A significant number of deficiencies occurred over the past three years in audits of internal controls, which can lead to inadequate disclosures in the financial statement audit, according to a practice alert issued last week by the Public Company Accounting Oversight Board (PCAOB).


Paperwork (Photo credit: Wikipedia)

The alert, which builds on a PCAOB general-inspection report released in December 2012 that found problems with audits of internal controls, said deficiencies exist throughout the audit process. Some of the defects are concentrated in identifying and sufficiently testing controls intended to address the risks of material misstatement and testing the design and operating effectiveness of management-review controls.

Other deficient areas include obtaining enough evidence to update the results of testing of controls from an interim date to a company’s year-end, and testing controls over a firm’s system-generated data and reports that support important controls.

Internal-control auditing, the board maintains, should be integrated with the audit of the financials. But often auditors “rely on controls to reduce their substantive testing of financial statement accounts and disclosures,” the alert said. PCAOB’s December report also flagged audit firm failures in mustering “sufficient appropriate evidence to support its opinion on the financial statements.”

While PCAOB’s December report used information from the annual inspections of eight publicly registered firms, the audit overseer found similar problems with audits of internal controls at other registered firms.

Defects in a firm’s information-technology system is also a possible cause of problem audits. “A company’s use of IT can significantly affect a company’s internal control,” it said, noting that automated controls can help prevent misstatements. But if a control selected for testing uses system-generated data or reports, the effectiveness of the control depends in part on the controls over the accuracy and completeness of the data or report.

It’s important to note, however, that “an IT control might not be intended to prevent or detect misstatements by itself, but it might impair the effectiveness of important IT-dependent controls if it were deficient,” the alert said.

Audit engagement partners and senior engagement team members should pay attention to the deficiencies in audits of internal control, according to the PCAOB.  The board recommended that audit teams consider whether added training of their auditing personnel is needed to help them keep abreast of what’s going on currently in internal controls.

Audit committees were also flagged as needing to take a more active approach to audits of internal controls. In addition to requesting information from their auditors about potential root causes of internal-controls defects, “audit committees may want to inquire about the involvement and focus by senior members of the firm on these matters,” the alert noted.

, , , , , , , ,

4 responses to “Poor Internal Control Tests Hurt Financial Statement Audits”

  1. Good article! One item that is a bit misleading though is the comment that “audit teams consider whether added training of their auditing personnel is needed to help them keep abreast of what’s going on currently in internal controls.” I believe the alert is really stating that auditing personnel would benefit from training on designing effective integrated audits over financial staements and related internal controls. There is really nothing new in what’s going on “currently” in internal controls.

  2. Accounting/auditing education needs (1) to have more emphasis on business and economics as a wole, to understand the business and industry risks as well as related incentives and opportunities to manage transactions and reporting, and (2) to strip away the debits and credits and focus on understanding the impact of recorded transactions on financial statements and financial statement as well financial analysis to understand what the reported numbers mean, the difference between cash flows and earnings. Adding those two components together will make much stronger auditors of financial statements and controls. Grounding learning in cases and experiential learning in integrating courses as well, will strengthen judgment and the ability to identify problems. Right now,most students of accounting are trained to classify numbers, not really to understand them. As result, the profession attracts a lot people who like classifying over analyzing.

  3. Good point from Mr. Spires. I recently signed up for CPE in the Internal Audit field to help enhance my academic preparation for college students with what is happening in practice. Unfortunately, the CPE commonly covers the core concepts that I am teaching to my college students now. More details on efficient integration would be a great benefit in training.

  4. too many professionals rely on information technology to structure control and identify issues, yet put too few resources towards monitoring and testing those tools (or the results) on a regular basis. It is essential that those in accounting and finance understand how to not only implement necessary controls and processes, but also test them to make sure they’re actually working as advertised. Complacency is all too common, as it is assumed that the “system” will do the job for you.


Leave a Reply

Your email address will not be published. Required fields are marked *