Auditors

PCAOB to Audit Committees: Talk to Your Audit Firm About PCAOB Inspections

by Vanessa Schoenthaler on August 4, 2012

The Public Company Accounting Oversight Board (PCAOB) recently issued a information release directed at public company audit committee members. The release aims to provide committee members with information about the nature of PCAOB audit firm inspections and the meaning of reported inspection results, so that audit committees might be in a better position to engage in meaningful dialogue with audit firms about their own inspection results.

The release is made up of three main parts, the first describing the public portion of PCAOB audit firm inspection reports, the second describing the non-public portion and the third offering suggestions about specific topics that audit committee members might address with audit firms about their own PCAOB inspections.

Understanding Audit Firm Inspection Reports

As part of the audit firm inspection process, the PCAOB generates reports about each firm that it inspects. It also generates general reports about trending audit issues and non-firm specific reports about issues that arise in certain categories of inspections.

Firm-specific inspection reports consist of information that the PCAOB is required to publicly disclose and information that it is prohibited from publicly disclosing, but which audit firms themselves may voluntarily disclose (firms which make voluntary disclosures usually do so in the context of audit committee discussions).

The public portion of a firm-specific inspection report discloses whether review of an audit firm’s audit work has identified performance deficiencies that are significant enough to lead PCAOB staff to conclude that the firm failed to obtain sufficient reasonable assurance that a company’s financial statements were free of material misstatement or that a company’s internal control over financial reporting was effectively maintained in all material respects, and, accordingly, that the firm did not have a sufficient basis for issuing an audit opinion.

The release is careful to note, however, that a finding of performance deficiencies in an audit firm’s audit work does not necessarily lead to the conclusion that a company’s financial statements are misstated. In some instances there may not be enough information to reach such a conclusion, in other instances a material misstatement may be discovered, but only after the audit firm goes back and performs additional work in response to PCAOB criticisms. In either case, the release notes that the PCAOB inspection staff does not engage with a company’s management on issues related to financial reporting matters. All the more reason for audit committees to engage with audit firms about such matters.

The public portion of a firm-specific inspection report may also include a firm’s written response to the report, if the firm elects to make that response, or parts thereof, public. In particular, the release addresses three types of responses that firms sometimes put forth which the PCAOB views with skepticism, noting that they may create uncertainty or confusion about the significance or nature of deficiencies identified in a firm’s audit report. Those responses include: (i) characterizing PCAOB criticisms as documentation deficiencies rather than performance deficiencies; (ii) characterizing PCAOB criticisms as differences in professional judgment; or (iii) asserting that criticisms have been addressed in accordance with PCAOB standards.

Lastly, the non-public portion of a firm-specific inspection report addresses criticisms that the PCAOB has regarding a firm’s quality control systems. These criticisms are generally based on performance deficiencies identified in the firm’s audit procedures and other aspects of the firm’s audit practice management. If a firm does not address these criticisms to the PCAOB’s satisfaction within 12 months of the inspection report, they will also be made public.

Talking to Audit Firms About Inspection Reports

Among the primary responsibilities of an audit committee are oversight of a company’s accounting and financial reporting processes and oversight of its financial statement audits. It is in relation to these responsibilities that the PCAOB feels audit committees will derive the most value from discussions with audit firms about inspection results.

But how should audit committees approach such a discussion and what topics should it cover?

Throughout the release the PCAOB emphasizes that audit firms are free to discuss any issues that arise during an inspection process with a company’s audit committee. The release also notes that audit committees should be aware that the PCAOB regularly communicates company-specific inspection information to the Securities and Exchange Commission, including information about auditing deficiencies, possible material misstatements, potential audit firm independence violations and other issues, all of which are first discussed with the company’s audit firm during the inspection process.

As such, the first thing the PCAOB recommends is that an audit committee consider asking its audit firm to advise the committee if its company’s audit is selected for review in a PCAOB inspection and, if selected, to be kept abreast of the areas of the audit being reviewed and concerns being raised by inspection staff about the audit or the company’s financial reporting in general.

