Internal Inspections – Part III: Remediation – How to Read and React to the Results

Johnson Global Advisory (“JGA”) is proud to participate in the world-wide Learning at Work Week May 13th-19th. This annual event supports building learning cultures in workplaces. It aims to put a spotlight on the importance and benefits of continual learning and development. JGA actively supports “learning power” (the theme for this year Learning at Work Week) for our external clients and we’ve been working on some exciting opportunities to learn internally through growing, engaging and connecting opportunities as a team as well. Johnson Global is committed to amplifying quality in the profession. For more information about our training services click here.

Updated 5.13.2024 On May 13, 2024 the PCAOB held an Open Board Meeting - PCAOB to Consider Adopting New Standards on General Responsibilities of the Auditor in Conducting an Audit, Quality Control . The PCAOB considered adopting a new auditing standard – AS 1000, General Responsibilities of the Auditor in Conducting an Audit as well as QC 1000, A Firm’s System of Quality Control. JGA provided comments to the PCAOB on the proposed QC 1000 standard. To read our comments please click here . The PCAOB proposed standard QC 1000, A Firm’s System of Quality Control and Other Proposed Amendments to PCAOB Standards, Rules and Forms, is available here . The new standard is available for viewing here .  PCAOB Updates PCAOB Solidifies Foundation of Every Audit With Adoption of New Standard on General Responsibilities of the Auditor PCAOB Adopts New Quality Control Standard With a Risk-Based Approach Designed to Drive Continuous Improvement in Audit Quality

PCAOB Publishes Spotlight Related to Root Cause Analysis In April 2024, the PCAOB released a Spotlight Root Cause Analysis – An Effective Practice to Drive Audit Quality which continues the Board’s goal of sharing its observations from its inspection and remediation activities, but this time related to Root Cause Analysis (RCA). RCA should not be a new concept to audit firms. In 2020, we published RCA: Seems like EVERYBODY is talking about Root Cause Analysis , where we shared the importance of performing an effective RCA to be able to understand what are the underlying causes of deficiencies which occur at your firm. We wanted to highlight a few important aspects coming through in this April 2024 Spotlight. The Spotlight rightly stated that RCA should be a multifaceted approach . There are a number of different tools, techniques, processes, and philosophies that firms can undertake to perform a RCA. In addition, there may not always only be one factor that is causing a deficiency – it could be a variety of factors such as lack of technical competence, failure of resource allocation at firm level, etc. The Spotlight also identified characteristics of a well-designed RCA process , which are important to highlight as follows: Have a dedicated team with RCA experience perform the RCA as they are more objective and have the requisite background. In helping our clients with RCA, we find by bringing in our objectivity, our PCAOB standards experience coupled with our RCA experience, engagement teams are more willing to be open and honest with their opinions of where they see potential root causes that resulted in deficiencies. Firms use a variety of methods and techniques to gather data which include review of workpapers, interviews with engagement teams immediately after the deficiencies are identified, and review of engagement metrics. All this information combined paints an informative picture of what caused the deficiencies. Firms should not only focus on looking at engagements that had negative quality outcomes, but also focus on looking at engagements which had positive outcomes arising from inspections or the firm’s internal monitoring. By identifying what worked well with some engagement teams, firms can then use that information to drive change with other engagement teams. Lastly, firms should be aware that the task of identifying root causes and implementing a new action to remediate this deficiency does not mean that the job is done. Firms should monitor these remedial actions to determine whether the actions that they undertook are in fact solving the problem. In conclusion, there is no time like the present to strengthen your RCA process . Remediating deficiencies (by providing training, developing new tools and templates, changing processes, etc.) is a time consuming and costly undertaking…you want to make sure that the action you are investing in, is actually going to remedy the problem. In addition, the PCAOB’s standard setting agenda includes a proposal for the new quality control standard that, if adopted, would require firms to perform RCA of its control deficiencies. Our recommendation is to start implementing your RCA process now so that you can refine and modify your RCA process.

Johnson Global is proud to sponsor My Sister's Place (MSP) 45th Anniversary Celebration on May 15, 2024 in Washington, D.C. MSP has been providing services to the D . C . community to empower survivors of domestic violence and their children, while fostering leadership and education to build a supportive community. MSP's experienced team provides training, case consultation, and advocacy to engage communities to prevent violence and abuse. Click here for more details.

