PCAOB: Auditor Judgment Under Scrutiny

Responding to corporate complaints, the PCAOB says inspections of audit firms this year will examine whether audits were cost-effective and properly focused on controls that posed the greatest risks.

Did audit firms use more judgment and fewer checklists when auditing internal controls last year? And were audits cheaper as a result? The Public Company Accounting Oversight Board announced Monday that inspections of public accounting firms, which begin in May, will focus on whether firms paid attention to earlier PCAOB warnings and guidance about overboard audits.

Those warnings were issued a year ago, after a roundtable on Section 404 of the Sarbanes-Oxley Act, sponsored by the Securities and Exchange Commission, in which public company executives complained vigorously about rigid and overreaching audits. The PCAOB’s announcement about the latest round of inspections comes just nine days before the PCAOB and the SEC host a second roundtable. That roundtable will cover a number of issues related to 404, including the question of whether internal control audits have become more judicious than they were in the first year of 404 implementation.

“A key emphasis of the 2006 inspections will be the efficiency of the firms’ performance of audits of internal control over financial reporting,” said PCAOB Acting Chairman Bill Gradison in a statement. “Our inspectors, as they go into the field, will be making a focused effort to ascertain that auditors have achieved the objectives described in the Board’s internal control auditing standard with the least expenditure of effort and resources.”

The PCAOB said its inspectors will be checking the degree to which audit firms have integrated the financial statement and internal control audits — events that for the most part were performed separately during the first year of 404.

Likewise, inspectors will look to see whether auditors used a “top-down” approach — that is, starting their audit by focusing on company-level controls. One of the complaints voiced at last year’s roundtable was that auditors arrived with checklists of controls, and did not focus on those that were most relevant to the client’s own finances.

In a similar vein, PCAOB inspectors will also look to see whether auditors “properly assessed risk and used a risk-based approach to determine the nature, timing, and extent of internal control testing.” Another complaint voiced by public companies last year was that auditors accorded equal weight to all controls, rather than looking at those most likely to cause errors or misstatements in a company’s financial reports.

Finally, the PCAOB’s announcement Monday said inspectors will check to see “whether auditors took full advantage of the opportunities available to use the work of others, such as the company’s internal audit staff.” A major source of frustration in 2004 for both companies and their auditors was uncertainty about whether and to what degree audits could rely on the work of others — a point the PCAOB subsequently tried to clarify.

The announcement that inspections will focus on these particular issues accords more weight to pronouncements the PCAOB made last year clarifying the application of Auditing Standard No. 2. That standard, issued to guide accounting firms in their assessment of a company’s internal controls, received much of the blame during the first roundtable. Many companies used the standard as a default framework for their own internal controls testing. At the same time, audit firms were roundly criticized for interpreting AS No. 2 too conservatively.

During the 2005 roundtable, then-PCAOB chairman William McDonough warned that the board’s inspection process would take aim at excessive audits, noting that those were “at least as likely” to be uncovered by PCAOB inspections as inadequate ones. “Now, will we throw someone in jail for excessive audit?” he asked. “Not likely. However, will we have a very severe conversation with the management of that audit firm? You bet.”

Yet McDonough’s hyperbole (the PCAOB does not have authority to send anyone to jail), coupled with the mild threat of a “severe conversation” actually served to reinforce the widespread impression that the fledgling regulator had run into an enforcement dilemma. Since audit firms responded to the PCAOB’s creation by adopting an excessively cautious “check-all-the-boxes” approach, how could the regulator force them to be more judicious?

Monday’s announcement appears to be an effort to answer that question.

Discuss

Your email address will not be published. Required fields are marked *