CFOs might find PCAOB evidence-quality guide a useful auditor check

An opinion that’s supported by irrelevant or unreliable data might not be accurately capturing company performance.

How well is the opinion of your company’s performance supported by the evidence the auditor’s using?

Public Company Accounting Oversight Board (PCAOB) staff have released guidance on what constitutes relevant and reliable evidence for supporting audit opinions.

If evidence auditors are using isn’t relevant or from a reliable source, or if the reliability of the evidence itself is questionable, that can call into question the soundness of the opinion.

“In some cases, information that was determined by the auditor to be more relevant may not be the most reliable, and vice versa,” the guidance, released October 7, says.

Data availability

PCAOB was created in 2002 as part of the Sarbanes-Oxley Act to help ensure auditors don’t allow accounting problems in public companies to get past them and put investors at risk. 

The new guidance tries to put guardrails around auditors’ growing use of external evidence to support their opinions. 

The use of external evidence, like so many things today, is fueled by the widespread availability of data that companies, regulators and other entities collect and release. The question the guidance tries to answer is which data is relevant and reliable and which isn’t.

“Advancements in technology in recent years have improved accessibility and expanded the volume of information available to companies and their auditors from traditional and newer external sources,” the document says. 

Reliability

In general, data generated by regulators or entities that are themselves regulated — stock exchanges are mentioned — can be counted on to be more reliable than data generated by other types of organizations. 

Similarly for data that’s generated by organizations vs. data that is derived through analyses of other organizations’ data. The more raw the data is, in other words, the better chance it’s reliable.

Relevance

Relevance is the other big issue, and the guidance provides several use cases for thinking about that. For example, weather data can be relevant evidence for assessing the accuracy of a company’s sales data, presumably because bad weather can reduce brick-and-mortar sales, but only if the data is used correctly. 

“Before using the weather data in developing certain expectations – e.g., for substantive analytical procedures related to product revenue – the auditor would need to understand the relationship between weather data and company activities,” the guidance says.

A company’s year-end stock price, obtained from an exchange, is another example. That data can be used to compare against the price the company is using to support its valuation of an instrument.

“The exchange price would represent the fair value of the instrument,” the document says. 

The guidance is directed at auditors, but it’s relevant to CFOs for checking whether their auditor is using external evidence appropriately in its assessment of company performance.

As fraud rises, CFOs must approach numbers skeptically, report finds

https://www.cfodive.com/news/Center-Audit-Quality-financial-reporting-fraud/593123/

Executives might be committed to accuracy, but middle managers and others throughout the organization must be on board, too.

The pandemic is increasing financial reporting fraud, putting the onus on CFOs to create an organization-wide system that prevents wrongdoing, a coalition of auditing and other oversight groups said in a report released today.

Financial statement fraud in public companies is real and that risk has only increased during the Covid-19 pandemic,” said Julie Bell Lindsay, executive director of the Center for Audit Quality, one of four groups to release the report.

To help ensure the integrity of their company’s financial reporting, CFOs can’t rely on external auditors as their bulwark against fraud; they must weave protection into the fabric of the organization and exercise the same skepticism toward numbers auditors are trained to do.

“The strongest fraud deterrent and detection program requires extreme diligence from all participants in the financial reporting system,” Lindsay said. “Certainly, you have internal and external auditors, but you also have regulators, audit committees and, especially, public company management.”

Heightened stress

The report looks at SEC enforcement data from 2014 to 2019, a period of relative calm Linsday said can help set a baseline for assessing how much in pandemic-caused fraud regulators will find when they do their post-crisis analysis.

“The timing of this report is really a great way to … remind all the folks in the financial reporting ecosystem that … the pressures for fraud to happen are strong right now,” she said. 

Improper revenue recognition comprises about 40% of wrongdoing in financial reporting, more than any other type, a finding that tracks an SEC analysis released last August. 

Companies tend to manipulate revenue in four ways:

  1. The timing of recognition
  2. The value applied
  3. The source
  4. The percentage of contract completion claimed

The report singles out revenue-recognition manipulation by OCZ Technology Group, a solid-state drive manufacturer that went bankrupt in 2013, as a typical case.

The company had to restate its revenues by more than $100 million after it was caught mis-characterizing sales discounts as marketing expenses, shipping more goods to a large customer than it could be expected to sell, and withholding information on product returns.

The CEO was charged with fraud and the CFO with accounting, disclosure, and internal accounting controls failures.

The report lists three other common types of fraudmanipulation of financial reserves, manipulation of inventories, and improper calculation of impairment.

Reserve issues involve how, and when, balances are changed, and how expenses are classified; inventory issues involve the amounts that are listed and how much sales cost; and impairment issues involve the timing and accuracy of the calculation. 

Increase expected

More of these kinds of problems will likely be found to be happening because of the pandemic, the report said. 

“This is where all of this comes to a head,” Lindsay said. “You certainly can see pressure, because some companies are struggling right now and there can be pressure to meet numbers, analysts expectations.”

The pressure finance professionals face is part of what the report calls a “fraud triangle,” a convergence of three factors that can lead to fraud: pressure, opportunity and rationalization.

In the context of the pandemic, pressure comes as companies struggle with big drops in revenue; opportunity arises as employees work remotely; and the rationalization for fraud is reinforced by the unprecedented challenges people are facing. 

“It could be anything,” said Lindsay. “‘My wife just lost her job, so I need to make up for it.'”

The report lists fraud types that analysts expect are rising because of the pandemic:

  • Fabrication of revenue to offset losses.
  • Understatement of accounts receivable reserves as customers delay payments. 
  • Manipulation of compliance with debt covenants. 
  • Unrecognized inventory impairments.
  • Over- or understated accounting estimates to meet projection.

About a dozen types in all are listed. 

“Past crises have proven that at any time of large-scale disruption or stress on an economy or industry, companies should be prepared for the possibility of increased fraud.” the report said. 

Lindsay stressed three lessons she’d like to see CFOs take away from the report.

First, the potential for fraud in their companies shouldn’t be an afterthought. Second, protection against it is management’s responsibility but there’s also a role for company’s audit committee, its internal auditors and it’s external auditors. Third, CFOs and the finance executives they work with, including at the middle management level, must bring that same skepticism toward the numbers that auditors are trained to bring.

“Professional skepticism is a core competency of the external auditor and, quite frankly, the internal auditor,” she said. “Management and committee members are not necessarily trained on what it is, but it doesn’t mean you shouldn’t be exercising skepticism, [which is] asking questions about the numbers that are being reported. Is this exactly what happened? Do we have weaknesses? Do we have areas of positivity? It’s really about drilling down and having a dialogue and not just taking the numbers at face value.”

In addition to the Center for Audit Quality, Mitigating the Risks of Common Fraud Schemes: Insights From SEC Enforcement Actions was prepared by Financial Executives International, The Institute of Internal Auditors and the National Association of Corporate Directors.