The Securities and Exchange Commission’s (SEC) top accountant Paul Munter is urging external auditors of public companies to do a better job of scrutinizing their financial statements as PCAOB inspections continue to find “a troubling increase” in audit deficiency rates.
The Public Company Accounting Oversight Board (PCAOB) found that insufficient audit evidence was obtained to support the auditor’s opinion in 40% of inspected audits in 2022. During the 2021 inspection cycle, the deficiency rate was 34%, up from 29% in its 2020 inspections.
SEC Chief Accountant Munter thus reminded auditors of their responsibility to protect investors in a February 5, 2024, statement.
“This, in turn, calls for the auditor to exercise objective, impartial judgment and rigorous professional skepticism in gathering and evaluating evidence throughout the audit to support the audit opinions provided,” Munter added. “Furthermore, auditors should conduct engagements with a mindset that the investors, rather than management, are the audit client.”
He said shifting external conditions affect companies’ operations and their financial conditions, which make it more difficult to prepare financial reports and audit them. Changing risks might require companies to change their accounting policies, processes, and internal control over financial reporting (ICFR).
During the past three PCAOB inspection cycles, Munter said the highest deficient area—in terms of auditor attestation of management’s ICFR required by Section 404(b) of the Sarbanes-Oxley Act of 2002—is auditor testing of management review controls. The second highest deficiency rate was in the auditor’s identification and selection of controls to test. And the third highest was the selection of controls over the completeness and accuracy of information used in the operation of the control.
Therefore, Munter reminded auditors to exercise professional skepticism when they are evaluating evidence, including related internal controls and approaching management’s judgments especially as it is under pressure to produce good financial results.
Munter also said that the PCAOB also frequently identifies areas of concern and deficiencies in audit evidence obtained in important financial statement areas, including revenue, accounting estimates, business combinations, inventory, and long-lived assets.
While fraud is always a risk, he said auditors must be especially mindful when companies face challenges because that presents a higher risk of fraud. For example, he said management might be under pressure to meet earnings expectations amidst declining revenue or increased costs.
“In the face of heightened fraud risk, auditors must consider whether a proper exercise of professional skepticism requires more persuasive evidence to corroborate management’s assertions,” Munter said.
Role of Audit Committees
Munter then suggests good practices that auditors should follow. One is frequent and proactive discussions with the audit committee, including any red flags. And he dedicates an entire section in his statement to the importance of the audit committee in promoting high quality audit.
“To ensure quality, the audit committee should frequently evaluate its process for assessing the auditor’s performance, including relevant firm or engagement-level metrics,” he said, adding a list of things that the audit committee should consider, including results of the PCAOB’s inspections and auditor’s industry expertise. The audit board recently issued a report that some auditors of broker-dealers did not understand the brokerage industry, which resulted in deficient audits.
Tighten Definition of Audit Committee Financial Expert
Former FASB chairman Dennis Beresford, who served as chair of large public companies’ audit committee, said that one thing that Munter could do to reinforce his message about the importance of audit committees “is to revisit and improve” the SEC’s definition of Audit Committee Financial Expert (ACFE).
“It presently includes former executives, such as CEOs, who have ‘supervised’ the financial reporting function via having the CFO report to them. Thus, a large number of so-called ACFEs don’t really have an in-depth knowledge of financial reporting, auditing, or internal controls,” Beresford said.
Other experts in the past have also pushed the SEC to tighten the definition of ACFE.
For example, several comment letters submitted to the SEC in 2016 said the definition is too broad and allows people who do not fully grasp the significance of some important financial reporting issues to sit on audit committees. The rule was mandated by Section 407 of Sarbanes-Oxley and says public company boards must have at least one person who meets the description of financial expert.
When the SEC adopted the definition, the commission said the guidance outlined in Sarbanes-Oxley about the qualifications for an audit committee’s financial expert proved to be controversial. The agency at first proposed that a “financial expert” would mean a person who has, through education and experience, an understanding of US GAAP, financial statements, financial reporting controls, and an audit committee’s role in financial reporting and governance.
But most comment letters at the time said the definition was too restrictive, and the SEC responded with wording that would allow directors with less well-defined roles in financial reporting to qualify as financial experts.
In the 14 years since Sarbanes-Oxley was enacted, some financial reporting professionals, like Beresford, criticized the broad definition.
In 2016, he questioned how many audit committee members really understand complex accounting and auditing matters and wondered how many are prepared to monitor their companies’ implementation of major US GAAP standards, like the FASB’s standard for revenue recognition, or grasp the significance of the SEC’s focus on the widespread use of non-GAAP measures.
“Investors may well be receiving a false sense of security in many cases through belief that all identified [audit committee financial expert] are true accounting and auditing experts,” wrote Beresford at the time.
Investor groups as well as accounting firms also asked for a revised definition.
“I’ve felt this is something the SEC should for some time,” Beresford said today. “So if Paul really means what he says in the latest statement, improving the ACFE definition follows very logically.”
Other Good Practices for Auditors to Follow
In the meantime, the second good practice area that Munter highlighted is effective engagement with specialists who help to audit complex financial reporting areas.
Third, he said the auditor should make sure that engagement teams are well trained on biases that could blur their judgment and decision-making. And the lead partner should make sure that the audit staff are empowered to exercise due care and challenge management’s judgment.
He said that these behaviors/mindsets can come at a cost: budget overruns, conflicts with management, or pressure from within audit firm to maintain clients.
“But the audit engagement is not a standard business relationship between service provider and client, with profit as the primary goal and indicator of success,” Munter explained. “Instead, as the Supreme Court recognized, the auditor’s ultimate responsibility is to the investing public. This responsibility both transcends the relationship with management of the audit client and elevates the importance of its proper functioning to produce the high-quality audits focused on the auditor’s responsibilities to investors that are a critical piece of a fair, orderly, and efficient capital markets system.”
This article originally appeared in the February 7, 2024, edition of Accounting & Compliance Alert, available on Checkpoint.
Get all the latest tax, accounting, audit, and corporate finance news with Checkpoint Edge. Sign up for a free 7-day trial today.