CFOs face auditor crackdown on internal controls
For CFOs, the takeaway from last week's PCAOB Staff Audit Practice Alert on internal control over financial reporting is that audit season won't be getting any less stressful any time soon.
For the second time in less than a year, the Public Company Accounting Oversight Board advised auditors, and indeed audit committees, to be vigilant about internal controls.
"Auditors should take note of the matters discussed in this alert in planning and performing their audits, given the importance of the controls companies use to produce their financial statements," PCAOB Chairman James R. Doty said in the accompanying press release to Staff Audit Practice Alert No. 11, "Considerations for Audits of Internal Control Over Financial Reporting," released Thursday.
The guidance comes after the PCAOB observed "significant number of audit deficiencies" over the past three years, the release noted.
Audit firms will likely be sharpening their game, said James DeLoach, Jr., a managing director at Protiviti, Inc., in a phone interview.
"As a CFO, I should not be surprised if my auditor comes to me and says 'We need to expand our scope. There are certain things we need to do.'
"And I may not like the demands it puts on my people, and the cost of the audit. But it's the reality. It's a tough environment for the audit firms."
Some of the areas where the PCAOB urged greater attention include: selecting controls to test; testing management review controls; information technology considerations, including system-generated data and reports; and using the work of others.
All of the areas have been highlighted before, and in fact reemphasize the principle established under PCAOB's Auditing Standard No. 5, "An Audit of Internal Control Over Financial Reporting That is Integrated with an Audit of Financial Statements" -- that is, a top down, risk-based approach that avoids unnecessary procedures and keeps the audit focused on material concerns.
In fact, it's in that principle that CFOs have room, and even a mandate, to set and guide the audit agenda, Mr. DeLoach said. CFOs can help keep audit teams, and indeed audit committees, supplied with the most important information to help them keep Audit Standard No. 5 top of mind..
"The CFO is certainly justified in inquiring about where additional work is being applied" and how it supports Auditing Standard No. 5, Mr. DeLoach said. "That is a dynamic that the CFO can bring to the table."
Thursday's release of Audit Practice Alert No. 11 comes after a December 2012 report on 2010 inspections of audits of internal control over financial reporting at audit firms. The report stated that 15 percent of 309 audit engagements failed to properly show effectiveness of internal controls.
"Inspections in subsequent years have continued to identify similarly high levels of deficiencies," Thursday's release noted.