Your SlideShare is downloading. ×
Public Company Accounting Oversight Board - Update
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

Public Company Accounting Oversight Board - Update

849
views

Published on


0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
849
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
14
Comments
0
Likes
0
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide
  • Appoints Members of the PCAOB Board Approves Annual Budget Approves Rules of the PCAOB Firms may appeal enforcement decisions to them
  • The 4th core function is standard-setting. Congress charged us with establishing auditing, attestation, quality control and ethics standards for govern public company audits. Board can also establish independence standards, including expanding statutory list of prohibited non-audit services. Board has taken several steps: First, it adopted certain auditing, attestation, quality control, ethics and independence standards in April 2003 for public company audits. (interim standards). The Board adopted them “in order to assure continuity and certainty in the standards”. However, Board has also determined that it will review each interim standard to determine whether the standard should be modified, repealed, or made permanent Board standards. Financial audits, quarterly reviews, agreed-upon procedures, comfort letters How a firm makes sure it complies with standards AICPA Code of Professional Conduct sections on integrity and objectivity Independence standards of AICPA, SEC, and ISB --Many faceted, deals with appearances and relationships
  • Auditing Standard No. 2 designed to encourage auditor to use this method Companies can also use this approach
  • Controls within the control environment, such as tone at the top, organizational structure, commitment to competence, human resource policies and procedures; • management's risk assessment process; • centralized processing and controls, such as shared service environments; • controls to monitor other controls, including activities of the internal audit function, the audit committee, and self-assessment programs; and • the period-end financial reporting process.
  • Auditing Standard No. 2 designed to encourage auditor to use this method Companies can also use this approach
  • Auditing Standard No. 2 designed to encourage auditor to use this method Companies can also use this approach
  • Listed in order of lowest to highest in terms of persuasiveness Timing Can still perform at interim date and perform roll-forward procedures Extent Nature of control Frequency of operation Importance of control
  • E122 acknowledges benchmarking as a testing strategy EG, an automated app for calculating interest income might be dependent on the continued integrity of a rate table used by the automated calculation At some point, benchmark must be reestablished
  • Self-assessment Self-assessment has become broad term that refers to different types of procedures performed by various parties Prohibition If same person performs control and self-assessment, the work lacks objectivity
  • Specific controls tested prior to as-of date and results Operating effectivenenss of controls Length of remaining period Possibility of significant changes since interim testing
  • Specific controls tested prior to as-of date and results of tests The lower the overall risk associated with the control, the less extensive the nature of the updating procedures Inquiry, observation, inspection of documents, and reperformance of control are types of audit procedures Walkthroughs are a combination of the procedures and can serve as tests of design and operating effectiveness Certain controls should be tested closer to as-of date, rather than at interim dater Controls over significant non-routine transactions Controls over accounts with high degree of subjectivity or judgment in measurement Controls over period-end adjustments No changes in design, personnel, business operation, or other factors = less extensive procedures
  • Covered middle 3 bullets in discussion of May 16 Q&A
  • How did this come about? AS#2 states that when auditors find errors in draft financials there may be a material weakness Created an arms-length/adversarial relationship Auditor independence concerns Fear that they will be accused of auditing their own work Auditors can – and should – advise their clients on accounting and control issues. One of the most common complaints is that, as a result of internal control reporting, companies can no longer turn to their auditors for advice on difficult accounting issues, which, in turn has increased costs as companies hire other accounting firms to help with needed guidance. You might wonder why internal control auditing would have that effect. As a result of a provision in AS No. 2 that states that if the auditor identifies a material misstatement in draft financials that management missed this would be a significant deficiency that is also a “strong indicator” of a material control weakness. This seems to have been read by some to mean that, to avoid prematurely spotting a problem, the auditor should maintain an arm’s length, if not an adversarial, relationship with it client. The problem is compounded by concerns about independence. Some auditors fear that, if they advise their client on auditing or control issues, they will be accused of performing management functions and of auditing their own work. A conclusion as to whether a material misstatement in draft financial statements represents a control deficiency is premature if it is clear that all applicable controls have not yet operated.
