Addressing SOX Compliance Challenges With Workiva
The Differences Between an AICPA Audit and PCAOB Audit
Chocolate chip cookies might look like their oatmeal raisin cousins from ten feet or so, but your taste buds will always beg to differ. Things that look, sound, or even act the same often have significant differences between the margins. Accountants need not look any further than AICPA and PCAOB audits for proof of this time-tested dynamic -- and it pays to understand those important differences.
Of course, it’s quite the understatement to say that your friends at Embark aren’t well-versed in the intricacies of both the AICPA and PCAOB sides of the audit fence. Suffice it to say, we know our stuff. So on that note, we want to share a few insights on the two to give your team an informed perspective, helping you prepare for whatever an auditor might throw your way.
By far the older of the two, AICPA was founded in the 1940s to help auditors better perform their tasks, the more modern set of their self-regulatory audit standards taking root in the 1970s. The group has a diverse set of responsibilities that range in everything from preparing and grading the CPA examination and public financial education programs to -- the topic du jour -- setting audit standards for every size of company along with non-profits and government entities.
If you’re saying to yourself that those varied tasks seem like an awful lot for a single organization to handle, you’re right. You’d also be correct in surmising that an AICPA audit, given its auditor-friendly roots, has a distinctly less stringent focus. Simply put, it’s an audit opinion that concentrates on providing assurances to stakeholders that an organization’s financial statements are accurate, reliable, and free of material misstatements. Therefore, while the concurring partner is still meant to bolster the integrity of the process, their review is much lighter and non-evasive. An AICPA audit has a comparatively longer timeline and substantially lower in risk, where the PCAOB has absolutely no jurisdiction over the process.
If an AICPA audit is the kinder, gentler side of the audit coin, then a PCAOB audit is the more intense and scrutinizing one. In fact, its very name and founding speak volumes -- the Public Company Accounting Oversight Board, founded in 2002 as a part of Sarbanes-Oxley. PCAOB was formed in direct response to the many accounting scandals from that era that, collectively, shook investor confidence and broke the public’s trust in many publicly traded companies. Given the dynamic nature of industry, PCAOB adopts a forward-looking perspective to keep pace with changes in the financial environment, helping to ensure ongoing investor protection.
Therefore, the focus of a PCAOB audit has a distinct bent towards a company’s stakeholders and providing the investing public with clarity, accuracy, and accountability. As such, a PCAOB audit will have two opinions, one for financial statements and the other, ICFR, regarding your control environment and effectiveness. The auditor will typically have a lower materiality threshold due to the public nature of the company and the involved risk. This corresponds with a lower scoping materiality as well.
What exactly does all of that mean, you ask? There’s a heightened sensitivity in a PCAOB audit relative to its AICPA counterpart due to the lower materiality that impacts every aspect of the audit. Similarly, PCAOB involves a far more in-depth, evasive role for the concurring partner along with the possibility of an audit review from the PCAOB.
That last point, while rarely spoken of and even then strictly in hushed tones, is a key difference between an AICPA and PCAOB audit -- the consequences when things go south for an auditor are dramatically higher for a PCAOB audit. Aside from the shadow of the PCAOB itself looming over the auditor like a shadow, firms also have extensive review processes in place, where a committee looks over every filing prior to issuance to look for consistency across the entire firm. This required consultation only exists for PCAOB audits, not AICPA. Obviously, along with inherently higher standards, a PCAOB audit is more stringent, meticulous, and casts a wider net due to the lower materiality, all with an accelerated timeline.
Embark isn’t so bold to say that audits are nothing to sweat. They play a critical role in the industry and create balance and trust within our financial systems. However, as we’ve detailed, not all audits are created equally, so make certain to take the differences between an AICPA and PCAOB audit to heart. Know what you’re up against, the level of scrutiny to expect, and never forget that, like it or not, the audit process is in place for a greater good. Now we’ll get off of our soapbox and go back to providing you, our financial brethren, guidance and wisdom for your journey down the audit road.