PCAOB Alert #11: Excel Tango
•Download as PPTX, PDF•
1 like•4,154 views
The document discusses key information from a presentation about PCAOB Audit Alert #11 and testing of information prepared by entities (IPEs), such as key reports and spreadsheets. It provides an overview of IPE definitions, common audit failures, PCAOB guidance on IPE and IT-dependent controls testing. Examples of IPEs like accounts receivable agings and allowance analyses are shown, along with best practices for documentation. Upcoming issues like new revenue recognition standards are also mentioned. Presenters Sonia Luna and Gabe Zubizarreta provided the information and encouraged questions.
Recommended
More Related Content
What's hot
What's hot (20)
Similar to PCAOB Alert #11: Excel Tango
Similar to PCAOB Alert #11: Excel Tango (20)
More from Aviva Spectrum™
More from Aviva Spectrum™ (12)
Recently uploaded
Recently uploaded (20)
PCAOB Alert #11: Excel Tango
- 1. IPE: Key Report Testing Understanding PCAOB Audit Alert #11 Compliance Made Simple October 16, 2014 Presented by: Sonia Luna & Gabe Zubizarreta
- 2. About the Speakers Sonia Luna & Gabe Zubizarreta Compliance Made Simple ™ 2
- 3. Agenda • PCAOB –Alert#11 – Common Audit Failures – Key Report Testing • IPE (aka spreadsheet controls) – What is in-scope IPE? – Key reports: Definitions • Controls over IPE – ITGC vs. user performed • Part II Inspection Reports – Lessons Learned • IPE Case studies • FEI 2014 Study – IPE’s impact • Resources – COSO Implementation LinkedIN Group – CCA & Class • Questions? Compliance Made Simple ™ 3
- 4. New PCAOB Alerts! Compliance Made Simple ™ PCAOB Alert #11: Excel Tango 4
- 5. New PCAOB Auditing BAR! • Caused audit procedure layering • More in-depth written description of estimates and use of judgment, especially review controls • Detailed documentation and testing of system reports utilized in performance of controls. Compliance Made Simple ™ PCAOB Alert #11: Excel Tango 5
- 6. Common Audit Failures Compliance Made Simple ™ 6
- 7. Information Prepared by Entity “IPEs” What is it & What are we talking about? • Big 4 Lingo EY = EAE “Electronic Audit Evidence or Key Reports Deloitte = IPE (Information Prepared by Entity) Other firms “Mgmt reports” • Management Team definitions in the field: – Key reports – Key system reports Compliance Made Simple ™ 7
- 8. Auditor’s Requirement & Definitions of IPEs Compliance Made Simple ™ 8
- 9. PCAOB on IT Dependent Controls and IPEs (pg.# 27) Compliance Made Simple ™ 9
- 10. PCAOB’s CASE Study (pg 24) Compliance Made Simple ™ 10
- 11. What to do with IPE testing? Remember it’s BOTH: Prior $ Data and FORECASTED DATA! Compliance Made Simple ™ 11
- 12. PCAOB – Suggestions on ITGC & IPE Compliance Made Simple ™ 12
- 13. Level of Precision and IPEs • Understanding how Mgmt Thinks • Auditors used to focus on just tying out numbers • Document when, how and what was used to create Mgmt’s conclusion • IPEs are used to help in that process and must be TESTED! Compliance Made Simple ™ 13
- 14. Part II Inspection Reports- Lessons Learned When External auditors turn bad? Compliance Made Simple ™ 14
- 15. External Audit Firm: Closing The Books (Findings) Compliance Made Simple ™ PCAOB Alert #11: Excel Tango 15
- 16. Closing The Books [Contd.] Source: PCAOB Audit Alert #11 (Oct. 2013) Compliance Made Simple ™ PCAOB Alert #11: Excel Tango 16
- 17. Good isn’t good enough good v. NEW PCAOB control Language Older Language (“OK”) Quarterly, Controller reviews the AR allowance for adequacy and reasonableness of reserve amounts by initialing and dating the “AR reserve” analysis. Compliance Made Simple ™ PCAOB Alert #11: Excel Tango 17
- 18. NEW PCAOB control Language “new standards for control language” Older Language (“OK”) Quarterly, Controller reviews the AR allowance for adequacy and reasonableness of reserve amounts by initialing and dating the “AR reserve” analysis. Updated Control (“Better”) Quarterly, Controller reviews AR balances of significant customers with o/s balances greater than $10K and 5% of AR balance and those under that threshold by customer type (e.g. geographical location, types of orders, etc.), to review the AR allowance for accuracy and completeness. Adjustments, if needed, are sent via email to the AR manager, final review of the AR reserve analysis is initialed and dated by the Controller which agrees to the final g/l balance for the period. Compliance Made Simple ™ PCAOB Alert #11: Excel Tango 18