  • For a company contemplating a corporate level transaction, the auditor may provide substantial help, including explaining how applicable accounting principles apply to the transaction, offering sample journal entries, and reviewing management's preliminary conclusions. This is very different from a situation in which the auditor identifies a potential misapplication of applicable accounting principles in connection with a transaction that the auditor learns of outside of the consultation process, such as during a quarterly review, or after management has completed its financial statements and disclosures, in which case the auditor would have to consider whether management's failure to recognize the potential misapplication of applicable accounting principles constitutes a significant deficiency or material weakness.
  • Standards will not take effect unless approved by the Commission .
  • SOX Act gave authority to the PCAOB to restrict any other non audit service that the PCAOB determines by regulation is impermissible. Proposed December 14, 2004 Received 805 comment letters in a 60 day period; generally commenters supported the proposal Final Rules approved on July 26, 2005 Waiting SEC approval Made 2 substantive changes to the rules and several technical modifications .
  • This is one of 2 rules that lay a foundation for the Board's independence rules. Proposal originally had knew or should have known language. Comments objected to the rule's use if the negligence standard in light of the complex regulatory requirements that auditors must comply with. After considering all the comments received the rule was modified to state "knew or was reckless in not knowing". We believe that this modification strikes the right balance in the context of the rule. In response to other comments, we also added the "directly and substantially" to better define what we meant by "contribute". This is one of the two substantive changes we made to the independence rules.
  • This is the second foundational independence rule. We made one technical amendment to this rule by adding "associated persons"
  • The next 3 rules deal with specific prohibitions on services
  • A fee is not a "contingent fee" if the amount is fixed by courts or other public authorities and is not dependent on a finding or result This rule was substantially modeled after the SEC rule on contingent fees. Commenters were supportive of this rule and didn't raise any issues. Therefore, we did not make any changes to the rule. It was adopted as proposed.
  • In light of comments made several technical changes to rule. First, reorganized rule by making listed transactions subset of aggressive tax position transactions. We believe listed transactions are one example of aggressive transactions. Second, decided to define confidential transactions as part of rules. Adopted the treasury definition of confidential transaction and added it to Rule 3501, definitions section. Note, to meet definition of confidential transaction, confidentiality has to be imposed by tax advisor and not client. Third added the language "opining in favor of" to show that auditors would not violate rules if they advised client AGAINST executing a transaction. We believe that is appropriate for auditor to advise against executing aggressive tax transaction. Fourth, added marketing as type of service an auditor cannot provide to audit client if it meets criteria of confidential transaction or aggressive tax position transaction. Finally, added "directly or indirectly" to aggressive tax position transactions in response to commenters who sought clarification for the term "another tax advisor".
  • Several exceptions to rule: Excludes members of board of directors when their oversight role is solely because of membership on board Excludes person in a FROR at affiliate if affiliate not material or affiliate is audited by a different accounting firm Provides 180 day transition period for persons promoted or hired into a FROR after rule becomes effective In light of comments made several technical changes to rule. 1 st , added immediate family members to scope of the rule because we believe inappropriate for auditor to provide tax services to FROR's spouse. Adopted SEC definition of immediate family member into our Rule 3501, definitions section. 2 nd , because of confusion if audit committee members were included in scope, we explicitly stated that Board members, including audit committee, excluded from scope. 3 rd , added exclusion for FROR roles at affiliates if affiliate is immaterial or being audited by a different accounting firm Finally, added a transition period of 180 days for those promoted into a FROR after Rule 3523 becomes effective.
  • Our last rule deals with audit committee pre-approval. This is also the area where we made our other substantive change to the proposed rules. The original proposal required the auditor to provide copies of engagement letters. Many commenters commented on this part of the proposal. Some commenters stated that it was appropriate to provide engagement letters to audit committee members while other commenters stated that it would overburden the audit committee with a lot of paper and would not be the best way to relay the information necessary for the audit committee to pre-approve a tax service. In light of the comments, we modified the first bullet point in the rule to now require the auditor to "describe in writing" the information we believe the audit committee needs to execute their duties of pre-approval .
