1 / 43

CAQ WEBCAST PCAOB Insights on Internal Control: A Discussion on Auditing Standard No. 5

CAQ WEBCAST PCAOB Insights on Internal Control: A Discussion on Auditing Standard No. 5.

Gideon
Download Presentation

CAQ WEBCAST PCAOB Insights on Internal Control: A Discussion on Auditing Standard No. 5

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. CAQ WEBCAST PCAOB Insights on Internal Control: A Discussion on Auditing Standard No. 5 The views expressed by the presenters do not necessarily represent the views, positions, or opinions of the Center for Audit Quality or the presenters’ respective organizations. These materials, and the oral presentation accompanying them, are for educational purposes only and do not constitute accounting or legal advice or create an accountant-client or attorney-client relationship. Slide 1

  2. Join the CAQ today! Visit www.thecaq.org/members or call 1-888-817-3277 Slide 2

  3. Today’s Objectives • Today’s program is designed to help you better understand: • Notable changes made to the PCAOB’s internal control auditing standard no. 2 • Overview of AS 5 and insights on how it can be scaled for smaller, less complex companies • Overview of SEC’s Management Guidance on Internal Control • Overview of COSO’s Guidance on Monitoring Internal Control Slide 3

  4. Today’s Presenters • Thomas Ray, CPA • Chief Auditor and Director of Professional Standards • PCAOB • Sharon Virag, CPA • Director of Technical Policy Implementation • PCAOB • Trent Gazzaway, CPA • Managing Partner of Corporate Governance • Grant Thornton LLP • ********** • Cynthia M. Fornelli • Moderator & Executive Director • Center for Audit Quality Slide 4

  5. CAQ WebcastPCAOB Insights on Internal Control: A Discussion on Auditing Standard No. 5 Tom Ray Sharon Virag October 4, 2007

  6. Caveat The views expressed by Mr. Ray and Ms. Virag are their own views and do not necessarily reflect the views of the Board, individual Board members, or other members of the staff of the PCAOB.

  7. Overview • Improvements resulting from Auditing Standard No. 5 • Successful implementation of AS No. 5 - Next steps

  8. Improvements Resulting from the Amendment to Auditing Standard No. 2

  9. Improvements Resulting from Auditing Standard No. 5 • Focus the internal control audit on the most important matters • Eliminate procedures that are unnecessary to achieve the intended benefits • Make the audit clearly scalable to fit any company’s size and complexity • Simplify the standard

  10. Focus the Internal Control Audit on the Most Important Matters • More clearly focuses auditors on identifying control weaknesses before they result in material misstatements • Clarifies how auditors should use risk assessment to focus on the accounts, disclosures and their relevant assertions • Emphasizes the importance of fraud risk and anti-fraud controls to assessing risk

  11. Focus the Internal Control Audit on the Most Important Matters (cont.) • Outlines three broad categories of entity-level controls • Emphasizes the importance of a company’s control environment • Emphasizes higher risk stages of financial statement preparation

  12. Eliminate Procedures that Are Unnecessary to Achieve the Intended Benefits • Removes the detailed requirements to evaluate management's evaluation process • Permits consideration of knowledge obtained from the auditor's previous years’ audits

  13. Eliminate Procedures that Are Unnecessary to Achieve the Intended Benefits (cont.) • Removes barriers to using the work of others by eliminating the "principal evidence" provision • Refocuses the multi-location direction on risk rather than coverage • Clarifies that the top-down approach describes the auditor’s sequential thought process in identifying risks and the controls to test

  14. Eliminate Procedures that Are Unnecessary to Achieve the Intended Benefits (cont.) • Allows auditors to tailor their top-down approach to the facts and circumstances of a particular engagement • Focuses the performance requirements for a walkthrough on fulfilling certain important objectives • Establishes a principle for evaluation and communication to the audit committee of control deficiencies

  15. Make the Audit Clearly Scalable to Fit Any Company’s Size and Complexity • Discussion of scaling concepts throughout the standard • Discussion of the attributes of smaller and less complex companies • Larger companies may have some business units or processes that may be less complex than others

  16. Simplify the Standard • Reduces granularity and redefines key terms in a simpler way • Clarifies that the auditor’s evaluation of materiality for an internal control audit is the same as the financial statement audit • Alignment of terms between the standard and SEC’s management guidance

  17. Effective Date • AS No. 5, Rule 3525, and the amendments will be effective for audits of fiscal years ending on or after November 15, 2007. • Earlier adoption is permitted for timely SEC Filings on or after August 27, 2007. • If continue to comply with AS No. 2 until superseded, then should apply the definition of “material weakness” contained in AS No. 5 rather than the definition in AS No. 2.

