6.7 Completing Audits and Reviews
There are currently many differences between AICPA and PCAOB standards, the vast
majority of which are nuanced and minor. However, some of the differences are more
significant, in which case the auditor will need to perform more procedures under
PCAOB standards than under AICPA standards.4
Connecting the Dots
Management should evaluate whether it has sufficient
resources to respond to additional auditor information requests.
These differences between the two sets of auditing standards can broadly affect
the audit beyond just the testing procedures performed by the audit engagement
personnel. For example, because auditors that issue a report in accordance with
PCAOB standards must be registered with the PCAOB, it is necessary to understand
whether the auditor is qualified to issue an auditor’s report in accordance with
PCAOB standards. In addition, other auditors or referred-to auditors that are
involved in the audit may also need to be registered with the PCAOB. Under PCAOB
Rule 2100, a public accounting firm must be registered with the PCAOB if the firm
plays a “substantial role,” which the rule defines as performing “audit procedures
with respect to a subsidiary or component of any issuer the assets or revenues of
which constitute 20% or more of the consolidated assets or revenue of such issuer.”
For example, the U.S. audit firm may be appropriately registered with the PCAOB, but
one of its audit firms in another jurisdiction that plays a substantial role may
not. Also, it may be necessary for the audit firm to change or augment the personnel
assigned to the PCAOB audit to achieve the right blend of experience and knowledge
for the audit.
Connecting the Dots
An audit performed in accordance with PCAOB standards versus
a previous audit performed in accordance with AICPA standards will be a “new
audit” and typically results in a new report date. In addition to auditing
any required incremental public-company GAAP disclosures or disclosures
required by Regulation S-X, the auditor will need to inquire about and
evaluate subsequent events through the new report date.
An IPO often takes many months or years to complete. In an effort to accelerate
that process, some entities request that their auditor perform incremental
procedures in accordance with PCAOB standards before they launch the IPO. In making
such a request, an entity needs to consider the cost of performing such procedures
versus the benefit of accelerating the IPO process.
Connecting the Dots
If the entity’s current owners believe that an IPO may be
possible in the foreseeable future, management should discuss such plans and
the timing with the auditor as well as the costs and benefits of requesting
the auditor to perform accelerated, incremental PCAOB audit procedures.
6.7.1 Audit Readiness and Completion
Once management has identified the appropriate reporting entity or entities for
which financial statements are required, as well as the periods covered by those
financial statements (see Chapter 2), management must determine, for each set of financial
statements to be included in the registration statement, whether audits need to
be performed in accordance with AICPA standards (i.e., auditing standards
generally accepted in the United States, or “U.S. GAAS”), PCAOB standards, or
both.
In some cases, the audit required for the IPO will be the first time those
financial statements have been audited. While the registrant’s financial
statements and those of any predecessors must generally be audited in accordance
with PCAOB standards, certain other audited financial statements that must be
included in a registration statement (e.g., financial statements of a
significant acquisition required by Rule 3-05) may be audited in accordance with
AICPA standards.
Changing Lanes
The “Compliance With Standards Rule” of the AICPA
Code of Professional Conduct indicates that the PCAOB is
responsible for establishing standards related to preparing and issuing
auditor’s reports for issuers, brokers, and dealers. In contrast,
the AICPA’s Auditing Standards Board is responsible for establishing
standards related to preparing and issuing auditor’s reports for
nonissuers.
The SEC considers entities filing public
registration statements to be issuers and requires entities to include
with the registration statement an auditor’s report that refers to
performance of audit procedures in accordance with PCAOB standards. This
requirement applies to periods during which the registration statement
is not yet effective.
Entities submitting nonpublic draft registration
statements, typically EGCs or other entities electing the accommodations
provided under the JOBS Act, are not technically considered issuers;
nonetheless, the SEC requires that auditors perform audits of nonpublic
filers, or of those submitting draft registration statements, in
accordance with PCAOB standards.
To clarify this nuance, the AICPA amended its auditing
standards5 to explain that auditors must still conduct audits in accordance
with GAAS for audits of nonissuers even when a regulator (e.g.,
the SEC) requires that such audits be conducted in accordance with PCAOB
standards. In this instance, audits for such entities should be
performed in accordance with both U.S. GAAS and PCAOB standards and the
related auditor’s report must refer to both sets of standards.
