SOX compliance officers, prepare to recalibrate your audit compass: the PCAOB has released its list of priorities for audit inspections this year.
In a 19-page briefing document published yesterday, the PCAOB said its 2017 inspections are focusing on chronic trouble spots such as auditing accounting estimates and audits of internal control over financial reporting. They also touch on several emerging issues, such as how audit firms plan to address new accounting standards with their clients; how firms consider economic factors like the Brexit vote last year; and cybersecurity.
The Public Company Accounting Oversight Board exerts regulatory pressure on corporations indirectly. It regulates and inspects audit firms, for the work the firms perform on you—so whatever concerns the PCAOB expresses to the firms will eventually shape the experience you have with them as they audit your internal controls and financial statements. When you wonder “Why are the auditors hassling me over this issue this year? Why do they want more evidence?” it may well be because PCAOB inspectors are pressuring them to be more skeptical and do a more thorough job.
A closer look at the inspection priorities:
- Recurring audit deficiencies. That is, the PCAOB is inspecting audits to see how firms are doing with subjects they historically don’t handle too well. That includes firms’ procedures for audits of internal control over financial reporting, assessing and responding to risk of material financial misstatement, and auditing of accounting estimates. I’m especially interested in the last one, since the PCAOB is poised to adopt a new standard for use of estimates. Clearly the agency has concerns about how estimates are handled in audits.
- Brexit. The PCAOB diplomatically admits, “the effects of Brexit are potentially wide ranging and some of them may not be fully known for some time into the future,” which is putting things mildly. In theory, however, Brexit could have significant consequences for financial firms with heavy European operations. So the PCAOB wants to see how audit firms have been assessing “Brexit risk” and corresponding disclosures in the financial statements.
- Continued M&A activity. This point touches on estimates mentioned above, and much more. Plenty of M&A deals include goodwill allocations across multiple operating units, contingent considerations for future earn-outs, and valuation of intangible assets, where all those numbers rely on management’s estimates. Some of these estimates could fertilize a field in Iowa. As the PCAOB dryly noted, “Inspections staff has observed that auditors frequently did not appropriately apply professional skepticism when testing estimates, including not considering contradictory or potentially inconsistent information when testing these areas.” Inconsistent information during an M&A deal? I’m shocked.
- New accounting standards. In the fullness of time, I expect this point to become a big deal. Public companies are grappling with the new standard for revenue recognition right now (effective Dec. 15, 2017), follow by the new standard for operating leases going into effect at the end of 2018. Both standards are likely to bring significant changes to companies’ internal processes, controls, and accounting policies. The PCAOB wants to be sure audit firms are talking about all that with their clients.
An important point to remember is that the PCAOB selects these topics because it believes they pose the most risk to financial statement audits right now. What’s more, most of the actual audits it selects for inspection are also based on risk (although a small number of them are selected randomly).
So if your business is expecting a material change in the timing or nature of your revenue recognition thanks to the new revenue standard; or if your business is highly acquisitive and does M&A deals all the time—your audit might be more likely to get inspected. If your audit firm deals with many companies in that situation, that increases the chances even more.
These 2017 inspections examine work the firms did earlier this year for 2016 financial statements; there’s not much you, the SOX compliance officer or corporate controller, can do about those audits now. Rather, the PCAOB discloses these priorities so you (and your audit committee) can have productive conversations about next year’s audits, which most certainly will be colored by this year’s inspection results. So plan accordingly.