Other questions the PCAOB suggests audit committees address include:

  • whether anything has come to the audit firm’s attention suggesting the possibility that an audit opinion on the company’s financial statements is not sufficiently supported, or otherwise reflecting negatively on the firm’s performance on the audit, and what if anything the firm has done or plans to do about it;
  • whether a question has been raised about the fairness of the financial statements or the adequacy of the disclosures;
  • whether a question has been raised about the auditor’s independence relative to the company;
  • whether any of the matters described in the public portion of an inspection report on the firm, whether or not they involve the company’s audit, involve issues and audit approaches similar to those that arise or could arise in the audit of the company’s financial statements;
  • to the extent any such similarity exists, whether and how the firm has become comfortable that the same or similar deficiencies either did not occur in the audit of the company’s financial statements or have been remedied;
  • how issues described by the Board in general reports summarizing inspection results across groups of firms relate to the firm’s practices, and potentially the audit of the company’s financial statements, and how the firm is addressing those issues; and
  • what changes the firm has been making to its policies and procedures to address quality control issues indicated by deficiencies in the audit of the company’s financial statements or to reduce the chance that types of deficiencies identified in other audits will arise in audits of the company’s financial statements.

Understanding the PCAOB Inspection Process

The release also includes an appendix that offers an overview of the audit firm inspection process itself. Even if you already have a general idea about how the PCAOB’s inspection process works, the appendix is worth the read if not just for the insight that it offers into how company audits are selected for review and how company-specific information gleaned from a review might be used.

For example, inspections typically focus on companies and financial reporting areas that are at a greater risk of misstatements or auditing deficiencies. Risk factors that the PCAOB considers when selecting an audit for review include, among others, the nature of a company or its industry and a company’s market capitalization. The appendix also identifies some of the circumstances under which the PCAOB will transmit detailed reports about a company, in addition to the inspection report itself, to the Commission or other regulatory or law enforcement authorities.

The full release is reproduced below.

The PCAOB Re-proposes an Auditing Standard Related to Communications with Audit Committees

In a somewhat related vein, on Friday the PCAOB announced an open meeting for Wednesday, August 15th, to reconsider adopting an auditing standard related to communications with audit committees. The initial standard was first proposed on March 29, 2010 and later revised and re-proposed on December 20, 2011.

(Download File)

Be the first to comment

PCAOB Releases a Proposal to Enhance the Auditor’s Reporting Model

by Vanessa Schoenthaler on June 22, 2011

Yesterday the Public Company Accounting Oversight Board issued a concept release detailing a number of potential changes to the auditor’s reporting model and seeking public comment on each.

Together the changes focus on enhancing the relevancy of audit reports by expanding upon and improving the utility of the information contained within them. Specifically, the PCAOB is seeking comment on four alternatives which it may pursue individually or in any combination:

An Auditor’s Discussion and Analysis – The release proposes a supplemental narrative to the audit report, described as an auditor’s discussion and analysis (AD&A), which would provide an auditor’s perspective on significant matters associated with an audit. As proposed, the AD&A might address:

  • information about the audit itself, such as audit risks that were identified, the audit procedures and results, or an auditor’s independence;
  • an auditor’s perspective on matters related to the financial statements, such as management’s judgments and use of estimates, accounting policies and practices, or difficult or contentious issues;
  • material matters where a company is in technical compliance with the financial reporting requirements, but where disclosure might still be enhanced to provide a better understanding of the matters and their impact on the company’s financial statements; and
  • areas where management could have applied different accounting standards or disclosures in the financial statement preparation.

The release notes that the purpose of an AD&A would not be to provide separate assurances regarding specific matters, but simply “to facilitate an understanding of the auditor’s opinion on the financial statements taken as a whole.”

Auditors Discussion and AnalysisSee: Concept Release pages 15-18

Emphasis Paragraphs – The release proposes potentially requiring and expanding the use of emphasis paragraphs in all audit reports. Emphasis paragraphs, such as statements that: “the entity is a component of a larger business enterprise” or “the entity has had significant transactions with related parties” are currently discretionary.

See: Concept Release page 21

Assurance on Information Outside of the Financial Statements – The release also proposes potentially requiring auditors to provide assurances on information outside of the financial statements, such as information contained in management’s discussion and analysis, non-GAAP financial information or earnings releases. Currently an auditor must only read and consider whether information outside of the financial statements is materially consistent with the financial statements; there is no requirement to provide assurances on any such information (unless separately engaged by a company, in its discretion, to do so).

See: Concept Release pages 24-26

Clarification of Language in the Standard Auditor’s Report – The release proposes clarifying certain language used in standard auditor reports, such as including an explanation of what:

  • constitutes “reasonable assurance”;
  • does it mean to be “independent”;
  • is the auditor’s role with respect to the detection of financial statement fraud;
  • is the auditor’s responsibility for financial statement disclosures;
  • is management’s responsibility with respect to the preparation and presentation of the financial statements; and
  • is the auditor’s responsibility with respect to information outside of the financial statements.

