I suspect it will come not as a surprise to readers of Compliance Week involved in public company reporting that external audit fees continue to rise for a majority of Securities and Exchange Commission registrants.
The 2015 Audit Fee Report issued in October by the Financial Executives Research Foundation (FERF) reported that median external audit fees increased by 3 percent, 3.5 percent, and 3.4 percent in 2012, 2013, and 2014, respectively. That outpaces the rise in the producer price index, which rose less than 2 percent in each of these years. Increased audit fees were experienced by a majority of the 7,000-8,000 public companies that report their audit fees in SEC filings.
Increased audit fees can result from a combination of higher hourly rates charged by the audit firm and increases in the hours required to complete an audit. Rising compensation and other costs incurred by audit firms can translate into increases in the hourly rates charged for audits, while higher audit hours reflect increases in audit scope. For example, more than 46 percent of the respondents to the FERF survey said the increase in their 2014 audit fees resulted from acquisitions; 36 percent attributed the increase to other changes in company structure.
Another significant factor cited by survey respondents is the heightened focus by audit firms on internal controls over financial reporting. In its inspection reports of audit firms in recent years, the Public Company Accounting Oversight Board has noted many deficiencies relating to the assessment by auditors of internal controls. Auditors are therefore looking more closely at internal controls.
Nearly 40 percent of respondents to the 2015 FERF survey said audit firms “review of manual controls resulting from PCAOB inspections and other PCAOB issues” was a significant contributor to the rise in audit fees. When I was an auditor, yes, there were situations where we increased our review of manual entity-level controls in key areas, and in areas where the company either did not have automated activity-level controls or we concluded that these could not be relied upon because the company had not instituted sufficiently robust access controls over the automated systems.
Companies can experience many benefits from improving and automating internal controls and the related processes and documentation, including helping better manage and even reduce audit fees. As one company told FERF, “Our external fees have decreased because our internal processes have gotten better.”
The FERF study also found that companies that reported ineffective internal controls over financial reporting saw more than twice the increase in their audit fees, compared to companies with effective internal controls: a 6.4 percent increase in 2014 for firms reporting ineffective internal controls, compared to 3.1 percent for others.
Interestingly, although public companies face increased scrutiny of their internal controls, not all have experienced higher audit fees. FERF found that more than 40 percent of public companies reported flat or lower fees in 2014 than in the prior year, and 15 percent of the companies achieved decreases in audit fees for multiple consecutive years.
FERF has begun to explore the reasons why some companies have been able to hold their audit fees flat or reduce them over multiple years, even in the face of significant acquisition activity. While the FERF researchers have not yet completed their investigation of these matters, their findings so far are quite interesting. In interviews with companies that reported decreased audit fees for multiple consecutive years, FERF identified the following seven actions that can make a difference.
Review current processes to identify areas for improvement. One interviewee suggested that immediately after an audit, the internal team takes “inventory” of the audit processes and determines ways that they could be enhanced to address audit inefficiencies. Another interviewee reported that, after carefully considering all key controls, he concluded that the number of these controls be cut nearly in half and still achieve the desired level of coverage. Moreover, by focusing attention on a smaller number of controls, the company was able to improve the quality of control documentation and testing with fewer resources.
Improve internal controls. Interviewees reported that there were improvements in their internal controls resulting from centralization, standardization of work papers, and automation that promoted enhanced consistency of control processes and related documentation. Improving internal control can have a direct effect on the effort and cost of external audits. As Gregory Wilson, former deputy director of the PCAOB Inspection Division, put it, “Show me a company with weak internal controls, and I’ll show you an expensive audit.”
One of the companies FERF interviewed reduced its audit fees despite multiple acquisitions that doubled its size in recent years not once, but twice. The company’s vice president of accounting policy and SOX reported that while the company did not set out to reduce audit fees, this was a byproduct of the focused effort to improve controls in the light of its recent rapid growth through acquisitions and its reconsideration of controls against the 2013 COSO Framework.
Continual communication and collaboration with external auditors. Almost all interviewees suggested that there should be regular and active communication with the external auditor during the audit. This helps identify efficiencies for both the company and the auditor, and it helps ensure that the auditors are provided the information they need on a timely basis.
Centralize the audit footprint. Respondents indicated that an audit of the financial statements of a company with centralized operations could be more efficient and less costly than that of a company with decentralized operations.
Companies also described the importance of centralizing critical information and information systems. One company achieved important efficiencies by replacing three or four different enterprise resource planning systems with a single system that was easily accessible at one location.
Automation. Interviewees suggested that automation has major benefits, especially of time-consuming, error-prone tasks. One company reported using a cloud-based solution to automate internal controls documentation and to manage and execute SOX testing documentation (including evidence of the performance of key controls), certification, and the reporting process. This system also provided the auditors with all the necessary information to review and test the company’s controls. Companies also reported benefits from standardizing and automating account reconciliations. Among other benefits, such automated systems allow auditors to view reconciliations on their own without the need to involve company staff.
Overall, significant cost savings and other benefits can arise from automation via reducing the administrative burden and freeing up critical resources to focus more attention on the risks and controls that matter most.
Skilled staff. Not surprisingly, interviewees reported that having well-trained company staff involved with the audit will help reduce audit fees. One interviewee suggested that having an employee with prior audit experience is critical to this effort.
Review audit hours and fees, and don’t be afraid to push back. Companies that monitor the hours auditors spend on particular audit areas are in a better position to question the number of hours they were billed for and why these hours were incurred. Companies should not just blindly accept an explanation by their auditors that they had to perform additional audit steps because “the PCAOB says so.”
Sound internal controls are critical to financial reporting. Companies can experience many benefits from improving and automating internal controls and the related processes and documentation, including helping better manage and even reduce audit fees. As one company told FERF, “Our external fees have decreased because our internal processes have gotten better.”
No comments yet