The PCAOB recently published a 14-page summary of observations on its 2020 inspections of public accounting firms. The report highlights obstacles and good practices at audit firms, which can be helpful for audit committees to know when they’re engaging and overseeing auditors. Here’s one takeaway that’s good if you’re using a firm that’s inspected annually:
For the majority of the annually inspected audit firms, we identified fewer findings in 2020 compared to our 2019 inspections. In our triennially inspected audit firms, some improvements were noted, although deficiencies continue to remain high.
The report says that revenue recognition remains an area with room for improvement — so, expect auditors to continue to be very focused on that. And, if your company has experienced a cybersecurity incident, the ICFR impact of that is going to get a second look during an inspection:
We continue to review audits of public companies that experienced a cybersecurity incident during the audit period. We observed in our reviews how the auditor considered the cybersecurity incident in their risk assessment process and, if applicable, in their response to identified risks of material misstatement.
In certain audits reviewed, the auditor evaluated he severity and impact of the cybersecurity incident but did not consider whether the incident affected their identification or assessment of risks of material misstatement; whether modifications to the nature, timing, or extent of audit procedures were necessary; and whether the incident could be indicative of one or more deficiencies in ICFR.
-Liz Dunshee, TheCorporateCounsel.net October 25, 2021