SlideShare a Scribd company logo

Evaluation of process level control deficiencies 5 20-2016

Download as PPT, PDF
L
leschaney

Presentation showing support for automated spreadsheet used in evaluation of process-level-control deficiencies.

Business
1 of 24
Systematic Approach to the Evaluation of Process-Level Control Deficiencies Les A. Chaney, CPA, CIA, CGMA ICFR Global Consulting, LLC Mobile: (919) 427-2265 Lchaney@icfr-consulting.com Revised May 20. 2016
2 Systematic Approach for Evaluating “Process-Level” Control Deficiencies, utilizing: – PCAOB Audit Standard # 5 (approved May 24, 2007, amended June 12, 2007) – Superseded PCAOB Audit Standard # 2 (March 2004) – “A Framework for Evaluating Control Exceptions and Deficiencies” (Dec 2004) 2
33 The PLC Deficiency Evaluation Process •Local Materiality Threshold •Local Upper Limit of Significant Deficiency •Estimation of Gross Exposure (Potential Magnitude) •Evaluation of Design Deficiencies •Evaluation of Operating Effectiveness Deficiencies
44 Local Materiality Threshold •To begin the PLC deficiency evaluation process, Executive Management must determine the basis of the Local Materiality Threshold. •Materiality Threshold is defined as the amount which must be exceeded for a deficiency to be deemed to have a “material” impact on the financial statements. •Some companies use a percentage of budgeted gross sales or a percentage of net income. –In our example, current year annual budgeted gross sales of $1.25B and a percentage of 1/2% is used to calculate the Local Materiality Threshold of $6.25M.
55 Local “Significant Deficiency Threshold” • The “local significant deficiency threshold” is defined as the amount by which a deficiency must exceed to be considered a Significant Deficiency. • In conjunction with the Materiality Threshold, Executive Management must determine the “Local Upper Limit of Significant Deficiency” by estimating a percentage to be applied to the Local Materiality Threshold. In our example, Executive Management has determined that 20% of the rounded Local Materiality Threshold of $6.25M is deemed to be the Local Significant Deficiency Threshold, which calculates to be $1.25M.
66 Authoritative Guidance •Public Company Accounting Oversight Board (PCAOB) Audit Standard (AS) # 2 (superseded by PCAOB AS # 5) –Paragraph 9: A significant deficiency is a control deficiency, or combination of control deficiencies, that adversely affects the company’s ability to initiate, authorize, record, process, or report external financial date…such that there is more than remote likelihood that a misstatement of the company’s…financial statements that is more than inconsequential will not be prevented or detected. •PCAOB AS #5, does not use the terms “inconsequential” or “more than inconsequential” to gauge magnitude.
77 Estimation of Gross Exposure •Step one in the deficiency evaluation process for each PLC Design and Operation deficiency is to estimate the Gross Exposure (Potential Magnitude). •The Gross Exposure is the worst-case estimate of the magnitude of amounts or transactions exposed to the deficiency with regard to interim or annual financial statements.
88 Estimation of Gross Exposure (continued) •Practical approach:  Determine the general ledger (GL) accounts impacted by the deficiency  Describe the transactions impacted by the deficiency  Determine the GL balances, or other estimated Gross Amount that could be impacted (e.g. in some cases, the amount of the Local Materiality Threshold may be conservatively used if a particular GL account balance or transaction amount can not be determined)  Estimate the percent of the GL balance or transaction total impacted by the deficiency (e.g. in some cases, 100% is the most conservative, if a % can not be readily estimated). Finally, the Gross Exposure is calculated as the original amount multiplied times the estimated percentage. This amount is then used to begin the evaluation of the Design or Operating Effectiveness deficiency.
99 Authoritative Guidance •PCAOB AS # 2, paragraph 135, and PCAOB AS # 5, paragraph 66: Several factors affect the magnitude of the misstatement that could result from a deficiency or deficiencies in controls. The factors include, but are not limited to, the following: o The financial statement amounts or total of transactions exposed to the deficiency. o The volume of activity in the account balance or class of transactions exposed to the deficiency that has occurred in the current period or that is expected in future periods.
10
1111 Evaluation of Design Deficiencies •Per PCAOB AS # 2, paragraph 8: A deficiency in design exists when (a) a control necessary to meet the control objective is missing, or (b) an existing control is not properly designed so that, even if the control operates as designed, the control objective is not always met.
12
1313 Evaluation of Operating Effectiveness Deficiencies • Per PCAOB AS # 2, paragraph 8: A deficiency in operation exists when a properly designed control does not operate as designed or when the person performing the control does not possess the necessary authority or qualifications to perform the control effectively. • The steps to evaluate Operation deficiencies are the same as the steps to evaluate Design deficiencies, except immediately after step 2, three additional steps are performed: 1. Determine the “Upper Limit Deviation Rate” 2. If the Upper Limit Deviation Rate is < 20%, then calculate the “Adjusted Gross Exposure” = the Gross Exposure. 3. Is the “Adjusted Gross Exposure” > or = Local Upper Limit? If no, then the deficiency is evaluated as “inconsequential”.
14
15 Deficiency Evaluation “Compensating Controls” (Automated Spreadsheet)
16 Deficiency Evaluation “Estimation of Gross Exposure” (Automated Spreadsheet)
17 Deficiency Evaluation “Estimation of ‘Adjusted’ Gross Exposure” (Automated Spreadsheet)
18 Deficiency Evaluation - “TOD & TOE” (Automated Spreadsheet)
19 Deficiency Evaluation – Decision Input from Corp Mgt (Automated Spreadsheet)
2020 Authoritative Guidance •PCAOB AS # 2, paragraph 133, and PCAOB AS # 5, paragraph 65: Several factors affect the likelihood that a deficiency…could result in a misstatement. The factors include, but are not limited to: o The nature of the financial statement accounts, disclosures, and assertions involved o The susceptibility of the related assets or liability to loss or fraud o The subjectivity, complexity, or extent of judgment required to determine the amount involved o The cause and frequency of known or detected exceptions for the operating effectiveness of a control o The interaction or relationship of the control with other controls o The interaction of the deficiencies o The possible future consequences of the deficiency
2121 Authoritative Guidance •“A Framework for Evaluating Control Exceptions and Deficiencies” was published December 20, 2004. The framework was developed by representatives of the following nine firms: BDO Seidman LLP, Crowe Chizek and Company LLC, Deloitte & Touche LLP, Ernst & Young LLP, Grant Thornton LLP, Harbinger PLC, KPMB LLP, McGladrey & Pullen LLP, and PricewaterhouseCoopers LLP.
2222 Authoritative Guidance •PCAOB Audit Standard No. 2 – March 9, 2004: “An audit of internal control over financial reporting performed in conjunction with an audit of financial statements” Paragraph 130. “Evaluating Deficiencies in Internal Control Over Financial Reporting. Paragraph 131. The auditor should evaluate the significance of a deficiency …by determining the following: o The likelihood that a deficiency, or a combination…could result in a misstatement… o The magnitude of the potential misstatement… Paragraph 133. Several factors affect the likelihood that a deficiency or combination…could result in a misstatement… Paragraph 135. Several factors affect the magnitude…
2323 Authoritative Guidance •PCAOB Audit Standard No. 5 – June 12, 2007: “An audit of internal control over financial reporting that is integrated with an audit of financial statements” Paragraph 62. The auditor must evaluate the severity of each control deficiency... Paragraph 63. The severity of a deficiency depends on: o Whether there is a reasonable possibility that the company’s controls will fail to prevent or detect a misstatement… o The magnitude of the potential misstatement resulting from the deficiency or deficiencies Paragraph 65. Risk factors affect whether there is a reasonable possibility… [The factors are the same as AS #2, paragraph 133 factors affecting likelihood. ] Paragraph 66. Factors affect the magnitude… [Same as AS #2, paragraph 135 factors affecting magnitude] Paragraph 68. The auditor should evaluate the effect of compensating controls when determining whether a deficiency is a material weakness.
2424 Questions or Request for Automated Spreadsheet? Les A. Chaney, CPA, CIA, CGMA, CRMA ICFR Global Consulting, LLC Cary, NC Mobile: (919) 427-2265 Lchaney@icfr-consulting.com www.icfr-consulting.com

