The Public Company Accounting Oversight Board (PCAOB) issued 2018 inspection reports on June 1 for the six largest U.S. audit firms, including each of the Big Four, BDO, and Grant Thornton.
These annual inspection reports are the first in a new format intended to be more readable, with streamlined content and more charts and graphs. They contain new information, including a section on significant audit deficiencies (Part I.A), a classification system for audits with identified deficiencies, and a section with other instances of non-compliance with PCAOB standards or rules (Part I.B). Items included in Part I.A are deficiencies of such significance that the PCAOB believes the firm, at the time it issued its audit report, had not obtained sufficient appropriate audit evidence to support its opinion on the issuer’s financial statements and/or internal control over financial reporting (ICFR).
The best performance out of the Big Four for 2018 came from Deloitte, with only 11.5 percent of its audits inspected having significant audit deficiencies. Anything under 20 percent has historically been a good result, based on analysis prepared by Compliance Week last year.
KPMG sits at the bottom of the pack for 2018 at 36.5 percent, though it saw the biggest improvement.
The audit area that gave each inspected firm trouble was internal controls under AS 2201. There were also a number of deficiencies relating to auditing estimates, which continue to be a hot topic for the PCAOB. The agency’s new standard, AS 2501, is effective for audits for years ending on or after Dec. 15, 2020.
The financial statement areas that were most commonly cited for deficiencies were revenue, business combinations, inventory, and loans and related accounts.
Below is an in-depth look at how each Big Four firm fared:
Deficiencies for Deloitte went down significantly to 11.5 percent (6 out of 52 audits) in 2018 from 20 percent (11/55) in 2017. The firm’s most commonly identified deficiencies related to testing controls over accuracy and completeness of data or reports (3 audits), testing design or operating effectiveness of controls selected for testing (2, down from 7), and evaluating significant assumptions or data used by the issuer to develop estimates (2).
Areas where deficiencies were most frequently noted included insurance-related assets and liabilities, revenue and related accounts, investment securities, and deposit liabilities. There was a significant decrease, from 6 to 1, in deficiencies in auditing revenue, with no deficiencies in substantive testing in the current review.
The firm’s other non-compliance findings were not including all relevant workpapers in its audit documentation (13/52) and omitting information about participation in the audit by other accounting firms on Form AP (8/26).
“Executing high quality audits is our number one priority,” said Deloitte & Touche Chairman and CEO Lara Abrash and Deloitte CEO Joseph Ucuzoglu in response to the inspection report. “We are confident that our ongoing digital transformation, along with the investments we continue to make in our audit processes, policies, and quality controls, are resulting in significant enhancements to our audit quality.”
PwC’s deficiencies went up slightly to 25.5 percent (14 out of 55 audits) in 2018 from 23.6 percent (13/55) in 2017. The firm’s most common deficiencies related to testing the design and/or operating effectiveness of controls selected for testing (8 audits), evaluating significant assumptions or data used by the issuer to develop estimates (7), and identifying controls related to a significant account or relevant assertion (5). Deficiencies were most frequently noted in the audit areas of revenue and related accounts, business combinations, and loans and related accounts.
Other instances of non-compliance were not including written communication to the audit committee on the potential effects of certain permissible tax services on the independence of the firm (1/12) and omitting/misrepresenting required information about other accounting firms’ participation in the audit on Form AP (5/28).
In response to the inspection report, PwC U.S. Chairman Tim Ryan and U.S. Assurance Managing Partner Mark Simon said the firm has “evaluated each of the observations set forth in [the overview of the report] and have taken appropriate actions under both PCAOB standards and our policies.”
How Grant Thornton, BDO fared
In addition to the Big Four, the PCAOB published inspection reports for second-tier firms Grant Thornton and BDO.
For Grant Thornton, deficiencies increased in 2018 to 25 percent (8 out of 32 audits) from 17.6 percent (6/34) in 2017. Like the Big Four, the firm’s most common deficiencies related to testing design or operating effectiveness of controls, identifying controls, and evaluating issuers’ development of estimates. Deficient audit areas included revenue, inventory, and business combinations.
For BDO, deficiencies went up to 47.8 percent (11 out of 23 audits) in 2018 from 39.1 percent (9/23) in 2017. The firm’s most common deficiencies related to testing design or operating effectiveness of controls selected for testing and performing substantive testing to address risk of material misstatement. The audit areas of revenue and related accounts and income taxes were among those most frequently deficient.
EY deficiencies declined to 25.9 percent (14 out of 54 audits) in 2018 from 30.9 percent (17/55) in 2017. The most common deficiencies related to testing the design and/or operating effectiveness of controls selected for testing (10 audits), overreliance on controls when performing substantive testing (6), evaluating significant assumptions or data used by the issuer to develop estimates (6), and identifying and testing controls related to a significant account or relevant assertion (6).
Deficiencies were most frequently noted in the audit areas of business combinations, inventory, and revenue and related accounts. EY was found to have not documented its communication to the audit committee of changes to significant risks initially identified in two of 16 audits reviewed.
“We have thoroughly evaluated the matters described in Part I of the Report and have taken appropriate actions to address the findings,” said EY U.S. Chair and Managing Partner Kelly Grier and U.S. Vice Chair of Assurance John King in response to the inspection report.
KPMG deficiencies improved to 36.5 percent (19 out of 52 audits) in 2018 from 50 percent (26/52) in 2017. The firm’s most common deficiencies related to testing controls over accuracy and completeness of data or reports (11 audits), testing the design and/or operating effectiveness of controls selected for testing (9), overreliance on controls when performing substantive testing due to deficiencies in testing controls (8), and identifying controls related to a significant account or relevant assertion (7).
Deficiencies in both 2018 and 2017 were most frequent in the audit areas of revenue and related accounts, inventory, business combinations, loans and related accounts, and allowance for loan losses. The largest area of decrease in deficiencies was in the financials industry sector (from 10 to 4).
There were a number of other instances of non-compliance under Part 1.B. These included failures to make required communications to audit committees about other firms participating in the audit (6/26), to assemble final audit documentation within 45 days of the report release date (4/52), and to make fraud inquiries of audit committees (5/52).
“Our top priority is consistently executing quality audits,” said KPMG Chairman and CEO Lynne Doughtie and Audit Vice Chair Frank Casal in response to the inspection report. “… We understand our responsibility to our stakeholders and remain committed to working constructively with the PCAOB in the months and years to come.”