Introduction[1]

It is well-established that high quality audits of financial statements play a key role in investor protection and in building and preserving investor confidence. The Public Company Accounting Oversight Board (“PCAOB”) reported a troubling increase in deficiency rates found in its recent inspections.[2] In its 2022 inspections of audits performed in 2021,[3] the PCAOB inspections program found that insufficient audit evidence was obtained to support the auditor’s opinion in 40% of inspected audits. In its 2021 inspections, this same deficiency rate was 34%, up from 29% in its 2020 inspections. This is a troubling trendline in PCAOB inspections results.

Accordingly, we remind auditors that their fundamental responsibility to protect the investing public[4] can be fulfilled only by commitment to high-quality audits. This, in turn, calls for the auditor to exercise objective, impartial judgment and rigorous professional skepticism in gathering and evaluating evidence throughout the audit to support the audit opinions provided. Furthermore, auditors should conduct engagements with a mindset that the investors, rather than management, are the audit client.

While we believe strongly that most auditors are talented professionals, dedicated to performing high-quality audits, the issues and trends identified in PCAOB inspections in recent years demand the attention and renewed commitment of the entire profession to deliver on its mission of protecting investors.

Management’s Role and Auditors’ Exercise of Professional Skepticism in Response to Changing Conditions

Various external, dynamic conditions may put pressure on the operations and financial health of companies and render financial reporting and auditing more challenging.[5] The result may be new risks, or increases in existing risks, that affect the ability of an issuer’s existing financial reporting infrastructure to ensure that investors receive accurate, transparent, and complete disclosures. Likewise, evolving risks may require changes to accounting policies, processes, and internal control over financial reporting (“ICFR”) to maintain a financial reporting environment capable of producing reliable financial disclosures. Management should be mindful of these dynamics and ensure they are continuously evaluating and adjusting their systems and processes accordingly. For their part, auditors should challenge management teams to ensure that adequate systems and processes, coupled with a strong compliance culture, are in place to produce reliable, high quality financial statements and disclosures.

Over the past three PCAOB annual inspection cycles, for audits requiring auditor attestation over management’s assessment of ICFR, auditor testing of management review controls has had the highest rate of deficiency.[6] For these audits of ICFR during this period, the second highest rate of deficiency was in the auditors’ identification and selection of controls to test, while the third highest rate of deficiency was in the auditors’ identification and selection of controls over the completeness and accuracy of information used in the operation of the control.[7] Accordingly, we remind auditors of their responsibility to exercise professional skepticism in the gathering and evaluating of evidence, including related to internal controls, and approaching management’s judgments in these areas with professional skepticism.

PCAOB audit inspection findings also frequently identify areas of concern and deficiencies in audit evidence obtained in important financial statement areas, including revenue and related accounts, accounting estimates, business combinations, inventory, and long-lived assets.[8] Additionally, fraud is an ever-present risk, but particularly as companies face challenges, a higher risk of fraud may exist. For instance, management may be under pressure to meet earnings expectations in the face of declining revenue or increased costs. As auditors conduct their audits, they must be aware of areas of common audit deficiencies, as well as conditions that may create or change incentives, pressures, and opportunities, or facilitate rationalization for management and corporate misconduct. In the face of heightened fraud risk, auditors must consider whether a proper exercise of professional skepticism requires more persuasive evidence to corroborate management’s assertions.

Auditors should consider strong practices in the exercise of professional skepticism. First, as discussed in greater detail below, the auditor should frequently and proactively engage with the audit committee, which for listed issuers must be independent. These discussions should include events that impact financial reporting and related issues, including any red flags, arising from management responses. In this vein, the auditor should not agree to truncated or summary presentations of their concerns with management or management responses to audit concerns with the audit committee. Second, the auditor should also engage and effectively integrate specialists and other experts into the engagement team to assist in auditing complex areas or where specialized knowledge is needed. Doing so will help ensure that the auditor has adequate expertise to challenge management’s assessments and assertions. Third, the auditor should ensure that engagement teams are appropriately trained on biases that can affect auditor judgment and decision-making, and that might undermine professional skepticism. Finally, the audit firm and lead engagement partner should ensure that audit staff are empowered to exercise their professional skepticism and challenge the judgments of management. This may involve, among other things, supporting audit staff in exploring areas of heightened risk and red flags, insulating audit staff from any undue pressure to accept less than persuasive audit evidence, and refusing management requests or demands to replace audit team members.[9]

