EY PCAOB Inspection report 2023

Summary – EY saw a decrease in deficiency rates in 2023 compared to 2022. In 2022 the deficiency was at an all-time high of 46%

The Public Company Accounting Oversight Board (PCAOB) released the 2023 inspection reports in August for all of the big4 firms. In this series, we will go into details of the EY report. For PwC report, refer to this link.

Part I.A deficiencies

The PCAOB’s 2023 inspection of Ernst & Young LLP (EY) revealed that out of 59 audits inspected, 22 had Part I.A deficiencies. This was a slight improvement from 2022, where 25 out of 54 audits had deficiencies. In 2021, 12 out of 56 audits had Part I.A deficiencies.

The PCAOB often selects audits for inspection based on risk-based criteria. In 2023, 19 out of 22 audits in Part I.A were selected using this method1. This trend was similar in previous years, with 21 out of 25 in 2022 and 8 out of 12 in 2021. It’s important to note that a Part I.A deficiency does not necessarily mean the firm has not addressed it. Firms often perform remedial actions such as additional audit procedures, informing management of necessary changes, or preventing reliance on prior audit reports. The PCAOB may review the adequacy of these remedial actions and, if a firm fails to address deficiencies appropriately, may criticize its quality control system or pursue disciplinary action.

The key thing to note here “In connection with our 2023 inspection procedures for two audits, the issuer revised its report on ICFR, and the firm revised its opinion on the effectiveness of the issuer’s ICFR to express an adverse opinion and reissued its report. In addition, in connection with our 2023 inspection procedures for one of these audits, the issuer corrected a misstatement in a required disclosure in an amended Form 10-K.

For two audit clients, EY had to reissue its audit opinion. And as you read further into the PCAOB report, both these clients are in the Information Technology sector. Although the PCAOB report does not identify the issuers where EY had to revise its ICFR report, we know that for HP Inc., EY had issued a revised ICFR report due to a revenue item.

Audits affected by Part I.A deficiencies

2023

  • 12 audits had deficiencies in ICFR audit only.
  • 8 audits had deficiencies in financial statement audit only.
  • 2 audits had deficiencies in both financial statement and ICFR audits.

2022

  • 20 audits had deficiencies in both financial statement and ICFR audits.
  • 5 audits had deficiencies in financial statement audit only.

2021

  • 9 audits had deficiencies in both financial statement and ICFR audits.
  • 1 audit had deficiencies in financial statement audit only.
  • 2 audits had deficiencies in ICFR audit only.

Audit Areas Most Frequently Reviewed: A Three-Year Analysis (2021-2023)

Auditing complex financial statements requires meticulous attention to detail, especially in areas prone to significant risks. Over the years, certain audit areas have emerged as particularly critical due to their complexity, the involvement of estimates, and the requirement for rigorous controls. The following table presents an overview of the five audit areas most frequently selected for review by regulators in the years 2021 through 2023, along with the percentage of audits that resulted in Part I.A deficiencies.

2023 Audit Review Summary

In 2023, Revenue and Related Accounts remained the most frequently reviewed audit area, with 45 audits reviewed and 11 audits showing deficiencies. Other areas, including Business Combinations, Inventory, Goodwill and Intangible Assets, and Accruals and Other Liabilities, were also reviewed extensively.

2022 Audit Review Summary

In 2022, Revenue and Related Accounts remained the most problematic, with 42 audits reviewed and 15 showing deficiencies. Business Combinations and Inventory also saw significant reviews, although fewer deficiencies were noted in these areas compared to the prior year.

2021 Audit Review Summary

In 2021, Revenue and Related Accounts showed fewer deficiencies compared to subsequent years. Interestingly, Goodwill and Intangible Assets and Long-lived Assets were among the focus areas.

Audit Review Summary
2023 Audit Review Summary
Audit Area Audits Reviewed Deficiencies
Revenue and Related Accounts 45 11
Business Combinations 13 5
Inventory 13 3
Goodwill and Intangible Assets 10 1
Accruals and Other Liabilities 14 0
2022 Audit Review Summary
Audit Area Audits Reviewed Deficiencies
Revenue and Related Accounts 42 15
Business Combinations 26 4
Inventory 12 4
Debt 10 1
Investment Securities 9 2
2021 Audit Review Summary
Audit Area Audits Reviewed Deficiencies
Revenue and Related Accounts 28 7
Goodwill and Intangible Assets 16 1
Long-lived Assets 15 2
Debt 13 1
Accruals and Other Liabilities 10 0

Key Insights

1. Revenue and Related Accounts consistently ranked as the most frequently reviewed area across all three years. Its prominence reflects the complexity of revenue recognition and the high risk of error or manipulation.

2. Business Combinations and Goodwill/Intangible Assets are also highly scrutinized, as they involve significant estimates and complex judgments, often leading to a higher likelihood of deficiencies.

3. Other areas like Inventory, Debt, and Investment Securities were also significant but presented relatively fewer deficiencies, indicating perhaps stronger controls or more straightforward audit processes.

