Industry News: PCAOB says 42%
of auditors botched quality reviews
In 2021, a significant transformation took root under the guidance of Gary Gensler, the Securities and Exchange Commission Chair. The winds of change swept through the Public Company Accounting Oversight Board (PCAOB), leading to a rigorous overhaul of enforcement practices, an expansion of inspection rules, and stricter standards for auditors engaged with publicly traded companies. The new head of the PCAOB, Erica Williams, continued to strengthen these initiatives, doubling enforcement orders and issuing record penalties in 2022.
However, beneath the surface of these bold changes, troubling trends emerged. Chair Williams disclosed that in 2022, PCAOB inspectors were likely to uncover issues in 40% of the audits they reviewed. This concerning statistic revealed a persistent rise in flawed audits, with a 6% increase in 2022 following a 5% increase in the preceding year. The urgency to address this trend prompted a comprehensive staff report on Engagement Quality Reviews (EQRs), offering a window into the PCAOB's enhanced oversight and inspection processes.
Engagement Quality Reviews, as it turns out, play a pivotal role in safeguarding the interests of investors throughout the audit process. They act as a critical assessment designed to ensure that the significant judgments made by the audit team, forming the foundation of the audit opinion, are thoroughly vetted by an independent reviewer. This measure seeks to increase the chances of auditors identifying substantial deficiencies before issuing their attestation reports.
Alarming findings emerged from the PCAOB's inspections:
A staggering 82% of the flawed EQRs from the previous year failed to meet industry standards.
In 6% of these cases, the auditor's quality control system fell short of ensuring the competence, independence, integrity, and objectivity of the EQR reviewers. Further, in 5% of instances, auditors failed to seek approval from the EQR reviewer before issuing the audit report, and in another 5%, some audit firms did not perform an EQR at all.
Chair Williams emphasized the critical importance of audit firms and audit committees immersing themselves in the EQR report, not merely as a bureaucratic exercise but as a core component of their responsibility to protect investors against inadequately supported audits. In summary, the PCAOB's intensified enforcement, heightened inspections, and stringent standards have been engineered to secure the quality and integrity of audits in publicly traded companies, ultimately reinforcing the shield around investors. The article underscores the need for audit firms and committees to leverage analytics to better fulfill their critical responsibilities in this evolving regulatory scrutiny and change landscape.
Here are the top 5 audit analytics capabilities auditors need for improved audit quality
The article suggests that in the context of the PCAOB's efforts to enhance audit quality and investor protection, the following audit analytics capabilities can be of significant help to auditors:
Access to data
The number one challenge in auditing a digital platform is access to data. Sampling has always been in the auditor's toolkit as a way to predict with a known probability level whether the hypothesis that a control is effective can be asserted. Verifying every transaction by human effort is an expense rarely justifiable to shareholders.
However, sampling is no longer practical. As the technology landscape expands and cloud adoption increases, auditors need new and improved ways to extract 100% of the data. Basing decisions on sampling methods is too big a risk. Auditors need a cloud-based solution that instantly provides full access to apply controls across a complete data set that's complete and accurate
Many audits are still performed in tools like Excel. These tools are error-prone, and maintaining data integrity is nearly impossible. Auditors need access to data straight from the source to make informed decisions based on 100% of the data.
Auditors require proactive and periodic data analysis to ensure organizations address growing threats to business applications and IT systems to support hybrid, agile, and hyper-automation business needs.
Traditional business intelligence and reporting tools cannot cross-link changes to complex security meta-data against the fragmented, de-centralized provisioning process. Effective analysis requires auditors to review privileges assigned to employees and third parties, service accounts, and BOTs to ensure compliance with access governance policies.
Advanced Analytics enables auditors to analyze volumes of data straight from the source to "find the needle in the haystack" by using discrete and fuzzy logic to filter historical data sets stored in an audit vault to perform "what-if analysis" to predict potential risks that would impact business applications and IT systems. Advanced data comparison options ensure that requested corrective actions to security are completed in a timely manner. Changes introduced by third-party application providers are detected, and alerts are routed to IT security personnel for examination and remediation.
Ideally, the auditor and customer should work off the same data set and share reports within a secure platform, eliminating error-prone manual work and maintaining data integrity. For example, how do you prove that there are three purchase orders outside the purchasing limit? Doing this through work papers (papers that support the assertion) isn't effective.
Auditors need an online platform where the customer and auditor can collaborate and communicate using a complete audit trail.
A critical factor for auditors is completing the audit plan within scope and budget. Audit solutions can streamline the whole process - from beginning to end - from planning to execution and output.
These audit analytics capabilities allow auditors to monitor, evaluate, and improve their audit processes, ensuring compliance with the PCAOB and regulations, maintaining high-quality audits, and protecting investors.
The changes spearheaded by SEC Chair Gary Gensler and PCAOB Chair Erica Williams have significantly bolstered the regulatory landscape for auditors. The growing trend of flawed audits emphasizes the critical need for auditors to adapt and enhance their practices to protect investor interests. It is evident that engagement quality reviews (EQRs) are pivotal in this process, but the data shows that many audit firms are falling short. Auditors can harness the power of audit analytics to address these challenges and fulfill their responsibilities. In an era of increased scrutiny and regulatory changes, adopting analytics capabilities is essential for audit firms and audit committees seeking to adapt and thrive in a rapidly evolving auditing landscape.
Advanced Audit Analytics
Advanced audit analytics incorporate robust data analytics features that empower internal, external, IT audit, and compliance teams to enhance productivity, ensure quality, and effectively audit digital enterprises, providing accurate insights and value-added recommendations
Auditing Reforms 2023
For auditors, 2023 is shaping up to be an unprecedented year. Since 2021, there has been a notable surge in the efforts of financial and accounting regulators to address audit quality. Moreover, they are actively pursuing the modernization of outdated auditing standards.
Enhancing Cyber Security Compliance
Your organization should consider implementing proactive measures to ensure compliance with the new cyber disclosure requirements. One such cutting-edge approach is policy-based access governance, which has the potential to transform your cybersecurity incident and data breach management practices.