Auditing Estimates: An Update for Unprecedented Times

Farkhod Ikramov • Aug 11, 2022

For anyone reading the headlines, it sometimes feels as if we are living in unprecedented times, but the reality is, Shakespeare was right: “the past is prologue.” We’ve been through wars before. We’ve experienced inflation. We’ve survived recessions. What’s perhaps unique however, is the confluence of so many uncertainties which feels like uncharted territory for many of the younger generations. 


For instance, in March 2020, while typically a lagging indicator of economic health, we saw unemployment uncharacteristically lead the way for economic deterioration with the onset of the pandemic. While the markets tanked in the short term, by Q3 2020, the stock market had fully recovered and then went on to rally through Q4 2021. Though market performance does not equate to economic strength, certainly the pandemic seemed to de-correlate the two metrics. Fast forward to Q3 2022 and headlines are struggling to know what to call the current economic situation. Is it a recession or just a correction? Despite two quarters of negative economic growth, companies across many industries are still posting profits (albeit perhaps less than anticipated) and almost every company is struggling to hire sufficient resources. Supply chains are still disrupted, given the war in Ukraine and the reverse impact of sanctions, as well as the ongoing nature of the pandemic. And finally, we’re all aware of the red-hot inflation trend, leading the Fed to post several interest rate hikes in a very short time. 


While we can all acknowledge the economic uncertainties, how do we incorporate these new realities into our audits? Specifically, how does management compensate for these uncertainties in its estimates and how do auditors test these assumptions given how new or different they are from the past economic cycles? 


In our first article on Auditing Estimates, we provided various audit considerations for teams when evaluating subjective management assumptions. We stated (and many of our readers echoed their frustrations) that “auditing a management estimate can feel like trying to make concrete out of Jell-O.” Several years later, in its most recent inspection observations, the PCAOB still finds issues with estimates, stating: 


“While we have observed improvements in auditing accounting estimates, deficiencies continue to occur, particularly in auditing the allowance for loan losses (ALL), estimates related to accounting for business combinations, investment securities, and long-lived assets.” 


The most common deficiencies stemmed from audits where engagement teams:

 

  • Did not sufficiently evaluate the appropriateness of models used in valuations; 
  • Did not sufficiently obtain audit evidence for assumptions used in valuations; 
  • Did not sufficiently evaluate changes, or lack of changes, in recurring assumptions used in valuations (specifically for ALL); and 
  • Did not sufficiently evaluate contradictory evidence when concluding on the reasonableness of assumptions. 


Building on our previous article, below we expand on the common deficiencies and additional considerations to incorporate into audits of estimates, especially given current economic conditions. 


Auditing Estimates Considerations 


Valuation Models 


While I have rarely seen inappropriate models used in valuations, I have often seen teams fail to sufficiently document its evaluation of the valuation models used in estimates. AS 2501.10 and 11 explicitly require the auditor to evaluate whether the method used by management is in accordance with the financial reporting framework and is appropriate for the specific account. In addition, all changes to models need to be considered. Regardless of the type of model used/applied, it must be evaluated. The more complex the model, the more there is a need for a qualified valuation specialist that can specifically evaluate the appropriateness of the model itself, whether at the macro level (i.e. use of an income approach) or at the micro level (i.e. the appropriate factors to incorporate in building a discount rate). 


Support for Assumptions 


This finding is arguably the most difficult for auditors to fulfil given the judgment involved in what defines “sufficiency” or “reasonableness.” While we can debate the definitions, the reality is that many teams are still failing to obtain solid evidence and support for assumptions embedded into valuations. I often see teams inquire with management to understand how management derived its assumptions while failing to perform further procedures to obtain actual support for the inputs. Below are some considerations for teams to incorporate into their evaluation of assumptions: 


  • Availability of data / information: In the current economic environment, is there relevant historical or industry data that can support specific assumptions? 


  • For instance, given supply chain disruptions, do the past two or three years of historical internal data support future projections? How long will supply chain disruptions last? What will be the impact on production and sales? What will be the impact on costs and margins? 


  • For start-ups with less operating history or smaller companies with less internal information tracking/monitoring, or less controls around internally derived information, management and auditors may be forced to look to external sources of information to support specific assumptions. 


  • Accuracy and completeness as well as relevance and reliability of information: Engagement teams need to evaluate the accuracy and completeness of any data used by management that is internally derived (i.e. company specific data). In addition, for all externally derived information, auditors need to evaluate the relevance and reliability of that information. Regardless the source of the data, AS 2501.14 specifically requires auditors to evaluate whether “the data is relevant to the measurement objective for the accounting estimate.” The current economic uncertainties will challenge the relevance of information given some of the current conditions have not been seen in 30 or 40 years (i.e. inflation). 


  • Qualitative inputs: Management often discusses qualitative factors that impact the valuations. Somehow, these qualitative inputs need to translate into quantitative figures used in the valuation model. Management is responsible for creating and supporting the quantitative assumptions, so auditors should not hesitate to challenge management on how it derived a specific assumption. I encourage teams to keep asking: “How? Why? Tell me more.” Be curious. 


Changes in Recurring Assumptions 


Given the changes in economic conditions, management and auditors need to consider changes (or the lack thereof) in recurring assumptions. Part of this evaluation should be built into retrospective reviews over management estimates (as required under AS 2401.63-65). Retrospective reviews will help audit teams evaluate how accurate previous management estimates were. To the extent management missed the mark in prior years, I would expect that current year assumptions would change to more accurately reflect the most recent information. In addition, to the extent economic conditions change, again, assumptions should also adjust year over year. For instance, although historical inflation assumptions typically ranged from 2-3%, I would expect current year inflation assumptions to reflect the higher trends being reported in the news. 


