Transcript Powerpoint slides - Center for Audit Quality

CAQ WEBCAST
AS 5: Preparing for Integrated Audits
of Non-Accelerated Filers
September 25, 2008
The views expressed by the presenters do not necessarily represent the views, positions, or opinions of
the Center for Audit Quality or the presenters’ respective organizations. These materials, and the oral
presentation accompanying them, are for educational purposes only and do not constitute accounting or
legal advice or create an accountant-client or attorney-client relationship.
Slide 1
CAQ Task Force
•
BDO Seidman LLP
•
Crowe Horwath LLP
•
Deloitte LLP
•
Ernst & Young LLP
•
Grant Thornton LLP
•
KPMG LLP
•
McGladrey & Pullen LLP
•
PricewaterhouseCoopers LLP
Slide 2
Today’s Objectives
Today’s program is designed to help you better
understand:
 How to effectively plan an integrated audit to gain efficiency
and eliminate redundancy
 How to use a top-down risk-based approach to focus on areas
of greatest risk
 How to communicate with management to obtain
effectiveness and efficiency for all parties
Slide 3
Today’s Panelists
Wendy Campbell, CPA
Executive
Crowe Horwath LLP
Trent Gazzaway, CPA
Managing Partner of Corporate Governance
Grant Thornton LLP
Gregory S. Wilson, CPA
Deputy Director - Inspections
Public Company Accounting Oversight Board
**********
Cynthia M. Fornelli
Moderator & Executive Director
Center for Audit Quality
Slide 4
Caveat
The views expressed are my own views and do
not necessarily reflect the views of the Board,
individual Board members, or the staff of the
PCAOB.
Slide 5
PCAOB Inspections Overview
Audits of Internal Control Over Financial
Reporting (ICFR) – “The Journey”
• 2005 inspection year (“Year of Chaos”)
– First year of inspections of audits of ICFR under AS
No. 2
• 2006 inspection Year (“Year of Efficiency”)
– Focus on May 16, 2005 PCAOB Q&A
– PCAOB announces intent to amend AS No. 2 on May
17, 2005
Slide 6
PCAOB Inspections Overview
Audits of Internal Control Over Financial
Reporting (ICFR) – “The Journey”
• 2007 inspection year (“Year of Transition”)
– Proposed ICFR audit standard issued December 19,
2006 to supersede AS No. 2
– Reinforce concepts embraced in proposal
– Avoid concepts dropped in proposal
Slide 7
PCAOB Inspections Overview
Audits of Internal Control Over Financial
Reporting (ICFR) – “The Journey”
• 2008 inspection Year (“Year of Learning”)
– AS No. 5 issued June 12, 2007
• Board “got the words right”
• Board Objectives
– Focus the audit on matters most important to internal
control
– Eliminate unnecessary procedures
– Scale the audit for smaller companies
– Simplify the requirements
Slide 8
PCAOB Inspections Overview
Audits of Internal Control Over Financial
Reporting (ICFR) – “The Journey”
• 2008 inspection Year (“Year of Learning”)
– SEC management guidance issued June 27, 2007
– Inspections approach
•
•
•
•
•
Sensitivity to timing
Integrated audit
Focus on most important matters in audit of ICFR
Eliminate unnecessary procedures
Sensitivity to auditor judgment
Slide 9
PCAOB Inspections Overview
Audits of Internal Control Over Financial
Reporting (ICFR) – “The Journey”
• Auditors and issuers becoming more comfortable
with ICFR audits
• Continuous improvement noted with focus on higher
risk areas
• Some hard lessons learned early on
• “Lessons learned” to be discussed today are
consistent with several year’s inspection findings
Slide 10
Topics
•
Understand and Use Management’s Assessment and
Documentation as a Starting Point
•
Integrate the Audits
•
Establish the Right Team
•
Identify Material Risks to Reliable Financial Reporting
•
Identify Controls Necessary to Sufficiently Address
Identified Risks
•
Take a Risk-Based Approach to Testing Identified
Controls
Slide 11
Understand and Use Management’s Assessment and
Documentation as a Starting Point
#1: Take advantage of company’s ICFR
evaluation testing and documentation in year
before first integrated audit
–
–
–
–
Knowledge share
Foundation for future audits
Established approach
Effect on substantive testing
Slide 12
Understand and Use Management’s Assessment and
Documentation as Starting Point
#2: Early and frequent
