Sponsored by

By Maria L. Murphy, CPA

ILL

US

TR

AT

ION

S B

Y N

AS

TY

AA

RO

MA

/IS

TO

CK

How to audithigh-risk areas

With the right focus and training, practitioners can master the most complex and challenging areas of audits.

June 201584 | Journal of Accountancy

SPONSORED REPORT

External auditors are under tremendous pressure to plan and execute audits in a constantly changing environment.

New accounting and auditing standards, such as the

converged revenue recognition standard that FASB and

the International Accounting Standards Board issued

and are now revising, create a constant need for audi-

tors to update the way they do their work. Meanwhile,

technology and globalization are changing the way

businesses operate, and regulators and investors are

increasing their scrutiny of auditors and the companies

that they audit.

Amid all this change, certain areas of audits have

emerged as particularly challenging and complex. Audit-

ing revenue recognition, internal control over fnancial

reporting (ICFR), and accounting estimates, including

fair value measurements, have been identifed by the

PCAOB, the Center for Audit Quality (CAQ), and the In-

ternational Forum of Independent Audit Regulators as

areas of high risk or high defciencies in audits. In the

United States, evolving standards related to going con-

cern have made this a challenging area as well.

Getting it right in these areas is a crucial component

of a high-quality audit. But that may not be the frst ques-

tion. PCAOB board member Jay Hanson, CPA, said a

more fundamental question is, “What does ‘right’ look

like?”

“Regulators like the PCAOB are charged with in-

specting for compliance and reporting on defciencies,”

Hanson said. “But we do see audit engagements that

are well done at the same inspected frms where def-

ciencies are found. A different way of thinking would be

for inspection reports to include observations about what

was done right on engagements.”

In the past couple of years, Hanson said, the board

has been trying to shift the discussion from one that in-

cludes the root causes of defciencies to one that also

identifes the root causes of successful audits.

“The successful audits have the right auditor atti-

tudes, engagement team involvement, resources avail-

able, and skill sets applied at the right place and time,”

he said.

PwC LLP’s Len Combs, CPA, said auditors can learn

from inspection fndings, PCAOB staff bulletins, and

CAQ alerts because they provide areas of common fnd-

ings and challenges for auditors. He said areas such as

revenue recognition, going concern, ICFR, and account-

ing estimates/fair value are challenging by nature.

“They often require auditors to evaluate not only what

happened in the past but also management’s expec-

tation of what may happen in the future,” said Combs,

the U.S. chief auditor and leader of auditing services,

methods, and tools for PwC.

The CAQ, which is affliated with the AICPA, issued

an audit risk alert for the 2014 audit cycle that included

these and other areas that can be challenging for audi-

tors. The alert is available at tinyurl.com/l2vq4n3.

Below are examples of some of the more challenging

aspects of auditing, along with suggestions on how to

audit these areas more effectively.

REVENUE RECOGNITION

Because revenue is often a signifcant account involv-

ing signifcant risks, auditors must understand the com-

pany’s business and processes, obtain appropriate audit

evidence, test controls over revenue, and assess poten-

tial misstatements. Auditors must understand the com-

pany’s sources of revenue and types of contracts and

evaluate whether the selection and application of ac-

counting principles for revenue recognition are appropri-

ate. Signifcant accounting estimates often are involved.

Auditing revenue includes testing whether revenue was

recognized in the correct period, performing procedures

to address fraud risk, and evaluating related fnancial

statement disclosures.

Hanson suggested that effective auditing of revenue

today requires a shift away from the approach used by

many auditors in the past, which focused on the balance

sheet with a more limited analytical review of the income

statement.

“Firms are on a journey towards better execution of

effective substantive analytical procedures,” he said.

“Auditors need not only to determine that there was a

reasonable change in revenue period over period, but

also to understand the reason for the relationships and

correlations of the numbers. They need to set expecta-

tions at a granular enough level in order to detect mate-

rial misstatements.”

The PCAOB in September 2014 issued Staff Audit

Practice Alert No. 12, Matters Related to Auditing Rev-

enue in an Audit of Financial Statements, to assist au-

ditors in this diffcult area. Hanson also points out that

auditors must understand the specifc risks of material

misstatements and design procedures around the com-

pany’s business process, including how its customers,

contracts, and products affect revenue recognition. He

suggested that when more senior members of the audit

team are involved in understanding the business and re-

lated processes, the audit work is more effective.

Combs indicated that not all areas of revenue rec-

ognition are high-risk and complex for all companies.

Companies producing a large number of homogeneous

products, which can be sold to a number of different

customers, may have less complexity around revenue

recognition. But he agrees that this area could be one

|

E

REVENUE RECOGNITION

www.benefitmall.com

You can trust Your clients to BenefitMall.

At BenefitMall, we pledge to support the business objectives of our Trusted Advisors. Working with BenefitMall is an easy and cost-effective way for any business to streamline operations and get back to the business at hand. With innovative products, strong customer service, reliable payroll processing and compliance support, it’s no wonder BenefitMall is an industry leader. Discover how BenefitMall can work with you and your clients.