Johnson Global Advisory (“JGA”) is pleased to sponsor the Allinial Global Executive Team Conference 2024. This four-day event will be from May 19–22 at The Westin Kierland Resort & Spa in Scottsdale, AZ. This premier event for firm management, strategy and growth, and leadership, with a focus on Driving Success and Accelerating Possibilities through collaboration, knowledge sharing, and networking. PROGRAM HIGHLIGHTS A keynote session entitled The Time to Win - Grow Your Firm by Exceeding Clients’ Need for Speed by Hall of Fame speaker and New York Times best-selling author Jay Baer Inspiring sessions focused on how firms can evolve their internal operations and management to facilitate a seamless client experience through lean processes and innovative approaches to talent and technology Half-day virtual programs on Monday, May 20 and Tuesday, May 21 To learn more and register click here. About Johnson Global Johnson Global partners with leadership of public accounting firms, driving change to achieve the highest level of audit quality. Led by former PCAOB and SEC staff, JGA professionals are passionate and practical in their support to firms in their audit quality journey. We accelerate the opportunities to improve quality through policies, practices, and controls throughout the firm. This innovative approach harnesses technology to transform audit quality. Our team is designed to maintain a close pulse on regulatory environments around the world and incorporates solutions which navigates those standards. JGA is committed to helping the profession in amplifying quality worldwide.

Editor's note: This article is part of a series to highlight the unique experience that JGA professionals possess and deliver to our clients. As busy season winds down, it is an opportune time to reflect on challenges in ensuring audit quality and preparing for a successful outcome to the PCAOB inspections process. There are a myriad of obstacles to audit quality such as time constraints and the complexities of client engagements. Amidst these demands, audit quality remains the utmost priority. Geoff Dingle an author of JGA’s guide, Navigating PCAOB Inspections, Second Edition shares his insights on how firms can effectively prepare for the entire process. The Purpose Registered firms that issue at least one public company audit opinion are subject to inspection at least every three years. Every inspection is different based on the firm, its clients, and PCAOB priorities, but the overall process is the same. It is a long process that takes planning and coordination, and this guide addresses the main phases and pain points. “Through our work at JGA, supporting firms on PCAOB inspections, we are able to witness first-hand the struggles that some firms encounter as they work through the inspection process with the regulator. Although some of this information is available on the PCAOB’s website, we have been able to consolidate our own experiences having supported over 100 firms during their inspections. JGA has a team of alumni from the regulator that have led inspection teams and quality management initiatives, with over 139 years of combined experience at the PCAOB and SEC,” says Dingle. The Process The inspection process often takes more than two years (sometimes as long as four years) from initial notification of an inspection to the final remediation determination. It can take weeks to months to issue comment forms after the inspection week. Report finalization is getting faster but it can still take more than six months to issue an inspection report to a firm. If there are few issues, the PCAOB can respond quickly, but with multiple findings the process oftentimes takes longer. After report issuance Firms have 12 months to remediate Part II findings and provide these remedial plans to the PCAOB for evaluation. Pre-Inspection The PCAOB provides the dates for its intended inspection week. The notification letter includes the period being inspected, questions, and requested documentation about the firm and its clients. There are not many pain points at this stage, but there is typically a four-week deadline to respond. The PCAOB contacts the firm two to three weeks before the inspection starts with the names of the issuers selected for inspection and requests specific information and access to the workpapers for these audits. “We always recommend that firms hold internal meetings to assign responsibilities between the engagement teams and the national office and plan for the inspection. Prep week - the week before the inspection, can be stressful. We suggest that engagement teams go back through their audit files to re-familiarize themselves with the workings of the audit file,” Geoff continues . Key Points About The Process Before COVID, inspections were conducted in-person. Now the majority of the inspections are performed virtually. “With the engagement team and the inspection team not being in the same room, we have observed inefficiencies in getting matters resolved because of the need to coordinate firm personnel and inspection personnel, across various time zones, locations, and schedules,” he mentions. During the inspection week, the PCAOB provides detailed questions to the engagement team regarding the audit file. It’s a mix between written questions sent to the firm and asked questions during meetings. All questions are answered in subsequent meetings. With the remote process, meetings are scheduled to address and answer these questions. “Our own experience is that if a particular line of questions continued for the week (i.e. the