CAQ WEBCAST AS 5: Preparing for Integrated Audits of Non-Accelerated Filers September 25, 2008 The views expressed by the ...
CAQ Task Force <ul><li>BDO Seidman LLP </li></ul><ul><li>Crowe Horwath LLP </li></ul><ul><li>Deloitte LLP </li></ul><ul><l...
Today’s Objectives <ul><li>Today’s program is designed to help you better understand: </li></ul><ul><ul><li>How to effecti...
Today’s Panelists <ul><ul><li>Wendy Campbell, CPA   </li></ul></ul><ul><ul><li>Executive </li></ul></ul><ul><ul><li>Crowe ...
Caveat <ul><li>The views expressed are my own views and do not necessarily reflect the views of the Board, individual Boar...
PCAOB Inspections Overview <ul><li>Audits of Internal Control Over Financial Reporting (ICFR) – “The Journey” </li></ul><u...
PCAOB Inspections Overview <ul><li>Audits of Internal Control Over Financial Reporting (ICFR) – “The Journey” </li></ul><u...
PCAOB Inspections Overview <ul><li>Audits of Internal Control Over Financial Reporting (ICFR) – “The Journey” </li></ul><u...
PCAOB Inspections Overview <ul><li>Audits of Internal Control Over Financial Reporting (ICFR) – “The Journey” </li></ul><u...
PCAOB Inspections Overview <ul><li>Audits of Internal Control Over Financial Reporting (ICFR) – “The Journey” </li></ul><u...
Topics <ul><li>Understand and Use Management’s Assessment and Documentation as a Starting Point </li></ul><ul><li>Integrat...
Understand and Use Management’s Assessment and Documentation as a Starting Point <ul><li>#1:  Take advantage of company’s ...
Understand and Use Management’s Assessment and Documentation as Starting Point <ul><li>#2:  Early  and  frequent  communic...
Understand and Use Management’s Assessment and Documentation as a Starting Point <ul><li>#3:  Coordinate timing of managem...
Understand and Use Management’s Assessment and Documentation as a Starting Point <ul><li>#4:  Identify/assess risks and co...
Understand and Use Management’s Assessment and Documentation as a Starting Point <ul><li>#5:  Consider implications of any...
Integrate the Audits <ul><li>#6:  Plan audit of ICFR and audit of financial statements as  a single integrated audit </li>...
Integrate the Audits <ul><li>#7:  Consider employing controls reliance approach in first year of required Section 404(b) a...
Integrate the Audits <ul><li>#8:  Perform control tests in conjunction with substantive tests where   audit procedures mee...
Integrate the Audits <ul><li>#9:  The results of substantive testing should inform the ICFR risk assessment and control ef...
Integrate the Audits <ul><li>#10:  Coordinate ICFR and substantive tests among those performing the work </li></ul><ul><ul...
Establish the Right Team <ul><li>#11:  Planning and execution of an integrated audit requires  early ,  close  and  contin...
Establish the Right Team <ul><li>#12:  Involve auditors with ICFR auditing experience or integrated audit training </li></...
Identify Material Risks to Reliable Financial Reporting <ul><li>#13:  Apply a top-down, risk-based approach to identify si...
Identify Material Risks to Reliable Financial Reporting <ul><li>#14:  Tailor the audit approach based on a  refined  risk ...
Identify Material Risks to Reliable Financial Reporting <ul><li>#15:  Achieve AS5 paragraph 34 objectives by performing di...
Identify Material Risks to Reliable Financial Reporting <ul><li>#16:  IT applications and their control environment influe...
Identify Controls Necessary to Sufficiently Address Identified Risks <ul><li>#17:  Apply a top-down approach to identify c...
Take a Risk-Based Approach to Testing Identified Controls <ul><li>#18:  Maximize opportunities for using the work of other...
Take a Risk-Based Approach to Testing Identified Controls <ul><li>#19:  Vary the nature, timing, and extent of controls te...
Take a Risk-Based Approach to Testing Identified Controls <ul><li>#20:  Testing controls at an interim date may improve ef...
Take a Risk-Based Approach to Testing Identified Controls <ul><li>#21:  An ineffectively designed control need not be test...
Available Resources <ul><li>PCAOB  Auditing Standard No. 5:  An Audit of Internal Control Over Financial Reporting That is...
<ul><li>Questions & Summary </li></ul>
<ul><li>Join the CAQ today! </li></ul><ul><li>Visit  www.theCAQ.org/members </li></ul><ul><li>or call </li></ul><ul><li>1-...
<ul><ul><li>Thank you for participating! </li></ul></ul><ul><li>Please visit us at  </li></ul><ul><li>www.theCAQ.org </li>...
