Building a Foundation for Audit Quality

Good afternoon. I would like to thank Jake Vossen for hosting our session at the conference. Claudius and I are pleased to be back this year, but first we must say that the views we express are our own and should not be attributed to the PCAOB as a whole or any Board members or staff.

Washington, DC is a city with tremendous history and architecture. I noticed coming in that construction in the area is nearing an end, and the long restoration project of the historic Wardman Tower has been completed. Remodeling and restoration projects are never fun while the construction phase is ongoing, but the end result is well worth it.

As a homeowner who has taken on lots of projects, I know only too well that the key to success lies in the quality of the materials used and in particular the foundation – a foundation that can withstand the tests of time and unpredictable elements. It so often happens that a fun or glamorous kitchen remodel is turned on its head when the contractor says there is a structural problem with the home's foundation. Foundation problems always need fixing; otherwise, those fancy new cabinets and appliances might crash into the basement in an earthquake!

It can be disappointing to invest in the things you can't see even though in the long run those are things that will protect you or limit the damage from unpredictable elements like an earthquake. Cosmetic small fixes here and there might help in the short term but the structural problems at some point need to be addressed.

This is much like the foundation of a quality audit.

Audit firms have done much over the years to strengthen the foundation to help them produce quality audits. They have shored up certain weaknesses that have been identified by regulators and their own internal inspections.

From an inspections perspective, the number of audit deficiencies have ebbed and flowed over the years. At certain of the larger firms, however, findings now seem to have plateaued – and the findings are still too high. While the progress made has been good – the plateauing is concerning. And, one can't help but ask – is this good enough? Some firms are close, but none are there yet. That is a sentiment I hear from firm leaders as they assess their own practices, and form their own goals.

Investors expect a quality audit.

The challenges and risks in the audit environment are great. Some provide a great deal of promise and others challenge the status quo of the profession. This coming season auditors face new standards, uncertain economic environments, innovation, and unfortunately the financial effects of the many natural disasters that have stricken parts of the world.

The best protection lies in prevention – setting yourself up in a way that prevents problems from occurring in the first place. That is why we have a strong and active focus on the foundation of the quality audit – the firm's system of quality control.

I. Foundation – A System of Quality Control 

A firm should have in place a system of quality control that provides it with reasonable assurance that its personnel comply with applicable professional standards and the firm's own standards of quality. Directly or indirectly this system affects audit performance and is important to serve the public interest and investor protection.

As firm leaders – how do you know audits are being performed in a quality manner on a consistent basis? What are the controls you rely on? How quickly would someone coming to your organization understand those controls and be able to become part of that system? Does staff at all levels understand those controls?

Our inspections over the years have focused on the elements of the system of quality control. Each element is connected in the system – like the building materials in a home – and is dependent on each other for effectiveness. Scaled for the size of the firm, certain elements are evaluated during an inspection. For the larger firms, the areas selected may vary from year to year based on the inspection team's risk analysis.

I encourage firms to consider whether they need to change their mindset on approaching the problems at hand – it may be time to consider changing from "remediating a problem" to addressing systemic issues identified through either internal or external reviews.

Firms that take a proactive approach to understand both internal and external risks that may affect the efficient and effective operation of their systems on an ongoing basis will likely be better prepared to prevent and respond to these issues when they arise.

Tone at the Top and Firm Culture

A firm's culture reflects the cumulative actions and behaviors of its personnel, including those that affect audit quality. Those cumulative actions and behaviors are influenced by firm leadership's communications and directives; also referred to as the tone at the top.

An appropriate tone emphasizes the importance of the role of the audit to the financial markets – an attitude of serving the investor – leading by example and doing what's right even when no one is looking – cultivating a culture where due care, including professional skepticism, is rewarded throughout the firm as part of a firm strategy.

Since our inception, we have observed a change in tone and culture at a number of firms, and in general, they are pretty good. These changes seem to have driven improvements in audit quality. Some firms have explicit messaging that audit quality is the primary objective and support that messaging with significant actions. For example, we have seen firms creating audit quality groups and leadership positions to underscore the importance of audit quality.