Recommended

CISA Review Course Slides - Part1
CISA Review Course Slides - Part1CISA Review Course Slides - Part1
CISA Review Course Slides - Part1Iyad Mourtada, CMA, CIA, CFE, CCSA, CRMA, CPLP
 
ISO 37001 : Anti Bribery Management System Fraud & Bribery Concepts, Laws & R...
ISO 37001 : Anti Bribery Management System Fraud & Bribery Concepts, Laws & R...ISO 37001 : Anti Bribery Management System Fraud & Bribery Concepts, Laws & R...
ISO 37001 : Anti Bribery Management System Fraud & Bribery Concepts, Laws & R...Instansi
 
CISA Domain 1 - IS Auditing (day 1)
CISA Domain 1 - IS Auditing (day 1)CISA Domain 1 - IS Auditing (day 1)
CISA Domain 1 - IS Auditing (day 1)Cyril Soeri
 
Data analytics 2 analytics in the audit slides
Data analytics 2 analytics in the audit slides Data analytics 2 analytics in the audit slides
Data analytics 2 analytics in the audit slides Jim Kaplan CIA CFE
 
Audit Documentation Presentation
Audit Documentation PresentationAudit Documentation Presentation
Audit Documentation PresentationKarim70
 
Operational risk & incident reporting
Operational risk & incident reportingOperational risk & incident reporting
Operational risk & incident reportingShivaLeela Choudary
 
IT Audit Methodologies
IT Audit MethodologiesIT Audit Methodologies
IT Audit MethodologiesSALIH AHMED ISLAM
 
The Three Lines of Defense Model & Continuous Controls Monitoring
The Three Lines of Defense Model & Continuous Controls MonitoringThe Three Lines of Defense Model & Continuous Controls Monitoring
The Three Lines of Defense Model & Continuous Controls MonitoringCaseWare IDEA
 

Recommended

CISA Review Course Slides - Part1
CISA Review Course Slides - Part1CISA Review Course Slides - Part1
CISA Review Course Slides - Part1Iyad Mourtada, CMA, CIA, CFE, CCSA, CRMA, CPLP
 
ISO 37001 : Anti Bribery Management System Fraud & Bribery Concepts, Laws & R...
ISO 37001 : Anti Bribery Management System Fraud & Bribery Concepts, Laws & R...ISO 37001 : Anti Bribery Management System Fraud & Bribery Concepts, Laws & R...
ISO 37001 : Anti Bribery Management System Fraud & Bribery Concepts, Laws & R...Instansi
 
CISA Domain 1 - IS Auditing (day 1)
CISA Domain 1 - IS Auditing (day 1)CISA Domain 1 - IS Auditing (day 1)
CISA Domain 1 - IS Auditing (day 1)Cyril Soeri
 
Data analytics 2 analytics in the audit slides
Data analytics 2 analytics in the audit slides Data analytics 2 analytics in the audit slides
Data analytics 2 analytics in the audit slides Jim Kaplan CIA CFE
 
Audit Documentation Presentation
Audit Documentation PresentationAudit Documentation Presentation
Audit Documentation PresentationKarim70
 
Operational risk & incident reporting
Operational risk & incident reportingOperational risk & incident reporting
Operational risk & incident reportingShivaLeela Choudary
 
IT Audit Methodologies
IT Audit MethodologiesIT Audit Methodologies
IT Audit MethodologiesSALIH AHMED ISLAM
 
The Three Lines of Defense Model & Continuous Controls Monitoring
The Three Lines of Defense Model & Continuous Controls MonitoringThe Three Lines of Defense Model & Continuous Controls Monitoring
The Three Lines of Defense Model & Continuous Controls MonitoringCaseWare IDEA
 
GRC Governance, Risk mgmt. & Compliance Executive
GRC Governance, Risk mgmt. & Compliance ExecutiveGRC Governance, Risk mgmt. & Compliance Executive
GRC Governance, Risk mgmt. & Compliance ExecutiveMax Neira Schliemann
 
Risk Based Audit Approach
Risk Based Audit ApproachRisk Based Audit Approach
Risk Based Audit ApproachSALIH AHMED ISLAM
 
CISA Domain- 1 - InfosecTrain
CISA Domain- 1 - InfosecTrainCISA Domain- 1 - InfosecTrain
CISA Domain- 1 - InfosecTrainInfosecTrain
 
Risk Culture & Risk Appetite
Risk Culture & Risk AppetiteRisk Culture & Risk Appetite
Risk Culture & Risk AppetiteLászló Árvai
 
Fraud Prevention, Detection and Investigation in the Payday Advance Industry
Fraud Prevention, Detection and Investigation in the Payday Advance IndustryFraud Prevention, Detection and Investigation in the Payday Advance Industry
Fraud Prevention, Detection and Investigation in the Payday Advance IndustryDecosimoCPAs
 
Guide to Risk Management Framework (RMF)
Guide to Risk Management Framework (RMF)Guide to Risk Management Framework (RMF)
Guide to Risk Management Framework (RMF)MetroStar
 
Key risk indicators shareslide
Key risk indicators shareslideKey risk indicators shareslide
Key risk indicators shareslideZakaria Salah, Ph.D,MBA
 
The Future of Internal Audit through data analytics
The Future of Internal Audit through data analyticsThe Future of Internal Audit through data analytics
The Future of Internal Audit through data analyticsGrant Thornton LLP
 
POSITION OF INTERNAL AUDIT IN THE CORPORATE FRAMEWORK
POSITION OF INTERNAL AUDIT IN THE CORPORATE FRAMEWORKPOSITION OF INTERNAL AUDIT IN THE CORPORATE FRAMEWORK
POSITION OF INTERNAL AUDIT IN THE CORPORATE FRAMEWORKHaresh Lalwani
 
Advanced Risk Management - Elsam Management Consultants
Advanced Risk Management - Elsam Management ConsultantsAdvanced Risk Management - Elsam Management Consultants
Advanced Risk Management - Elsam Management ConsultantsEMAC Consulting Group
 