- 19. Documentation in Excel • Notate use of a threshold for review – What is sufficient? • What other considerations are key? • How to document Management’s review? • Every reviewer is different – Depth of review Manager vs. Controller Compliance Made Simple ™ PCAOB Alert #11: Excel Tango 19
- 20. Accounts Receivable Aging Last Payment Current Past Due CUSTOMER Date Amount 0-30 31-60 61-90 91-119 120-150 150+ Total Due Loyal Customer December 1, 2013 $10,000 $214,000 $245,000 $288,000 $747,000 New Customer - Russia September 1, 2013 $53,000 $101,000 $130,000 $0 $445,000 $676,000 Trying Things Out Customer January 12, 2014 $76,000 $95,000 $279,000 $131,000 $505,000 Not so new Customer February 1, 2014 $46,000 $284,000 $116,000 $400,000 TOTALS $379,000 $594,000 $491,000 $131,000 $288,000 $445,000 $2,328,000 Allowance Analysis New Customer - Russia $0 $101,000 $130,000 $0 $0 $445,000 $676,000 Trying Things Out Customer $126,250 Grand Total of Allowance to A/R $802,250 Current G/L Balance $500,000 Adjusting Journal Entry (Inc)/Dec ($302,250) /s/ Susie Smith 4/5/2014 Prepared by: Date /s/ Arnold Jones 4/15/2014 Prepared by: Date Monday, March 31, 2014 Review Signatures “Old School Auditing”
- 21. Accounts Receivable Aging Last Payment Current Past Due CUSTOMER Date Amount 0-30 31-60 61-90 91-119 120-150 150+ Total Due Loyal Customer December 1, 2013 $10,000 $0 $214,000 $245,000 $288,000 $747,000 New Customer - Russia September 1, 2013 $53,000 $0 $101,000 $130,000 $0 $0 $445,000 $676,000 Trying Things Out Customer January 12, 2014 $76,000 $95,000 $279,000 $0 $131,000 $0 $0 $505,000 Not so new Customer February 1, 2014 $46,000 $284,000 $0 $116,000 $0 $0 $0 $400,000 TOTALS $379,000 $594,000 $491,000 $131,000 $288,000 $445,000 $2,328,000 Allowance Analysis New Customer - Russia $0 $101,000 $130,000 $0 $0 $445,000 $676,000 Trying Things Out Customer $126,250 Grand Total of Allowance to A/R $802,250 Current G/L Balance $500,000 Adjusting Journal Entry (Inc)/Dec ($302,250) /s/ Susie Smith 4/5/2014 Prepared by: Date /s/ Arnold Jones 4/15/2014 Prepared by: Date Monday, March 31, 2014 RussiaAllowance supporting documents: 1) AR Client detail report (a) 2) Client Invoice Analysis report by product type (a) 3) Payment history - client detail report (a) 4) Email communication w/Dir. of Rev 5) Email communication w/Dir. of Sales 6) Confirmation email of AJE by COO and CEO (specifying Russia) (a) - Part of Management Key report testing (page # 27 of PCAOB audit alert #11)
- 22. Excel Risk Assessments Key Steps: Step 1: Inventory your spreadsheets Step 2: In-scope worksheets, rate them (see below) Compliance Made Simple ™ 22
- 23. Evaluate & Testing Strategies (High/Mod/Low) Compliance Made Simple ™ 23
- 24. Testing Sample – lead sheet Compliance Made Simple ™ 24
- 25. Excel is a Powerful Tool Compliance Made Simple ™ 25
- 26. Significant Issues on the Horizon • SEC action on Audit Standard #18- Related Parties – Effective for Dec 31st 2015 audits • Revenue Recognition Standard – Contracts with Customers Compliance Made Simple ™ 26
- 27. COSO Implementation Group Join Our LinkedIn Group COSO Framework Discussion & Webinars Technical Community sharing Ideas ,Templates, WEBINARS, Advise and Learn from others implementing new framework. JOIN Today! http://www.linkedin.com/groups/2013-COSO-Implementation- 4888186/about Compliance Made Simple ™ 27
- 28. Send Questions Sonia Luna- President, CEO Aviva Spectrum www.linkedin.com/in/sonialuna www.slideshare.net/soxppt www.avivaspectrum.com/podcast s Compliance Made Simple ™ 28
- 29. Connect with Gabe Gabe Zubizarreta - CEO, Financial Effectiveness & Transformation Team Leader Silicon Valley Accountants www.linkedin.com/in/gabez Gabez@svacpa.com www.svacpa.com Compliance Made Simple ™ 29
Editor's Notes
- FEI 2014 Audit Fee Survey On the Horizon
- Sonia (lead): the source of why Audit Practice Alert #11 came to be, was a Dec. 2012 report that the PCAOB issued. This report represented a conclusion of internal control audit failures by the top 8 audit firms. The report disclosed some serious concerns about how and when auditors actually tested internal controls and the depth of how they were being tested. Thus, this audit alert #11 came out by the PCAOB to rectify the situation and finally put in black and white what the PCAOB expects from your external auditors when they audit internal controls.
