640 likes | 896 Views
Auditing Standards Update. NASACT Conference August 14, 2012 James R Dalkin. AICPA Standards Update. Technical Update - AICPA. Auditing Standards Clarity Project SAS 125 – Restricting the Use of an Auditor ’ s Report Group Audits SAS 118 –120 - Supplementary Information
E N D
Auditing Standards Update NASACT Conference August 14, 2012 James R Dalkin
Technical Update - AICPA • Auditing Standards • Clarity Project • SAS 125 – Restricting the Use of an Auditor’s Report • Group Audits • SAS 118 –120 - Supplementary Information • All effective for audits of financial statements beginning on or after 12/15/2010 (early application permitted) • Relevant Audit Guides
Technical Update – AICPA - Clarity • Standards Issued • SAS No. 122, Statements on Auditing Standards: Clarification and Recodification • SAS No. 123, Omnibus Statement on Auditing Standards–2011 • SAS No. 124, Financial Statements Prepared in Accordance With a Financial Reporting Framework Generally Accepted in Another Country • SAS No. 125, Alert That Restricts the Use of the Auditor’s Written Communication • Effective for audits of periods ending on or after December 15, 2012; no early implementation
Technical Update – AICPA Clarity • AU Section numbers will change to correspond to ISA numbers • Many changes not intended to significantly impact practice, but some will have a significant effect • Additional Quality Control guidance • QC responsibilities for the audit more specifically described • Overall QC function remains “firm” responsibility, but responsibilities are engagement partner’s and engagement team’s • Some changes in audit report to more clearly describe management’s responsibility • New format to use report headings
Technical Update – AICPA Clarity • Keep in mind that many of the clarity standards have “governmental consideration” paragraphs that are specific to the public sector • May cover Yellow Book/compliance audit considerations • May cover financial statement audit considerations
Technical Update – AICPA Clarity • Group Audit Standard Will Have Bigger Impact • More specific as to what group engagement partner is responsible for • Will affect many governmental and NPO financial statement audits • Still working to determine effect on compliance audits • Listen to an archived GAQC Web event, New Group Audits Standard and Its Effect on Your Governmental and Not-For-Profit Audits
Technical Update – AICPA Clarity • Clarity section of AICPA.org • Standards • Videos • Mapping from extant to new standards • More • Listen to an archived GAQC Web event titled, Implementing the Clarified SASs in a Governmental and Not-For Profit Audit Environment: What, When, and How?
Technical Update – AICPA Clarity • SAS No. 125 - Government Auditing Standards reports(including A-133 reports) will contain purpose alert instead of restriction alert • Pay particular attention to effective date • Effective for the auditor’s written communications related to audits of financial statements for periods ending on or after 12/15/12 • For all other engagements conducted in accordance with GAAS, this SAS is effective for the auditor’s written communications issued on or after 12/15/12
Technical Update • Single audit reports issued after 12/15/12, new wording must be used (could affect 6/30/12 audits) • Yellow Book reports associated with f/s audit, new wording not used until periods ending on or after 12/15/2012
Technical Update – AICPA – SAS 118-120Relationship of GAAP-Defined SI and GAAS
Technical Update – AICPA – SAS 118-120 SAS No. 118, Other Information in Documents Containing Audited Financial Statements • Requires auditor to • Read the information to identify material inconsistencies • Make appropriate arrangements to obtain the OI prior to the report release date – if not possible, read as soon as practicable • Communicate auditor’s responsibility on OI & results to those charged with governance • Revisions/communication required if auditor finds material inconsistencies • How/where depend upon whether management makes revisions & whether material inconsistencies were found prior/post to release date • Discuss material misstatements of fact • Illustrative disclaimer language provided but not required
Technical Update – AICPA SAS No. 119, Supplementary Information in Relation to the Financial Statements as a Whole • Scope • When the auditor is engaged to report on whether SI is fairly stated, in all material respects, in relation to the f/s as a whole • Requires the auditor to determine certain conditions are met • Provides for specific management representations
Technical Update – AICPA SAS No. 119, Supplementary Information in Relation to the Financial Statements as a Whole • Specific procedures using the materiality level used in the audit of the F/S • However, keep in mind that auditor has to perform procedures beyond SAS No. 119 due to the compliance audit • Consideration of subsequent events not required for SI, however still have to consider any information related to the F/S • Reporting requirements under various scenarios • Dating – not earlier than the date on which the auditor completed procedures on SI
Technical Update – AICPA SAS No.120, Required Supplementary Information • RSI: Information that a designated accounting standard setter requires to accompany an entity’s basic financial statements • Establishes auditor’s objectives for RSI • Establishes presumptively mandatory auditor requirements • Reporting • Requires explanatory paragraph in all circumstances that refers to RSI • Establishes reporting requirements
Technical Update – AICPA - Audit Guides • Primary Focus • Government Auditing Standards & Circular A-133 Audits • Other Industries Include • State and Local Governments • Not for Profit Entities • Health Care Entities • Gaming • Sampling • Audit Risk Alerts • Checklists & Illustrative Statements