FSI_Third Party Risk Management_Deloitte PoV
FSI_Third Party Risk Management_Deloitte PoVFSI_Third Party Risk Management_Deloitte PoV
FSI_Third Party Risk Management_Deloitte PoVFrederic Girardeau-Montaut
 
Standards of Internal Audit
Standards of Internal AuditStandards of Internal Audit
Standards of Internal AuditKaran Puri
 
Enterprise risk management
Enterprise risk managementEnterprise risk management
Enterprise risk managementAnu Damodaran
 
Managing with KPI's and KRI's
Managing with KPI's and KRI's Managing with KPI's and KRI's
Managing with KPI's and KRI's Andrew Smart
 
COBIT 5 Basic Concepts
COBIT 5 Basic ConceptsCOBIT 5 Basic Concepts
COBIT 5 Basic ConceptsSpyros Ktenas
 
CISA Domain 1 The Process On AUDITING INFORMATION SYSTEMS
CISA Domain 1 The Process On AUDITING INFORMATION SYSTEMSCISA Domain 1 The Process On AUDITING INFORMATION SYSTEMS
CISA Domain 1 The Process On AUDITING INFORMATION SYSTEMSShivamSharma909
 
Internal audit
Internal auditInternal audit
Internal auditRahul Mithia
 
FRM - Level 1 Part 1 - Foundations of Risk Management
FRM - Level 1 Part 1 - Foundations of Risk ManagementFRM - Level 1 Part 1 - Foundations of Risk Management
FRM - Level 1 Part 1 - Foundations of Risk ManagementJoe McPhail
 
Market Risk
Market RiskMarket Risk
Market RiskSAS Institute India Pvt. Ltd
 
Data Flow Mapping and the EU GDPR
Data Flow Mapping and the EU GDPRData Flow Mapping and the EU GDPR
Data Flow Mapping and the EU GDPRIT Governance Ltd
 
Class 25 i, d electronic controllers
Class 25 i, d electronic controllersClass 25 i, d electronic controllers
Class 25 i, d electronic controllersManipal Institute of Technology
 
Internal Control Assessment: Lessons Learned and the Pain Felt - 2014 Recap
Internal Control Assessment: Lessons Learned and the Pain Felt - 2014 RecapInternal Control Assessment: Lessons Learned and the Pain Felt - 2014 Recap
Internal Control Assessment: Lessons Learned and the Pain Felt - 2014 RecapHein & Associates
 

More Related Content

What's hot

GRC Governance, Risk mgmt. & Compliance Executive
GRC Governance, Risk mgmt. & Compliance ExecutiveGRC Governance, Risk mgmt. & Compliance Executive
GRC Governance, Risk mgmt. & Compliance ExecutiveMax Neira Schliemann
 
CISA Domain- 1 - InfosecTrain
CISA Domain- 1 - InfosecTrainCISA Domain- 1 - InfosecTrain
CISA Domain- 1 - InfosecTrainInfosecTrain
 
Risk Culture & Risk Appetite
Risk Culture & Risk AppetiteRisk Culture & Risk Appetite
Risk Culture & Risk AppetiteLászló Árvai
 
Fraud Prevention, Detection and Investigation in the Payday Advance Industry
Fraud Prevention, Detection and Investigation in the Payday Advance IndustryFraud Prevention, Detection and Investigation in the Payday Advance Industry
Fraud Prevention, Detection and Investigation in the Payday Advance IndustryDecosimoCPAs
 
Guide to Risk Management Framework (RMF)
Guide to Risk Management Framework (RMF)Guide to Risk Management Framework (RMF)
Guide to Risk Management Framework (RMF)MetroStar
 
The Future of Internal Audit through data analytics
The Future of Internal Audit through data analyticsThe Future of Internal Audit through data analytics
The Future of Internal Audit through data analyticsGrant Thornton LLP
 
POSITION OF INTERNAL AUDIT IN THE CORPORATE FRAMEWORK
POSITION OF INTERNAL AUDIT IN THE CORPORATE FRAMEWORKPOSITION OF INTERNAL AUDIT IN THE CORPORATE FRAMEWORK
POSITION OF INTERNAL AUDIT IN THE CORPORATE FRAMEWORKHaresh Lalwani
 
Advanced Risk Management - Elsam Management Consultants
Advanced Risk Management - Elsam Management ConsultantsAdvanced Risk Management - Elsam Management Consultants
Advanced Risk Management - Elsam Management ConsultantsEMAC Consulting Group
 
Standards of Internal Audit
Standards of Internal AuditStandards of Internal Audit
Standards of Internal AuditKaran Puri
 
Enterprise risk management
Enterprise risk managementEnterprise risk management
Enterprise risk managementAnu Damodaran
 
Managing with KPI's and KRI's
Managing with KPI's and KRI's Managing with KPI's and KRI's
Managing with KPI's and KRI's Andrew Smart
 
COBIT 5 Basic Concepts
COBIT 5 Basic ConceptsCOBIT 5 Basic Concepts
COBIT 5 Basic ConceptsSpyros Ktenas
 
CISA Domain 1 The Process On AUDITING INFORMATION SYSTEMS
CISA Domain 1 The Process On AUDITING INFORMATION SYSTEMSCISA Domain 1 The Process On AUDITING INFORMATION SYSTEMS
CISA Domain 1 The Process On AUDITING INFORMATION SYSTEMSShivamSharma909
 
FRM - Level 1 Part 1 - Foundations of Risk Management
FRM - Level 1 Part 1 - Foundations of Risk ManagementFRM - Level 1 Part 1 - Foundations of Risk Management
FRM - Level 1 Part 1 - Foundations of Risk ManagementJoe McPhail
 
Data Flow Mapping and the EU GDPR
Data Flow Mapping and the EU GDPRData Flow Mapping and the EU GDPR
Data Flow Mapping and the EU GDPRIT Governance Ltd
 

What's hot (20)

GRC Governance, Risk mgmt. & Compliance Executive
GRC Governance, Risk mgmt. & Compliance ExecutiveGRC Governance, Risk mgmt. & Compliance Executive
GRC Governance, Risk mgmt. & Compliance Executive
 
Risk Based Audit Approach
Risk Based Audit ApproachRisk Based Audit Approach
Risk Based Audit Approach
 
CISA Domain- 1 - InfosecTrain
CISA Domain- 1 - InfosecTrainCISA Domain- 1 - InfosecTrain
CISA Domain- 1 - InfosecTrain
 
Risk Culture & Risk Appetite
Risk Culture & Risk AppetiteRisk Culture & Risk Appetite
Risk Culture & Risk Appetite
 
Fraud Prevention, Detection and Investigation in the Payday Advance Industry
Fraud Prevention, Detection and Investigation in the Payday Advance IndustryFraud Prevention, Detection and Investigation in the Payday Advance Industry
Fraud Prevention, Detection and Investigation in the Payday Advance Industry
 
Guide to Risk Management Framework (RMF)
Guide to Risk Management Framework (RMF)Guide to Risk Management Framework (RMF)
Guide to Risk Management Framework (RMF)
 
