powerpoint slides
TRANSCRIPT
![Page 1: Powerpoint slides](https://reader034.vdocuments.mx/reader034/viewer/2022042814/55614666d8b42adb6b8b4821/html5/thumbnails/1.jpg)
Slide 1
CAQ WEBCAST
AS 5: Preparing for Integrated Auditsof Non-Accelerated Filers
September 25, 2008
The views expressed by the presenters do not necessarily represent the views, positions, or opinions of the Center for Audit Quality or the presenters’ respective organizations. These materials, and the oral presentation accompanying them, are for educational purposes only and do not constitute accounting or legal advice or create an accountant-client or attorney-client relationship.
![Page 2: Powerpoint slides](https://reader034.vdocuments.mx/reader034/viewer/2022042814/55614666d8b42adb6b8b4821/html5/thumbnails/2.jpg)
Slide 2
CAQ Task Force
• BDO Seidman LLP
• Crowe Horwath LLP
• Deloitte LLP
• Ernst & Young LLP
• Grant Thornton LLP
• KPMG LLP
• McGladrey & Pullen LLP
• PricewaterhouseCoopers LLP
![Page 3: Powerpoint slides](https://reader034.vdocuments.mx/reader034/viewer/2022042814/55614666d8b42adb6b8b4821/html5/thumbnails/3.jpg)
Slide 3
Today’s Objectives
Today’s program is designed to help you better understand:
How to effectively plan an integrated audit to gain efficiency and eliminate redundancy
How to use a top-down risk-based approach to focus on areas of greatest risk
How to communicate with management to obtain effectiveness and efficiency for all parties
![Page 4: Powerpoint slides](https://reader034.vdocuments.mx/reader034/viewer/2022042814/55614666d8b42adb6b8b4821/html5/thumbnails/4.jpg)
Slide 4
Today’s Panelists
Wendy Campbell, CPA Executive
Crowe Horwath LLP
Trent Gazzaway, CPAManaging Partner of Corporate Governance
Grant Thornton LLP
Gregory S. Wilson, CPADeputy Director - Inspections
Public Company Accounting Oversight Board
**********
Cynthia M. FornelliModerator & Executive Director
Center for Audit Quality
![Page 5: Powerpoint slides](https://reader034.vdocuments.mx/reader034/viewer/2022042814/55614666d8b42adb6b8b4821/html5/thumbnails/5.jpg)
Slide 5
Caveat
The views expressed are my own views and do not necessarily reflect the views of the Board, individual Board members, or the staff of the PCAOB.
![Page 6: Powerpoint slides](https://reader034.vdocuments.mx/reader034/viewer/2022042814/55614666d8b42adb6b8b4821/html5/thumbnails/6.jpg)
Slide 6
PCAOB Inspections Overview
Audits of Internal Control Over Financial Reporting (ICFR) – “The Journey”• 2005 inspection year (“Year of Chaos”)
– First year of inspections of audits of ICFR under AS No. 2
• 2006 inspection Year (“Year of Efficiency”)– Focus on May 16, 2005 PCAOB Q&A– PCAOB announces intent to amend AS No. 2 on May
17, 2005
![Page 7: Powerpoint slides](https://reader034.vdocuments.mx/reader034/viewer/2022042814/55614666d8b42adb6b8b4821/html5/thumbnails/7.jpg)
Slide 7
PCAOB Inspections Overview
Audits of Internal Control Over Financial Reporting (ICFR) – “The Journey”• 2007 inspection year (“Year of Transition”)
– Proposed ICFR audit standard issued December 19, 2006 to supersede AS No. 2
– Reinforce concepts embraced in proposal– Avoid concepts dropped in proposal
![Page 8: Powerpoint slides](https://reader034.vdocuments.mx/reader034/viewer/2022042814/55614666d8b42adb6b8b4821/html5/thumbnails/8.jpg)
Slide 8
PCAOB Inspections Overview
Audits of Internal Control Over Financial Reporting (ICFR) – “The Journey”• 2008 inspection Year (“Year of Learning”)
– AS No. 5 issued June 12, 2007• Board “got the words right”
• Board Objectives– Focus the audit on matters most important to internal
control– Eliminate unnecessary procedures– Scale the audit for smaller companies– Simplify the requirements
![Page 9: Powerpoint slides](https://reader034.vdocuments.mx/reader034/viewer/2022042814/55614666d8b42adb6b8b4821/html5/thumbnails/9.jpg)
Slide 9
PCAOB Inspections Overview
Audits of Internal Control Over Financial Reporting (ICFR) – “The Journey”• 2008 inspection Year (“Year of Learning”)
– SEC management guidance issued June 27, 2007– Inspections approach
• Sensitivity to timing
• Integrated audit
• Focus on most important matters in audit of ICFR
• Eliminate unnecessary procedures
• Sensitivity to auditor judgment
![Page 10: Powerpoint slides](https://reader034.vdocuments.mx/reader034/viewer/2022042814/55614666d8b42adb6b8b4821/html5/thumbnails/10.jpg)
