Friday, September 02, 2022

PCAOB offers observations, good practices from targeted inspections

By John Filar Atwood

A new report from the PCAOB’s Division of Registration and Inspections outlines deficiencies that the division’s target team found in its 2021 inspections, as well as good practices that are in use at some audit firms. The target team, whose mandate is to conduct in-depth reviews of selected audits to look for emerging audit risks, reviewed the 2021 audits of 40 companies across nine industries with a focus on fraud, interim reviews of SPACs and de-SPACs, going concern, and cash and cash equivalents.

Fraud. The reviews focused on the audit team’s response to the risk of fraud due to the potential increased risk of fraudulent financial reporting due to the current economic environment. The report notes that fraud may show up in management’s use of more aggressive assumptions and estimates, improper revenue recognition, or through misleading disclosures.

The target team observed instances where professional skepticism was demonstrated by auditors in designing thoughtful responses to the increased fraud risk, but it also found where the engagement team fell short. These included failures to perform sufficient procedures to understand the public company’s whistleblower program when it was a key component of their audit response to fraud, including how tips are received, escalated, and resolved.

The team also found instances where the auditors did not consider the factors, with due professional care, relevant to the particular public company when identifying and selecting journal entries for testing and in performing other fraud procedures, particularly when contradictory documentation existed in other parts of the work papers.

The target team observed some practices regarding the heightened risk of fraud that it believes may have enhanced audit quality, including instances where the audit team incorporated additional procedures as safeguards. The report cites an example of where an engagement team attempted to identify potential related party transactions by querying a database of companies registered as businesses in a particular state to determine if any other businesses were associated with the company’s employees. The auditors then compared any identified companies associated with the company’s employees to the company’s check register and vendor list to identify related party transactions.

A second good practice in the area of fraud detection was where firms expanded their fraud inquiries to include open-ended questions on the interviewees’ views on the financial reporting process, vendor relationships, the public company’s internal compliance policy, interactions with immediate supervisors, and the impact of COVID-19 on controls and/or resources.

The target team also recognized some firms’ use of forensic staff. According to the report, many audit firms implemented a new requirement to involve the audit firm’s forensic staff in the engagement team’s fraud risk-assessment procedures for all public company audits in the consumer discretionary sector with a perceived fraud risk related to revenue recognition.

SPACs and de-SPACs. Given the significant rise in 2021 of SPAC IPO activity, the target team tried to gain an understanding of the emerging risks related to SPACs through inspection of interim reviews of those companies’ quarterly financial information. Specifically, the team reviewed the accounting treatment and valuation of warrants, the accounting treatment for reverse mergers, interim financial statement presentation and disclosures, and restatements related to redeemable shares, warrants, and other related accounts.

The team found instances where engagement teams did not identify that the public company’s equity statement did not agree with its accounting records, or consider whether presentation and disclosures of the interim financial statements conformed with GAAP. The team also reviewed audits where the auditors did not identify an error in the public company’s financial statement fair value disclosure when public warrants were incorrectly included in the Level 3 fair value roll-forward.

Good practices that the team observed with respect to SPACs and de-SPAC transactions included the use of auditor-employed valuation specialists to review the work of the companies’ specialists in determining the valuation of the warrant liability, intangible assets, and purchase price accounting. Other audit firms required consultations when evaluating quantitative factors for establishing materiality for start-up entities to provide guidance on the appropriate benchmarks to use, as well as the suggested ranges to apply to various benchmarks.

The target team also flagged an instance where an audit firm’s national office tracked de-SPAC transactions and reached out to engagement teams to facilitate discussions on financial instruments that may require engagement teams to involve auditor-employed specialists with financial instrument expertise.

Going concern. As part if its reviews, the target team considered whether auditors appropriately evaluated whether there was substantial doubt about a public company’s ability to continue as a going concern in light of the economic environment. The report lists five areas where the team felt that auditors did not sufficiently perform procedures to support their conclusions.

The cited examples were where auditors did not: (1) perform sufficient procedures to evaluate the reasonableness of a public company’s forecasted cash outflows used in management’s assessment; (2) perform any procedures to assess the reasonableness of the forecasted available borrowings used in management’s going concern assessment; (3) evaluate the specific review procedures that the control owner performed to assess the reasonableness of forecasted EBITDA used in management’s going concern assessment; (4) evaluate the relevance and reliability of information from sources external to the company used in management’s EBITDA projections in connection with the auditor’s evaluation of whether there could be substantial doubt about the public company’s ability to continue as a going concern, and (5) obtain sufficient appropriate audit evidence for a significant element of management’s plan to alleviate substantial doubt because the engagement team did not obtain evidence to support adjustments to net income reflected in management’s calculation of the public company’s leverage ratio.

Good practices that the team observed included instances where audit firms required consultations in connection with their evaluation of the public company’s liquidity position and management’s going concern assessment, particularly related to assumptions regarding COVID-19 and its anticipated duration. In addition. the report singled out firms that, as a practice, assigned experienced staff members to evaluate management’s going concern assessment, given the increased risk.

The target team also cited firms where the auditors were active participants in their firm’s public company industry group and engaged other auditor-employed specialists to assist with the procedures performed. The team noted that the industry group collaborated regularly through quarterly and ad-hoc meetings to discuss pertinent current events and risks impacting the industry.

Cash and cash equivalents. The target team felt that audit risks could arise from arrangements for holding cash and cash equivalents, such as those involving the use of trustees, restrictions on cash balances, offshore accounts, and complex terms and conditions. The target team observed situations where the engagement team did not perform sufficient procedures to support the validity of confirmations received, such as contacting the purported sender telephonically or by other means to confirm the cash confirmation e-mail response was actually sent by an authorized respondent.

In its inspections the team found that some firms audit firms had updated their confirmation guidance for engagement teams. The updated guidance addressed confirmations of bank accounts, including determining the individual bank accounts to confirm.

The team also cited the good practice of using service providers to facilitate direct electronic transmission of confirmations. In some instances, audit firms have developed software audit tools to interface with the third-party vendors, or established procedures for evaluating relevant controls at a service provider, which are meant to address reliability, the team noted.