  18. Successful Implementation of AS No. 5 – Next Steps

  19. Next Steps • Monitor firms response to AS No. 5 • Continue outreach programs, including Small Business Forums • Adjust the PCAOB inspection approach for AS No. 5 • Continue Coordination with SEC • Issue guidance for auditors of smaller companies

  20. Guidance for Auditors of Smaller Companies • Intended to address the implementation of the internal control auditing standard in a smaller public company environment • Derived from practice experience • Developed with auditors and small issuers

  21. Continue PCAOB Forums on Auditing in the Small Business Environment • Eight forums scheduled in 2007 • New York – October 22-23 • Chicago – November 9 • Washington, DC – December 4 • Meeting materials and registration information posted on Board's Web site

  22. Three legs to the “404-improvement” stool Value to companiesthrough improved use of monitoring Value to auditorsthrough ability to focus on good monitoring controls COSO’sGuidance onMonitoring SEC’sGuidance (for mgmt) PCAOB’s AS5 (for auditors) Separate but consistent Slide 22

  23. SEC’s new interpretive guidance • Interpretive guidance proposed in December 2006 • comment period ended February 26, 2007 • over 200 comment letters received • Approved by Commission on May 23, 2007 www.sec.gov/rules/interp/2007/33-8810.pdf Slide 23

  24. SEC's guidance • Key attributes: • Principles-based • Directs efforts to highest risks of material misstatement • Allows evaluation to be tailored to facts and circumstances • Provides guidance on supporting evidence and documentation • Provides guidance for evaluating deficiencies • Does not replace control frameworks • Voluntary Slide 24

  25. SEC's guidance • Encourages a focus on "entity-level" controls: • Indirect - those that have an indirect effect on control system effectiveness (e.g., tone at the top) • Monitoring - those that monitor the effectiveness of other controls (see the COSO monitoring guidance) • Precise - those that operate at a level of precision that would adequately prevent or detect misstatements on a timely basis Slide 25

  26. SEC's guidance • Discusses documentation and evidence: • Documentation of the design of identified controls is an integral part of management's reasonable support • Nature and extent will vary based on the size, nature and complexity of the company • Evidence of operating effectiveness provided by ongoing monitoring or separate evaluation activities Slide 26

  27. SEC's guidance • Also includes: • A framework for evaluating control deficiencies • Indicators of material weaknesses • Guidance regarding disclosures • Note, the four required disclosure components have not changed (i.e., mgmt is responsible for ICFR, whether ICFR is effective, the framework used, and a reference to the auditor's opinion) • SEC continues to see disclosures that do not adequately describe the nature and impact of identified deficiencies Slide 27

  28. SEC's Revised FAQ document • Released September 24, 2007: • Eliminated 12 FAQs the staff believed were no longer relevant, necessary, or were addressed in the interpretive guidance (#s 5, 7, 10–13, 15–20) • Renumbered remaining questions • Added four new questions pertaining to foreign private issuers (see FAQs 12–15) Slide 28

  29. COSO'sguidance on monitoring Discussion document available at … www.coso.org Slide 29

  30. COSO's guidance • Effective monitoring – value proposition: • Provides management with most of the evidence it needs about ICFR effectiveness to support its assertion • Encourages effectivecontrol operation • Helps manageand/or mitigate risk Slide 30

  31. COSO's guidance • Let's look at a simple example of the concept … • assume: • a reconciliation control is deemed important to financial reporting • the supervisor of the area performs an appropriately detailed review of the reconciliation each time it is prepared Slide 31

  32. COSO's guidance • Simple example (cont'd) • The supervisor's review (if it is effective) accomplishes two things: • tells him or her whether the control is working • encourages continued effective operation of the control Slide 32

  33. How do we often deal with this risk in today’s 404 environment? 4. Test the Review 6. Test the Review 2. ReviewReconciliation 3. Test the Recon. 5. Test the Recon. COSO'sguidance Management’s 404 Process Auditor’s 404 Audit Process 1. PerformReconciliation Slide 33

  34. How might it be done better in a large organization? 3. Test theReview 4a. Possibly Use the Work of Others 2. ReviewReconciliation or 4b. Testthe Review 1. PerformReconciliation COSO'sguidance Management’s Monitoring Process Auditor’s 404 Audit Process Slide 34

  35. How might it be done better in a small organization? 3. Test the Review 2. ReviewReconciliation 1. PerformReconciliation COSO'sguidance Auditor’s 404 Audit Process Management’s Monitoring Process If the reconciliation review is performed at the senior-management level, no further evaluation may be necessary Slide 35

  36. COSO'sguidance • Two primary project goals: • Help companies recognize effective monitoring when it is already present and “take credit” for it • Help companies identify places where effective monitoring is lacking and provide guidance regarding possible improvements Slide 36

  37. COSO'sguidance • Two project phases: • Phase I: Proof-of-concept stage — issued a discussion document presenting the fundamental concepts of effective monitoring • Phase II: Practical examples and tools stage — working to prepare case studies, examples and tools to help organizations implement the fundamental concepts Slide 37

  38. COSO'sguidance • Key questions: • What to evaluate • How to evaluate it • When and how often to evaluate it • These decisions are influenced by the level of risk and the corresponding importance of identified controls Slide 38

  39. COSO'sguidance • Elements of effective monitoring: Slide 39

  40. SEC and COSOguidance • Location reminder: • SEC's Interpretive Guidance for Management www.sec.gov/rules/interp/2007/33-8810.pdf • COSO's Discussion Document – Guidance on Monitoring Internal Control www.coso.org Slide 40

  41. Questions & Summary Slide 41

  42. Thank you for participating! Please visit us at www.theCAQ.org Slide 42

  43. CAQ WEBCAST PCAOB Insights on Internal Control: A Discussion on Auditing Standard No. 5 Slide 43

More Related