Home > Risk > The PCAOB fails the external auditors

The PCAOB fails the external auditors

November 3, 2021 Leave a comment Go to comments

My friend, Francine McKenna, writes about the CPA firms and related matters at The Dig. She frequently calls out the firms for their missteps, but she is also quick to write about issues at the regulators that are supposed to oversee them.

I recommend her site and following her on Twitter (@retheauditors).

Board members, executives, and practitioners should be concerned when there is evidence that the audits performed by the firms are deficient.

The Public Company Oversight Board (PCAOB) inspects a sample of audits every year and has consistently found fault with the firms’ performance.

They have recently shared the reports from their inspections of 2020 audits by several firms, including:

Even though EY celebrated what they thought were excellent inspection results, I don’t believe they had reason to do so. 15.38% of their audits that were inspected had serious deficiencies.

The PCAOB inspectors will occasionally go so far as to assert that an audit opinion was incorrect, although they did not say that of any of the four firms’ 2020 audits that they inspected. However, they did identify multiple audits with at least one serious deficiency – when the auditor’s workpapers did not indicate sufficient evidence was obtained for the audit opinion.

I have summarized the areas where serious deficiencies were found for each firm. The PCAOB calls these “Part I.A deficiencies…. that were of such significance that we believe the firm, at the time it issued its audit report(s), had not obtained sufficient appropriate audit evidence to support its opinion on the issuer’s financial statements and/or internal control over financial reporting”.

Firm Number of audits inspected Number with Part I.A deficiencies Percentage that failed
EY

52

8

15.38%

KPMG

53

14

26.42%

PwC

52

1

1.92%

Deloitte

53

2

3.77%

Even one failure is too many. Nobody should be happy with these results, although for PwC in particular the failure rate was significantly lower than for 2019 audits.

With respect to their audits of the financial statements, PCAOB reported these types of Part I.A deficiencies.

EY KPMG PwC Deloitte
Did not perform sufficient testing of data or reports used in the firm’s substantive testing 4

3

0

0

Did not obtain sufficient evidence as a result of overreliance on controls (due to deficiencies in testing controls) 3

8

1

0

Did not sufficiently evaluate significant assumptions or data that the issuer used in developing an estimate 2

2

0

0

Did not perform sufficient testing related to an account or significant portion of an account or to address an identified risk 0

2

0

1

Did not perform sufficient procedures related to the scoping of the audit, including multi-location audits 0

0

0

1

Did not perform sufficient roll-forward procedures 0

0

0

1

Did not perform sufficient, appropriate analytical procedures when analytical procedures were intended to provide substantive evidence 0

0

0

1

With respect to the audits of internal control over financial reporting:

EY KPMG PwC Deloitte
Did not perform sufficient testing of the design and/or operating effectiveness of controls selected for testing 3

9

1

1

Did not identify and/or sufficiently test controls over the accuracy and completeness of data or reports that the issuer used in the operation of controls 1

5

1

1

Did not test the accuracy and/or completeness of information that the firm used to make selections for testing the operating effectiveness of a control 1

0

0

0

Did not identify and test any controls that addressed the risks related to a significant account or relevant assertion 0

5

1

1

Did not perform sufficient procedures related to the scoping of the audit, including multi-location audits 0

0

0

1

The area that had more deficiencies for each of the four firms was Revenue and Related Accounts.

Finally, the number of audits that failed either with multiple deficiencies or where the PCAOB said the auditor’s opinion was wrong:

EY KPMG PwC Deloitte
Audits with an incorrect opinion on the financial statements and/or ICFR 0

0

0

0

Audits with multiple deficiencies 4

13

1

1

What does all of this mean?

  1. The auditors are not perfect.
  2. There is a risk that they will not identify material errors in the financial statements or in the design and operation of internal control over financial reporting.
  3. Should they fail to detect a material error, especially one involving fraud, that can have a serious impact on the company, its management, and its board of directors.
  4. The audit committee, with the help of the chief internal auditor, should perform sufficient oversight to gain reasonable assurance that the auditors are performing a quality audit.

I welcome your thoughts and reflections.

  1. November 4, 2021 at 12:39 AM

    If it is any comfort to you: this not only happens in the USA but is also reported in countries like UK, SA, Germany and the Netherlands. As I think these countries are considered to have the highest standards in auditing, the problem should be world wide.
    In the Netherlands they are trying to improve audit quality for many years now. Parts of the approach are an increase of subjects the auditor should report about (major findings, fraude, business continuity) and Audit Quality Indicators (AQIs).

  2. William
    November 5, 2021 at 6:39 AM

    An analogy that I like to use is they like to cage the rat but let the lion loose. They seem obsessed with things like passwords while other things they don’t even look at. I think the PCAOB should also be looking at things that these firms DO unnecessarily (which increases cost and takes away time that IT could be focusing on more important things) rather than just things they don’t do.

    • Norman Marks
      November 5, 2021 at 6:41 AM

      William, I wish they did look at excessive auditing and cost, but their focus is on protecting the investors not the company.

      • Anonymous
        November 8, 2021 at 2:26 AM

        Audit engagements are typically conducted on fixed fees and additional charges are made where the client caused additional work for the auditor.

  3. Sean
    November 8, 2021 at 2:24 AM

    The third item of your summary is incorrect by a mile. While the impact of a material misstatement could be damaging to management and the board, auditors do not mitigate this risk on their behalf. Management is responsible for its own financial statements and the internal control systems that generate them; the board oversees this; and the auditor designs procedures to provide reasonable assurance that the financial statements are reliable.

    In a perfect world, one misstatement is too many. This is no perfect world. No company and no auditor is perfect.

    • Norman Marks
      November 8, 2021 at 5:31 AM

      Sean, how can you say that third point is “incorrect by a mile”. The board relies on the external auditor to find material errors made by management, whether deliberate or accidental. Over my career, both ten years in public accounting, and then many more as a CAE, I have seen many situations where they found errors that were corrected before the statements were filed.

  1. November 3, 2021 at 10:08 AM
  2. November 6, 2021 at 10:19 PM

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: