6.7 Completing Audits and Reviews

There are currently many differences between AICPA and PCAOB standards, the vast majority of which are nuanced and minor. However, some of the differences are more significant, in which case the auditor will need to perform more procedures under PCAOB standards than under AICPA standards.4

Connecting the Dots

Management should evaluate whether it has sufficient resources to respond to additional auditor information requests.

These differences between the two sets of auditing standards can broadly affect the audit beyond just the testing procedures performed by the audit engagement personnel. For example, because auditors that issue a report in accordance with PCAOB standards must be registered with the PCAOB, it is necessary to understand whether the auditor is qualified to issue an auditor’s report in accordance with PCAOB standards. In addition, other auditors or referred-to auditors that are involved in the audit may also need to be registered with the PCAOB. Under PCAOB Rule 2100, a public accounting firm must be registered with the PCAOB if the firm plays a “substantial role,” which Rule 1001 defines as performing “audit procedures with respect to a subsidiary or component of any issuer the assets or revenues of which constitute 20% or more of the consolidated assets or revenue of such issuer.” For example, the U.S. audit firm may be appropriately registered with the PCAOB, but one of its audit firms in another jurisdiction that plays a substantial role may not. Also, it may be necessary for the audit firm to change or augment the personnel assigned to the PCAOB audit to achieve the right blend of experience and knowledge for the audit.

Connecting the Dots

An audit performed in accordance with PCAOB standards versus a previous audit performed in accordance with AICPA standards will be a “new audit” and typically results in a new report date. In addition to auditing any required incremental public-company GAAP disclosures or disclosures required by Regulation S-X, the auditor will need to inquire about and evaluate subsequent events through the new report date.

An IPO often takes many months or years to complete. In an effort to accelerate that process, some entities request that their auditor perform incremental procedures in accordance with PCAOB standards before they launch the IPO. In making such a request, an entity needs to consider the cost of performing such procedures versus the benefit of accelerating the IPO process.

Connecting the Dots

If the entity’s current owners believe that an IPO may be possible in the foreseeable future, management should discuss such plans and the timing with the auditor as well as the costs and benefits of requesting the auditor to perform accelerated, incremental PCAOB audit procedures.

6.7.1 Audit Readiness and Completion

Once management has identified the appropriate reporting entity or entities for which financial statements are required, as well as the periods covered by those financial statements (see Chapter 2), management must determine, for each set of financial statements to be included in the registration statement, whether audits need to be performed in accordance with AICPA standards (i.e., auditing standards generally accepted in the United States, or “U.S. GAAS”), PCAOB standards, or both.

In some cases, the audit required for the IPO will be the first time those financial statements have been audited. While the registrant’s financial statements and those of any predecessors must generally be audited in accordance with PCAOB standards, certain other audited financial statements that must be included in a registration statement (e.g., financial statements of a significant acquisition required by Rule 3-05) may be audited in accordance with AICPA standards.

Changing Lanes

The “Compliance With Standards Rule” of the AICPA Code of Professional Conduct indicates that the PCAOB is responsible for establishing standards related to preparing and issuing auditor’s reports for issuers, brokers, and dealers. In contrast, the AICPA’s Auditing Standards Board is responsible for establishing standards related to preparing and issuing auditor’s reports for nonissuers.

The SEC considers entities filing public registration statements to be issuers and requires entities to include with the registration statement an auditor’s report that refers to performance of audit procedures in accordance with PCAOB standards. This requirement applies to periods during which the registration statement is not yet effective.

Entities submitting nonpublic draft registration statements, typically EGCs or other entities electing the accommodations provided under the JOBS Act, are not technically considered issuers; nonetheless, the SEC requires that auditors perform audits of nonpublic filers, or of those submitting draft registration statements, in accordance with PCAOB standards.

To clarify this nuance, the AICPA amended its auditing standards5 to explain that auditors must still conduct audits in accordance with GAAS for audits of nonissuers even when a regulator (e.g., the SEC) requires that such audits be conducted in accordance with PCAOB standards. In this instance, audits for such entities should be performed in accordance with both U.S. GAAS and PCAOB standards and the related auditor’s report must refer to both sets of standards.

