430 likes | 670 Views
CAQ WEBCAST PCAOB Insights on Internal Control: A Discussion on Auditing Standard No. 5.
E N D
CAQ WEBCAST PCAOB Insights on Internal Control: A Discussion on Auditing Standard No. 5 The views expressed by the presenters do not necessarily represent the views, positions, or opinions of the Center for Audit Quality or the presenters’ respective organizations. These materials, and the oral presentation accompanying them, are for educational purposes only and do not constitute accounting or legal advice or create an accountant-client or attorney-client relationship. Slide 1
Join the CAQ today! Visit www.thecaq.org/members or call 1-888-817-3277 Slide 2
Today’s Objectives • Today’s program is designed to help you better understand: • Notable changes made to the PCAOB’s internal control auditing standard no. 2 • Overview of AS 5 and insights on how it can be scaled for smaller, less complex companies • Overview of SEC’s Management Guidance on Internal Control • Overview of COSO’s Guidance on Monitoring Internal Control Slide 3
Today’s Presenters • Thomas Ray, CPA • Chief Auditor and Director of Professional Standards • PCAOB • Sharon Virag, CPA • Director of Technical Policy Implementation • PCAOB • Trent Gazzaway, CPA • Managing Partner of Corporate Governance • Grant Thornton LLP • ********** • Cynthia M. Fornelli • Moderator & Executive Director • Center for Audit Quality Slide 4
CAQ WebcastPCAOB Insights on Internal Control: A Discussion on Auditing Standard No. 5 Tom Ray Sharon Virag October 4, 2007
Caveat The views expressed by Mr. Ray and Ms. Virag are their own views and do not necessarily reflect the views of the Board, individual Board members, or other members of the staff of the PCAOB.
Overview • Improvements resulting from Auditing Standard No. 5 • Successful implementation of AS No. 5 - Next steps
Improvements Resulting from the Amendment to Auditing Standard No. 2
Improvements Resulting from Auditing Standard No. 5 • Focus the internal control audit on the most important matters • Eliminate procedures that are unnecessary to achieve the intended benefits • Make the audit clearly scalable to fit any company’s size and complexity • Simplify the standard
Focus the Internal Control Audit on the Most Important Matters • More clearly focuses auditors on identifying control weaknesses before they result in material misstatements • Clarifies how auditors should use risk assessment to focus on the accounts, disclosures and their relevant assertions • Emphasizes the importance of fraud risk and anti-fraud controls to assessing risk
Focus the Internal Control Audit on the Most Important Matters (cont.) • Outlines three broad categories of entity-level controls • Emphasizes the importance of a company’s control environment • Emphasizes higher risk stages of financial statement preparation
Eliminate Procedures that Are Unnecessary to Achieve the Intended Benefits • Removes the detailed requirements to evaluate management's evaluation process • Permits consideration of knowledge obtained from the auditor's previous years’ audits
Eliminate Procedures that Are Unnecessary to Achieve the Intended Benefits (cont.) • Removes barriers to using the work of others by eliminating the "principal evidence" provision • Refocuses the multi-location direction on risk rather than coverage • Clarifies that the top-down approach describes the auditor’s sequential thought process in identifying risks and the controls to test
Eliminate Procedures that Are Unnecessary to Achieve the Intended Benefits (cont.) • Allows auditors to tailor their top-down approach to the facts and circumstances of a particular engagement • Focuses the performance requirements for a walkthrough on fulfilling certain important objectives • Establishes a principle for evaluation and communication to the audit committee of control deficiencies
Make the Audit Clearly Scalable to Fit Any Company’s Size and Complexity • Discussion of scaling concepts throughout the standard • Discussion of the attributes of smaller and less complex companies • Larger companies may have some business units or processes that may be less complex than others
Simplify the Standard • Reduces granularity and redefines key terms in a simpler way • Clarifies that the auditor’s evaluation of materiality for an internal control audit is the same as the financial statement audit • Alignment of terms between the standard and SEC’s management guidance
Effective Date • AS No. 5, Rule 3525, and the amendments will be effective for audits of fiscal years ending on or after November 15, 2007. • Earlier adoption is permitted for timely SEC Filings on or after August 27, 2007. • If continue to comply with AS No. 2 until superseded, then should apply the definition of “material weakness” contained in AS No. 5 rather than the definition in AS No. 2.
