As audit firms intensify their focus on enhancing audit quality and navigating regulatory changes, public and private companies are feeling the effects.
More than ever, companies preparing for financial statement and integrated audits must maintain a forward-looking, audit-ready posture to keep pace with dynamic accounting, finance, risk, and human capital challenges on top of evolving factors external auditors are scrutinizing. The status quo approach to audit no longer suffices.
Here’s how to game plan accordingly.
1. Understand What Regulators Are Thinking
Recent actions by the Public Company Accounting Oversight Board (PCAOB) signal a clear directive toward bolstering audit responsibilities.
A June 2023 proposal amplifies the auditor’s vigilance against fraud and noncompliance with laws and regulations, significantly expanding the responsibility of the auditor.
“By catching and communicating noncompliance sooner, auditors can help companies course correct and better protect investors from risk,” said PCAOB Chair Erica Y. Williams in reference to the proposal.
Companies can anticipate questions about their process for identifying relevant laws and regulations and their process for preventing, identifying, investigating, evaluating, communicating, and remediating instances, or alleged or suspected instances, of fraud and other noncompliance. As a best practice, legal departments should be involved.
Meanwhile, a new standard adopted in September 2023 aims to modernize requirements for auditor use of confirmations, fortifying investor protection in the current business environment.
On the proposal, Williams stated, “The new standard will help auditors detect fraud and better protect investors. By replacing a confirmation standard that had not changed significantly since faxes were a regular form of communication, the Board has taken an important step in modernizing our standards to effectively protect investors in today’s world.”
Because audit firms will no longer be able to rely solely on “negative confirmation” requests for PCAOB audits, companies should prepare for additional efforts, such as assisting with outreach to the third party or providing additional audit evidence for alternative procedures. Additionally, the PCAOB rule will prohibit internal auditors from assisting with confirmations, another key factor to take into account.
2. Expect to Hear From Your Auditor on These Issues
With evolving regulatory shifts on the horizon, alongside core, expected audit considerations, companies can improve their audit readiness by knowing what auditors are likely to scrutinize this season.
Some of these primary concerns will be:
Auditors will continue emphasizing internal controls, with a focus on the precision of controls and the reliability of information used in controls. Expect questions about the completeness and accuracy of any reports being used in a control, including system-generated canned reports and ad-hoc reports, as well as Excel files.
As a best practice, keep an inventory of every report relied upon in a control and denote the key data elements used in that report, allowing auditors to focus on only the relevant data elements used. Not every data element in a report is necessarily relevant, and companies should demonstrate that they know which data elements matter and which don’t, as discerning between data elements streamlines the audit and showcases preparedness.
With mass layoffs hitting a range of sectors the past 12 months, a volatile IPO market, large stores of private equity dry powder, and prevailing supply chain, interest rate, and global security trepidation, it’s safe to say the impacts of these realities will be under a microscope.
Companies can expect auditors to evaluate economic considerations, how they were assessed throughout the year, and how they affected valuations, impairment, and going concern assumptions. Be prepared with a well-documented analysis of these factors.
Following the Wirecard fraud incident and the PCAOB action referenced above, expect additional efforts around the confirmation process. Auditors might seek more comprehensive confirmations, request additional data elements to be confirmed, or confirm accounts that weren’t previously confirmed.
With escalating cyber threats and the increased utilization of IT systems, auditors will delve deeper into companies’ risk assessments around cybersecurity threats and potential attacks. Auditors will assess whether cyber incidents resulted in material misstatements, disruptions or impacts to financial reporting operations, and mitigation or resolution practices put into place.
Companies must have clear, comprehensive documentation of their cybersecurity risk assessment process and extensive assessments of any attacks.
Emerging ESG Questions
Though not yet mandatory from a regulatory perspective, audit firms are seeking to understand how companies are assessing and responding to climate risks, with an eye on climate-related disclosures and greenhouse gas emission disclosures that may soon be required. Consequently, they are contemplating the impact of climate factors on financial statements and how ready companies may be for future required disclosures related to ESG.
Companies should understand what they’re already disclosing about ESG, particularly regarding climate-related disclosures. They should also consider whether their “ESG story” aligns with other financial reporting determinations or disclosures – for example, as it relates to impairments or valuations.
When approaching these regulatory concerns, companies should create a calendar of milestones and communicate often internally and externally. Traditional project management best practices can help mobilize relevant stakeholders and provide accountability during the audit process.
3. Seek Experienced Support
The audit process doesn’t have to be managed alone. CrossCountry Consulting’s audit-readiness experts have decades of audit, accounting, finance, technology, and risk management experience that enables public and private companies to reduce audit friction and see around audit curves. For robust and proven audit-readiness support, contact CrossCountry Consulting.