The Public Company Accounting Oversight Board (“PCAOB” or “Board”) issued its first report on its interim inspection program for auditors of brokers and dealers on Monday, Aug. 20, 2012. In its report, the PCAOB found deficiencies in all of the 23 audits performed by ten outside audit firms. Seven of the ten audit firms examined were only recently subject to PCAOB review under the interim inspection program. Although not representative of all audit firms, James Doty, the PCAOB Chairman, noted that the “nature and extent of the findings are of concern to the Board.”1
The Board, which is supervised by the SEC, was given the authority to inspect the audits of broker-dealers as part of the Dodd-Frank financial reform legislation, and the inspection program commenced in August 2011. According to the PCAOB, approximately 4,400 broker-dealers filed audited annual financial statements with the SEC for fiscal periods ended during 2011, and approximately 800 registered public accounting firms audited broker-dealer filings during this period.
Generally, broker-dealers are required to file with the SEC audited financial statements along with (a) audited supporting schedules relating to the computation of net capital, the computation of the customer reserve requirement, and information relating to the possession or control requirements of the Customer Protection Rule2 (or if exempt from the Customer Protection Rule, ascertain whether the broker-dealer complied with the applicable conditions for exemption); and (b) an accountant's supplemental report on, among other things, material inadequacies in the accounting system, internal accounting controls, and procedures for safeguarding securities of the broker or dealer.
The report describes deficiencies observed in the following areas: a) audit procedures related to the computation of customer reserve and net capital requirements, b) audits of financial statements, and c) auditor Independence.
A. Audit Procedures Related to the Computation of Customer Reserve and Net Capital Requirements
1. Accountant’s Supplemental Report on Material Inadequacies: The report found that in 21 of the 23 audits, auditors failed to perform sufficient audit procedures to obtain reasonable assurance that any material inadequacies found to exist since the date of the last examination in the accounting system, internal accounting controls, and procedures for safeguarding securities would have been disclosed in the accountant's supplemental report. For example, several auditors limited their procedures to inquiries of management. In addition, with regard to the net capital calculation and the customer reserve computation, the report found that several auditors only performed tests of details, which was not sufficient as the firms did not test controls over these calculations and computations.
2. Exemption from Provisions of the Customer Protection Rule: The report found that all audits of broker-dealers that relied on an exemption from this rule did not perform sufficient procedures to determine whether the broker-dealer had complied with the conditions of the exemption.
3. Customer Protection Rule: In two of the nine audits of broker-dealers required to maintain a customer reserve, the report found that auditors failed to verify whether the special reserve bank accounts were designated for the exclusive benefit of customers and that the bank account agreements contained the required restrictive provisions.
4. Net Capital Rule: The report found that auditors failed to sufficiently test components of the broker-dealer’s net capital computation in seven of the reviewed audits, for example, failing to adequately account for “haircuts.” In two of the audits, the report found that auditors failed to perform sufficient audit procedures on schedules obtained from the broker or dealer related to securities positions. Further, in two other audits, the report found that auditors failed to test the accuracy of the haircut percentages applied by the brokers or dealers, including tests of the relevant characteristics of securities positions.
B. Audits of Financial Statements
1. Consideration of Risks of Material Misstatement Due to Fraud: Firms identified fraud risks in areas such as revenue recognition, lack of segregation of duties, and related party transactions. However, in four of the audits, auditors did not perform audit procedures to respond to the identified risks of fraud. Additionally, in 13 of the audits, auditors failed to perform sufficient journal entry testing in response to the risk of management override. For example, in four of these audits, the report observed that the auditors did not test the completeness of the population of journal entries from which they selected a sample for testing. The report also observed four audits where the auditors failed to consider the characteristics of potentially fraudulent entries or adjustments.