Slide 10
PCAOB Inspections Overview
Audits of Internal Control Over Financial Reporting (ICFR) – “The Journey”• Auditors and issuers becoming more comfortable
with ICFR audits
• Continuous improvement noted with focus on higher risk areas
• Some hard lessons learned early on
• “Lessons learned” to be discussed today are consistent with several year’s inspection findings
![Page 11: Powerpoint slides](https://reader034.vdocuments.mx/reader034/viewer/2022042814/55614666d8b42adb6b8b4821/html5/thumbnails/11.jpg)
Slide 11
Topics
• Understand and Use Management’s Assessment and Documentation as a Starting Point
• Integrate the Audits
• Establish the Right Team
• Identify Material Risks to Reliable Financial Reporting
• Identify Controls Necessary to Sufficiently Address Identified Risks
• Take a Risk-Based Approach to Testing Identified Controls
![Page 12: Powerpoint slides](https://reader034.vdocuments.mx/reader034/viewer/2022042814/55614666d8b42adb6b8b4821/html5/thumbnails/12.jpg)
Slide 12
Understand and Use Management’s Assessment and Documentation as a Starting Point
#1: Take advantage of company’s ICFR evaluation testing and documentation in year before first integrated audit
– Knowledge share– Foundation for future audits – Established approach– Effect on substantive testing
![Page 13: Powerpoint slides](https://reader034.vdocuments.mx/reader034/viewer/2022042814/55614666d8b42adb6b8b4821/html5/thumbnails/13.jpg)
Slide 13
Understand and Use Management’s Assessment and Documentation as Starting Point
#2: Early and frequent communication/coordination with management yields more effective/efficient audit process
• Support audit efficiency through existing evaluation process
• Provide suggestions and considerations for effective and efficient assessment
![Page 14: Powerpoint slides](https://reader034.vdocuments.mx/reader034/viewer/2022042814/55614666d8b42adb6b8b4821/html5/thumbnails/14.jpg)
Slide 14
Understand and Use Management’s Assessment and Documentation as a Starting Point
#3: Coordinate timing of management's work to enable use by the auditor
• Establish timelines with management
• Hold periodic status meetings
• Update the audit committee on progress
![Page 15: Powerpoint slides](https://reader034.vdocuments.mx/reader034/viewer/2022042814/55614666d8b42adb6b8b4821/html5/thumbnails/15.jpg)
Slide 15
Understand and Use Management’s Assessment and Documentation as a Starting Point
#4: Identify/assess risks and controls that may have pervasive effects on the assessment and effectiveness of ICFR
• Early identification of pervasive deficiencies can eliminate unnecessary testing
• Early identification of effective entity-level controls may eliminate the need to test lower level controls
![Page 16: Powerpoint slides](https://reader034.vdocuments.mx/reader034/viewer/2022042814/55614666d8b42adb6b8b4821/html5/thumbnails/16.jpg)
Slide 16
Understand and Use Management’s Assessment and Documentation as a Starting Point
#5: Consider implications of any unremediated deficiencies
• Discuss management's plans to remediate, if any
• Consider effect on the ICFR audit
• Consider effect on the financial statement audit (i.e. planned control reliance strategy)
![Page 17: Powerpoint slides](https://reader034.vdocuments.mx/reader034/viewer/2022042814/55614666d8b42adb6b8b4821/html5/thumbnails/17.jpg)
Slide 17
Integrate the Audits
#6: Plan audit of ICFR and audit of financial statements as a single integrated audit
• Conduct a single risk assessment
• Where a controls reliance approach is not used, consider the results of substantive tests for risk implications for the audit of ICFR
• Increased efficiency through reduced effort related to substantive testing in the financial statement audit
![Page 18: Powerpoint slides](https://reader034.vdocuments.mx/reader034/viewer/2022042814/55614666d8b42adb6b8b4821/html5/thumbnails/18.jpg)
Slide 18
Integrate the Audits
#7: Consider employing controls reliance approach in first year of required Section 404(b) audit of ICFR
• Assess the effectiveness of controls that affect the controls reliance approach early
• Early coordination and testing provide for effective and efficient implementation of this approach
![Page 19: Powerpoint slides](https://reader034.vdocuments.mx/reader034/viewer/2022042814/55614666d8b42adb6b8b4821/html5/thumbnails/19.jpg)
Slide 19
