The initial batch of audit reports for large accelerated filers describing critical audit matters was recently released, and they don’t necessarily provide a whole lot of illuminating information.
“The first round of companies that have issued their financial statements with the auditors’ reports that have the critical audit matters show that, even for very large companies, there weren’t a lot of critical audit matters identified,” said Andrew Burczyk, president and chairman of the board at Top 100 Firm Mayer Hoffman McCann.
The Public Company Accounting Oversight Board has begun requiring audit firms to include a discussion of any critical audit matters, or CAMs, within their audit reports, starting with the biggest public companies — large accelerated filers — for fiscal years ending on or after June 30, 2019. A CAM is defined by the PCAOB as any matter arising from the audit of the financial statements that was communicated or required to be communicated to the audit committee and that relates to accounts or disclosures that are material to the financial statements; and involved especially challenging, subjective, or complex auditor judgment.
While MHM didn’t have any audit clients with June 30 deadlines to whom the CAMs requirement applies, it has several with Dec. 31, 2019, year ends. MHM has been keeping an eye on what other firms have been doing, such as Deloitte, whose client Microsoft released a
Burczyk finds the company's disclosures surprisingly slight. “Deloitte had two critical audit matters for Microsoft, which is a multibillion-dollar company," he said. "There’s a little bit of a surprise in that, for a company that big, you’d only have two critical audit matters. It will be interesting to see if the PCAOB comes back and says this achieved or didn’t achieve their desired results. When I read the details in the critical audit matters identified, it struck me as more boilerplate than providing any insight as to what the true risks of those areas were for Microsoft. That held true for several others I looked at from the 6/30 reporting cycle. I think people are going to be underwhelmed with the critical audit matters.”
Micrsosoft's CAMs section included discussions of revenue recognition and income taxes, noting, “The Company recognizes revenue upon transfer of control of promised products or services to customers in an amount that reflects the consideration the Company expects to receive in exchange for those products or services. The Company offers customers the ability to acquire multiple licenses of software products and services, including cloud-based services, in its customer agreements through its volume licensing programs.”
The income taxes discussion is a bit juicier, pointing out, “The Company’s long-term income taxes liability includes uncertain tax positions related to transfer pricing issues that remain unresolved with the Internal Revenue Service. The Company remains under IRS audit, or subject to IRS audit, for tax years subsequent to 2003. While the Company has settled a portion of the IRS audits, resolution of the remaining matters could have a material impact on the Company’s financial statements.”
The PCAOB staff guidance on CAMs advises auditors to “avoid the use of boilerplate language and overly technical accounting and auditing terms.” However, firms and their clients want to avoid the risk of lawsuits, and that may incentivize them to rely on legally approved language. “With the professional liability risk that firms face, you can understand why for a firm, generic and boilerplate is probably better than specific and detailed,” said Burczyk.
A Deloitte audit official defended the firm’s approach to CAMs disclosures. “I would say that what we try to tell teams is to be very precise about why you identified a matter as a CAM, and it should be tailored to the facts and circumstances of your engagement,” said Lisa Smith, managing director in director in the Big Four firm’s national office of quality and professional practice, who is leading implementation of CAMs at the firm. “In terms of being boilerplate, you could see certain matters identified as a CAM for similar reasons, but I think you’ll see different words used, because I think it’s going to be to the facts and circumstances of each engagement. We did try to encourage our auditors to try to speak plain English and avoid accounting and audit terminology that investors and other financial statement users might not understand.”
Smith declined to specifically comment on the Microsoft audit report, but she believes Deloitte and other firms are going to mostly avoid boilerplate language. “I would say that, all and all, I don’t think there’s not a lot of boilerplate out there,” she said. “It will be interesting to see the impressions from investors. In general I think firms are trying to avoid boilerplate. But as you can see from the results, something like goodwill was identified most commonly as a CAM, and there are going to be commonalities in how you account for goodwill in a company, or there could be some similar language between disclosures between companies, so you might see some of that in the CAMs. I think some of that goes to the commonality on an account balance.”
Deloitte recently posted an
“As of August 30, there were 52 reports issued,” said Smith. “In terms of what we’re seeing, we did see a link between significant judgments made by management and the auditor’s judgment in performing audit procedures and evaluating the results of those procedures. We did also see CAMs that were identified as a result of complexities in the audit, such as evaluating complex calculations, evaluating tax laws. From those results, I think you’ll see that goodwill, revenue, acquisitions and related liabilities were the more common CAMs, as well as income taxes. And we found that to be consistent with what we saw during our dry runs that we performed over the past year.”
Testing the process
To test the CAMs process, which expanded the traditional audit report beyond the traditional pass/fail opinion into discussions of the matters that arose during discussions between auditors and the audit committee, the PCAOB encouraged auditing firms to do “dry runs” with their clients to see how the new requirement would work.
“The dry runs gave us the opportunity to practice the art of writing CAMs in a clear and concise manner, and hopefully it will be understandable by a broad readership,” said Smith. “That was really the intent. Overall the objective was to provide more transparency into the audit. When we think about implementing the standard, we always go back to that objective. This is the objective, to provide more relevant information about the audit and the matters that were most critical to the auditor.”
A
CAMs are perhaps the biggest change to audit reports in over 70 years. While the number of CAMs are expected to vary for each engagement, most audit reports are likely to have at least one CAM, though a lengthy list could detract from the goal of communicating what was in fact a critical matter that arose during the audit.
Top 7 Firm BDO USA has been devoting considerable resources to implementing the CAMs requirements. “There is a level of work, effort and attention necessary,” said Phillip Austin, BDO’s national assurance managing partner. “We’ve been taking all of the required communications with the audit committee, and there are many, through the last five company audits. The audit may run for a number of months or a 13-month period, and then evaluating each communication as a potential CAM. Once those critical audit matters are identified, we’re working out what the critical considerations were, and describing the audit response. We’re talking with the engagement partner, senior managers and specialists to assess, evaluate and determine what goes in the report. That’s not a simple exercise. It’s not quick and easy. It’s thoughtful. It takes time. It has to be done very well because the ultimate result is a public paragraph that investors and other users are going to look to. That’s a different level of importance compared to something that is in the audit workpapers and surrounds our conclusions. This has to convey to third parties in simple, nontechnical English the nature of what the audits were and how the auditor responded.”
Investors are showing more confidence in the audit profession, and it’s hoped that CAMs will bolser that attitude. According to the Center for Audit Quality’s
CAMs aren’t going to be required for audits of brokers and dealers; registered investment companies other than business development companies; employee stock purchase, savings and similar plans; or emerging growth companies.
“It’s for a subset of public companies,” said Austin. “The PCAOB in their initial establishment wanted to have an audit report that was more informative for companies where they felt that information had more relevance to the investors. In doing that, they chose a breakpoint. That breakpoint excluded a number of entities. If you look at the breakpoint they chose, it does amount to the vast majority of the capital markets in terms of value. I think the PCAOB focused making it a requirement that creates a set of information that’s meaningful to users, and targets the portion of the capital markets that makes the most difference.”
Smith offered some lessons learned and advice for implementing CAMs at Deloitte. “I would say start early and communicate regularly with management and the audit committee,” she said. “Many CAMs can be identified as part of planning the audit. Although other matters might arise as the year goes by, for those matters that a team believes might be a CAM during planning, go ahead and start talking to clients now. This also gives clients or companies the opportunity to reassess their disclosures in these areas to make sure that they are clear. The other thing we found is that it really gives clients the opportunity to work internally and to bring all the appropriate parties to the discussion, for example. investor relations and general counsel.”