According to the PCAOB, there are approximately 3,400 brokers and dealers registered with the U.S. Securities and Exchange Commission (“SEC”).2 Audits of those 3,400 broker-dealers were performed by 305 PCAOB-registered firms.3
The January 30, 2024, Report states that the “PCAOB staff believes there is a need for significant improvement in the quality of broker-dealer audit and attestation engagements.”4
Since PCAOB standards became effective for broker-dealer audits in 2014, the PCAOB has inspected 324 registered audit firms conducting broker-dealer audits.5 Potential risks associated with the protection of customer funds and securities are prominent in the Inspection Staff’s process of which firms to select for inspection in any given year.6 While this results in a focus on clearing or carrying broker-dealers that maintain responsibility for the custody/control of customer funds and securities, the SEC also selects for review exempt broker-dealers that may also receive customer funds and securities before transmitting them to carrying broker-dealers.7
The PCAOB concluded that “[t]he overall deficiency rates in broker-dealer engagements remain unacceptably high” and noted that during 2023 the deficiency rates observed in 2022 “generally increased or remained elevated across engagement types and areas.”8
The deficiencies noted by the PCAOB included:
- Insufficient understanding of the broker-dealer industry
- Broker-dealers are subject to GAAP and regulatory requirements unique to the industry. Auditors of broker-dealers need (i) to have a sufficient understanding of the Net Capital Rule, and (ii) to be technically proficient with the Customer Protection Rule, the Quarterly Security Counts Rule, and the applicable Account Statement Rule when auditing broker-dealers that file a compliance report.9
- The service offerings of broker-dealers and related revenue recognition policies can vary. For example, one broker-dealer may conduct sales and redemptions of mutual fund products through an arrangement with a clearing broker, while another conducts direct-way sales with the mutual funds themselves. Such differences will affect how the auditor tests revenues and should alter the assertions made by the broker-dealer in its exemption report.10
- Certain auditing risks are more prevalent in the broker-dealer industry. Auditors may use information from clearing brokers as sources of audit evidence for substantive or controls testing. If they do, they should assess the reliability of that information for its intended use, and testing, for among other things, the completeness and accuracy of information.11
- Lack of Professional Skepticism
- Examples noted in the report that inspection staff have observed include one or more omitted or insufficient risk assessment procedures, no testing of one or more significant accounts, reliance on management inquiries without corroboration, errors and omissions from auditor reports, and not identifying departures from GAAP in broker-dealer financial statements.12
- Engagement teams often do not ask broker-dealer management about business operations and practices to identify questionable ethical behavior, including asking about processes and controls, customer complaints, and any specific incidents that have occurred.13
- Inquiries should include not just management, but other individuals involved in handling customer transactions and related responses to complaints received.14
- Lack of Rigor in Risk Assessment and Consideration of Internal Controls
- Unlike audits of certain public companies, there is no requirement for an engagement team to test a broker-dealer’s internal controls over financial reporting. However, broker-dealer engagement teams still need to sufficiently assess the broker-dealer’s internal control environment as part of identifying and assessing the risks of material misstatement and designing the nature, timing, and extent of its audit procedures to address those risks.15
- Engagement teams often do not obtain a sufficient understanding of the risks related to how the broker-dealer’s revenue transactions are initiated, authorized, processed, and recorded. Many broker-dealers are reliant on the controls and processes at service organizations (such as other broker-dealers) for these processes, which should also be understood and assessed during the risk assessment process.16
- Engagement teams may not be sufficiently focused on the broker-dealer’s written supervisory procedures. These procedures often address, among other topics, broker-dealer supervision and oversight, financial reporting, handling of customer funds and securities, and internal controls that focus on customer activities. While many of these procedures may appear to be operational in nature, the PCAOB views them as an essential element of the broker-dealer’s control environment that ultimately affect the financial statements.17
- Inexperience with PCAOB Standards
-
- Over 1,000 of 3,400 SEC-registered broker-dealers are audited by firms that audit no public companies and audit 50 or fewer broker-dealers.18
- The PCAOB concluded that “Given the lack of experience some audit firms have with these engagements, audit firms may not be spending enough time developing their understanding of the requirements of Exchange Act Rule 17a5, the Broker-Dealer Financial Responsibility Rules, and related internal controls over compliance at broker-dealers.”19
-
- Ineffective Engagement Quality Review
-
- Deficiencies have been consistently reported over the years with respect to the engagement quality review (EQR) reviewer’s failure to sufficiently evaluate the engagement team’s responses to significant risks identified by the engagement team. Some of the EQRs performed were limited to little more than “proofreading” the final draft of the financial statements, supplemental information, and attestation reports and did not perform all the requirements of an EQR.20
-
Based on the issues noted by the PCAOB, auditors of broker-dealers can expect continued heightened scrutiny over how they perform their audits and examinations.
To learn more about the issues facing auditors, feel free to contact Jeffery A. Dailey at jdailey@daileyllp.com or visit https://daileyllp.com/accountants-liability/.
2Id. at 3.
3Id. at 3.
4Id. at 3.
5Id. at 3.
6Id. at 4.
7Id. at 4.
8Id. at 5.
9Id. at 6.
10Id. at 7.
11Id. at 8.
12Id. at 8.
13Id. at 8.
14Id. at 8.
15Id. at 9.
16Id. at 9.
17Id. at 9.
18Id. at 10.
19Id. at 12.
20Id. at 12.