Since the early 2000s, PCAOB registered firms have been subject to regulatory review of their engagement teams’ audit procedures. These reviews culminate in a publicly-released inspection report that describes engagement-specific and quality management areas where the PCAOB has concerns. As mentioned in our previous article The Regulator Who Cried Wolf: Why is the PCAOB Citing the Same Standards Year After Year After Year? the PCAOB has identified consistent themes in the top three areas of internal controls over financial reporting, responding to risks of material misstatement, and auditing estimates. Naturally, because of these repetitive themes, firms have focused their attention on remediating these issues. To some extent, firms and engagement teams have taken their eyes off the ball and have slipped in complying with one of the cornerstones of the PCAOB standards: having appropriate and timely audit documentation of the audit procedures. We thought it would be good to take a moment and focus on audit documentation of the audit procedures. Repercussions of failures in Audit Documentation The PCAOB’s Auditing Standard 1215, Audit Documentation , has very specific requirements about: What information needs to be documented in the workpapers and by when; When workpapers need to be archived; and What to do when an engagement team determines that changes need to be made to already archived workpapers. Typically, failures to comply with PCAOB auditing standards result in inclusion of the issue in a firm’s inspection report. For context, audit documentation (AS 1215) has almost never been cited in an inspection report. However, over the last 2 years, five enforcement orders have been issued by the PCAOB’s Division of Enforcement against both individuals and registered firms related to audit documentation. These documentation issues, which we will cover in more detail, range from: failing to institute a process to prevent engagement teams from backdating work papers prior to archiving. failing to archive workpapers within 45 days after the report release date. modifying workpapers that were provided to PCAOB inspectors and not notifying the inspection team about this fact or misrepresenting that they were workpapers that existed at the time of the audit. These enforcement orders included sanctions such as: censure, monetary penalties, revisions to be made to firm’s quality management process related to audit documentation, required additional training, or temporary disbarment from working on issuer audits. Each of these are serious repercussions for any audit professional or firm. I’ll break each of these items down with my considerations to prevent these from occurring at your firm. Backdating workpapers In a very recent enforcement order, the firm made a conscious effort to improve its quality management processes by instituting an automated process of only allowing sign off surrounding the preparation and review of workpapers to be currently dated, meaning professionals could not theoretically backdate sign offs to an earlier date. However, the firm became aware that this control could be circumvented by professionals changing the internal clock on their computers to an earlier date and thereby overriding the software by “currently” dating workpapers, but to the date incorrectly set on their computer’s clock. Although the firm was aware of this potential weakness, the firm failed to address the issue and failed to communicate to audit professionals that engagement teams should not circumvent the system in this manner. Of course, some intuitive auditors figured out this flaw and began to change the internal clocks on their computers and thus effectively “backdate” workpapers. So, although the backdating of workpapers was an issue unto itself, it became compounded because the firm identified this control gap but failed to mitigate or remediate this risk by doing nothing. Some questions to ask yourselves: What do you know about your audit software? Does your audit software have this weakness where your own professionals could do the same thing? Have you communicated directly to your professionals that they should not be backdating workpapers? These are important technology considerations and an issue that seems be a consistent theme with our clients. It is critical to understand the risks that audit and technology tools present, and to identify similar risks to those mentioned. This is a perfect time to do this as firms gear up to perform risk assessments over the Resources component of the quality management standards. Archiving timely AS 1215 states that “a complete and final set of audit documentation should be assembled for retention as of a date not more than 45 days after the report release date.” In my discussions with clients and other firms, some have misunderstood the requirements to mean that engagement teams merely had to assemble a final set of workpapers – not actually be required to archive them. The view of the PCAOB is that workpapers need to be assembled and locked down within 45 days – basically nobody should be able to make changes to them after that date. Another issue we have encountered during our work with our clients is that some firms do not have a process to monitor that this 45-day lock down requirement is consistently followed – some firms have no accurate reporting system to warn firm management that an audit file is coming up to the 45-day archiving deadline. Once you have missed the 45-day deadline, you are unable to cure this defect! If you are not sure about this at your firm, I suggest running an internal report to see if audit work papers are consistently being archived timely. If you don’t have reliable reports to gain this understanding, contact me to discuss ways to build this information into your processes. Modifying workpapers after the opinion date Modifying workpapers to document additional audit procedures performed after the audit opinion date is generally a no-no. We all know this. Even when documentation is added after the documentation completion date, and the requirements are followed, the optics don’t look good from an inspection perspective. I have seen inspectors take a harder look at all the files when they see this on one file during an inspection. Further, modifying workpapers after being informed of an upcoming PCAOB inspection and failing to inform the inspection team of the changes, or misrepresenting that work was done at the time of the audit, is a path no one wants to go down. Yet, this stuff still happens. I tell my clients that it’s the lesser of two evils to get a comment form from the PCAOB for failing to perform a specific audit procedure, rather than being called in front of the Division of Enforcement for failing to “cooperate with the Board in the performance of any Board inspection”. 