PCAOB Flags Increased Number of Audits at Crowe Horwath

According to Compliance Week, after several years of improvement, Chicago-based Crowe Horwath (FY17 net revenue of $809.5 million) saw an increase in adverse findings in its latest regulatory inspection.

The PCAOB examined parts of 15 different audit files at Crowe Horwath during its 2016 inspection and found problems in five of them for a 33% deficiency rate. In its 2015 inspection of the same firm, the board noted problems with only three of 14 audits, or 21%. That rate was the lowest for Crowe Horwath and for the eight largest audit networks that year, Compliance Week reported.

The PCAOB said that its 2016 review of all five of Crowe Horwath’s audits revealed problems with the audit of internal control, but only two of the five also contained errors in the audit of financial statements. In total, PCAOB found 20 different mistakes.

“The firm had the greatest difficulty with testing the design or operating effectiveness of controls selected for testing and with checking the accuracy and completeness of reports or data produced by the issuer,” Compliance Week reported

In a letter attached to the report, Crowe Horwath says it has taken action to address each of the concerns raised in the inspection. “While we are pleased with the overall trend of improvement in our inspection results over the past several years, we are not content with the level of deficiencies in the 2016 report,” says Mark Baer, MP of Crowe Horwath’s audit services group. “We will continue to use this constructive feedback to enhance our audit processes, procedures and training.”

CFOs Advised to Fire Auditors Early

A study says firing an auditor “doubles the odds of a restatement and more than quadruple[s] the odds of a material weakness over the next two years,” CFO magazine recently reported.

CFOs considering firing their company’s independent auditors should do so before the end of their fiscal second quarter, an author of a new study of auditor dismissals advises.

If a company announces the dismissal of its auditor after the second quarter, it risks being “lumped in with the bad apples,” that want to end the relationship to cover up “nefarious” doings, Jeff Burks told the magazine. Burks is an associate professor of accountancy at Notre Dame’s Mendoza College of Business.

“Investors have a good idea that firms tend to sign up their auditors early in the year,” he says. “So if you’re changing auditors later in the year, that’s a pretty good sign you’ve changed your mind.” That message often results in questions such as, “What prompted you to change your mind? You knew what the auditors fee was going to be, so what’s likely is that you were prompted by some kind of conflict with the auditor,” Burks adds.

Auditors, who must maintain confidentiality, don’t talk about clients or even former clients, so an assumption may be made that the problem lies with the company’s financial reporting.

“Firms that dismiss auditors after the second fiscal quarter have markedly higher rates of future restatements, material weaknesses, and delistings compared with firms that dismiss auditors shortly after filing the prior year’s 10-K,” according to the unpublished paper, “Auditor Dismissals: Opaque Disclosures and the Light of Timing.”

For the study, the authors culled data from Audit Analytics, a research firm, to identify 16,096 auditor dismissals announced between 2000 and 2013. They studied dismissals falling within fiscal years 2001-2012 that matched data from Compustat, the Center for Research in Security Prices, and the Securities and Exchange Commission’s Edgar database, leaving 3,976 dismissals.

Citing earlier studies by other researchers, the paper says that when it’s the auditors who quit, it’s a clear sign of accounting woes or elevated audit risk at the company. The reason? Auditors “typically have little incentive to drop healthy, low-risk clients.”

Deloitte Helps Prepare Gen Z for Audit of the Future

Big 4 firm Deloitte and the Deloitte Foundation hosted the 2017 National Audit Innovation Campus Challenge at Deloitte University, awarding students of Morehouse College first place for their idea to develop an application to automate the audit risk assessment process.

The winning idea involved developing an application to improve the effectiveness of the risk assessment process by using artificial intelligence to identify non-financial data from external sources such as social media, journals, periodicals and newsfeeds, among others. This data, used in combination with public and non-public financial data, would contribute to the auditors’ ability to identify risks of misstatement in a company’s financial statements. The software continuously curates data and learns through direct feedback from auditors.

Under the guidance of the faculty advisors and subject matter leaders, student participants were presented with a glimpse of how innovative technologies can be applied to the audit profession in new ways. The experience highlights how an evolving audit profession requires a workforce that can tackle business challenges more effectively in a world of continuously evolving technologies, while also providing auditors with increased opportunities to deliver value for the capital markets.

Student teams from 33 top colleges and universities participated in the event, with six teams advancing to the final round. Students from Pace University earned second place. The University of Pittsburgh, University of Southern California, College of William and Mary, and University of Wisconsin-Madison were awarded honorable mentions.

Multiple emerging technologies are transforming the audit and creating exciting new opportunities, Deloitte says. Workflow automation, artificial intelligence and analytics have enhanced a number of the labor-intensive, manual processes traditionally associated with an audit, freeing up auditors to offer better judgments and deeper insights.

“As technology disrupts business at an unprecedented rate, the next-generation of talent will need to possess proficiency with emerging technologies and data analytics to help develop more innovative solutions to business challenges,” says Mike Fucci, chairman of Deloitte and the Deloitte Foundation.

