year.
The alert provides a reminder to the auditor that they are responsible for evaluating the reasonableness of accounting estimates made by management in accordance with the provisions of AS 2501. In evaluating the reasonableness of accounting estimates, the alert summarizes three approaches that may be used:
When evaluating the reasonableness of an estimate through the use of any of these approaches, an assessment of the assumptions used in developing the estimate needs to be made. This includes consideration of those inputs and whether they are
The alert emphasizes that when assessing audit differences between estimates best supported by the audit evidence and the estimates included in the financial statements, the auditor should consider whether such differences, even if they are individually reasonable, indicate possible management bias.
FASB ASC 275, Risks and Uncertainties, focuses on disclosures about risks and uncertainties that could affect the amounts reported in the financial statements or the functioning of the reporting company.
When financial statements omit disclosures of material matters or the disclosure is inadequate, the financial statements are not in conformity with GAAP. In this circumstance, the auditor should express a qualified or adverse opinion and should provide the information in his or her report, if practicable, unless its omission from the auditor’s report is recognized as appropriate by a specific PCAOB auditing standard. With respect to other information included in documents containing the financial statements, the auditor should read the other information and consider whether such information, or the manner of its presentation, is materially inconsistent with the financial statements.
An economic climate presents challenges for many companies with respect to their ability to continue as a going concern. Some companies may have had their sources of liquidity strained as a result of reduced lines of credit or from violations of debt covenants, and others may have found limited access to commercial paper markets, a decrease in the valuation of collateral, and delays in payments from customers all affecting their liquidity. These factors complicate the auditor’s evaluation about whether there is a substantial doubt about the company’s ability to continue as a going concern for a reasonable period of time, not to exceed one year beyond the date of the financial statements being audited. This alert provides a reminder about some of the following conditions or events that, when considered in the aggregate, may indicate a potential going concern issue:
If the auditor, after giving consideration to these matters, believes there is a substantial doubt about the company’s ability to continue as a going concern for a reasonable period of time, the auditor should obtain information about management’s plans to mitigate such matters and assess the reasonableness of those plans. In those circumstances where the auditor concludes there is substantial doubt, the auditor considers the possible effects on the financial statements and adequacy of disclosure and includes an explanatory paragraph in the audit report to reflect this conclusion. If the auditor concludes that the substantial doubt has been alleviated, the auditor is required to consider the need for disclosure of the principal conditions and events that initially caused the auditor to believe that was substantial doubt. Such disclosure should include the possible effects of such conditions and events, and any mitigating factors, including management’s plans.
The practice alert provides a discussion on selected financial reporting areas that are more likely to be affected by the challenging economic environment, and as a result would require adjusting audit procedures to address elevated risks. The topics presented include the following:
Staff Audit Practice Alert No. 2 was issued in 2007 to remind auditors of their responsibilities when auditing fair value instruments and using the work of specialists. The practice alert describes the applicable accounting requirements in these areas and provides direction. This alert is organized into four sections, as follows:
AS 2502, Auditing Fair Value Measurements, states that the auditor should evaluate whether the fair value measurements and disclosures in the financial statements are in conformity with GAAP.
In addition, FASB ASC 275 requires certain disclosures, in addition to those required by other accounting standards, about estimates when certain information is known prior to the issuance of financial statements. FASB ASC 820 defines fair value as the price that would be received to sell an asset or paid to transfer a liability in an orderly transaction between market participants at the measurement date.
It also introduces concepts such as the principal and most advantageous markets and the fair value hierarchy of inputs.
In planning and performing procedures in response to the risk associated with fair value measurements, the auditor should obtain an understanding of the company’s process for determining fair value measurements and disclosures, including relevant controls. In addition, the auditor should, among other things, evaluate the following:
Under FASB ASC 820, a company must determine the appropriate level in the fair value hierarchy for each fair value measurement. The fair value hierarchy in FASB ASC 820 prioritizes the inputs — which refer broadly to assumptions market participants would use in pricing an asset or liability — into three levels. It gives the highest priority to quoted prices (unadjusted) in active markets for identical assets or liabilities and the lowest priority to unobservable inputs. The level in the fair value hierarchy within which a fair value measurement in its entirety falls is determined based on the lowest level input that is significant to the fair value measurement in its entirety.
Because there are different consequences associated with each of the three levels of the hierarchy, the auditor should be alert for circumstances in which the company may have an incentive to inappropriately classify fair value measurements within the hierarchy. For example, an asset or liability with Level 1 inputs generally must be measured using unadjusted quoted prices in an active market, but an asset or liability with Level 2 inputs is measured using observable market inputs other than quoted prices included in Level 1. Accordingly, a Level 2 measurement might allow for more discretion or judgment on the part of management than a Level 1 measurement. As another example, the required disclosures associated with Level 3 measurements are more extensive than those associated with Level 1 and Level 2 measurements.
The auditor’s opinion is based on, among other things, his or her judgment as to whether the financial statements and related notes are informative of matters that may affect their use, understanding, and interpretation. In evaluating whether a company’s disclosures are complete, accurate, and in conformity with FASB ASC 820, the auditor should be aware that a financial statement disclosure that is not in accordance with GAAP could be a misstatement of the financial statements.
Management and auditors frequently use the work of a specialist in preparing and auditing financial statements containing complex fair value measurements.
AS 2502 states that the auditor should consider whether to engage a specialist and use the work of that specialist as evidential matter in performing substantive tests to evaluate material financial statement assertions. As part of the consideration, the auditor should evaluate whether he or she has the necessary skill and knowledge to plan and perform audit procedures related to the fair value measurement. Factors to consider include
Auditing standards require that when using the work of a specialist the auditor should (a) obtain an understanding of the methods and assumptions used by the specialist, (b) make appropriate tests of data provided to the specialist, and (c) evaluate whether the specialist’s findings support the related assertions in the financial statements. In obtaining an understanding of the specialist’s methods, the auditor should consider whether the method will result in a measurement that is in conformity with the applicable accounting standards. In addition, the auditor should evaluate the assumptions developed by a specialist engaged or employed by management.
The auditor also should evaluate the specialist’s qualifications, including the specialist’s experience in the type of work under consideration, and obtain an understanding of the work performed by the specialist to ensure the appropriateness of using the specialist’s work for use in financial statements.
If a company uses a pricing service for its fair value measurements, the auditor should determine the nature of the information provided by the pricing service. For example, the auditor should understand whether the fair value measurement was determined using quoted prices from an active market, observable inputs (such as prices for similar assets), or fair value measurements based on a model, and adjust his or her audit procedures based on the nature of the information provided by the pricing service. In addition, if the price is not based on quoted prices from an active market or observable inputs (such as prices for similar assets), the auditor should obtain an understanding of the model and evaluate whether the assumptions are reasonable.