Trust is the Basis of Every Solid Partnership

©2015 BenefitMall. All rights reserved. BenefitMall, the BenefitMall Logo, the BenefitMall ALL TOGETHER, BETTER Logo, the ALL Logo, ALL TOGETHER, BETTER and CompuPay are trademarks or registered trademarks of Centerstone Insurance and Financial Services, Inc. d/b/a BenefitMall or its affiliates in the U.S. California License #063979. *All other trademarks are the property of their respective owners.

June 201586 | Journal of Accountancy

SPONSORED REPORT

with high estimation uncertainty and fraud implications.

Survey statistics show that revenue recognition is a

high-risk area for fnancial statement fraud. Twenty-

three percent of respondents to The 2014 AICPA

Survey on International Trends in Forensic and

Valuation Services said that revenue recogni-

tion would be the most prevalent fnancial

statement misrepresentation issue in the

next two to fve years.

Combs said that although the new,

converged revenue recognition stan-

dard should not change the nature of

how to audit revenue estimates, he

expects it will introduce more situ-

ations where complex estimates

are necessary in accounting

for revenue that potentially

will result in higher assessed

risks and require additional

audit attention.

GOING CONCERN

FASB issued in 2014 Accounting Stan-

dards Update (ASU) No. 2014-15, Pre-

sentation of Financial Statements—

Going Concern (Subtopic 205-40). The

amendments create a new requirement

for management to perform an assess-

ment every reporting period of whether

there is substantial doubt about a company’s ability

to continue as a going concern and to provide related

disclosures of going concern uncertainties in fnancial

statements. FASB defned “substantial

doubt” for purposes of the accounting disclo-

sures, but that defnition does not apply to

the requirements under the auditing standards. Auditors

must assess management’s going concern evaluation

and required disclosures to evaluate whether the fnan-

cial statements are fairly presented in accordance with

GAAP. The audit requirements for evaluating going con-

cern under existing auditing standards (AU Section 341),

for purposes of determining whether to modify the audi-

tor’s report to include an explanatory paragraph about

going concern, have not been changed by the ASU’s is-

suance.

Combs believes this area can be challenging for audi-

tors because they often must evaluate the company’s

ability to generate future cash fows, which includes

management assumptions about the future.

“Specialists may need to be involved in assessing fu-

ture cash fows, sensitivities, and assumptions, including

assessing evidence which is contrary to management’s

projections,” he said. “The complexity and risk vary

based on the company’s environment and the

stability and history of the business.”

Hanson said there have been rel-

atively few inspection fndings based

on the current auditing standard on

going concern but noted that the

PCAOB has heard from investors that

going concern reporting under current

standards may not be meeting their needs.

He encourages auditors to follow the

standard and to think about whether

investors would want to know what

the auditors know about a company’s

ability to continue as a going concern.

The PCAOB issued Staff Audit Practice

Alert No. 13, Matters Related to the Audi-

tor’s Consideration of a Company’s Ability to

Continue as a Going Concern, in September

2014 and is developing a staff consultation pa-

per on whether to change the auditing standard,

including the form of the audit report and how to

test management’s assessment of going con-

cern under the new ASU. Hanson encouraged

auditors and others to send their comments on

the paper to the PCAOB staff after it is issued.

INTERNAL CONTROL

Defciencies in audits of ICFR are frequently noted in

PCAOB inspections, and the PCAOB issued Staff Audit

Practice Alert No. 11, Considerations for Audits of Inter-

nal Control Over Financial Reporting, in October 2013

focusing on this audit area. Auditors must understand

the fow of transactions and identify the risks of material

misstatement to select appropriate controls for testing

that address the risks. Selecting controls to test applies

to both routine and infrequent processes. Management

review controls intended to prevent and detect misstate-

ments should also be evaluated and tested for design

and operation. Auditors must understand information

technology related to fnancial reporting, including man-

ual and automated controls, IT general controls, specifc

risks resulting from IT, and controls over accuracy and

completeness of system-generated data and reports.

Misstatements detected during substantive procedures

must be evaluated to determine whether the internal

controls are defcient and whether the defciencies are

material weaknesses.

Hanson said that the Sarbanes-Oxley Act of 2002,

with its requirement for auditors to report on the effec-

tiveness of internal controls, was one of the most sig-

nifcant changes to audits since the securities laws were

enacted in 1933 and 1934. He added that it took some

time for frms to adjust to the requirements of Auditing

|

GOING CONCERN

INTERNAL CONTROL

© 2015 Thomson Reuters/Tax & Accounting. PPC and Checkpoint are registered trademarks of

Thomson Reuters and its affliated companies. All rights reserved.

MAKE YOUR AUDIT PRACTICE WORK SMARTER, NOT HARDER.Practitioners today need to be more effcient in audit planning and execution, without sacrifcing quality. Now, you can do

all of that and more, using the latest technology and a comprehensive, cutting-edge audit solution designed to maximize

your audit effciency and accuracy.

Discover how smart your audit practice can be with PPC’s SMART Audit Suite. You’ll fnd the innovative, risk-based audit

program design enables you to quickly assess your risk and tailor your procedures, without over-auditing.