Study: Technology Pressures in Audit Profession Will Force Major Changes

With constantly evolving technology driving change in the profession, firm leaders anticipate a future that may fundamentally transform the way audits are conducted. According to Thompson Reuters, the most pressing challenges facing the audit profession can be grouped into four main categories: quality, innovation, talent and relevance.

A recently released whitepaper covers how each of these challenges impact today’s audit and how reimagining solutions to these challenges can mean a new future.

The white paper, “Four Keys to the Future of Audit,” says that firms don’t realize that their audits are living in the past. “Many are under the false pretense that since their audits are paperless, they are modernized and future-ready. However, most of these firms don’t take into account that while the medium may have changed, nothing about the audit process itself has changed along with it – thus, the same systematic inefficiencies are still present. Furthermore, auditors continuously fail to use technology to better understand a client and their business, the industry and as a tool to enhance curiosity.”

Technology can be used to improve quality of the audits, the report says. For example, real-time quality dashboards can help the firm monitor quality. Emerging cloud-based audit technologies offer significant improvements in this area and hold “great promise in helping the profession move into the future,” the report says.

Big data and data analytics also offer promise, as auditors can provide insights that were not possible when only samples of data were examined. “However, auditors now have the ability to rise above limited amounts of data and scope out observations,” the report says. “With the ability to have an expanded real-time internal and external view, auditors can now think holistically and promote innovation within their firms.”

Cloud-based audit platforms can help position the firm for the audits of the future. Cognitive computing systems, which use algorithms to drive machine learning, will eventually become capable of anticipating problems and their solutions. “Other industries are much further along than the audit profession, but there is little doubt that cognitive computing has a prominent place in the future of the audit,” the report says. “It’s only a matter of time.”

All of these development will impact the kind of talent recruited into the profession and the skills training that should be made available.

“The audit technology tools that are in the cloud today, that integrate platform and methodology, are very good starting points to move to the future,” the report concludes. “Add cognitive computing and data analytics once they are more fully evolved, and the result could be an audit game-changer.”

Survey: Cybersecurity and Infrastructure Management Top Concerns of IT Audit Leaders

Cybersecurity and privacy issues, along with infrastructure management and emerging technologies, rank as the top technology challenges organizations face today, according to a just-released survey report from global consulting firm Protiviti and ISACA, a global business technology professional association for IT audit/assurance, governance, risk and information security professionals. The survey of 1,062 IT audit and internal audit leaders and professionals found that IT audit is also becoming more involved in major technology implementation projects within organizations.

In the survey, respondents were asked to name the top technology or business challenges their organizations face today. The top 10 responses:

  1. IT security and privacy/cybersecurity
  2. Infrastructure management
  3. Emerging technology and infrastructure changes – transformation, innovation, disruption
  4. Resource/staffing/skills challenges
  5. Regulatory compliance
  6. Budgets and controlling costs
  7. Cloud computing/virtualization
  8. Bridging IT and the business
  9. Project management and change management
  10. Third-party/vendor management

Gordon Braun, a managing director with Protiviti and global leader of the firm’s IT audit practice, says other challenges are just as critical, “from resource and skills gaps to ongoing transitions to cloud and virtual networks. Additionally, as more and more organizations rely on third parties to support critical applications and infrastructure, the need to excel at managing vendor relationships has increased dramatically. Many organizations have not sufficiently addressed maturing their vendor management practices, and the resulting business risks can be significant.”

According to the ISACA/Protiviti survey, titled A Global Look at IT Audit Best Practices, in large companies (greater than $5 billion in revenue), 26% of IT audit functions have a significant level of involvement in major technology projects, while 45% have a moderate level of involvement. IT audit is most frequently involved in the post-implementation stages (65%).

“Seeing greater involvement by IT audit in significant technology projects is a positive trend, especially considering the dynamic nature of technology and critical risks related to security and privacy,” says Christos Dimitriadis, chair of ISACA’s board of directors and group director of information security for INTRALOT. “This is also notable because a substantial percentage of IT projects tend to run over budget and behind schedule and fail to achieve the desired objectives. Having IT audit bring a mindset of risk and control to these projects can be highly advantageous.”

In a majority of organizations (55%), the IT audit director regularly attends audit committee meetings. This represents a 6-point jump from the 2015 survey, and reflects a long-term trend in the survey findings since 2012, when less than one in three IT audit directors attended audit committee meetings regularly.

“There’s no question that cybersecurity and emerging technologies are now a regular topic at the board level,” says Braun. “Audit committee members, in particular, are seeking greater assurance around critical IT risks and controls – internal audit and IT audit leaders must be prepared to demonstrate audit coverage of key areas and articulate where the highest risks remain.”