Some have expanded accountability for audit quality beyond the lead engagement partner to include other important roles in the audit – engagement quality reviewers; leadership partners, such as the office managing partner; and other auxiliary partners, for example, those assisting in multi-location audits. We have seen firms incorporate audit quality goals and metrics in the partner performance process.

We have seen other instances of mixed messages. We have also seen instances in which a firm does not hold partners in leadership or oversight positions accountable for negative quality events when appropriate, which may signify that there is not a firm-wide commitment to improving audit quality.

I believe that maintaining an appropriate tone at the top is important to improving audit quality, as the firm's actions, messaging, and the behaviors of its leadership can have a far-reaching effect on the firm's culture and on its professionals, including how they view their role as auditors in a regulatory environment.

Client Acceptance and Continuance

The clients a firm chooses to accept and retain also link to the firm's tone and send a message to its personnel and to others. It is one of the most important decisions that a firm makes. A bad decision in this area can have horrible consequences down the road – like my mother used to say, you are known by the company you keep. A partner that takes on risk inappropriately, that steps outside their areas of competence, puts the entire firm – or even network – at risk.

Consideration of audit risks, both internal and external, associated with clients should occur throughout the audit cycle, including when evaluating whether to provide new or recurring professional services each year. There are a variety of risks to consider, including the complexity and expected growth of the client, management integrity, as well as audit staff bandwidth and technical expertise.

Does the firm have policies in place for certain risks to be elevated to other partners during the acceptance and continuance process? Should staff with specialized skills be involved on the audit to mitigate these risks?

I can't stress enough that identifying and monitoring risks in the audits that a firm is engaged to perform and having an open line of communication not only at the leadership level but also at the engagement team level is key. You only need to see the press from this past year to see that the selection of audit clients can have a detrimental effect on a firm. Sure, sometimes deciding to walk away from certain clients may be tough but having a supportive leadership team that values quality instead of quantity speaks volumes.

Personnel Management

People are the only real assets a firm has, and people are what distinguish one firm culture from another. A firm's success depends heavily on the proficiency of its personnel. Firms need policies in place to ensure that they are assigning personnel with the technical expertise to successfully complete audits, providing necessary training, and advancing personnel with the appropriate qualifications.

Some of the audit deficiencies we have identified suggest that some auditors may lack a sufficient understanding of the specific requirements of GAAP or may not have the industry expertise necessary to perform the audit. Certain firms have made significant investments over the last several years in their training programs including the development of engagement team based training events, the integration of case studies into the curriculum, and the use of workshops to facilitate the engagement team's development of the planned audit response. You would think that technical competence would be a given. Given the recurring deficiencies identified, firms should continue to evaluate whether more targeted training is required to further address the deficiencies in these areas.

Beyond competencies, firms should also consider the workload of team members and whether sufficient time has been allocated to perform the audit. This concept also ties into tone at the top – having firm leadership commitment to create a culture in which team members feel comfortable raising their hand when they need resources can contribute to audit quality.

Engagement Performance

We expect, and the standards require, firms to establish and maintain policies and procedures to provide them with reasonable assurance that the work performed by engagement personnel meets applicable professional standards, regulatory requirements, and the firm's standards of quality. Such policies and procedures should encompass all phases of design and execution of the audit. Personnel should not only be aware that policies and procedures exist – but communication and training on what the policies are and how to follow them are just as important.

Today I'd like to talk a bit more about a couple areas related to engagement performance that are top of mind for me.

Supervision and Review

Many of the recurring audit deficiencies we see occur in areas of significant judgments that are reviewed often times by both the engagement partner and the engagement quality reviewer.

Deficient reviews may be due to a lack of sufficient time devoted to the review, placing too high of a reliance on discussions with the engagement team, or reviewing summary audit documentation that was not detailed enough for the reviewer to evaluate the engagement teams' responses to significant risks.

Not only is proper supervision and review important to detect deficiencies in the audit work performed, but it is key to the system of quality control. Leadership coaching more junior staff has been shown to contribute to audit quality. This ties back to personnel management when you think about providing personnel with the proper training they need to be successful.


Firms should establish policies and procedures that encourage personnel to refer to authoritative literature or other sources and consult, on a timely basis, with individuals within or outside the firm when appropriate. This is particularly important when auditing complex or unusual transactions. Consulting may become even more critical when issuers adopt new accounting standards.