This concept release only marks the beginning of the potential revision process. The adoption of any one or combination of these proposals, in whatever form they end up taking, will require additional rulemaking and standard setting by the PCAOB and the Securities and Exchange Commission. If you’re interested, the release also contains a brief overview of the history of audit reports in the United States, and prior attempts to revise them, which is worth a quick read (see Appendix A).

Initial comments can be submitted in writing or through the PCAOB’s website until September 30, 2011. The PCAOB will also hold a public roundtable to  discussion the concept release sometime in the the third quarter of 2011.

(Download File)

1 comment

The SEC Recommends No New SOX 404(b) Exemptions for Accelerated Filers

by Vanessa Schoenthaler on April 25, 2011

On Friday the Securities and Exchange Commission released its latest Dodd-Frank Act-mandated study which looks at how the burdens of Sarbanes-Oxley Section 404(b) compliance (the auditor attestation requirement) might be reduced for companies with market capitalizations of between $75 million and $250 million while still maintaining investor protections, as well as at whether a reduction in or exemption from Section 404(b) compliance would encourage companies to list their initial public offerings in the United States.

As part of its analysis the Commission reviewed findings from its 2009 Section 404 study, actions that have already been taken to reduce the burdens of Section 404 compliance (previously discussed here), academic and other research, and comment letters received in response to a request for public comment made in conjunction with the current study. The Commission concluded that:

  • the overall cost of Section 404(b) compliance has declined;
  • investors view Section 404(b) auditor attestations as beneficial;
  • financial reporting is more reliable when auditors are involved; and
  • there is no conclusive evidence that links the requirements of Section 404(b) compliance with the listing choices of companies undertaking their initial public offerings.

Based on these findings the Commission makes two recommendations, that:

  • existing Section 404(b) requirements for issuers with market capitalizations of between $75 million and $250 million remain in place; and

So, unless Congress enacts another exemption, it looks like accelerated filers with market capitalizations of between $75 million and $250 million will remain subject to Sarbanes-Oxley Section 404(b)’s auditor attestation requirement.

***

There wasn’t too much in the way of new information in the Section 404(b) study, but there were a few interesting charts and data points:

In 2009, 9,092 unique issuers filed annual reports with the Commission on Forms 10-K or 20-F (excluding investment companies, issuers of asset backed securities, certain Canadian issuers and financial institutions, among other miscellaneous categories of filers). These filers are broken down as follows:

There was a significant difference between the mean and median audit fees incurred by accelerated and non-accelerated filers in 2009:

Source: Section 404(b) Study Fig. 3, page 37

More than 80% of all restatements that occurred in 2009 were caused by the misapplication of GAAP accounting standards, but issuers that were subject to Section 404(b) had lower restatement rates.

Source: Section 404(b) Study Fig. 7, page 40

Finally, the U.S. markets’ share of world-wide IPOs raising less than $250 million has declined dramatically over the past decade.

New listing with proceeds of less than $50 million

Source: Section 404(b) Study Fig. 12, page 47

New listing with proceeds of less than $75 million

Source: Section 404(b) Study Fig. 11, page 47

New listing with proceeds of $75 million to $250 million

Source: Section 404(b) Study Fig. 10, page 45

New listing with proceeds of $50 million to $500 million

Source: Section 404(b) Study Fig. 13, page 48

1 comment

The SOX 404(b) Compliance Study: A Comment Letter Audit

by Vanessa Schoenthaler on January 11, 2011

Internal Controls Over Financial ReportingWhen President Obama signed the Dodd-Frank Wall Street Reform and Consumer Protection Act into law on July 21, 2010 it immediately amended the Sarbanes-Oxley Act of 2002 by permanently exempting non-accelerated filers from the Section 404(b) requirement that they obtain an auditors’ attestation on management’s assessment of the effectiveness of internal controls over financial reporting.

The Dodd-Frank Act also requires that the Securities and Exchange Commission study how the burden of Section 404(b) compliance might be reduced for companies with market capitalizations of between $75 million and $250 million while still maintaining investor protections, and whether a reduction in or exemption from Section 404(b) compliance would encourage companies to list their initial public offerings in the United States.  The Commission has until April 21, 2011 to submit the study to Congress.

This is the second cost-benefit analysis of Section 404(b) that the Commission will undertake.