Too often, auditors simply apply a “status quo” blanket expectation for all assumptions, but the challenge will always be: 


  • If assumptions changed year over year, what supports the change in assumptions? 
  • If assumptions remained static, should they have remained constant? Or should they have changed to reflect evolving macro-economic or company-specific factors? 


These same concepts apply for analytics and fluctuation analyses where teams often just use a blanket “status-quo” expectation and investigate any changes greater than $X and/or X%. Well, why is the status quo the appropriate expectation to start? These are the auditor judgments that need to be documented to evidence the team’s considerations. 


Contradictory Evidence 


Auditors often review large sums of information. Invariably, there will be data that appears contradictory to management’s assumptions/assertions. It is critical for auditors to challenge this information and resolve any discrepancies that arise from contradictory evidence. Auditors should consider the following: 

  • Obtain support from management to validate its assumption and ask management to speak to why the contradictory evidence is irrelevant or unreliable and should not be factored or weighted in the valuation. 
  • Perform a sensitivity analysis to demonstrate how the contradictory evidence does not materially impact the valuation. 
  • If contradictory evidence could materially impact the valuation, consider different scenarios and obtain additional support that further validates management’s assumption and/or invalidates the contradictory evidence. For instance, look at historical performance with the presence of the same contradictory evidence but that would still support management’s assumption. 


The extent of additional procedures needed to resolve the contradictory evidence will depend on various factors, such as the risk assessment linked to the estimate, including the fraud risk assessment, the overall evaluation of management bias, the materiality of the valuation and the correlated contradictory evidence, etc. The key here is that auditors cannot simply ignore contradictory evidence. Teams need to document the evaluation. 


Bank-Specific Considerations 


While estimates for all companies are difficult to audit, it is perhaps even more complex for banks given the allowance for loan losses (or now the allowance for credit losses) has so much tied to economic conditions. How are banks incorporating new realities such as the interest rate volatility? Or supply chain disruptions that may impact borrowers’ abilities to service loans? What about conflicting economic conditions such as declining unemployment figures coupled with two quarters of negative economic growth? Do banks have sufficient historical data from previous time periods that mimicked the current economic conditions? Depending on the source of that information, is that information accurate and complete or relevant and reliable? 


For banks, engagement teams should specifically consider the following: 


  • Since the allowance is often predicated on historic loss data, how has the engagement team evaluated the accuracy and completeness of that information? Recurring audits will often use recent historical loss data pulling from systems and reports that have been tested in previous audits. However, what if the engagement team decides to look at information from the 2008 recession or from the inflationary decades such as the 1970s and 1980s? What procedures has management and/or the engagement team performed to validate the accuracy and completeness of that information? 


  • How has the engagement team evaluated the relevance of information? For instance, a two or three-year historical loss lookback would not necessarily reflect the current economic conditions such as inflation, interest rates, unemployment rates, etc. Engagement teams should consider the relevant economic factors that are built into the allowance and evaluate how closely (or not) the historical loss data reflects the current economic conditions. To the extent the data is dissimilar, then management should be adjusting assumptions, such as qualitative factors (Q-factors), to incorporate these differences. 


  • For banks that may not have relevant historical loss data sets, management may be forced to look for external sources to support their assumptions (i.e. look for other banks and their loss ratios). Engagement teams need to consider the relevance and reliability of this information when evaluating the assumptions. For instance, where were the loss ratios obtained? Which industries/segments were included? How similar are the loan portfolios? 


  • Are inputs to qualitative factors auditable? What support is there for changes in qualitative factors? Do changes (or lack of changes) in qualitative factors correlate with macro-economic trends (i.e. did the bank adjust for unemployment and did that adjustment mirror current unemployment trends)? How did the bank determine the percentage change given the qualitative consideration? Often teams will need to look in aggregate at the impact of all changes to qualitative factors on the overall reserve. 


  • In testing controls, are engagement teams considering all relevant controls that might provide comfort over accuracy and completeness of information used to derive assumptions or data used in the valuation? How precise are management review controls around the valuation and how much comfort can engagement teams leverage from the testing of these management review controls? For example, would an entity level credit committee review be sufficiently precise to detect material misstatements in estimation and calculation of allowance, or should the auditors identify and test more precise process level controls? 


One tool we often recommend to our clients who perform bank audits is to perform an anchoring exercise, or a look-back analysis performed to locate historical periods with similar economic conditions/outlooks. This requires historical information about losses reported in a time period with similar risk characteristics (e.g. Y1 of recession). Then compare the loss reserves to actual charge-offs (of the loans existed at Y1 YE) that occurred in the periods subsequent to Y1. The difference would be a good indicator of how accurate the historical loss model was and what assumptions / inputs might need to be adjusted in estimation of relevant Q-factors to fully reserve for anticipated losses in the current year. 


Key Takeaways 


Auditing estimates is never easy. As with all things audit, the nature, timing, and extent of procedures are driven by the risk assessment. Given the confluence of numerous economic uncertainties, many of which are “new” compared to the last couple of decades, the risks surrounding subjective management judgments and assumptions used in valuations will increase the overall risk linked to an estimate, including the potential for fraud risk through management bias. As auditors plan and prepare for audits, consider the following:


  • Engagement teams must always evaluate the appropriateness of valuation models used in estimates. Some models may require a qualified valuation specialist to conclude. 


  • Auditors need to continue to expand on testing the reasonableness of assumptions by obtaining support from management that is complete and accurate and relevant, or from other external sources (such as industry data) that is relevant and reliable. Given so many changes to economic conditions, relevance will be an important consideration for teams to document. 