We have seen instances where partners have evaluated situations on their own and reached judgments that a particular fact pattern was not material or did not need to be elevated further through a firm's practice even though consultations may have improved the outcome. For example, in one instance, the matter became qualitatively material and created adverse results for both the firm and the engagement team. In another instance, the matter involved a GAAP error – the engagement team took a significant risk by not documenting the error, not consulting on the error and not communicating the error to the audit committee.

Partners should view consultations as one of the best tools available – they provide tremendous security and learning to all teams. We are always pleased to see a firm with a strong consultative culture. Where that is not happening, a firm needs to ask – what motivates staff not to consult? Is it firm culture? Is it tone? Is it time? Is it pressure? Is it a disregard for firm process? Is the firm process too complex? Are there barriers that get in the way?


Ongoing evaluation of whether each of the elements in the system of quality control exists and is operating effectively is critical, including evaluation and assessment of personnel that do not follow the established policies and procedures. This ongoing evaluation assists the firm in identifying strengths and weaknesses in the quality control system.

Over the last several years, I have spoken about how firms have strengthened their monitoring programs in several ways beyond simply completing internal inspections. For instance, some firms have implemented pre-issuance reviews in areas of recurring deficiencies. Firms should evaluate whether the results of these reviews require new or different actions to prevent similar deficiencies from occurring on other audit engagements.

Some firms have also made significant investments in root cause analysis programs over the past several years. These firms have appointed experienced and skilled individuals to lead the analysis and provided them with the necessary training. Firm professionals have used a variety of techniques to perform root cause analysis and they consider results not only from PCAOB inspections, but also peer reviews, internal inspections and monitoring of restatements and consultations.

A robust root cause analysis is likely to identify a variety of underlying causes of an individual audit deficiency or breakdown in an element of the system of quality control. I think what firms need to do to drive further change is to perform more rigorous analyses, particularly in the areas of recurring deficiencies. The current remedial actions implemented by some firms, including training and implementation of new or revised tools and templates may not be sufficient to address the root causes of the recurring deficiencies we see.

Firms may need to be more innovative and remedial actions may need to be more focused on the long term fixes to elements within the system of quality control as compared to individual audit engagement issues.

Auditor Independence, Objectivity and Integrity

It is essential that auditors are focused on independence and firms are assessing their systems of quality control to determine if they provide reasonable assurance that they maintain independence from their audit clients. I mention this because I continue to be concerned by the number of deficiencies we see related to noncompliance with PCAOB rules or SEC rules and regulations related to independence.

Examples of these deficiencies include insufficient communications to the audit committee regarding the scope of tax consulting services performed and the potential effects of all tax services on the independence of the firm, and failure to make the required communications to the audit committee concerning independence.

As part of its monitoring procedures, firms may identify circumstances in which an individual's financial relationships with an audit client may impair its independence. In evaluating these circumstances, the firm may inappropriately conclude that the firm's independence was not impaired because the individual was unaware of the respective independence rule rather than being unaware of the circumstance which gave rise to the independence violation.

Firms should pay close attention to understanding firm-provided services when accepting a new client. This is particularly important with the EU mandatory audit tendering and firm rotation requirement that took effect in 2016.[1] We have observed instances in the past where firms have accepted a new audit client without realizing that the firm had provided prohibited services to the new audit client during the period under audit.

II. Looking Ahead to 2018

As 2017 is coming to a close, we have already begun planning for our upcoming inspection cycle and our focus on firms' systems of quality control. We are committed to our goals of continued improvement in audit quality and driving change in the areas where we have seen frequent and recurring deficiencies. We will also consider a number of other factors as we scope our inspections, including environmental, economic and technology risks along with newly implemented standards.

Recurring Audit Deficiencies

Preliminary 2017 results of the annually inspected firms indicate that inspection results at some firms have plateaued at a level that is still too high, particularly in the areas of recurring deficiencies. This is not a good thing.

These preliminary 2017 inspection results indicate the most frequent audit deficiencies identified continue to be in the same three key areas I have discussed with you over the past few years: assessing and responding to risks of material misstatement, auditing internal control over financial reporting ("ICFR"), and auditing accounting estimates, including fair value measurements.