There are additional factors for the auditor to consider under FASB ASC 820. For example, under FASB ASC 820, a fair value measurement assumes that the transaction occurs in the principal market for the asset or liability or, in the absence of a principal market, the most advantageous market. The principal market is one in which the reporting entity would sell the asset or transfer the liability with the greatest volume and level of activity. If there is a principal market, under FASB ASC 820, the fair value measurement represents the price in that market even if the price in a different market is potentially more advantageous.
Under FASB ASC 820, when a company uses a pricing service, the auditor should evaluate whether the assumptions used by the pricing service reflect the price to sell the asset or paid to transfer the liability in the principal market (or most advantageous market if the company has no principal market) of the company. If the pricing service valuation is based on actual trades or quotes, the auditor should evaluate whether those traded or quoted prices would be available to the company in the company’s principal market (or most advantageous market, if the company has no principal market). For example, a pricing service might provide an amount for which a large financial institution could sell the financial instrument; however, a company that owns that financial instrument might not be able to transact in the same market as a large financial institution. If the price available to a large financial institution would not be available to the company, then that price may not be an appropriate measure of fair value under FASB ASC 820.
In 2006, the PCAOB published Staff Audit Practice Alert No. 1. The alert directs auditors to consider the risk that the company may have improperly accounted for stock option grants, and thus the financial statements may be materially misstated or there may be ICFR deficiencies. Accordingly, for audits formerly underway or to be performed in the future, auditors should acquire sufficient information to allow an assessment of the nature and potential magnitude of these risks.
The staff has also issued questions and answers on various areas to assist auditors in implementing the PCAOB standards. All of the questions and answers can be found at http://pcaobus.org/Standards/Pages/Guidance.aspx.
This question and answer provides implementation guidance on the documentation requirements of AS 1220. The question asks whether AS 1220 requires documentation of all of the interactions between the engagement quality reviewer and the engagement team, including all of the interactions before a matter is identified as a significant engagement deficiency.
The answer to this question clarifies that the documentation requirements of AS 1220 should be applied once a reviewer concludes that a significant deficiency exists. Additionally, in its response, the board cited guidance from paragraph 19 of the standard, which establishes a requirement that “documentation of an engagement quality review should contain sufficient information to enable an experienced auditor, having no previous connection with the engagement, to understand the procedures performed by the engagement quality reviewer, and others who assisted the reviewer, to comply with the provisions of this standard.”
These questions and answers (four in all) established FASB ASC as the source of authoritative non-SEC accounting principles recognized by FASB to be applied by nongovernmental entities in the preparation of financial statements in conformity with U.S. GAAP.
This Staff Question and Answers document (Q&A) provides guidance for auditing the fair value of share options granted to employees. The guidance applies to the audit of share-based payments accounted for under FASB ASC 718 and the SEC’s Staff Accounting Bulletin No. 107. The PCAOB issued the Q&A to help auditors appropriately and consistently apply existing auditing standards to this area.
Valuations of option grants are generally estimated using option-pricing models. As such, these valuations are accounting estimates and AS 2501, Auditing Accounting Estimates, and AS 2502, Auditing Fair Value Measurements and Disclosures, most directly apply. In addition, because estimates can potentially be manipulated for the purposes of intentional misstatement of financial results, AS 2401, Consideration of Fraud in a Financial Statement Audit, also applies.
An auditor should perform the following steps in auditing the fair value of employee options:
Obtain an understanding of the company’s process for estimating the fair value of employee share option grants. Paragraph .23 of AS 2502 identifies three ways in which the auditor may test a company’s fair value measurements:
The Q&A communicates that the first approach will likely be the most effective in auditing option fair value estimates.
In applying the provisions of AS 2502 to the evaluation of the company’s process for estimating the fair value of employee share option grants, the auditor should review the procedures used by the company to make the estimates. These procedures include the following:
The auditor also should evaluate whether the process is complete, including whether the company considers the relevant factors identified in the accounting literature that affect the assumptions and whether the company applies the process consistently from period to period.
Assess the risk of misstatement related to the fair value of employee share options. The Q&A provides the following examples of circumstances and conditions that indicate increased risk and might indicate a risk of fraud that would require a specific response from the auditor:
Perform testing on the company’s fair value estimates, including the following:
The Q&A communicates that the auditor should be alert to circumstances in which the selection of the Black-Scholes formula might not be appropriate. For example, the appropriate model for estimating the fair value of an instrument with a market condition (such as an exercise condition that is satisfied when the share price exceeds a specified value for a specified period of days) must take into account the effect of that market condition. The Black-Scholes option-pricing formula would not generally be an appropriate valuation model for a share option in which the exercisability is conditional on a specified increase in the price of the underlying shares because it is not designed to take into account that type of market condition.
When a company changes its valuation technique or model chosen to value employee share options, the auditor should evaluate whether the new technique or model meets the fair value measurement objective of FASB ASC 718. The SEC staff has stated in SAB 107 that it would not object to a company changing its valuation technique or model, as long as the new technique or model meets the fair value measurement objective; however, the SEC staff also has stated that it would not expect that a company would frequently switch between valuation techniques or models, particularly when there has been no significant variation in the form of share-based payments being valued. An auditor should evaluate management’s reasons for a change in valuation models, particularly when the change results in a lower fair value estimate than the estimate computed using the previous model.
The Q&A provides guidance to auditors in evaluating the reasonableness of the assumptions previously listed. Of the assumptions listed, the expected term and expected volatility have the highest degree of risk because they involve the greatest amounts of judgment and have a significant effect on the estimated fair value.
If the company is using the Black-Sholes formula, the auditor should verify that the formula is correct and should recalculate the fair value. If the company is using a lattice option-pricing model, the auditor should obtain evidence that the model is functioning properly.
Evaluate the role of a specialist. According to paragraph .05 of AS 2502, management’s assumptions used in estimating the fair value of equity awards include any assumptions developed by a specialist engaged or employed by management. Thus, the auditor must perform procedures to evaluate the assumptions developed by a specialist used by management.
The auditor should also consider whether to engage a specialist to evaluate the company’s share-based payment fair value estimates. Fair value measurements under FASB ASC 718 are often complex, and auditor should consider whether he or she has the necessary skills and knowledge to plan and perform the necessary audit procedures in these areas.
Specialists used by the company, the auditor, or both, should be evaluated by the auditor to determine whether they have the necessary qualifications. In doing this, the auditor should evaluate the experience of the specialist’s firm and of the individual specialist, or specialists, performing the service.
This staff questions and answers section sets forth the staff’s opinions related to adjustments to prior- period financial statements audited by a predecessor auditor. The questions and answers are summarized as follows.
Question 1 communicates that when prior-period financial statements that require adjustments were audited by a predecessor auditor, it is acceptable for either the successor or predecessor auditor to audit those adjustments, as long as the auditor is independent and registered with the PCAOB. This is true whether the adjustments are the result of discontinued operations, retrospective application of a change in accounting principle, or correction of an error.
Question 2 notes that when the predecessor auditor audits the adjustments to the prior-period financial statements, the predecessor auditor should dual-date his or her reissued report in connection with the audit of the adjustments.