1 What about sharing documentation from outside the file with the inspection team? When I am supporting my clients on inspections, and other documents are shared with the inspection team, I always ask the engagement team if this document is included in the audit file and if it is not (perhaps it’s an email that the engagement team is using to support an oral discussion with the inspection team, or perhaps it’s an analysis demonstrating a potential issue is not material), I advise engagement teams to explicitly make this representation. Full disclosure and clarity with the inspection team is paramount. Learning from the lessons on these recent and noteworthy enforcement cases, let’s address some common questions that have been on the minds of many of you: Can you make changes to workpapers after the opinion date and after the archiving? Stepping back and looking at the big picture; let’s refresh ourselves as to what an audit opinion is. It’s an audit professional’s written assertion opining that based on the audit procedures and evidence obtained, the financial statements are not materially misstated. “Cleaning up” the audit files after the opinion date, should be just that. Engagement teams should not be performing any audit procedures after the opinion has already been issued, as this would imply that the engagement team had no basis to assert it had done sufficient audit work as of the date of the opinion. The types of things that engagement teams could perform include deleting review notes that had been addressed by the engagement team prior to the audit opinion date or including a clean ticked and tied financial statements that already had been agreed to the working copy version in the file. The reality is, there should be limited need to document any procedures after the opinion date and perform clean-up, if reviews are happening real time. Can you make changes to the audit documentation after archiving an audit file? Yes, the standard specifically discusses that there may be situations where, after an audit file has been archived, an engagement team determines that revisions need to be made to the audit file. However, the standard is very clear that documentation may only be added but never 'taketh away'. In circumstances where changes are made to an archived file, the engagement team must include documentation indicating (i) the date the information was added, (ii) the name of the person who prepared the additional documentation, and (iii) the reason for adding the information. We recommend that this documentation be robust such that it is very specific as to what changed in the workpapers. 2 How does all this tie in with the new Quality Management Standards? Finally, in very short order the Statement on Quality Management Standard 1 (SQMS 1) will be effective and all firms that report under AICPA auditing standards will be required to comply with the new QM standard. One of the objectives under Engagement Performance requires that firms establish quality objectives that ensure that engagement documentation is assembled on a timely basis after the engagement report. Audit firms should already be thinking about their processes and controls at the firm level to determine where they may have gaps in controls that won’t meet the control objectives required by the QM standard. What’s more, SQMS 1 will also require firms to start “testing” their quality controls meaning, you’re going to need to design tests to validate your engagement teams are documenting in accordance with audit standards, including timely archiving a complete and final set of audit workpapers. Given the ever-increasing complexity of the regulatory environment, firms will invariably struggle with certain elements of audit quality. But considering the foundational and elementary nature of audit documentation, it’s time we, as a profession, step up and ensure we comply with these standards. It’s October and the harvest has passed: let’s commit to no more low-hanging fruit. Geoff Dingle , JGA Managing Director, works with PCAOB-registered accounting firms helping them identify, develop, and implement opportunities to improve audit quality. With over 20 years of public accounting experience, he spent nearly half of his career at the PCAOB where he conducted inspections of audits and quality control. Geoff has extensive experience in audits of ICFR and firms’ systems of quality controls. Prior to the PCAOB, he worked on audits in various industries at Deloitte in Atlanta and Durban (South Africa). 1 PCAOB Rule 4006, Duty to Cooperate with Inspectors 2 Also refer to the requirements of AS 2901, Consideration of Omitted Procedures After the Report Date and AS 2905, Subsequent Discovery of Facts Existing at the Date of the Auditor’s Report

You probably have realized – especially if you have been waiting for yours -- there was a dearth of inspection reports published in the last two months. We assumed this pause in frequency and volume was to reengineer the reports in the queue into the new report format. However, that clearly is not the case. At the time of the release of this article, there have been 46 inspection reports issued with a report date during 2020. Of those 46 reports, 33 were under the new format while 13 kept the old format. JGA collects and analyses comprehensive firm information, inspection, and report data on a continuing basis to help us identify trends and keep our clients and readers informed. Here’s some of the characteristics on those inspection reports approved in 2020: