• Share
  • Email
  • Embed
  • Like
  • Save
  • Private Content
Microsoft PowerPoint - Internal controls over financial reporting

Microsoft PowerPoint - Internal controls over financial reporting






Total Views
Views on SlideShare
Embed Views



0 Embeds 0

No embeds



Upload Details

Uploaded via as Adobe PDF

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
Post Comment
Edit your comment

    Microsoft PowerPoint - Internal controls over financial reporting Microsoft PowerPoint - Internal controls over financial reporting Document Transcript

    • General Information Internal Controls over SOX 404: 4 paragraphs! Mgt Assesses, Auditor Attests – I/Cs over financial reporting Financial Reporting for PUBLIC COMPANIES, PCAOB PCAOB: AS 2: 161 pages! Application of SOX 404. From general (definitions) to specific (rec of A/R subledger to G/L). Criteria – COSO Framework SEC: Effective dates Biggest 12/31/04 to smallest (moving target date). Internal Control over Financial Auditor’s Objectives Reporting Express an opinion on management's assessment of Policies and procedures that: the effectiveness of the company's internal control Pertain to the maintenance of records that reflect the over financial reporting (404 report) transactions and dispositions of assets Note: To express such an opinion the auditor must Provide assurance that transactions are recorded as also perform an audit of the financial statements necessary to permit preparation of financial statements in Obtain reasonable assurance that no material accordance with GAAP, and that receipts and expenditures weaknesses exist as of the date specified in are authorized management's assessment Provide assurance regarding prevention or detection of unauthorized acquisition, use or disposition of assets that could have a material effect Deficiencies Material Weaknesses AS2 distinguishes control and significant deficiencies Relationship between deficiencies and A control deficiency exists when the design or material weaknesses operation of a control does not allow management or employees, in the normal course of performing their assigned functions, A material weakness is a significant to prevent or detect misstatements on a deficiency, or combination of significant timely basis. deficiencies, that results in more than a A significant deficiency is a control deficiency remote likelihood that a material …such that there is more than a remote misstatement of the financial statements likelihood that a misstatement that is more will not be prevented or detected. than inconsequential will not be prevented or detected. 1
    • Management’s Responsibilities Obtaining an Understanding Accept responsibility for the effectiveness of the internal control Auditors must evaluate management’s assessment over financial reporting process, including whether management considered which controls should be tested, Evaluate the effectiveness of the internal control over financial the design effectiveness of controls, reporting using suitable control criteria the operating effectiveness of controls, and the deficiencies in internal control over financial reporting Support its evaluation with sufficient evidence, including documentation Auditors should also obtain an understanding of the results of procedures performed by others (IA, other Present a written assessment of the effectiveness of the internal CPA firm, etc.) control over financial reporting as of the end of the most recent fiscal year Obtaining an Understanding Identifying Controls to Test Auditors must obtain an understanding of Important factors in selecting controls to test include: Control environment points at which errors or fraud could occur Risk assessment nature of the controls implemented by Control activities management Information and communication Monitoring the significance of each control in achieving the objectives of the control criteria and control redundancy AS2 emphasizes company-level controls the risk that controls might not be operating effectively Understanding of the audit committee Note that TOC apply to each of the five elements of internal control Testing & Evaluating Design Testing & Evaluating Effectiveness Operating Effectiveness IC over financial reporting is effectively designed Focus is on whether a control is operating as when the controls complied with would be expected designed and whether the person performing the to prevent or detect errors or fraud control possesses the necessary authority and qualifications Appropriate procedures Inquiry Appropriate procedures Observation Inquiries (not sufficient by itself) Walkthroughs Inspection of relevant documentation Inspection of relevant documentation Observation Reperformance 2
    • Timing and Extent of TOC Using the Work of Others Timing Auditors exercise considerable discretion on using the work (i.e., tests of controls) of others Auditors may not use the work of others related to the (to Extent depends on: reduce the amount of work performed) Control environment Degree of automation Walkthroughs Complexity and judgment Frequency of control occurrence Relying on others hinges on their Competence Importance of control Objectivity Arriving at an Opinion on IC Evaluating Deficiencies Auditor should evaluate: Auditor should assess the likelihood and potential The adequacy of management’s assessment and the results magnitude of a deficiency of the auditor's evaluation of the design and tests of operating effectiveness The negative results of substantive procedures performed Certain deficiencies are to be treated as significant during the financial statement audit Controls over the selection and application of Any identified control deficiencies accounting policies that are in conformity with Reports issued by IA relevant to IC over financial reporting GAAP Antifraud programs and controls Unqualified opinions can be issued only when there are no material weaknesses and there are no scope restrictions Controls over non-routine and non-systematic transactions Controls over the period-end financial reporting process Relationship to Audit of F/S Reporting Auditors wish to reduce CR to below maximum to Management lead to a reduction in substantive testing Required to include an assessment of the effectiveness of internal control over Extent of testing – entire period financial reporting in its annual report Assessing CR as other than low May not conclude that internal control over If CR is assessed as other than low, the auditor financial reporting is effective if one or should document the reasons for that conclusion more material weaknesses is present at EOY Must disclose all material weaknesses as of the EOY 3
    • Reporting Reporting Auditor’s Evaluation of Management’s Report Report on Management's Assessment has multiple elements Management’s acceptance of responsibility including Suitability of IC framework Management's conclusion about the effectiveness of the Whether management’s assessment is free of material company's internal control over financial reporting misstatement Statement that the audit was conducted in accordance with Whether management has expressed its assessment in an the standards of the PCAOB (US) acceptable form Auditor's opinion on whether management's assessment of Whether material weaknesses identified in the company's the effectiveness of the internal control over financial internal control over financial reporting, if any, have been reporting is fairly stated, in all material respects, based on properly disclosed, including material weaknesses corrected the control criteria during the period Auditor's opinion on whether the company maintained, in all material respects, effective internal control One Year Later – Lessons One Year Later – Lessons Learned Learned Challenges: Two top material weaknesses – System access and limited time frame/moving target competency of financial reporting personnel shortage of staff and competence Empirical data suggests little user reaction to adverse extent of I/C improvements Mini-COSO? I/C reports, why? Guidance to companies Are smallest companies using extensions to get ready Areas for improvement: or procrastinating Integration Delistings, Closely held companies Top-down approach So – what are the positives and negatives associated Risk-based approach with AS 2 / SOX 404? Should it be recalled? Will it Single transaction → All relevant controls Use of others prevent the next Enron? 4