The PCAOB has posted a 2023 audit committee resource that identifies a number of questions that audit committees may want “to consider amongst themselves or in discussions with their independent auditors, particularly given today’s economic and geopolitical landscape.”  The topics include the risk of fraud, risk assessment and internal controls, auditing and accounting risks, digital assets, M&A activities, use of the work of other auditors, talent and its impact on audit quality, independence, critical audit matters and cybersecurity. Audit committee members will certainly want to review the resource in its entirety, but, to give you a flavor, summarized below are some of the questions.

  • With regard to the risk of fraud, the PCAOB suggests that audit committees ask about whether the auditors identified any new risks of fraud and, if not, what procedures the auditors performed, including identifying any new procedures. What procedures did the auditors perform to identify potential related-party transactions? How did they determine if significant unusual transactions had a valid business purpose or determine if management perpetrated fraud?  Did the auditors ask management about potential illegal acts or noncompliance with sanctions?
  • Regarding controls, the PCAOB suggests questions about how the auditor tested controls, how the auditors modified their approach in response to control deficiencies, and how the auditors took into account economic factors, such as inflation, rising interest rates, supply chain risks and access to capital, as well as the company’s ability to mitigate these risks, and whether the auditors considered these factors in connection with going-concern risks. (See this PubCo post.)
  • With respect to disclosure on critical accounting policies and practices, were any proposed significant changes to the disclosure rejected by management?
  • If there has been a restatement, how did the auditors assess management’s materiality analysis? (See this PubCo post.)
  • With regard to significant estimates and assumptions, how did the auditors consider potential management bias?
  • Do the auditors have the special knowledge and skills required to audit digital assets, especially controls?
  • Following an M&A transaction, if performance has been lower than expected, have the auditors performed an evaluation for impairments? (See this PubCo post.)
  • If other accounting firms play a substantial role in the audit, are they registered with the PCAOB? How do the lead auditors ensure that the other auditors are familiar with the requirements of the applicable financial reporting framework and PCAOB standards? (See this PubCo post.)
  • If the audit firm was affected by the “great resignation,” how is it addressing staffing issues and ensuring competency of the engagement team? If the audit was conducted in a remote/hybrid environment, how was proper supervision ensured?
  • How does the audit firm identify and evaluate threats to independence and what processes are used to be sure that all possible relationships that may affect independence are communicated to the audit committee? (See this PubCo post.)
  • How have the auditors identified critical audit matters? Were any matters determined to be CAMs on a preliminary basis, but not ultimately reported? (See this PubCo post and this PubCo post.)
  • On cybersecurity, how did the auditors consider the risk of cyberthreats or cyber incidents? Were the auditors advised of cyber breaches that may affect financial reporting? 

Posted by Cydney Posner