This update addresses selected PCAOB developments since the Fall 2008 Update that are likely to be of interest to accounting and auditing researchers, educators, and students. The developments discussed here relate to a suite of seven proposed risk assessment standards, a practice alert on auditing in the current economic environment, staff guidance on auditing internal control of smaller public companies, and a report on the first four years of PCAOB inspections of the eight largest firms.
Proposed Risk Assessment Standards: On October 21, 2008, the PCAOB proposed for public comment a suite of seven new auditing standards related to the auditor's assessment of risk and responses to those risks, as well as related conforming amendments to other standards. The proposed standards would supersede the Board's interim auditing standards related to audit risk and materiality, audit planning and supervision, consideration of internal control in an audit of financial statements, audit evidence, and performing tests of accounts and disclosures before year end.
The proposed standards would establish requirements and provide direction on audit procedures performed throughout the audit, from the initial planning stages, through the evaluation of the audit results, to forming the opinion(s) in the auditor's report. The proposals build upon and attempt to improve the existing framework for risk assessment by, among other things, taking account of improvements in risk assessment methodologies, enhancing the integration of the risk assessment standards with the Board's standard for the audit of internal control over financial reporting, emphasizing the auditor’s responsibilities for considering the risk of fraud as being a central part of the audit process, and reducing unnecessary differences with the risk assessment standards of other auditing standard setters. The comment period ends February 18 and readers may view comments at PCAOB Rulemaking Docket 026.
The seven proposed risk assessment standards are as follows:
- Audit Risk in an Audit of Financial Statements. This proposed standard describes the components of audit risk and the auditor's responsibilities for reducing audit risk to an appropriately low level in order to obtain reasonable assurance in an audit of financial statements.
- Audit Planning and Supervision. This proposed standard describes the auditor's responsibilities for planning the audit, including assessing matters that are important to the audit, and establishing an appropriate audit strategy and audit plan. The proposed standard also describes the responsibilities of the engagement partner and other engagement team members for supervising and reviewing the work of the engagement team.
- Identifying and Assessing Risks of Material Misstatement. This proposed standard describes the auditor's responsibilities for identifying and assessing risks of material misstatement. The risk assessment process discussed in the proposed standard includes information-gathering procedures to identify risks (e.g., obtaining an understanding of the company, its environment, and its internal control) and analysis of the identified risks.
- The Auditor's Responses to the Risks of Material Misstatement. This proposed standard sets forth the auditor's responsibilities for responding to the risks of material misstatement, including overall responses related to the general conduct of the audit and responses involving specific audit procedures.
- Evaluating Audit Results. This proposed standard describes the auditor's responsibilities regarding the process of evaluating the results of the audit in order to form the opinion(s) to be presented in the auditor's report. This process includes evaluating uncorrected misstatements and control deficiencies identified during the audit.
- Consideration of Materiality in Planning and Performing an Audit. This proposed standard sets forth the auditor's responsibilities for applying the concept of materiality, as described by the federal securities laws, in planning the audit and determining the scope of the audit procedures.
- Audit Evidence. This proposed standard sets forth the auditor's responsibilities regarding designing and applying audit procedures to obtain sufficient appropriate evidence to support the opinion(s) in the auditor's report. In particular, it discusses the principles for determining the sufficiency and appropriateness of audit evidence.
