1 / 36

NO FRAUD LEFT BEHIND

NO FRAUD LEFT BEHIND. The Effect of New Risk Assessment Auditing Standards on Schools Runyon Kersteen Ouellette. Risk Assessment Standards. Statements on Auditing Standards SAS 104 – 111 (risk assessment) Other recently issued standards SAS 112 – 115

maylin
Download Presentation

NO FRAUD LEFT BEHIND

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. NO FRAUD LEFT BEHIND The Effect of New Risk Assessment Auditing Standards on Schools Runyon Kersteen Ouellette

  2. Risk Assessment Standards • Statements on Auditing Standards • SAS 104 – 111 (risk assessment) • Other recently issued standards • SAS 112 – 115 • How will these new audit standards affect school audits?

  3. SAS 104 • Due professional care in the performance of work • Clarified the definition of reasonable assurance • Emphasized that reasonable assurance is a high level of assurance, but not absolute assurance

  4. SAS 105 • Amendment to SAS 95, Generally Accepted Auditing Standards • Expands the scope of the understanding that the auditor is required to obtain from “internal control” to “the entity and its environment, including its internal control”

  5. SAS 105 • Emphasizes that the understanding is obtained to “assess the risk of material misstatement of the financial statements” • The understanding of the entity and its internal control is part of the audit evidence that supports the opinion • Used to be only part of the audit planning

  6. SAS 106 • Audit evidence • Identifies “risk assessment procedures” as procedures performed to obtain an understanding of the entity in order to assess the risk of material misstatement

  7. SAS 106 • Evidence obtained from performing risk assessment procedures, including gaining an understanding of the entity and its environment, including its internal controls as well as tests of controls and substantive procedures is part of the evidence obtained to support the audit opinion (not just to plan the audit)

  8. SAS 106 • Risk assessment procedures include: • Inquiries of management and others • Analytical procedures • Observation and inspection • Inquiry alone is no longer sufficient to evaluate controls and whether they have been implemented

  9. SAS 107 • Audit risk and materiality in conducting an audit • Auditors can no longer default to maximum risk (instead of testing controls) • Materiality should take qualitative considerations into account as well as quantitative

  10. SAS 108 • Planning and supervision • New guidance on development of overall audit strategy and audit plan • Establish an understanding with the client • What is management’s responsibility compared to the auditor’s responsibility

  11. SAS 109 • Understanding the entity and its environment and assessing the risks of material misstatements • Understanding the entity: • Industry, regulatory, and other external factors • Nature of the entity • Objectives and strategies and the related risks • Measurement and review of financial performance • Internal control, which includes accounting policies

  12. SAS 109 • Understanding of internal control • Evaluating design of a control • Determining whether it has been implemented • Evaluating the design of control involves considering whether the control, individually or in combination with other controls, is capable of effectively preventing or detecting and correcting material misstatements

  13. SAS 109 • Components of internal control: • Control environment – tone of organization • Risk assessment – identification and analysis of relevant risks • Information and communication systems – identification, capture and communication of information • Control activities – policies and procedures • Monitoring – assessment of the quality of internal control performance

  14. Control Environment • Primary responsibility for the prevention and detection of fraud and errors rests with those charged with governance and management • The absence or inadequacy of such programs and controls may constitute a significant deficiency or material weakness

  15. Control Environment • Communication and enforcement of integrity and ethical values • Commitment to competence • Participation of those charged with governance • Management’s philosophy and operating style • Organizational structure • Assignment of authority and responsibility • Human resource policies and practices

  16. Risk Assessment • Risk assessment process for financial reporting purposes is its identification, analysis, and management of risks relevant to the preparation of financial statements that are presented fairly in conformity with GAAP

  17. Risk Assessment • Risks relevant to financial reporting: • Changes in operating environment • New personnel • New or revamped information systems • Rapid growth • New accounting pronouncements

  18. Information and Communication Systems • Information systems consist of procedures, whether automated or manual, and records established to initiate, authorize, record, process, and report entity transactions and to maintain accountability for the related assets, liabilities and equity

  19. Information and Communication Systems • Communication involves providing an understanding of individual roles and responsibilities pertaining to internal control over financial reporting

  20. Control Activities • Authorization • Segregation of duties • Safeguarding • Asset accountability

  21. Monitoring • Management is responsible for establishing and maintaining internal controls on an ongoing basis • Monitoring controls includes determining whether internal controls are operating as intended and modifying as appropriate for changes in conditions • Monitoring is done to ensure that controls continue to operate effectively

  22. SAS 110 • Performing audit procedures in response to assessed risks and evaluating the audit evidence obtained • Requires tests of controls to obtain audit evidence about their operating effectiveness when assessment of risks is based on the expectation that controls are operating effectively

  23. SAS 112 • Communicating internal control related matters identified in an audit • Defines the terms significant deficiency and material weakness (revised by SAS 115) • Provides guidance on the severity of control deficiencies • Requires communication in writing to management and those changed with governance

  24. Control Deficiency • Exists when the design or operation of a control does not allow management or employees, in the normal course of performing their assigned functions, to prevent or detect misstatements on a timely basis

  25. Control Deficiency • Deficiency in design exists when: • a control necessary to meet the control objective is missing or • an existing control is not properly designed so that even if the control operates as designed, the control objective is not always met

  26. Control Deficiency • Deficiency in operation exists when: • a properly designed control does not operate as designed or • when the person performing the control does not possess the necessary authority or qualifications to perform the control effectively

  27. SIGNIFICANT DEFICIENCY (SAS 112) • A control deficiency, or combination of control deficiencies, that adversely affects the entity’s ability to initiate, authorize, record, process, or report financial data reliably in accordance with generally accepted accounting principles such that there is more than a remote likelihood that a misstatement of the entity’s financial statements that is more than inconsequential will not be prevented or detected

  28. SIGNIFICANT DEFICIENCY (SAS 115) • A deficiency, or a combination of deficiencies, in internal control that is less severe than a material weakness, yet important enough to merit attention by those charged with governance

  29. Material Weakness (SAS 112) • A significant deficiency, or a combination of significant deficiencies, that results in more than a remote likelihood that a material misstatement of the financial statements will not be prevented or detected

  30. Material Weakness (SAS 115) • A deficiency, or combination of deficiencies, in internal control, such that there is a reasonable possibility that a material misstatement of the entity’s financial statements will not be prevented, or detected and corrected on a timely basis

  31. Material Weakness (SAS 115) • Identification of fraud, whether or not material, on the part of senior management • Restatement of previously issued financial statements to reflect the correction of a material misstatement due to error or fraud

  32. Material Weakness (SAS 115) • Identification by the auditor of a material misstatement of the financial statements under the audit in circumstances that indicate that the misstatement would not have been detected by the entity’s internal control • Ineffective oversight of the entity’s financial reporting and internal control by those charged with governance

  33. SAS 114 • Auditor’s communication with those charged with governance • Supersedes SAS 61 • Requires communication before and after the audit

  34. SAS 114 • Planned scope and timing of audit • Assist those charged with governance in understanding the consequences of the auditor’s work • Discussing issues of risk and materiality • Identifying any areas that those charged with governance request the auditor to undertake additional procedures • Assist auditor to understand the entity and its environment

  35. SAS 114 • Auditor’s responsibilities under GAAS • Significant findings from audit • Qualitative aspects of the entity’s significant accounting practices, including policies, estimates, and disclosures • Significant difficulties or disagreements • Uncorrected misstatements, unless trivial • Other findings or issues

  36. ANY QUESTIONS????

More Related