220 likes | 341 Views
Introduction. Enron and other corporate scandals resulted in the demise of Andersen and passage of the Sarbanes-Oxley Act
E N D
Introduction • Enron and other corporate scandals resulted in the demise of Andersen and passage of the Sarbanes-Oxley Act • The Act establishes the Public Company Accounting Oversight Board (PCAOB) to provide oversight of auditors of public companies, including establishing auditing and quality control standards • Other changes to the profession include new fraud guidance in SAS No. 99, and the change to a computer-based CPA exam in April 2004
Disposition of Consulting Units • The Big 5 firms began disposing of their consulting practices well before Sarbanes-Oxley, partially to address independence concerns • Andersen Consulting separated from Andersen in Aug. 2000, went public, and was renamed Accenture • Deloitte Consulting terminated plans to separate from Deloitte & Touche due to market conditions • Ernst & Young consulting sold to Cap Gemini in Feb. 2000 • KPMG Consulting went public in Feb. 2001, and was renamed BearingPoint • PwC sold its consulting practice to IBM for $3.5 billion in July 2002
Data for Largest CPA Firms Fiscal Year 2002 Revenue (2) Prof. (2) Revenue % RankFirm $ million Staff A&ATaxMAS Other 1 Deloitte & Touche 5,933 19,835 36 21 34 9 2 PwC 5,174 29,787 (a) 58 30 9 3 3 Ernst & Young 4,515 15,078 59 38 0 3 4 KPMG 3,400 11,000 44 36 20 0 (a) Does not reflect sale of consulting practice Fiscal Year 2000 Revenue (2) Prof. (2) Revenue % RankFirm $ million Staff A&ATaxMAS 1 PwC 8,878 34,151 33 17 50 2 Deloitte & Touche 5,838 20,658 31 19 50 3 KPMG 5,400 19,000 35 22 43 4 Ernst & Young 4,270 13,653 57 38 5 5 Andersen 3,600 17,600 45 30 25 Source: Accounting Today
Public Company Accounting Oversight Board • Key responsibilities of the PCAOB include: • Registering public accounting firms that audit public company financial statements • Establishing or adopting auditing, quality control, ethics and independence standards related to audits of public companies • Conducting inspections of registered audit firms • Conducting investigations and disciplinary proceedings related to registered accounting firms
Audit Report on Internal Control • Auditor must report on management’s assessment of internal control • Report is as of the end of the company’s fiscal year • Auditor’s report date same as date of auditor’s report on financial statements • Auditor’s report on internal control can be combined with financial statement audit report or issued separately
Bookkeeping or other services related to the accounting records or financial statements Financial information systems design and implementation Appraisal or valuation services, fairness opinions, or contribution-in-kind reports Actuarial services Internal audit outsourcing services Management or human resources functions Broker or dealer, investment adviser, or investment banking services Legal and expert services unrelated to the audit Any other service that the Public Company Accounting Oversight Board (Board) determines, by regulation, is impermissible Prohibited Non-audit Services The Act prohibits the following services, most of which were previously prohibited by the SEC’s rule on auditor independence:
Additional Independence Provisions • Audit committee must pre-approve all audit and non-audit services • Lead audit and review partners must rotate off the audit after five years • One-year employment “cooling off” period – The audit firm cannot audit a client if its CEO, CFO, chief accounting officer, or person in a similar capacity participated in the audit during the one-year period prior to the initiation of the audit
Management Certification • CEO and CFO must certify the annual and quarterly financial statements • Management has reviewed the statements • The statements contain no untrue material facts or omit a material fact • Based on management’s knowledge, the statements are fairly presented • Management has evaluated the effectiveness of disclosure controls with 90 days of filing the report • Management has disclosed any deficiencies in internal control or fraud to the auditor and audit committee • Management has indicated any significant changes in internal controls subsequent to management’s evaluation
Audit Documentation • Mandatory retention of audit documentation in sufficient detail to support the auditor’s conclusions for a period of seven years • Knowing and willful destruction of audit documentation is a criminal offense subject to fines and imprisonment • Documents generally excluded include: • Superseded drafts of memos and other records • Previous copies of working papers corrected for errors • Duplicates of documents • Voice-mail messages