Upcoming SlideShare
Loading in...5
×

Powerpoint slides

682
-1

Published on

0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
682
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
7
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Powerpoint slides

  1. 1. CAQ WEBCAST AS 5: Preparing for Integrated Audits of Non-Accelerated Filers September 25, 2008 The views expressed by the presenters do not necessarily represent the views, positions, or opinions of the Center for Audit Quality or the presenters’ respective organizations. These materials, and the oral presentation accompanying them, are for educational purposes only and do not constitute accounting or legal advice or create an accountant-client or attorney-client relationship.
  2. 2. CAQ Task Force <ul><li>BDO Seidman LLP </li></ul><ul><li>Crowe Horwath LLP </li></ul><ul><li>Deloitte LLP </li></ul><ul><li>Ernst & Young LLP </li></ul><ul><li>Grant Thornton LLP </li></ul><ul><li>KPMG LLP </li></ul><ul><li>McGladrey & Pullen LLP </li></ul><ul><li>PricewaterhouseCoopers LLP </li></ul>
  3. 3. Today’s Objectives <ul><li>Today’s program is designed to help you better understand: </li></ul><ul><ul><li>How to effectively plan an integrated audit to gain efficiency and eliminate redundancy </li></ul></ul><ul><ul><li>How to use a top-down risk-based approach to focus on areas of greatest risk </li></ul></ul><ul><ul><li>How to communicate with management to obtain effectiveness and efficiency for all parties </li></ul></ul>
  4. 4. Today’s Panelists <ul><ul><li>Wendy Campbell, CPA </li></ul></ul><ul><ul><li>Executive </li></ul></ul><ul><ul><li>Crowe Horwath LLP </li></ul></ul><ul><ul><li>Trent Gazzaway, CPA </li></ul></ul><ul><ul><li>Managing Partner of Corporate Governance </li></ul></ul><ul><ul><li>Grant Thornton LLP </li></ul></ul><ul><ul><li>Gregory S. Wilson, CPA </li></ul></ul><ul><ul><li>Deputy Director - Inspections </li></ul></ul><ul><ul><li>Public Company Accounting Oversight Board </li></ul></ul><ul><ul><li>********** </li></ul></ul><ul><ul><li>Cynthia M. Fornelli </li></ul></ul><ul><ul><li>Moderator & Executive Director </li></ul></ul><ul><ul><li>Center for Audit Quality </li></ul></ul>
  5. 5. Caveat <ul><li>The views expressed are my own views and do not necessarily reflect the views of the Board, individual Board members, or the staff of the PCAOB. </li></ul>
  6. 6. PCAOB Inspections Overview <ul><li>Audits of Internal Control Over Financial Reporting (ICFR) – “The Journey” </li></ul><ul><ul><li>2005 inspection year (“Year of Chaos”) </li></ul></ul><ul><ul><ul><li>First year of inspections of audits of ICFR under AS No. 2 </li></ul></ul></ul><ul><ul><li>2006 inspection Year (“Year of Efficiency”) </li></ul></ul><ul><ul><ul><li>Focus on May 16, 2005 PCAOB Q&A </li></ul></ul></ul><ul><ul><ul><li>PCAOB announces intent to amend AS No. 2 on May 17, 2005 </li></ul></ul></ul>
  7. 7. PCAOB Inspections Overview <ul><li>Audits of Internal Control Over Financial Reporting (ICFR) – “The Journey” </li></ul><ul><ul><li>2007 inspection year (“Year of Transition”) </li></ul></ul><ul><ul><ul><li>Proposed ICFR audit standard issued December 19, 2006 to supersede AS No. 2 </li></ul></ul></ul><ul><ul><ul><li>Reinforce concepts embraced in proposal </li></ul></ul></ul><ul><ul><ul><li>Avoid concepts dropped in proposal </li></ul></ul></ul>
  8. 8. PCAOB Inspections Overview <ul><li>Audits of Internal Control Over Financial Reporting (ICFR) – “The Journey” </li></ul><ul><ul><li>2008 inspection Year (“Year of Learning”) </li></ul></ul><ul><ul><ul><li>AS No. 5 issued June 12, 2007 </li></ul></ul></ul><ul><ul><ul><ul><li>Board “got the words right” </li></ul></ul></ul></ul><ul><ul><ul><ul><li>Board Objectives </li></ul></ul></ul></ul><ul><ul><ul><ul><ul><li>Focus the audit on matters most important to internal control </li></ul></ul></ul></ul></ul><ul><ul><ul><ul><ul><li>Eliminate unnecessary procedures </li></ul></ul></ul></ul></ul><ul><ul><ul><ul><ul><li>Scale the audit for smaller companies </li></ul></ul></ul></ul></ul><ul><ul><ul><ul><ul><li>Simplify the requirements </li></ul></ul></ul></ul></ul>