  • Because some of the rules we have adopted are new to the marketplace, we have varied the effective dates.
  • What do these companies have in common? Six are in F500, four in F100, and two are in top ten. All are household names. Answer: each reported a material weakness in internal control over financial reporting
  • Understand the details behind the opinion What is the severity of the material weakness? What is the potential financial statement impact – both annually and quarterly? How has management/auditor adjusted their closing/audit to make certain the financial statements are correct? What is management’s remediation plan? How long will the remediation take? How will management/auditor update the audit committee? How will the material weakness be disclosed? Anticipate the needs of the shareholders, analysts, lenders, etc. Transparent disclosure includes a full discussion Complete description; severity; remediation plan and timeframe; impact on the financials
  • the Board believes that, in some situations, companies will find that auditor assurance that a material weakness no longer exists leads to a higher level of investor confidence in a company's financial reporting, and that the costs of the engagement are therefore worth incurring.
  • .
  • .
  • .
  • .
  • .
  • .
  • Transcript

    • 1. Public Company Accounting Oversight Board - Update SEC Financial Reporting Conference Center for Corporate Reporting and Governance Greg Fletcher Public Company Accounting Oversight Board September 19, 2005
    • 2. Caveat
      • The opinions I express are my own,
      • and do not necessarily represent the views
      • of the PCAOB, its members
      • or its staff.
    • 3.
      • Why are we here
      • the long version…
    • 4.  
    • 5.
      • or… the short version…
    • 6.  
    • 7. What is the PCAOB?
      • Private sector regulator for auditors of companies publicly traded in the US, created by Sarbanes-Oxley Act
      • Board has mandate to “protect the interests of investors and further the public interest in the preparation of informative, accurate, and independent audit reports” of public companies
      • Overseen by the SEC
      • Independent from the accounting profession
    • 8. Core Areas of Responsibility
      • Registration
      • Inspection
      • Investigation and Enforcement
      • Standard Setting
    • 9. Registration
      • The foundation for PCAOB to perform its functions of inspection and enforcement
      • All U.S. accounting firms that prepare or issue audit reports on U.S. public companies, or play a substantial role, must register with the Board
      • Foreign firms with those responsibilities also must register
      • 1,534 firms have registered; 599 are foreign firms
    • 10. Inspections
      • Inspections assess a firm’s compliance with the Act, the Board’s and the SEC’s rules and with professional standards.
      • Regular inspections must take place annually for firms that audit more than 100 U.S. public companies.
      • All other firms must be inspected once every 3 years .
      • Inspection reports contain public and nonpublic sections.
    • 11. Professional Standards
        • The Sarbanes-Oxley Act directs the Board to establish auditing, attestation, quality control, ethics, and independence standards
        • In April 2003, Board decided to form a staff to develop auditing and related professional practice standards
          • Previously, was the responsibility of the AICPA
        • Also in April 2003, PCAOB adopted AICPA standards as its interim standards
    • 12. Key Points of AS #2
      • Auditors must evaluate and report whether internal controls provide reasonable assurance that transactions are properly recorded in conformity with GAAP
      • Auditors must evaluate and report on management’s assessment of internal control over financial reporting
      • Auditors should use risk-based approach
      • Auditors may place reliance on the work of internal auditors
      • Auditors must communicate material weaknesses and significant deficiencies to audit committees
    • 13. PCAOB Implementation Guidance
      • Released 5 sets of questions and answers related to AS #2
        • June 23, 2004 26 Q&As
        • October 6, 2004 3 Q&As
        • November 22, 2004 7 Q&As
        • January 21, 2005 1 Q&A
        • May 16, 2005 18 Q&As
      • Extent of testing, using work of others, evaluating deficiencies, multi-location audits, and other
    • 14. Response to First Year Implementation
      • Issued May 16 Q&A and accompanying Board statement of policy
      • Specifically addressed concerns
        • Top down and risk-based approach
        • Scope and extent of testing
        • Using work of others