Technical Update – AICPA Audit Guides • AICPA Audit Guide, Government Auditing Standards and Circular A-133 Audits • 2012 edition issued in May • SAS No 119 is fully incorporated into guide (including the illustrative reports and SEFA practice aids in chapter 7) • Appendix added with a summary of 2011 Yellow Book revisions • Two new “clarity” Appendixes • Information on AU-C sections with substantive changes or significant clarifying changes resulting from clarity • Table that maps current AU sections to the new AU-C section numbers • GAS-A133 Audit Risk Alert Coming Soon • Guide - Looking forward • Clarity • New Yellow Book
Technical Update – AICPA – Audit Guides • AICPA A&A Guide, State and Local Governments • 2012 Edition expected in July 2012 • Incorporated GASB 62 (earlier than normal) but did so with appropriate footnotes to assist those that have not early implemented. • Also updated for SAS Nos. 118, 119 & 120; illustrative reports updated for these statements and will also be posted on GAQC Web site • Other SLG Publications Coming Soon! • Updated SLG Practice Aid for Other Comprehensive Basis of Accounting • SLG Audit Risk Alert
Technical Update – OMB Compliance Supplement – Emphasis Areas • An auditor may consider a Type A program or cluster to be low-risk if all of the following conditions exist: • Program or cluster had Recovery Act expenditures in the prior audit period; • Program or cluster was audited as a major program in EITHER OF THE TWO PRIOR AUDIT PERIODS; • Recovery Act expenditures in the current audit period are less than 20% of the total program or cluster expenditures; and • Auditor has followed Section 520(c) and 525 of OMB Circular A-133 and determined that the program or cluster is otherwise low-risk
Technical Update – OMB Proposed Single Audit Changes • Proposed Changes to Single Audit • OMB issued an Advance Notice of Proposed Guidance titled, Reform of Federal Policies Relating to Grants and Cooperative Agreements; cost principles and administrative requirements (including Single Audit Act) • Why changes now? • GAQC Executive Committee task force responded to the OMB Advance Notice on behalf of AICPA • Feedback also obtained from general membership, other volunteer AICPA committees, and state societies • Comment letter can be accessed on GAQC Web site (www.aicpa.org/GAQC)
Technical Update – OMB Proposed Single Audit Changes • Potential Changes • Increase audit threshold from $500K to $1M • Establish new category of Single Audit (Entities between $1-3M) • Changes for larger Single Audits >$3M • Changes to cost principles and administrative requirements
Looking Forward • OMB to analyze the feedback received on Advance Notice • Proposed regulatory changes may be released for comment before the end of the calendar year • Revisions to OMB Circular A-133 • Revisions to the OMB Cost Principles (A-21, A-87, A-122) • Revision to Administrative Requirements (A-110, Common Rule) • No plans that we are aware of to amend the Single Audit Act
2011 Yellow BookEffective Dates • Effective for financial audit periods ending on or after December 15, 2012 • Effective for attestation periods ending on or after December 15, 2012 • Effective for performance audits starting on or after December 15, 2011 • Early adoption is not permitted
Primary Yellow Book Changes Updated independence Included a conceptual framework Focused on converging where practical Incorporated clarified SASs Fewer differences Added documentation requirements Additional documentation in independence Focus on non-audit services Made minor changes for performance audits 24
General Standards: Independence Conceptual Framework Allows the auditor to assess unique circumstances Adaptable Consistent with AICPA and IFAC frameworks Significant differences from ET-101-3 Entry point for use of the framework Emphasis on services “in aggregate” Documentation requirement 25
Applying the Framework 26 26 • New approach combines a conceptual framework with certain rules (prohibitions) • Balances principle and rules based standards • Serves as a hybrid framework • Certain prohibitions remain • Generally consistent with Rule 101 AICPA • Beyond a prohibition • Apply the conceptual framework • Will be used more often than AICPA
Chapter 3 – General Standards: Independence Threatscould impair independence • Do not necessarily result in an independence impairment Safeguards could mitigate threats • Eliminate or reduce to an acceptable level
Documentation RequirementConceptual Requirement 29 New documentation requirement • Must document when safeguards have been applied • Beyond the threat level • Only once safeguards are applied • Document how safeguards sufficiently mitigate the threats
IndependenceCategories of Threats Management participation threat Self-review threat Bias threat Familiarity threat Undue influence threat Self interest threat Structural threat 30
Routine Audit Services and Nonaudit Services Routine audit services pertain directly to the audit and include: Providing advice related to an accounting matter Researching and responding to an audited entity’s technical questions Providing advice on routine business matters Educating the audited entity on technical matters Other services not directly related to the audit are considered nonaudit services 31
Routine Audit Services and Nonaudit Services Services that are considered non-audit services include: Financial statement preparation Bookkeeping services Cash to accrual conversions (a form of bookkeeping) Other services not directly related to the audit Unless specifically prohibited, nonaudit services MAY be permissible but should be documented In relation to the conceptual framework In relation to the auditor’s assessment of managements’ skill, knowledge or experience 32
Nonaudit Services • Certain services may be permitted • First, determine if there is a specific prohibition • If not, the auditor should assess the nonaudit service’s impact on independence using the conceptual framework
Assessing Significance in the Conceptual Framework for Non-audit services The framework requires the auditor to assess the significance of threats • Threats related to non-audit services often include • Management participation threat • Self review threat • Indicators of a significant threat include: • Level of services provided (aggregation assessment) • Significance to the audit objective • Basic understanding of the service enough to recognize material errors • Facts and circumstances that increase the perception that the auditor is working as part of management