  9. 9. PCAOB Inspections Overview <ul><li>Audits of Internal Control Over Financial Reporting (ICFR) – “The Journey” </li></ul><ul><ul><li>2008 inspection Year (“Year of Learning”) </li></ul></ul><ul><ul><ul><li>SEC management guidance issued June 27, 2007 </li></ul></ul></ul><ul><ul><ul><li>Inspections approach </li></ul></ul></ul><ul><ul><ul><ul><li>Sensitivity to timing </li></ul></ul></ul></ul><ul><ul><ul><ul><li>Integrated audit </li></ul></ul></ul></ul><ul><ul><ul><ul><li>Focus on most important matters in audit of ICFR </li></ul></ul></ul></ul><ul><ul><ul><ul><li>Eliminate unnecessary procedures </li></ul></ul></ul></ul><ul><ul><ul><ul><li>Sensitivity to auditor judgment </li></ul></ul></ul></ul>
  10. 10. PCAOB Inspections Overview <ul><li>Audits of Internal Control Over Financial Reporting (ICFR) – “The Journey” </li></ul><ul><ul><li>Auditors and issuers becoming more comfortable with ICFR audits </li></ul></ul><ul><ul><li>Continuous improvement noted with focus on higher risk areas </li></ul></ul><ul><ul><li>Some hard lessons learned early on </li></ul></ul><ul><ul><li>“Lessons learned” to be discussed today are consistent with several year’s inspection findings </li></ul></ul>
  11. 11. Topics <ul><li>Understand and Use Management’s Assessment and Documentation as a Starting Point </li></ul><ul><li>Integrate the Audits </li></ul><ul><li>Establish the Right Team </li></ul><ul><li>Identify Material Risks to Reliable Financial Reporting </li></ul><ul><li>Identify Controls Necessary to Sufficiently Address Identified Risks </li></ul><ul><li>Take a Risk-Based Approach to Testing Identified Controls </li></ul>
  12. 12. Understand and Use Management’s Assessment and Documentation as a Starting Point <ul><li>#1: Take advantage of company’s ICFR evaluation testing and documentation in year before first integrated audit </li></ul><ul><ul><ul><li>Knowledge share </li></ul></ul></ul><ul><ul><ul><li>Foundation for future audits </li></ul></ul></ul><ul><ul><ul><li>Established approach </li></ul></ul></ul><ul><ul><ul><li>Effect on substantive testing </li></ul></ul></ul>
  13. 13. Understand and Use Management’s Assessment and Documentation as Starting Point <ul><li>#2: Early and frequent communication/coordination with management yields more effective/efficient audit process </li></ul><ul><ul><li>Support audit efficiency through existing evaluation process </li></ul></ul><ul><ul><li>Provide suggestions and considerations for effective and efficient assessment </li></ul></ul>
  14. 14. Understand and Use Management’s Assessment and Documentation as a Starting Point <ul><li>#3: Coordinate timing of management's work to enable use by the auditor </li></ul><ul><ul><li>Establish timelines with management </li></ul></ul><ul><ul><li>Hold periodic status meetings </li></ul></ul><ul><ul><li>Update the audit committee on progress </li></ul></ul>
  15. 15. Understand and Use Management’s Assessment and Documentation as a Starting Point <ul><li>#4: Identify/assess risks and controls that may have pervasive effects on the assessment and effectiveness of ICFR </li></ul><ul><ul><li>Early identification of pervasive deficiencies can eliminate unnecessary testing </li></ul></ul><ul><ul><li>Early identification of effective entity-level controls may eliminate the need to test lower level controls </li></ul></ul>
  16. 16. Understand and Use Management’s Assessment and Documentation as a Starting Point <ul><li>#5: Consider implications of any unremediated deficiencies </li></ul><ul><ul><li>Discuss management's plans to remediate, if any </li></ul></ul><ul><ul><li>Consider effect on the ICFR audit </li></ul></ul><ul><ul><li>Consider effect on the financial statement audit (i.e. planned control reliance strategy) </li></ul></ul>
  17. 17. Integrate the Audits <ul><li>#6: Plan audit of ICFR and audit of financial statements as a single integrated audit </li></ul><ul><ul><li>Conduct a single risk assessment </li></ul></ul><ul><ul><li>Where a controls reliance approach is not used, consider the results of substantive tests for risk implications for the audit of ICFR </li></ul></ul><ul><ul><li>Increased efficiency through reduced effort related to substantive testing in the financial statement audit </li></ul></ul>
  18. 18. Integrate the Audits <ul><li>#7: Consider employing controls reliance approach in first year of required Section 404(b) audit of ICFR </li></ul><ul><ul><li>Assess the effectiveness of controls that affect the controls reliance approach early </li></ul></ul><ul><ul><li>Early coordination and testing provide for effective and efficient implementation of this approach </li></ul></ul>