Question 3 discusses the successor’s responsibilities with regard to prior-period adjustments that have been audited by the predecessor auditor. The successor auditor should obtain
Question 4 discusses the factors that are relevant to a successor auditor’s determination as to whether he or she is able to audit only the prior-period adjustments or whether a re-audit of the entire financial statements is necessary. Factors the auditor should consider include the following:
Question 5 provides an example of the format of a successor auditor’s report when he or she has audited adjustments to the prior-period financial statements audited by a predecessor auditor. The successor auditor’s report should contain a separate paragraph that describes the nature of the prior-period adjustments (that is, whether the adjustments are due to correction of an error or retrospective application of a change in accounting) and states the auditor’s conclusions with respect to the adjustments. The paragraph should also emphasize that the auditor was not engaged to audit, review, or apply any procedures to the prior-period financial statements other than with respect to the adjustments.
Question 6 communicates that a company’s predecessor auditor may reissue his or her report on the prior-period financial statements when the successor auditor has audited and reported on adjustments made to the prior period due to the correction of an error, as long has he or she has determined that the report on those financial statements is still appropriate. When determining whether the report is still appropriate, the predecessor auditor should consider factors such as the following:
Question 7 notes that if the predecessor auditor does not reissue his or her report on the prior-period financial statements, the successor auditor or other independent auditor may re-audit and report on prior- period financial statements as adjusted.
Question 8 provides guidance on the procedures that a predecessor auditor should perform prior to reissuing his or her report when a successor auditor has audited and reports on adjustments made to the prior-period financial statements. Suggested procedures include the following:
Question 9 provides an example of the modifications that should be made to a predecessor auditor’s reissued report on the prior-period financial statements when the successor auditor audits and reports on the adjustments to those financial statements. The reissued report should be modified to state the nature of the adjustments and to indicate that (a) the reissued opinion relates to the prior-period financial statements before the effects of the adjustment, and (b) he or she was not engaged to audit, review, or apply any procedures to the adjustments.
Question 10 communicates that when a successor auditor has audited and reported on adjustments made to the prior-period financial statements and predecessor auditor is reissuing his or her report on those financial statements, the predecessor’s auditor should use the date of the originally issued report to avoid any implication that he or she has examined any records, transactions, or events after that date.
Question 11 communicates that a successor auditor may not audit and report on the adjustments made to the prior-period financial statements if he or she has not yet completed an audit of the current period financial statements.
Occasionally, the PCAOB issues general public reports to highlight certain areas, primarily related to inspection results. The following reports are the ones with more general applicability. The board has also issued observations related to inspections of brokers and dealers.
The PCAOB issued a report on its observations from inspections of domestic firms that regularly issue 100 or fewer audit reports each year (the 2013 report). The report describes inspection findings from 578 firms and 1,801 individual audits that were inspected between 2007 and 2010. The board previously issued a similar report in October 2007, covering observations from inspections of firms from 2004 through 2006 (the 2007 report).
Overall, the results in the 2013 report compared to the 2007 report showed a reduction in reported audit performance deficiencies; however, the board remains concerned about the continued identification of these deficiencies.
In approximately 70% of the audits that were identified during 2007 to 2010 as having significant audit performance deficiencies, such deficiencies related to at least one of the following audit areas:
The board encourages firms to identify and address the root causes of identified deficiencies. Such root causes identified include
The PCAOB takes a number of steps to encourage firms to address audit deficiencies. In each inspection, the staff discusses the findings with the firm to ensure that all facts are considered and to help the inspections staff and firm understand the identified deficiency. Based on this understanding, firms’ quality control procedures are revised as necessary. The PCAOB encourages firms to communicate with the inspections staff regarding how the firm intends to address quality control criticisms, so that the firm can receive timely feedback from the inspections staff. Furthermore, the board has held forums in the past for auditors of small companies to share inspection results, remediation observations, and information about recently issued auditing standards.
In approximately 90% of the cases in which the board concluded on a firm’s efforts to address quality control criticisms identified during inspections in the 2007–2010 period, the board determined that the firm addressed each of the quality control criticisms to the board’s satisfaction. Although such a determination does not necessarily mean that the firm completely cured any particular quality control defect, it does mean that the firm made good faith progress toward achieving the relevant quality control objectives. Such remediation activities included enhancing quality control policies and procedures, developing technical guidance targeted to specific issues, developing and requiring training targeted to specific issues, developing new audit tools, and requiring additional audit procedures.
The complete PCAOB report can be viewed at http://pcaobus.org/Inspections/Documents/02252013_Release_2013_001.pdf.
In October 2015, the PCAOB issued a report that provides details of significant deficiencies in registered firms’ implementation of and compliance with the risk assessment standards. In 26% of engagements inspected in 2012 where the risk assessment standards were applicable, and in 27% of such engagements inspected in 2013, inspections staff found an audit deficiency related to one or more of those standards. A high rate of audit deficiencies related to the risk assessment standards continued to be identified in 2014 inspections.
Examples of part I findings (audit deficiencies that were a significant element of an observation that the audit opinion was not supported when it was issued) identified by inspections staff included the following:
In addition to the part I findings, inspections staff found additional common deficiencies during 2013 and 2012 that did not themselves rise to the level of a part I finding but still represented a departure from the requirements of the risk assessment standards and indicated a potential defect in firms’ systems of quality control. These deficiencies included the following:
The report also states that inspections staff found that, generally, firms incorporated the risk assessment standards into their existing audit methodologies, introduced audit tools, and trained their partners and staff. Firms’ methodologies were generally consistent with the risk assessment standards, but inspections staff did identify that some firms had not updated their methodology to comply with all of the new standards.
The report outlines several factors that may have contributed to the deficiencies related to the risk assessment standards, as follows:
The report indicates that all registered firms should review the report and consider whether the types of risk assessment deficiencies outlined in the report could apply to their practices. The report also offers some suggested questions for audit committees to consider in preparing for discussions with their auditors about the application of the risk assessment standards.
The report is available at https://pcaobus.org/Inspections/Documents/Inspection_Brief_2015_1.pdf.
In April 2016, the PCAOB issued a report that provides information regarding the implementation of, and compliance with, AS 1301, Communications with Audit Committees, and other PCAOB rules and standards related to audit committee communications, based on the PCAOB’s 2014 and 2015 inspection results.
Inspections staff found that most firms had incorporated the requirements of AS 1301 into their audit methodologies, introduced relevant practice aids, or provided training to their partners and staff. Implementing appropriate methodologies, however, did not always lead to auditors communicating to the audit committee all of the information required under the standard. In 36 of the 551 audits inspected in 2014, inspections staff reported deficiencies in complying with the requirements of AS 1301, including instances in which firms did not
Audit committee chairs generally indicated to inspections staff that effective two-way communication with their auditors had occurred. Some audit committee chairs indicated that communications with their auditors had improved after the effective date of AS 1301, including more in-depth discussions with the auditor about audit progress, significant risk areas, and audit findings.