engagement team’s response is not satisfying the inspector), then chances are there will probably be an issue that will result in a comment form,” Geoff adds. Be ready for multiple layers of questions on the same subject by providing details based in the working papers and show a deep understanding of the audit. Inspection issues are usually riskier areas involving judgements. Audit documentation should “tell the story” of how auditors came to their conclusions, not just what the conclusion was. Audit documentation should describe in detail what considerations were made by the engagement team in coming to their judgment (i.e. how any contradictory evidence was addressed; why the engagement team went with one model over another, etc.). If judgments are not well documented, the PCAOB has no alternative but to conclude that sufficient procedures were not performed. Comment Forms A few weeks after fieldwork is completed, the inspection team provides comment forms that include a summary of the deficiency and the facts related to the issue. Firms have 10 business days to respond. The Inspection Report Part I inspection findings are in the report’s public portion. Part I.A deficiencies indicate the firm had not supported its opinion on the financial statements, ICFR, or both. Part I.B findings are compliance issues which do not specifically compromise the audit opinion. Part II findings are related to the firm’s system of quality control and are in the report’s nonpublic section and these are not shared with the public. Firms have 12 months to remediate Part II findings before they can become public if the PCAOB concludes that the firm did not adequately remediate. Frequent Part I.A findings in an integrated audit relate to testing controls, testing estimates, and use of service auditor reports. Part I.B findings may result in enforcement cases and include incorrect opinion language, independence breaches, audit committee communication issues, and incomplete or late filing of Form AP. Responding to Findings in Part II of the Inspection Report Ultimately, the firm has 12 months to communicate to the PCAOB how it plans to remediate quality control findings. Geoff provides his insights on the importance of root cause analysis, “In our experience, firms do not do a great job of root cause analysis to identify the remedial action needed for deficiencies because they do not dig deep enough. We review comment forms and related workpapers to understand why the PCAOB issued the comment, and then we interview the engagement teams about root causes, to understand whether the issue was related to areas like staffing, partner workload, supervision and review, technical competence, audit methodology, or firm tools. In fact, firms will soon be compelled to do a rigorous root cause analysis as the proposed quality control standard (QC 1000) requires root cause analysis.” A proactive approach to remediation, specifically quality control findings allows for firms to make corrective actions based on their root cause evaluation and provide time to see the updates work their way through the firm’s audit cycle. Showing examples of the new process goes a long way. See our contribution to Journal Of Accountancy, Quality Management Standards: How to Perform a Root Cause Analysis . “We advise firms to address Part II remediation findings early. If they wait until they receive the report to start remediation, another inspection could start, and a repeat finding could result.” PCAOB guidance details five relevant criteria they use to conclude on the sufficiency of remedial actions. Every firm’s quality control processes are different, so we work with clients to apply the guidance to their own remedial actions and avoid repeat criticisms,” Geoff mentions. In conclusion, the PCAOB has made it clear both through its speeches and its enforcement actions that they will be tougher on enforcing regulation and audit quality. Firms need to plan in advance to make sure the inspection process is as issue-free as it can be. That starts with making sure audits are completed in accordance with the PCAOB auditing standards, not when you get notified of an inspection. Firms should enhance their practice monitoring by engaging firms like JGA to perform in-flight reviews while the audit is happening. In that way, quality is achieved prior to the signing of the audit opinion. Interested in learning more about the PCAOB inspections process and how to prepare? Navigating PCAOB Inspections, Second Edition is a roadmap for firm management and engagement teams through the entire PCAOB inspection and remediation process, to help prepare for inspections and implement continuous audit quality improvements. Geoff Dingle, JGA Managing Director, Shareholder With more than 20 years of experience in the accounting and auditing industry, Geoffrey Dingle works with public accounting firms to help them achieve the highest level of audit quality. Geoff brings a diverse set of experiences to JGA. As an Associate Director for almost 10 years, in the Division of Registrations and Inspections at the PCAOB, he conducted inspections of quality control and issuer audits. In addition, he played a senior role in planning, executing and reporting on the annual inspections of Global Network Firms, including, but not limited to, quality control procedures, review of comment forms, development of the inspection report criticisms and quality control themes, and evaluation and review of Firm root cause analysis and remedial actions. To learn more about Geoff and the JGA Team visit the Meet Our Team page.