    • 15. May 16 Q&A
      • Top-down approach
      • Auditor performs procedures to understand ICFR and identify controls to test in sequential manner
      • Focus early on matters, such as company-level controls (CLC), that can affect later scoping decisions
      • Eliminate from consideration, accounts with remote likelihood of material misstatement
    • 16. May 16 Q&A
      • Top-down approach (continued)
      • Identify, understand, and evaluate design effectiveness of CLC
      • Identify significant accounts at financial statement or disclosure level
      • Identify assertions relevant to each significant account
    • 17. May 16 Q&A
      • Top-down approach (continued)
      • Identify significant processes and major classes of transactions
      • Identify points where error or fraud could occur
      • Identify controls that prevent or detect error or fraud
      • Link controls with significant accounts and assertions
    • 18. May 16 Q&A
      • Risk assessment
      • Significant accounts Use risk factors in paragraph 65 to eliminate from consideration accounts with remote likelihood of containing material misstatement
      • Relevant assertions Assertions that do not present meaningful risk of material misstatement are not relevant and should not be tested
      • Using work of others As risk factors decrease in significance, need for auditor to perform own work decreases
    • 19. May 16 Q&A
      • Risk assessment effect on nature, timing, and extent
      • --As risk associated with control decreases:
      • Nature Persuasiveness of evidence needed decreases
        • Inquiry, observation, inspection of documents, and reperformance of control are types of audit procedures
        • Walkthroughs are a combination of the procedures and can serve as tests of design and operating effectiveness
      • Timing Testing can be done farther from as-of date
      • Extent Extensiveness of testing should decrease
    • 20. May 16 Q&A
      • Benchmarking automated application controls
      • Auditor may conclude that automated application control continues to be effective, without repeating the prior year testing of application if:
        • General controls over program changes, access to programs, and computer operations are effective and continue to be tested; AND
        • The auditor verifies that the automated application control has not changed since he or she last tested the application control
      • Auditor should consider importance of the effect of related files, tables, data, and parameters on the consistent and effective and effective functioning of the automated application control
    • 21. May 16 Q&A
      • Self-assessments of control
      • Auditors can use management’s self-assessment of controls in certain circumstances
      • Auditor cannot use an assessment made by the same personnel who are responsible for performing the control
    • 22. May 16 Q&A
      • Self-assessments of control (cont’d)
      • Auditor should evaluate the self-assessments using the guidance in AS#2 for evaluating the work of others
      • For work performed by others, auditor should evaluate their:
        • Objectivity
        • Independence
    • 23. May 16 Q&A
      • Testing controls as of an interim date
      • Auditor should determine what additional evidence to obtain concerning the operation of the control for the remaining period (paragraph 100 of AS#2)
      • As factors listed in paragraph 100 decrease in significance, evidence can be less persuasive and updating procedures less extensive
    • 24. May 16 Q&A
      • Testing controls as of an interim date (cont’d)
      • Factors to consider
        • Specific controls tested prior to as-of date and results of tests
        • Persuasiveness of evidence of operating effectiveness obtained at interim date
        • Length of remaining period
        • Possibility of significant changes in ICFR after the interim date
    • 25. PCAOB Policy Statement
      • Integrate audits of internal control with audits of financial statements
      • Exercise judgment to tailor audit plans to the risks facing individual clients
      • Use a top-down approach that begins with company-level controls
      • Use the flexibility of the standard to use the work of others as provided
      • Engage in direct and timely communication with audit clients
    • 26.
      • Determining when it is appropriate for auditor to provide accounting advice requires professional judgment
      • Auditor should be concerned primarily about instances in which the company completed financial statements and disclosures without recognizing potential material misstatement
      Engage in direct and timely communication with audit clients
    • 27.