communication/coordination with management
yields more effective/efficient audit process
• Support audit efficiency through existing evaluation
process
• Provide suggestions and considerations for effective
and efficient assessment
Slide 13
Understand and Use Management’s Assessment and
Documentation as a Starting Point
#3: Coordinate timing of management's work to
enable use by the auditor
• Establish timelines with management
• Hold periodic status meetings
• Update the audit committee on progress
Slide 14
Understand and Use Management’s Assessment and
Documentation as a Starting Point
#4: Identify/assess risks and controls that may
have pervasive effects on the assessment and
effectiveness of ICFR
•
Early identification of pervasive deficiencies can
eliminate unnecessary testing
•
Early identification of effective entity-level controls
may eliminate the need to test lower level controls
Slide 15
Understand and Use Management’s Assessment and
Documentation as a Starting Point
#5: Consider implications of any unremediated
deficiencies
• Discuss management's plans to remediate, if any
• Consider effect on the ICFR audit
• Consider effect on the financial statement audit (i.e.
planned control reliance strategy)
Slide 16
Integrate the Audits
#6: Plan audit of ICFR and audit of financial
statements as a single integrated audit
• Conduct a single risk assessment
• Where a controls reliance approach is not used,
consider the results of substantive tests for risk
implications for the audit of ICFR
• Increased efficiency through reduced effort related
to substantive testing in the financial statement audit
Slide 17
Integrate the Audits
#7: Consider employing controls reliance
approach in first year of required Section 404(b)
audit of ICFR
• Assess the effectiveness of controls that affect the
controls reliance approach early
• Early coordination and testing provide for effective
and efficient implementation of this approach
Slide 18
Integrate the Audits
#8: Perform control tests in conjunction with
substantive tests where audit procedures meet
objectives of both
• A single test may achieve more than one objective
• Identify areas for dual purpose/concurrent testing:
–
–
–
–
Management estimates
Account reconciliations
Roll-forward procedures
Sampling
Slide 19
Integrate the Audits
#9: The results of substantive testing should
inform the ICFR risk assessment and control
effectiveness conclusions
• Evaluate results of substantive tests and their implication on the
effectiveness of internal control
• Design the integrated approach to include consideration of
substantive testing results
• Results of substantive tests do not, on their own, provide sufficient
evidence to conclude that internal control is effective
Slide 20
Integrate the Audits
#10: Coordinate ICFR and substantive tests
among those performing the work
• Integrated teams:
– Reduce duplicative efforts
– Facilitate testing to achieve objectives of the internal
control audit and the financial statement audit
Slide 21
Establish the Right Team
#11: Planning and execution of an integrated audit
requires early, close and continuous involvement
by experienced engagement team members
• Plan for more partner, manager, and specialist
involvement
• Timely review and supervision…in every phase
Slide 22
Establish the Right Team
#12: Involve auditors with ICFR auditing
experience or integrated audit training
• Take advantage of the learning curve
• Provide training, including COSO and AS5
• Recognize importance of on-the-job training
Slide 23
Identify Material Risks to Reliable Financial
Reporting
#13: Apply a top-down, risk-based approach to
identify significant accounts and disclosures and
their relevant assertions
• Begin at the financial statement level, not process or
control level, then consider disaggregating line items
• Use professional judgment to identify material risks
Slide 24
Identify Material Risks to Reliable Financial
Reporting
#14: Tailor the audit approach based on a refined
risk assessment
• Carefully design the risk assessment process
– Consider “what could go wrong” (in a material sense)
– Focus at the assertion level