Connecting the Dots
Early in the process, management should identify all the
financial statements to be included in the registration statement and
discuss with the auditor whether an audit under AICPA standards, PCAOB
standards, or both is required. It may be prudent to consult with
outside advisers and, if complex issues are identified, to consider
preclearance with the SEC.
6.7.2 Audit Planning and Risk Assessment Process
6.7.2.1 Audit Materiality and Scope
In all audits, the auditor establishes a materiality level for the planning and
execution of the audit, which affects many of the auditor’s decisions about
the audit strategy and scope, including determining which accounts will be
tested at which locations as well as the extent of testing to be performed.
Materiality is based on quantitative as well as qualitative factors,
including the needs of the expected users of the financial statements. The
determination of audit materiality is not a mathematical exercise, and the
auditor will need to use judgment and consider the entity’s specific facts
and circumstances in making this determination. Because users of the
financial statements to be included in a registration statement differ from
users of a private company’s financial statements (e.g., lenders, limited
partners, suppliers), auditors’ materiality determinations in a PCAOB audit
may also differ from those in an AICPA audit.
Accordingly, the auditor would need to revisit its judgments about materiality
in prior AICPA audits and determine whether those judgments are
significantly different with respect to the needs of the expected users of
the financial statements to be included in the registration statement. If
so, the auditor may need to revise the scope of its prior audits on the
basis of the revised materiality, which could result in the need to perform
additional audit procedures for the prior years.
Connecting the Dots
Management and those charged with governance should
perform a similar exercise in assessing materiality to potential new
financial statement users. In determining financial statement
materiality, an entity should consider SAB Topic
1.M (SAB 99).
As discussed in other sections of this Roadmap as well as in Deloitte’s Roadmap
Carve-Out Financial
Statements, the financial statements included in the
registration statement vary and may involve carved-out portions (see
Section
2.3.1) or put-together pieces of other entities (see
Section
2.3.2). When the reporting entity or its composition changes,
the auditor will be conducting a “new” audit of a different entity. While
the auditor typically will attempt to leverage audit work performed in prior
audits of parts of the new reporting entity, the scope of the previous audit
work performed must be reconsidered with respect to the components of the
new reporting entity to determine, in the auditor’s judgment, whether that
audit scope and the related procedures performed are sufficient to issue an
auditor’s report on the financial statements of the new reporting entity,
particularly if certain components have not been previously audited.
Connecting the Dots
As soon as preparations for the IPO transaction
begin, management should consider informing the auditor of its
intention to take the entity public. An auditor that has advance
notice will be able to take the potential public filing into account
in establishing the scope of audit procedures to be performed for
the current AICPA audits; accordingly, the auditor may be able to
avoid the need to perform expanded audit procedures when the IPO
filing is imminent.
6.7.2.2 Auditor Inquiries
Both PCAOB and AICPA standards require auditors to make certain inquiries on various topics as part of
their risk assessment and planning process. Because PCAOB standards prescribe certain inquiries not
required by AICPA standards, auditors may need to conduct additional inquiries regarding prior AICPA
audits. In making these incremental inquiries, auditors may be required to conduct further discussions
with the following:
The above inquiries are related to the risk assessment process; since the auditor’s risk assessment is an
ongoing activity, management should be prepared to respond to the inquiries throughout the audit.
6.7.3 Related-Party Transactions
PCAOB AS 2410 establishes requirements related to the auditor’s evaluation of a
company’s identification of, accounting for (see Section 5.3), and disclosure of
relationships and transactions between the company and related parties.
PCAOB AS 2410 states that the auditor is required to do the following when
assessing related parties:
- [P]erform [specific] procedures to obtain an understanding of the company’s relationships and transactions with its related parties[, including] obtaining an understanding of the nature of the relationships . . . and of the terms and business purposes (or the lack thereof) of the transactions involving related parties. . . .
