On October 23, 2013, the Public Company Accounting Oversight Board (PCAOB) issued a Staff Audit Practice Alert in the light of a significant number of audit deficiencies observed in the past three years related to audits of internal control over financial reporting (ICFR).
In December 2012, the PCAOB found that in 15 percent of audit engagements inspected, firms failed to obtain sufficient audit evidence to support their opinions on the effectiveness of internal control. This caused PCAOB Chairman James R. Doty to caution auditors to, “take note in planning and performing their audits, given the importance of the controls companies use to produce their financial statements.”
And, according to The Wall Street Journal, they have taken note. As a result, auditors of public companies are ramping up the intensity of their audits (apparently blaming the regulator for the extra work) and businesses end up footing the bill. So how can businesses protect themselves from audit fee increases?
It’s a complex answer. One view might be that if an audit firm falls short of the professional standard expected of them then they should cover the shortfall. But businesses that have fully documented their Record-to-Report process, the controls environment and have a record of the tests performed against those controls (together with the outcomes) should be in a strong position to resist requests for unnecessary additional work. The key to unlocking an impasse is to ensure that there is sufficient audit evidence to place reliance on the controls.
Unfortunately many companies aren’t well-positioned today. Based on a recent independent survey of 150 financial executives, we learned that the majority of companies have only partially automated the record-to-report process, nearly half of respondents use four or more solutions, and many companies continue to rely heavily on manual Excel spreadsheet entry. The use of multiple technologies within the record-to-report process creates a risk that data will not be properly handed off between different systems. (The complete results of the study are available here.)
Perhaps not surprising – but still of concern – is the finding that 26% of respondents have difficulty ensuring the accuracy of their data. One can reasonably infer that this final group is not in a position to resist auditor requests for more exhaustive audits. Investing in financial governance capability has never before seemed so compelling.