See how your peers have made their audit process smarter with the SMART Audit Suite:

“We have improved our realization rates with the implementation and more effective usage of PPC’s SMART Practice Aids.”

“I would say that SMART Disclosure has cut our disclosure requirement time in half on each engagement.”

“I would absolutely recommend SMART Practice Aids (SMART Audit Suite) to a colleague. The suite has been a signifcant time saver for us.”

Find out how the SMART Audit Suite can help your audit practice work smarter, too.

Call 800.950.1216 or visit tax.thomsonreuters.com/smart-suite to learn more.

WINNER 2011-2015

CPA Practice Advisor’s

Readers’ Choice Awards

Best Audit Engagement

Tools

June 201588 | Journal of Accountancy

SPONSORED REPORT

Standard No. 2, and later, No. 5. From 2011 through

2013, PCAOB inspection fndings in this area changed.

“The nature of the fndings evolved. Initially, frms did

not identify and test the proper controls. Now, frms are

identifying the appropriate controls to test, but not taking

all the steps to assess whether the controls were effec-

tive at detecting material misstatements. Auditors don’t

always really understand whether the controls accom-

plished what they were intended to accomplish,” Hanson

said.

Combs said frms are typically less challenged by au-

diting internal control over standard and routine transac-

tions and that automated controls within systems can re-

duce the risk of certain traditional internal control failures

(e.g., revenue recognition timing, where invoices are not

issued by a system until goods are shipped). More chal-

lenging is testing management controls over developing

and recording complex estimates.

“Firms have always followed the auditing standards in

this area, but a more granular analysis of risk and level of

testing is now applied,” he said. “For example, assessing

potential goodwill impairment risk has changed from a

macro risk assessment that goodwill may be impaired to

specifcally assessing that goodwill may be impaired due

to failure to meet specifc future revenue targets based

on assumed annual growth rates or new product intro-

ductions.”

Combs also said that in addition to frms’ consider-

ation of general information technology risks, more em-

phasis is being placed on the specifc risks and controls

over system-generated reports and data that manage-

ment uses when executing internal controls.

Hanson recommended that auditors review the audit-

ing standards and practice alerts in this area and then

construct training tools that use real-life examples of

how internal controls work in different transaction cycles

and how the controls may be audited.

ACCOUNTING ESTIMATES / FAIR VALUE

Auditors are responsible for evaluating how accounting

estimates were developed by management, assessing

the reasonableness of the estimates, and determining

whether they conform with GAAP and are appropriately

disclosed in the fnancial statements. When issuing an

opinion on ICFR or relying on internal controls in a fnan-

cial statement audit, auditors must test the internal con-

trols related to signifcant estimates.

The auditor’s evaluation of accounting estimates in-

cludes the reliability of data used; management’s pro-

cess, review, and approval of estimates; qualifcations of

personnel or specialists involved; comparing estimates

to actual results and prior history; and sometimes inde-

pendently developing estimates. A paradigm shift has

occurred in this area as well, according to Hanson.

“Previously, if an outside expert was engaged by man-

agement, the auditor had the expert’s audit evidence,” he

said. “But the standard requires far more. Auditors must

understand the expert’s methods and assumptions, test

the assumptions used when the estimate is a fair value

measurement, and apply skepticism to challenge man-

agement’s assumptions.”

This area is diffcult because it requires predictions,

which are also challenging for management. A chal-

lenging area includes controls and processes around

fair value measurements, inputs, and models. Hanson

suggested that for auditors to evaluate management’s

estimation process, they must have the right people in-

volved with the right skill sets and coordinate the work

performed and how the audit procedures are document-

ed. He also suggested that auditors manage their time-

line to make sure that management provides needed

information early enough to allow auditors time to under-

stand and challenge the estimates.

“Not all estimates are created equal,” Combs said.

“Auditors must understand the risk of the estimates and

assess how sensitive the estimates are to various as-

sumptions. They also must assess the expertise needed

to audit the estimates in areas where CPAs are not ex-

pected to be experts, such as actuarial valuations, envi-

ronmental regulations, or oil and gas depletion calcula-

tions.”

To the extent that management uses experts, wheth-

er by hiring employees or engaging outside specialists,

their competency and objectivity must be evaluated by

the auditor. This area is especially challenging for smaller

frms that may not have the internal resources and may

have to engage third-party specialists. The PCAOB’s

small business forums include this as a topic area and

provide training and resources. The PCAOB also issued

a staff consultation paper on auditing accounting esti-

mates and fair value measurement in August 2014 and

has engaged its Standing Advisory Group in discussions

on this complex topic.

These challenging audit areas are likely to continue

to be subject to evolving guidance and regulatory scru-

tiny. With the proper focus and training, though, practitio-

ners should be able to competently perform this complex

work and deliver high-quality audits. n

Editor’s note: Jay Hanson is speaking for himself, and

his views do not necessarily represent those of the

Board or the PCAOB as a whole.

—Maria L. Murphy (emailmariamurphy@gmail.com) is a

freelance writer based in Wilmington, N.C.

|

ACCOUNTING ESTIMATES / FAIR VALUE