Preconditions to Performing Nonaudit Services 35 • Management should take responsibility for non-audit services performed by the auditors • Auditors should document their understanding with management regarding the non-audit service • Auditors should assess (AICPA) and document (GAGAS) whether management possesses suitable skill, knowledge, or experience to oversee the nonaudit service
Assessing Management’s Skill, Knowledge, or Experience Factors to document include management’s: Understanding of the nature of the service Knowledge of the audited entity’s mission and operations General business knowledge Education Position at the audited entity Some factors may be given more weight than others GAGAS does not require that management have the ability to perform or reperform the service 36
Sufficiency of Skills, Knowledge and Experience Sufficient skills, knowledge and experience may be judged in part based on: • Ability of the identified client personnel to identify material errors or misstatements in a non audit service work product • Ability of the client to sufficient background to understand the nature and results of the audit service • Ability of management to take responsibility and understand the work Client prepared material in poor condition may indicate the client is not capable of taking responsibility for the service. Significant audit findings and adjustments may also be indicative of this issue.
Safeguards – Non audit services • Auditors should document safeguards when significant threats are identified. • Auditor has responsibility to perform the assessment, this cannot be a management assertion • Assessment should be in writing and indicate actions the auditor has taken to mitigate the threat • Assessment should include a conclusion • Auditor should document actions taken to mitigate the threat • Examples may include: • Actions taken by the client to gain an understanding of the non-audit service and detect any errors • Actions taken by the auditor to preserve independence such as an extra level of review or secondary review
Bookkeeping Services May be performed provided the auditor does not • Determine or change journal entries, account codings or classifications for transactions, or other accounting records without obtaining client approval • Authorize or approve transactions • Prepare source documents • Make changes to source documents without client approval Consistent with AICPA ET 101-3
Prohibitions within Internal Audit Services provided by external auditors • Setting internal audit policies or the strategic direction • Deciding which recommendations resulting from internal audit activities to implement • Taking responsibility for designing, implementing and maintaining internal control
Prohibitions within IT Services 41 External auditors may not • Design or develop an IT system that would be subject to or part of an audit • Make significant modifications to an IT system’s source code • Operate or supervise an IT system Significant change in auditing prohibitions for future periods after a system implementation
Prohibitions within Valuation Services External auditors may not provide valuation services that • Would have a material effect, • Involve a significant degree of subjectivity, and • Are the subject of an audit
Prohibitions Related to Internal Control Monitoring • Management is responsible for designing, implementing and maintaining internal control External auditors • May not provide ongoing monitoring services • May not design the system of internal controls and then assess its effectiveness • May evaluate the effectiveness of controls
Financial Statement Preparation 44 Auditors may prepare financial statements • Considered by GAGAS a non-audit service • Must apply the conceptual framework • Two additional documentation requirements • Document application of safeguards • Document assessment of management’s skill, knowledge or expertise
Assessing Significance for Bookkeeping and Financial Statement Preparation Relative significance is a continuum • Indicators of significant threats for bookkeeping and financial statement preparation may include: • Financial statement preparation with other non-audit services such bookkeeping or cash to accrual conversions • Condition of client prepared books and records • Level of anticipated “correction” or adjustments to client prepared schedules and documents • Condition of the general ledger/trial balance • Less significant may be: • Purely mechanical calculations
Independence Q&A Guide GAO will retire current Government Auditing Standards: Questions andAnswers to Independence Standard Questions guidance 46
Revisions to Timeframes Related to IT and Other Services Q&A guidance prohibited installing or designing a system and subsequently performing an audit • This prohibition has been deleted Other potential considerations • Independence in appearance for subsequent periods Possible Safeguard: One audit cycle performed by another audit organization after the nonaudit service completion date provide a safeguard
General Standards: Continuing ProfessionalEducation (CPE) No revision to overall requirements: Minimum of 24 hours of CPE every 2 years Government Specific or unique environment Auditing standards and applicable accounting principles Additional 56 hours of CPE for auditors involved in Planning, directing, or reporting on GAGAS assignments; or Charge 20 percent or more of time annually to GAGAS assignments Minimum of 20 hours of CPE each year
General Standards: Competence CPE requirements for external specialists: • External specialists are not required to meet GAGAS CPE requirements, but should be qualified and maintain professional competence
General Standards: Competence CPE requirements for internal specialists: • Internal specialists serving as auditors are subject to all CPE requirements • Specialized CPE count towards the required 24 hours • Internal consulting specialists are not required to meet GAGAS CPE requirements, but should be qualified and maintain professional competence