Thomson Reuters Tax & Accounting News

Featuring content from Checkpoint

Back to Thomson Reuters Tax & Accounting News

Subscribe below to the Checkpoint Daily Newsstand Email Newsletter

Auditors Continued to Mishandle Internal Control Reviews in 2014

Helen Munter, the director of the PCAOB’s Division of Registration and Inspections, said audit firms are still having problems when they review clients’ financial reporting controls.Some firms have addressed the issue, and audit regulators have noted some improvement.But the firms still have more work to do to fully address the problems.

The PCAOB’s 2014 inspections found persistent problems at some accounting firms despite “some promising improvements” at others, the regulatory board’s inspections chief recently said.

The more intractable problems had to do with the trouble several firms had assessing clients’ internal controls over financial reporting, which accounted for the highest number of audit problems in the 2014 cycle.The problems occurred at several firms, including the Big Four.

“This audit area continues to challenge auditors and represents the area with the highest number of audit deficiencies,” said Helen Munter, the chief of the audit regulator’s Division of Registration and Inspections, during the AICPA Conference on Current SEC and PCAOB Developments in Washington on December 10, 2014. “Inspections staff have seen some improvement as firms have taken active steps to improve and clarify the methodology, guidance and tools they provide to their engagement teams, but more needs to be done.”

In December 2012, the PCAOB released a report that found lapses in 15 percent of the more than 300 audits of internal controls reviewed during its 2010 inspections.Since then, inspectors have continued to find problems with auditors’ reviews of financial reporting controls.

Inspectors found that the eight biggest accounting firms surveyed annually by the PCAOB didn’t do enough work to support their opinions in 22 percent of the audits of internal controls, the report said.The analysis also found that more than 80 percent of the 2010 and 2011 internal control audits that failed to gather enough evidence also failed to sufficiently support the auditor’s assertions for the financial statements.

In the latest inspection cycle, the staff found that auditors often didn’t obtain an understanding of a company’s flow of transactions to select the appropriate controls to test.

“While many engagement teams have improved aspects of their audit work in this area — for example, some engagement teams improved their evaluation of the criteria used by management to identify items for investigation — in too many instances they did not evaluate whether the management review of controls operated at the necessary level of precision that would address the assessed risk of material misstatement,” Munter said.

Earlier this year, there was a small but discernible change in how the PCAOB characterizes some of the problems it identified with an audit firm’s reviews of a client’s internal controls.During a panel discussion at a May conference in Washington, PCAOB member Jay Hanson said audit firms are improving their techniques in identifying internal control problems, but the board wants to know whether the controls are effective at stopping misstatements.

Auditing firms can expect increased usage of certain descriptions in the inspection report on how well they’re complying with Auditing Standard (AS 5) No. 5,An Audit of Internal Control Over Financial Reporting That Is Integrated with An Audit of Financial Statements,which was issued in 2007.A few years ago, PCAOB inspection reports included short references to internal control audits that said a firm didn’t identify the proper controls. Now, increasingly, the wording has changed to whether the firm assessed the control at a “level of precision” that would detect material misstatements.”(See Inspectors Set to Increase Pressure on Internal Controls in the May 22, 2014, edition ofAccounting & Compliance Alert.)

Internal controls are generally understood to be the business practices and policies companies implement to prevent executives from entering fraudulent financial reporting information.The controls are instituted to prevent what are called management overrides of a company’s financial reporting system, which is generally considered a red flag for accounting fraud.The average person calls such actions “cooking the books.”

After the accounting frauds at Enron, WorldCom, and other companies were unmasked in 2001-2002, Congress passed the Sarbanes-Oxley Act of 2002 with a requirement in Section 404 that companies and auditors vouch for the financial control systems meant to deter fraud.

The focus on financial reporting controls predates Sarbanes-Oxley by several years.In 1992, the Committee of Sponsoring Organizations of the Treadway Commission’s (COSO) issued the first version of itsInternal Control—Integrated Framework,to prevent a repeat of the types of accounting frauds that occurred during the 1980s.

Munter in her speech to the AICPA didn’t address why audit firms — after the repeated reminders from COSO, Sarbanes-Oxley, and the PCAOB inspection reports — still have so much trouble reviewing clients’ internal controls.In October 2013, the audit regulator published Audit Practice Alert (APA) No. 11,Considerations for Audits of Internal Control over Financial Reporting,to review the requirements of AS 5 and other guidance that addresses internal control audits.

The 2014 inspection cycle also found problems with how firms assess the risk of fraud and respond to it and auditors’ reviews of a clients’ accounting estimates, including fair value measurements, Munter said.

Because PCAOB inspectors over the years have found recurring problems in auditing complex estimates, SEC commissioners, including Chair Mary Jo White, said the relevant standards should be updated so that auditors can do a better job.

In August 2014, the PCAOB publishedStaff Consultation Paper: Auditing Accounting Estimates and Fair Value Measurements,to cite some potential changes, including establishing a single standard regarding the handling of accounting estimates and fair value accounting and aligning it with the PCAOB’s risk assessment standards.

The staff is currently studying comments the paper generated and the discussion of a special October meeting of the Standing Advisory Group.

Tagged with →