The report encourages firms to conduct a thorough review of AS 1301, and assess whether the training for audit staff provides a sufficient understanding of AS 1301. The report emphasizes that all registered firms should review the report and consider whether the auditing deficiencies that the inspections staff observed could apply to their own practices. If deficiencies in communications with audit committees have been identified, firms should take appropriate corrective action. Firms also need to monitor and evaluate whether their corrective actions adequately address the deficiencies.
The report can be viewed https://pcaobus.org/Inspections/Documents/2016-communications-audit-committees.pdf.
The PCAOB issued the following additional reports:
On November 18, 2013, the PCAOB released guidance for firms that receive a final inspection report that includes any criticism of the firm’s system of quality control. Any such criticism is nonpublic when the report is issued, but it will become public information after 12 months from the date of the report if the firm does not address the criticism to the board’s satisfaction within that timeframe. The staff guidance describes considerations that the inspections staff identified as relevant to its recommendations to the board concerning the sufficiency of firms’ remediation efforts.
According to the staff guidance, all firms are strongly encouraged to initiate a dialogue with the inspections staff early in the 12-month remediation period, develop draft remediation plans, and share those plans with the inspections staff. The earlier in the 12-month period that a dialogue is initiated, the more likely it will be that the firm will be able to adjust its remediation approach, based on inspections staff feedback, if necessary, to achieve a positive staff recommendation.
In assessing a firm’s remediation plans, the inspections staff applies five criteria:
For repeated or persistent criticisms, the staff guidance notes that the same type of remedial step, without some meaningful enhancement, will not necessarily be viewed as satisfactory again if the particular problem has persisted. The actual implementation, execution, and tangible results of a firm’s remedial steps take on increasing importance with repeated or persistent criticisms.
A firm should also self-monitor the effectiveness of its remedial actions. In addition, if a firm’s remediation effort cannot be completely implemented within the 12-month remediation period, establishing reasonable milestones along with self-monitoring of its performance against those milestones and making timely adjustments, when appropriate, can favorably influence the inspections staff’s recommendation.
Firms should also routinely consider how to focus and improve training programs, intrafirm communications, and guidance materials in light of PCAOB inspections and other monitoring of the firm’s practice. In evaluating the design of the training, the inspections staff also considers (i) whether the training specifically addresses the quality control criticisms, (ii) whether the training and communications have been specifically tailored and provided to the appropriate levels of professionals within the firm who would perform or review the audit procedures that resulted in the deficiencies, and (iii) the extent to which the firm requires and tracks attendance at training events, tests retention of course materials, and monitors its professionals’ execution of audit procedures based on new communications and trainings.
When evaluating a firm’s remediation efforts, inspections staff may also consider evidence of the effectiveness of the firm’s actions, including results of firm monitoring procedures or external inspections of audits performed by the firm after the firm’s remediation efforts were put into place. Strong remediation efforts, particularly when accompanied by firm monitoring procedures and timely adjustments, can result in a favorable remediation determination even if the same type of deficiency occurs in subsequent inspections.
The staff guidance can be viewed at http://pcaobus.org/Inspections/Pages/Remediation_Process.aspx.
All final PCAOB rules are available at https://pcaobus.org/Rules/Pages/default.aspx.
A summary of the final rules by section are described in the following sections.
Rule 2100 requires all U.S. accounting firms to be registered with the board if they wish to prepare or issue audit reports on U.S. public companies, or to play a substantial role in the preparation or issuance of such reports. Non-U.S. public accounting firms that wish to prepare or issue audit reports on U.S. public companies, or to play a substantial role in the preparation or issuance of such reports, must also be registered. Additionally, both domestic and foreign companies, which previously did not need to register, may need to register if circumstances change, and they determine they are playing a substantial role in the preparation or issuance of audit reports. The registration system consists of nine rules (PCAOB Rules 2100 through 2107, and 2300), plus definitions that appear in Rule 1001, and a form (PCAOB Form 1). Rule 2107 sets forth the requirements and procedures for withdrawal from registration.
The definition of the term public accounting firm includes proprietorships. An individual accountant who wishes to prepare or issue, in his or her own name, an audit report on an issuer would be viewed as a sole proprietor and required to register; however, individual accountants who are associated with public accounting firms are not required to register. A firm must list on the firm’s registration application certain individual accountants who are associated with the firm and who participate in or contribute to the preparation of audit reports.
An accounting firm plays a substantial role if it meets either part of a two-pronged test:
The second test must be applied at the end of the audit engagement. If, at the end of the engagement, the fees or hours of the other accounting firm exceed 20% of the principal auditor’s fees or hours, that other accounting firm will need to be registered with the PCAOB prior to the issuance of the auditor’s report. It should be noted that the denominator for this test is the principal auditor’s hours and fees — not the aggregate hours and fees. For example, if the principal auditor’s fees are $100 and the other auditor’s fees are $21, the threshold would be met, even though the other auditor’s fees are only 17% of the aggregate fees. It also should be noted that the amounts used in the fees test should include only fees for services related to the audit, not necessarily all fees that are classified as audit fees in the 10-K and proxy (for example, it would be inappropriate to include fees billed by the principal auditor for comfort letters).
The rules only require public accounting firms that prepare or issue an audit report on an issuer, or play a substantial role in preparing or issuing an audit report, to register with the PCAOB, but the rules allow any other public accounting firm to register. Accordingly, firms that want to register in order to be able to prepare or issue, or play a substantial role in preparing or issuing, an audit report for an issuer may register with the PCAOB.
Public accounting firms that wish to apply for registration must do so by completing and submitting to the PCAOB Form 1. The form is available only in electronic form on the PCAOB’s website, and must be completed and submitted to the PCAOB electronically.
Form 1 consists of nine parts, subdivided into various items requiring the disclosure of particular information concerning the applicant and its associated accountants and the applicant’s issuer clients. The information these items call for is, in general, required by Section 102(b) of the act. If the submission of the information called for by Form 1 would cause an applicant to violate non-U.S. laws, Form 1 allows the applicant to disclose in its application the non-U.S. legal impediments that prevent it from furnishing information otherwise required by the application.
Section 102(e) of the act provides that applications for registration “or such portions of such applications … as may be designated under the rules of the Board” must be available for public inspection. Accordingly, applications for registration will be made public as soon as practicable after the PCAOB approves or disapproves an application. In order to prevent the disclosure of confidential information contained in the application, Rule 2300 provides for the confidentiality, upon request by the applicant, of portions of registration applications.
Section 102(f) of the act requires that the PCAOB set the application fee at a level sufficient to recover the costs of processing and reviewing applications. The PCAOB set the fee schedule tiered according to the number of issuer clients for which an accounting firm performed audits in the preceding fiscal year, as represented in the firm’s application. The PCAOB has set the following current registration application fee schedule for accounting firms that file registration applications:
Issuer clients | Fee |
0–49 | $500 |
50–100 | $3,000 |
101–1000 | $29,000 |
1001 and up | $390,000 |
The PCAOB will periodically review the costs associated with the processing of registration applications and will from time to time revise these fees as necessary.