Practice Alert on Auditing in the Current Economic Environment: On December 5, 2008, the PCAOB issued a Staff Audit Practice Alert to assist auditors in identifying matters related to the current economic environment that might affect audit risk and require additional emphasis in audits of financial statements and audits of internal control over financial reporting. The alert highlights special auditing risks and challenges related to the current economic environment, including discussion related to the following six areas:
- Overall audit considerations
- Auditing fair value measurements
- Auditing accounting estimates
- Auditing the adequacy of disclosures
- Auditor’s consideration of a company’s ability to continue as a going concern
- Additional audit considerations for selected reporting areas
Staff Guidance on Auditing Internal Control of Smaller Public Companies: On January 23 the PCAOB published Staff Views – An Audit of Internal Control Over Financial Reporting That Is Integrated with An Audit of Financial Statements: Guidance for Auditors of Smaller Public Companies. This publication was developed by the staff of the PCAOB Office of the Chief Auditor to help auditors apply the provisions of PCAOB Auditing Standard No. 5. Although this staff guidance is not a rule of the Board and does not establish new requirements, it is intended to help auditors design and execute audit strategies that will achieve the objectives of Auditing Standard No. 5. In developing the guidance, the staff organized a working group composed of auditors who have experience with audits of internal control over financial reporting in smaller, less complex companies. The auditors identified issues that pose particular challenges in auditing internal control in such companies and provided insights and examples based on their experiences in addressing these issues.
Issues that are addressed in the publication include:
- Scaling the audit for smaller, less complex companies
- Evaluating entity-level controls
- Assessing the risk of management override and evaluating mitigating actions
- Evaluating segregation of duties and alternative controls
- Auditing information technology controls in a less complex information technology environment
- Considering financial reporting competencies and their effects on internal control
- Obtaining sufficient competent evidence when the company has less formal documentation
- Auditing smaller, less complex companies with pervasive control deficiencies
Report on First Four Years of PCAOB Inspections of Largest Firms: On December 5, 2008, the PCAOB released a report summarizing the inspection findings of the eight domestic accounting firms that were subject to annual inspections over the past four years. The Board issued this report to highlight certain areas where its inspectors of the domestic annually inspected firms identified deficiencies and to describe some of the steps particular firms have implemented in an effort to remediate the deficiencies and improve their audits. The report should be of high interest and usefulness to auditing educators, researchers, and students as well as practicing auditors.
The report describes how the PCAOB inspection process focuses on the most challenging and high risk areas of the audit, including areas that are fundamental to any audit, such as testing of revenue, as well as areas that pose increasingly challenging issues in current market conditions, such as testing of fair value measurements. The report describes deficiencies observed in these areas, as well as deficiencies in the following additional audit areas: identifying departures from generally accepted accounting principles (GAAP); auditing of management’s estimates, income taxes, and internal control; performing analytical procedures and audit sampling; using the work of specialists; and assessing materiality, audit scope, and audit differences. The report also includes information on changes in the quality control systems that firms have described in remediation plans submitted in response to the first years of inspection reports. These include changes to firm structure, partner evaluation processes, internal inspection programs, procedures for using the work of foreign affiliates, and processes for compliance with independence requirements.
Although researchers, educators, and others should find the report to be useful in their work, the report cautions against using the report to draw broad conclusions about the quality of audits performed by any (or all) of these firms. The report points out that the total number of audits reviewed during the four-year period, while substantial, constituted a relatively small portion of the total audits of issuers performed by these firms, and the selection of audits for review was not, and was not intended to be, a representative sample of the audits that the firms performed. In addition, a review of an audit generally encompassed only certain aspects of the firm's performance of that audit. These aspects were selected based principally on perceived risk.
**Gary Holstrum is former PCAOB Associate Chief Auditor and Director of Research in the Office of Chief Auditor.
Thomas Ray is PCAOB Chief Auditor and Director of Professional Standards.
Gregory Scates is PCAOB Deputy Chief Auditor.
*Note the hyperlinks to various items on the PCAOB Web site (www.pcaobus.org) and to the Auditing Section web site. A convenient history of PCAOB standards-setting activity and related briefing papers are available through the hyperlinked previous PCAOB Standards Update articles in the Spring 2005, Summer 2005, Fall 2005, Spring 2006, Summer 2006, Fall 2006, Spring 2007, Summer 2007, Fall 2007, Spring 2008, Summer 2008, and Fall 2008 Update issues of The Auditor's Report. The views expressed in this article are those of the authors and not necessarily those of the PCAOB, individual Board members, or other PCAOB staff. Responses to the article or related research may be emailed to email@example.com.