Most risk professionals know the mission of the Public Company Accounting Oversight Board (PCAOB): Protect investors by overseeing the audits of public companies and SEC-registered brokers and dealers. One way it does this is through its inspection program.
External auditors use PCAOB inspection observations as one data point to inform their staff training and to evolve their audit approach, among other things. But your management team should also consider potential implications of PCAOB inspection observations on your internal control over financial reporting (ICFR) compliance programs and interactions with auditors. It’s an opportunity to identify appropriate short-term actions and to consider longer-term strategic moves to create more sustainable, cost-effective ICFR programs.
In 2019, PCAOB inspected more than 175 audit firms and reviewed portions of approximately 710 public company audits. The inspections identified several good practices that demonstrated improvement in audit quality. They also identified deficiencies, the most common of which fell into four categories.
Beyond these categories, the PCAOB noted observations that, while not pervasive across firms, are areas where management could expect greater auditor focus in the future. These areas include distributed ledger technologies and digital assets, cybersecurity risks, software audit tools and communications between auditors and audit committees.
Planning now for the long term
PCAOB inspection observations present the opportunity to consider how well your current capabilities deliver a sustainable, cost-effective ICFR program, one that balances quality and the cost of compliance over the long term. While ICFR compliance is not typically viewed as a strategic business initiative, companies that set a deliberate strategy for their ICFR compliance programs are more likely to have cost-effective compliance that can be sustained in the face of unprecedented levels of business risks and compliance requirements. To position your company for long-term success, we recommend thinking strategically about ICFR compliance and taking action to:
Management should also consider several steps to determine what actions may be required in the current accounting cycle and beyond.
The PCAOB inspection process isn’t just a resource to improve audit quality. Its observations can provide the impetus for management to take a strategic look at how to create a more sustainable, cost-effective ICFR program in the long-term, including actions that can begin now.