  • When the status quo is disrupted and the economy is in a period of significant uncertainty, auditors should consider all changes, or lack of changes, in assumptions and inputs. This is an important part of reviewing estimates for management bias from previous periods and for truly concluding on the reasonableness of current year estimates. 


  • Contradictory evidence must always be considered and sufficiently documented and resolved to conclude on the overall reasonableness of accounting estimates. 


  • Q-factors should be supported by reasonable estimates which are based on accurate, and relevant and reliable information, especially in times of significant uncertainties. 


While we’ll never make concrete out of Jell-O, no matter the economy, we must continue to perform robust audit procedures and build in additional considerations to account for the economic changes and uncertainty we’re experiencing today. The hope is not to make concrete, but merely a Jell-O that holds it shape (and jiggles) despite a dynamic, changing environment. 


Farkhod Ikramov, JGA Director, has over 25 years of public accounting and audit regulation experience. Most recently, Farkhod held a ten-year tenure as a PCAOB inspector. Throughout his experience there, he inspected a variety of industries, focusing the last four years on financial services, insurance and mining. His experience positions him as a passionate and practical advisor to public accounting firms, assisting leadership in the implementation of the right controls, policies and practices throughout the organization.

JGA Learning at Work Week

By Randall Thompson 10 May, 2024
Johnson Global Advisory (“JGA”) is proud to participate in the world-wide Learning at Work Week May 13th-19th. This annual event supports building learning cultures in workplaces. It aims to put a spotlight on the importance and benefits of continual learning and development. JGA actively supports “learning power” (the theme for this year Learning at Work Week) for our external clients and we’ve been working on some exciting opportunities to learn internally through growing, engaging and connecting opportunities as a team as well. Johnson Global is committed to amplifying quality in the profession. For more information about our training services click here.

Open Board Meeting: PCAOB to Consider Adopting New Standards on General Responsibilities of the Auditor in Conducting an Audit, Quality Control

By Andrea Reaves 10 May, 2024
Updated 5.13.2024 On May 13, 2024 the PCAOB held an Open Board Meeting - PCAOB to Consider Adopting New Standards on General Responsibilities of the Auditor in Conducting an Audit, Quality Control . The PCAOB considered adopting a new auditing standard – AS 1000, General Responsibilities of the Auditor in Conducting an Audit as well as QC 1000, A Firm’s System of Quality Control. JGA provided comments to the PCAOB on the proposed QC 1000 standard. To read our comments please click here . The PCAOB proposed standard QC 1000, A Firm’s System of Quality Control and Other Proposed Amendments to PCAOB Standards, Rules and Forms, is available here . The new standard is available for viewing here .  PCAOB Updates PCAOB Solidifies Foundation of Every Audit With Adoption of New Standard on General Responsibilities of the Auditor PCAOB Adopts New Quality Control Standard With a Risk-Based Approach Designed to Drive Continuous Improvement in Audit Quality

PCAOB Publishes Spotlight Related to Root Cause Analysis

By Geoffrey Dingle, Managing Director, Shareholder 02 May, 2024
PCAOB Publishes Spotlight Related to Root Cause Analysis In April 2024, the PCAOB released a Spotlight Root Cause Analysis – An Effective Practice to Drive Audit Quality which continues the Board’s goal of sharing its observations from its inspection and remediation activities, but this time related to Root Cause Analysis (RCA). RCA should not be a new concept to audit firms. In 2020, we published RCA: Seems like EVERYBODY is talking about Root Cause Analysis , where we shared the importance of performing an effective RCA to be able to understand what are the underlying causes of deficiencies which occur at your firm. We wanted to highlight a few important aspects coming through in this April 2024 Spotlight. The Spotlight rightly stated that RCA should be a multifaceted approach . There are a number of different tools, techniques, processes, and philosophies that firms can undertake to perform a RCA. In addition, there may not always only be one factor that is causing a deficiency – it could be a variety of factors such as lack of technical competence, failure of resource allocation at firm level, etc. The Spotlight also identified characteristics of a well-designed RCA process , which are important to highlight as follows: Have a dedicated team with RCA experience perform the RCA as they are more objective and have the requisite background. In helping our clients with RCA, we find by bringing in our objectivity, our PCAOB standards experience coupled with our RCA experience, engagement teams are more willing to be open and honest with their opinions of where they see potential root causes that resulted in deficiencies. Firms use a variety of methods and techniques to gather data which include review of workpapers, interviews with engagement teams immediately after the deficiencies are identified, and review of engagement metrics. All this information combined paints an informative picture of what caused the deficiencies. Firms should not only focus on looking at engagements that had negative quality outcomes, but also focus on looking at engagements which had positive outcomes arising from inspections or the firm’s internal monitoring. By identifying what worked well with some engagement teams, firms can then use that information to drive change with other engagement teams. Lastly, firms should be aware that the task of identifying root causes and implementing a new action to remediate this deficiency does not mean that the job is done. Firms should monitor these remedial actions to determine whether the actions that they undertook are in fact solving the problem. In conclusion, there is no time like the present to strengthen your RCA process . Remediating deficiencies (by providing training, developing new tools and templates, changing processes, etc.) is a time consuming and costly undertaking…you want to make sure that the action you are investing in, is actually going to remedy the problem. In addition, the PCAOB’s standard setting agenda includes a proposal for the new quality control standard that, if adopted, would require firms to perform RCA of its control deficiencies. Our recommendation is to start implementing your RCA process now so that you can refine and modify your RCA process.