Key risk indicators shareslide
Key risk indicators shareslideKey risk indicators shareslide
Key risk indicators shareslide
 
The Future of Internal Audit through data analytics
The Future of Internal Audit through data analyticsThe Future of Internal Audit through data analytics
The Future of Internal Audit through data analytics
 
POSITION OF INTERNAL AUDIT IN THE CORPORATE FRAMEWORK
POSITION OF INTERNAL AUDIT IN THE CORPORATE FRAMEWORKPOSITION OF INTERNAL AUDIT IN THE CORPORATE FRAMEWORK
POSITION OF INTERNAL AUDIT IN THE CORPORATE FRAMEWORK
 
Advanced Risk Management - Elsam Management Consultants
Advanced Risk Management - Elsam Management ConsultantsAdvanced Risk Management - Elsam Management Consultants
Advanced Risk Management - Elsam Management Consultants
 
FSI_Third Party Risk Management_Deloitte PoV
FSI_Third Party Risk Management_Deloitte PoVFSI_Third Party Risk Management_Deloitte PoV
FSI_Third Party Risk Management_Deloitte PoV
 
Standards of Internal Audit
Standards of Internal AuditStandards of Internal Audit
Standards of Internal Audit
 
Enterprise risk management
Enterprise risk managementEnterprise risk management
Enterprise risk management
 
Managing with KPI's and KRI's
Managing with KPI's and KRI's Managing with KPI's and KRI's
Managing with KPI's and KRI's
 
COBIT 5 Basic Concepts
COBIT 5 Basic ConceptsCOBIT 5 Basic Concepts
COBIT 5 Basic Concepts
 
CISA Domain 1 The Process On AUDITING INFORMATION SYSTEMS
CISA Domain 1 The Process On AUDITING INFORMATION SYSTEMSCISA Domain 1 The Process On AUDITING INFORMATION SYSTEMS
CISA Domain 1 The Process On AUDITING INFORMATION SYSTEMS
 
Internal audit
Internal auditInternal audit
Internal audit
 
FRM - Level 1 Part 1 - Foundations of Risk Management
FRM - Level 1 Part 1 - Foundations of Risk ManagementFRM - Level 1 Part 1 - Foundations of Risk Management
FRM - Level 1 Part 1 - Foundations of Risk Management
 
Market Risk
Market RiskMarket Risk
Market Risk
 
Data Flow Mapping and the EU GDPR
Data Flow Mapping and the EU GDPRData Flow Mapping and the EU GDPR
Data Flow Mapping and the EU GDPR
 

Viewers also liked

Internal Control Assessment: Lessons Learned and the Pain Felt - 2014 Recap
Internal Control Assessment: Lessons Learned and the Pain Felt - 2014 RecapInternal Control Assessment: Lessons Learned and the Pain Felt - 2014 Recap
Internal Control Assessment: Lessons Learned and the Pain Felt - 2014 RecapHein & Associates
 
Delivering Meaningful Audit Reports Local Govt - Scott Webb Nov 2013
Delivering Meaningful Audit Reports Local Govt - Scott Webb Nov 2013Delivering Meaningful Audit Reports Local Govt - Scott Webb Nov 2013
Delivering Meaningful Audit Reports Local Govt - Scott Webb Nov 2013Scott Webb CPA CIA PMIIA CRMA
 
Identification and Tuning of Process with Inverse Response
Identification and Tuning of Process with Inverse ResponseIdentification and Tuning of Process with Inverse Response
Identification and Tuning of Process with Inverse Responseomkarharshe
 
Bcu msc cg week 8 audit 290712
Bcu msc cg week 8 audit 290712Bcu msc cg week 8 audit 290712
Bcu msc cg week 8 audit 290712Stephen Ong
 
Multivariable Control System Design for Quadruple Tank Process using Quantita...
Multivariable Control System Design for Quadruple Tank Process using Quantita...Multivariable Control System Design for Quadruple Tank Process using Quantita...
Multivariable Control System Design for Quadruple Tank Process using Quantita...IDES Editor
 
Corporate Governance Rating Reliance Industries Limited
Corporate Governance Rating Reliance Industries LimitedCorporate Governance Rating Reliance Industries Limited
Corporate Governance Rating Reliance Industries LimitedSpartanski
 
Illustrative Tools for Assessing Effectiveness of a System of Internal Control
Illustrative Tools for Assessing Effectiveness of a System of Internal Control Illustrative Tools for Assessing Effectiveness of a System of Internal Control
Illustrative Tools for Assessing Effectiveness of a System of Internal Control Tahir Abbas
 
Penetration testing as an internal audit activity
Penetration testing as an internal audit activityPenetration testing as an internal audit activity
Penetration testing as an internal audit activityTranscendent Group
 
Industrial Control Systems - Hydraulic Systems
Industrial Control Systems - Hydraulic SystemsIndustrial Control Systems - Hydraulic Systems
Industrial Control Systems - Hydraulic SystemsBehzad Samadi
 
Internal Audit Report Writing Best Practice
Internal Audit Report Writing Best PracticeInternal Audit Report Writing Best Practice
Internal Audit Report Writing Best PracticeDJones68
 
Tqm quality audit
Tqm quality auditTqm quality audit
Tqm quality auditpremsruthi
 
Electronic controllers presentation
Electronic controllers presentationElectronic controllers presentation
Electronic controllers presentationAkshay Dhole
 

Viewers also liked (20)

Class 25 i, d electronic controllers
Class 25 i, d electronic controllersClass 25 i, d electronic controllers
Class 25 i, d electronic controllers
 
Internal Control Assessment: Lessons Learned and the Pain Felt - 2014 Recap
Internal Control Assessment: Lessons Learned and the Pain Felt - 2014 RecapInternal Control Assessment: Lessons Learned and the Pain Felt - 2014 Recap
Internal Control Assessment: Lessons Learned and the Pain Felt - 2014 Recap
 
Delivering Meaningful Audit Reports Local Govt - Scott Webb Nov 2013
Delivering Meaningful Audit Reports Local Govt - Scott Webb Nov 2013Delivering Meaningful Audit Reports Local Govt - Scott Webb Nov 2013
Delivering Meaningful Audit Reports Local Govt - Scott Webb Nov 2013
 
Identification and Tuning of Process with Inverse Response
Identification and Tuning of Process with Inverse ResponseIdentification and Tuning of Process with Inverse Response
Identification and Tuning of Process with Inverse Response
 
Bcu msc cg week 8 audit 290712
Bcu msc cg week 8 audit 290712Bcu msc cg week 8 audit 290712
Bcu msc cg week 8 audit 290712
 
Multivariable Control System Design for Quadruple Tank Process using Quantita...
Multivariable Control System Design for Quadruple Tank Process using Quantita...Multivariable Control System Design for Quadruple Tank Process using Quantita...
Multivariable Control System Design for Quadruple Tank Process using Quantita...
 