It is particularly important for the engagement partner and senior engagement team members to focus on these areas and for engagement quality reviewers to keep these matters in mind when performing their reviews.

Assessing and Responding to Risks of Material Misstatement

I believe this area is fundamental to the audit and should, when done well, provide the appropriate foundation for an effective and efficient audit. Understanding the company — meaning its business and industry - and its processes is critical to identifying and assessing the risk of material misstatement.

Proper identification of the risks of material misstatement, including the types of potential misstatements that can occur and the likely sources of those potential misstatements, is necessary when selecting appropriate controls to test, evaluating whether those controls adequately address the risks, and designing and executing substantive procedures.

Risk, and the significance of that risk, influences the nature and extent of the procedures performed and the audit evidence needed.

Audit procedures performed to assess and respond to the risks of material misstatement continued to be a focus of inspections during 2017 and will continue going forward.

We have seen, in some cases, auditors identifying risks using a library of standard risks without considering how those risks exist, or are relevant, at the issuer. In other cases, we have seen risks being broadly defined – such as the risk of fraud – yet engagement teams struggle to explain how the fraud could be perpetuated or how the audit procedures were designed to address the risk.

A word of caution when identifying and assessing the risks of fraud – be thoughtful and not mechanical. Figure out what the relevant fraud risks are for each audit client and design procedures accordingly.


ICFR continues to be an area where inspections staff frequently identify deficiencies. Many of these deficiencies involve testing controls that include a review element.

We have seen a number of instances related to estimates, including, for example, the allowance for loan losses. We see instances where auditors read high-level minutes from management's discussions and note that the assumptions used to develop the allowance were reviewed and approved. On their own, these procedures do not provide sufficient audit evidence related to the operating effectiveness of the control.

Remember, you are not always required to reperform a review to test the control, but you are required to understand what the performer did. An auditor should test the specific activities performed by management, including the steps involved in identifying, investigating, and resolving significant differences from management's own expectations.

Auditing Accounting Estimates, including Fair Value Measurements

Accounting estimates usually warrant more audit attention because they often involve complex methods – including models, subjective factors, and judgments – which make them susceptible to management bias. The risk of material misstatement of accounting estimates normally varies with the complexity and subjectivity associated with the process, the number and significance of assumptions that are made, the availability and reliability of relevant data, and the degree of uncertainty associated with the assumptions.

We have seen some improvement in the audit work related to estimates and we anticipate fewer deficiencies in this area.

Deficiencies we have observed this cycle are commonly related to the allowance for loan losses, the valuation of assets and liabilities acquired in business combinations, and financial instruments.

We have seen instances, for example, where an issuer has used a discounted cash-flow model to determine the fair value of their assets, but in testing the cash flow projections the auditor merely agreed the projected growth rate to the growth rate used in the prior year impairment analysis. The engagement team did not consider what factors might impact the issuer's ability to achieve these rates, including whether historical growth rates were achieved by management.

Auditors must challenge management's assumptions and consider available evidence that not only supports management's assumptions used in cash flow analyses but also potential contrary evidence.

Economic Risks

As it relates to economic risks, some of the risks that will be a focus of ours when making inspection selections for 2018 include recurring risks such as the mergers and acquisitions and low interest rate environment.

Mergers and Acquisitions

While the mergers and acquisitions activity has declined in the first half of 2017, there is still a relatively high level of activity. With the current political climate across the globe, companies seem to be more cautious in seeking out acquisitions. At the same time, companies in all sectors may also use acquisitions to mask poor revenues and earnings from legacy businesses, producing pressure for overpayment and subsequent overstatement of goodwill balances. Business combinations continue to be an area where we have observed audit deficiencies and thus this will be a focus area for our 2018 inspections.

Natural Disasters

The last few months brought with it a series of natural disasters from the historic hurricanes in the Gulf of Mexico and Caribbean, the devastating earthquake in Mexico, to the fires throughout the West Coast. These disasters may have caused business disruptions for companies operating in those areas.

The insurance and banking industries may feel the brunt of the impact with losses estimated to be in the billions. Other industries such as retail will likely be affected. Consumers will likely increase their purchases at the retailers that sell items needed for survival and reconstruction as opposed to retailers that sell more discretionary type items.