JGA Sponsors MSP’s 45th Anniversary Event

By Randall Thompson 22 Apr, 2024
Johnson Global is proud to sponsor My Sister's Place (MSP) 45th Anniversary Celebration on May 15, 2024 in Washington, D.C. MSP has been providing services to the D . C . community to empower survivors of domestic violence and their children, while fostering leadership and education to build a supportive community. MSP's experienced team provides training, case consultation, and advocacy to engage communities to prevent violence and abuse. Click here for more details.

Allinial Global Executive Team Conference

By Randall Thompson 02 Apr, 2024
Johnson Global Advisory (“JGA”) is pleased to sponsor the Allinial Global Executive Team Conference 2024. This four-day event will be from May 19–22 at The Westin Kierland Resort & Spa in Scottsdale, AZ. This premier event for firm management, strategy and growth, and leadership, with a focus on Driving Success and Accelerating Possibilities through collaboration, knowledge sharing, and networking. PROGRAM HIGHLIGHTS A keynote session entitled The Time to Win - Grow Your Firm by Exceeding Clients’ Need for Speed by Hall of Fame speaker and New York Times best-selling author Jay Baer Inspiring sessions focused on how firms can evolve their internal operations and management to facilitate a seamless client experience through lean processes and innovative approaches to talent and technology Half-day virtual programs on Monday, May 20 and Tuesday, May 21 To learn more and register click here. About Johnson Global Johnson Global partners with leadership of public accounting firms, driving change to achieve the highest level of audit quality. Led by former PCAOB and SEC staff, JGA professionals are passionate and practical in their support to firms in their audit quality journey. We accelerate the opportunities to improve quality through policies, practices, and controls throughout the firm. This innovative approach harnesses technology to transform audit quality. Our team is designed to maintain a close pulse on regulatory environments around the world and incorporates solutions which navigates those standards. JGA is committed to helping the profession in amplifying quality worldwide.

JGA Team Perspectives: Navigating the PCAOB Inspection Process

By Geoffrey Dingle, Managing Director, Shareholder 27 Mar, 2024
Editor's note: This article is part of a series to highlight the unique experience that JGA professionals possess and deliver to our clients. As busy season winds down, it is an opportune time to reflect on challenges in ensuring audit quality and preparing for a successful outcome to the PCAOB inspections process. There are a myriad of obstacles to audit quality such as time constraints and the complexities of client engagements. Amidst these demands, audit quality remains the utmost priority. Geoff Dingle an author of JGA’s guide, Navigating PCAOB Inspections, Second Edition shares his insights on how firms can effectively prepare for the entire process. The Purpose Registered firms that issue at least one public company audit opinion are subject to inspection at least every three years. Every inspection is different based on the firm, its clients, and PCAOB priorities, but the overall process is the same. It is a long process that takes planning and coordination, and this guide addresses the main phases and pain points. “Through our work at JGA, supporting firms on PCAOB inspections, we are able to witness first-hand the struggles that some firms encounter as they work through the inspection process with the regulator. Although some of this information is available on the PCAOB’s website, we have been able to consolidate our own experiences having supported over 100 firms during their inspections. JGA has a team of alumni from the regulator that have led inspection teams and quality management initiatives, with over 139 years of combined experience at the PCAOB and SEC,” says Dingle. The Process The inspection process often takes more than two years (sometimes as long as four years) from initial notification of an inspection to the final remediation determination. It can take weeks to months to issue comment forms after the inspection week. Report finalization is getting faster but it can still take more than six months to issue an inspection report to a firm. If there are few issues, the PCAOB can respond quickly, but with multiple findings the process oftentimes takes longer. After report issuance Firms have 12 months to remediate Part II findings and provide these remedial plans to the PCAOB for evaluation. Pre-Inspection The PCAOB provides the dates for its intended inspection week. The notification letter includes the period being inspected, questions, and requested documentation about the firm and its clients. There are not many pain points at this stage, but there is typically a four-week deadline to respond. The PCAOB contacts the firm two to three weeks before the inspection starts with the names of the issuers selected for inspection and requests specific information and access to the workpapers for these audits. “We always recommend that firms hold internal meetings to assign responsibilities between the engagement teams and the national office and plan for the inspection. Prep week - the week before the inspection, can be stressful. We suggest that engagement teams go back through their audit files to re-familiarize themselves with the workings of the audit file,” Geoff continues . Key Points About The Process Before COVID, inspections were conducted in-person. Now the majority of the inspections are performed virtually. “With the engagement team and the inspection team not being in the same room, we have observed inefficiencies in getting matters resolved because of the need to coordinate firm personnel and inspection personnel, across various time zones, locations, and schedules,” he mentions. During the inspection week, the PCAOB provides detailed questions