Connecting the Dots

Early in the process, management should identify all the financial statements to be included in the registration statement and discuss with the auditor whether an audit under AICPA standards, PCAOB standards, or both is required. It may be prudent to consult with outside advisers and, if complex issues are identified, to consider preclearance with the SEC.

6.7.2 Audit Planning and Risk Assessment Process

6.7.2.1 Audit Materiality and Scope

In all audits, the auditor establishes a materiality level for the planning and execution of the audit, which affects many of the auditor’s decisions about the audit strategy and scope, including determining which accounts will be tested at which locations as well as the extent of testing to be performed. Materiality is based on quantitative as well as qualitative factors, including the needs of the expected users of the financial statements. The determination of audit materiality is not a mathematical exercise, and the auditor will need to use judgment and consider the entity’s specific facts and circumstances in making this determination. Because users of the financial statements to be included in a registration statement differ from users of a private company’s financial statements (e.g., lenders, limited partners, suppliers), auditors’ materiality determinations in a PCAOB audit may also differ from those in an AICPA audit.

Accordingly, the auditor would need to revisit its judgments about materiality in prior AICPA audits and determine whether those judgments are significantly different with respect to the needs of the expected users of the financial statements to be included in the registration statement. If so, the auditor may need to revise the scope of its prior audits on the basis of the revised materiality, which could result in the need to perform additional audit procedures for the prior years.

Connecting the Dots

Management and those charged with governance should perform a similar exercise in assessing materiality to potential new financial statement users. In determining financial statement materiality, an entity should consider SAB Topic 1.M (SAB 99).

As discussed in other sections of this Roadmap as well as in Deloitte’s Roadmap Carve-Out Financial Statements, the financial statements included in the registration statement vary and may involve carved-out portions (see Section 2.3.1) or put-together pieces of other entities (see Section 2.3.2). When the reporting entity or its composition changes, the auditor will be conducting a “new” audit of a different entity. While the auditor typically will attempt to leverage audit work performed in prior audits of parts of the new reporting entity, the scope of the previous audit work performed must be reconsidered with respect to the components of the new reporting entity to determine, in the auditor’s judgment, whether that audit scope and the related procedures performed are sufficient to issue an auditor’s report on the financial statements of the new reporting entity, particularly if certain components have not been previously audited.

Connecting the Dots

As soon as preparations for the IPO transaction begin, management should consider informing the auditor of its intention to take the entity public. An auditor that has advance notice will be able to take the potential public filing into account in establishing the scope of audit procedures to be performed for the current AICPA audits; accordingly, the auditor may be able to avoid the need to perform expanded audit procedures when the IPO filing is imminent.

6.7.2.2 Auditor Inquiries

Both PCAOB and AICPA standards require auditors to make certain inquiries on various topics as part of their risk assessment and planning process. Because PCAOB standards prescribe certain inquiries not required by AICPA standards, auditors may need to conduct additional inquiries regarding prior AICPA audits. In making these incremental inquiries, auditors may be required to conduct further discussions with the following:

Management, the internal audit department (when it exists), those charged with governance, and others.
Legal and regulatory departments.
Other auditors.6
Service auditors.7

The above inquiries are related to the risk assessment process; since the auditor’s risk assessment is an ongoing activity, management should be prepared to respond to the inquiries throughout the audit.

6.7.3 Related-Party Transactions

PCAOB AS 2410 establishes requirements related to the auditor’s evaluation of a company’s identification of, accounting for (see Section 5.3), and disclosure of relationships and transactions between the company and related parties.