The First SOX 404(b) Compliance Study (2009)

Section 404 of the Sarbanes-Oxley Act, as originally adopted, was made up of two subsections:

  • 404(a) requiring that a report on management’s assessment of the effectiveness of internal controls over financial reporting be included in a company’s annual report; and
  • 404(b) requiring a company’s auditors to attest to, and report on, management’s assessment of the effectiveness of its internal controls over financial reporting.

Shortly after Section 404 took effect it became apparent that it was far more costly for companies to comply with the new requirements than had originally been anticipated, particularly with Section 404(b).  To address this issue, in 2007, the Commission released interpretive guidance to assist management in its assessment of internal controls over financial reporting.  That same year the Commission also approved the Public Company Accounting Oversight Board’s (PCAOB’s) new Auditing Standard No. 5–addressing an auditor’s attestation of, and report on, management’s assessment under Section 404(b)–which replaced the more conservative Auditing Standard No. 2.

Thereafter the Commission undertook a survey of companies experienced with Section 404(b) compliance to determine whether, and to what extent, the 2007 reforms affected their compliance costs. The results, published in September 2009, found the reforms were effective in reducing the overall cost of compliance.  The survey also found costs varied by:

  • company size–with larger companies experiencing greater total costs, but smaller companies experiencing greater costs as a percentage of assets;
  • whether a company was complying with Section 404(a) alone, or with both Sections 404(a) and 404(b); and
  • the amount of time a company had been complying with Section 404(b).

Comments on the Current SOX 404(b) Compliance Study

In October 2010 the Commission issued a request for public comment on the Dodd-Frank-mandated Section 404(b) compliance study.  To date it has received 12 comment letters, 2 coming from organizations representing companies with market capitalizations of between $75 million and $250 million, 6 from accounting firms and organizations representing the accounting and investment industries, and the remaining 4 from individuals.

Comments from Organizations Representing Companies

Comment letters from the Independent Community Bankers of America and Biotechnology Industry Organization (BIO) both favor extending the Section 404(b) exemption for non-accelerated filers to companies with market capitalizations of between $75 million and $250 million, mainly on the basis of the costs of compliance outweighing the perceived benefits.  BIO also points out in its comment letter that in a capital-intensive, research and development-oriented  industry, such as biotechnology, it is not uncommon for a company to have a large market cap, in excess of $75 million, but little or no revenue, further compounding the cost of compliance issue.

Comments from Accounting Firms and Organizations Representing the Accounting and Investment Industries

The Center for Audit Quality’s (CAQ’s) comment letter (representative of most of the other accounting firm and organizational comment letters) argues against extending the Section 404(b) exemption for non-accelerated filers to companies with market capitalizations of between $75 million and $250 million, maintaining that:

  • an auditor’s attestation of, and report on, management’s assessment under Section 404(b) encourages accountability on the part of management, which in turn enhances financial statement quality;
  • the cost of implementing Section 404(b) has declined since the Commission’s 2007 reforms and with the development and availability of additional resources (such as publications by the Committee of Sponsoring Organizations (COSO) of the Treadway Commission and CAQ itself); and
  • such companies are already complying with Section 404(b) and therefore have the most expensive implementation costs, the startup costs, behind them.

As a means of possibly reducing the compliance burden on such companies CAQ recommends that the PCAOB issue “best practices” for a Section 404(b) audit, the Commission and PCAOB conduct a series of forums to discuss best practices and common issues with the companies and their auditors and that the Commission participate in a COSO project to update its internal control framework guidance.

In its comment letter, the CFA Institute recommends that the Commission amend Forms 10-k and 10-Q to require Section 404(b) exempt companies: (i) check a box on the front page of each report disclosing their exempt status, and (ii) include substantive disclosure in each report regarding:

  • the reasons why they have taken advantage of the exemption;
  • a description of the internal controls they have in place to prevent faulty or fraudulent financial reports; and
  • why management believes such controls are sufficient (or not).

Comments from Interested Individuals

Finally we have a comment letter from Mr. Georg Merkl, a Swiss resident and frequent commenter on Commission rules related to internal controls over financial reporting.  Like the CFA Institute, Mr. Merkl also suggests that the Commission require Section 404(b) exempt companies to disclose their exempt status and include additional substantive disclosures regarding their internal controls over financial reporting in annual and quarterly reports.  Mr. Merkl also suggests that the Commission issue additional guidance regarding management’s obligations when an audit adjustment or restatement due to fraud or error occurs.