After reviewing an application for registration, and any additional information obtained by the PCAOB, the PCAOB determines whether to approve the application. An application is approved if the PCAOB determines that registration is consistent with the PCAOB’s responsibilities under the act to protect the interests of investors and to further the public interest in the preparation of informative, accurate, and independent audit reports for companies the securities of which are sold to, and held by and for, public investors. If the PCAOB is unable to make this determination, or if the PCAOB concludes that the application is inaccurate or incomplete, it will either request additional information from the applicant or issue a written notice of a hearing. A written notice of a hearing will specify the proposed grounds for disapproval. A notice of disapproval may be appealed to the SEC.
The PCAOB generally approves an application for registration no later than 45 days after the date of receipt of the application. Applications are not deemed to be received until the required registration fee has been paid. If the PCAOB requests additional information, a new 45-day review period will begin when the requested information is received. The PCAOB may request additional information when an applicant has failed to complete fully Form 1, or when the information is otherwise necessary in order to make a determination on the application.
Rule 2107 permits a firm to request withdrawal of its registration. Under the rule, a registered firm may seek to withdraw its registration by filing a request with the PCAOB on the appropriate PCAOB form, Form 1-WD. A firm that files a Form 1-WD may not, unless it first withdraws its Form 1-WD filing, engage in the preparation or issuance of, or play a substantial role in the preparation or furnishing of, an audit report for a U.S. public company. This restriction is necessary to avoid the risk that the PCAOB would grant a pending withdrawal request at a time when the firm is in fact engaged in conduct for which registration is required.
Withdrawal is not automatic upon request. The PCAOB is permitted to delay withdrawal while it carries out a relevant inspection, investigation, or disciplinary proceeding. In certain circumstances, the PCAOB has the flexibility to delay withdrawal for up to two years.
If the PCAOB does delay a firm’s withdrawal, the rule eases certain registration-related burdens on the firm during the delay. Specifically, the annual reporting requirements and annual fee obligations are reduced to essentially nothing. In addition, the PCAOB may waive any regular inspection of the firm that would otherwise commence, according to the PCAOB’s inspection schedule, during the delay.
The rule also allows the PCAOB to void a firm’s withdrawal, and reinstate the firm’s registration, if the PCAOB discovers information indicating that the firm may have reported a material inaccuracy or omission in its withdrawal filing.
The PCAOB has issued Staff Questions and Answers concerning registration of auditors of nonpublic broker-dealers. For a summary of the guidance, refer to the section on Staff Questions and Answers Related to Rules.
PCAOB rules 2108 and 2109 govern the filing of an optional Form 4 that allows, in certain circumstances, a firm to succeed to the registration status of a predecessor firm without a break in that registration status and without the filing of a new registration application on Form 1.
Rules 2200 through 2207 require registered public accounting firms to file certain forms for reportable events and annual reporting.
Special reports—Form 3: Under the rules, certain events that occur on or after the December 31 effective date must be reported by a registered firm in a special report on PCAOB Form 3 within 30 days after the event. If certain events occurred between the time of a firm’s registration application and the December 31 effective date, a firm must report those events in Form 3 within 30 days after December 31. Reportable events range from matters such as a change in the firm’s name or contact information to the institution of certain types of legal, administrative, or disciplinary proceedings against a firm or certain categories of individuals within the firm.
Annual reports—Form 2: The rules also require all firms that are registered with the board as of March 31 of a given year to file an annual report on Form 2 by June 30 of that year, covering the 12-month period ending March 31. Annual reporting includes matters such as information about audit reports issued during the year, disciplinary information about persons who have joined the firm, and information about fees billed to issuer audit clients by category of service and as a percentage of total fees billed.
Also, under the rules, all firms registered as of March 31 of a given year must pay an annual fee by July 31 of that year. The current annual fee schedule is as follows:
Firms with more than 500 issuer audit clients and more than 10,000 personnel | $100,000 |
Other firms with more than 200 issuer audit clients and more than 1,000 personnel | $25,000 |
All other firms | $500 |
The board will make each firm’s filings on Forms 2, 3, and 4 available to the public on the board’s website. Certain information on those forms will not be made public, if it qualifies for confidential treatment.
The PCAOB has issued Staff Questions and Answers regarding filing Form 3 and Form 4. For a summary of the guidance, refer to the next section on Staff Questions and Answers Related to Rules.
Rules 3210 and 3211 require disclosure of the engagement partner and other accounting firms participating in an audit. The rules require audit firms to file a new PCAOB Form AP for each issuer audit, disclosing
The information on Form AP is available in a searchable database on the PCAOB’s website. The database includes unique ID numbers for both engagement partners and firms to facilitate identification over time. The standard filing deadline for Form AP is 35 days after the date the auditor’s report is first included in a document filed with the SEC. For an initial public offering, that date is 10 days after such a filing.
The PCAOB also adopted amendments to the auditing standards that allow auditors to voluntarily disclose in the auditor’s report the name of the engagement partner or information regarding other accounting firms.
Rule 3520 states that a registered public accounting firm and its associated persons must be independent of its audit client throughout the audit and professional engagement period. This rule includes PCAOB Rule 3600T and mandates that it is the auditor’s ethical obligation to abide by all other independence requirements applicable to the audit engagement in the particular circumstances. Hence, under Rule 3520 the auditor has an ethical obligation to maintain independence in accordance with SEC independence rules.
This rule does not promulgate any new independence requirement. The purpose of this rule according to the PCAOB is to codify in its rules that auditors have a duty to maintain independence necessary to ensure compliance with the independence requirements applicable to a particular engagement.
Rule 3521 provides that an auditor is not independent of its audit client if the auditor or any affiliate of the auditor provides any service or product to the audit client for a contingent fee or a commission, or receives from the audit client a contingent fee, directly or indirectly. The PCAOB has defined a contingent fee as “any fee established for the sale of a product or the performance of any service pursuant to an arrangement in which no fee will be charged unless a specified finding or result is attained, or in which the amount of the fee is otherwise dependent upon the finding or result of such product or service.”
Fees that are fixed by courts or other public authorities and not dependent on a finding or result are excluded from the PCAOB’s definition of contingent fee.
Rule 3521 and the related definition of contingent fee are based upon the SEC’s independence rule, which already prohibits an auditor from receiving a contingent fee or commission; The PCAOB’s rule differs in that it does not include the SEC exception for fees “in tax matters, if determined based on the results of judicial proceedings or the findings of government agencies.”1
This rule clarifies that auditors are prohibited from opining in favor of an aggressive tax position transaction. However, the PCAOB rule does permit auditors to advice against an audit client’s execution of an aggressive transaction.
The PCAOB has released questions and answers related to Rule 3522; a summary of the questions and answers can be found in the next section on Staff Questions and Answers Related to Rules.
Under Rule 3523, an auditor is not independent if the auditor provides any tax service during the audit and professional engagement period to a member of management in a financial reporting oversight role at the audit client.