- [E]valuate whether the company has properly identified its related parties and relationships and transactions with related parties. . . . This evaluation requires the auditor to perform procedures to test the accuracy and completeness [of management’s identification], taking into account the information gathered during the audit. . . . If the auditor identifies information that indicates that related parties or relationships or transactions with related parties previously undisclosed to the auditor might exist, the auditor should perform the procedures necessary to determine whether previously undisclosed relationships or transactions with related parties, in fact, exist. . . .
- [Perform specific procedures if] the auditor determines that a related party or relationship or transaction with a related party previously undisclosed to the auditor exists. . . .
- Perform [specific] procedures [regarding] each related party transaction . . . that is required to be disclosed in the financial statements or determined to be a significant risk.
- [C]ommunicate to the audit committee the auditor’s evaluation of the company’s identification of, accounting for, and disclosure of its relationships and transactions with related parties[, and] other significant matters arising from the audit.
Further, PCAOB AS 2110 indicates that the auditor is required to “perform procedures to obtain an understanding of the company’s financial relationships and
transactions with its executive officers.” However, the auditor is not required to make any determination
regarding the reasonableness of compensation arrangements or recommendations regarding
compensation arrangements.
Connecting the Dots
If it has not done so previously, management should
design a process for (1) identifying related parties and transactions,
(2) authorizing and approving transactions with related parties, and (3)
accounting for and disclosing relationships and transactions with
related parties in financial statements. Entities should be prepared to
respond to additional inquiries from auditors and should ensure that
executive management and those charged with governance are available for
such inquiries.
6.7.4 Audit Confirmations
Auditors may consider whether confirmations should be requested from additional external parties,
including new legal counsel. While such confirmations are not necessarily related to incremental
requirements of a PCAOB audit, they may ultimately be necessary as a response to new risks in an IPO.
Confirmations from third parties generally yield reliable audit evidence and can result in higher-quality
evidence than relying on inquiries with management alone.
6.7.5 Concluding Procedures
6.7.5.1 Subsequent Events
Although management is required to evaluate subsequent events through the date
of the registration statement, for previously issued financial statements,
management would generally not update its financial statement disclosure of
subsequent events unless the financial statements included in the
registration statement have been revised (e.g., the entity must make a
retrospective adjustment to effect a stock split) or disclosure would be
required to prevent the reissued financial statements from being misleading.
See Section
5.13 for additional considerations related to
subsequent-event disclosures.
6.7.5.2 Evaluating Uncorrected Misstatements
In both AICPA and PCAOB audits, the entity and the auditor need to accumulate
uncorrected misstatements identified during the audit and determine whether
those misstatements are material individually or in the aggregate to the
financial statements as a whole. In AICPA audits, this accumulation is based
on either the iron-curtain method or the rollover method, depending
on the entity’s policy. For PCAOB audits, however, entities and auditors
need to use both the iron-curtain method and the rollover methods to
accumulate uncorrected misstatements as of and for each period under audit.
Further, the evaluation of the materiality of such errors must principally
consider the method that yields the greater value of uncorrected
misstatements. The two methods can be described as follows:
- Iron-curtain method — Under this approach, the entity and the auditor focus on misstatements existing in the balance sheet at the end of the current period, regardless of the period(s) in which the misstatement originated. This approach does not take into account the income statement effects of the reversal of the carryover of a prior-period misstatement to be evaluated as an error.
- Rollover method — Under this approach, misstatements are quantified on the basis of the amount of error originating in the current-period income statement. Therefore, this approach could allow misstatements in the balance sheet to increase each period by immaterial amounts until the cumulative amount becomes material, which could then result in a material misstatement under the iron-curtain method.
Example 6-3
Assume that in 20X2, Company A
begins over-accruing a liability each year by $20.
Therefore, at the end of 20X6, liabilities are
overstated by $100. The $20 annual over-accrual is
not considered material to any of the individual
prior-period financial statements. At issue is
whether A should evaluate the uncorrected
misstatement as a $100 overstatement of liabilities
(iron-curtain method) or a $20 overstatement of
expenses (rollover method).
