One of the fundamental changes that occurred upon passage of the Sarbanes-Oxley Act of 2002 is that the audit profession is no longer allowed to be self-regulatory.
Now, the Public Company Accounting Oversight Board (PCAOB) has the authority to assess whether audit firms are conducting high quality audits. To make that assessment, the PCAOB conducts formal inspections of audits completed by audit firms registered with the PCAOB, and the results of those inspections are made public on the PCAOB's web site (www.pcaobus.gov and follow the links to inspection reports). The inspection teams select certain higher-risk areas for review and inspect the engagement team's audit documentation and interview engagement personnel regarding those areas. The areas subject to review include, for example, revenues, reserves or estimated liabilities, derivatives, income taxes, related party transactions, supervision of work performed by foreign affiliates, assessment of risk by the audit team, and testing and documentation of internal controls by the audit team. The inspection team also analyzes potential adjustments to the issuer's financial statements that had been identified during the audit but not recorded in the financial statements. For some engagements, the inspection team reviews written communications between the audit firm and the issuer's audit committee.
The reports that have been released to the public contain a variety of examples of audit engagements in which auditors have had difficulty in properly assessing and responding to weaknesses in client internal controls. Excerpts of these difficulties are as follows:
Audit Firm 1:"In this audit, the Firm's internal control testing and substantive procedures related to revenue were deficient. The Firm assessed control risk for revenue as 'below maximum' in an environment that the Firm concluded had 'pervasive weaknesses' in IT general controls. The nature and extent of the Firm's substantive procedures were not sufficient in a high control risk environment and inappropriately relied on system-generated information without testing the source data."
Audit Firm 2:"The issuer used a service organization for payroll services, and the Firm placed reliance on the controls at the service organization with respect to vacation expense and accrual testing. The Firm, however, had not obtained an understanding of the internal controls at the service organization through its own assessment, nor had it obtained an auditor's report on the service organization prepared in accordance with AU 324, Service Organizations. Thus, the Firm should not have relied on the controls at the service organization."
Audit Firm 3:"PCAOB standards require the auditor to test internal controls before relying on them for the purpose of designing and performing the substantive audit procedures. In 13 instances involving the audits of 10 issuers, the Firm failed to test, or failed to perform sufficient tests of, controls that the Firm relied on in designing and performing its substantive audit procedures. The instances included the following:
• The Firm relied on information technology ('IT') application controls that had not been tested for several years.
• The Firm did not sufficiently address the effects of deficiencies in IT program access controls, change-management controls, or application controls.
• The Firm relied on change-management controls that had been tested only for the first half of the year without performing appropriate updating procedures.
• The Firm relied on IT system-generated data without testing the IT general computer and/or application controls.
• The Firm tested controls using samples that were smaller than necessary to support reliance on the types of controls being tested."

Required
a. Comment on the PCAOB's inspection process, focusing on (1) why it is considered important to audit quality and (2) how it may improve audit quality.
b. Review the comments from the inspection reports. What common problems did the PCAOB detect during the inspections?
c. Considering the problems detected by the PCAOB, why do you think they were concerned about those particular issues? How could the problems in the audit procedures have affected the nature of the audit opinion rendered on those engagements?
d. For two of the audit firms described earlier, the PCAOB detected problems involving information technology controls. Why are these controls so important to the proper functioning of an organization's financial reporting system? Why might auditors have particular difficulty in assessing these controls? What procedures could audit firms put into place to ensure that auditor difficulty in this regard is minimized?
e. Visit the PCAOB's web site and review two inspection reports of your choosing. Be prepared to discuss your findings during class.