Integrate the Audits
#8: Perform control tests in conjunction with substantive tests where audit procedures meet objectives of both
• A single test may achieve more than one objective
• Identify areas for dual purpose/concurrent testing:– Management estimates – Account reconciliations– Roll-forward procedures– Sampling
![Page 20: Powerpoint slides](https://reader034.vdocuments.mx/reader034/viewer/2022042814/55614666d8b42adb6b8b4821/html5/thumbnails/20.jpg)
Slide 20
Integrate the Audits
#9: The results of substantive testing should inform the ICFR risk assessment and control effectiveness conclusions
• Evaluate results of substantive tests and their implication on the effectiveness of internal control
• Design the integrated approach to include consideration of substantive testing results
• Results of substantive tests do not, on their own, provide sufficient evidence to conclude that internal control is effective
![Page 21: Powerpoint slides](https://reader034.vdocuments.mx/reader034/viewer/2022042814/55614666d8b42adb6b8b4821/html5/thumbnails/21.jpg)
Slide 21
Integrate the Audits
#10: Coordinate ICFR and substantive tests among those performing the work
• Integrated teams:– Reduce duplicative efforts– Facilitate testing to achieve objectives of the internal
control audit and the financial statement audit
![Page 22: Powerpoint slides](https://reader034.vdocuments.mx/reader034/viewer/2022042814/55614666d8b42adb6b8b4821/html5/thumbnails/22.jpg)
Slide 22
Establish the Right Team
#11: Planning and execution of an integrated audit requires early, close and continuous involvement by experienced engagement team members
• Plan for more partner, manager, and specialist involvement
• Timely review and supervision…in every phase
![Page 23: Powerpoint slides](https://reader034.vdocuments.mx/reader034/viewer/2022042814/55614666d8b42adb6b8b4821/html5/thumbnails/23.jpg)
Slide 23
Establish the Right Team
#12: Involve auditors with ICFR auditing experience or integrated audit training
• Take advantage of the learning curve
• Provide training, including COSO and AS5
• Recognize importance of on-the-job training
![Page 24: Powerpoint slides](https://reader034.vdocuments.mx/reader034/viewer/2022042814/55614666d8b42adb6b8b4821/html5/thumbnails/24.jpg)
Slide 24
Identify Material Risks to Reliable Financial Reporting
#13: Apply a top-down, risk-based approach to identify significant accounts and disclosures and their relevant assertions
• Begin at the financial statement level, not process or control level, then consider disaggregating line items
• Use professional judgment to identify material risks
![Page 25: Powerpoint slides](https://reader034.vdocuments.mx/reader034/viewer/2022042814/55614666d8b42adb6b8b4821/html5/thumbnails/25.jpg)
Slide 25
Identify Material Risks to Reliable Financial Reporting
#14: Tailor the audit approach based on a refined risk assessment
• Carefully design the risk assessment process – Consider “what could go wrong” (in a material sense) – Focus at the assertion level
![Page 26: Powerpoint slides](https://reader034.vdocuments.mx/reader034/viewer/2022042814/55614666d8b42adb6b8b4821/html5/thumbnails/26.jpg)
Slide 26
Identify Material Risks to Reliable Financial Reporting
#15: Achieve AS5 paragraph 34 objectives by performing different combinations of procedures, including walkthroughs
• Walkthroughs are not required by AS5; however they are frequently the most effective method
– Confirm understanding through planning, risk assessment and other activities performed
– Consider prior year results and changes– Develop and ask probing questions
![Page 27: Powerpoint slides](https://reader034.vdocuments.mx/reader034/viewer/2022042814/55614666d8b42adb6b8b4821/html5/thumbnails/27.jpg)
Slide 27
Identify Material Risks to Reliable Financial Reporting
#16: IT applications and their control environment influence the identification of financial reporting risks
• Consider IT-related risks as part of the overall risk assessment
• Gain efficiency through automated controls
• When general IT controls are deemed ineffective, consider whether automated controls can be tested directly
![Page 28: Powerpoint slides](https://reader034.vdocuments.mx/reader034/viewer/2022042814/55614666d8b42adb6b8b4821/html5/thumbnails/28.jpg)
Slide 28
Identify Controls Necessary to Sufficiently Address Identified Risks
