TY - JOUR
T1 - PCAOB inspections
T2 - An analysis of entity-level and application-level control audit deficiencies
AU - Mascha, Maureen Francis
AU - Lamboy-Ruiz, Melvin A.
AU - Janvrin, Diane J.
N1 - Publisher Copyright:
© 2018 Elsevier Inc.
PY - 2018/9
Y1 - 2018/9
N2 - The Public Company Accounting Oversight Board (PCAOB) inspection process identifies deficiencies related to how firms conduct audits. Our work extends prior research by examining the type of internal control audit deficiencies (entity-level or application-level). Internal control audit deficiencies of both types may increase the risk of material misstatement, so the PCAOB is concerned with whether audit firms are performing appropriate procedures to identify entity-level and application-level internal control audit deficiencies, including those involving information technology general controls (ITGCs). Using text analysis to examine audit deficiencies by internal control type and firm size, we find that PCAOB inspection reports identify significantly more application-level than entity-level control audit deficiencies. Application-level control deficiencies generally involve revenue, inventory, and accounts receivable accounts whereas entity-level deficiencies often involve lack of centralized controls or controls over period end financial reporting. The number of application-level deficiencies identified for both Big 4 and second-tier firms varied between inspection years 2010 and 2015. However, the number of entity-level deficiencies, including ITGCs for both Big 4 and second-tier firms, held nearly steady during the period. Our findings should be of interest to practicing accountants, regulators, and other users of PCAOB inspection reports.
AB - The Public Company Accounting Oversight Board (PCAOB) inspection process identifies deficiencies related to how firms conduct audits. Our work extends prior research by examining the type of internal control audit deficiencies (entity-level or application-level). Internal control audit deficiencies of both types may increase the risk of material misstatement, so the PCAOB is concerned with whether audit firms are performing appropriate procedures to identify entity-level and application-level internal control audit deficiencies, including those involving information technology general controls (ITGCs). Using text analysis to examine audit deficiencies by internal control type and firm size, we find that PCAOB inspection reports identify significantly more application-level than entity-level control audit deficiencies. Application-level control deficiencies generally involve revenue, inventory, and accounts receivable accounts whereas entity-level deficiencies often involve lack of centralized controls or controls over period end financial reporting. The number of application-level deficiencies identified for both Big 4 and second-tier firms varied between inspection years 2010 and 2015. However, the number of entity-level deficiencies, including ITGCs for both Big 4 and second-tier firms, held nearly steady during the period. Our findings should be of interest to practicing accountants, regulators, and other users of PCAOB inspection reports.
KW - Application-level control
KW - Entity-level control
KW - Inspection report
KW - Internal control audit deficiency
KW - PCAOB inspection
UR - http://www.scopus.com/inward/record.url?scp=85049299465&partnerID=8YFLogxK
U2 - 10.1016/j.accinf.2018.06.002
DO - 10.1016/j.accinf.2018.06.002
M3 - Article
SN - 1467-0895
VL - 30
SP - 19
EP - 39
JO - International Journal of Accounting Information Systems
JF - International Journal of Accounting Information Systems
ER -