Audit Insider | August 2023

Summer is coming to an end, a sad transition for those who love the extra daylight and a welcome reprieve for the camp that prefers sweater weather (personally, I fall into the former). Before we enter fall there are a few new developments facing the public company audit profession. Between the PCAOB’s NOCLAR and Technology Assisted Analysis proposals it has been a busy August for members of the profession.

The SEC adopted a new cybersecurity disclosure rule. The International Auditing and the Assurance Standards Board (IAASB)’s proposed International Standard on Sustainability Assurance (ISSA) 5000 round out a summer full of regulatory developments. More on that below!

In August, I spoke with the CAQ’s very own Emily Lucas about her path to accounting and her fellowship at the CAQ.

Read on for the latest issues I’m tracking and resources from the profession to assist audit practitioners.

Please note that these perspectives are my own. If this email was forwarded to you, subscribe here so that you never miss a public company auditing update.

We’re closely monitoring these proposals and others from audit regulators and standard setters:

PCAOB

Proposals​​​

• ​​NOCLAR: In August the CAQ issued a comment letter expressing concerns about proposed amendments to PCAOB Auditing Standards related to a Company’s Noncompliance with Laws and Regulations and Other Related Amendments (NOCLAR). The proposal is one of the most significant since the PCAOB’s proposal on mandatory firm rotation (MFR), which received over 700 comment letters. Thus far, over 200 audit committee chairs and members, as well as other board members (and counting) have signed this letter to express their concerns to the PCAOB.The stakeholders who signed support the PCAOB’s mission to protect investors by modernizing audit standards that support the performance of continued high-quality audits in today’s complex business environment. However, they are concerned that the proposed amendments do not advance that mission. The board members are concerned that the PCAOB’s proposal risks reducing audit quality and lessening investor protections while unnecessarily increasing the cost and complexity of audits.​​​​You can see all comment letters submitted to the PCAOB are public and maintained on their website here. The CAQ is reading though the comment letters and be on the lookout for a future CAQ summary describing some of the themes we are seeing from commenters. At a first pass it appears the majority of commenters are not supportive of the PCAOB’s proposal as written.
  ​​​​​​
• Technology-assisted analysis: In August the CAQ issued a comment letter in response to the PCAOB’s Proposed Amendments Related to Aspects of Designing and Performing Audit Procedures that Involve Technology-Assisted Analysis of Information in Electronic Form. The proposal is designed to improve audit quality and enhance investor protection by addressing aspects of designing and performing audit procedures that involve technology-assisted analysis of information in electronic form. The CAQ is supportive of the Board’s objective to provide greater guidance and clarity for auditors when using technology-assisted analysis within the audit as the use of technology-assisted analysis in the audit continues to become more pervasive. While we recognize that the proposed amendments are intentionally focused on providing clarity regarding the use of technology-assisted analysis within the existing framework for audit evidence in the PCAOB standards, we encourage the Board to potentially think broader about technology, the audit, and audit quality.  ​​​​​

​​​​SEC

• Cyber Rule: The SEC’s anticipated final rule on cybersecurity has been released. The rule aims to enhance and standardize disclosures by requiring registrants to provide timely reports on cybersecurity incidents on Forms 8-K and 6-K. They are also required to make disclosures about all of their cybersecurity strategy, risk management, and governance in annual reports. The final rule requires disclosure of:
  • Form 8-K within 4 Business Days of Determining the Incident Is Material: Material cybersecurity incidents, with a delay only when the US Attorney General concludes disclosure would pose a substantial risk to national security or public safety, and
  • Annually: Material information regarding cybersecurity risk management, strategy, and governance.
• The final rules will become effective 30 days following publication of the adoption release with Form 10-K and Form 20-F disclosures due in fiscal years ending on or after December 15, 2023.
  • Our Take: The CAQ is supportive of the SEC’s desire to implement rules that promote consistent, comparable, and decision-useful cybersecurity disclosures and the transparency that comes along with it. We’re seeing a rapid evolution of domestic and foreign cybersecurity threats, particularly with an increase in remote and hybrid work. Timely cybersecurity disclosures are becoming increasingly more relevant and useful to investors and other stakeholders in the financial reporting ecosystem. Learn more here. We also took a closer look at the components of the rule in our latest Audit Committee Insights.