Editor's note: This article is the first in a series to highlight the unique experience that JGA professionals possess and deliver to our clients. What is top of mind for the Public Company Accounting Oversight Board (PCAOB)? The PCAOB has made it clear that it intends to carry out an aggressive inspection program to identify and correct the high rate of audit quality deficiencies it continues to find and refer matters to its Division of Enforcement and Investigations (“DEI”). “ As a consultant, I work with audit firms to establish or enhance their policies and procedures so they deliver audit services at the highest quality level and hopefully avoid regulatory scrutiny from the PCAOB and SEC .” When an auditor or firm has become subject to a PCAOB or SEC investigation, JGA can assist in a number of ways including in their responses to informal document requests, Accounting Board Demands, and subpoenas for workpapers, emails, and other documents. Our consultants also perform workpaper review, provide case assessments and strategy guidance, assist with witness preparation, and help in preparing white papers, Statements of Position, and Wells responses. We also serve as expert witnesses by providing expert reports and expert testimony. Johnson Global professionals consult firms on timely remedial and corrective actions and other activities to obtain PCAOB extraordinary cooperation credit to substantially reduce or eliminate monetary penalties and sanctions. Once there is a PCAOB enforcement inquiry, before a case is brought, we review audit workpapers and documents and evaluate the firm’s quality control system to identify the potential violations, assess the significance of the violations, provide a root cause analysis, and propose remedial solutions. Existing or new clients include individuals and firms who have received a letter from DEI or the SEC’s Enforcement Division announcing an informal inquiry, or that a formal order of investigation has been initiated. “Our vast network, includes attorneys that I know from doing forensic accounting for so many years.” As needed, we assist firms in obtaining counsel with experience working with the PCAOB and SEC, if they do not have one. We work with counsel closely in these matters for counsel to provide legal advice and correspond with the regulator directly on behalf of the firm. Recent Trends PCAOB Reporting - Form AP and Form 3 Compliance We have seen an increase in the number of PCAOB enforcement actions related to PCAOB Form AP (Auditor Reporting of Certain Audit Participants) and PCAOB Form 3 (Special Events). The general requirement for Form AP is to file it within 35 days from the date the firm’s audit report is first included in a Form 10-K or 20-F filed with the SEC. For Form 3, the form must be filed within 30 days after the event. Firms are not filing these on time, commonly because they are not aware of the requirements or forget to file. Once the audit is over, attention can get diverted from Form AP. Form 3 is particularly burdensome because there are 18 specified events to report and monitoring these can be a challenge. Also, these forms may not be filled out correctly. For Form AP, it is easy for the PCAOB to determine whether a firm has timely filed it by comparing SEC filings to the Form AP filing, and the inspections group will routinely do that. It is harder for the Board to identify Form 3 compliance issues because their special events are unique to each firm, but we see instances of that occurring and enforcement matters as a result. When compliance failures occur, we have observed that the DEI will send a letter to the firm with a draft order that will propose a settlement, without even discussing the matter with the firm. We discuss the options with the client and client’s counsel, including the costs associated with litigation, so they can decide. Most clients do not challenge the Board and agree to the censure and fine, which can be $5,000 or more per violation, along with the requirement for a self-review and self-certification of the firm’s quality control policies and procedures relating to PCAOB reporting. The consequences of any compliance failure on these forms can be harsh, even though it was just a mistake. Form compliance is an area where we can help firms to make process changes and put policies and procedures in place to timely file and avoid a repeat failure. We recommend annual training on PCAOB reporting and the implementation of an annual certification process for Form 3 events. For Form AP, we help firms institute tracking and monitoring controls by the designated head of quality. For example, we designed a Form AP tracker that includes the relevant required information for all the firm’s PCAOB clients, along with the estimated filing dates and calendar reminders so there is a process to monitor engagement teams to proactively follow up. We also developed a Form 3 checklist that includes the trigger events and can be used at