In support of its commitment to increased transparency, the Public Company Accounting Oversight Board recently released Conversations with Audit Committee Chairs: What We Heard & FAQs (the “Summary”), a summary of conversations that the PCAOB had during 2019 with audit committee chairs of issuers whose audits were inspected during the year. In a shift from prior years, the PCAOB will have spoken to nearly 400 audit committee chairs during 2019, a more than four-fold increase from 2018. The PCAOB’s conversations with audit committee chairs, which focused on audit quality, the audit committee’s relationship with the auditor, new auditing and accounting standards, and technology-driven changes, are described in the Summary. In addition, the Summary provides basic overview information regarding the 2019 inspections process and responses to frequently asked audit committee questions, including questions about PCAOB resources for audit committee, cost-benefit analyses of standards, and audit quality indicators.
Overview of Inspections Process
For perspective, the PCAOB will review 241 audit firms during 2019, including audit firms outside of the United States. Issuer audits conducted by these firms are selected for review using both risk-based and random selection methods. Risk-based selection involves an evaluation of audits the PCAOB believes “present a heightened risk of material misstatement,” such as “economic trends, company or industry developments, issuer market capitalization size and/or changes, audit firm and partner, and inspection history.”
The inspections process is designed to “assess compliance with the Sarbanes-Oxley Act, the rules of the [PCAOB], the rules of the Securities and Exchange Commission, and professional standards, in connection with the firm’s performance of audits, issuance of audit reports, and related matters . . . .” Inspection results are included in a report issued with respect to each inspected audit firm, which report “is not intended to serve as a balanced report card or overall rating tool, and an inspection report should not be interpreted to imply the [PCAOB] has reached a conclusion about a firm’s quality control policies, procedures, or practices.” Among other observations, the PCAOB may highlight two types of deficiencies in its inspection reports: (a) deficiencies of such significance that the PCAOB believes the audit firm, at the time its audit report was issued, did not have sufficient appropriate audit evidence to support its opinion and (b) criticisms or potential defects in the firm’s system of quality control. The latter type of deficiency only gets reported if such defects are not addressed to the PCAOB’s satisfaction within 12 months of the issuance of the inspection report; though, audit firms are not prevented from describing such defects to audit committees. In 2020, the PCAOB will share additional details regarding planned changes to its inspection reports.
Highlights from Audit Committee Chairs
The Summary goes into some detail about the PCAOB’s discussions with audit committee chairs, though the PCAOB made clear that it “does not require or necessarily endorse what [it] heard from audit committee chairs . . . .”
Focusing on the theme of audit quality, the Summary noted that audit committee chairs tended to evaluate audit quality with regards to their specific audit engagement team with less focus on the audit firm overall. In this regard, audit committee chairs demonstrated varying levels of familiarity with “audit quality indicators” (AQIs), with a majority of audit committee chairs having little to no familiarity. That said, many expressed familiarity with metrics commonly associated with AQIs, such as the engagement team’s communication, diversity and experience, among several others. Audit committee members also shared a number of areas that are working well to support audit quality:
- Asking the auditor whether the audit firm maintains an annual audit quality or transparency report;
- Understanding and discussing processes that the auditor has in place to address the previous year’s PCAOB inspections report;
- Reviewing the PCAOB inspections reports of other audit firms to identify lessons learned or questions about potentially similar issues to discuss with the auditor;
- Selecting relevant AQIs to discuss with the engagement team and use as part of an annual evaluation; and
- Discussing, on at least an annual basis, the audit procedures performed at any shared service centers, the impact on the quality of the work product and whether the audit firm is considering additional shared service centers.
The Summary also noted that most audit committee chairs expressed satisfaction with their auditor relationships, including the “service from the audit firm and engagement teams, and the team’s skepticism and judgment.” Some areas that audit committee chairs indicated were working well in this regard include:
- Reviewing and refining the audit committee meeting agenda and materials during a pre-meeting discussion between the audit committee chair and lead engagement partner;
- Assessing, at least annually, the engagement team and audit, with discussions around what went well and what could be improved;
- Asking the audit firm to discuss any matters that arose during the PCAOB’s inspection of an issuer’s audit, if selected for review;
- Having the audit committee chair visit component location(s) for multi-location audits; and
- Dedicating some audit committee meetings to deep dives on specific topics (e.g., governance processes, cybersecurity, etc.) and asking the auditor to provide feedback on best practices or other trends they see in such areas.
Unsurprisingly, audit committee chairs spent a significant amount of time discussing new accounting and auditing standards, and most audit committee chairs felt that their auditors were proactive and timely in addressing the new requirements. Similarly, most audit committee chairs noted that though their audits were not yet required to include CAMs disclosure, implementation preparations were smoothly underway and no significant changes in their auditor communications were expected. Some noted that while initial discussions around CAMs centered around the language that the auditor would use to describe the CAM, they hope that the conversations going forward will focus on what CAMs mean and how they impact the audit process. Some areas that audit committee chairs indicated were working well with respect to new standards include:
- Discussing new accounting and auditing standards with the auditor as soon as possible, at least a year in advance of the applicable implementation deadline;
- Creating a timeline for implementing new standards; and
- Using outside consultants or experts to educate the audit committee on new or complex accounting standards.
Touching on changes driven by technology, audit committee chairs generally supported automating pieces of the audit where appropriate but cautioned that investments in such technologies should be closely monitored, with some noting that “it remained to be seen, in their opinions, whether technology will improve or detract from audit quality.” Also with regards to technology, audit committee chairs talked about responsibility for cybersecurity oversight, with a majority noting that the audit committee is primarily responsible for such oversight. Some technology areas that audit committees noted were working well include:
- Enabling the audit committee, auditor and management to track the audit plan via project management software;
- Discussing the technology and software tools being used by the audit firm, including how such tools are being used; and
- Having the audit committee learn more about technology and reserving time on the audit committee’s agenda to conduct deep dives on new and emerging technologies.