to the engagement team regarding the audit file. It’s a mix between written questions sent to the firm and asked questions during meetings. All questions are answered in subsequent meetings. With the remote process, meetings are scheduled to address and answer these questions. “Our own experience is that if a particular line of questions continued for the week (i.e. the engagement team’s response is not satisfying the inspector), then chances are there will probably be an issue that will result in a comment form,” Geoff adds. Be ready for multiple layers of questions on the same subject by providing details based in the working papers and show a deep understanding of the audit. Inspection issues are usually riskier areas involving judgements. Audit documentation should “tell the story” of how auditors came to their conclusions, not just what the conclusion was. Audit documentation should describe in detail what considerations were made by the engagement team in coming to their judgment (i.e. how any contradictory evidence was addressed; why the engagement team went with one model over another, etc.). If judgments are not well documented, the PCAOB has no alternative but to conclude that sufficient procedures were not performed. Comment Forms A few weeks after fieldwork is completed, the inspection team provides comment forms that include a summary of the deficiency and the facts related to the issue. Firms have 10 business days to respond. The Inspection Report Part I inspection findings are in the report’s public portion. Part I.A deficiencies indicate the firm had not supported its opinion on the financial statements, ICFR, or both. Part I.B findings are compliance issues which do not specifically compromise the audit opinion. Part II findings are related to the firm’s system of quality control and are in the report’s nonpublic section and these are not shared with the public. Firms have 12 months to remediate Part II findings before they can become public if the PCAOB concludes that the firm did not adequately remediate. Frequent Part I.A findings in an integrated audit relate to testing controls, testing estimates, and use of service auditor reports. Part I.B findings may result in enforcement cases and include incorrect opinion language, independence breaches, audit committee communication issues, and incomplete or late filing of Form AP. Responding to Findings in Part II of the Inspection Report Ultimately, the firm has 12 months to communicate to the PCAOB how it plans to remediate quality control findings. Geoff provides his insights on the importance of root cause analysis, “In our experience, firms do not do a great job of root cause analysis to identify the remedial action needed for deficiencies because they do not dig deep enough. We review comment forms and related workpapers to understand why the PCAOB issued the comment, and then we interview the engagement teams about root causes, to understand whether the issue was related to areas like staffing, partner workload, supervision and review, technical competence, audit methodology, or firm tools. In fact, firms will soon be compelled to do a rigorous root cause analysis as the proposed quality control standard (QC 1000) requires root cause analysis.” A proactive approach to remediation, specifically quality control findings allows for firms to make corrective actions based on their root cause evaluation and provide time to see the updates work their way through the firm’s audit cycle. Showing examples of the new process goes a long way. See our contribution to Journal Of Accountancy, Quality Management Standards: How to Perform a Root Cause Analysis . “We advise firms to address Part II remediation findings early. If they wait until they receive the report to start remediation, another inspection could start, and a repeat finding could result.” PCAOB guidance details five relevant criteria they use to conclude on the sufficiency of remedial actions. Every firm’s quality control processes are different, so we work with clients to apply the guidance to their own remedial actions and avoid repeat criticisms,” Geoff mentions. In conclusion, the PCAOB has made it clear both through its speeches and its enforcement actions that they will be tougher on enforcing regulation and audit quality. Firms need to plan in advance to make sure the inspection process is as issue-free as it can be. That starts with making sure audits are completed in accordance with the PCAOB auditing standards, not when you get notified of an inspection. Firms should enhance their practice monitoring by engaging firms like JGA to perform in-flight reviews while the audit is happening. In that way, quality is achieved prior to the signing of the audit opinion. Interested in learning more about the PCAOB inspections process and how to prepare? Navigating PCAOB Inspections, Second Edition is a roadmap for firm management and engagement teams through the entire PCAOB inspection and remediation process, to help prepare for inspections and implement continuous audit quality improvements. Geoff Dingle, JGA Managing Director, Shareholder With more than 20 years of experience in the accounting and auditing industry, Geoffrey Dingle works with public accounting firms to help them achieve the highest level of audit quality. Geoff brings a diverse set of experiences to JGA. As an Associate Director for almost 10 years, in the Division of Registrations and Inspections at the PCAOB, he conducted inspections of quality control and issuer audits. In addition, he played a senior role in planning, executing and reporting on the annual inspections of Global Network Firms, including, but not limited to, quality control procedures, review of comment forms, development of the inspection report criticisms and quality control themes, and evaluation and review of Firm root cause analysis and remedial actions. To learn more about Geoff and the JGA Team visit the Meet Our Team page.