  19. 19. Integrate the Audits <ul><li>#8: Perform control tests in conjunction with substantive tests where audit procedures meet objectives of both </li></ul><ul><ul><li>A single test may achieve more than one objective </li></ul></ul><ul><ul><li>Identify areas for dual purpose/concurrent testing: </li></ul></ul><ul><ul><ul><li>Management estimates </li></ul></ul></ul><ul><ul><ul><li>Account reconciliations </li></ul></ul></ul><ul><ul><ul><li>Roll-forward procedures </li></ul></ul></ul><ul><ul><ul><li>Sampling </li></ul></ul></ul>
  20. 20. Integrate the Audits <ul><li>#9: The results of substantive testing should inform the ICFR risk assessment and control effectiveness conclusions </li></ul><ul><ul><li>Evaluate results of substantive tests and their implication on the effectiveness of internal control </li></ul></ul><ul><ul><li>Design the integrated approach to include consideration of substantive testing results </li></ul></ul><ul><ul><li>Results of substantive tests do not, on their own, provide sufficient evidence to conclude that internal control is effective </li></ul></ul>
  21. 21. Integrate the Audits <ul><li>#10: Coordinate ICFR and substantive tests among those performing the work </li></ul><ul><ul><li>Integrated teams: </li></ul></ul><ul><ul><ul><li>Reduce duplicative efforts </li></ul></ul></ul><ul><ul><ul><li>Facilitate testing to achieve objectives of the internal control audit and the financial statement audit </li></ul></ul></ul>
  22. 22. Establish the Right Team <ul><li>#11: Planning and execution of an integrated audit requires early , close and continuous involvement by experienced engagement team members </li></ul><ul><ul><li>Plan for more partner, manager, and specialist involvement </li></ul></ul><ul><ul><li>Timely review and supervision…in every phase </li></ul></ul>
  23. 23. Establish the Right Team <ul><li>#12: Involve auditors with ICFR auditing experience or integrated audit training </li></ul><ul><ul><li>Take advantage of the learning curve </li></ul></ul><ul><ul><li>Provide training, including COSO and AS5 </li></ul></ul><ul><ul><li>Recognize importance of on-the-job training </li></ul></ul>
  24. 24. Identify Material Risks to Reliable Financial Reporting <ul><li>#13: Apply a top-down, risk-based approach to identify significant accounts and disclosures and their relevant assertions </li></ul><ul><ul><li>Begin at the financial statement level, not process or control level, then consider disaggregating line items </li></ul></ul><ul><ul><li>Use professional judgment to identify material risks </li></ul></ul>
  25. 25. Identify Material Risks to Reliable Financial Reporting <ul><li>#14: Tailor the audit approach based on a refined risk assessment </li></ul><ul><ul><li>Carefully design the risk assessment process </li></ul></ul><ul><ul><ul><li>C onsider “what could go wrong” (in a material sense) </li></ul></ul></ul><ul><ul><ul><li>Focus at the assertion level </li></ul></ul></ul>
  26. 26. Identify Material Risks to Reliable Financial Reporting <ul><li>#15: Achieve AS5 paragraph 34 objectives by performing different combinations of procedures, including walkthroughs </li></ul><ul><ul><li>Walkthroughs are not required by AS5; however they are frequently the most effective method </li></ul></ul><ul><ul><ul><li>Confirm understanding through planning, risk assessment and other activities performed </li></ul></ul></ul><ul><ul><ul><li>Consider prior year results and changes </li></ul></ul></ul><ul><ul><ul><li>Develop and ask probing questions </li></ul></ul></ul>
  27. 27. Identify Material Risks to Reliable Financial Reporting <ul><li>#16: IT applications and their control environment influence the identification of financial reporting risks </li></ul><ul><ul><li>Consider IT-related risks as part of the overall risk assessment </li></ul></ul><ul><ul><li>Gain efficiency through automated controls </li></ul></ul><ul><ul><li>When general IT controls are deemed ineffective, consider whether automated controls can be tested directly </li></ul></ul>
