Broker-Dealer Audit Committee Resources

By Gregg Cothran, CPA, Business Assurance & Advisory Services Manager

Broker-Dealer Audit Committee Resources

Suggested questions to support a successful independent audit

Audit committees of today’s broker-dealers play a critical role in overseeing many aspects of their company’s activities and performance. Some of their many responsibilities include overseeing financial reporting, internal controls, risk assessment, ethics, compliance, and independent auditors, just to name a few. In addition to these many responsibilities, which are growing increasingly more complex in and of themselves, audit committees are also challenged by increased scope creep into other areas of their companies as well.

Of these numerous tasks, it’s particularly important for audit committees to remain informed and engaged in promoting audit quality for the benefit of investors. Studies have consistently shown that audit committees play a vital role in promoting high quality auditing through their oversight of the auditor and the overall audit process. As part of their audit oversight responsibilities, it is important that audit committees engage in effective two-way communication with auditors and ask relevant questions throughout the audit.

Questions to consider asking your auditor

Given the importance of overseeing independent auditors, there are fortunately numerous resources and guides available to help audit committee members navigate these responsibilities. Even if your broker-dealer doesn’t have a formal audit committee, these resources are still applicable to the overall board of directors themselves.

The Public Company Accounting Oversight Board (“PCAOB”) routinely provides guidance for auditors, audit committee members, investors, and others based on their observations in overseeing broker-dealers. Based on the recently published PCAOB’s “Spotlight: Audit Committee Resource” guide, Keiter has summarized some suggested questions that may be of interest for audit committee members to consider in discussions with their independent auditors:

Risk of fraud

  • Did the auditor identify any new risks of fraud in the current year audit, or were any procedures different from the prior year?
  • Did the auditor identify any significant unusual transactions, and if so, how did the auditor evaluate whether the transaction was for a legitimate business purpose?
  • What procedures did the auditor perform to identify potential related party transactions?
  • Did the auditor’s inquiries of management include whether possible illegal acts, such as potential noncompliance with sanctions and other laws or regulations, have occurred?
  • What procedures were performed by the auditor to address whether management perpetrated or concealed fraud by presenting incomplete or inaccurate financial statement disclosures or by omitting necessary disclosures?

Risk assessment and internal controls

  • How did the auditor gain a sufficient understanding of the business and management’s strategy?
  • What has the auditor done to understand and/or select and test relevant controls?
  • How did the auditor modify their audit approach in response to identified control deficiencies, if any?
  • How has the auditor contemplated relevant economic factors, such as inflation, rising interest rates, supply chain risks, and ability to access capital as part of its risk assessment procedures?
  • How has the auditor considered relevant economic factors that could affect the company’s ability to continue as a going concern?
  • How has the auditor considered the specific risks to the company’s internal control over financial reporting resulting from the company’s current information technology environment?
  • Does management use third-party service organizations? If so, what was the result of the auditor’s risk assessment and related audit response?

Auditing and accounting risks

  • How has the auditor considered the economic environment, including recent significant economic, accounting, or other developments, in its determination of whether an identified risk is a significant risk?
  • For areas where a significant risk was identified, has the auditor considered whether the company’s selection and application of accounting principles, including related financial statement disclosure requirements, were consistent with the applicable financial reporting framework?
  • How did the auditor consider potential management bias in developing significant estimates and assumptions? What observations, if any, did the auditor make about potential management bias during the audit?
  • What data and technology tools were used by the auditor in the performance of the audit? What incremental audit risks or benefits were introduced by this?

Talent and its impact on audit quality

  • Did the “great resignation” cause the audit firm to experience difficulties recruiting and retaining staff? If so, what is the audit firm doing to attract and retain talent to ensure that all engagement team members have appropriate levels of competency, degree of proficiency, training, and supervision?
  • Do the audit firm’s policies reflect procedures to adequately supervise and review engagement team members?
  • Did the audit firm conduct the audit in a remote/hybrid environment? If so, how did the engagement partner ensure that the engagement team was properly supervised?

Independence

  • What are the audit firm’s policies or procedures for identifying, evaluating, and addressing any threats to independence, in fact or appearance? What processes are in place to ensure all relationships that may reasonably be thought to bear on independence are properly communicated to the audit committee?
  • How does the audit firm employ automated systems or processes, if any, to identify relationships with restricted entities that may reasonably be thought to have an impact on independence?
  • How has the auditor considered whether there is any audit matter that involved challenging, subjective, or complex auditor judgment?

Cybersecurity

  • How did the auditor consider the risk of cyberthreats or cyber incidents?
  • Was the auditor made aware of cyber breaches within the company’s operations that may affect financial reporting?

For additional information from the PCAOB’s resource, please review the full guide on the PCAOB’s website:

The Keiter Financial Services Industry team closely monitors these and other industry publications to keep you updated and informed. If you have any questions, please reach out to your Keiter Opportunity Advisor | Email |Call: 804.747.0000.

Share this Insight:

About the Author


Gregg Cothran

Gregg Cothran, CPA, Business Assurance & Advisory Services Manager

Gregg Cothran is focused on developing a thorough understanding of his clients’ businesses and delivering high quality client service. He primarily provides assurance services in the form of audit and review engagements, but also enjoys partnering with his clients to identify more efficient and innovative approaches to accounting challenges.

More Insights from Gregg Cothran

The information contained within this article is provided for informational purposes only and is current as of the date published. Online readers are advised not to act upon this information without seeking the service of a professional accountant, as this article is not a substitute for obtaining accounting, tax, or financial advice from a professional accountant.

Categories

Contact Us