PCAOB AS 2410 states that the auditor is required to do the following when assessing related parties:

[P]erform [specific] procedures to obtain an understanding of the company’s relationships and transactions with its related parties[, including] obtaining an understanding of the nature of the relationships . . . and of the terms and business purposes (or the lack thereof) of the transactions involving related parties. . . .
[E]valuate whether the company has properly identified its related parties and relationships and transactions with related parties. . . . This evaluation requires the auditor to perform procedures to test the accuracy and completeness [of management’s identification], taking into account the information gathered during the audit. . . . If the auditor identifies information that indicates that related parties or relationships or transactions with related parties previously undisclosed to the auditor might exist, the auditor should perform the procedures necessary to determine whether previously undisclosed relationships or transactions with related parties, in fact, exist. . . .
[Perform specific procedures if] the auditor determines that a related party or relationship or transaction with a related party previously undisclosed to the auditor exists. . . .
Perform [specific] procedures [regarding] each related party transaction . . . that is required to be disclosed in the financial statements or determined to be a significant risk.
[C]ommunicate to the audit committee the auditor’s evaluation of the company’s identification of, accounting for, and disclosure of its relationships and transactions with related parties[, and] other significant matters arising from the audit.

Further, PCAOB AS 2110 indicates that the auditor is required to “perform procedures to obtain an understanding of the company’s financial relationships and transactions with its executive officers.” However, the auditor is not required to make any determination regarding the reasonableness of compensation arrangements or recommendations regarding compensation arrangements.

Connecting the Dots

If it has not done so previously, management should design a process for (1) identifying related parties and transactions, (2) authorizing and approving transactions with related parties, and (3) accounting for and disclosing relationships and transactions with related parties in financial statements. Entities should be prepared to respond to additional inquiries from auditors and should ensure that executive management and those charged with governance are available for such inquiries.

6.7.4 Audit Confirmations

Auditors may consider whether confirmations should be requested from additional external parties, including new legal counsel. Generally, evidence obtained from a knowledgeable source that is independent of the company is more reliable than evidence obtained only from internal sources.

In addition, PCAOB AS 2310 states that the auditor is required to do the following:

Confirm cash and cash equivalents as well as accounts and loans receivable (paragraph 24).
Consider confirming other financial relationships with the third parties that confirmed cash and cash equivalents (paragraph 29).
Consider confirming the terms of either a complex transaction or significant unusual transaction that represent a significant risk of material misstatement (paragraph 30).
Communicate to the audit committee instances in which confirmations have not been sent for cash and cash equivalents or accounts and loans receivable when such accounts represent a significant risk of material misstatement (paragraph 28).
Evaluate the implications of using a third-party intermediary to facilitate the confirmation process (e.g., a third party that electronically transmits confirmation requests and responses between the auditor and the confirming party) (paragraph 17).

6.7.5 Concluding Procedures

6.7.5.1 Subsequent Events

Although management is required to evaluate subsequent events through the date of the registration statement, for previously issued financial statements, management would generally not update its financial statement disclosure of subsequent events unless the financial statements included in the registration statement have been revised (e.g., the entity must make a retrospective adjustment to effect a stock split) or disclosure would be required to prevent the reissued financial statements from being misleading. See Section 5.13 for additional considerations related to subsequent-event disclosures.

6.7.5.2 Evaluating Uncorrected Misstatements

In both AICPA and PCAOB audits, the entity and the auditor need to accumulate uncorrected misstatements identified during the audit and determine whether those misstatements are material individually or in the aggregate to the financial statements as a whole. In AICPA audits, this accumulation is based on either the iron-curtain method or the rollover method, depending on the entity’s policy. For PCAOB audits, however, entities and auditors need to use both the iron-curtain method and the rollover methods to accumulate uncorrected misstatements as of and for each period under audit. Further, the evaluation of the materiality of such errors must principally consider the method that yields the greater value of uncorrected misstatements. The two methods can be described as follows:

Iron-curtain method — Under this approach, the entity and the auditor focus on misstatements existing in the balance sheet at the end of the current period, regardless of the period(s) in which the misstatement originated. This approach does not take into account the income statement effects of the reversal of the carryover of a prior-period misstatement to be evaluated as an error.
Rollover method — Under this approach, misstatements are quantified on the basis of the amount of error originating in the current-period income statement. Therefore, this approach could allow misstatements in the balance sheet to increase each period by immaterial amounts until the cumulative amount becomes material, which could then result in a material misstatement under the iron-curtain method.

