PCAOB Issues Alert No. 11 on Internal Control Audit Deficiencies
by Terri Eyden on
By Jason Bramwell
A staff audit practice alert issued by the Public Company Accounting Oversight Board (PCAOB) on October 24 let auditors know about a large number of audit deficiencies the PCAOB has seen in the last three years related to audits of internal control over financial reporting.
The PCAOB said it publishes staff audit practice alerts to highlight new, emerging, or otherwise noteworthy circumstances that may affect how auditors conduct audits under the existing requirements of board standards and relevant laws.
"Auditors should take note of the matters discussed in this alert in planning and performing their audits, given the importance of the controls companies use to produce their financial statements," PCAOB Chairman James Doty said in a written statement.
Effective internal control over financial reporting helps assure that companies produce reliable published financial statements that investors can use in making investment decisions, according to the PCAOB.
The alert, Staff Audit Practice Alert No. 11: Considerations for Audits of Internal Control Over Financial Reporting, discusses the application of certain requirements of Auditing Standard No. 5, An Audit of Internal Control Over Financial Reporting That Is Integrated with an Audit of Financial Statements, and other PCAOB standards to specific aspects of audits of internal control.
The alert specifically discusses the following topics:
- Auditors' risk assessment and the audit of internal control.
- Selecting controls to test.
- Testing management review controls.
- IT considerations, including system-generated data and reports.
- Roll forward of control testing performed at an interim date.
- Using the work of others.
- Evaluating identified control deficiencies.
Auditing Standard No. 5 establishes requirements for performing and reporting on audits of internal control. The standard is designed to focus auditors on the most important matters in the audit of internal control and avoid procedures that are unnecessary to an effective audit.
The PCAOB issued a report in December 2012 on observations from 2010 inspections of audits of internal control over financial reporting performed by domestic annually inspected firms. The report found that in 15 percent of the 309 integrated audit engagements inspected, firms failed to obtain sufficient audit evidence to support their opinions on the effectiveness of internal control due to one or more deficiencies.
Inspections in subsequent years have identified similarly high levels of deficiencies in audits of internal control at other registered firms, according to the PCAOB.
"It is particularly important for the engagement partner and senior engagement team members to focus on these areas and for engagement quality reviewers to keep these matters in mind when performing their engagement quality reviews," Martin Baumann, PCAOB chief auditor and director of professional standards, said in a written statement. "Auditing firms also should consider whether additional training of their auditing personnel is needed. Appropriate application of the top-down, risk-based approach pursuant to PCAOB standards can result in an effective audit of internal control while avoiding unnecessary work."
The PCAOB noted that audit committees of public companies for which audits of internal control are conducted may want to take note of the alert the board issued on October 24. The PCAOB recommended that audit committees and auditors discuss the level of auditing deficiencies in this area identified in their auditor's internal inspections and PCAOB inspections, request information from their auditor about potential root causes, and inquire how their auditor is responding to these matters.
The PCAOB also emphasized that auditors should determine whether and how to respond to these circumstances based on the specific facts presented. The statements contained in the practice alerts do not establish rules of the PCAOB and do not reflect any board determination or judgment about the conduct of any particular firm, auditor, or any other person.
You may like these other stories...
Treasury prepares options to address tax inversionsDamian Paletta of the Wall Street Journal reported on Monday that US Treasury Department officials are assembling a list of administrative options for Treasury Secretary...
Read more from Larry Perry here and in the Today's World of Audits archive.In my previous article, I discussed auditing standards and the impact of the assessed level of risk of material misstatement (RMM) on the design...
While audits of broker-dealers showed some improvement last year compared to previous years, 71 of 90 broker-dealer audits inspected by the Public Company Accounting Oversight Board (PCAOB) in 2013 were still found to have...
Upcoming CPE Webinars
Meet budgets and client expectations using project management skills geared toward the unique challenges faced by CPAs. Kristen Rampe will share how knowing the keys to structuring and executing a successful project can make the difference between success and repeated failures.
This webcast will include discussions of recently issued, commonly-applicable Accounting Standards Updates for non-public, non-governmental entities.
Excel spreadsheets are often akin to the American Wild West, where users can input anything they want into any worksheet cell. Excel's Data Validation feature allows you to restrict user inputs to selected choices, but there are many nuances to the feature that often trip users up.
In this session we'll discuss the types of technologies and their uses in a small accounting firm office.