Auditors should be mindful of whether their clients have been impacted by any of these disasters and consider the implications of the impact in their year-end audit procedures.

Low Interest-Rate Environment

Interest rates in the U.S., Europe, and Japan remain low. The continued low interest rate environment may cause issuers to invest in higher risk instruments, including loans or securities with potentially higher investment returns, but greater risk. These instruments may be complex and harder to value, which may have increased risk of material misstatement.

Policy Environment

The pending or proposed legislative action in the U.S. policy environment so far during 2017 related to health care, financial sector regulation, income taxes, and the federal budget may increase audit risk. If decisions are made on any of these topics during the fourth quarter of 2017, it could result in businesses having to react quickly as they finalize their accounting records for the year. Legislative actions this close to year end may also impact the auditor's ability to react regarding its risk assessment and determine the level of assurance necessary to design its testing.

New Accounting Standards

There has been a lot of discussion at the conference already about the new accounting standards, in particular, the new revenue standard. These will affect us in inspections as well. We are busy training our staff; we are busy talking to firms about what they are doing and we are looking at guidance – policies, tools and templates and providing feedback.

As I mentioned last year, we will continue to discuss with audit teams how they are addressing accounting changes with their clients. We also plan to include a selection of issuers who have early adopted the standards in our selected issuer inspections during 2018. Those results will help inform our approach in 2019, and more importantly, will allow us to raise issues with firms and practitioners early so that concerns may be addressed.

We will want to understand whether the auditors have had discussions with their clients related to changes issuers may implement in their processes or controls, whether the auditor has remained independent in the process of client implementation of the standards, and whether the auditor is appropriately reporting any concerns about readiness or technical ability to the audit committee on a timely basis. I encourage preparers, auditors, and audit committees to read the "Staff Audit Practice Alert No. 15: Matters Related to Auditing Revenue from Contracts with Customers" which was published in October as this is a valuable resource and tool.[2]

Information Technology

Information technology is often times a critical component or building block to the development and accuracy of financial statements, as well as company accounting, reporting and management infrastructure. We continue to be forward thinking with respect to information technology, and believe many firms are too. The rapidly changing environment, technological advances, and ability to use data analytics to improve not only our inspection processes – but overall audit quality, is exciting and brings with it some significant challenges.


Cyber-attacks are constantly evolving and as we learned this year, auditors and audit firms are not immune to these attacks. Cyber risk is not limited to technology hardware and equipment – the actions that employees take may also create risk. In 2018, Inspections staff will perform procedures to understand firms' processes and internal controls to protect client information stored on their systems.

To date, we have not observed through our inspection work any material misstatements of financial statements that appeared to be attributable in any part to cybersecurity incidents. Risks remain, however, that cyber-attacks may affect issuer financial statement reporting. It is important for auditors to consider whether there are cybersecurity risks that pose risks of material misstatement to the financial statements and, if so, whether modifications to the planned audit approach, including for testing IT General Controls, are necessary.

If cybersecurity incidents have occurred during the audit period, auditors should assess whether there are any effects on the financial statements, including financial statement disclosures, or implications related to ICFR. Inspections staff plans to continue to obtain and evaluate information in this area.

Software Audit Tools

Firms are at different stages in developing software audit tools to assist in gaining an understanding of business processes and transactions and also using these tools to gather audit evidence to support the audit opinion.

A significant number of the audits that we have reviewed used at least one software audit tool in performing audit procedures. While these tools varied among firms, we have seen them used effectively to identify manual journal entries with fraud indicators, assist the auditor in evaluating the sample size for testing a population of transactions, and assist the auditor in evaluating pricing of investment securities.

It is worth noting, however, that we haven't actually seen the more sophisticated tools in action on many live audits – we know they are coming, and want to be sure we are prepared.

Just as technology advances and the tools auditors use become more advanced – the foundation of the audit has not changed – auditors should consider whether the procedures performed with or without these tools meet the audit objectives. Risk underlies the entire audit process, and the auditor should perform procedures designed to respond to the risks of misstatement that the auditor has identified.

I am encouraged by the fact that some firms have already taken action to monitor the development and deployment of these tools within their practice and provide training and support for auditors to use these tools. Firms' evaluation of whether these tools operate effectively, are properly implemented by audit teams, and comply with the applicable auditing standards will continue to be a focus of our inspections.