monthly meetings or by email requiring affirmative responses, so firms are able to proactively identify the events that require a filing. Communications with Audit Committees This is an area where the PCAOB is using sweeps, presumably from information gathered at the audit inspection level. Participation of other auditors in the audit must be communicated to the audit committee, but the PCAOB has noted failures to communicate which firms and individuals were involved and what they did. Another common problem area in audit committee communications is the lack of required preapproval of non-audit and audit related services. Firms may need training to understand the requirements, along with additional quality control policies and procedures. There should be audit program steps in the tools firms use that apply to audit committee communication in PCAOB audits, not those under AICPA or international standards, because the rules are not the same. The PCAOB continues to bring cases in this area, even if it is for one single violation of this PCAOB standard. There is an apparent zero tolerance policy at the PCAOB for violations of this nature. Engagement Quality Review EQR is a hot area now. Firms may not have done one at all, or the quality is not there - either on the front end for risk identification and planning, or at the back end when the audit is done. Our firm has developed and provides an EQR mentoring program , which is a collegial one on one approach to help firms get better, and it includes retraining as partners rotate on engagements. Documentation There are a number of inspection findings relating to AS 1215, Audit Documentation, including firms adding, backdating, or altering workpapers after the report release date. There is a process under the standard for adding documents that includes documenting who made the change, when, and why. We advise firms that have documentation issues to follow the standard because it is not advisable to make it look like a workpaper was always there when it was not. Quality Controls The PCAOB is very focused on this area. When the PCAOB finds a number of violations, firms should consider whether they have quality control issues, including whether there is a strong ‘tone at the top’ related to audit quality. Most PCAOB enforcement actions issued in 2023 either cited a QC failure or required the firm to enhance its QC system as part of the sanction. It can be challenging for firms, especially those with fewer than ten or so PCAOB clients, to determine how much financial and personnel resources to commit to the firm’s system of quality control. The notion of scalability seems to have gone by the wayside resulting in a high fixed cost for entering the PCAOB audit market and maintaining a presence in that space. Some firms are hesitant to invest in compliance measures because of the high costs, but better quality likely will lead to getting more clients and the potential for less trouble down the line. There is a new PCAOB auditing standard on quality control coming soon, and it includes a requirement that assigns individual responsibility and accountability for the QC system. There is awareness, but we are encouraging our clients to get ready for this now. We offer quality control review services and can serve as a quality control confidant, especially for small firms that do not have a QC leader. PCAOB Inspections of China and Hong Kong Firms Last year, the PCAOB published inspection reports of PCAOB-registered firms in China and Hong Kong and announced enforcement actions and a record high level of penalties as a result of violations of PCAOB rules and U.S. securities laws. These included auditors cheating on ethics and other internal examinations, and extensive quality control deficiencies. By 2023, the PCAOB will have inspected up to 99 percent of these firms’ audits. Inspection reports are expected to come out in April 2024 showing more of the same deficiencies. The 2024 PCAOB budget includes resources to continue inspections in this region. U.S. firms should look at these inspection results and enforcement cases to be aware of what the PCAOB found and is continuing to look for. Conclusion PCAOB Chair Williams and the current board continue to deliver a tough message about audit deficiencies and enforcement. The PCAOB is filing enforcement cases not only against firms that pose potential danger for not doing anything right but also for compliance failures, including those relating to PCAOB reporting. Auditors need to invest in audit quality and keep on top of changes in audit standards to avoid PCAOB scrutiny and potential sanctions. Matt has more than 30 years of experience in financial reporting, auditing, and fraud detection and prevention. He held enforcement roles at the SEC and PCAOB, along with leadership roles at national consulting firms where he provided clients with solutions in accounting, auditing, financial reporting, forensic accounting, and litigation support.

