The Public Company Accounting Oversight Board (PCAOB) conducts periodic inspections of registered public accounting firms (PCAOB Firms) audit practices as part of its oversight of such firms. The PCAOB has recently released an overview of its priorities for these inspections with respect to fiscal year 2022 audits. Following a discussion of the process of a PCAOB inspection and practical considerations for public companies, we describe the PCAOB’s general considerations and specific areas of focus for 2023. Under the Sarbanes-Oxley Act, PCAOB Firms with more than 100 public audit clients are inspected annually, while PCAOB Firms with 100 or fewer public audit clients are inspected at least once every three calendar years. PCAOB inspections are designed to review portions of selected audits of public companies and to evaluate elements of the inspected PCAOB Firm’s system of quality control.
Background on PCAOB Inspections
The audits and audit areas to be reviewed in a PCAOB inspection are selected by the PCAOB team conducting the inspection. The inspected PCAOB Firm has no opportunity to limit or influence the selections. In selecting audits for review, the PCAOB generally uses both risk-based and random methods of selection. The PCAOB will generally focus its attention on audit areas it believes to be of greater complexity, areas of greater significance or with a heightened risk of material misstatement to the public company client’s financial statements, and areas of recurring deficiencies. These areas are reflected in the PCAOB’s annual inspection priorities discussed below.
For selected audit areas, the PCAOB inspectors will review the PCAOB Firm’s work papers and will interview the PCAOB Firm’s engagement team regarding those audit areas. This process may involve the PCAOB Firm informing its public company client that its audit has been selected for PCAOB review and requesting additional information from the public company client as part of the review process. The PCAOB inspectors will discuss potential identified deficiencies with the PCAOB Firm and may review additional audit documentation.
Deficiencies Identified during Inspections
If the PCAOB inspectors identify a deficiency after its discussion and additional review, the PCAOB will issue a written comment to the PCAOB firm, to which the PCAOB Firm may provide a written response. After the PCAOB Firm’s response to the comments, the PCAOB evaluates the matter for inclusion in the inspection report. Inclusion of the deficiency in the inspection report does not mean that the PCAOB Firm has not addressed the deficiency. In many cases, the PCAOB Firm will have taken remedial actions by the time the PCAOB publishes the inspection report, which may include informing the public company client’s management of the need for changes to the financial statements or internal control reporting, and in some cases may take steps to prevent reliance on prior audit reports. Such revisions could require restating prior period financial statements and the identification of a material weakness or significant deficiency in the public company client’s internal control over financial reporting. Such a restatement could result in a delay or delinquency in filing of the public company client’s current SEC periodic reports. Relatedly, a PCAOB Firm may be unwilling to complete an audit or review of a public company client’s current financial statements while a PCAOB review of the client’s prior year audit is ongoing that could result in the need to revise the financial statements or make a change in accounting treatment, which could lead to delays and delinquent filings.
Each PCAOB inspection results in a report, which is publicly available on the PCAOB’s website. The report will include a description of identified deficiencies in connection with the audits reviewed. The deficiencies will each be identified in connection with a specific audit reviewed, identifying the industry of the issuer, the type of audit and area of review and a description of the deficiency or deficiencies identified in the review, if any. The descriptions are not intended to allow for the identification of the issuers.
Practical Considerations for Public Companies
If a public company is informed by its auditor that its audit has been selected for PCAOB review, there is no need for immediate concern on the part of the public company. Selection is not an indication of suspected wrongdoing and in most cases will not result in adverse consequences. It is possible that the inspection may result in the need for revisions to previously issued financial statements for accounting treatments with which the PCAOB inspectors disagree, but the process can also result in the identification of potential problem areas prior to the need for a future revision or restatement.
The focus areas identified below may help public companies assess the likelihood that the PCAOB selects an audit of their financial statements for review. Understanding the focus areas may also aid public companies in anticipating areas where the PCAOB may take a different view on the proper accounting treatment than currently followed by the public company.
General Considerations for 2023
All companies should evaluate how they are handling the following general concerns of the PCAOB.
General Economic Conditions
The main driver behind the PCAOB’s inspection priorities for 2023 is how the current state of the economy is affecting financial disclosures of public companies. Volatility from, among other things, rising interest rates, fluctuating asset values and issues in finding and maintaining talent has the PCAOB focused on how PCAOB Firms are adjusting for change and placing proper safeguards in place to protect the integrity of the audit process and financial statement disclosures.
Use of Data and Technology
The PCAOB is seeking to maintain its awareness of the use of technology in auditing and financial reporting and gain a more in-depth understanding of how auditors are using technology-based tools in assessing risk.
Risk of Fraud
The PCAOB identified heightened risk of fraud from general economic conditions and increased work from home policies with a focus on PCAOB Firms’ analysis of controls, the potential for issuers to conceal fraudulent activities and how PCAOB Firms’ considered responses from management and audit committees, probed unusual transactions and followed up on tips about potential misconduct from investors and employees of the company.
Auditing and Accounting Risks
Audit subjects that are material, complex, judgement-based and vary with economic conditions are, as always, an area of focus, with particular focus on whether the PCAOB Firm was sufficiently skeptical of management, PCAOB firm review of disclosure procedures and sufficiency of evidence to support findings by the PCAOB firm.
Risk Assessment and Internal Controls
Risk assessments and internal controls related to the current economic and geopolitical climate are an area of focus.
Quality Control
In particular, the focus is on compliance with existing standards, hiring challenges and independence.
Critical Audit Matters
PCAOB Firms being inspected for the first time since the implementation of Critical Audit Matters (CAM) disclosures are an area of focus, as well as the potential for additional required CAMs due to the rapidly changing macroeconomic environment.
Specific Areas of Focus for 2023
Specific areas of focus may make a particular audit more likely to be inspected. The following are the key areas of focus for 2023:
Financial Services | The PCAOB is focused on the ability of financial services firms to operate as a going concern, the depth of the PCAOB firm’s understanding of the business, whether adjustments were made to risk assessments for the current state of the financial markets, whether a specialist should have been included in the audit, and the sufficiency of procedures regarding disclosures, in particular regarding liquidity risks. |
Broker-Dealers | Specific areas of focus include PCAOB Firms’ treatment of revenues that pose a significant risk of fraud, internal controls, compliance with consumer protection rules and review of SEC exemption reports. |
Digital Assets | Digital assets are a specific area of focus due to significant volatility and lack of regulation, with particular focus on PCAOB Firms’ risk assessments, training, policies and procedures. |
M&A / De-SPAC | De-SPAC transactions are a specific area of focus, with particular focus on: financial instruments using complex valuation models; reverse mergers; internal controls; financial statement presentation and disclosure; significant equity or debt restructuring; and going concern disclosures. |
Work Of Other Auditors | Audits relying on other auditors, in particular those in Russia, Belarus and Ukraine, are an area of focus making an audit more likely to be inspected. |
Cybersecurity | PCAOB Firms’ responses to clients’ cybersecurity incidents are an area of focus, with an emphasis on whether the PCAOB Firms’ consideration of the potential for a misstatement from the incident and a review of PCAOB Firms’ policies relating to clients’ cybersecurity incidents. |
Inflationary Risks | Businesses exposed to inflationary risks, changing exchange rates, volatile commodities, severe uncertainty or that use unreasonable assumptions are an area of focus. |