The following table shows
adjustments that A would make under each method to
correct the 20X6 financial statements:
Under SAB Topic
1.N (SAB 108), registrants are
required to use both approaches when evaluating the
uncorrected misstatement and to adjust the financial
statements if either
approach results in quantification of a material
misstatement. While typically this materiality
analysis would be performed by public entities,
management of an entity undergoing an IPO must also
consider its application while preparing the
entity’s financial statements for the IPO
registration statement.
Assume that the $100 uncorrected
misstatement under the iron-curtain approach is
material to 20X6 and that the financial statements
need to be adjusted, as a result of which expenses
are understated by $80 and the 20X6 income statement
is therefore misstated. The $80 understatement
should be evaluated for materiality with respect to
the 20X6 financial statements; if this
understatement is considered material, the
prior-period financial statements should be
corrected. In this example, the $20 accrual each
year should be reversed as follows:
Auditors will need to reevaluate whether uncorrected misstatements identified in
the prior audits are material to the prior-period financial statements on
the basis of (1) the greater of the amount determined under the iron-curtain
approach or that under the rollover approach and (2) their judgment about
materiality for the PCAOB audit. Further, as a result of this reevaluation,
if an auditor determines that the total amount of accumulated uncorrected
misstatements approaches materiality, the auditor may either (1) request
that management adjust the financial statements or (2) perform additional
audit procedures to reduce the risk that the combination of possible
undetected misstatements and misstatements identified during the audit
reaches materiality.
Connecting the Dots
Management should consider quantitative and
qualitative measures of materiality when reviewing uncorrected
misstatements and should determine whether the financial statements
need to be revised as a result of prior-year uncorrected
misstatements. Management should share its analysis with its auditor
and be prepared to support its judgments.
6.7.6 Communications With Management and Audit Committees
6.7.6.1 Requirements of PCAOB Standards
PCAOB standards encourage auditors and the audit committee
to effectively communicate throughout the audit, since such communication
can lead to a better understanding of audit-related matters. In preparing to
file an initial registration statement, an entity typically will change its
governance structure, including the formation and composition of an audit
committee, to meet the governance requirements the entity will be subject to
after it becomes public. As a result, the individuals auditors communicate
with when reissuing auditor’s reports on prior years are often different
from the individuals auditors communicated with in prior AICPA audits. In
such cases, auditors may consider recommunicating matters related to prior
audits for the benefit of new audit committee members.
6.7.6.2 Management Representation Letters
In connection with each amendment to a registration statement, auditors obtain
updates to the management representation letter obtained upon the initial
submission or filing of the registration statement, generally on the dates
on which each amendment is filed and on the effective date (or as close
thereto as is practicable in the circumstances).
6.7.6.3 Form of Auditor’s Report
The form and content of the auditor’s reports for PCAOB audits differ from those for AICPA audits as a result
of differences in the auditing standards. These differences include:
- The applicable auditing standards — PCAOB auditor’s reports include a statement that the audits were performed in accordance with PCAOB standards, while AICPA auditor’s reports include a statement that the audit was performed in accordance with U.S. GAAS. As noted in Section 6.7.1, it is also possible for the auditor’s report to refer to both sets of standards, if applicable.
-
Independence — PCAOB auditor’s reports must include a statement that the auditor is a public accounting firm registered with the PCAOB and must be independent with respect to the company in accordance with the U.S. federal securities laws and the applicable rules and regulations of the SEC and PCAOB.
- Audit firm tenure — PCAOB auditor’s reports include a statement containing the year the auditor began serving consecutively as the company’s auditor.
- CAMs — PCAOB auditor’s reports include communication of CAMs related to the audit of the current-period financial statements or state that the auditor determined that there are no CAMs. A CAM is any matter arising from the audit of the financial statements that was communicated, or was required to be communicated, to the audit committee and that (1) is related to accounts or disclosures that are material to the financial statements and (2) involved especially challenging, subjective, or complex auditor judgment. It is expected that, in most audits, the auditor would determine that at least one matter involved especially challenging, subjective, or complex auditor judgment.As noted in Section 1.6.2, communication of CAMs does not need to be included in the auditor’s report of an EGC, since EGCs are among the companies8 exempt from this PCAOB requirement.