On January 31, 2024, the PCAOB Staff (the “Staff”) released its first ever Spotlight, Insights Into the PCAOB’s Interim Inspection Program Related to Audits of Broker-Dealers . I commend the Staff for this Spotlight. It provides new insights and more context than their typical annual reports on the broker-dealer inspection program results. To provide some brief background, the broker-dealer inspection Program was created as result of the Dodd-Frank Act, which was enacted into law in 2010. Inspections started in 2011, and the revised Securities Exchange Act Rule 17a-5 was effective in 2013. The most recent Annual Report published in August 2023 reported a 58% deficiency rate for broker-dealer firm inspections conducted in 2022, and stated that the rate was, “unacceptably high.” That compares to a 40% deficiency rate for issuer firm inspections in 2022, so the difference is considerable. See our September 2023 article that talks about the report - Broker Dealer Reruns: Haven’t I Seen This Before? (jgacpa.com) Auditors have, understandably so, argued that they need more guidance from the PCAOB to correct these deficiencies. It looks like the Staff has heard the pleas based on this Spotlight. Here are a few of the key observations by the staff in the report, and our recommendations for firms. PCAOB Finding: Insufficient Understanding of the Broker-Dealer Industry “In addition, broker-dealer specific training for auditors is not widely available. Typically, only larger audit firms offer in-house training and have acquired extensive broker-dealer audit experience that is shared with audit firm personnel. While there are a few vendors who offer quality training, course offerings are limited throughout the year.” The point is that the broker-dealer industry is specialized; you can’t simply be a good auditor and conduct a quality broker-dealer audit without obtaining the requisite understanding of the rules and regulations. For example, the auditor of a broker-dealer also provides an opinion on the supplemental information (e.g. Net Capital Computation, Reserve Formula Computation, etc.), and evaluates whether the supplemental information, including its form and content, is presented in conformity with 17 C.F.R. §240.17a-5 . That involves determining whether the broker-dealer's net capital computation is complete and accurate. Net capital includes assets that are “allowable” or “non-allowable” in the computation. And sometimes an otherwise allowable asset per Rule 15c3-1 may actually be non-allowable if, for example, there isn’t a particular clause in a clearing agreement. And sometimes an asset that is otherwise non-allowable per Rule 15c3-1 can be allowable if certain other conditions are met. The nuances exist in various SEC interpretations released over the last 50 or so years. These nuances are difficult enough for audit professionals with decades of broker-dealer audit experience. If engagement teams don’t gain that specialized knowledge, they won’t know what they don’t know, and will not be set up for success. We continue to see opportunities for engagement teams to have more BD-specific experience on the team. Training is one way to raise the bar, but that leads to the next problem – there simply isn’t a lot of high-quality broker-dealer audit training out there! While providing broker-dealer audit training to our clients, we have found that general training is often not sufficient to meet their needs and/or remediate PCAOB findings. For example, a general training on auditing a common broker-dealer that claims a (k)(2)(ii) exemption and introduces customer transactions to a clearing broker-dealer, will not help an engagement team audit a broker-dealer that specializes in mergers and acquisitions. As the Staff also emphasizes in the Spotlight, there is also an overreliance on standardized audit programs. We don’t look at these topics separately. We work with auditors to tailor their audit programs to the types of broker-dealers they audit and train their engagement staff to apply the programs to the facts and circumstances of their audits. PCAOB Finding: Overreliance on Standardized Audit Programs Inspectors found that standardized audit programs “may not be all encompassing, may reflect only certain criteria in the standards, and may be limited in the scope of procedures to be completed…these programs typically must be tailored to reflect the nature of the broker-dealer’s business operations, internal controls, and financial reporting and attestation risks.” In my time as a PCAOB Inspection Leader, I saw this time and time again. Audit firms subscribe to “off-the-shelf” audit methodology providers and rely on the audit programs they provide. Engagement teams follow the programs, fill them out completely, and still, they don’t conduct sufficient procedures. How can that be? Said differently, the audit programs are a good resource and a great foundation, but they are a guide and simply cannot account for every risk in the audits of your client portfolio. That holds true for any audit, but especially so for unique, complex broker-dealer industry audits. The audit programs are not a substitute for understanding the complexities of the broker-dealer industry (see above regarding the need for industry-specific training). In our work performing practice monitoring reviews for BD audits, we have seen cases where methodology doesn’t get down to the level necessary to force the understanding and documentation of a robust workflow to identify the risks at the assertion level necessary to sufficiently design test procedures. Based on our work with firms, the best path to success is to start with the standardized programs and then tailor them to the types of broker-dealers they audit. For example, if a firm audits broker-dealers that are involved in contractual revenue streams, such as the private placement of securities, we add in steps to address the key elements of revenue recognition within those transactions, such as obtaining evidence of the closing of the transaction, reviewing the contracts for possible claw backs, etc. These are specific considerations that are unlikely to be covered by a standardized audit