Two Issuers in the Information Technology Sector where deficiencies Identified in the audit led to a reissuance of ICFR opinion

Regarding the material weakness identified in the audit work for Issuer A in the Information & Technology, specifically related to Revenue and Related Accounts:

  1. Controls Over Data Accuracy and Completeness:
    • The firm did not test controls over the accuracy and completeness of data and reports used in revenue processing and recording.
  2. Automated Control Over Pricing:
    • The firm did not test the programming of an automated control for pricing appropriateness or the accuracy and completeness of pricing data.
  3. Sales Incentives Controls:
    • The firm did not test the control owner’s review of the accuracy of certain sales incentives.
    • The firm did not test the configuration or programming of an automated tool used to assess the accuracy of other sales incentives.
    • The firm’s testing of controls for recording sales incentives in the general ledger was insufficient due to an inadequate sample size.
    • The firm did not test the completeness of the population of items selected for testing these controls.

Outcome:

  • The issuer reevaluated its controls over sales incentives and identified a material weakness.
  • The issuer revised its report on ICFR to reflect this material weakness.
  • The firm revised its opinion on the effectiveness of the issuer’s ICFR to express an adverse opinion and reissued its report.

Here’s a summary of the deficiencies identified in the audit work for Issuer B, specifically related to Revenue:

Key Deficiencies Identified:

  1. Controls Over Standalone Selling Prices:
    • The firm did not test controls to ensure the methods used to estimate standalone selling prices conformed with FASB ASC Topic 606.
    • The firm did not evaluate whether these methods were in conformity with FASB ASC Topic 606.
    • The firm did not perform substantive procedures to evaluate the accuracy of disclosures related to standalone selling prices under FASB ASC Topic 606.

Outcome:

  • The issuer reevaluated its controls over the methods used to estimate standalone selling prices and identified a material weakness.
  • The issuer revised its report on ICFR to reflect this material weakness.
  • The firm revised its opinion on the effectiveness of the issuer’s ICFR to express an adverse opinion and reissued its report.
  • The issuer corrected a misstatement in its disclosures related to standalone selling prices in an amended Form 10-K.

PART I.B:  Other Instances of non-compliance with PCAOB standards or Rules 

Key Deficiencies Identified:

  1. Audit Documentation (AS 1215):
    • In 2 of 59 audits, not all relevant work papers were included in the final audit documentation.
  2. Communications with Audit Committees (AS 1301):
    • In 1 of 29 audits, required communications about other accounting firms or persons performing audit procedures were not made.
    • In 1 of 29 audits, significant changes to the planned audit strategy were not communicated to the audit committee.
    • In 2 of 29 audits, required communications to the audit committee were not made timely or before the auditor’s report was issued.
  3. Identifying and Assessing Risks of Material Misstatement (AS 2110):
    • In 1 of 59 audits, certain factors were not evaluated when determining no risks of material misstatement for significant accounts and disclosures.
    • In 1 of 59 audits, certain factors were not evaluated when assessing risks of material misstatement for a significant account.
  4. Audit of Internal Control Over Financial Reporting (AS 2201):
    • In 3 of 51 audits, control deficiencies identified during the audit were not communicated in writing to management or the audit committee.
  5. Consideration of Fraud in a Financial Statement Audit (AS 2401):
    • In 1 of 37 audits, the rationale for limiting testing of journal entries with fraud risk characteristics was not appropriate.
    • In 1 of 37 audits, characteristics of potentially fraudulent journal entries were not appropriately considered when selecting entries for testing.
  6. The Auditor’s Report on an Audit of Financial Statements (AS 3101):
    • In 1 of 58 audits, the audit report omitted one of the issuer’s financial statements.
    • In 2 of 43 audits, critical audit matters were not properly identified or communicated.
    • In 1 of 43 audits, the communication of a critical audit matter was inconsistent with audit documentation.
    • In 1 of 43 audits, the communication of a critical audit matter omitted necessary aspects.
  7. Auditor Reporting of Certain Audit Participants (PCAOB Rule 3211):
    • In 3 of 31 audits, Form AP included inaccurate information about the participation of other accounting firms.

PART I.C:  Firm Identified Independence Issues 

No independence issues were identified by the PCAOB. Independence issues identified by EY is as follows:

  • Period and Scope:
    • Over a nine-month period, the firm identified 66 instances of potential non-compliance across 45 issuers, representing about 3% of its total reported issuer audits.
    • Approximately 29% of these instances involved non-U.S. associated firms.
  • Common Instances of Potential Non-Compliance:
    • Financial Relationships (Rule 2-01(1) of Regulation S-X):
  • 41 instances, including investments in audit clients and non-audit services provided by partners or managers.
    • Employment Relationships (Rule 2-01(2) of Regulation S-X):
  • 9 instances, including firm employees also employed by audit clients and close family members of firm employees in oversight roles at audit clients.
    • Non-Audit Services (Rule 2-01(4) of Regulation S-X):
  • 5 instances, including prohibited services like management functions or legal services provided to affiliates of issuers.
    • Firm’s Actions:
  • The firm evaluated these instances and determined that its objectivity and impartiality were not impaired.
  • The firm communicated these instances to the issuers’ audit committees as required by PCAOB Rule 3526.

Read the full report here.

Related Posts