Applying professional skepticism can sometimes come at a cost, whether it is budget overruns, conflicts with management, or pressure from within the audit firm to maintain client relationships. But the audit engagement is not a standard business relationship between service provider and client, with profit as the primary goal and indicator of success. Instead, as the Supreme Court recognized, the auditor’s ultimate responsibility is to the investing public.[10] This responsibility both transcends the relationship with management of the audit client and elevates the importance of its proper functioning to produce the high-quality audits focused on the auditor’s responsibilities to investors that are a critical piece of a fair, orderly, and efficient capital markets system.

The Importance of the Audit Committee in Prioritizing and Promoting Audit Quality

The audit committee has the statutory responsibility to appoint, compensate, and oversee an issuer’s auditor.[11] In executing its responsibilities, an audit committee should prioritize, and aim to promote, audit quality, to protect investors. Academic studies highlight the risk that, in some cases, in executing their mandate, audit committees may look to protect the interests of the issuer and its management over the interests of investors. [12] This risk can arise out of an audit committee’s association or coziness with the issuer or its management or through management’s influence over the audit committee’s supervision of the auditor.[13] We remind audit committees of their role as critical gatekeepers for investor protection through oversight of a high-quality audit and the benefit of having an audit committee that is independent of management.

Commitment to audit quality starts with the independence of the audit committee and its selection and oversight of the independent auditor. Audit committees, in selecting an auditor, should prioritize audit quality. This will encourage auditors to compete for engagements based on their ability to perform a high-quality audit, with the requisite degree of professional skepticism. To ensure quality, the audit committee should frequently evaluate its process for assessing the auditor’s performance, including relevant firm or engagement-level metrics. For example, the audit committee should consider whether and how it monitors and considers the following:

• results of the auditor’s PCAOB inspections, the firm’s internal monitoring programs, or other firm audit quality reporting;
• whether the engagement team has appropriate industry expertise, and whether the engagement partner is sufficiently engaged and provides leadership to the engagement team;
• the engagement team’s total hours and staffing mix (such as, the use of specialists, the composition of experience within the engagement team, or portions of the engagement performed by other auditors); and
• significant changes (or the lack thereof) in hours or staffing mix from previous audits.

To maximize audit quality, the audit committee should also work to support the auditor’s independence and facilitate the auditor’s exercise of professional skepticism. This would require the audit committee to form a strong professional relationship with the auditor, independent of management, which can reduce the auditor’s barrier to exercising professional skepticism and focusing on its responsibilities to investors.[14] In furtherance of this critical goal, audit committees are encouraged to:[15]

• meet with the auditor, independent of management, through formal or informal meetings;
• have an open dialogue that provides adequate time for in-depth discussions of financial reporting and internal control matters with the independent auditor;
• dedicate time to asking the auditor probing questions to assess audit quality;
• speak directly with the audit engagement team about the importance of professional skepticism and the audit committee’s support of the engagement team; and
• avoid substituting management’s judgments or interactions with the independent auditor for the audit committee’s own judgments and engagement with the independent auditor.

We further encourage audit committees to leverage their unique oversight position to help set and monitor the tone for management’s relationship with the auditor. Audit committees should evaluate the frequency and quality of the auditor’s interactions with management.

Conclusion

Auditors and audit committees must focus on audit quality as their top priority. In doing so, and in the audit team’s exercise of their duty to apply professional skepticism to the audit, each should pay particularly close attention to areas that have been frequently identified as causes of deficiencies in PCAOB inspections. Auditors and audit committees serve as gatekeepers for investor protection and the financial reporting process and have an important role in facilitating the high-quality audits that are critical to the proper functioning of our capital markets.