320 likes | 602 Views
School Board Audit Committee Training Module 6 External Auditors. Session objectives. After completing this session you will:. Understand the responsibilities of the Auditors’, Management and the Audit Committee as it relates to the financial statement audit.
E N D
School Board Audit Committee Training Module 6 External Auditors
Session objectives After completing this session you will: • Understand the responsibilities of the Auditors’, Management and the Audit Committee as it relates to the financial statement audit • Understand the external audit process • Understand key areas of interaction with the external auditor
Duties related to Board’s External Auditor[ON Regulation 361/10 9(4)] • To review the performance of the external auditor and make recommendations to the Board on the appointment, replacement or dismissal of the external auditor and on the fee and fee adjustment for the external auditor • To review the external auditor’s audit plan • To review and confirm the independence of the external auditor • To meet on a regular basis with the external auditor and discuss important matters • To resolve any disagreements between management and the external auditor about financial reporting • To recommend to the Board a policy designating services that the external auditor may perform for the Board and, if the Board adopts the policy, to oversee its implementation (i.e. independence issues) Source: ON regulation 361/10
Financial Reporting Responsibilities Audit Committee/ Board of Trustees School Board Management External Auditors 1. • Perform an audit in accordance with Canadian generally accepted auditing standards. • Maintain appropriate controls and accurate financial records • Meet with the external auditors to review the Audit Plan • Meet with the external auditors to discuss the results of the audit and review the Report on the Results of the Audit • Report financial results on a fair, consistent and timely basis in accordance with GAAP • Understand key management internal control systems and processes and assess audit risk • Review and recommend for approval, the annual financial statements and disclosures • Evaluate the appropriateness of accounting policies and reasonableness of accounting estimates • Select appropriate accounting and disclosure policies • Follow up on audit recommendations • Maintain compliance with legislative and regulatory requirements • Obtain audit evidence for material amounts and disclosures in the financial statements • Maintain oversight of the systems of internal control • Identify principal risks and establish and maintain a cost-effective control environment • Report any significant deficiencies noted in internal controls • Understand, discuss and address fraud and error risks with management • Express an opinion on the fairness of presentation of the financial statements including significant disclosures • Prepare financial statements • Oversight in managing and monitoring financial risks • Provide management representations • Provide industry expertise to support the risk-based audit approach • Review external financial communications
Objective of External Audit Statement of Financial Position Statement of Operations Objective: Express an opinion on… Statement of Change in Net Debt Statement of Cash Flows Summary of significant accounting policies and other explanatory information
Responsibilities of External Auditor Related to Internal Controls • In assessing audit risk, internal controls relevant to the preparation and fair presentation of the financial statements must be assessed by the auditor • The review and testing of internal controls is carried out in order to assess risk and design relevant and appropriate audit procedures and not to express an opinion on the effectiveness of internal controls • Internal control deficiencies identified during the course of the audit, which are considered significant, must be communicated to management and the Audit Committee • An audit designed and executed in accordance with Canadian Auditing Standards may not detect material fraud
Generally Accepted Auditing Standards (GAAS) • A set of systematic standards and guidelines now referred to as Canadian Auditing Standards (CASs) • Audit performed in accordance with GAAS is designed to provide reasonable assurance that the Financial Statements, taken as a whole, are free from material misstatement • CAS’s do not impose responsibilities on management or those charged with governance and do not override laws and regulations that govern their responsibilities. However, an audit in accordance with CAS’s is conducted on the premise that management and, where appropriate, those charged with governance have acknowledged certain responsibilities that are fundamental to the conduct of the audit. The audit of the financial statements does not relieve management or those charged with governance of their responsibilities.
Canadian Auditing Standards (CASs) • The Auditing and Assurance Standards Board (AASB) recently adopted, as Canadian Auditing Standards (CASs), the complete set of international standards on auditing issued by the International Auditing and Assurance Standards Board • The CASs are effective for audits of financial statements for periods ending on or after December 14, 2010
Changes in Canadian Auditing Standards (CASs) Highlights of some of the changes : • Auditor’s report must be dated no earlier than when those responsible for the financial statements have approved them • The new CASs includes a new structure and wording of the standard report intended to make the report clearer • The new CASs require auditors to enhance the rigor of testing and reporting on related parties and management estimates • The new CASs require external auditors to request management to adjust all differences (above a trivial amount). Should differences remain unadjusted, the auditors must request the Audit Committee to ask management to adjust the financial statements
Engagement Terms • GAAS requires that the terms of the audit be agreed with management or those charged with governance • Engagement letter should include: • Objective and scope of the audit of the financial statements • Responsibilities of the auditor • Responsibilities of management • Responsibilities of the audit committee and auditor communications • Identification of applicable financial reporting framework for preparation of the financial statements • Reference to expected form and content of report to be issued • A statement that there may be circumstances in which report may differ from expected form and content • Separate engagement letters are also required for special reports (i.e. specified audit procedures reporting required by the Ministry)
Auditors’ Independence • Why important? • Essential component of an audit relationship • Fundamental to accountability • Required by the Canadian Auditing Standards Source: Integrity in the spotlight, 2nd edition
What may Impair Independence? • Threats • Self Interest • Self Review • Advocacy • Familiarity • Intimidation • Safeguards can be applied • There are specific prohibited services for publicly listed entities • For other entities any services/activities, where the auditor is acting in a “management decision making capacity”, are specifically prohibited. Source: The Canadian Institute of Chartered Accountants, guide to the Canadian independence standard, (2009 update)
Audit Plan • Auditors meet with the Audit Committee to present and discuss the audit plan • Examples of elements of the audit plan: • Planned scope and timing of audit • Financial reporting responsibilities • Materiality • Significant audit risks • Internal control matters • Consideration and discussion on the risk of fraud • Use of experts (internal or external) • New accounting, assurance and regulatory requirements
Materiality • Materiality is the magnitude of a misstatement (including an omission) in the financial statements or related disclosures that would affect the judgment of a reasonable person using those statements • Auditor is responsible for providing reasonable assurance that the financial statements are free from material misstatement • In approving the audit plan, Audit Committee should consider both the qualitative and quantitative aspects of materiality
Risk of Fraud Specific inquiries to be addressed by the Audit Committee • What are Audit Committee’s views about the risks of fraud in the entity? • Knowledge of any actual, suspected or alleged fraud affecting the entity? • What role, if any, does the Audit Committee exercise in the oversight of management’s antifraud programs?