Example 6-3

Assume that in 20X2, Company A begins over-accruing a liability each year by $20. Therefore, at the end of 20X6, liabilities are overstated by $100. The $20 annual over-accrual is not considered material to any of the individual prior-period financial statements. At issue is whether A should evaluate the uncorrected misstatement as a $100 overstatement of liabilities (iron-curtain method) or a $20 overstatement of expenses (rollover method).

The following table shows adjustments that A would make under each method to correct the 20X6 financial statements:

Under SAB Topic 1.N (SAB 108), registrants are required to use both approaches when evaluating the uncorrected misstatement and to adjust the financial statements if either approach results in quantification of a material misstatement. While typically this materiality analysis would be performed by public entities, management of an entity undergoing an IPO must also consider its application while preparing the entity’s financial statements for the IPO registration statement.

Assume that the $100 uncorrected misstatement under the iron-curtain approach is material to 20X6 and that the financial statements need to be adjusted, as a result of which expenses are understated by $80 and the 20X6 income statement is therefore misstated. The $80 understatement should be evaluated for materiality with respect to the 20X6 financial statements; if this understatement is considered material, the prior-period financial statements should be corrected. In this example, the $20 accrual each year should be reversed as follows:

Auditors will need to reevaluate whether uncorrected misstatements identified in the prior audits are material to the prior-period financial statements on the basis of (1) the greater of the amount determined under the iron-curtain approach or that under the rollover approach and (2) their judgment about materiality for the PCAOB audit. Further, as a result of this reevaluation, if an auditor determines that the total amount of accumulated uncorrected misstatements approaches materiality, the auditor may either (1) request that management adjust the financial statements or (2) perform additional audit procedures to reduce the risk that the combination of possible undetected misstatements and misstatements identified during the audit reaches materiality.

Connecting the Dots

Management should consider quantitative and qualitative measures of materiality when reviewing uncorrected misstatements and should determine whether the financial statements need to be revised as a result of prior-year uncorrected misstatements. Management should share its analysis with its auditor and be prepared to support its judgments.

6.7.6 Communications With Management and Audit Committees

6.7.6.1 Requirements of PCAOB Standards

PCAOB standards encourage auditors and the audit committee to effectively communicate throughout the audit, since such communication can lead to a better understanding of audit-related matters. In preparing to file an initial registration statement, an entity typically will change its governance structure, including the formation and composition of an audit committee, to meet the governance requirements the entity will be subject to after it becomes public. As a result, the individuals auditors communicate with when reissuing auditor’s reports on prior years are often different from the individuals auditors communicated with in prior AICPA audits. In such cases, auditors may consider recommunicating matters related to prior audits for the benefit of new audit committee members.

6.7.6.2 Management Representation Letters

In connection with each amendment to a registration statement, auditors obtain updates to the management representation letter obtained upon the initial submission or filing of the registration statement, generally on the dates on which each amendment is filed and on the effective date (or as close thereto as is practicable in the circumstances).

6.7.6.3 Form of Auditor’s Report

The form and content of the auditor’s reports for PCAOB audits differ from those for AICPA audits as a result of differences in the auditing standards. These differences include:

The applicable auditing standards — PCAOB auditor’s reports include a statement that the audits were performed in accordance with PCAOB standards, while AICPA auditor’s reports include a statement that the audit was performed in accordance with U.S. GAAS. As noted in Section 6.7.1, it is also possible for the auditor’s report to refer to both sets of standards, if applicable.
Independence — PCAOB auditor’s reports must include a statement that the auditor is a public accounting firm registered with the PCAOB and must be independent with respect to the company in accordance with the U.S. federal securities laws and the applicable rules and regulations of the SEC and PCAOB.
Audit firm tenure — PCAOB auditor’s reports include a statement containing the year the auditor began serving consecutively as the company’s auditor.
CAMs — PCAOB auditor’s reports include communication of CAMs related to the audit of the current-period financial statements or state that the auditor determined that there are no CAMs. A CAM is any matter arising from the audit of the financial statements that was communicated, or was required to be communicated, to the audit committee and that (1) is related to accounts or disclosures that are material to the financial statements and (2) involved especially challenging, subjective, or complex auditor judgment. It is expected that, in most audits, the auditor would determine that at least one matter involved especially challenging, subjective, or complex auditor judgment.
As noted in Section 1.6.2, communication of CAMs does not need to be included in the auditor’s report of an EGC, since EGCs are among the companies8 exempt from this PCAOB requirement.

