On April 19, 2016, the Public Company Accounting Oversight Board (the “PCAOB”) issued a Staff Inspection Brief (the “Brief”) which gave the audit industry a preview of the results of the PCAOB’s 2015 inspections of auditors of brokers and dealers.
Based on their observations, the PCAOB also gave us some highlights of certain requirements related to the audit and attestation engagements of brokers and dealers they thought would be useful. The Brief represents highlights of inspections performed on auditors of brokers and dealers whose audits were conducted under PCAOB standards for the first time. The 2015 inspection cycle covered 75 firms and 115 audit and attestation engagements conducted for brokers and dealers with fiscal year ends between June 1, 2014 and June 30, 2015.
Not surprisingly, the 2015 inspections focused on areas for which audit firms were cited for deficiencies in the past. Previous hot button topics/areas include independence, revenue recognition and the use of information produced by clients and service organizations among others.
Independence was again a problem, although the Brief mentioned the violations were less frequent than observed in previous inspection cycles. The violations here continue to be surrounding Securities and Exchange Commission (“SEC”) Regulation S-X, 17 C.F.R. 210.2-01 (C)(4)(i).Auditors of brokers and dealers are required to comply with independence rules contained in SEC Regulation S-X as well as most PCAOB Independence Rules. SEC Regulation S-X, 17 C.F.R. 210.2-01 (C)(4)(i) states 3 specific areas that violate auditor’s independence:
It appears as though some audit firms are still preparing elements that will end up in the financial statements for their clients. In all, the PCAOB has imposed sanctions against 22 audit firms for independence violations. Findings in this area continued to be preparation of financial statements, bookkeeping and other prohibited services.
Deficiencies also continued with respect to revenue recognition. Key deficiencies continued to surround insufficient control testing to support the control risk assessment at less than the maximum; insufficient sampling procedures; insufficient analytical procedures to give the desired level of assurance; and insufficient procedures surrounding the completeness and accuracy of information from clients as well as service organizations.
All elements surrounding audit work with respect to revenue are linked. Because there are times when a customer agreement is severely outdated, auditors should be examining a body of evidence to support their conclusions. Each test, and the extent of such tests, hinge on evidence obtained elsewhere within the audit workpapers. A failure in one area can cause a deficiency.
Financial statements missing required disclosures; disclosures that were either incomplete or inaccurate; and transactions that where not accounted for or presented in accordance with GAAP were observed. It is important that auditors are not only using a financial statement disclosure checklist, but also an industry checklist that may address more specific items that could require disclosure.
Audit failures included insufficient journal entry testing (or in some cases no evidence of journal entry testing) and failing to identify revenue recognition as a potential fraud risk or failing to perform procedures specifically in response to this risk. Journal entry testing is a vital piece of audit evidence. One of the things it can help support is a client’s claim of no exceptions to their exemption from Securities Exchange Act (“SEA”) Rule 15c3-3, among others.
SEC Rule 17a-5 requires certain supplemental schedules. Those schedules include the computation of net capital (SEA Rule 15c3-1); the computation of the required reserve (SEA Rule 15c3-3); and information relating to the possession or control of customer securities. Deficiencies related to these schedules included insufficient testing of components of the net capital computation; insufficient testing of the completeness and accuracy of significant components of the customer reserve calculation; and insufficient testing of compliance with the possession or control requirements under Rule 15c3-3.
The Brief also cited deficiencies in audit reports which mainly included omission of required statements with respect to the supplemental information within the financial statements.
Auditors sometimes can take for granted that a schedule prepared by the client is correct. We must always be sure anything received from the client is complete and accurate. That is the starting point before any schedule can be audited.
Observations included not making all inquiries required by Auditing Standard No. 2; insufficient evaluation of exceptions identified during the review; and not evaluating whether information obtained from the audit of the financial statements corroborated management’s assertions. The inspections also revealed deficiencies in the review report. These included improper dating of the review report and inconsistencies between the accountant’s review report and management’s report.
In some cases the PCAOB found that no engagement quality review was performed or that the engagement quality reviewer did not sufficiently evaluate the significant judgements and conclusions reached by the engagement team.
Unfortunately, this Brief contained more of the same with respect to deficiencies as the usual suspects keep coming up. It would be a good idea for clients to keep these hot button issues in mind and expect your auditor to ask for more details in these areas if they are not already doing so. Reach out to your auditor earlier this year and try to stay ahead of what they are going to be asking for. Schedule a proper planning meeting ahead of the interim work to discuss the audit. This will bring fewer last-minute surprises and will make for a much smoother audit process.
The information contained herein is not necessarily all inclusive, does not constitute legal or any other advice, and should not be relied upon without first consulting with appropriate qualified professionals.