Charter School Audit Guide 2015
Charter School Audit Guide 2015Charter School Audit Guide 2015
Charter School Audit Guide 2015
 
Class 26 d, pi electronic controllers
Class 26 d, pi electronic controllersClass 26 d, pi electronic controllers
Class 26 d, pi electronic controllers
 
Corporate Governance Rating Reliance Industries Limited
Corporate Governance Rating Reliance Industries LimitedCorporate Governance Rating Reliance Industries Limited
Corporate Governance Rating Reliance Industries Limited
 
Illustrative Tools for Assessing Effectiveness of a System of Internal Control
Illustrative Tools for Assessing Effectiveness of a System of Internal Control Illustrative Tools for Assessing Effectiveness of a System of Internal Control
Illustrative Tools for Assessing Effectiveness of a System of Internal Control
 
Penetration testing as an internal audit activity
Penetration testing as an internal audit activityPenetration testing as an internal audit activity
Penetration testing as an internal audit activity
 
Class 31 controller tuning and quality of control
Class 31 controller tuning and quality of controlClass 31 controller tuning and quality of control
Class 31 controller tuning and quality of control
 
Industrial Control Systems - Hydraulic Systems
Industrial Control Systems - Hydraulic SystemsIndustrial Control Systems - Hydraulic Systems
Industrial Control Systems - Hydraulic Systems
 
Class 32 performance criteria for tuning controllers
Class 32 performance criteria for tuning controllersClass 32 performance criteria for tuning controllers
Class 32 performance criteria for tuning controllers
 
Class 30 controller tuning
Class 30 controller tuningClass 30 controller tuning
Class 30 controller tuning
 
Class 21 22 - summary
Class 21 22 - summaryClass 21 22 - summary
Class 21 22 - summary
 
Internal Audit Report Writing Best Practice
Internal Audit Report Writing Best PracticeInternal Audit Report Writing Best Practice
Internal Audit Report Writing Best Practice
 
Class 15 control action and controllers
Class 15 control action and controllersClass 15 control action and controllers
Class 15 control action and controllers
 
Tqm quality audit
Tqm quality auditTqm quality audit
Tqm quality audit
 
Electronic controllers presentation
Electronic controllers presentationElectronic controllers presentation
Electronic controllers presentation
 

Similar to Evaluation of process level control deficiencies 5 20-2016

introduction to internal control in a financial statement audit
introduction to internal control in a financial statement auditintroduction to internal control in a financial statement audit
introduction to internal control in a financial statement auditMengsongNguon
 
Sas 112 May 14 08 Md Nonprofits
Sas 112 May 14 08 Md NonprofitsSas 112 May 14 08 Md Nonprofits
Sas 112 May 14 08 Md Nonprofitshimetro
 
Operational Risk Management
Operational Risk ManagementOperational Risk Management
Operational Risk ManagementAsad Hameed
 
Operational Risk Management under BASEL era
Operational Risk Management under BASEL eraOperational Risk Management under BASEL era
Operational Risk Management under BASEL eraTreat Risk
 
operations risk management power point presentation.
operations risk management power point presentation.operations risk management power point presentation.
operations risk management power point presentation.Miyelani Shibambo
 
Audit of Internal Financial Control over Financial Reporting (IFCR) A complet...
Audit of Internal Financial Control over Financial Reporting (IFCR) A complet...Audit of Internal Financial Control over Financial Reporting (IFCR) A complet...
Audit of Internal Financial Control over Financial Reporting (IFCR) A complet...Taufir Alam
 
Operational Risk Management
Operational Risk ManagementOperational Risk Management
Operational Risk ManagementAsad Hameed
 
SAS 104-111 for Nonprofit Execs
SAS 104-111 for Nonprofit ExecsSAS 104-111 for Nonprofit Execs
SAS 104-111 for Nonprofit Execshimetro
 
Internal audit ratings guide
Internal audit ratings guideInternal audit ratings guide
Internal audit ratings guideCenapSerdarolu
 
p13 29. The auditor should evaluate whether analytical procedure.pdf
p13 29. The auditor should evaluate whether analytical procedure.pdfp13 29. The auditor should evaluate whether analytical procedure.pdf
p13 29. The auditor should evaluate whether analytical procedure.pdfalicesilverblr
 
Operational risk management and measurement
Operational risk management and measurementOperational risk management and measurement
Operational risk management and measurementRahmat Mulyana
 
Moody's ---How Social Performance Impacts Financial Resilience and Default Pr...
Moody's ---How Social Performance Impacts Financial Resilience and Default Pr...Moody's ---How Social Performance Impacts Financial Resilience and Default Pr...
Moody's ---How Social Performance Impacts Financial Resilience and Default Pr...Microcredit Summit Campaign
 
Understanding of entity and inherent risk assessment (including case studies)
Understanding of entity and inherent risk assessment (including case studies)Understanding of entity and inherent risk assessment (including case studies)
Understanding of entity and inherent risk assessment (including case studies)MUHAMMAD HUZAIFA CHAUDHARY
 
Operation var (ama) con0529e
Operation var (ama) con0529eOperation var (ama) con0529e
Operation var (ama) con0529eChipo Nyachiwowa
 

Similar to Evaluation of process level control deficiencies 5 20-2016 (20)

introduction to internal control in a financial statement audit
introduction to internal control in a financial statement auditintroduction to internal control in a financial statement audit
introduction to internal control in a financial statement audit
 
Sas 112 May 14 08 Md Nonprofits
Sas 112 May 14 08 Md NonprofitsSas 112 May 14 08 Md Nonprofits
Sas 112 May 14 08 Md Nonprofits
 
Operational Risk Management
Operational Risk ManagementOperational Risk Management
Operational Risk Management
 
SOX 404 Power Point
SOX 404 Power PointSOX 404 Power Point
SOX 404 Power Point
 
Operational Risk Management under BASEL era
Operational Risk Management under BASEL eraOperational Risk Management under BASEL era
Operational Risk Management under BASEL era
 
operations risk management power point presentation.
operations risk management power point presentation.operations risk management power point presentation.
operations risk management power point presentation.
 
Audit of Internal Financial Control over Financial Reporting (IFCR) A complet...
Audit of Internal Financial Control over Financial Reporting (IFCR) A complet...Audit of Internal Financial Control over Financial Reporting (IFCR) A complet...
Audit of Internal Financial Control over Financial Reporting (IFCR) A complet...
 
Operational Risk Management
Operational Risk ManagementOperational Risk Management
Operational Risk Management
 
SAS 104-111 for Nonprofit Execs
SAS 104-111 for Nonprofit ExecsSAS 104-111 for Nonprofit Execs
SAS 104-111 for Nonprofit Execs
 
Internal audit ratings guide
Internal audit ratings guideInternal audit ratings guide
Internal audit ratings guide
 
p13 29. The auditor should evaluate whether analytical procedure.pdf
p13 29. The auditor should evaluate whether analytical procedure.pdfp13 29. The auditor should evaluate whether analytical procedure.pdf
p13 29. The auditor should evaluate whether analytical procedure.pdf
 
Audit ratings guide
Audit ratings guideAudit ratings guide
Audit ratings guide
 
Chapter 6
Chapter 6Chapter 6
Chapter 6
 
Operational risk management and measurement
Operational risk management and measurementOperational risk management and measurement
Operational risk management and measurement
 
Moody's ---How Social Performance Impacts Financial Resilience and Default Pr...
Moody's ---How Social Performance Impacts Financial Resilience and Default Pr...Moody's ---How Social Performance Impacts Financial Resilience and Default Pr...
Moody's ---How Social Performance Impacts Financial Resilience and Default Pr...
 