2. Related Party Transactions: The report notes eight audits where the auditors failed to perform sufficient audit procedures for the purpose of determining the existence of related parties and material-related party transactions. In five of these audits, the report found that auditors identified the existence of agreements between the broker or dealer and an affiliated entity, yet failed to test for undisclosed related parties and material related party transactions. Further, in four of the audits inspected, the financial statements included disclosures pertaining to expense sharing agreements, service agreements, or revenue sharing agreements with related parties. The report observed that auditors did not perform procedures necessary to obtain and evaluate sufficient appropriate audit evidence concerning the purpose, nature, and extent of these transactions and their effect on the financial statements.
3. Revenue Recognition: The report identified deficiencies in 15 of the audits relating to the failure of firms to perform sufficient procedures to test the occurrence, accuracy, and completeness of revenue. For example, the report noted instances in which auditors:
4. Establishing a Basis for Reliance on Records and Reports: In 12 audits, the report noted that auditors did not perform sufficient procedures to place reliance on records and reports of the broker or dealer or reports from service organizations that were used in audit procedures. In nine of these audits, the auditors failed to perform procedures to obtain evidence about the accuracy and completeness of records and reports produced by the brokers and dealers that were used in the performance of tests of controls and substantive tests. Examples of the records and reports included general ledgers, trial balances, and schedules and spreadsheets prepared by broker or dealer personnel. Such records and reports were used by auditors in performing tests of certain areas without performing tests of the accuracy and completeness of the information contained therein.
5. Fair Value Measurements: In six of nine audits, auditors did not perform sufficient procedures to test the valuation of securities. For example, in four of these audits, the report notes that auditors failed to obtain an understanding of the specific methods or assumptions underlying certain fair value estimates that were obtained by the broker-dealers from pricing services or other third parties.
6. Evaluation of Control Deficiencies: The report notes that an auditor should obtain an understanding of the entity's internal controls sufficient to assess the risk of material misstatement of the financial statements, whether due to error or fraud, and to design the nature, timing and extent of audit procedures. The report found that in four of the audits, auditors did not sufficiently evaluate such internal controls. In two of these audits, the report noted that the auditors identified one or more internal control deficiencies while performing procedures to obtain an understanding of internal control. Although the auditors identified these deficiencies, the evaluations by the auditors did not include a sufficient assessment of factors that affect the magnitude of a misstatement that might result from the deficiency. In addition, the report observed two audits where errors were identified during the performance of substantive tests, yet the auditors failed to evaluate the severity and nature of the errors and the circumstances of their occurrences, including whether the errors were evidence of one or more control deficiencies.
7. Financial Statement Disclosures: The report observed that auditors failed to perform sufficient audit procedures to test the accuracy and completeness of certain financial statement disclosures. For example, in four of these audits the auditors failed to sufficiently test management's classification of securities within the hierarchy established by FASB ASC 820, Fair Value Measurements and Disclosures.
C. Auditor Independence
The Board found independence problems in two cases where the auditors prepared, or assisted in preparing, financial statements they were auditing, something allowed under rules by the American Institute of Certified Public Accountants but not under the stricter SEC rules for broker-dealer auditors.
Next Steps for the Interim Inspection Program
This year, the PCAOB will look at 40 auditing firms and 60 broker-dealer audits. By the end of next year, it will have looked at 100 auditing firms and 170 audits. Inspections under the interim inspection program will continue until rules for a permanent inspection program take effect, which is currently expected to be sometime after 2013. Although the PCAOB's first review looked at firms in the smaller size category, James Doty, the PCAOB, noted that “all registered firms that issue audit reports for SEC registered brokers and dealers should consider whether the audit deficiencies described in this report might be present in audits they currently perform, and should take appropriate action to prevent or correct any such deficiencies identified.”3 Broker-dealers should review the Report with their independent auditors to determine whether the auditors have addressed the deficiencies highlighted in the Report. Broker-dealers also should examine their own internal controls in these areas, because they should expect that auditors and regulators will focus on those issues in the coming year.
If you have any questions or would like more information on the issues discussed in this LawFlash, please contact any of the following Morgan Lewis lawyers:Boch-David
This article was originally published by Bingham McCutchen LLP.