Non-U.S. Inspections

Inspecting audit work done outside the U.S. is a very important part of our work. U.S. investors have real exposure to firms and issuers in other jurisdictions, whether it is a non-U.S. operating company or a U.S. company with significant operations abroad.

Our inspectors look at both foreign private issuer audits and referred work. And when we do that, we have findings, including situations where the right hand doesn't necessarily know what the left is doing, where the principal auditor doesn't get the assurance requested from the subsidiary auditor and doesn't do any more work of its own. We do our work jointly with other regulators and bring to those inspections deep technical expertise that allows us and them to oversee work in areas like big banks that would otherwise not be covered.

We plan to inspect around 60 non-U.S. firms in nearly 30 jurisdictions in 2018. We have made tremendous progress working with other regulators and now only a handful of jurisdictions remain where inspections are due or overdue and we can't inspect.

We work actively with other regulators in other jurisdictions not only through our inspections but through our engagement with the International Forum of Independent Audit Regulators. Those discussions are focused on important strategic topics that affect the profession and audit quality and include topics such as steps taken to drive consistency of audit execution, the role culture plays in firms' audit quality, views on how new technologies and data analytics tools can make a difference in audits, and their impact on talent.[3]

Improving Transparency

Form AP Disclosures

As I discussed last year, the Board adopted new rules and related amendments to its auditing standards in 2015 that provide investors and other financial statement users with information about engagement partners and accounting firms that participate in audits of issuers. In accordance with the effective dates of these rules, registered audit firms began submitting this information through the new Form AP during 2017.

Since the adoption of these new rules, over 13,000 Form APs have been filed with the PCAOB as of mid-November.

Our staff performed procedures in 2017 to evaluate firms' implementation of, and compliance with, the new rules. While Inspections staff is continuing to evaluate the 2017 inspection results, preliminary results indicate a high level of compliance with the Form AP requirements for most firms. Firms that have not yet filed Form APs and are required to, I urge you to pay close attention to the filing requirements of these rules for your respective issuer audits to ensure timely completion and filing of Form AP.

I encourage firms to reach out to our staff with questions about completing the forms – we are set up to help. Our contact information is the registration help desk ([email protected]) or our Office of the Chief Auditor staff.

Enhanced Auditor Reports

In October 2017, the SEC approved the PCAOB's new Auditor's Reporting Standard. The standard makes significant changes to the existing auditor's report.

The changes in the auditor's report are expected to clarify the auditor's role and responsibilities in the audit, improve the readability of the report, and disclose auditor tenure. Additionally, investors in the U.S. public capital markets want a better understanding of the judgments that go into an auditor's opinion – not a recitation of the standard procedures that apply to any audit, but the specific judgments that were most critical to the auditor in arriving at its opinion.

The new standard provides a clear, well-vetted description of what should be included as "critical audit matters" or "CAMs" as well as a list of six factors the auditor should take into account in determining the CAMs to include.

The standard envisions that auditors describe their critical audit judgments. It does not put them in the position of speaking for management.

With the phased approach for the effective dates for the new standard, the first phase relates to the new requirements for the new auditor's report format, tenure, and other information that is effective for audits with fiscal years ending on or after December 15, 2017.

Inspections staff will perform procedures to evaluate firms' implementation of the first phase of this new standard in 2018 and will monitor and evaluate firms' progress in implementing discussions of CAMs in audit reports in future inspection periods. We want to be proactive. We also want to discuss what firms are doing in terms of "dry-runs" – these may be helpful for us to look at and provide feedback throughout the process.

I also encourage firms to proactively plan for the implementation of the new standard and really think about the objective of the new standard, which is to provide investors with a better understanding of the unique judgments that go into an auditor's opinion, not a boilerplate copy that looks just like any other issuer's audit opinion.

Broker-Dealer Auditor Oversight

We will continue to conduct inspections under the interim inspection program until the rules for a permanent inspection program take effect. The PCAOB staff continues to work to further develop the contours of a potential rule proposal for the Board to consider for a permanent inspection program.

We intend to inspect approximately 65 firms and portions of 105 audits and the related attestation engagements in 2018. You can expect that our inspections will continue to focus on areas such as revenue; risks of material misstatement due to fraud; related party transactions; the supporting schedules for net capital and customer protection; and the attestation engagements.