Internal Controls
Internal ControlsInternal Controls
Internal Controls
 
Understanding of entity and inherent risk assessment (including case studies)
Understanding of entity and inherent risk assessment (including case studies)Understanding of entity and inherent risk assessment (including case studies)
Understanding of entity and inherent risk assessment (including case studies)
 
Chapter 12 - Designing Substantive Procedures
Chapter 12 - Designing Substantive ProceduresChapter 12 - Designing Substantive Procedures
Chapter 12 - Designing Substantive Procedures
 
Audit process
Audit processAudit process
Audit process
 
Operation var (ama) con0529e
Operation var (ama) con0529eOperation var (ama) con0529e
Operation var (ama) con0529e
 

Recently uploaded

Call Girls In Connaught Place Delhi ❤️88604**77959_Russian 100% Genuine Escor...
Call Girls In Connaught Place Delhi ❤️88604**77959_Russian 100% Genuine Escor...Call Girls In Connaught Place Delhi ❤️88604**77959_Russian 100% Genuine Escor...
Call Girls In Connaught Place Delhi ❤️88604**77959_Russian 100% Genuine Escor...lizamodels9
 
Market Sizes Sample Report - 2024 Edition
Market Sizes Sample Report - 2024 EditionMarket Sizes Sample Report - 2024 Edition
Market Sizes Sample Report - 2024 EditionMintel Group
 
Progress Report - Oracle Database Analyst Summit
Progress Report - Oracle Database Analyst SummitProgress Report - Oracle Database Analyst Summit
Progress Report - Oracle Database Analyst SummitHolger Mueller
 
Flow Your Strategy at Flight Levels Day 2024
Flow Your Strategy at Flight Levels Day 2024Flow Your Strategy at Flight Levels Day 2024
Flow Your Strategy at Flight Levels Day 2024Kirill Klimov
 
Tech Startup Growth Hacking 101 - Basics on Growth Marketing
Tech Startup Growth Hacking 101 - Basics on Growth MarketingTech Startup Growth Hacking 101 - Basics on Growth Marketing
Tech Startup Growth Hacking 101 - Basics on Growth MarketingShawn Pang
 
BEST Call Girls In Old Faridabad ✨ 9773824855 ✨ Escorts Service In Delhi Ncr,
BEST Call Girls In Old Faridabad ✨ 9773824855 ✨ Escorts Service In Delhi Ncr,BEST Call Girls In Old Faridabad ✨ 9773824855 ✨ Escorts Service In Delhi Ncr,
BEST Call Girls In Old Faridabad ✨ 9773824855 ✨ Escorts Service In Delhi Ncr,noida100girls
 
8447779800, Low rate Call girls in Kotla Mubarakpur Delhi NCR
8447779800, Low rate Call girls in Kotla Mubarakpur Delhi NCR8447779800, Low rate Call girls in Kotla Mubarakpur Delhi NCR
8447779800, Low rate Call girls in Kotla Mubarakpur Delhi NCRashishs7044
 
Call Girls In Sikandarpur Gurgaon ❤️8860477959_Russian 100% Genuine Escorts I...
Call Girls In Sikandarpur Gurgaon ❤️8860477959_Russian 100% Genuine Escorts I...Call Girls In Sikandarpur Gurgaon ❤️8860477959_Russian 100% Genuine Escorts I...
Call Girls In Sikandarpur Gurgaon ❤️8860477959_Russian 100% Genuine Escorts I...lizamodels9
 
Keppel Ltd. 1Q 2024 Business Update Presentation Slides
Keppel Ltd. 1Q 2024 Business Update Presentation SlidesKeppel Ltd. 1Q 2024 Business Update Presentation Slides
Keppel Ltd. 1Q 2024 Business Update Presentation SlidesKeppelCorporation
 
The CMO Survey - Highlights and Insights Report - Spring 2024
The CMO Survey - Highlights and Insights Report - Spring 2024The CMO Survey - Highlights and Insights Report - Spring 2024
The CMO Survey - Highlights and Insights Report - Spring 2024christinemoorman
 
8447779800, Low rate Call girls in Rohini Delhi NCR
8447779800, Low rate Call girls in Rohini Delhi NCR8447779800, Low rate Call girls in Rohini Delhi NCR
8447779800, Low rate Call girls in Rohini Delhi NCRashishs7044
 
Kenya’s Coconut Value Chain by Gatsby Africa
Kenya’s Coconut Value Chain by Gatsby AfricaKenya’s Coconut Value Chain by Gatsby Africa
Kenya’s Coconut Value Chain by Gatsby Africaictsugar
 
Marketing Management Business Plan_My Sweet Creations
Marketing Management Business Plan_My Sweet CreationsMarketing Management Business Plan_My Sweet Creations
Marketing Management Business Plan_My Sweet Creationsnakalysalcedo61
 
Future Of Sample Report 2024 | Redacted Version
Future Of Sample Report 2024 | Redacted VersionFuture Of Sample Report 2024 | Redacted Version
Future Of Sample Report 2024 | Redacted VersionMintel Group
 
Lean: From Theory to Practice — One City’s (and Library’s) Lean Story… Abridged
Lean: From Theory to Practice — One City’s (and Library’s) Lean Story… AbridgedLean: From Theory to Practice — One City’s (and Library’s) Lean Story… Abridged
Lean: From Theory to Practice — One City’s (and Library’s) Lean Story… AbridgedKaiNexus
 
Sales & Marketing Alignment: How to Synergize for Success
Sales & Marketing Alignment: How to Synergize for SuccessSales & Marketing Alignment: How to Synergize for Success
Sales & Marketing Alignment: How to Synergize for SuccessAggregage
 
Youth Involvement in an Innovative Coconut Value Chain by Mwalimu Menza
Youth Involvement in an Innovative Coconut Value Chain by Mwalimu MenzaYouth Involvement in an Innovative Coconut Value Chain by Mwalimu Menza
Youth Involvement in an Innovative Coconut Value Chain by Mwalimu Menzaictsugar
 
Annual General Meeting Presentation Slides
Annual General Meeting Presentation SlidesAnnual General Meeting Presentation Slides
Annual General Meeting Presentation SlidesKeppelCorporation
 
Pitch Deck Teardown: NOQX's $200k Pre-seed deck
Pitch Deck Teardown: NOQX's $200k Pre-seed deckPitch Deck Teardown: NOQX's $200k Pre-seed deck
Pitch Deck Teardown: NOQX's $200k Pre-seed deckHajeJanKamps
 
Vip Female Escorts Noida 9711199171 Greater Noida Escorts Service
Vip Female Escorts Noida 9711199171 Greater Noida Escorts ServiceVip Female Escorts Noida 9711199171 Greater Noida Escorts Service
Vip Female Escorts Noida 9711199171 Greater Noida Escorts Serviceankitnayak356677
 

Recently uploaded (20)

Call Girls In Connaught Place Delhi ❤️88604**77959_Russian 100% Genuine Escor...
Call Girls In Connaught Place Delhi ❤️88604**77959_Russian 100% Genuine Escor...Call Girls In Connaught Place Delhi ❤️88604**77959_Russian 100% Genuine Escor...
Call Girls In Connaught Place Delhi ❤️88604**77959_Russian 100% Genuine Escor...
 