A financial reporting oversight role means a role in which a person is in a position to, or does, exercise influence over the contents of the financial statements or anyone who prepares them. Such persons may include the chief executive officer, president, chief financial officer, chief operating officer, general counsel, chief accounting officer, controller, director of internal audit, and director of financial reporting, treasurer, or any equivalent position.
The rule has the following exceptions:
The scope of Rule 3523 includes all immediate family members of persons who are covered by the rule. Immediate family members include a person’s spouse, spousal equivalent, and dependents.
The PCAOB has released questions and answers related to Rule 3523; a summary of the questions and answers can be found in the “Staff Questions and Answers Related to Rules” section of this chapter
Rule 3524 extends the existing Sarbanes-Oxley Act requirement and requires an auditor that seeks pre- approval of an issuer audit client’s audit committee to perform tax services that are permitted by either SEC or PCAOB rules to do the following:
The rule does not require that an auditor supply the client’s audit committee with a copy of each tax service engagement letter. The rule does require the auditor to describe for the client’s audit committee any amendments to the engagement letter or any other agreement relating to the service (whether oral or written) between the auditor and the audit client.
Rule 3524(a)(2) requires that the auditor disclose to the client’s audit committee any compensation agreement or other arrangement, such as a referral fee or fee-sharing agreement, between the auditor (or its affiliate) and any person (other than the audit client) with respect to promoting, marketing, or recommending a transaction covered by the tax service.
In association with AS 2201, the board issued an independence rule on auditor independence and internal control services and made the requirements similar to those pertaining to tax services. Rule 3525 requires the auditor to provide both written and oral communications of the scope of the work to be performed and documentation of the substance of the auditors’ discussion with the audit committee regarding internal control-related non-audit services.
Rule 3526 provides guidance on communication between audit committee and registered firms. Rule 3526 requires the auditor, before accepting an initial engagement, to disclose to the audit committee all relationships between the auditor and the company that affect independence. These rules also require auditors to do the following:
The auditor is also required on an annual basis after becoming the auditor to communicate with the audit committee matters noted, plus affirm to the audit committee in writing that the auditor is independent in compliance with Rule 3520. Rule 3526 superseded Independence Standards Board Standard No. 1, Independence Discussions with Audit Committees, and two related interpretations.
Section 104(a) of the act directs the PCAOB to conduct a continuing program of inspections to assess the degree of compliance of each registered public accounting firm, and that firm’s associated persons, with the act, the rules of the PCAOB, the rules of the SEC, and professional standards, in connection with the performance of audits, the issuance of audit reports, and related matters involving U.S. public companies.
Upon completion of an inspection, the PCAOB and its staff will prepare an inspection report in connection with an inspection. The rules set forth the process by which a draft inspection report will be submitted to the firm in order that the firm may submit any comments on the draft before the PCAOB issues a final report. The rules also provide that portions of a final report that deal with criticisms or potential defects in a firm’s quality control system will not be made public if the firm addresses them to the PCAOB’s satisfaction within 12 months of the report.
The PCAOB may publish summary, compilation, or other general reports concerning the procedures, findings, and results of its various inspections. These reports may discuss findings and concerns related to the quality control systems of firms inspected by the PCAOB, but these reports would not identify the firms in question, unless the information has previously been made public.
The PCAOB may refer information learned in inspections to the SEC and to relevant licensing or certification authorities. The rule also provides that the PCAOB may commence an investigation or disciplinary proceeding on the basis of information learned in an inspection.
The rules require registered public accounting firms and persons associated with the firm to cooperate with the PCAOB in the performance of any PCAOB inspection or investigation. Cooperation includes complying with requests to provide access to firm records and providing information by oral interviews, written responses, or otherwise.
On June 14, 2011, the PCAOB adopted a temporary rule to establish an interim inspection program for registered public accounting firms’ audits of brokers and dealers. The temporary rule establishes an interim inspection program for auditors of brokers and dealers, while the board considers elements of a permanent inspection program. The board expects that insights gained through the interim program will help determine elements of a permanent program, and the board expects to propose rules for a permanent program in 2016 or later. During the interim program, the board will provide public reports at least annually on the progress of the interim program and significant issues identified, but the board will not expect to issue firm-specific inspection reports before the scope of a permanent program is set.
This temporary rule does not change anything about the rules or standards that govern audits of brokers and dealers.
Section 105 of the Sarbanes-Oxley Act of 2002 grants the PCAOB broad investigative and disciplinary authority over registered public accounting firms and persons associated with such firms, and directs the PCAOB to establish, by rule, fair procedures for the investigation and discipline of such firms and persons. To implement this authority, the PCAOB adopted rules 5000 through 5501 relating to investigations and adjudications.
Under the rules, the PCAOB and its staff can conduct investigations concerning any act or practice, or omission to act, by a registered public accounting firm or person associated with such a firm that may violate any provision of the act, the rules of the PCAOB, certain provisions of the securities laws, or professional standards. As provided in the act, the rules require registered public accounting firms and their associated persons to cooperate with PCAOB investigations. The rules also, per the act, permit the PCAOB to seek information from other persons, including clients of registered firms and, should those persons not comply, to seek issuance of an SEC subpoena for the information.
When violations are detected, the rules provide an opportunity for a hearing, and in appropriate cases, impose sanctions designed to prevent a repetition and to enhance the quality and reliability of future audits. Under the rules, these sanctions could include temporarily or permanently prohibiting a firm or associated person from participating in audits of public companies or from being associated with a registered public accounting firm. The PCAOB could also require special remedial measures, such as training, new quality control procedures, or the appointment of an independent monitor.
The PCAOB may also hold hearings on registration applications, pursuant to Section 102 of the act. Under the PCAOB’s registration rules, if the PCAOB is unable to determine that a public accounting firm’s application has met the standard for approval, the PCAOB may provide the firm with a notice of a hearing, which the firm may elect to treat as a written notice of disapproval for purposes of making an appeal to the SEC under Section 107. If such a firm chooses to request a hearing, the PCAOB would, in appropriate circumstances, afford the firm a hearing pursuant to the rules.
Rules 6001 and 6002 address the inspection and investigation of foreign public accounting firms. The rules are as follows:
Section 109 of the Sarbanes-Oxley Act of 2002 provides that funds to cover the PCAOB’s annual budget (less registration and annual fees paid by public accounting firms) are to be collected from issuers, as defined in the act.
Under the Sarbanes-Oxley Act, an issuer’s failure to pay its share of the accounting support fee within 30 days of notification is a violation of Section 13(b)(2) of the Securities Exchange Act of 1934. It could result in administrative, civil, or criminal sanctions.
A registered accounting firm is not precluded from signing an unqualified opinion or issuing a consent with respect to an issuer who has an outstanding past-due support fee under the following conditions:
The PCAOB issued FAQ regarding registration with the board. This guidance was last updated in December 2017. The FAQ covers such topics as the mechanics of registration, registration requirements, registration approval, and information required by Form 1. The FAQ can be accessed at http://pcaobus.org/Registration/Information/Documents/Registration_FAQ.pdf.