This past August, we released our annual report on the inspection program for auditors of broker-dealers that describes the inspections during 2016, and the observations from these inspections. In this regard, Inspections staff continued to observe a number of independence findings as well as deficiencies in the audit and attestation procedures. Generally, these results were similar to what was reported last year, which was the first year our inspections covered the new requirements under the amended Rule 17a-5, in particular, the attestation engagements and PCAOB standards. Broker-dealer auditors should read this report and take action to avoid these issues when planning and performing procedures for their upcoming audit and attestation engagements.

The 2017 inspection fieldwork is coming to a close this week and with that, we will have inspected 75 firms and portions of 115 audits and the related attestation engagements. We issued a Staff Inspection Brief in June that provides an overview of our inspection plan and scope for the inspections during 2017.[4] The 75 firms inspected represent approximately 16 percent of the firms that audited broker-dealers' financial statements filed with the SEC for fiscal years ended during 2016.

Preliminary results of the 2017 inspections indicate that many of the audit and attestation deficiencies observed in the 2016 and 2015 inspection years have also been identified during 2017. We have, however, identified fewer independence findings during 2017 compared to 2016.

I encourage auditors of broker-dealers to join us at our upcoming Forum for Auditors of Broker-Dealers to be held on December 7, in Jersey City, or plan to attend a forum during 2018. We live-streamed a forum earlier this year and plan to do the same next year. We also held a webinar this past June for auditors of broker-dealers on auditing related-party transactions, which is available for viewing on our website.

III. Registration

I want to take a few minutes to speak about the foundation for the Board's jurisdiction – the registration of firms with the PCAOB.

New or formerly registered firms that are requesting to register with the PCAOB should understand that under our Rule 2106, the Board will approve applications consistent with its responsibilities under the Sarbanes-Oxley Act of 2002, to protect investors and to further the public's interest in the preparation of informative, accurate, and independent audit reports.

In determining whether to approve a firm's application, the Board may include in its consideration any violation of the Act or the Board's rules that the firm may appear to have committed, such as issuing an audit report on an issuer's or broker-dealer's financial statements while not registered, failing to make required filings and pay required fees to the Board while registered in the past, or failing to provide complete and accurate information in the application for registration.

We recently updated our Frequently Asked Questions document found on our website – anyone applying or reapplying for registration should refer to this document.[5]

IV. Building and Maintaining that Strong Foundation

Agility, resilience and consistency are key to building and maintaining a strong foundation to produce quality audits.

The system of quality control must be able to identify and monitor risks, retain qualified staff and adapt to changing environments.

Understanding whether controls exist, whether personnel understand those controls, whether they function properly and are well-integrated is vital to developing a strong environment that provides consistent quality audits and will be a focus of our work.

So, what are my takeaways as we head into 2018:

  1. Focus on the foundation – An ongoing evaluation of a firm's system of quality control is important to understand the internal and external threats to the system in order to react to them and to know what areas of the system of quality control need to be strengthened to provide high quality audits consistently and improve audit quality where necessary.
  2. Focus on reducing recurring audit deficiencies for the long-term – Figure out how to do this in a way that makes sense for your practice and makes sense for your partners.
  3. Adapt to changing environments – Keep your eye on technology changes and how it will impact the future of the audit practice. Firms should be considering the advancements in technology and the impact on the audit, firm resources and training.

Build and maintain a solid foundation that produces quality audits consistently. This will be essential to building and maintaining the trust of investors, and should also give a good inspection result.

[1] See Regulation (EU) No. 537/ 2014 of European Parliament and of the Council (April 16, 2014).

[2] See Staff Audit Practice Alert No. 15: Matters Related to Auditing Revenue from Contracts with Customers issued October 5, 2017.

[3] International Forum of Independent Audit Regulators opens headquarters in Tokyo; first Board meeting held (April 3-6, 2017). Retrieve from:

[4] See Staff Inspection Brief Vol 2017/2: Information about 2017 Inspections of Auditors of Brokers and Dealers issued in June 29, 2017.

[5] See Frequently Asked Questions Regarding Registration with the Board at revised December 4, 2017.

Related Topics