Audit and Poor Internal Controls

Financial Statement Audits Adversely Affected by Poor Internal Control Tests

According to a new practice alert issued recently by the Public Company Accounting Oversight Board (often simply referred to as PCAOB), deficiencies in internal control audits may result to insufficient disclosures in the audit reports. An audit report is released by the client company’s independent auditors at the conclusion of the financial statement audit engagement.

During the past three years alone, a considerable number of deficiencies in internal control audits were noted. One possible repercussion of these deficiencies is the inadequacy of disclosures in audit reports that summarize the results of audits of client companies’ financial statements, including companies that underwent Singapore company formation.

The alert was based on a general inspection report released by the PCAOB in December 2012 that noted problems in the conduct of internal control audits. There were deficiencies and lapses noted in the various phases of the entire audit process.

The Major Issues Noted

Among the issues identified involve the identification and conduct of sufficient tests of controls that are geared towards mitigating risks of material misstatement, as well as testing the operating effectiveness and design of the established management-review controls.

Other areas of concern include the gathering of sufficient evidence that will be used to update the “test of controls” results from the interim date to the fiscal yearend followed by the firm, as well as testing controls over the data generated by the company’s system and other reports that are intended to support vital control processes.

The board, through the alert, also maintains that the audit of the company’s internal controls should be incorporated or done in conjunction with the financial audit. However, auditors usually just depend on the company-established controls to lessen the substantive testing they have to do on disclosures and financial statement accounts.

Although this may save a lot of audit time and effort, the exposure to risks of possible misstatements, as well as inadequate disclosures, is higher. This is not to say, however, that auditors cannot rely on established internal control procedures, especially those that have previously been tested and proven sound.

In its December report, The PCAOB flagged the failure of some audit firms to muster enough appropriate evidence to support the opinion they attach to the audited financial statements. This is of particular importance since a lot of stakeholders rely on the auditor’s opinion on the soundness of a company’s financial statements.

Although the said PCAOB report cited information from eight (8) publicly registered accounting firms’ annual inspections, the audit authority found similar issues with internal control audits that were performed by other registered firms. This is also the case for some auditors who perform internal control audits for firms under Singapore company registration.

Problem audits are a possible repercussion of defects in the information technology system utilized by the company. As mentioned in the report, the company’s use of information technology has a significant impact on the internal control procedures of the company. The report also noted that automated controls can help avert possible misstatements. However, if the selected control for testing utilizes system-generated reports or data, the control’s effectiveness will depend partly on the controls over the completeness and accuracy of the report or data.

The alert likewise mentioned that a specific IT control might not be set up to capture or avert misstatements on its own; however, it can adversely affect the effectiveness and reliability of vital IT-dependent controls if it has defects.

The PCAOB Recommendations

According to the PCAOB, members of the senior engagement team, as well as audit engagement partners must pay more attention to the deficiencies and other defects in internal control audits.

Among the recommendations of the board is for the audit teams to consider whether their respective audit personnel are fully equipped with the required know-how and capabilities or they need additional training to prepare them for real client situations, and keep them up to date with the current trends in internal controls. This is intended to help particularly the less experienced audit staff in coming up with effective and well-designed integrated financial and internal control audits.

On the other hand, as noted in the PCAOB report, audit committees were also noted to be lacking in terms of taking a more active approach to internal control audits. The audit committees, for one, can ask for additional information on the focus and involvement of senior officers of the company as far as the internal control systems are concerned. This is outside of the usual information they request from their auditors as to the possible root causes of identified defects in internal control systems.


Copyright 2018