Financial executives feel that the requirements for documenting their organization’s internal controls are getting to be too much and many of them are behind the curve when it comes to applying technology for internal control over financial reporting, according to a new report.
The
down to the PCAOB here. We find ourselves often challenging back if [our auditors] need the documentation they’re asking for because they [really] need it. . . . What we typically find is that if we push a little bit, it’s more of their fear of not having their documentation in check, if they would get picked for a PCAOB review.”
This research was done by a team of academics from Arizona State University, Brigham Young University, the University of Illinois at Urbana-Champaign, and the University of Mississippi.
While overall they were satisfied with their outside auditors overall, the survey respondents reported that their auditors are requiring excessive documentation around certain control areas, which are seen as time-intensive and disruptive to business flow, etc. Those areas are routine estimates, data processing and disclosures.
Some of the survey respondents saw a significant amount of inconsistency among the various audit firms in terms of the amount of internal control documentation required. They perceive that to be based on the firms’ current standing with the PCAOB. One executive told the researchers that when his auditor had more negative PCAOB reviews than other Big Four firms, he saw
a significant increase in the amount of documentation that the auditor required.
“Furthermore, based on the PCAOB’s annual prescriptions based on inspections, it can feel like the goalposts are moving from year-to-year,” said the report.
One interviewee pointed to the impact of PCAOB inspection results, surmising that the impact flows from the PCAOB to the audit firm, and then to the preparer, as they’re often required to do more detailed work and provide more detailed documentation just to help the auditors feel more comfortable.
But as the documentation levels have creeped ever higher, financial executives have noticed that partners have voiced their disagreement with the PCAOB’s documentation requirements, even as they still make requests for more documentation.
“There’s always been a requirement to have documentation, but it’s the level of documentation [that external auditors require] today,” said one of the financial executives interviewed. “And, for sure it comes from, ‘If the PCAOB inspects me, I need to have evidence of our considerations of the company’s judgments.’ . . . There are times for sure, where we’re doing things . . . purely to help the auditors get a level of documentation they need. They’re like, ‘Yeah, I hear you. I agree with you. But I need more to be able to document this [for the PCAOB].’”
Nearly one-third of all the executives polled indicated they find each of these areas to be particularly challenging: non-routine transactions, income tax provisioning, and access to data.
The financial executives expressed disappointment with the lack of real-world examples in the guidance for internal controls over financial reporting, nearly impractical control documentation requirements, and hesitation about the application and adoption of emerging technologies within the ICFR ecosystem were among the top concerns conveyed. Finance execs want more concrete guidance and real-world examples.
For guidance, most financial executives rely on the COSCO framework followed by internal and external auditors. The top areas where the respondents indicated they want additional guidance and real-world examples are: justifying a position on the classification on an ICFR deficiency; monitoring controls, including testing for effectiveness; designing control activities; and identifying and analyzing risk.
Companies seem to have fallen far behind on applying technologies to help them with ICFR. Overall, the survey respondents expect emerging technologies to decrease corporate ICFR risks. The respondents pointed to the following as the ICFR risk areas most likely to be positively impacted by the adoption of emerging technologies: failure to prevent material misstatements; unauthorized alteration of accounting information; failure to detect material misstatements by the external auditors; and failure to detect material misstatements internally.
However, the respondents also pointed to the shallow talent pool available of finance professionals who have the needed technology skills as being one of the most formidable barriers to technology implementation.
“One of the surprising results of this study is that some of the largest companies in the market are hesitant to adopt emerging technologies to improve ICFR because of the lack of qualified personnel to use the technology and the additional control risks that technology would introduce,” said study co-author Jeff Wilks, a professor at Brigham Young University’s School of Accountancy, in a statement. Finance execs with both accounting knowledge and IT talent are in huge demand and thus difficult to find in the current labor market.
“Although much has changed and financial executives overseeing corporate ICFR ecosystems are operating in uncertain times fueled by equal measures of disruption and opportunity, one constant rings clear—they remain committed to fostering a healthy ICFR ecosystem,” said Andrej Suskavcevic, president and CEO of Financial Executives International and the Financial Education & Research Foundation, in a statement Tuesday. “At this crucial point, financial executives will have to be more mindful about incorporating great amounts of flexibility and resiliency to support a future that seems less forgiving to manual processes and in-person collaboration.”