Public Company Accounting Oversight Board (PCAOB) report, based on inspections of registered public accounting firms from 2012 to 2014, finds significant deficiencies in auditing firms’ assessment of clients’ risk. The risk assessment standards, Auditing Standards No. 8 through No. 15 adopted in 2010, are designed to assist the auditor in assessing audit risk, to respond to the risks of material misstatement, and to evaluate results of procedures performed in an audit.
In audits performed in accordance with PCAOB standards, risk underlies the entire audit process, including the procedures that the auditor performs to support the opinion expressed in the auditor’s report. PCAOB adopted eight Risk Assessment Standards to establish audit requirements to enhance the effectiveness of the auditor’s assessment of and response to the risks of material misstatement in an audit. Proper application of these standards is important for performing effective audits of internal control and audits of financial statements.
The eight auditing standards that address procedures performed from initial planning through the evaluation of audit results to support an opinion include:
• AS No. 8, Audit Risk
• AS No. 9, Audit Planning
• AS No. 10, Supervision of the Audit Engagement
• AS No. 11, Consideration of Materiality in Planning and Performing an Audit
• AS No. 12, Identifying and Assessing Risks of Material Misstatement
• AS No. 13, The Auditor’s Responses to the Risks of Material Misstatement
• AS No. 14, Evaluating Audit Results
• AS No. 15, Audit Evidence
Based on 2012 inspections, the Board staff found that while accounting firms generally made appropriate adjustments to their audit methodologies to implement the new risk assessment standards, 26% of the 632 engagements inspected had audit deficiency related to one or more of the risk-based standards, which contributed to an insufficiently supported audit opinion. The number of audit deficiencies increased to 27% in 2013. The Board finds similar audit deficiencies in 2014.
The most frequently identified Risk Assessment Deficiencies related to AS No. 13, The Auditor’s Responses to the Risks of Material Misstatement, AS No. 14, Evaluating Audit Results, and AS No. 15, Audit Evidence.
Examples of Common Deficiencies Include:
• Firms did not perform substantive procedures, including tests of details, that were specifically responsive to fraud risks and other significant risks that were identified (AS No. 13)
• Firms did not perform sufficient testing of the design and operating effectiveness of controls to support their planned level of control reliance, including testing controls over the system-generated data and reports that were used to support important controls or substantive procedures performed in response to the assessed risks of material misstatement (AS No. 13 and AS No. 15)
• Firms did not evaluate the accuracy and completeness of financial statement disclosures. (AS No. 14)
• Firms did not take into account relevant audit evidence that appeared to contradict certain assertions in the financial statements. (AS No. 14)
Recurring audit deficiencies related to the risk assessment standards suggest that audit quality challenges remain and, according to PCAOB, more can be done to improve the quality of audits. Audit committees may also find this report useful in fulfilling their responsibilities with respect to independent auditors. Audit committees may consider inquiring of the Issuer’s auditor:
• Have the PCAOB’s inspections or firm’s internal inspections identified any significant deficiencies in the firm’s compliance with the Risk Assessment Standards, and if so, what actions has the firm taken to address these?
• Which audit areas have been identified by the auditor as having significant risks of material misstatement and, at a high level, how does the audit plan address those risks?
• In the auditor’s view, how have the areas of significant risk of material misstatement changed since the prior year and why? What new risks has the auditor identified?
October 16, 2015, 10.50Pby