In December 2019, as part of its strategy of enhancing transparency and accessibility through proactive stakeholder engagement, the PCAOB conducted conversations with almost 400 audit committee chairs, focused on audit committee perspectives on topics such as audit quality assessment and improvement and auditor communications, and reported on those conversations. (See this PubCo post.) As noted by PCAOB Chair William Duhnke in this PCAOB webinar for audit committees, the PCAOB prioritized this engagement, viewing informed and engaged audit committees as “force multipliers.” In addition, he noted, the PCAOB had heard criticism early in the process that the PCAOB did not play well with others and was not receptive to feedback—the conversations also represented an effort to address that problem. The PCAOB has continued this same outreach to audit committee chairs during 2020, focused this time on the unprecedented challenges created by COVID-19 and its effect on the chairs’ oversight of financial reporting and the audit. The responses regarding the impact of the pandemic varied widely, depending on the industry and company. The chairs identified a number of new or increased risks, including cybersecurity, employee safety and mental health, going concern, accounting estimates, impairments, international operations and accounting implications of the CARES Act. The PCAOB’s recent report summarizes two of the common themes the PCAOB regularly heard from audit committee chairs across industries and highlights some of the helpful questions and considerations that the chairs identified.
Remote work. The most prevalent theme was the shift to remote work. Chairs were initially concerned about the rapidity of the transition to remote, but ultimately indicated that they were surprised by how smoothly the transition had gone under the circumstances. Some of the chairs indicated that the transition may have been eased by storage of much company data in the cloud. The chairs had been particularly concerned about internal control over financial reporting, but concluded that it “was managed, maintained, or adjusted as necessary.”
Cyber-related risks—such as increased phishing attempts and email security—were cited a number of times by chairs as a challenge that was more acute as a result of the move to remote work. The PCAOB observed that the issue of cybersecurity typically arises in the context of identifying and assessing risks of material misstatements in the financial statements and, for integrated audits, in connection with identifying and testing the controls designed to mitigate that risk. The effectiveness of cyber-related controls was often discussed by the chairs with the auditors in connection with the audit.
Below are questions for auditors that audit committee chairs considered helpful in understanding risks related to remote work:
- “Will additional time be needed to get the audit work done remotely? What complexity does working remotely add to the audit?
- Will working remotely affect productivity of audit engagement team members? If so, does the audit plan need to be updated, and do fees need to be revisited?
- Has remote work affected the company’s ICFR? If so:
- Is the auditor including new controls in their assessment, or evaluating changes to existing ones?
- Has the auditor identified any concerns with respect to segregation of duties?
- If a review of the issuer’s interim financial information has been completed already, are there any lessons learned that can be applied to the year-end audit?
- Are there any technology enhancements or collaborative tools that should be considered to support longer-term remote work?
- Has the auditor assessed potential risks of material misstatement related to cybersecurity, and how does the auditor plan to respond to those risks?”
Increased auditor communications. Most of the audit committee chairs reported that the pandemic led to more frequent communication with their auditors, and the chairs were generally satisfied with the extent of these communications. One of the most common discussions related to how to best complete audit work a timely basis. Some chairs also highlighted their expectations of continued frequent communications as new risks and uncertainties emerged as a result of the pandemic.
Audit chairs found the following communication topics to be particularly useful:
- “Discussions about trends auditors are seeing across their client base, particularly those pertaining to industry peers;
- Presentations on areas of the audit that may or will warrant increased attention due to the effects of COVID-19, as well as how the auditor plans to approach those areas; and
- Audit firm resources and webinars with industry-specific content.”
The audit chairs offered the following advice regarding auditor communications during the pandemic:
- “Engage with the auditor and management to discuss potential challenges to a timely completion of the audit. Review and discuss the timeline for the phases of audit work.
- Determine a good cadence for communications that include both the auditor and management so that the audit committee receives the information it needs in a timely manner, while also considering the additional demands on auditors and management during the pandemic.
- Discuss any changes to the audit plan with the auditor, including changes to areas of focus and how the auditor plans to address areas of new or modified risk. Discuss if there are changes to how the auditor will identify and test internal controls.
- Discuss which disclosures may need to change as a result of COVID-19.”
As reported in the webinar, two other topics that came up frequently were enterprise risk management and company culture. With regard to ERM, audit committee chairs said that they were devoting more time to this issue, with some indicating that their ERM plans were effective with just a few tweaks and others needing to essentially start over because the plans did not contemplate such an enduring crisis. Related to ERM is an enhanced focus on corporate culture, both with regard to supporting management through the stressful environment and the need for increased attention to issues of culture such as the potential for fraud.
A more general discussion of the messages from PCAOB conversations with audit committee chairs is expected at the end of the year.