JGA Team Perspectives: Navigating the PCAOB Enforcement Landscape

By Matthew Rogers, CFE, CFF, Managing Director 29 Feb, 2024
Editor's note: This article is the first in a series to highlight the unique experience that JGA professionals possess and deliver to our clients. What is top of mind for the Public Company Accounting Oversight Board (PCAOB)? The PCAOB has made it clear that it intends to carry out an aggressive inspection program to identify and correct the high rate of audit quality deficiencies it continues to find and refer matters to its Division of Enforcement and Investigations (“DEI”). “ As a consultant, I work with audit firms to establish or enhance their policies and procedures so they deliver audit services at the highest quality level and hopefully avoid regulatory scrutiny from the PCAOB and SEC .” When an auditor or firm has become subject to a PCAOB or SEC investigation, JGA can assist in a number of ways including in their responses to informal document requests, Accounting Board Demands, and subpoenas for workpapers, emails, and other documents. Our consultants also perform workpaper review, provide case assessments and strategy guidance, assist with witness preparation, and help in preparing white papers, Statements of Position, and Wells responses. We also serve as expert witnesses by providing expert reports and expert testimony. Johnson Global professionals consult firms on timely remedial and corrective actions and other activities to obtain PCAOB extraordinary cooperation credit to substantially reduce or eliminate monetary penalties and sanctions. Once there is a PCAOB enforcement inquiry, before a case is brought, we review audit workpapers and documents and evaluate the firm’s quality control system to identify the potential violations, assess the significance of the violations, provide a root cause analysis, and propose remedial solutions. Existing or new clients include individuals and firms who have received a letter from DEI or the SEC’s Enforcement Division announcing an informal inquiry, or that a formal order of investigation has been initiated. “Our vast network, includes attorneys that I know from doing forensic accounting for so many years.” As needed, we assist firms in obtaining counsel with experience working with the PCAOB and SEC, if they do not have one. We work with counsel closely in these matters for counsel to provide legal advice and correspond with the regulator directly on behalf of the firm. Recent Trends PCAOB Reporting - Form AP and Form 3 Compliance We have seen an increase in the number of PCAOB enforcement actions related to PCAOB Form AP (Auditor Reporting of Certain Audit Participants) and PCAOB Form 3 (Special Events). The general requirement for Form AP is to file it within 35 days from the date the firm’s audit report is first included in a Form 10-K or 20-F filed with the SEC. For Form 3, the form must be filed within 30 days after the event. Firms are not filing these on time, commonly because they are not aware of the requirements or forget to file. Once the audit is over, attention can get diverted from Form AP. Form 3 is particularly burdensome because there are 18 specified events to report and monitoring these can be a challenge. Also, these forms may not be filled out correctly. For Form AP, it is easy for the PCAOB to determine whether a firm has timely filed it by comparing SEC filings to the Form AP filing, and the inspections group will routinely do that. It is harder for the Board to identify Form 3 compliance issues because their special events are unique to each firm, but we see instances of that occurring and enforcement matters as a result. When compliance failures occur, we have observed that the DEI will send a letter to the firm with a draft order that will propose a settlement, without even discussing the matter with the firm. We discuss the options with the client and client’s counsel, including the costs associated with litigation, so they can decide. Most clients do not challenge the Board and agree to the censure and fine, which can be $5,000 or more per violation, along with the requirement for a self-review and self-certification of the firm’s quality control policies and procedures relating to PCAOB reporting. The consequences of any compliance failure on these forms can be harsh, even though it was just a mistake. Form compliance is an area where we can help firms to make process changes and put policies and procedures in place to timely file and avoid a repeat failure. We recommend annual training on PCAOB reporting and the implementation of an annual certification process for Form 3 events. For Form AP, we help firms institute tracking and monitoring controls by the designated head of quality. For example, we designed a Form AP tracker that includes the relevant required information for all the firm’s PCAOB clients, along with the estimated filing dates and calendar reminders so there is a process to monitor engagement teams to proactively follow up. We also developed a Form 3 checklist that includes the trigger events and can be used at monthly meetings or by email requiring affirmative responses, so firms are able to proactively identify the events that require a filing. Communications with Audit Committees This is an area where the PCAOB is using sweeps, presumably from information gathered at the audit inspection level. Participation of other auditors in the audit must be communicated to the audit committee, but the PCAOB has noted failures to communicate which firms and individuals were involved and what they did. Another common problem area in audit committee communications is the lack of required preapproval of non-audit and audit related services. Firms may need training to understand the requirements, along with additional quality control policies and procedures. There should be audit program steps in the tools firms use that apply to audit committee communication in PCAOB audits, not those under AICPA or international standards, because the rules are not the same. The PCAOB continues to bring cases in this area, even if it is for one single violation of this PCAOB standard. There is an apparent zero tolerance policy at the PCAOB for violations of this nature. Engagement Quality Review EQR is a hot area now. Firms may not have done one at all, or the quality is not there - either on the front end for risk identification and planning, or at the back end when the audit is done. Our firm has developed and provides an EQR mentoring program , which is a collegial one on one approach to help firms get better, and it includes retraining as partners rotate on engagements. Documentation There are a number of inspection findings relating to AS 1215, Audit Documentation, including firms adding, backdating, or altering workpapers after the report release date. There is a process under the standard for adding documents that includes documenting who made the change, when, and why. We advise firms that have documentation issues to follow the standard because it is not advisable to make it look like a workpaper was always there when it was not. Quality Controls The PCAOB is very focused on this area. When the PCAOB finds a number of violations, firms should consider whether they have quality control issues, including whether there is a strong ‘tone at the top’ related to audit quality. Most PCAOB enforcement actions issued in 2023 either cited a QC failure or required the firm to enhance its QC system as part of the sanction. It can be challenging for firms, especially those with fewer than ten or so PCAOB clients, to determine how much financial and personnel resources to commit to the firm’s system of quality control. The notion of scalability seems to have gone by the wayside resulting in a high fixed cost for entering the PCAOB audit market and maintaining a presence in that space. Some firms are hesitant to invest in compliance measures because of the high costs, but better quality likely will lead to getting more clients and the potential for less trouble down the line. There is a new PCAOB auditing standard on quality control coming soon, and it includes a requirement that assigns individual responsibility and accountability for the QC system. There is awareness, but we are encouraging our clients to get ready for this now. We offer quality control review services and can serve as a quality control confidant, especially for small firms that do not have a QC leader. PCAOB Inspections of China and Hong Kong Firms Last year, the PCAOB published inspection reports of PCAOB-registered firms in China and Hong Kong and announced enforcement actions and a record high level of penalties as a result of violations of PCAOB rules and U.S. securities laws. These included auditors cheating on ethics and other internal examinations, and extensive quality control deficiencies. By 2023, the PCAOB will have inspected up to 99 percent of these firms’ audits. Inspection reports are expected to come out in April 2024 showing more of the same deficiencies. The 2024 PCAOB budget includes resources to continue inspections in this region. U.S. firms should look at these inspection results and enforcement cases to be aware of what the PCAOB found and is continuing to look for. Conclusion PCAOB Chair Williams and the current board continue to deliver a tough message about audit deficiencies and enforcement. The PCAOB is filing enforcement cases not only against firms that pose potential danger for not doing anything right but also for compliance failures, including those relating to PCAOB reporting. Auditors need to invest in audit quality and keep on top of changes in audit standards to avoid PCAOB scrutiny and potential sanctions. Matt has more than 30 years of experience in financial reporting, auditing, and fraud detection and prevention. He held enforcement roles at the SEC and PCAOB, along with leadership roles at national consulting firms where he provided clients with solutions in accounting, auditing, financial reporting, forensic accounting, and litigation support.

