As Public Company Accounting Oversight Board (PCAOB) inspections have grown more intense in the last five years and the bar for audit quality has risen, auditors and public companies face mounting pressure to meet these elevated compliance requirements in a way that’s streamlined and efficient. Reducing redundancy, improving management and internal audit documentation efficiency, and ensuring seamless collaboration between internal teams and external auditors are essential strategies for success.

To help reduce audit costs and strengthen the reliability of your financial reporting, your organization can:

• Invest in well-designed controls
• Embrace IT application controls
• Prepare thoughtfully for efficient walkthroughs
• Validate critical data
• Leverage internal audit teams

Our webcast, Unlock a More Efficient Approach to PCAOB Audit Success, offered practical, real-world guidance on aligning audit readiness with regulator expectations while reducing time and effort throughout the audit cycle. Here are some key takeaways.

Strengthen Management and Review Controls

Management review controls often face the toughest scrutiny as they’re the decision-making controls for areas requiring significant judgment, such as inventory reserves, forecasted financial information, and impairment analyses. To strengthen these controls:

• Disaggregate Complex Controls. Break down broad review controls into specific, actionable attributes to accurately pinpoint how the control addresses a relevant risk.
• Document Everything in Real Time. Meeting minutes and draft analyses with tracked changes and reviewer comments are invaluable audit evidence.
• Define Clear Triggers. Both quantitative thresholds and qualitative flags should be explicitly identified if further review is needed as part of the control.
• Validate Data Inputs. Embed completeness and accuracy validations to ensure that the data underpinning these controls is reliable.

Harness the Power of IT Application Controls

Automated controls embedded within business processes aren’t just a convenience—they’re a game-changer for reducing human errors and boosting audit efficiency. Unlike broader IT general controls (ITGCs), IT application controls (ITACs) support specific financial statement assertions, mitigate risks of material misstatement, and include things like system-driven calculations and workflow approvals.

Understanding whether an automated control is inherent or configurable is critical, as this drives the testing approach. For example, if an automated control is inherent the testing approach may include a review of code or proving the system functions as intended. If the automated control is configurable testing might be more focused on security groups, roles, and permissions.

Test controls in live production environments, when possible, to verify accuracy. If you have to test in a development environment, gather additional evidence to support its applicability to the production environment.

You can also leverage benchmarking to reduce testing in subsequent years if configurations remain unchanged.

Common ITAC examples include:

• Three-way matching. Checking both the dollar values and quantities across documents.
• System-driven calculations. Automating tasks like depreciation schedules to avoid manual errors.
• Edit checks. Preventing incorrect data entry upfront.
• Workflow controls. Automating approval routes to enforce company policies.

Make Walkthroughs Effective

Walkthroughs give auditors a complete picture of how transactions flow from initiation to reporting. To make these sessions effective, come prepared with a current-year example and existing documentation such as flowcharts and narratives.

• Include IT professionals when data sources or system logic are involved.
• Keep the focus on key controls and preventing and detecting misstatements; avoid distractions over rare exceptions or clearly immaterial transaction flows.
• Ensure clarity around the use and validation of data, which is known as information produced by the entity (IPE).

Prioritize IPE Validation

Regulators are increasingly focused on the data behind your controls. Management must demonstrate that internally produced information used in financial reporting is complete and accurate.

Start early by identifying controls with a data dependency, then embed procedures to validate data and ensure it is complete. This includes extraction from IT systems, report parameters or logic, and any manual edits or transformations, including manipulation in Excel. Address risks at each stage of the process, from initial data entry to parameter-driven outputs and manual exports or manipulation.

Partner Effectively with Internal Audit

Internal audit can be a tremendous asset in easing the burden of external audits—but only if their work meets PCAOB standards.

• Ensure internal auditors are sufficiently independent and have the right expertise, including in areas such as management review controls, completeness and accuracy of data, and IT controls.
• Coordinate audit timing and scope closely with external teams.
• Use consistent documentation templates with thorough evidence and rationale, whether you choose to use the external audit templates or to ensure the internal templates have all equivalent information.
• Internal audit can support areas like routine process testing, ITGCs, walkthroughs, and IPE.

PCAOB inspections are more than a compliance exercise for auditors; they’re shaping the expectations for management’s internal controls over financial reporting. By investing in sound controls, embracing automation, preparing rigorously, validating data, and leveraging internal resources, your company can meet regulatory expectations and gain a competitive edge through more reliable financial reporting while reducing audit costs.

Watch the full webcast: Upgrade Audit Efficiency While Maintaining Compliance

We’re Here to Help

For more information contact your firm professional.

Additional Resources

• Assurance Practice
• Public Company Audit Services