Market Sizes Sample Report - 2024 Edition
Market Sizes Sample Report - 2024 EditionMarket Sizes Sample Report - 2024 Edition
Market Sizes Sample Report - 2024 Edition
 
Progress Report - Oracle Database Analyst Summit
Progress Report - Oracle Database Analyst SummitProgress Report - Oracle Database Analyst Summit
Progress Report - Oracle Database Analyst Summit
 
Flow Your Strategy at Flight Levels Day 2024
Flow Your Strategy at Flight Levels Day 2024Flow Your Strategy at Flight Levels Day 2024
Flow Your Strategy at Flight Levels Day 2024
 
Tech Startup Growth Hacking 101 - Basics on Growth Marketing
Tech Startup Growth Hacking 101 - Basics on Growth MarketingTech Startup Growth Hacking 101 - Basics on Growth Marketing
Tech Startup Growth Hacking 101 - Basics on Growth Marketing
 
BEST Call Girls In Old Faridabad ✨ 9773824855 ✨ Escorts Service In Delhi Ncr,
BEST Call Girls In Old Faridabad ✨ 9773824855 ✨ Escorts Service In Delhi Ncr,BEST Call Girls In Old Faridabad ✨ 9773824855 ✨ Escorts Service In Delhi Ncr,
BEST Call Girls In Old Faridabad ✨ 9773824855 ✨ Escorts Service In Delhi Ncr,
 
8447779800, Low rate Call girls in Kotla Mubarakpur Delhi NCR
8447779800, Low rate Call girls in Kotla Mubarakpur Delhi NCR8447779800, Low rate Call girls in Kotla Mubarakpur Delhi NCR
8447779800, Low rate Call girls in Kotla Mubarakpur Delhi NCR
 
Call Girls In Sikandarpur Gurgaon ❤️8860477959_Russian 100% Genuine Escorts I...
Call Girls In Sikandarpur Gurgaon ❤️8860477959_Russian 100% Genuine Escorts I...Call Girls In Sikandarpur Gurgaon ❤️8860477959_Russian 100% Genuine Escorts I...
Call Girls In Sikandarpur Gurgaon ❤️8860477959_Russian 100% Genuine Escorts I...
 
Keppel Ltd. 1Q 2024 Business Update Presentation Slides
Keppel Ltd. 1Q 2024 Business Update Presentation SlidesKeppel Ltd. 1Q 2024 Business Update Presentation Slides
Keppel Ltd. 1Q 2024 Business Update Presentation Slides
 
The CMO Survey - Highlights and Insights Report - Spring 2024
The CMO Survey - Highlights and Insights Report - Spring 2024The CMO Survey - Highlights and Insights Report - Spring 2024
The CMO Survey - Highlights and Insights Report - Spring 2024
 
8447779800, Low rate Call girls in Rohini Delhi NCR
8447779800, Low rate Call girls in Rohini Delhi NCR8447779800, Low rate Call girls in Rohini Delhi NCR
8447779800, Low rate Call girls in Rohini Delhi NCR
 
Kenya’s Coconut Value Chain by Gatsby Africa
Kenya’s Coconut Value Chain by Gatsby AfricaKenya’s Coconut Value Chain by Gatsby Africa
Kenya’s Coconut Value Chain by Gatsby Africa
 
Marketing Management Business Plan_My Sweet Creations
Marketing Management Business Plan_My Sweet CreationsMarketing Management Business Plan_My Sweet Creations
Marketing Management Business Plan_My Sweet Creations
 
Future Of Sample Report 2024 | Redacted Version
Future Of Sample Report 2024 | Redacted VersionFuture Of Sample Report 2024 | Redacted Version
Future Of Sample Report 2024 | Redacted Version
 
Lean: From Theory to Practice — One City’s (and Library’s) Lean Story… Abridged
Lean: From Theory to Practice — One City’s (and Library’s) Lean Story… AbridgedLean: From Theory to Practice — One City’s (and Library’s) Lean Story… Abridged
Lean: From Theory to Practice — One City’s (and Library’s) Lean Story… Abridged
 
Sales & Marketing Alignment: How to Synergize for Success
Sales & Marketing Alignment: How to Synergize for SuccessSales & Marketing Alignment: How to Synergize for Success
Sales & Marketing Alignment: How to Synergize for Success
 
Youth Involvement in an Innovative Coconut Value Chain by Mwalimu Menza
Youth Involvement in an Innovative Coconut Value Chain by Mwalimu MenzaYouth Involvement in an Innovative Coconut Value Chain by Mwalimu Menza
Youth Involvement in an Innovative Coconut Value Chain by Mwalimu Menza
 
Annual General Meeting Presentation Slides
Annual General Meeting Presentation SlidesAnnual General Meeting Presentation Slides
Annual General Meeting Presentation Slides
 
Pitch Deck Teardown: NOQX's $200k Pre-seed deck
Pitch Deck Teardown: NOQX's $200k Pre-seed deckPitch Deck Teardown: NOQX's $200k Pre-seed deck
Pitch Deck Teardown: NOQX's $200k Pre-seed deck
 
Vip Female Escorts Noida 9711199171 Greater Noida Escorts Service
Vip Female Escorts Noida 9711199171 Greater Noida Escorts ServiceVip Female Escorts Noida 9711199171 Greater Noida Escorts Service
Vip Female Escorts Noida 9711199171 Greater Noida Escorts Service
 