Fraud: Relevant Definitions Fraud an intentional act by one or more individuals among management, those charge with governance, employees, or third parties, involving the use of deception to obtain an unjust or illegal advantage. Fraud risk factors: events or conditions that indicate an incentive or pressure to commit fraud or provide an opportunity commit fraud Fraudulent financial reporting: involves intentional misstatements, including omissions of amounts or disclosures in financial statements, to deceive financial statement users. (Source: CICA Assurance Handbook)
Fraud versus Error The distinguishing factor between fraud and error is whether the underlying action that results in the misstatement of the financial statements is intentional or unintentional. Although fraud is a broad legal concept, for purposes of the auditing standards, the auditor is concerned with fraud that causes a material misstatement in the financial statements. Two types of intentional misstatements are relevant to the auditor — misstatements resulting from fraudulent financial reporting and misstatements resulting from misappropriation of assets. Although the auditor may suspect or, in rare cases, identify the occurrence of fraud, the auditor does not make legal determinations of whether fraud has actually occurred.
Types of Fraud There are three main types of fraud. Financial statement fraud Includes intentional misstatements in or omissions from financial statements Asset misappropriation May include cheque forgery, theft of money, inventory theft, payroll fraud, or theft of services Asset misappropriation Corruption May include schemes such as kickbacks, or bribes to influence decision-makers, or manipulation of contracts Corruption
The Fraud Triangle OPPORTUNITY RATIONALIZATION INCENTIVE/PRESSURE
Incentive/Pressure • Pressure may be real or perceived. • Pressure is usually created by circumstances the perpetrator is either subject to or perceives him/herself to be subjected to (e.g., personal financial pressures such as a spouse who loses a job, or market pressures to meet financial targets or goals). Examples: • Status-seeking or status-maintaining needs (lifestyle pressures). • Financial problems (debt). • Need to meet unrealistic goals set by organization. • Need to meet earnings to sustain investor confidence (in a public company environment). • Need to meet budget targets. • There may also be incentives that increase the likelihood of fraud (e.g., management’s bonus structure).
Rationalization • The process by which a person committing a fraud legitimizes or justifies the crime is rationalization • This often includes an attitude or feeling of entitlement and/or a belief that “the organization can afford it.” • For example, a perpetrator may rationalize a theft by saying • I was only borrowing the money. • I deserve it for all of the extra hours I work • My employer has been cheating me • This is only a temporary solution to fix the problem • I’ll pay it back when I can
Opportunity • Opportunities to commit fraud can manifest themselves in different ways • If internal controls are inadequate surrounding financial reporting or safeguarding assets, it may be relatively easy for a perpetrator to record fraudulent transactions or steal assets • Some employees (often within management) may be in a position to override controls which may create opportunities to commit fraud • There is another consideration for opportunities that is often overlooked -low perception of detection or meaningless consequences to inappropriate behavior within the organization may allow for greater opportunities for fraud to occur than if there is the deterrent element of a high likelihood of detection and severe consequences • Further, collusion may enable perpetrators to bypass existing controls, rendering those controls ineffective • Most traditional internal preventative controls are not effective at addressing collusive fraud. Collusive fraud is generally found by detective controls coupled with an understanding of the business and operating environment
Initial Detection of Occupational Frauds (Source: 2010 Report to the Nations on Occupational Fraud and Abuse)
Discussion - fraud • Discuss at your tables possible fraud risk factors in a school board environment • What might be done to address the fraud risk factors identified.
Audit Results Document • Auditors meet with the Audit Committee to present findings • Examples of elements of an Audit Results Document: • Status of audit, its scope and representations • Audit opinion • Matters to be communicated to the Audit Committee (see tool kit) • Results of audit work on significant risk areas • Review of areas of judgement and management estimates • Summary of adjusted and unadjusted differences • Confirmation of Auditor independence