Indicators of Audit Quality
Forty percent of the audits inspected by audit firm regulators had at least one finding indicating a
serious problem, according to a new survey. A recent report from the International Forum of
Independent Audit Regulators, a group of national audit regulators including the Public Company
Accounting Oversight Board (PCAOB) in the U.S. and the Financial Reporting Council in the U.K.,
reported findings from 918 audits of listed public companies performed by 120 audit firms, and found
that 40 percent of the audits inspected had at least one finding.
The two areas with the highest rate and greatest number of findings in the 2017 survey were accounting
estimates and internal control testing. In the area of accounting estimates, most of the findings
pertained to a failure by auditors to assess the reasonableness of assumptions by management,
including considering any contrary or inconsistent evidence.
On the topic of internal control testing, the most common type of finding among the audit regulators
was the failure to obtain sufficient persuasive evidence to support a reliance on manual internal
controls. The next most common type of finding was the failure to sufficiently test controls over, or the
accuracy and completeness of, data or reports produced by management.
Calderon and his co-authors examined PCAOB inspection reports published from August 2004 to
November 2013 for inspection years 2002 through 2012. The authors used Audit Analytics data to
categorize five types of internal control-related audit deficiencies and then collected detailed
descriptions from the inspection reports. The authors reviewed 2,047 completed inspection reports
during the period. Of the 1,025 inspection reports with audit deficiencies (about 50%), the authors
identified 131 ICFR-related deficiencies: 89 U.S. inspection reports by U.S. auditors and 42 foreign
inspection reports (31 foreign auditors). The following deficiencies were found:
1. Testing the design of controls or operating effectiveness of controls (i.e., management review
controls) 94
2. Application of the top-down risk-based approach to the audit of internal control (i.e., thought
process auditors should employ in identifying risks) 53
3. Identifying information technology risks (i.e., obtaining an understanding of specific risks to the
ICFR resulting from information technology) 40
4. Performing extensive testing of the work done by third parties in high-risk areas involving
significant judgment and fraud risk 28
5. Evaluating identified control deficiencies 21
In a speech on the “PCAOB’s Role in Improving Audit Quality,” PCAOB Board member, Jeanette Franzel,
addressed the importance of audit quality indicators to monitor on a regular basis audit quality and help
to identify possible fraud risks and deficiencies in internal controls over financial reporting.
Franzel stated that the Board has seen significant improvements in audit quality as evidenced by the
large firms dedicating significant resources toward remediating deficiencies and improving quality
control systems. She also pointed to improvements in tone at the top, coaching and support to audit
teams, and training and monitoring of audit quality.
These results are encouraging although I believe the accounting profession still has a long way to go to
fully address why such a high deficiency rate exists in the inspections of audit reports some sixteen years
after the passage of the Sarbanes-Oxley Act and formation of the PCAOB.
What’s taking the profession so long to comply with the public’s expectation for audit quality?
Blog posted by Steven Mintz, aka Ethics Sage, on May 8, 2018. You can learn more about Dr, Mintz’s
activities at: https://www.stevenmintzethics.com/.