As an audit committee member, it is crucial to understand your role in ensuring the quality and reliability of your fund's financial reporting. The Public Company Accounting Oversight Board (PCAOB) has provided a new staff Spotlight, offering a comprehensive list of questions for audit committee members to consider during their discussions with independent auditors. These questions cover fraud risks, risk assessment, auditing and accounting risks, digital assets, merger and acquisition activities, the use of the work of other auditors, talent and its impact on audit quality, independence, critical audit matters and cybersecurity.
While the Spotlight condenses the regulatory agency’s focus down to 10 key areas, below we’ve focused on the six that we find the most impactful — adding our perspectives for committee members to contemplate concerning specific obligations, responsibilities and overall efficacy of an audit.
1. What Is the Fraud Risk at Our Fund?
During an audit, your auditor will determine the fund's susceptibility to fraud and consider other risks as part of the regular audit risk assessment. Auditors are also making additional risk assessment considerations outlined by the PCAOB as part of their priorities for 2023 inspections, including volatility in financial and commodity markets, mergers and acquisition activity, and the ongoing impact of remote/hybrid work environment.
Auditors should communicate with the audit committee, in both the planning and audit completion communications, areas identified as significant risks. In addition to the required discussions with your auditor, best practice suggests engaging with your auditor to discuss and further understand any new fraud risks, unusual transactions and related parties identified in the current year, and what procedures the auditors performed to address those new risks.
2. Can You Help Me Better Understand Our Risk Assessment and Internal Controls?
The audit committee needs to define which risks require regular discussion. Committees should continuously evaluate their risk governance structure to address new risks, and collaborate to review risk assessment, internal controls, economic factors and IT-related risks to help ensure effective oversight and mitigation strategies. During the audit committee meeting, it is vital to address the following points with your auditor:
- Learn how the auditor acquired a sufficient understanding of your business and management's strategy.
- Inquire about the auditor's evaluation and testing of relevant controls, including management review controls.
- Discuss any modifications to the audit approach in response to identified control deficiencies.
- Discuss the auditor's assessment of risks associated with third-party service organizations used by management.
3. How Are You Evaluating Our Digital Assets?
Discuss digital asset-related risks with your audit committee and understand the auditor's approach to auditing and addressing these risks using the following talking points:
- Inquire whether the audit firm has the necessary knowledge and expertise regarding digital assets to perform adequate audit services.
- Discuss whether recent developments in the digital asset market influenced the auditor's procedures and their response to fraud risks.
- Understand if the auditor used specialized technology-based tools to address risks related to digital assets.
4. Are You Using Third-Party Auditors to Assist in Our Audit?
The use of the work of other auditors in an audit can significantly impact the overall process. When multiple audit firms are involved, the primary auditor relies on the work performed by others to reduce or supplement testing. They assess the competence and independence of the other auditors, coordinate and communicate with them and evaluate their work to ensure its adequacy. While relying on others, the primary auditor remains responsible for forming their opinion on the financial statements. Effective coordination, communication and evaluation are essential for a successful audit when using the work of other auditors. Consider the following questions with your auditor:
- Inquire about the involvement of other accounting firms in the audit process and their registration with the PCAOB
- Discuss how the auditor evaluated the professional reputation and independence of the other auditors
- Understand how the lead auditor ensures other auditors adhere to relevant standards and requirements.
5. How Does Your Firm Ensure Top Talent for the Best Quality Audit?
The labor pool significantly impacts audit quality by influencing the availability of skilled professionals, their competency and knowledge levels, workforce turnover and retention, workload and time pressures, and the emphasis on continuing education and professional development. A robust labor pool with experienced, knowledgeable and stable auditors enhances audit quality. In contrast, limitations in the labor pool can lead to resource shortages, inadequate expertise, increased turnover, excessive workloads and a lack of up-to-date skills, ultimately compromising the quality of audits performed. When considering talent and its impact on audit quality, the recent PCAOB spotlight suggests audit committees discuss the following topics with their auditor:
- Inquire about the audit firm's strategies to attract and retain talented staff.
- Discuss policies and procedures in place for supervision, review and work performed by shared service centers or designated centers of excellence.
- Understand how the engagement team is/was supervised, especially in remote or hybrid environments.
6. How Does Your Audit Firm Handle the Areas of Independence?
According to the PCAOB Staff Guidance for Rule 3526(b), the audit firm must communicate in writing to the audit committee any regulatory independence violations that may arise. Should there be an independence violation, the audit firm will provide further detail on its evaluation of the violation. It is then the audit committee's responsibility to discuss with the auditor and independently assess whether the auditor's objectivity has been impaired.
Overall, maintaining independence is crucial for auditors, and both the audit committee and the auditor have responsibilities in addressing and monitoring threats to independence throughout the audit engagement. Clear communication, understanding of policies and compliance monitoring are essential in upholding the objectivity required in the auditing profession. As such, the committee should consider the following items:
- Understand the audit firm's policies and procedures for identifying, evaluating and addressing threats to independence.
- Inquire about processes in place to communicate relationships impacting independence to the audit committee.
- Discuss the use of automated systems to identify relationships with restricted entities affecting independence.
Contact Bryan Friedmann at firstname.lastname@example.org or a member of your service team to discuss this topic further.
Cohen & Company is not rendering legal, accounting or other professional advice. Information contained in this post is considered accurate as of the date of publishing. Any action taken based on information in this blog should be taken only after a detailed review of the specific facts, circumstances and current law.