The PCAOB first issued staff questions and answers concerning registration of auditors of nonpublic broker-dealers in February 2009. This guidance was last updated in February 2015.
According to the questions and answers, financial statements of nonpublic broker-dealers for fiscal years ending after December 31, 2008, must be certified by a registered public accounting firm.
The questions and answers provide administrative details on the PCAOB registration process, and provide guidance on certain documentation relating to the firm’s quality control policies and its work for broker-dealers that should be submitted with the registration application.
The PCAOB makes registration applications available to the public by posting them to its website; the questions and answers provide guidance on the documentation needed to request confidential treatment for certain of the information submitted with the registration application.
The questions and answers also state that if the firm did not, in the current calendar year or in the year prior to submitting its application, participate in the audit of an issuer, and the firm does not expect to do so in the current calendar year, it can skip certain sections of the registration application. The staff warns that an applicant should understand that audit work performed for a nonpublic entity could constitute participation in an audit of an issuer if that work is used by another firm in connection with the other firm’s audit of an issuer, such as a parent company. In that circumstance, applicants are cautioned to carefully consider whether they have played, or expect to play, a “substantial role” in the audit of an issuer as that term is defined in the registration application.
All registered firms, including those that do not audit issuers, must comply with the PCAOB’s annual and special reporting requirements. Registration will not affect the manner in which firms audit broker- dealers, because the board does not determine, inspect for compliance with, or enforce the standards applicable to audits of entities that are not issuers.
The questions and answers can be viewed at https://pcaobus.org/Registration/Auditors/Documents/Staff_QAs_on_the_Registration_of_Broker-Dealers.pdf.
In February 2015, the PCAOB updated its staff questions and answers concerning a registered firm’s obligation to file its annual report on Form 2. All firms that are registered with the board as of March 31 of a particular year must, by June 30 of that year, file an annual report on Form 2 covering the 12-month period ending March 31. Information to be reported annually includes information about audit reports issued, disciplinary histories of new personnel, and information about fees billed to issuer audit clients for various categories of services. The questions and answers were originally prepared by the PCAOB staff to supplement PCAOB Release No. 2008-004, Rules on Periodic Reporting by Registered Public Accounting Firms (June 10, 2008), and the instructions to Form 2, which can be found at http://pcaobus.org/Rules/PCAOBRules/Pages/Form_2.aspx.
Topics addressed in the staff questions and answers include an overview of the requirements relating to Form 2, a discussion of the information required to be reported, guidance on completing and amending Form 2, information on requesting confidential treatment and withholding information on the basis of non-U.S. legal restrictions, and guidance on how to file Form 2 through the PCAOB web-based system.
The complete questions and answers can be viewed at https://pcaobus.org/Registration/rasr/Documents/Staff_QA-Annual_Reporting.pdf
In February 2015, the PCAOB updated its staff questions and answers regarding filing Form 3 for reportable events. The questions and answers provide further clarification on certain Form 3 reportable events, such as a firm’s withdrawal of a previously issued audit report, a firm entering into relationships with persons or entities that are currently the subject of PCAOB sanctions or SEC orders, and a change in a registered firm’s name.
These questions and answers were originally prepared by the PCAOB staff to supplement PCAOB Release No. 2008-004, Rules on Periodic Reporting by Registered Public Accounting Firms (June 10, 2008), and the instructions to Form 3, which can be found at http://pcaobus.org/Rules/PCAOBRules/Pages/Form_3.aspx.
These questions and answers clarify that all firms that are registered with the PCAOB must comply with the requirement to file special reports on Form 3 if any of the reportable events described in Form 3 occur with respect to the firm. The staff warns that firms that fail to file a timely special report after a Form 3 event occurs could be subject to disciplinary proceedings and disciplinary sanctions. Any Form 3 events that occur between the cutoff date used by the firm for purposes of providing information on its registration application and the date the firm receives notice of approval of its application for registration must be reported on Form 3 within 30 days of receiving notice of approval of the application. The staff also specifies that any firm with a pending request to withdraw from registration does not have to file special reports on Form 3.
Additionally, the questions and answers provide administrative details on completing and submitting Form 3, requesting confidential treatment for information included in Form 3, amending a previously filed Form 3, and withholding certain information because of non-U.S. legal restrictions.
The complete questions and answers can be viewed at https://pcaobus.org/Registration/Information/Documents/Staff_QAs_on_Registration_Form_3.pdf.
In February 2015, the PCAOB updated its Staff Questions and Answers regarding the Form 4 succession process, whereby an unregistered firm can succeed to the PCAOB registration status of a registered predecessor firm without any disruption in the registration status.
These questions and answers were originally prepared by the PCAOB staff to supplement PCAOB Release No. 2008-005, Rules on Succeeding to the Registration Status of a Predecessor Firm (July 29, 2008), and the instructions to Form 4, which can be found at https://pcaobus.org/Rules/Pages/Form_4.aspx.
The Form 4 succession process is available when there is a change in the registered firm’s form of organization, or if a registered firm is acquired by an unregistered firm, or combines with other entities to form a new public accounting firm. A Form 4 must be filed within 14 days after the change or combination takes effect; if a firm files a timely Form 4, succession to the predecessor’s registration status is automatic. If an eligible firm does not file a timely Form 4, the firm may still file a completed Form 4 with a request for leave to file the form out of time, accompanied by an exhibit describing why the form was not timely filed. The PCAOB will then evaluate the request.
Inaccuracies or omissions in Form 4 could result in disciplinary sanctions, and it is therefore in a firm’s interest to correct such errors as soon as possible. Amendments are appropriate only to correct information that was incorrect at the time of the filing, or to provide omitted information that should have been supplied at the time of the filing.
The questions and answers also outline the circumstances whereby the firm’s succession to the registration status of a predecessor firm would only be temporary. Temporary registration ends on the earlier of the 91st day after the effective date of the acquisition or combination as reported on Form 4, or the date on which the PCAOB approves a Form 1 registration application submitted by the firm.
The staff also states, in the questions and answers, that the firm designated in Form 4 as the predecessor must not withdraw from registration; however, if a combination of firms involves any registered firms other than the firm designated in Form 4 as the predecessor, those other firms should seek to withdraw from registration.
The questions and answers provide administrative details on completing and submitting Form 4, requesting confidential treatment for information included in Form 4, and withholding certain information because of non-U.S. legal restrictions.
The complete questions and answers can be viewed at https://pcaobus.org/Registration/Information/Documents/Staff_QAs_on_Registration_Form_4.pdf.
The PCAOB released the following questions and answers related to Rules 3522 and 3523 concerning independence, tax services, and contingent fees.