Evaluation of process level control deficiencies 5 20-2016

  • 1. Systematic Approach to the Evaluation of Process-Level Control Deficiencies Les A. Chaney, CPA, CIA, CGMA ICFR Global Consulting, LLC Mobile: (919) 427-2265 Lchaney@icfr-consulting.com Revised May 20. 2016
  • 2. 2 Systematic Approach for Evaluating “Process-Level” Control Deficiencies, utilizing: – PCAOB Audit Standard # 5 (approved May 24, 2007, amended June 12, 2007) – Superseded PCAOB Audit Standard # 2 (March 2004) – “A Framework for Evaluating Control Exceptions and Deficiencies” (Dec 2004) 2
  • 3. 33 The PLC Deficiency Evaluation Process •Local Materiality Threshold •Local Upper Limit of Significant Deficiency •Estimation of Gross Exposure (Potential Magnitude) •Evaluation of Design Deficiencies •Evaluation of Operating Effectiveness Deficiencies
  • 4. 44 Local Materiality Threshold •To begin the PLC deficiency evaluation process, Executive Management must determine the basis of the Local Materiality Threshold. •Materiality Threshold is defined as the amount which must be exceeded for a deficiency to be deemed to have a “material” impact on the financial statements. •Some companies use a percentage of budgeted gross sales or a percentage of net income. –In our example, current year annual budgeted gross sales of $1.25B and a percentage of 1/2% is used to calculate the Local Materiality Threshold of $6.25M.
  • 5. 55 Local “Significant Deficiency Threshold” • The “local significant deficiency threshold” is defined as the amount by which a deficiency must exceed to be considered a Significant Deficiency. • In conjunction with the Materiality Threshold, Executive Management must determine the “Local Upper Limit of Significant Deficiency” by estimating a percentage to be applied to the Local Materiality Threshold. In our example, Executive Management has determined that 20% of the rounded Local Materiality Threshold of $6.25M is deemed to be the Local Significant Deficiency Threshold, which calculates to be $1.25M.
  • 6. 66 Authoritative Guidance •Public Company Accounting Oversight Board (PCAOB) Audit Standard (AS) # 2 (superseded by PCAOB AS # 5) –Paragraph 9: A significant deficiency is a control deficiency, or combination of control deficiencies, that adversely affects the company’s ability to initiate, authorize, record, process, or report external financial date…such that there is more than remote likelihood that a misstatement of the company’s…financial statements that is more than inconsequential will not be prevented or detected. •PCAOB AS #5, does not use the terms “inconsequential” or “more than inconsequential” to gauge magnitude.
  • 7. 77 Estimation of Gross Exposure •Step one in the deficiency evaluation process for each PLC Design and Operation deficiency is to estimate the Gross Exposure (Potential Magnitude). •The Gross Exposure is the worst-case estimate of the magnitude of amounts or transactions exposed to the deficiency with regard to interim or annual financial statements.
  • 8. 88 Estimation of Gross Exposure (continued) •Practical approach:  Determine the general ledger (GL) accounts impacted by the deficiency  Describe the transactions impacted by the deficiency  Determine the GL balances, or other estimated Gross Amount that could be impacted (e.g. in some cases, the amount of the Local Materiality Threshold may be conservatively used if a particular GL account balance or transaction amount can not be determined)  Estimate the percent of the GL balance or transaction total impacted by the deficiency (e.g. in some cases, 100% is the most conservative, if a % can not be readily estimated). Finally, the Gross Exposure is calculated as the original amount multiplied times the estimated percentage. This amount is then used to begin the evaluation of the Design or Operating Effectiveness deficiency.
  • 9. 99 Authoritative Guidance •PCAOB AS # 2, paragraph 135, and PCAOB AS # 5, paragraph 66: Several factors affect the magnitude of the misstatement that could result from a deficiency or deficiencies in controls. The factors include, but are not limited to, the following: o The financial statement amounts or total of transactions exposed to the deficiency. o The volume of activity in the account balance or class of transactions exposed to the deficiency that has occurred in the current period or that is expected in future periods.
  • 10. 10
  • 11. 1111 Evaluation of Design Deficiencies •Per PCAOB AS # 2, paragraph 8: A deficiency in design exists when (a) a control necessary to meet the control objective is missing, or (b) an existing control is not properly designed so that, even if the control operates as designed, the control objective is not always met.
  • 12. 12
  • 13. 1313 Evaluation of Operating Effectiveness Deficiencies • Per PCAOB AS # 2, paragraph 8: A deficiency in operation exists when a properly designed control does not operate as designed or when the person performing the control does not possess the necessary authority or qualifications to perform the control effectively. • The steps to evaluate Operation deficiencies are the same as the steps to evaluate Design deficiencies, except immediately after step 2, three additional steps are performed: 1. Determine the “Upper Limit Deviation Rate” 2. If the Upper Limit Deviation Rate is < 20%, then calculate the “Adjusted Gross Exposure” = the Gross Exposure. 3. Is the “Adjusted Gross Exposure” > or = Local Upper Limit? If no, then the deficiency is evaluated as “inconsequential”.
  • 14. 14
  • 16. 16 Deficiency Evaluation “Estimation of Gross Exposure” (Automated Spreadsheet)
  • 17. 17 Deficiency Evaluation “Estimation of ‘Adjusted’ Gross Exposure” (Automated Spreadsheet)
  • 18. 18 Deficiency Evaluation - “TOD & TOE” (Automated Spreadsheet)
  • 19. 19 Deficiency Evaluation – Decision Input from Corp Mgt (Automated Spreadsheet)
  • 20. 2020 Authoritative Guidance •PCAOB AS # 2, paragraph 133, and PCAOB AS # 5, paragraph 65: Several factors affect the likelihood that a deficiency…could result in a misstatement. The factors include, but are not limited to: o The nature of the financial statement accounts, disclosures, and assertions involved o The susceptibility of the related assets or liability to loss or fraud o The subjectivity, complexity, or extent of judgment required to determine the amount involved o The cause and frequency of known or detected exceptions for the operating effectiveness of a control o The interaction or relationship of the control with other controls o The interaction of the deficiencies o The possible future consequences of the deficiency
  • 21. 2121 Authoritative Guidance •“A Framework for Evaluating Control Exceptions and Deficiencies” was published December 20, 2004. The framework was developed by representatives of the following nine firms: BDO Seidman LLP, Crowe Chizek and Company LLC, Deloitte & Touche LLP, Ernst & Young LLP, Grant Thornton LLP, Harbinger PLC, KPMB LLP, McGladrey & Pullen LLP, and PricewaterhouseCoopers LLP.
  • 22. 2222 Authoritative Guidance •PCAOB Audit Standard No. 2 – March 9, 2004: “An audit of internal control over financial reporting performed in conjunction with an audit of financial statements” Paragraph 130. “Evaluating Deficiencies in Internal Control Over Financial Reporting. Paragraph 131. The auditor should evaluate the significance of a deficiency …by determining the following: o The likelihood that a deficiency, or a combination…could result in a misstatement… o The magnitude of the potential misstatement… Paragraph 133. Several factors affect the likelihood that a deficiency or combination…could result in a misstatement… Paragraph 135. Several factors affect the magnitude…
  • 23. 2323 Authoritative Guidance •PCAOB Audit Standard No. 5 – June 12, 2007: “An audit of internal control over financial reporting that is integrated with an audit of financial statements” Paragraph 62. The auditor must evaluate the severity of each control deficiency... Paragraph 63. The severity of a deficiency depends on: o Whether there is a reasonable possibility that the company’s controls will fail to prevent or detect a misstatement… o The magnitude of the potential misstatement resulting from the deficiency or deficiencies Paragraph 65. Risk factors affect whether there is a reasonable possibility… [The factors are the same as AS #2, paragraph 133 factors affecting likelihood. ] Paragraph 66. Factors affect the magnitude… [Same as AS #2, paragraph 135 factors affecting magnitude] Paragraph 68. The auditor should evaluate the effect of compensating controls when determining whether a deficiency is a material weakness.
  • 24. 2424 Questions or Request for Automated Spreadsheet? Les A. Chaney, CPA, CIA, CGMA, CRMA ICFR Global Consulting, LLC Cary, NC Mobile: (919) 427-2265 Lchaney@icfr-consulting.com www.icfr-consulting.com