program. PCAOB Finding: Low-Cost Providers and the Pace of Auditor Changes The staff reported that about a third of all broker-dealer audits have budgets of 40 hours or less and fees of $10,000 or less. These small audits, we believe are the root cause of many audit deficiencies. In the Spotlight, they said everything that is possible without saying it. Take into consideration these points mentioned above : the need for high-quality, broker-dealer industry specific training the need to go beyond the standard audit programs the need to conduct a rigorous risk assessment process that includes obtaining a sufficient understanding of the broker-dealer’s operations revenue transaction cycles related controls that will enable auditors to tailor their planned audit procedures more effectively Now do all of these points in 40 hours or less and collect $10,000. You can start to see why this doesn’t work. Conducting quality audits under that model is not sustainable, especially when the PCAOB levied a record amount of fines in 2023. Auditors would be wise to consider whether retaining a $10,000 audit client under these circumstances is worth the risk of being sanctioned and fined considerably higher dollar amounts. The Spotlight also highlights that about a third of broker-dealers audited by firms inspected during 2022 changed audit firms in the last three years. There are a variety of reasons for changing auditors, but in my experience, cost is the most common reason. Many of the low-cost providers that did not conduct audits in accordance with PCAOB Standards have been sanctioned and shut down by the PCAOB. But there are still some out there. My advice is to enhance your client acceptance and continuance process. The Staff touches on this in the Spotlight as well. Determine whether your firm has the expertise and tools to complete the audit in accordance with the standards. Specifically, when assessing the skills of the potential engagement team personnel, in my previous roles as SEC examiner and PCAOB inspector, I often saw that audits would be accepted and staffed with personnel with a range of broker-dealer industry experience. But not all broker-dealers are the same. Just because a firm has a team that has audited introducing broker-dealers doesn’t mean it should or could accept an engagement of a clearing broker-dealer, or even another exempt broker-dealer that engages in complex trading activities and hold difficult-to-value securities. It’s important to understand the detailed activities of the broker-dealer prior to accepting it as a client to ensure that your firm has the staff with the requisite expertise to complete the audit. In addition, use the acceptance process to set reasonable budgets and charge a fee that will allow you to conduct audits that meet PCAOB Standards. I even recommend sending the PCAOB Spotlight to your clients to start a conversation about the need to invest more time (and money) on audit quality improvements. I’ve been there and understand the challenge – many smaller broker-dealers don’t understand why it takes so many hours to do a quality audit, so show them. If the client refuses to pay the reasonable fee, let the client go to a low-cost provider that will be out of business in a couple years. That will keep you from becoming one of those firms that are out of business in the next couple of years. Other Findings and Next Steps There is a lot more in the Spotlight that can lead to higher quality broker-dealer audits, including applying professional skepticism, gaining experience with PCAOB Standards, having an effective EQR, and establishing a robust client acceptance and continuous process. I recommend spending time reviewing the Staff’s insights and consider how you can use them to increase your firm’s audit quality related to broker-dealer audits. Don has more than 23 years of regulatory examination, audit, and audit regulation experience, focusing on the broker-dealer industry. He previously served as an Inspections Leader in the Broker-Dealer Firm (BDF) Inspection Program at the PCAOB. His key activities as Inspection Leader included transforming the inspection approach, leading inspection teams, assessing auditor and examination procedures, and reviewing comment forms. He also served as Risk Assessment and Selections Leader for the BDF Program, where he was responsible for selecting audit firms/broker-dealer audits for inspection and served as a liaison between BDF Program and the SEC. During his 12-year tenure at the SEC, Don served as Examination Manager / Branch Chief, Broker-Dealer Examinations, in the Chicago Regional Office.

Johnson Global Advisory (“JGA”) is pleased to sponsor the American Law Institute Continuing Legal Education’s two-day event live in Washington, D.C. and virtually online on May 16th and 17th. Join us and gain insights and perspectives on wide range of hot-button issues. The 2024 conference promises to be better than ever. Hear the latest, engage with colleagues, and stay current in your field. This year’s program is still being finalized but planned topics include: Accounting litigation trends New and proposed accounting standards Artificial intelligence in the accounting profession Quality controls and other emerging regulatory issues ESG/climate accounting Strategic considerations in regulatory investigations Beyond the Big Four SEC perspectives PCAOB inspection program Register today at use the code " JOHNSON " to save $250. Click here to register. About Johnson Global Johnson Global partners with leadership of public accounting firms, driving change to achieve the highest level of audit quality. Led by former PCAOB and SEC staff, JGA professionals are passionate and practical in their support to firms in their audit quality journey. We accelerate the opportunities to improve quality through policies, practices, and controls throughout the firm. This innovative approach harnesses technology to transform audit quality. Our team is designed to maintain a close pulse on regulatory environments around the world and incorporates solutions which navigates those standards. JGA is committed to helping the profession in amplifying quality worldwide.