Question 1 deals with conditions of confidentiality by tax advisers who are not employed by or affiliated with the registered public accounting firm. The PCAOB staff noted that a registered public accounting firm is not independent if the firm, or any affiliate of the firm, during the audit and professional engagement period, provides any non-audit service to the client related to marketing, planning, or opining in favor of the tax treatment of a confidential transaction. A confidential transaction is a transaction that is offered to a taxpayer under conditions of confidentiality and for which the taxpayer has paid an adviser a fee. Rule 3501(c) defines confidential transactions in terms of confidentiality restrictions imposed by tax advisers generally, not specifically auditors. Therefore, Rule 3522(a) applies not only when conditions of confidentiality have been imposed by a tax adviser that is employed by or affiliated with the registered public accounting firm, but also when conditions of confidentiality have been imposed by any tax adviser, including one that has no relationship with the registered public accounting firm.
In question 2, the PCAOB staff deals with the question of whether a registered public accounting firm can, when marketing, planning, or opining in favor of the tax treatment of a transaction, rely on representations from its audit client that another tax adviser did not impose conditions of confidentiality in connection with the specific tax transaction. The staff states: Yes. In determining if any tax-adviser- imposed conditions of confidentiality, the registered public accounting firm may rely on representations from its audit client, provided that the firm does not know, or have reason to know, that those representations are incorrect or incomplete.
Question 3 deals with the question, if in planning a tax transaction, a registered public accounting firm can advise an audit client on the tax consequences of alternative ways of structuring the transaction. The answer is yes, as long as the auditor does not recommend an alternative tax transaction structure: (1) that is not more likely than not to be allowable under applicable tax laws, and (2) a significant purpose of which is tax avoidance. Rule 3522 provides that a registered public accounting firm is not independent of the audit client if the firm, or any affiliates, provides an audit client any non-audit service related to marketing, planning, or opining in favor of the tax treatment of a transaction that was initially recommended by the firm and a significant purpose of which is tax avoidance. In planning a tax transaction for an audit client that is permitted under Rule 3522, the firm may need or want to inform the client about the tax consequences of alternative tax transaction structures, some of which may not be more likely than not to be allowable and have a significant purpose of tax avoidance. As long as the firm does not recommend that the audit client engage in such a transaction, the firm will not violate Rule 3522.
In question 4, the PCAOB staff addresses how a registered public accounting firm’s independence is affected by the IRS’ subsequent listing of a transaction that the firm marketed, planned, or opined in favor of as Aggressive Tax Position Transactions. The PCAOB staff noted that the listing by the IRS of a transaction as Aggressive Tax Position Transactions after the firm marketed, planned, or opined in favor of the tax treatment of the transaction would not retroactively affect the firm’s independence. Whether the firm was independent would depend on the facts available at that time. An analysis would consider whether the tax treatment of the transaction was, at the relevant time, at least more likely than not to be allowable under applicable tax laws, including whether the transaction was itself or substantially similar to a listed transaction.
Question 5 deals with tax services to a person in a financial reporting oversight role (FROR) or an immediate family member. The question is whether the auditor should evaluate whether persons are in a FROR at any entities other than the one being audited. The PCAOB staff stated that auditors must evaluate whether a person is in a FROR at an “audit client.” Because Rule 3501 defines “audit client” to include “any affiliates of the audit client,” a person in a financial reporting oversight role at an affiliate of the audit client is covered by Rule 3523, subject to two important exceptions. First, a firm’s independence is not impaired if it provides tax services to a person who is in a FROR at the audit client only because of the person’s relationship to an affiliate whose financial statements are not material to the consolidated financial statements of the entity being audited. Second, a firm’s independence is not impaired if it provides tax services to a person who is in a FROR at the audit client only because of the person’s relationship to an affiliate whose financial statements are audited by an auditor other than the firm.
Question 6 deals with what types of situations the term “other change in employment event” in Rule 3523(c) encompass. Rule 3523(c) provides a time-limited exception to Rule 3523’s restrictions on the provision of tax services to persons in FROR at an audit client and certain of its affiliates. The exception applies when a person becomes subject to the rule through a hiring, promotion, or “other change in employment event.” The PCAOB staff states that a change experienced by a company, such as a change in auditor or a change from a private company to a public one, is not, by itself, an “other change in employment event.”
A business combination could also result in a change in employer or change in responsibilities. For example, if Company A acquires Company B, a person who was in a FROR at Company B would experience an “other change in employment event” if he or she became an employee of Company A in a FROR as a result of the acquisition. If such a person had been receiving tax services from Company A’s registered public accounting firm pursuant to an engagement in process before the acquisition, the time- limited exception in Rule 3523(c) would apply.
The Q&A is available on the PCAOB website at https://pcaobus.org/Standards/QandA/Tax_Services.pdf.
In April 2019, the PCAOB updated its “Frequently Asked Questions Regarding Confirmation of Payment of Accounting Support Fees,” which can be found at https://pcaobus.org/About/Administration/pages/supportfeefaq.aspx.
The following are some of the issues covered in the FAQs.
In September 2018, the PCAOB updated its staff questions and answers concerning the broker-dealer accounting support fee and funding process. The questions and answers address topics such as payment of the accounting support fee and outstanding balance status, as well as broker-dealer specific FAQs.
The questions and answers can be viewed https://pcaobus.org/About/Administration/SupportFee/Pages/BDSupportFeeFAQ.aspx
In September 2018, the PCAOB updated its staff guidance related to the registration process for applicants from non-U.S. jurisdictions where the PCAOB is prevented from inspecting PCAOB-registered firms. As of September 2018, the affected jurisdictions currently are 16 European countries that are required to follow the European Union’s Directive on Statutory Auditors, China, and Hong Kong. The guidance alerts applicants from the affected jurisdictions that the board will request certain additional information before acting on those applications, and it explains how an applicant can seek to avoid delay by including the information when it first submits the application.
The information includes identifying information about public company audits in which the applicant has recently played, or expects to play, any role, and identifying information about other PCAOB-registered firms in whose audits the applicant expects to play any role. The questions and answers can be seen at https://pcaobus.org/Registration/Information/Pages/Non_US_Registration_FAQ.aspx.
The PCAOB issued a release in October 2010 to announce a development in its approach to registration applications from firms in non-U.S. jurisdictions where, because of legal restrictions or objections of local authorities, the PCAOB is denied access to information that is necessary to inspect PCAOB-registered firms. According to the release, effective for all pending and future applications from accounting firms in such jurisdictions, the board will ask the applicant to state whether a PCAOB inspection of the firm would currently be allowed by local law or local authorities. The applicant may choose to keep its application pending until it can confirm, from the appropriate authority in the jurisdiction, that a PCAOB inspection is permitted. The applicant may also choose to withdraw its application; however, if the applicant responds that PCAOB inspection would not currently be allowed, the board will issue a Notice of Hearing to consider whether, given the obstacle to inspection, approval of the application would be consistent with the PCAOB’s responsibility under the Sarbanes-Oxley Act of 2002. The release may be found at https://pcaobus.org/International/Inspections/Documents/Registration_of_Non-US_Firms.pdf.
The PCAOB publishes news about itself on its website, located at https://pcaobus.org/. The site (with links to each section on the home page) is organized as follows:
18.218.78.102