More Opportunities to Improve: The PCAOB’s Latest Report on Broker-Dealer Audit Quality

By Don Melody, JGA Director 29 Feb, 2024
On January 31, 2024, the PCAOB Staff (the “Staff”) released its first ever Spotlight, Insights Into the PCAOB’s Interim Inspection Program Related to Audits of Broker-Dealers . I commend the Staff for this Spotlight. It provides new insights and more context than their typical annual reports on the broker-dealer inspection program results. To provide some brief background, the broker-dealer inspection Program was created as result of the Dodd-Frank Act, which was enacted into law in 2010. Inspections started in 2011, and the revised Securities Exchange Act Rule 17a-5 was effective in 2013. The most recent Annual Report published in August 2023 reported a 58% deficiency rate for broker-dealer firm inspections conducted in 2022, and stated that the rate was, “unacceptably high.” That compares to a 40% deficiency rate for issuer firm inspections in 2022, so the difference is considerable. See our September 2023 article that talks about the report - Broker Dealer Reruns: Haven’t I Seen This Before? (jgacpa.com) Auditors have, understandably so, argued that they need more guidance from the PCAOB to correct these deficiencies. It looks like the Staff has heard the pleas based on this Spotlight. Here are a few of the key observations by the staff in the report, and our recommendations for firms. PCAOB Finding: Insufficient Understanding of the Broker-Dealer Industry “In addition, broker-dealer specific training for auditors is not widely available. Typically, only larger audit firms offer in-house training and have acquired extensive broker-dealer audit experience that is shared with audit firm personnel. While there are a few vendors who offer quality training, course offerings are limited throughout the year.” The point is that the broker-dealer industry is specialized; you can’t simply be a good auditor and conduct a quality broker-dealer audit without obtaining the requisite understanding of the rules and regulations. For example, the auditor of a broker-dealer also provides an opinion on the supplemental information (e.g. Net Capital Computation, Reserve Formula Computation, etc.), and evaluates whether the supplemental information, including its form and content, is presented in conformity with 17 C.F.R. §240.17a-5 . That involves determining whether the broker-dealer's net capital computation is complete and accurate. Net capital includes assets that are “allowable” or “non-allowable” in the computation. And sometimes an otherwise allowable asset per Rule 15c3-1 may actually be non-allowable if, for example, there isn’t a particular clause in a clearing agreement. And sometimes an asset that is otherwise non-allowable per Rule 15c3-1 can be allowable if certain other conditions are met. The nuances exist in various SEC interpretations released over the last 50 or so years. These nuances are difficult enough for audit professionals with decades of broker-dealer audit experience. If engagement teams don’t gain that specialized knowledge, they won’t know what they don’t know, and will not be set up for success. We continue to see opportunities for engagement teams to have more BD-specific experience on the team. Training is one way to raise the bar, but that leads to the next problem – there simply isn’t a lot of high-quality broker-dealer audit training out there! While providing broker-dealer audit training to our clients, we have found that general training is often not sufficient to meet their needs and/or remediate PCAOB findings. For example, a general training on auditing a common broker-dealer that claims a (k)(2)(ii) exemption and introduces customer transactions to a clearing broker-dealer, will not help an engagement team audit a broker-dealer that specializes in mergers and acquisitions. As the Staff also emphasizes in the Spotlight, there is also an overreliance on standardized audit programs. We don’t look at these topics separately. We work with auditors to tailor their audit programs to the types of broker-dealers they audit and train their engagement staff to apply the programs to the facts and circumstances of their audits. PCAOB Finding: Overreliance on Standardized Audit Programs Inspectors found that standardized audit programs “may not be all encompassing, may reflect only certain criteria in the standards, and may be limited in the scope of procedures to be completed…these programs typically must be tailored to reflect the nature of the broker-dealer’s business operations, internal controls, and financial reporting and attestation risks.” In my time as a PCAOB Inspection Leader, I saw this time and time again. Audit firms subscribe to “off-the-shelf” audit methodology providers and rely on the audit programs they provide. Engagement teams follow the programs, fill them out completely, and still, they don’t conduct sufficient procedures. How can that be? Said differently, the audit programs are a good resource and a great foundation, but they are a guide and simply cannot account for every risk in the audits of your client portfolio. That holds true for any audit, but especially so for unique, complex broker-dealer industry audits. The audit programs are not a substitute for understanding the complexities of the broker-dealer industry (see above regarding the need for industry-specific training). In our work performing practice monitoring reviews for BD audits, we have seen cases where methodology doesn’t get down to the level necessary to force the understanding and documentation of a robust workflow to identify the risks at the assertion level necessary to sufficiently design test procedures. Based on our work with firms, the best path to success is to start with the standardized programs and then tailor them to the types of broker-dealers they audit. For example, if a firm audits broker-dealers that are involved in contractual revenue streams, such as the private placement of securities, we add in steps to address the key elements of revenue recognition within those transactions, such as obtaining evidence of the closing of the transaction, reviewing the contracts for possible claw backs, etc. These are specific considerations that are unlikely to be covered by a standardized audit program. PCAOB Finding: Low-Cost Providers and the Pace of Auditor Changes The staff reported that about a third of all broker-dealer audits have budgets of 40 hours or less and fees of $10,000 or less. These small audits, we believe are the root cause of many audit deficiencies. In the Spotlight, they said everything that is possible without saying it. Take into consideration these points mentioned above : the need for high-quality, broker-dealer industry specific training the need to go beyond the standard audit programs the need to conduct a rigorous risk assessment process that includes obtaining a sufficient understanding of the broker-dealer’s operations revenue transaction cycles related controls that will enable auditors to tailor their planned audit procedures more effectively Now do all of these points in 40 hours or less and collect $10,000. You can start to see why this doesn’t work. Conducting quality audits under that model is not sustainable, especially when the PCAOB levied a record amount of fines in 2023. Auditors would be wise to consider whether retaining a $10,000 audit client under these circumstances is worth the risk of being sanctioned and fined considerably higher dollar amounts. The Spotlight also highlights that about a third of broker-dealers audited by firms inspected during 2022 changed audit firms in the last three years. There are a variety of reasons for changing auditors, but in my experience, cost is the most common reason. Many of the low-cost providers that did not conduct audits in accordance with PCAOB Standards have been sanctioned and shut down by the PCAOB. But there are still some out there. My advice is to enhance your client acceptance and continuance process. The Staff touches on this in the Spotlight as well. Determine whether your firm has the expertise and tools to complete the audit in accordance with the standards. Specifically, when assessing the skills of the potential engagement team personnel, in my previous roles as SEC examiner and PCAOB inspector, I often saw that audits would be accepted and staffed with personnel with a range of broker-dealer industry experience. But not all broker-dealers are the same. Just because a firm has a team that has audited introducing broker-dealers doesn’t mean it should or could accept an engagement of a clearing broker-dealer, or even another exempt broker-dealer that engages in complex trading activities and hold difficult-to-value securities. It’s important to understand the detailed activities of the broker-dealer prior to accepting it as a client to ensure that your firm has the staff with the requisite expertise to complete the audit. In addition, use the acceptance process to set reasonable budgets and charge a fee that will allow you to conduct audits that meet PCAOB Standards. I even recommend sending the PCAOB Spotlight to your clients to start a conversation about the need to invest more time (and money) on audit quality improvements. I’ve been there and understand the challenge – many smaller broker-dealers don’t understand why it takes so many hours to do a quality audit, so show them. If the client refuses to pay the reasonable fee, let the client go to a low-cost provider that will be out of business in a couple years. That will keep you from becoming one of those firms that are out of business in the next couple of years. Other Findings and Next Steps There is a lot more in the Spotlight that can lead to higher quality broker-dealer audits, including applying professional skepticism, gaining experience with PCAOB Standards, having an effective EQR, and establishing a robust client acceptance and continuous process. I recommend spending time reviewing the Staff’s insights and consider how you can use them to increase your firm’s audit quality related to broker-dealer audits. Don has more than 23 years of regulatory examination, audit, and audit regulation experience, focusing on the broker-dealer industry. He previously served as an Inspections Leader in the Broker-Dealer Firm (BDF) Inspection Program at the PCAOB. His key activities as Inspection Leader included transforming the inspection approach, leading inspection teams, assessing auditor and examination procedures, and reviewing comment forms. He also served as Risk Assessment and Selections Leader for the BDF Program, where he was responsible for selecting audit firms/broker-dealer audits for inspection and served as a liaison between BDF Program and the SEC. During his 12-year tenure at the SEC, Don served as Examination Manager / Branch Chief, Broker-Dealer Examinations, in the Chicago Regional Office.