ISSB

• Proposed International Standard on Going Concern and Proposed Conforming and Consequential Amendments to other ISAs:  The IASSB in April released an exposure draft, Proposed International Standard on Auditing 570 (Revised 202X) Going Concern, that aims to promote consistent practice and behavior and facilitate effective responses to identified risks of material misstatement related to going concern, strengthen the auditor’s evaluation of management’s assessment of going concern, including reinforcing the importance, throughout the audit, of the appropriate exercise of professional skepticism, and enhance transparency with respect to the auditor’s responsibilities and work related to going concern where appropriate, including strengthening communications and reporting requirements.
  • Our take: We are supportive of the Board’s objectives to strengthen the auditor’s evaluation of management’s assessment of going concern and considering ways to enhance transparency with respect to the auditor’s responsibilities and work related to going concern. In our comment letter, we outline the following overarching concerns:
    • The financial reporting framework and auditing standards need to work in concert to drive increased transparency for financial statement users. This cannot be achieved by revising the auditing standards alone. Although outside the scope of the IAASB’s work, it should be a high priority for the IASB to consider potential revisions and enhancements to IAS 1 Presentation of Financial Statements. The scalability of the Exposure Draft could be enhanced by explicitly linking the design and performance of audit procedures to the auditor’s risk assessment in the requirements of the proposed standard, allowing the auditor to use professional judgment in determining the nature and extent of audit procedures to be performed related to going concern.
    • While we appreciate the IAASB’s desire to explore additional transparency for users of audited financial statements about the auditor’s responsibilities and work relating to going concern, we do not support the proposed requirements related to the addition of the new “Going Concern” section in the auditor’s report. A better approach to disclosure would be for the auditor to use professional judgment to determine whether to include audit matters related to going concern in the auditor’s report as a KAM (in accordance with the framework set forth in ISA 701 (Revised))
    • In addition to responding to the IAASB, we are monitoring the PCAOB’s Going Concern project and expected proposal in 2023.
• ISSA 5000: On August 2nd, the IAASB issued the proposed standard, International Standard on Sustainability Assurance (ISSA) 5000, General Requirements for Sustainability Assurance Engagements, for public consultation.  Per IAASB, proposed ISSA 5000 can be applied to:
  • Information about all sustainability topics and aspects of topics
  • Information prepared in accordance with any sustainability reporting framework, standard or other suitable criteria
  •  All sustainability information regardless of the mechanism for reporting the information
  • Limited and reasonable assurance engagements
• ​​Once approved, ISSA 5000 will be the most comprehensive sustainability assurance standard available to all assurance practitioners across the globe. Comment letters are due December 1, 2023. Learn more here.

Audit Quality

Audit quality in the U.S. remains high, but in light of economic uncertainty, emerging developments, and demands on talent, audit practitioners should remain up to speed on the latest developments impacting audit quality. Read on for recent news, tools, and resources.

PCAOB Previews 2022 Inspection Results 

In July, the PCAOB released a report showing that inspection deficiencies rose in 2022, with staff expecting approximately 40% of the audits reviewed to have one or more Part I.A deficiencies, up from 34% in 2021 and 29% in 2020. In an opinion piece for the Wall Street Journal, Chair Williams said that “it is unacceptable that audit quality is trending down for the second year in a row.”

From my perspective, these results do not reveal a full picture of overall audit quality health. As a former public company auditor, I can say confidently that audit quality can’t be measured by inspection findings alone. Rather, the PCAOB’s inspection results are one indicator of audit quality. Financial statements are also a key benchmark. By this measure, audit quality is extremely high. Based on our own analysis of PCAOB inspection reports of the largest firms in 2021, none of the audits identified as deficient by the board resulted in changes to the audit opinion or a restatement of company financials. That means none of the board-identified errors had a material effect on the auditor’s opinion. This result is not an anomaly; over the last 20 years, there has been on average a 10% year-over-year decline in restatements. And to continually improve audit quality, firms develop and deploy robust audit quality measures and many firms describe such efforts in annual voluntary audit quality reports, as described by PwC and EY here. See also the CAQ’s audit quality disclosure framework.