Client Acceptance • SEC final rules make the audit committee “the client” • Audit committee is responsible for auditor appointment, compensation, and oversight, including pre-approval of all audit and non-audit services • Audit committee responsible for resolution of any disagreements between the auditor and management over financial reporting • Auditors are required to report the following matters to the audit committee: • All critical accounting policies and practices used by management • All material alternative accounting treatments of financial information within GAAP that have been discussed with management • Other material written communications between the accounting firm and management
Differences in Scope of Controls Tested in an Audit of Internal Control and an Audit of Financial Statements Internal Controls Over Financial Reporting Internal Controls Used to Assess Control Risk Below Maximum Controls that must be tested in an audit of internal controls Controls that must be tested in an audit of financial statements
Audit Committee Financial “Expert” • Understands GAAP and financial statements • Has the ability to assess the application of principles for estimates, accruals, and reserves • Experience preparing, auditing, or evaluating financial statements similar in complexity to the company’s financial statements • Understands internal controls and procedures for financial reporting • Understands audit committee functions
New Fraud Standard - SAS No. 99 • New “brainstorming” meeting among audit engagement team about fraud risks and discussion about professional skepticism • Broader set of information gathered to assess fraud risks • Focus on the “fraud triangle” • Expand auditor responses to fraud risks • Mandate procedures in all audits to address ever-present risk of management override
The “Fraud Triangle” Opportunities Weak Board of Directors Weak Internal Controls Attitudes/Rationalizations Lack of a Code of Conduct Disregard for Financial Reporting Incentives/Pressures Tight Debt Covenants Unrealistic Analyst Expectations
Information to Assess Fraud Risks Analytical Procedures Fraud Risk Factors Other Information Brainstorming Inquiries Identified Fraud Risks
Procedures to Address Risk of Management Override of Controls • Examine journal entries and other adjustments for evidence of possible misstatements due to fraud • Review accounting estimates for bias • Evaluate business rationale for significant unusual transactions
Auditor’s Risk Assessment and Risk Response Processes • In December 2002 the ASB issued an exposure draft of several new standards relating to risk assessment • Significant proposed changes include: • Auditors must obtain an in-depth understanding of an entity and its environment • Auditors must assess risk of material misstatements at the financial statement level and assertion level • Eliminates “default to maximum” for control risk • Strengthens link between risks and auditor’s response to those risks • Strengthens guidance for testing disclosure • Expands documentation requirements
Proposed Changes Related to Reliance on Controls • Tests of controls are encouraged by eliminating the default to “maximum risk” • If the auditor plans to rely on controls that have not changed, their operating effectiveness must be tested at least every third audit • If the auditor plans to rely on controls to mitigate a significant risk, all evidence about the operating effectiveness of the controls must be from tests of controls performed in the current period • For significant risks, the auditor is require to perform substantive tests • Greater emphasis is placed on testing disclosures
Computerization of CPA Exam • Significant changes to the CPA exam include: • A shortened exam from 15 ½ hours to 14 hours • Exam content will change: • Multiple choice questions will comprise approximately 80% of the exam • Case study simulations will comprise the other 20% • Case study simulations will contain research activities which will require candidates to use electronic databases and authoritative literature to answer various questions. Candidates will also need to be familiar with spreadsheets and word processing software.
Time Breakdowns by Section for Revised Uniform CPA Examination Examination Length (hours) 14 Auditing & Attestation 4.5 Financial Accounting & Reporting 4 Regulation 3 Business Environment & Concepts 2.5 CPA Exam Length
Computerization of CPA Exam • Other significant changes to the exam: • Candidates will be allowed to take the exam at any time during four exam windows each year (each exam window lasts three months) • Candidates may retain credit for a passed section of the exam for a period of 18 months beginning on the date the first section passed is taken • Candidates may sit for each section of the exam individually and in any order
Paper-and-Pencil Examination Section Computer-Based Examination Section Auditing Auditing & Attestation Financial Accounting & Reporting (FARE) Financial Accounting & Reporting Accounting & Reporting (ARE) Regulation Business Law & Professional Responsibilities (LPR) Business Environment & Concepts Exam Content Transition