JGA Pleased To Sponsor 2024 ALI-CLE Accountants' Liability Conference

By Randall Thompson 29 Feb, 2024
Johnson Global Advisory (“JGA”) is pleased to sponsor the American Law Institute Continuing Legal Education’s two-day event live in Washington, D.C. and virtually online on May 16th and 17th. Join us and gain insights and perspectives on wide range of hot-button issues. The 2024 conference promises to be better than ever. Hear the latest, engage with colleagues, and stay current in your field. This year’s program is still being finalized but planned topics include: Accounting litigation trends New and proposed accounting standards Artificial intelligence in the accounting profession Quality controls and other emerging regulatory issues ESG/climate accounting Strategic considerations in regulatory investigations Beyond the Big Four SEC perspectives PCAOB inspection program Register today at use the code " JOHNSON " to save $250. Click here to register. About Johnson Global Johnson Global partners with leadership of public accounting firms, driving change to achieve the highest level of audit quality. Led by former PCAOB and SEC staff, JGA professionals are passionate and practical in their support to firms in their audit quality journey. We accelerate the opportunities to improve quality through policies, practices, and controls throughout the firm. This innovative approach harnesses technology to transform audit quality. Our team is designed to maintain a close pulse on regulatory environments around the world and incorporates solutions which navigates those standards. JGA is committed to helping the profession in amplifying quality worldwide.

PCAOB Form AP: Do’s and Don’ts of Filing Timely and Accurately (Replay Available)

By Randall Thompson 29 Feb, 2024
Replay this informative program hosted by JGA’s Managing Director and Litigation and Investigations Practice Leader, Matthew Rogers. With more than 25 PCAOB enforcement actions relating to failures to timely filing of a Form AP, the cost of non-compliance can be high. Hear insights that will enable practitioners to better understand the Form AP requirements through lessons learned from PCAOB enforcement actions. Also, explore topics that will help foster discussion about practical solutions for enhancing firm quality controls to minimize the risk of compliance failure. To watch the replay or for additional details about this program please visit this link . Learning Objectives: Understand Rule 3211 and the Form AP Filing Requirements Discover what can go wrong and what are the penalties from past PCAOB Enforcement actions related to Rule 3211 and Form AP Apply best practices to reasonably ensure compliance with Rule 3211 and Form AP After registering you will receive a confirmation email containing information about watching the webcast. About Johnson Global Johnson Global partners with leadership of public accounting firms, driving change to achieve the highest level of audit quality. Led by former PCAOB and SEC staff, JGA professionals are passionate and practical in their support to firms in their audit quality journey. We accelerate the opportunities to improve quality through policies, practices, and controls throughout the firm. This innovative approach harnesses technology to transform audit quality. Our team is designed to maintain a close pulse on regulatory environments around the world and incorporates solutions which navigates those standards. JGA is committed to helping the profession in amplifying quality worldwide.
More Posts
Share by: