As an audit committee member, it is crucial to understand your role in ensuring the quality and reliability of your fund's financial reporting. The Public Company Accounting Oversight Board (PCAOB) has provided a new staff Spotlight, offering a comprehensive list of questions for audit committee members to consider during their discussions with independent auditors. These questions cover fraud risks, risk assessment, auditing and accounting risks, digital assets, merger and acquisition activities, the use of the work of other auditors, talent and its impact on audit quality, independence, critical audit matters and cybersecurity.
While the Spotlight condenses the regulatory agency’s focus down to 10 key areas, below we’ve focused on the six that we find the most impactful — adding our perspectives for committee members to contemplate concerning specific obligations, responsibilities and overall efficacy of an audit.
1. What Is the Fraud Risk at Our Fund?
During an audit, your auditor will determine the fund's susceptibility to fraud and consider other risks as part of the regular audit risk assessment. Auditors are also making additional risk assessment considerations outlined by the PCAOB as part of their priorities for 2023 inspections, including volatility in financial and commodity markets, mergers and acquisition activity, and the ongoing impact of remote/hybrid work environment.
Auditors should communicate with the audit committee, in both the planning and audit completion communications, areas identified as significant risks. In addition to the required discussions with your auditor, best practice suggests engaging with your auditor to discuss and further understand any new fraud risks, unusual transactions and related parties identified in the current year, and what procedures the auditors performed to address those new risks.
2. Can You Help Me Better Understand Our Risk Assessment and Internal Controls?
The audit committee needs to define which risks require regular discussion. Committees should continuously evaluate their risk governance structure to address new risks, and collaborate to review risk assessment, internal controls, economic factors and IT-related risks to help ensure effective oversight and mitigation strategies. During the audit committee meeting, it is vital to address the following points with your auditor:
- Learn how the auditor acquired a sufficient understanding of your business and management's strategy.
- Inquire about the auditor's evaluation and testing of relevant controls, including management review controls.
- Discuss any modifications to the audit approach in response to identified control deficiencies.
- Discuss the auditor's assessment of risks associated with third-party service organizations used by management.