      • Auditors may provide audit clients with technical advice on the proper application of GAAP, including updates on recent FASB developments
      • Companies may provide and discuss with the auditor preliminary drafts of accounting memos, spreadsheets, and other working papers
      Engage in direct and timely communication with audit clients
    • 28. Rules/Standards Approved By Board on July 26
      • Independence and tax services
      • Standard for reporting on whether a previously reported material weakness continues to exist (Auditing Standard No. 4)
      • Awaiting SEC approval
    • 29. Ethics and Independence Rules - Overview
      • Rules cover three areas
        • Core ethics and independence requirements
        • Specific services that impair the auditor's independence
          • Contingent fees
          • Tax transactions
          • Tax services to persons in a financial reporting oversight role
        • Additional communication requirements with audit committees as they relate to permissible tax services
    • 30. Core ethics and independence requirements
      • Codify principle that persons associated with a registered firm may not cause the firm to violate relevant laws, rules, and standards
        • Rule 3502 – A person associated with a registered public accounting firm shall not cause that firm to violate the Act, rules of the Board, provisions of applicable securities laws and SEC rules, or professional standards due to an act or omission the person knew, or was reckless in not knowing, would directly and substantially contribute to such violation.
    • 31. Core ethics and independence requirements
      • Introduce a foundation for the independence component of the Board’s independence rules
        • Rule 3520 – A registered firm and it's associated persons must be independent of its audit client throughout the audit and professional engagement period. Must also satisfy all applicable independence criteria.
    • 32. Prohibited Services
      • Identification of certain impairments to independence
        • Rule 3521 – Contingent Fees
        • Rule 3522 – Tax Transactions
        • Rule 3523 – Tax Services for Persons in a Financial Reporting Oversight Role
    • 33. Contingent Fees
      • Rule 3521 – A registered public accounting firm is not independent of its audit client if the firm, or affiliate, during the audit and engagement period, provides any service or product to the audit client for a contingent fee or a commission, or receives from the audit client, directly or indirectly, a contingent fee or commission.
        • Contingent fee defined as any fee established for the sale of a product, or performance of any service pursuant to an arrangement, in which no fee will be charged unless a specified finding or result is attained, or in which the amount of the fee is dependent upon the finding or result of such product or service
    • 34. Tax Transactions
      • Rule 3522 – A registered public accounting firm is not independent of its audit client if the firm, or affiliate, during the audit and engagement period, provides any non-audit service to the audit client related to marketing, planning, or opining in favor of the tax treatment of a transaction that is a -
        • Confidential transaction
        • Aggressive tax position transaction - that was initially recommended, directly or indirectly, by the firm and a significant purpose of which is tax avoidance, unless the proposed tax treatment is at least more likely than not to be allowable under applicable tax laws
            • Listed transaction
    • 35. Tax Services to Persons in FROR
      • Rule 3523 – A registered public accounting firm is not independent of its audit client if the firm, or affiliate, during the audit and engagement period, provides any tax service to a person in a financial reporting oversight role at the audit client or their immediate family member
        • Financial Reporting Oversight Role (FROR) means a role in which a person is in a position to, or does, exercise influence over the contents of the financial statements or anyone who prepares them
    • 36. Additional Communications Requirements
      • Rule 3524 – In connection with seeking audit committee pre-approval to perform for an audit client any permissible tax service, a registered public accounting firm shall –
          • Describe, in writing, to the audit committee the scope of the service, the fee structure for the engagement, and other certain information
          • Discuss with the audit committee the potential effects of the services on the auditor’s independence
          • Document the substance of the discussion with the audit committee
    • 37. Effective Dates
      • Rules 3501, 3502 and 3520 – effective 10 days after SEC approval
      • Rule 3521 and 3522 – effective December 31, 2005 or 10 days after SEC approval
      • Rule 3523 – effective June 30, 2006 or 10 days after SEC approval
      • Rule 3524 - effective December 15, 2005 or 10 days after SEC approval. In cases of pre-approval by policies and procedures, the rule will not apply to any tax service provided by March 31, 2006
    • 38. 2004 Internal Control Reports What do these companies have in common?
