PwC Public Company Audit Process Overview | Generated by AI
Question: How does PwC audit public companies? What reports do they ask internal people for, such as in banking or other big tech companies?
Answer:
PwC (PricewaterhouseCoopers), as one of the Big Four accounting firms, conducts audits of public companies to provide an independent opinion on whether their financial statements present a true and fair view in accordance with applicable accounting standards, such as GAAP (Generally Accepted Accounting Principles) in the US or IFRS (International Financial Reporting Standards) internationally. For public companies, these audits also ensure compliance with regulations like the Sarbanes-Oxley Act (SOX) in the US, which emphasizes internal controls over financial reporting. PwC’s audit approach is technology-enabled, people-led, and focuses on quality, risk assessment, and stakeholder trust. The process involves close collaboration with the company’s management, internal personnel, and audit committee throughout.
Overview of PwC’s Audit Process
The audit process typically follows five main phases, as outlined in PwC’s guidance on financial statement audits:
-
Planning Phase: Auditors perform initial activities, such as accepting the client, verifying independence, assembling the audit team, and determining the scope, timing, and extent of procedures. They gather preliminary information to understand the business.
-
Risk Assessment Phase: Using knowledge of the company’s industry, operations, and external environment, auditors identify and assess risks of material misstatement in the financial statements. This includes evaluating internal controls and potential fraud risks.
-
Audit Strategy and Plan Development Phase: Auditors create an overall strategy and detailed plan, including testing methods, reliance on internal controls, timelines, and resource allocation. The plan is reassessed as needed based on new information.
-
Evidence Gathering Phase: This is the core execution stage where auditors collect evidence to support or challenge management’s assertions. They apply professional skepticism through controls testing and substantive procedures, such as inspecting assets, examining records, obtaining third-party confirmations (e.g., from banks or suppliers), comparing data to external sources, and verifying calculations.
-
Finalization Phase: Auditors review all evidence, form conclusions, and issue an audit opinion. They also discuss findings with management and the audit committee, addressing any adjustments or disclosures.
Throughout these phases, PwC auditors maintain ongoing discussions and meetings with management at operational and executive levels, as well as with the audit committee (which oversees the audit, evaluates auditor performance, and handles escalations). Auditors challenge management’s assumptions and representations using professional judgment and skepticism.
Reports and Documents Requested from Internal Personnel
PwC auditors request a wide range of documents, reports, and information from the company’s internal teams (e.g., finance, accounting, operations, and compliance personnel) to verify financial data, assess controls, and test transactions. These requests are tailored to the company’s size, complexity, and industry but generally include supporting evidence for financial statements. Auditors may ask for electronic or physical records, explanations, and representations.
General Documents Requested Across Industries
- Financial Statements and Disclosures: Draft or final versions prepared by management, including balance sheets, income statements, cash flow statements, and notes.
- Supporting Books and Records: General ledger, trial balances, journals, and sub-ledgers to trace transactions and balances.
- Transaction Records: Invoices, receipts, contracts, purchase orders, and payment vouchers for testing revenues, expenses, assets, and liabilities.
- Internal Control Documentation: Descriptions of systems, processes, policies, and testing results for assessing the effectiveness of controls over financial reporting (critical under SOX for public companies).
- Management Representations: Written confirmations from executives on material assumptions, accounting estimates, fraud risks, and compliance with laws.
- Accounting Policies and Estimates: Details on revenue recognition, valuation methods (e.g., for inventory or intangibles), and significant judgments.
- Going Concern Assessments: Reports on the company’s future prospects, cash flow forecasts, and any material uncertainties.
- Fraud Prevention Information: Details on management’s efforts to detect and prevent fraud, including risk assessments and incident reports.
- Annual Report Narratives: Management discussion and analysis (MD&A) sections to check for consistency with audited financials.
- Metrics and Analytics: Working capital ratios, key performance indicators (KPIs), and other financial metrics relevant to the business.
- Third-Party Confirmations: While auditors often obtain these directly, they may request internal support for items like bank reconciliations or supplier statements.
In the evidence gathering phase, auditors may also request access to perform walkthroughs of processes, observe inventory counts, or inspect physical assets.
Sector-Specific Examples
Audits are customized to industry risks. For banking and big tech companies, PwC focuses on sector-specific complexities like regulatory compliance, risk management, and intangible assets.
- Banking Companies (e.g., large banks like JPMorgan or Wells Fargo):
Auditors emphasize credit risk, liquidity, and regulatory filings due to the highly regulated nature of banking. In addition to general documents, they often request:
- Loan and Deposit Records: Loan agreements, credit files, collateral valuations, and provisioning calculations for expected credit losses (under CECL or IFRS 9).
- Bank Statements and Reconciliations: Detailed bank confirmations, cash balance verifications, and interbank transaction logs.
- Risk Management Reports: Internal risk assessments, stress testing results, and compliance reports with regulations like Basel III or FDIC requirements.
- Regulatory Filings: Copies of Call Reports, FR Y-9C, or other submissions to regulators for cross-verification.
- Investment Portfolios: Documentation on securities holdings, fair value measurements, and impairment analyses.
- Anti-Money Laundering (AML) and Compliance Docs: Customer due diligence files, suspicious activity reports, and internal audit findings on controls.
- Interest Rate and Market Risk Models: Assumptions and outputs from models used for hedging or derivatives.
These help auditors test for accurate reporting of assets under management, interest income, and potential off-balance-sheet exposures.
- Big Tech Companies (e.g., companies like Apple, Google, or Amazon):
Focus is on revenue recognition (e.g., from subscriptions or cloud services), intellectual property, and rapid innovation. Specific requests may include:
- Contracts and Agreements: Customer contracts, vendor agreements, licensing deals, and partnership arrangements (e.g., for software-as-a-service or ad revenue).
- Revenue Recognition Details: Breakdowns of deferred revenue, multi-element arrangements, and performance obligations under ASC 606.
- Intellectual Property Valuations: Reports on patents, trademarks, or R&D capitalization, including impairment tests for goodwill from acquisitions.
- Data and Analytics Reports: Metrics on user engagement, cloud usage, or e-commerce sales to support revenue figures.
- Stock-Based Compensation Docs: Grant agreements, valuation models (e.g., Black-Scholes), and expense calculations.
- Cybersecurity and Data Privacy Reports: Internal assessments of controls over data breaches or compliance with GDPR/CCPA, as these impact contingent liabilities.
- Supply Chain and Inventory Records: For hardware-focused tech (e.g., Apple), purchase orders, supplier confirmations, and inventory valuation reports.
- Acquisition-Related Docs: Purchase price allocations, earn-out agreements, and integration reports for M&A activities common in tech.
Auditors may also request access to ERP systems or data analytics tools to perform large-scale testing.
PwC’s audits aim to reduce disruption through technology (e.g., data analytics for full population testing) while providing deeper insights. If issues arise, auditors may escalate to the audit committee. The final output is an audit report with an opinion (unqualified, qualified, etc.), which is filed publicly for listed companies (e.g., in Form 10-K).
References:
- https://www.pwc.com/im/en/services/Assurance/pwc-understanding-financial-statement-audit.pdf
- https://www.pwc.com/us/en/services/audit-assurance/financial-statement-audit.html
- https://www.mgocpa.com/perspective/how-to-prepare-your-tech-company-for-a-financial-audit/
- https://www.fdic.gov/bank-examinations/external-auditors-reports-communication-internal-control-deficiencies
- https://www.illumeo.com/what-documents-do-i-need-for-an-audit-2/