Some of Mr. Merkl’s more interesting suggestions to the Commission include:

  • requiring a company to disclose whether the departure of its chief financial officer, or any key accounting personnel, is due to a disagreement over matters of accounting principle or practice, or financial statement disclosure;
  • extending the Section 404(b) exemption for non-accelerated filers to companies that do not meet certain revenue requirements;
  • less frequent audits for smaller companies (I think this would make for an excellent compromise.  The largest cost component of Section 404(b) compliance is in the auditing fees. By requiring smaller companies to undergo Section 404(b) audits less frequently, say, for example, every three years as opposed to annually, the Commission could substantially reduce the cost of compliance for such companies while still meeting Section 404′s goal of ensuring investor protection); and
  • requiring an audit relying on fewer procedures, such as an audit attesting to, and reporting on, the existence of internal controls over financial reporting rather than their effectiveness (similar to Swiss requirements).

Overall the comments are pretty light compared to just about every other Dodd-Frank initiative underway.  Given the short time frame within which the study must be completed, the Commission’s current workload and continuing budgetary constraints, it’ll be interesting to see what the final study actually consists of.

1 comment

Financial Statement Red Flags

by Vanessa Schoenthaler on December 3, 2010

Financial Statement Red Flags

Yesterday the Securities and Exchange Commission made available a slide presentation from the Public Company Accounting Oversight Board’s  2010 Forum on Auditing in the Small Business Environment.  The slides include detailed notes on some of the more common issues encountered by the Commission in reviewing company financial statements.  A number of topics are addressed, from reverse mergers and business combinations to MD&A and disclosure controls and procedures, with some of the more universally applicable take-aways being:

  • Management’s Discussion and Analysis - Make sure that you are providing a sufficient level of detail in discussing factors that may contribute to fluctuations in your operating results from period to period and when discussing your liquidity and capital resources.  Also, make sure that you are disclosing known and predictable uncertainties that may have a material impact on your income from continuing operations.  In its presentation the Commission notes that it may issue comments in a situation where an event that triggers an impairment or other charge appears to have been predictable but was not addressed in an earlier period.
  • Revenue Recognition – Avoid using overly vague or boilerplate language in your accounting policy disclosure and make sure that you clearly state the timing and method you use for recognizing each material stream of revenue.
  • Disclosure Controls and Procedures – Disclosure controls and procedures encompass internal controls over financial reporting and even though disclosure controls and procedures may be found effective at the same time internal controls over financial reporting are found ineffective, if you reach that conclusion you should be prepared to support it.
  • Internal Control Over Financial Reporting – Make sure that you are explicitly stating, without the use of any qualifying language or limitations in scope, whether or not your internal controls over financial reporting are effective.  If you find a material weakness in your internal controls over financial reporting, you should focus on more than just its impact on the particular line item in which it was discovered, instead, in both your disclosure of the weakness itself and your remediation disclosure, you should consider and discuss its impact on other items in your financial statements.  And, again, avoid using overly vague or boilerplate language that remains static from period to period.
  • Changing a Certifying Accountant – If you dismiss your independent accountant because it has been involuntarily deregistered by the PCAOB, disclose that fact in your Forms 8-K, and if your former independent accountant’s audit report contained a going concern opinion it should also be disclosed in the Form 8-K as a modification as to uncertainty.

There are a number of other useful bits of disclosure guidance throughout the slide presentation, and it’s probably worth a flip through as you prepare for you next periodic filing.

Be the first to comment

The PCAOB Looks to Open Its Disciplinary Proceedings to the Public

by Vanessa Schoenthaler on September 3, 2010

Dow Jones and the WSJ (subscription required) are reporting that the Public Company Accounting Oversight Board, the agency created by Sarbanes-Oxley to oversee auditors of U.S. companies, has submitted a letter to Congress proposing that its disciplinary proceedings be opened to the public.  Among the reasons advanced for the proposal are a need for increased transparency and elimination of incentives to draw proceedings out.  The PCAOB cites the example of a firm that, though ultimately expelled from auditing public companies, issued 29 audit reports in a two-year period between the initiation of disciplinary proceedings and their public disclosure.

The PCAOB oversees more than 2,400 public accounting firms and has settled 32 disciplinary proceedings as of this writing; it’s unclear how many disciplinary proceedings are ongoing or how many, if any, have been resolved in favor of a respondent.

Be the first to comment