      • Fannie Mae
      • AIG
      • GE
      • Kroger
      • MCI
      • Goodyear
      • Delphi
      • Eastman Kodak
      • Outback Steakhouses
      • Denny’s
      • Blockbuster
      • Panera Bread
    • 39. 2004 Internal Control Reports
      • 14% of accelerated filers reported material weakness in internal controls
      • 53% of MWs due to material financial statement adjustments found by auditor—most prevalent
        • Tax accounting (27%),
        • Revenue recognition (25%),
        • Inventory/cost of sales (19%)
        • Lease accounting (17%)
      • Source: Audit Analytics, May 18, 2005
    • 40. Auditing Standard No. 4
      • Reporting on Whether a Previously Reported Material Weakness Continues to Exist
      • Voluntary report
      • Standard would permit a company to hire an auditor to determine if a material weakness no longer exists, as of a specified date
      • Objective is to express an opinion on whether a previously reported material weakness continues to exist
      • Will be effective as of the date of SEC approval
    • 41. Auditing Standard No. 4
      • Conditions for auditor performance
      • Auditor has audited the company's financial statements and internal control over financial reporting (ICFR) in accordance with AS #2 as of the date of company's most recent annual assessment of ICFR
      • OR
      • Auditor has been engaged to perform an audit of the financial statements and internal control over financial reporting in accordance with AS #2 in the current year and has a sufficient basis for performing engagement
    • 42. Auditing Standard No. 4
      • Conditions for management
      • Management accepts responsibility for effectiveness of ICFR
      • Management evaluates the effectiveness of specific control(s) that it believes addresses the MW using the same control criteria and control objective(s)as used in most recent annual assessment of ICFR
      • Management asserts that the specific control(s) identified is effective in achieving the control objective
      • Management supports its assertion with sufficient evidence, including documentation
      • Management presents a written report that will accompany the auditor's report that contains elements described in paragraph 48 of this standard
    • 43. Auditing Standard No. 4
      • Auditor must
      • Obtain understanding of and evaluate management's evidence supporting its assertion that specified controls related to MW
        • Are designed and operated effectively
        • That controls achieve the company's stated control objective(s) consistent with control criteria
        • Identified material weakness no longer exists
      • Auditor should identify and test all controls necessary to achieve the stated control objective
    • 44. Auditing Standard No. 4
      • Auditor should evaluate operating effectiveness of specified control by determining whether specified control operated as designed and whether person performing the control possesses necessary authority and qualifications to perform control effectively
      • If auditor determines that management has not supported assertion with sufficient evidence, auditor cannot complete the engagement because a condition for engagement completion would not be met
    • 45. Auditing Standard No. 4
      • Auditor's evaluation of management's report
      • Auditor should evaluate whether:
      • Management has properly stated its responsibility for establishing and maintaining effective ICFR
      • Control criteria used by management is suitable
      • Material weakness, stated control objectives, and specified controls have been properly described
      • Management's assertions, as of date specified in management's report, are free of material misstatement
    • 46. Auditing Standard No. 4
      • Auditor's report
      • If auditor determines that previously reported MW continues to exist, he or she is not required to issue a report
      • If the auditor does not issue report, he or she must communicate, in writing, to audit committee conclusion that the MW continues to exist
      • If auditor identifies MW that has not been previously communicated to audit committee in writing, auditor must communicate that MW, in writing, to audit committee
    • 47. Future Standard-Setting
      • Responsibility for fraud detection
      • Communications with audit committees
      • Assessing audit risk
      • Engagement quality review
      • Auditing related party transactions
      • Auditing fair value measurements
      • Confirmation process
    • 48. Keeping Current with PCAOB Standards Activities
      • www.pcaobus.org
        • Inspection reports
        • Disciplinary proceedings
        • Interim standards
        • Proposed and final standards
        • Staff Q&A
        • Standing Advisory Group (SAG)
        • Live and archived webcasts
    • 49. Questions?

    ×