240 likes | 502 Views
Fall 2003 Auditing Update for Auditing and Assurance Services: An Integrated Approach. The Fall 2003 Update Slides. Coverage includes The Ongoing Implementation of the Sarbanes-Oxley Act Activities at the PCAOB
E N D
Fall 2003 Auditing Update for Auditing and Assurance Services: An Integrated Approach
The Fall 2003 Update Slides • Coverage includes • The Ongoing Implementation of the Sarbanes-Oxley Act • Activities at the PCAOB • Auditing Standards Board Recommendation to Eliminate the Consistency Explanatory Paragraph • COSO’s ERM Framework Exposure Draft • AICPA Antifraud & Corporate Responsibility Resource Center • PEEC’s Revision of the Auditor Independence Rules
The Ongoing Implementation of the Sarbanes-Oxley Act • Responsibility for implementing the Sarbanes-Oxley Act (SOX) rests with the SEC • The SEC has recently issued guidance on various matters including • Standards relating to listed company audit committees • Improper influence on conduct of audits • Management’s reports on internal control
Standards Relating to Listed Company Audit Committees • U.S. securities exchanges and associations may not list a security of an issuer that does not comply with the SOX audit committee requirements • This new rule establishes • A standard for audit committee member independence that • prohibits members from accepting any compensation from the company (excluding fees arising from service on the board of directors) and • does not allow “affiliated” persons (i.e., persons that can be directly or indirectly controlled) to serve on the committee
Standards Relating to Listed Company Audit Committees • This new rule also establishes • A requirement that the audit committee implement processes to receive, retain, and investigate complaints about accounting, internal control, and auditing matters • Follow this link to the SEC to learn more about this rule
Improper Influence on Conduct of Audits • Officers and directors (or their subordinates) are prohibited from coercing, manipulating, misleading, or fraudulently influencing the company’s auditors • Examples of improper conduct include • Offering or paying bribes or other financial incentives • Providing an auditor with an inaccurate or misleading legal analysis • Threatening to cancel or canceling existing non-audit or audit engagements if the auditor objects to the issuer's accounting
Improper Influence on Conduct of Audits • More examples of improper conduct • Seeking to have a partner removed from the audit engagement because the partner objects to the issuer's accounting • Blackmailing and making physical threats. • Follow this link to the SEC to learn more about this rule
Management’s Reports on Internal Control • Management must issue a report that includes • Management’s acknowledgement of its responsibility for establishing and maintaining internal controls over financial reporting • Management’s assessment of the effectiveness of internal controls over financial reporting • A statement that identifies the framework used by management to evaluate the effectiveness of internal controls (e.g., COSO’s Internal Control – Integrated Framework)
Management’s Reports on Internal Control • Management’s report must also include • A statement that the accounting firm that audited the financial statements has issued an attestation report on management’s assessment • Follow this link to the SEC to learn more about this rule
Activities at the PCAOB • The SEC determined in April 2003 that the PCAOB was properly prepared to carryout its mission under the SOX • William McDonough was appointed Chairman of the PCAOB in June 2003 • The PCAOB is currently considering such matters as • An audit of internal control • Audit documentation • Auditor obligations under professional standards
Activities at the PCAOB • Rules have been issued to • Establish a registration system for all accounting firms (foreign and domestic) that audit U.S. public companies • Establish interim “professional auditing standards” that are based on auditing standards generally accepted in the U.S. as they existed on April 16, 2003
Activities at the PCAOB • An exposure draft (ED) related to the audit of internal control has been issued • The ED provides guidance on implementing Section 404 of SOX • Auditors are required to communicate in writing all significant deficiencies and material weaknesses to the audit committee • A deficiency is significant if it results in more than a remote likelihood of a misstatement in the company’s financial statements that is more than inconsequential in amount • A deficiency is a material weakness if, by itself or in combination with other deficiencies, it results in more than a remote likelihood of a material misstatement
Activities at the PCAOB • The ASB recently issued several new or amended Statements on Auditing Standards as follows • Sarbanes-Oxley Omnibus • Review of SEC Engagements by a Reviewing Partner • Amendments to various standards related to issues such as fraud, communication with the audit committee, audit documentation, and management representations • Auditing an Entity’s Internal Control Over Financial Reporting in Conjunction with the Financial Statement Audit • Amendments to Interim Financial Information • The ASB submitted these standards along with comments letters and other materials to the PCAOB for use in its deliberation.
ASB Recommendation to Eliminate the Consistency Explanatory Paragraph • The ASB has recommended to the PCAOB that auditors no longer be required to include an explanatory paragraph when GAAP has not been followed on a basis consistent with the prior period • The ASB believes that requirements of APB No. 20, Accounting Changes, are sufficient to compel companies to disclose in the notes to the financial statements those instances in which GAAP was not applied consistently • Read the text of the proposal at the AICPA’s web site
COSO’s ERM Framework Exposure Draft • COSO is a private sector organization established by • The American Accounting Association • The American Institute of Certified Public Accountants • The Financial Executives Institute • The Institute of Internal Auditors, and • The Institute of Management Accountants • Some organizations have begun to develop processes to identify and manage risks across the enterprise. COSO began its ERM project because it saw a need for definitive guidance.
COSO’s ERM Framework Exposure Draft • What is ERM? “Enterprise risk management is a process, effected by an entity’s board of directors, management and other personnel, applied in strategy setting and across the enterprise, designed to identify potential events that may affect the entity, and manage risks to be within its risk appetite, to provide reasonable assurance regarding the achievement of entity objectives.”
COSO’s ERM Framework Exposure Draft • Eight Elements of ERM • Internal environment, Objective setting, Event identification, Risk assessment, Risk response, Control activities, Information & communication, and Monitoring • Do you recognize some of these elements? • Follow this link to COSO’s ERM web site to learn more
AICPA Antifraud & Corporate Responsibility Resource Center • The rash of corporate scandals has highlighted the potential effects of fraud and the need for stronger corporate governance • The AICPA has established an “Antifraud & Corporate Responsibility Resource Center” on its web site
AICPA Antifraud & Corporate Responsibility Resource Center • The Resource Center provides information on various aspects of fraud and corporate governance such as • Understanding and implementing SAS No. 99 • Instituting antifraud programs • Leading a company’s corporate governance efforts • Fraud and ethics cases for instructional purposes
PEEC’s Revision of the Auditor Independence Rules • Effects of the revised auditor independence rules • When performing nonattest services for an attest client, auditors must not make management decisions • The client must make all management decisions and accept responsibility for the results of the nonattest service • The auditor may not perform actuarial, appraisal, or valuation services for an attest client
PEEC’s Revision of the Auditor Independence Rules • More effects of the revised auditor independence rules • The auditor must document, in writing, his/her understanding with the client regarding • Objectives of the engagement • Services to be performed • Client's acceptance of its responsibilities • Member's responsibilities • Any limitations of the engagement • The auditor may not design or develop a financial information system, but the auditor may install such a system
PEEC’s Revision of the Auditor Independence Rules • More on the revised rules • The auditor may perform internal audit services, but only if the client manages the function • The following are examples of activities related to internal auditing services that would impair independence • Performing ongoing monitoring activities or control activities that affect the execution of transactions • Determining which recommendations to improve internal control to implement • Being responsible for the overall internal audit function • Visit the AICPA’s web site to learn more about the revised rules