Slide 25
Identify Material Risks to Reliable Financial
Reporting
#15: Achieve AS5 paragraph 34 objectives by
performing different combinations of procedures,
including walkthroughs
• Walkthroughs are not required by AS5; however
they are frequently the most effective method
– Confirm understanding through planning, risk
assessment and other activities performed
– Consider prior year results and changes
– Develop and ask probing questions
Slide 26
Identify Material Risks to Reliable Financial
Reporting
#16: IT applications and their control environment
influence the identification of financial reporting
risks
• Consider IT-related risks as part of the overall risk
assessment
• Gain efficiency through automated controls
• When general IT controls are deemed ineffective, consider
whether automated controls can be tested directly
Slide 27
Identify Controls Necessary to Sufficiently
Address Identified Risks
#17: Apply a top-down approach to identify
controls that sufficiently address identified risks
• Consider:
– Entity level controls that are direct and precise and may eliminate
other control testing
– Entity level controls that may reduce but not eliminate other
control testing
– Automated controls
– Manual transaction-level controls
– Preventive and detective controls
Slide 28
Take a Risk-Based Approach to Testing
Identified Controls
#18: Maximize opportunities for using the work of
others
• Assess the competence and objectivity of the persons
performing the work
– Individuals may include internal audit, 3rd parties, and/or other
company employees
– Competence should relate to the control being tested
• Consider risk associated with the control
• Discuss nature, timing and extent of testing with management
Slide 29
Take a Risk-Based Approach to Testing
Identified Controls
#19: Vary the nature, timing, and extent of
controls testing based on risk associated with each
control
• Make use of existing knowledge (every control does not need
to be tested to the same extent each year)
• Flexibility exists in varying timing of control testing
• Statistical sampling not required for all testing
• Benchmarking strategies
Slide 30
Take a Risk-Based Approach to Testing
Identified Controls
#20: Testing controls at an interim date may
improve effectiveness and efficiency of integrated
audit
• Supports planned control reliance
• Perform substantive testing procedures at an interim date
concurrent with control testing
• Consider relevant risks and other factors to determine
whether, and to what extent, roll-forward or update testing is
necessary
Slide 31
Take a Risk-Based Approach to Testing
Identified Controls
#21: An ineffectively designed control need not be
tested for operating effectiveness
• Testing may cease when sufficient evidence
indicates a control is not designed effectively or
does not operate effectively
• May need to test remediated controls
Slide 32
Available Resources
• PCAOB
Auditing Standard No. 5: An Audit of Internal Control Over Financial Reporting That is
Integrated with an Audit of Financial Statements
http://www.pcaobus.org/Standards/Standards_and_Related_Rules/Auditing_Standard_No.5.aspx
•PCAOB Staff Guidance for Auditors of Smaller Public Companies - AN AUDIT OF INTERNAL
CONTROL THAT IS INTEGRATED WITH AN AUDIT OF FINANCIAL STATEMENTS (Pending)
http://www.pcaobus.org/Standards/Standards_and_Related_Rules/AS5/Guidance.pdf
•SEC Guidance Regarding Management’s Report on Internal Control Over Financial Reporting Under
Section 13(a) or 15(d) of the Securities Exchange Act of 1934 http://www.sec.gov/rules/interp/2007/338810.pdf
•COSO Internal Control – Integrated Framework - http://www.coso.org/IC-IntegratedFrameworksummary.htm
•COSO Guidance on Monitoring Internal Control Systems (Exposure Draft)
http://www.coso.org/guidance.htm
•COSO Internal Control Over Financial Reporting – Guidance for Smaller Public Companies
http://www.coso.org/ICFR-GuidanceforSPCs.htm
Slide 33
Questions & Summary
Slide 34
Join the CAQ today!
Visit www.theCAQ.org/members
or call
1-888-817-3277
Slide 35
Thank you for participating!
Please visit us at
www.theCAQ.org
or call
1-888-817-3277
Slide 36