  28. 28. Identify Controls Necessary to Sufficiently Address Identified Risks <ul><li>#17: Apply a top-down approach to identify controls that sufficiently address identified risks </li></ul><ul><ul><li>Consider: </li></ul></ul><ul><ul><ul><li>Entity level controls that are direct and precise and may eliminate other control testing </li></ul></ul></ul><ul><ul><ul><li>Entity level controls that may reduce but not eliminate other control testing </li></ul></ul></ul><ul><ul><ul><li>Automated controls </li></ul></ul></ul><ul><ul><ul><li>Manual transaction-level controls </li></ul></ul></ul><ul><ul><ul><li>Preventive and detective controls </li></ul></ul></ul>
  29. 29. Take a Risk-Based Approach to Testing Identified Controls <ul><li>#18: Maximize opportunities for using the work of others </li></ul><ul><ul><li>Assess the competence and objectivity of the persons performing the work </li></ul></ul><ul><ul><ul><li>Individuals may include internal audit, 3 rd parties, and/or other company employees </li></ul></ul></ul><ul><ul><ul><li>Competence should relate to the control being tested </li></ul></ul></ul><ul><ul><li>Consider risk associated with the control </li></ul></ul><ul><ul><li>Discuss nature, timing and extent of testing with management </li></ul></ul>
  30. 30. Take a Risk-Based Approach to Testing Identified Controls <ul><li>#19: Vary the nature, timing, and extent of controls testing based on risk associated with each control </li></ul><ul><ul><li>Make use of existing knowledge (every control does not need to be tested to the same extent each year) </li></ul></ul><ul><ul><li>Flexibility exists in varying timing of control testing </li></ul></ul><ul><ul><li>Statistical sampling not required for all testing </li></ul></ul><ul><ul><li>Benchmarking strategies </li></ul></ul>
  31. 31. Take a Risk-Based Approach to Testing Identified Controls <ul><li>#20: Testing controls at an interim date may improve effectiveness and efficiency of integrated audit </li></ul><ul><ul><li>Supports planned control reliance </li></ul></ul><ul><ul><li>Perform substantive testing procedures at an interim date concurrent with control testing </li></ul></ul><ul><ul><li>Consider relevant risks and other factors to determine whether, and to what extent, roll-forward or update testing is necessary </li></ul></ul>
  32. 32. Take a Risk-Based Approach to Testing Identified Controls <ul><li>#21: An ineffectively designed control need not be tested for operating effectiveness </li></ul><ul><ul><li>Testing may cease when sufficient evidence indicates a control is not designed effectively or does not operate effectively </li></ul></ul><ul><ul><li>May need to test remediated controls </li></ul></ul>
  33. 33. Available Resources <ul><li>PCAOB Auditing Standard No. 5: An Audit of Internal Control Over Financial Reporting That is Integrated with an Audit of Financial Statements </li></ul><ul><li>http://www.pcaobus.org/Standards/Standards_and_Related_Rules/Auditing_Standard_No.5.aspx </li></ul><ul><li>PCAOB Staff Guidance for Auditors of Smaller Public Companies - AN AUDIT OF INTERNAL CONTROL THAT IS INTEGRATED WITH AN AUDIT OF FINANCIAL STATEMENTS (Pending) </li></ul><ul><li>http://www.pcaobus.org/Standards/Standards_and_Related_Rules/AS5/Guidance.pdf </li></ul><ul><li>SEC Guidance Regarding Management’s Report on Internal Control Over Financial Reporting Under Section 13(a) or 15(d) of the Securities Exchange Act of 1934 http://www.sec.gov/rules/interp/2007/33-8810.pdf </li></ul><ul><li>COSO Internal Control – Integrated Framework - http://www.coso.org/IC-IntegratedFramework-summary.htm </li></ul><ul><li>COSO Guidance on Monitoring Internal Control Systems (Exposure Draft) http://www.coso.org/guidance.htm </li></ul><ul><li>COSO Internal Control Over Financial Reporting – Guidance for Smaller Public Companies </li></ul><ul><li>http://www.coso.org/ICFR-GuidanceforSPCs.htm </li></ul>
  34. 34. <ul><li>Questions & Summary </li></ul>
  35. 35. <ul><li>Join the CAQ today! </li></ul><ul><li>Visit www.theCAQ.org/members </li></ul><ul><li>or call </li></ul><ul><li>1-888-817-3277 </li></ul>
  36. 36. <ul><ul><li>Thank you for participating! </li></ul></ul><ul><li>Please visit us at </li></ul><ul><li>www.theCAQ.org </li></ul><ul><li>or call </li></ul><ul><li>1-888-817-3277 </li></ul>
  1. ¿Le ha llamado la atención una diapositiva en particular?

    Recortar diapositivas es una manera útil de recopilar información importante para consultarla más tarde.

×