AICPA auditor’s reports also contain statements related to the responsibilities of management and the auditor that are not required to be included in PCAOB auditor’s reports.

6.7.7 Interim Reviews

Entities are often required to include interim financial information in the registration statement (see Section 2.4.2). Because the auditor is associated with such information, review procedures are often performed in accordance with PCAOB standards. Specifically, paragraph 7 of PCAOB AS 4105 states, in part:

The objective of a review of interim financial information . . . is to provide the [auditor] with a basis for communicating whether he or she is aware of any material modifications that should be made to the interim financial information for it to conform with generally accepted accounting principles. The objective of a review of interim financial information differs significantly from that of an audit conducted in accordance with the standards of the PCAOB. A review of interim financial information does not provide a basis for expressing an opinion about whether the financial statements are presented fairly, in all material respects, in conformity with generally accepted accounting principles. A review consists principally of performing analytical procedures and making inquiries of persons responsible for financial and accounting matters, and does not contemplate (a) tests of accounting records through inspection, observation, or confirmation; (b) tests of controls to evaluate their effectiveness; (c) obtaining corroborating evidence in response to inquiries; or (d) performing certain other procedures ordinarily performed in an audit. A review may bring to the [auditor’s] attention significant matters affecting the interim financial information, but it does not provide assurance that the [auditor] will become aware of all significant matters that would be identified in an audit.

Further, paragraph 16 of PCAOB AS 4105 indicates that the auditor “should apply analytical procedures to the interim financial information to identify and provide a basis for inquiry about the relationships and individual items that appear to be unusual and that may indicate a material misstatement.” The analytical procedures that the auditor performs generally include:

“Comparing the quarterly interim financial information with comparable information for the immediately preceding interim period and the quarterly and year-to-date interim financial information with the corresponding period(s) in the previous year, giving consideration to knowledge about changes in the entity’s business and specific transactions.”
“Considering plausible relationships among both financial and, where relevant, nonfinancial information.” The auditor also may consider “information developed and used by the entity, for example, information in a director’s information package or in a senior committee’s briefing materials.”
“Comparing recorded amounts, or ratios developed from recorded amounts, to expectations developed by the [auditor]. The [auditor] develops such expectations by identifying and using plausible relationships that are reasonably expected to exist based on the [auditor’s] understanding of the entity and the industry in which the entity operates.”
“Comparing disaggregated revenue data, for example, comparing revenue reported by month and by product line or operating segment during the current interim period with that of comparable prior periods.”

Connecting the Dots

Management may perform the same review procedures that auditors do and may use such procedures both as a risk assessment tool and to be responsive to auditor inquiries. Providing the auditor with a description of these procedures and documentation regarding period-to-period fluctuations in account balances (or the absence of expected fluctuations) is likely to reduce the time the auditor spends in completing its review.

Footnotes

For example, under PCAOB standards, the auditor is always required to perform a test of details in response to a significant risk. In contrast, under AICPA standards, the auditor is not required to perform such a test provided that its response addresses both substantive analytical procedures and tests of controls.

SAS 131 (codified in AICPA AU-C Section 700).

Paragraph A5 of PCAOB AS 2101 defines the term “other auditor” as follows:

A member of the engagement team who is not:
1. A partner, principal, shareholder, or employee of the lead auditor or
2. An individual who works under the direction and control of the registered public accounting firm issuing the auditor’s report and functions as that firm’s employee; and
A public accounting firm, if any, of which such engagement team member is a partner, principal, shareholder, or employee.

A service auditor is an auditor that reports on the effectiveness of controls at an outside service provider (e.g., a transaction processor or investment custodian).

Communication of CAMs is not required for audits of (1) brokers and dealers reporting under Rule 17a-5 of the Exchange Act; (2) investment companies registered under the Investment Company Act of 1940, other than business development companies; (3) employee stock purchase, savings, and similar plans; and (4) EGCs, as defined in Section 3(a)(80) of the Exchange Act.