AICPA auditor’s reports also contain statements related to the responsibilities
of management and the auditor that are not required to be included in PCAOB
auditor’s reports.
6.7.7 Interim Reviews
Entities are often required to include interim financial information in the
registration statement (see Section 2.4.2). Because the auditor is associated with such
information, review procedures are often performed in accordance with PCAOB
standards. Specifically, paragraph 7 of PCAOB AS 4105 states, in part:
The objective of a review of interim financial
information . . . is to provide the [auditor] with a basis for
communicating whether he or she is aware of any material modifications
that should be made to the interim financial information for it to
conform with generally accepted accounting principles. The objective of
a review of interim financial information differs significantly from
that of an audit conducted in accordance with the standards of the
PCAOB. A review of interim financial information does not provide a
basis for expressing an opinion about whether the financial statements
are presented fairly, in all material respects, in conformity with
generally accepted accounting principles. A review consists principally
of performing analytical procedures and making inquiries of persons
responsible for financial and accounting matters, and does not
contemplate (a) tests of accounting records through inspection,
observation, or confirmation; (b) tests of controls to evaluate
their effectiveness; (c) obtaining corroborating evidence in
response to inquiries; or (d) performing certain other procedures
ordinarily performed in an audit. A review may bring to the [auditor’s]
attention significant matters affecting the interim financial
information, but it does not provide assurance that the [auditor] will
become aware of all significant matters that would be identified in an
audit.
Further, paragraph 16 of PCAOB AS 4105 indicates that the auditor “should apply analytical procedures
to the interim financial information to identify and provide a basis for inquiry about the relationships and
individual items that appear to be unusual and that may indicate a material misstatement.” The analytical
procedures that the auditor performs generally include:
- “Comparing the quarterly interim financial information with comparable information for the immediately preceding interim period and the quarterly and year-to-date interim financial information with the corresponding period(s) in the previous year, giving consideration to knowledge about changes in the entity’s business and specific transactions.”
- “Considering plausible relationships among both financial and, where relevant, nonfinancial information.” The auditor also may consider “information developed and used by the entity, for example, information in a director’s information package or in a senior committee’s briefing materials.”
- “Comparing recorded amounts, or ratios developed from recorded amounts, to expectations developed by the [auditor]. The [auditor] develops such expectations by identifying and using plausible relationships that are reasonably expected to exist based on the [auditor’s] understanding of the entity and the industry in which the entity operates.”
- “Comparing disaggregated revenue data, for example, comparing revenue reported by month and by product line or operating segment during the current interim period with that of comparable prior periods.”
Connecting the Dots
Management may perform the same review procedures that
auditors do and may use such procedures both as a risk assessment tool
and to be responsive to auditor inquiries. Providing the auditor with a
description of these procedures and documentation regarding
period-to-period fluctuations in account balances (or the absence of
expected fluctuations) is likely to reduce the time the auditor spends
in completing its review.
Footnotes
4
For example, under PCAOB standards, the auditor is always
required to perform a test of details in response to a significant risk. In
contrast, under AICPA standards, the auditor is not required to perform such
a test provided that its response addresses both substantive analytical
procedures and tests of controls.
5
SAS 131 (codified in AICPA AU-C Section
700).
6
Paragraph A5 of PCAOB AS 2101 defines the
term “other auditor” as follows:
- A member of the engagement team who
is not:
- A partner, principal, shareholder, or employee of the lead auditor or
- An individual who works under the direction and control of the registered public accounting firm issuing the auditor’s report and functions as that firm’s employee; and
- A public accounting firm, if any, of which such engagement team member is a partner, principal, shareholder, or employee.
7
A service auditor is an auditor that reports
on the effectiveness of controls at an outside service
provider (e.g., a transaction processor or investment
custodian).
8
Communication of CAMs is not required
for audits of (1) brokers and dealers reporting under
Rule 17a-5 of the Exchange Act; (2) investment companies
registered under the Investment Company Act of 1940,
other than business development companies; (3) employee
stock purchase, savings, and similar plans; and (4)
EGCs, as defined in Section 3(a)(80) of the Exchange
Act.