Next Steps • Monitor firms response to AS No. 5 • Continue outreach programs, including Small Business Forums • Adjust the PCAOB inspection approach for AS No. 5 • Continue Coordination with SEC • Issue guidance for auditors of smaller companies
Guidance for Auditors of Smaller Companies • Intended to address the implementation of the internal control auditing standard in a smaller public company environment • Derived from practice experience • Developed with auditors and small issuers
Continue PCAOB Forums on Auditing in the Small Business Environment • Eight forums scheduled in 2007 • New York – October 22-23 • Chicago – November 9 • Washington, DC – December 4 • Meeting materials and registration information posted on Board's Web site
Three legs to the “404-improvement” stool Value to companiesthrough improved use of monitoring Value to auditorsthrough ability to focus on good monitoring controls COSO’sGuidance onMonitoring SEC’sGuidance (for mgmt) PCAOB’s AS5 (for auditors) Separate but consistent Slide 22
SEC’s new interpretive guidance • Interpretive guidance proposed in December 2006 • comment period ended February 26, 2007 • over 200 comment letters received • Approved by Commission on May 23, 2007 www.sec.gov/rules/interp/2007/33-8810.pdf Slide 23
SEC's guidance • Key attributes: • Principles-based • Directs efforts to highest risks of material misstatement • Allows evaluation to be tailored to facts and circumstances • Provides guidance on supporting evidence and documentation • Provides guidance for evaluating deficiencies • Does not replace control frameworks • Voluntary Slide 24
SEC's guidance • Encourages a focus on "entity-level" controls: • Indirect - those that have an indirect effect on control system effectiveness (e.g., tone at the top) • Monitoring - those that monitor the effectiveness of other controls (see the COSO monitoring guidance) • Precise - those that operate at a level of precision that would adequately prevent or detect misstatements on a timely basis Slide 25
SEC's guidance • Discusses documentation and evidence: • Documentation of the design of identified controls is an integral part of management's reasonable support • Nature and extent will vary based on the size, nature and complexity of the company • Evidence of operating effectiveness provided by ongoing monitoring or separate evaluation activities Slide 26
SEC's guidance • Also includes: • A framework for evaluating control deficiencies • Indicators of material weaknesses • Guidance regarding disclosures • Note, the four required disclosure components have not changed (i.e., mgmt is responsible for ICFR, whether ICFR is effective, the framework used, and a reference to the auditor's opinion) • SEC continues to see disclosures that do not adequately describe the nature and impact of identified deficiencies Slide 27
SEC's Revised FAQ document • Released September 24, 2007: • Eliminated 12 FAQs the staff believed were no longer relevant, necessary, or were addressed in the interpretive guidance (#s 5, 7, 10–13, 15–20) • Renumbered remaining questions • Added four new questions pertaining to foreign private issuers (see FAQs 12–15) Slide 28
COSO'sguidance on monitoring Discussion document available at … www.coso.org Slide 29
COSO's guidance • Effective monitoring – value proposition: • Provides management with most of the evidence it needs about ICFR effectiveness to support its assertion • Encourages effectivecontrol operation • Helps manageand/or mitigate risk Slide 30
COSO's guidance • Let's look at a simple example of the concept … • assume: • a reconciliation control is deemed important to financial reporting • the supervisor of the area performs an appropriately detailed review of the reconciliation each time it is prepared Slide 31
COSO's guidance • Simple example (cont'd) • The supervisor's review (if it is effective) accomplishes two things: • tells him or her whether the control is working • encourages continued effective operation of the control Slide 32
How do we often deal with this risk in today’s 404 environment? 4. Test the Review 6. Test the Review 2. ReviewReconciliation 3. Test the Recon. 5. Test the Recon. COSO'sguidance Management’s 404 Process Auditor’s 404 Audit Process 1. PerformReconciliation Slide 33
How might it be done better in a large organization? 3. Test theReview 4a. Possibly Use the Work of Others 2. ReviewReconciliation or 4b. Testthe Review 1. PerformReconciliation COSO'sguidance Management’s Monitoring Process Auditor’s 404 Audit Process Slide 34
How might it be done better in a small organization? 3. Test the Review 2. ReviewReconciliation 1. PerformReconciliation COSO'sguidance Auditor’s 404 Audit Process Management’s Monitoring Process If the reconciliation review is performed at the senior-management level, no further evaluation may be necessary Slide 35
COSO'sguidance • Two primary project goals: • Help companies recognize effective monitoring when it is already present and “take credit” for it • Help companies identify places where effective monitoring is lacking and provide guidance regarding possible improvements Slide 36
COSO'sguidance • Two project phases: • Phase I: Proof-of-concept stage — issued a discussion document presenting the fundamental concepts of effective monitoring • Phase II: Practical examples and tools stage — working to prepare case studies, examples and tools to help organizations implement the fundamental concepts Slide 37
COSO'sguidance • Key questions: • What to evaluate • How to evaluate it • When and how often to evaluate it • These decisions are influenced by the level of risk and the corresponding importance of identified controls Slide 38
COSO'sguidance • Elements of effective monitoring: Slide 39
SEC and COSOguidance • Location reminder: • SEC's Interpretive Guidance for Management www.sec.gov/rules/interp/2007/33-8810.pdf • COSO's Discussion Document – Guidance on Monitoring Internal Control www.coso.org Slide 40
Questions & Summary Slide 41
Thank you for participating! Please visit us at www.theCAQ.org Slide 42
CAQ WEBCAST PCAOB Insights on Internal Control: A Discussion on Auditing Standard No. 5 Slide 43