I expand on this more in this Bloomberg opinion, Audit Quality Is More Complex Than One Board’s Inspection Data. Ultimately, audit quality is a continuous journey that requires constant attention by both public company auditors and the PCAOB, and we must continue to strive to for higher audit quality. ​​​​​​

PCAOB Releases Broker Dealer Inspection Report

​​​In August, the PCAOB released their Annual Report on the Interim Inspection Program Related to Audits of Brokers and Dealers. This report provides information about their 2022 inspections approach and observations from their inspections of audits of brokers and dealers. The report also includes a description of “good practices” which include brief scenarios and possible procedures that may be effective to address those scenarios. The 2022 inspection year marked the eight year of inspections of firms that audit brokers and dealers under the interim inspection program since broker and dealer audits and the related attestation engagements were required to be performed in accordance with PCAOB standards. 2022 inspection results for audits of brokers and dealers generally increased or remained elevated across engagement types and areas. If you are planning or performing a broker dealer audit, consider checking out the CAQ’s Audit Planning Alert for Auditors of Brokers and Dealers where we pose questions for auditors of brokers and dealers to consider as they play both their audit and attestation engagement. The resource focuses on six areas: auditing revenue, audit evidence produced by service organizations and/or the broker or dealer, auditing related party transactions, auditing the supplemental information, performing examination engagements, and performing review engagements.

Audit Insider Webinar Recap

On July 19th, the CAQ hosted a free CPE-eligible webinar focused on emerging issues facing public companies and their auditors. The webinar included leaders in public company auditing and its regulatory bodies, including keynote addresses from leaders at the SEC and PCAOB.

The discussion provided preparer and public company auditor perspectives on issues impacting auditors in today’s regulatory environment. Watch the session here to learn about the key themes arising in comment letters on filings from the most recent reporting cycle, and overarching themes in recent PCOAB inspection findings, including areas of concern highlighted by the PCAOB staff and observations and best practices from public company auditors. Note: While the replay is not CPE-eligible, mark your calendars for October 18th when we will host our next webinar.​​​​

The Evolving Role of the Auditor

As investor demand evolves, so does the role of public company auditors. The CAQ is dedicated to providing resources to keep you up-to-date on trending topics in corporate reporting.

Understanding the SEC’s Upcoming Climate Rule

The significant demand for ESG-related disclosures is driven by large institutional and private equity investors, retail investors, customers, employees, and other stakeholders. As a result, governments and regulators around the world are taking a closer look at reporting requirements to address stakeholders’ information needs. With increasing stakeholder demand and growing regulatory developments, like the European Union’s Corporate Sustainability Reporting Directive (CSRD)  and the U.S. Securities and Exchange Commission’s (SEC’s) highly anticipated final climate-related disclosures rule,  it’s clear that ESG reporting is here to stay.

My colleague, Desire Carroll, Director, Professional Practice at the CAQ describes what we can expect in the upcoming rule and the state of ESG assurance in this video:

Learn more about our annual analysis of S&P 500 ESG Reports, and the upcoming climate-related disclosures rule, in a recent Audit in Action blog post.

Fraud and Emerging Tech: Digital Assets

The Anti-fraud Collaboration published Fraud and Emerging Tech: Digital Assets, examining fraud risks that digital assets may introduce. The publication is part of the AFC’s emerging technology series, and offers recent examples of digital asset-related frauds and suggestions of how controls and technology can mitigate these fraud risks.

Organizations and their employees are still continuing to grasp the complexity of the technology associated with digital assets. Through a close look at the basics of digital assets, vulnerabilities and fraud risks, control strategies, and the fallout of FTX, this resource seeks to be a resource  understanding the fraud risks associated with these assets.

Talent Spotlight

The CAQ is committed to working with audit firms to address issues related to talent, including the pipeline and gaps in diverse representation. Each month, I’ll spotlight our efforts on this critical issue.

ICYMI: In partnership with Edge Research, the CAQ released a report on student barriers to pursuing a career in accounting. Amid a shortage of accountants, undergraduate business students report encountering obstacles to pursuing a degree in accounting. Among other things, the report found that the most significant reasons cited by business-related majors for not considering accounting as a major included a lack of interest or passion for the major (driven in part by negative experiences with introductory accounting classes), and their perception of not being good enough at math to become an accountant.

At the CAQ, we’re committed to working to creating a robust, diverse talent pipeline. Learn more about our Bold Ambition, and download the report, Increasing Diversity in the Accounting Profession Pipeline: Challenges and Opportunities, July 2023, for more of the results.

This month we are featuring our very own Emily Lucas, CPA, Professional Practice Fellow at the CAQ and a Managing Director within the National Quality Organization (NQO) of the Trust Solutions segment at PwC. Emily helps guide the CAQ’s professional practice and public policy activities as part of her fellowship.

