The Public Company Accounting Oversight Board today issued a report detailing significant deficiencies in registered audit firms' implementation of and compliance with certain auditing standards related to the auditor's assessment of and response to risk in an audit as observed during 2012-2014 inspections.
Auditing Standards No. 8 through No. 15 — together, the risk assessment standards — were adopted in 2010 and are designed to address the auditor's assessment of and response to risk of material misstatements and the auditor's evaluation of the results of procedures performed in an audit. Today's report discusses findings under the eight standards for inspections conducted in 2012, 2013, and 2014.
The Board is concerned with the number and significance of deficiencies in compliance with these auditing standards.
"Because risk assessment underlies the entire audit process, it is critical that audit firms address these findings of weaknesses in compliance with the risk assessment standards," said PCAOB Chairman James R. Doty.
The eight auditing standards address procedures performed in all stages of the audit, from initial planning through the evaluation of audit results to support an opinion.
The risk assessment standards include:
In 26 percent of the 632 engagements inspected in 2012 where the risk assessment standards were applicable, inspections staff found an audit deficiency related to one or more of those standards that contributed to an insufficiently supported audit opinion. That rate increased to 27 percent for the 848 engagements inspected in 2013.
A preliminary analysis of 2014 inspection data indicates that a high rate of audit deficiencies related to the risk assessment standards continued to be identified in 2014 inspections.
Audit deficiencies related to the risk assessment standards spanned a wide variety of issuers and firms and most frequently related to AS No. 13, AS No. 14, and AS No. 15.
Examples of common deficiencies under those auditing standards include failing to perform substantive procedures specifically responsive to fraud risks and other significant risks identified, not evaluating the accuracy and completeness of financial statement disclosures, and not testing the accuracy and completeness of information produced by the company.
The report also explores the potential root causes of noncompliance with the risk assessment standards and potential remedial actions firms can take to remain in compliance with the auditing standards.
View the full report, Inspection Observations Related to PCAOB's "Risk Assessment" Auditing Standards (No. 8 through No. 15).