Insights > Articles > In the News: PCAOB Issues Staff Audit Practice Alert in Light of Deficiencies Observed in Audits of Internal Control Over Financial Reporting

In the News: PCAOB Issues Staff Audit Practice Alert in Light of Deficiencies Observed in Audits of Internal Control Over Financial Reporting

Washington, DC, Oct. 24, 2013  The Public Company Accounting Oversight Board
October 2013

The Public Company Accounting Oversight Board today issued a Staff Audit Practice Alert in light of a significant number of audit deficiencies observed in the past three years related to audits of internal control over financial reporting (ICFR).

Effective ICFR helps assure that companies produce reliable published financial statements that investors can use in making investment decisions.

"Auditors should take note of the matters discussed in this alert in planning and performing their audits, given the importance of the controls companies use to produce their financial statements," said PCAOB Chairman James R. Doty.

Staff Audit Practice Alert No. 11: Considerations for Audits of Internal Control Over Financial Reporting discusses the application of certain requirements of Auditing Standard No. 5 and other PCAOB standards to specific aspects of audits of internal control.

Specifically, the alert discusses:

  • Auditors' risk assessment and the audit of internal control;
  • Selecting controls to test;
  • Testing management review controls;
  • Information technology considerations, including system-generated data and reports;
  • Roll-forward of control testing performed at an interim date;
  • Using the work of others; and
  • Evaluating identified control deficiencies.

Auditing Standard No. 5, An Audit of Internal Control Over Financial Reporting That Is Integrated with An Audit of Financial Statements, establishes requirements for performing and reporting on audits of internal control. It is designed to focus auditors on the most important matters in the audit of internal control and avoid procedures that are unnecessary to an effective audit.

In December 2012, the PCAOB issued a report on observations from 2010 inspections of audits of internal control over financial reporting performed by domestic annually inspected firms. It found that in 15 percent of the 309 integrated audit engagements inspected, firms failed to obtain sufficient audit evidence to support their opinions on the effectiveness of internal control due to one or more deficiencies.

Inspections in subsequent years have continued to identify similarly high levels of deficiencies in audits of internal control at other registered firms.

"It is particularly important for the engagement partner and senior engagement team members to focus on these areas and for engagement quality reviewers to keep these matters in mind when performing their engagement quality reviews," said Martin F. Baumann, PCAOB Chief Auditor and Director of Professional Standards.

"Auditing firms also should consider whether additional training of their auditing personnel is needed," he said. "Appropriate application of the top-down, risk-based approach pursuant to PCAOB standards can result in an effective audit of internal control while avoiding unnecessary work."

Audit committees of public companies for which audits of internal control are conducted may want to take note of this alert. Audit committees may want to discuss with their auditor the level of auditing deficiencies in this area identified in their auditor's internal inspections and PCAOB inspections, request information from their auditor about potential root causes, and inquire how their auditor is responding to these matters.

The PCAOB publishes staff audit practice alerts to highlight new, emerging, or otherwise noteworthy circumstances that may affect how auditors conduct audits under the existing requirements of PCAOB standards and relevant laws.

Auditors should determine whether and how to respond to these circumstances based on the specific facts presented. The statements contained in the practice alerts do not establish rules of the Board and do not reflect any Board determination or judgment about the conduct of any particular firm, auditor, or any other person.

We're Here to Help

GarryMichael continually monitors the regulatory landscape for federal agencies and their contractors. For questions about how your organization can adapt to the new FISMA requirements, contact us today.