The Public Company Accounting Oversight Board released a report last week detailing the first full year of implementation for Auditing Standard 5, which was adopted to replace Auditing Standard 2 in July 2007. Though the PCAOB was pleased with overall compliance in 2008, there were also "areas of concern," according to CFO.com.
For instance, though most auditors correctly assessed which accounts and/or processes represented the most risk and thus, needed to be audited, the board found that some did not account for the fact that differences in location could change the risk level of a particular process. Similarly, the board also found that some auditors did not test the highest risk processes or areas thoroughly enough, or failed to assess the "compensating controls" that were put into place after they found original controls weren't doing the job.
Moreover, though AS 5 allows auditors to use the work of others so that they aren't unnecessarily repeating testing, the board found some auditors would rely too heavily on the work of others in areas of greatest risk, or would not evaluate the work done by others to determine whether it was competent before choosing to rely on it.
That said, it appears most auditors are at least heading in the right direction as they apply AS 5, and if they use the PCAOB's findings from year one to guide their compliance in the rest of year 2, the results can only improve, right?