Emily brings the CAQ nearly 20 years of public company auditing experience. In her most recent role within PwC’s NQO, Emily helped lead the firm’s Chief Auditor Network, which supports audit teams in enhancing audit quality and efficiency and provides firm leadership with insights on the practice environment and overall audit quality trends.

Read on for my Q&A with Emily:

Question: What led you to a career in accounting? 

Emily: It was actually a bit of a circuitous route. I was not one of those people who knew what I wanted to do from a young age! As an undergrad at UVA I started out in the engineering school. I had always enjoyed and been strong in math and science, so I thought engineering was a natural path, but later realized it was not exactly what I was looking for. I was unsure, however, of the best alternative. I ultimately graduated with a degree in Spanish Language and went to work for a small publishing house. While there were aspects of the job that were interesting and enjoyable, I did not feel that the role was challenging me nor that I was developing, and after a couple years it became apparent that there was no clear path for advancement. I began to explore other options, and public accounting seemed to offer many of the things that were missing from my career – opportunities to work with smart, ambitious people and to do something a little different every day, as well as a highly structured environment with a clear progression path. I returned to school to obtain my Masters of Accountancy and started as an associate at PwC in 2004. Since then there’s never been a dull moment and I certainly got my wish for a challenging career that allows me to experience different things and continue to develop – a perfect example being the amazing opportunity I was given to participate in this fellowship program!

Question: What is your favorite aspect of being an accountant?

Emily: One of my favorite things about my career (and also one of the most challenging!) has been the different skillsets I have had to use and been able to hone. As I mentioned, I always enjoyed and was strong in math, and I had an expectation that I would use a lot of math in an accounting career. While math is certainly a relevant aspect of understanding a company’s accounting and financial reporting processes and performing an audit, much more of my time as an accountant has been spent doing other things – reading (e.g., accounting standards, auditing standards, client contracts and other agreements), applying critical thinking (e.g., assessing clients’ accounting treatments, understanding and assessing risk and determining whether risks have been adequately addressed, developing effective and efficient audit approaches), writing (e.g., audit documentation, firmwide guidance, practice aids and other resources), and communicating (e.g., with client management and audit committees, audit team members, including specialists, foreign component teams and shared service/center of excellence team members, and regulators). I have been able to hone my skills in these areas through both “doing” and working with so many amazing individuals at the firm and my clients who have so many years of experience and knowledge to share. That said, I still enjoy spending all day with my head buried in a spreadsheet from time to time, but I would not have found my career nearly as rewarding if that were all that accounting entailed!

Question: What led you to participate in the CAQ’s fellowship? What do you hope to learn or accomplish? 

Emily: My entire career I have been open to challenging myself and seeking opportunities that will further my development. The opportunity to participate in the CAQ fellowship seemed extremely unique to me. Now more than ever auditors are playing an important public interest role to protect investors. At the CAQ I am able to participate in projects that support the profession in delivering on that public interest role.  Most of all I was excited for an opportunity that would enable me to give back to our profession.

Question: You live in New Orleans. For first time visitors, what is a “must do” that you would recommend? 

Emily: That’s a tough one… there’s so much to do!! When people think of New Orleans I think they often picture the French Quarter, Mardi Gras, etc. I love all of that and definitely partake in it every once in awhile, but on a day-to-day basis life for the locals is not so excessive! Magazine Street in the Uptown area is packed with unique local shops and delicious restaurants, and an afternoon strolling, shopping and eating around there is hard to beat. Audubon Park near Tulane and Loyola universities is a beautiful spot for a game of golf or a walk or bike ride. But I think my number one “must do” would probably have to be Jazz Fest. For those who don’t know it, it’s an outdoor music festival that is held during two weekends in late April / early May – a fairly rare time of year when the weather is usually enjoyable here! It features all kinds of different musicians, incredible local food vendors, and a huge dose of unique New Orleans culture. I try to make sure I make it out there at least a couple days each year!

​​​​​

Each month, I’ll answer questions from readers. I received the following question in August:

Question: I am a senior associate and my main busy season audit was selected for inspection. What can I expect? 

Answer: It is natural to feel nervous when you hear an audit you spent so much time on during busy season has been selected for inspection. Remember you are a part of a team and will not be going through this solo. In my experience, I had the support of my entire team and national office partners throughout the entire inspection process. If you want to learn more about the PCAOB’s Inspection process as you prepare, check out this CAQ resource located here.

Submit your questions for next month to jgermain@thecaq.org.

See you next month Audit Insider.

Dennis McGowan

Vice President, Professional Practice and Anti-Fraud Initiatives