The CAQ alert: what you need to know
The number of audit failures reported by the Public Company Accounting Oversight Board (PCOAB) in its 2014 inspection reports is breathtaking. Failures attributed to Big Four audits increased from an average of 15 percent in early years, to an average of 39 percent in 2014, with one of the Big Four reaching 49 percent. Two smaller national firms had failures well in excess of 50 percent. James Doty, the chair of the PCAOB, recently said that reports to be released in 2015 will show no significant improvement.
In December 2014, the Center for Audit Quality (CAQ) responded to the PCAOB's criticisms by issuing an alert, Select Auditing Considerations for the 2014 Audit Cycle. The alert addressed audit considerations related to revenue recognition, professional skepticism, and standards regarding unusual transactions, among other things.
The CAQ addressed the alert to auditors to help them respond appropriately to the criticisms of their work by the PCAOB. However, the pressure to improve audit quality falls not only on the auditors, but also on the companies they audit.
Many of the audit and control failures cited by the PCAOB can be attributed to failures of documentation by the public company. In short, companies and their auditors were unable to collect, organize, and present the necessary audit evidence because the individuals charged with key controls failed to accurately document their internal controls and/or obtain the necessary evidence in the first place.
The PCAOB also found that the documentation companies do produce is often so vague that it simply fails to describe what the company's managers and decision makers did. That's what the PCAOB means when it criticizes companies and their auditors for failing to demonstrate that controls were working at "a level of precision" necessary to detect and prevent material misstatements.
If you work for company that is subject to an annual audit, this CAQ alert offers valuable insights on what auditors and the PCAOB will be looking for in 2015. Here are a few things you should know about the CAQ alert:
- Internal controls over financial reporting
The CAQ alert says, "Testing operating effectiveness typically involves obtaining and evaluating evidence about the steps performed to identify and investigate significant differences and conclusions reached in the reviewer's investigation, including whether potential misstatements were appropriately investigated and whether corrective actions were taken as needed. The auditor also should take into account other relevant evidence obtained in the audit when evaluating the effectiveness of a control, such as identified misstatements that were not prevented or detected by the control."
To accomplish this, companies must capture quality evidence to demonstrate that their controls are working effectively as designed at the point of performance. This is can be surprisingly hard to do without tools designed specifically for this purpose. You may find it useful to explore options available to capture evidence easily without adding to the workload of those performing the controls.
The CAQ alert also says, "The existence of control deficiencies in ITGCs [IT General Controls] may impact the auditor's ability to conclude on the effectiveness of an IT-dependent control, as well as affect the nature and extent of testing over other controls that rely on such data and reports."
That means the technology you choose matters. The controls themselves may be judged by their very nature—where they come from and how they are constructed. Be prepared for auditors to ask about tools you use, and examine built-in controls to help evaluate the accuracy of your data and reports.
- Auditing accounting estimates, including fair value measurements
Auditors will be taking a closer look at accounting estimates to make sure they are reasonable and fairly developed. The CAQ alert states that, "examples of management estimates may include those related to purchase price allocations, impairment assessments, the fair value of investments, allowances for doubtful accounts and loan losses, and uncertain tax positions."
All your estimates will be examined, and so will your methods for reaching the conclusions that you did. Auditors will test your controls, examine data for reliability, and look at your review process. The importance of documenting all reviews and approvals cannot be overstated. Every step you take toward developing an estimate will be scrutinized. That includes documentation of key assumptions used to develop projections and evidence of the quality of prior projections.
- Professional skepticism
The CAQ urges auditors to question the financial statements they review. "PCAOB auditing standards define professional skepticism as an attitude that includes a questioning mind and a critical assessment of audit evidence," the CAQ alert says. As they rigorously check your reports, auditors must carefully examine the data, conclusions, and proof you present.
Sufficient evidence of control operation and effectiveness, and sufficient management review are the standard on which you will be judged. The accuracy and quality of your evidence—not your ability to create friendly dialogue with auditors—are what matters.
The best way to pass an audit is to be prepared
Remember that your auditors are not responsible for designing, implementing and maintaining quality internal controls. You are. By staying informed and alert, you can catch issues before they become a last minute crisis.
Share the CAQ alert across your organization to help everyone become aware of the new audit realities.
About the Author
Joseph Howell is Vice President, Strategic Initiatives at Workiva. Prior to cofounding Workiva, he served as Chief Financial Officer for a number of public and private companies. He also serves as the cofounder, organizer, and community moderator for the SEC Professionals Group.