#17: Apply a top-down approach to identify controls that sufficiently address identified risks
• Consider:– Entity level controls that are direct and precise and may eliminate
other control testing– Entity level controls that may reduce but not eliminate other
control testing– Automated controls– Manual transaction-level controls– Preventive and detective controls
![Page 29: Powerpoint slides](https://reader034.vdocuments.mx/reader034/viewer/2022042814/55614666d8b42adb6b8b4821/html5/thumbnails/29.jpg)
Slide 29
Take a Risk-Based Approach to Testing Identified Controls
#18: Maximize opportunities for using the work of others
• Assess the competence and objectivity of the persons performing the work– Individuals may include internal audit, 3rd parties, and/or other
company employees– Competence should relate to the control being tested
• Consider risk associated with the control
• Discuss nature, timing and extent of testing with management
![Page 30: Powerpoint slides](https://reader034.vdocuments.mx/reader034/viewer/2022042814/55614666d8b42adb6b8b4821/html5/thumbnails/30.jpg)
Slide 30
Take a Risk-Based Approach to Testing Identified Controls
#19: Vary the nature, timing, and extent of controls testing based on risk associated with each control
• Make use of existing knowledge (every control does not need to be tested to the same extent each year)
• Flexibility exists in varying timing of control testing
• Statistical sampling not required for all testing
• Benchmarking strategies
![Page 31: Powerpoint slides](https://reader034.vdocuments.mx/reader034/viewer/2022042814/55614666d8b42adb6b8b4821/html5/thumbnails/31.jpg)
Slide 31
Take a Risk-Based Approach to Testing Identified Controls
#20: Testing controls at an interim date may improve effectiveness and efficiency of integrated audit
• Supports planned control reliance
• Perform substantive testing procedures at an interim date concurrent with control testing
• Consider relevant risks and other factors to determine whether, and to what extent, roll-forward or update testing is necessary
![Page 32: Powerpoint slides](https://reader034.vdocuments.mx/reader034/viewer/2022042814/55614666d8b42adb6b8b4821/html5/thumbnails/32.jpg)
Slide 32
Take a Risk-Based Approach to Testing Identified Controls
#21: An ineffectively designed control need not be tested for operating effectiveness
• Testing may cease when sufficient evidence indicates a control is not designed effectively or does not operate effectively
• May need to test remediated controls
![Page 33: Powerpoint slides](https://reader034.vdocuments.mx/reader034/viewer/2022042814/55614666d8b42adb6b8b4821/html5/thumbnails/33.jpg)
Slide 33
Available Resources• PCAOB Auditing Standard No. 5: An Audit of Internal Control Over Financial Reporting That is Integrated with an Audit of Financial Statementshttp://www.pcaobus.org/Standards/Standards_and_Related_Rules/Auditing_Standard_No.5.aspx
•PCAOB Staff Guidance for Auditors of Smaller Public Companies - AN AUDIT OF INTERNAL CONTROL THAT IS INTEGRATED WITH AN AUDIT OF FINANCIAL STATEMENTS (Pending)http://www.pcaobus.org/Standards/Standards_and_Related_Rules/AS5/Guidance.pdf
•SEC Guidance Regarding Management’s Report on Internal Control Over Financial Reporting Under Section 13(a) or 15(d) of the Securities Exchange Act of 1934 http://www.sec.gov/rules/interp/2007/33-8810.pdf
•COSO Internal Control – Integrated Framework - http://www.coso.org/IC-IntegratedFramework-summary.htm
•COSO Guidance on Monitoring Internal Control Systems (Exposure Draft) http://www.coso.org/guidance.htm •COSO Internal Control Over Financial Reporting – Guidance for Smaller Public Companieshttp://www.coso.org/ICFR-GuidanceforSPCs.htm
![Page 34: Powerpoint slides](https://reader034.vdocuments.mx/reader034/viewer/2022042814/55614666d8b42adb6b8b4821/html5/thumbnails/34.jpg)
Slide 34
Questions & Summary
![Page 35: Powerpoint slides](https://reader034.vdocuments.mx/reader034/viewer/2022042814/55614666d8b42adb6b8b4821/html5/thumbnails/35.jpg)
Slide 35
Join the CAQ today!
Visit www.theCAQ.org/members
or call
1-888-817-3277
![Page 36: Powerpoint slides](https://reader034.vdocuments.mx/reader034/viewer/2022042814/55614666d8b42adb6b8b4821/html5/thumbnails/36.jpg)
Slide 36
Thank you for participating!
Please visit us at
www.theCAQ.orgor call
1-888-817-3277