I don't know if anyone else has noticed this, but reading about audit procedures is incredibly dull. It's nearly as dull as actually performing some of these procedures which probably explains why the PCAOB was forced to release Part II for the 2008 and 2009 inspection reports.
Luckily, reading about the failure of the most prestigious auditing firm on Earth to perform these procedures is slightly more interesting and we've dug up some of the more notable things from the two — TWO! I still can't believe it! — expanded reports that the PCAOB posted just a short time ago.
Before we get to the gory details, it's worth mentioning that the firm requested to issue a statement in conjunction with the PCAOB's announcement and the ever-so-gracious Board granted the request. Here's the portion that echos what Bob Moritz wrote in his memo/email that was leaked to Reuters:
The Release is based on the Board's determination that we did not address the matters contained in the Part II comments to the Board’s satisfaction during the 12 month period following issuance of the reports. We believe that our actions in response to the Part II comments were significant, but we acknowledge the Board’s determination with a view toward continued cooperation with the Board and in furtherance of our commitment to audit quality.
The Part II comments relate to some of the most complex, judgmental and evolving areas of auditing. Our actions relating to those areas, during the 12 months following issuance of the comments and thereafter, have included providing our audit professionals with enhanced audit tools, training and additional technical guidance to promote more consistent audit execution. We believe that these efforts have been important positive contributors to audit quality at our firm. We are proud of our focus on continuous improvement and of the dedication and high quality audit work performed by our partners and other professionals.
The deficiencies identified in areas with a high degree of judgment and potential for management bias, and in areas involving the application of complex accounting literature (such as * * * * and fair value), similarly suggest that the audit personnel * * * * were not adequately supervised. In addition, the deficiencies suggest the possibility that senior members of the engagement team were not devoting sufficient attention to developing an appropriate audit strategy for these areas and that quality review partners were not devoting sufficient attention to reviewing the audit strategy for these areas.
[D]eficiencies identified by the inspection team suggest that engagement teams may be placing too much reliance on management's responses to the teams' inquiries and not sufficiently challenging or evaluating management's assumptions, and that they may not be applying an appropriate level of professional skepticism in subjective areas susceptible to management bias.
The inspection team observed that the engagement partners for three of the six audits discussed in Part I.A had a significant number of issuer audit clients with year ends at or around December 31. For one of these three engagements, the hours reported by the engagement partner on the audit represented approximately 2.1 percent of the lead office audit hours. This was approximately 45 percent less than the average percentage of lead office engagement hours reported by the engagement partners on the other 49 issuer audits selected for inspection. The engagement partner for another audit described in Part I.A was responsible for four issuer audit clients with a calendar year end, an average market capitalization of approximately $2.7 billion, and average audit fees of approximately $1.1 million. These facts and the significance of the deficiencies in these engagements suggest that the Firm may not sufficiently monitor partners' workloads to ensure that they do not negatively affect partners' ability to effectively participate in the planning and execution of their audits and to appropriately supervise and review their audits.
In certain instances, in interactions with the inspection team or in responses to comment forms, engagement teams have asserted that cumulative audit knowledge and experience ("CAKE") represented a meaningful component of their audit assurance. The aforementioned concerns may indicate that engagement teams rely on CAKE to a greater degree than is appropriate. Although CAKE can be useful in planning and scoping the audit, using CAKE as a source of substantive assurance to address issues that arise during the execution of audit procedures may cause engagement teams to misjudge the level of audit comfort actually obtained.
Judging by this, everyone wants to have CAKE and audit too and the PCAOB is NOT comfortable with that.
Okay, that was hard and it wasn't even everything in 2008 but we have to keep going. 2009 is next.
In four audits, the inspection team identified deficiencies in the testing of these entity-level controls. Specifically, the Firm failed to 1) test that the entity-level control would operate at a level of precision sufficient to prevent or detect a material misstatement in the financial statements, 2) test the completeness and accuracy of the data used in the performance of the control, or 3) perform procedures, beyond confirming the occurrence of a meeting or observing evidence that the issuer's management had reviewed meeting documents, to test the operation of the control.
[I]n one audit, the Firm used the work of the issuer's internal audit group as a source of assurance, including for substantive audit evidence, but there was no evidence in the audit documentation, and no persuasive other evidence, that the Firm had assessed the competence and objectivity of this group or the quality and effectiveness of the internal auditors' work. In addition, in reviewing this audit, the inspection team identified deficiencies in the internal auditors' testing, which further suggests that the Firm failed to sufficiently review and evaluate the internal auditors' testing.