- Sonia (lead): the source of why Audit Practice Alert #11 came to be, was a Dec. 2012 report that the PCAOB issued. This report represented a conclusion of internal control audit failures by the top 8 audit firms. The report disclosed some serious concerns about how and when auditors actually tested internal controls and the depth of how they were being tested. Thus, this audit alert #11 came out by the PCAOB to rectify the situation and finally put in black and white what the PCAOB expects from your external auditors when they audit internal controls.
- Information Prepared by Entity IPEs What is it and How does it affect Internal controls over Financial Reporting Controls around IPE Talking about the Non-Built in controls. The user affected controls.
- Use of spreadsheet, affect on numbers If data source is pure- no testing Partially pure- test over the unpure portion
- Sonia (LEAD): This is a Part II repot on a big 4 audit firm. This was a failure on how the auditors tested the controls over journal entries. We know that there have been some audit failures that lead to restatement. What does that mean? Everyone failed – company’s & auditor’s processes failed (company didn’t document or assess well and underline isn’t correct). Increase the points of failure. We’re going to discuss in-depth what this “level of precision” really means to Public companies and even their internal audit folks!
- Sonia (LEAD) Here’s the same firm, however this audit of internal control failure came from period-end close controls. I’m calling your attention to the “limited to observing signatures” sentence. Remember the good old days of just looking at those signatures or for those of you that really lucked out by just auditing initials and dates! This one is for you! This is saying that the signature is no longer just enough. There’s more that we need to document.
- Sonia (LEAD)
- Sonia (Lead): now I’m putting things together where we’re sharing visually before and after. What SOX 404 for management and the external auditors WAS and NOW what it WILL BE! For those of you not audited by the top 8 auditing firms, I feel sorry for you as the internal control audit wrath is coming and it’s coming soon!
- Sonia (LEAD) Gabe (COMMENTATOR): please offer what you’ve seen in your clients where one thought someone was reviewing something and found out it was never really being reviewed/monitored. A good story would be best for folks to remember.
- Sonia (L): now we have the “after” workpaper from this client that decided to update its AR allowance to include more information about judgment in this reserve. Here they provided in the excel file, in a text box, the key reports they used (which it looks like three key reports were used for Russia’s allowance only, including the AR client detail report, Client invoice by product type and others. What’s missing is more information about this other customer called “Trying things Out Customer”, remember we put a blanket 25% allowance. So we know there’s a story there again, some email will be used to validate the judgment here, however we have all been there when either the Director of Sales or even COOs find out that Mr or Mrs. Trying things out aren’t so happy and I’m sure there are more key system generated reports used to conclude on this 25% reserve. So guess what….More testing on the completeness and accuracy of those reports. Caroline takes presenter rights
- Sonia (LEAD) now most of you are using excel in some form or fashion to assist the Company in closing its books! My suggestion is to inventory your most important and critical spreadsheets. Why? Both you and your external auditors need to test them for accuracy, completeness and logical security of course! Now there is some guidance out there on how to RISK Rank your excel spreadsheets and our firm actually created this proprietary template to risk rank only those important spreadsheets you use for SOX 404 purposes which is closing your books. The very first step is inventory what you have. Second step is to rate them based upon the ITGI guidance. We’ve summarized what they want here which is: A) Determining the excel files “purpose” in short, is the file used for analytical review only, financial reporting, or posting to the G/L, each of those has its own rating, then you’ll need to look at the “VALUE” offered by the spreadsheet, such as a) how the dollar thresholds you’re reaching in that spreadsheet impact your materiality for SOX 404 testing. Rohn (COMMENT): please comment on how your clients HAVE NOT inventoried what they have and what was some of the horror stories you can share when they don’t even know what they have!
- Sonia (LEAD): Now let’s move on to the next step which is how likely this spreadsheet will have an impact to your Financial statements.
- Sonia (LEAD): now you’ll have to validate each spreadsheet which is just laymen's terms of saying testing it!
- http://www.forbes.com/sites/timworstall/2013/02/13/microsofts-excel-might-be-the-most-dangerous-software-on-the-planet/
- Sonia (LEAD): For those of you who haven’t joined COSO Implementation group in LinkedIn, please do so today, as both the template and other offerings such as technical videos will NOT be shared with you unless you are a COSO Implementation member. Here is a hyper link and please join today again to get those announcements when the templates are up and running on our website.