The Protiviti/ISACA study also found that among large companies, 9% conduct an IT audit risk assessment. However, a majority (55%) only do so on an annual or less-frequent basis. Considering the growing risk landscape resulting from cybersecurity threats and emerging technologies, ISACA and Protiviti suggest that more organizations consider an approach that includes continually reviewing the IT risk landscape and adjusting IT audit plans accordingly.

The survey report is available for download at www.isaca.org/2017itauditstudy and www.protiviti.com/ITauditsurvey

Survey of PCAOB: Rate of Audit Deficiencies Increasing

Acuitas, a valuation and litigation consultant, has released a survey of recent PCAOB inspections that says that 43% of all audits inspected by the PCAOB in 2013 had deficiencies (compared to 16% in 2009).

The “2015 Survey of Fair Value Audit Deficiencies,” its fourth annual analysis of recent PCAOB inspections, also said that the number of Fair Value Measurement (FVM) and impairment deficiencies as a percentage of the total continue to be significant, representing 31% of all audit deficiencies in 2013.

Two trends that began to emerge in last year’s survey maintained their prominence, Acuitas reported. First, the FVM audit deficiencies attributable to mergers and acquisitions activity increased to 49% in 2013, up from 45% in 2012 and an average of 9% from 2008 to 2011. Second, the number of deficiencies caused solely by failures to assess risk and test internal controls remained high in 2013, at 45% of all deficiencies for the top 25 firms. By comparison, such failures were present in 22% of FVM deficiencies between 2008 and 2012.

According to Mark Zyla, managing director, “We have seen a significant shift from the years where FVM deficiencies were largely the result of financial instruments to the current trend of business combinations and a failure to test or understand financial assumptions. This shift has likely been caused by audit improvements for financial instruments that resulted from the PCAOB inspection process and by increased merger activity in recent years. The auditing community should certainly be concerned about the continuing increase in deficiencies caused by a failure to assess risk and internal controls, and the PCAOB’s assessment that they are caused by ‘a lack of due professional care.’”

The complete survey is available from Zyla, who can be reached at mzyla@acuitasinc.com, or on the Acuitas website at http://www.acuitasinc.com/home.html.

The Scheme, The Audit, The Fail

By: Yigal M. Rechtman

Yigal Rechtman

Yigal Rechtman

Yigal M. Rechtman, a principal in Grassi & Co.’s forensic and litigation practice, recently concluded a fraud investigation involving a cash-skimming scheme and shared his findings to help give tax professionals performing audits a new perspective.

The Scheme Investigated

A clerk collected cash from customers and provided a sequentially numbered receipt. At the end of the day, the receipts were supposed to be entered into the accounts receivable system, and reconciled with the deposit slip. Instead, the clerk pocketed the cash, and used one of several methods to conceal her acts – She would record an unauthorized credit memo to the customer account, or she would take payments from other customers, and credit the account from which she stole. This is a kiting scheme where the clerk “robbed Peter to pay Paul.”

After roughly three years, the clerk was able to pocket an amount greater than $270,000. (That’s $90,000 a year!) The clerk was caught when a customer complained about their account status, which was shorted due to the scheme.

How Did the Audit Fail?

Although we don’t know what the auditors (not our firm) did in terms of their audit procedures, from what we can gather here’s a few points we think they missed:

  • The auditors apparently failed to see that this is a high-risk area. Most of the receipts were in cash – this is a high risk for fraud and theft of cash. It appears that they did very little by way of sampling the paper receipts and tracing them to the accounts receivable system. Had they done it, they had a good chance of finding discrepancies and raising questions.
  • The auditors apparently failed to identify a lack of segregation of duties. The clerk was the one collecting the cash, entering the cash to the accounts receivable system, reconciling the cash collected, depositing the cash, and responding to customer complaints and questions regarding their account. At no time did the auditor inform management that this is a lack of segregation of duties that should be addressed, nor did he/she recommend changes.
  • The cash shortfall could have been simply identified if the auditors would have looked at the top-level analysis of the credit-memo balances. They would have noticed that the allowance for uncollectable accounts (or its equivalent) would have been “off” because of all the credit memos. The amount would be material, and that should have prompted more questions, an expanded scope in terms of nature, timing and extent of the audit procedures for revenues.
  • The auditors also did not confirm balances, review the reconciliations, or look at why it took up to three weeks for daily reconciliations to be prepared. The delay in the daily reconciliations (between the system and the bank deposit) should have been noticed, and at least mentioned to management and the board. That didn’t happen.

What I see here is a lack of critical thinking by the auditors. Although we are not entirely sure what they did, it appears that they did not think in a skeptical manner about the risks to revenues, especially when cash collection was a significant portion of the receipts. They also appear to have created a good analysis of the risks of fraud, and may have done “check-list mentality” on their audit programs.

Bottom Line 

  • Think about what you see and hear.
  • If you think there is a chance that the audit plan is not responsive to what’s needed say something.
  • If you think that something is fishy follow that trail.
  • And most important – be skeptical of what you’re told and verify the facts.

I hope this scenario helps all us auditors and accountants do a better job.