The document discusses key information from a presentation about PCAOB Audit Alert #11 and testing of information prepared by entities (IPEs), such as key reports and spreadsheets. It provides an overview of IPE definitions, common audit failures, PCAOB guidance on IPE and IT-dependent controls testing. Examples of IPEs like accounts receivable agings and allowance analyses are shown, along with best practices for documentation. Upcoming issues like new revenue recognition standards are also mentioned. Presenters Sonia Luna and Gabe Zubizarreta provided the information and encouraged questions.
Cash Payment 9602870969 Escort Service in Udaipur Call Girls
PCAOB Alert #11: Excel Tango
1. IPE: Key Report Testing
Understanding PCAOB Audit Alert #11
Compliance Made Simple
October 16, 2014
Presented by:
Sonia Luna &
Gabe Zubizarreta
2. About the Speakers
Sonia Luna &
Gabe Zubizarreta
Compliance Made Simple ™ 2
3. Agenda
• PCAOB –Alert#11
– Common Audit Failures
– Key Report Testing
• IPE (aka spreadsheet
controls) – What is in-scope
IPE?
– Key reports: Definitions
• Controls over IPE
– ITGC vs. user performed
• Part II Inspection Reports
– Lessons Learned
• IPE Case studies
• FEI 2014 Study
– IPE’s impact
• Resources
– COSO Implementation
LinkedIN Group
– CCA & Class
• Questions?
Compliance Made Simple ™ 3
4. New PCAOB Alerts!
Compliance Made Simple ™ PCAOB Alert #11: Excel Tango
4
5. New PCAOB Auditing BAR!
• Caused audit procedure
layering
• More in-depth written
description of estimates and
use of judgment, especially
review controls
• Detailed documentation and
testing of system reports utilized
in performance of controls.
Compliance Made Simple ™ PCAOB Alert #11: Excel Tango
5
7. Information Prepared by Entity “IPEs”
What is it & What are we talking about?
• Big 4 Lingo
EY = EAE “Electronic
Audit Evidence or Key
Reports
Deloitte = IPE
(Information Prepared
by Entity)
Other firms “Mgmt
reports”
• Management Team
definitions in the
field:
– Key reports
– Key system reports
Compliance Made Simple ™ 7
13. Level of Precision and IPEs
• Understanding how Mgmt Thinks
• Auditors used to focus on just tying out numbers
• Document when, how and what was used to create
Mgmt’s conclusion
• IPEs are used to help in that process and must be
TESTED!
Compliance Made Simple ™ 13
14. Part II Inspection Reports-
Lessons Learned
When External auditors turn bad?
Compliance Made Simple ™ 14
15. External Audit Firm: Closing The Books
(Findings)
Compliance Made Simple ™ PCAOB Alert #11: Excel Tango
15
17. Good isn’t good enough
good v. NEW PCAOB control Language
Older Language (“OK”)
Quarterly, Controller reviews the AR
allowance for adequacy and
reasonableness of reserve amounts by
initialing and dating the “AR reserve”
analysis.
Compliance Made Simple ™ PCAOB Alert #11: Excel Tango
17
18. NEW PCAOB control Language
“new standards for control language”
Older Language
(“OK”)
Quarterly,
Controller reviews
the AR allowance
for adequacy
and
reasonableness of
reserve amounts
by initialing and
dating the “AR
reserve” analysis.
Updated Control (“Better”)
Quarterly, Controller reviews AR
balances of significant customers with
o/s balances greater than $10K and
5% of AR balance and those under
that threshold by customer type (e.g.
geographical location, types of orders,
etc.), to review the AR allowance for
accuracy and completeness.
Adjustments, if needed, are sent via
email to the AR manager, final review
of the AR reserve analysis is initialed
and dated by the Controller which
agrees to the final g/l balance for the
period.
Compliance Made Simple ™ PCAOB Alert #11: Excel Tango
18
19. Documentation in Excel
• Notate use of a threshold for review
– What is sufficient?
• What other considerations are key?
• How to document Management’s review?
• Every reviewer is different
– Depth of review Manager vs. Controller
Compliance Made Simple ™ PCAOB Alert #11: Excel Tango
19
20. Accounts Receivable Aging
Last Payment Current Past Due
CUSTOMER Date Amount 0-30 31-60 61-90 91-119 120-150 150+ Total Due
Loyal Customer December 1, 2013 $10,000 $214,000 $245,000 $288,000 $747,000
New Customer - Russia September 1, 2013 $53,000 $101,000 $130,000 $0 $445,000 $676,000
Trying Things Out Customer January 12, 2014 $76,000 $95,000 $279,000 $131,000 $505,000
Not so new Customer February 1, 2014 $46,000 $284,000 $116,000 $400,000
TOTALS $379,000 $594,000 $491,000 $131,000 $288,000 $445,000 $2,328,000
Allowance Analysis
New Customer - Russia $0 $101,000 $130,000 $0 $0 $445,000 $676,000
Trying Things Out Customer $126,250
Grand Total of Allowance to A/R $802,250
Current G/L Balance $500,000
Adjusting Journal Entry (Inc)/Dec ($302,250)
/s/ Susie Smith 4/5/2014
Prepared by: Date
/s/ Arnold Jones 4/15/2014
Prepared by: Date
Monday, March 31, 2014
Review Signatures
“Old School Auditing”
21. Accounts Receivable Aging
Last Payment Current Past Due
CUSTOMER Date Amount 0-30 31-60 61-90 91-119 120-150 150+ Total Due
Loyal Customer December 1, 2013 $10,000 $0 $214,000 $245,000 $288,000 $747,000
New Customer - Russia September 1, 2013 $53,000 $0 $101,000 $130,000 $0 $0 $445,000 $676,000
Trying Things Out Customer January 12, 2014 $76,000 $95,000 $279,000 $0 $131,000 $0 $0 $505,000
Not so new Customer February 1, 2014 $46,000 $284,000 $0 $116,000 $0 $0 $0 $400,000
TOTALS $379,000 $594,000 $491,000 $131,000 $288,000 $445,000 $2,328,000
Allowance Analysis
New Customer - Russia $0 $101,000 $130,000 $0 $0 $445,000 $676,000
Trying Things Out Customer $126,250
Grand Total of Allowance to A/R $802,250
Current G/L Balance $500,000
Adjusting Journal Entry (Inc)/Dec ($302,250)
/s/ Susie Smith 4/5/2014
Prepared by: Date
/s/ Arnold Jones 4/15/2014
Prepared by: Date
Monday, March 31, 2014
RussiaAllowance supporting documents:
1) AR Client detail report (a)
2) Client Invoice Analysis report by product type (a)
3) Payment history - client detail report (a)
4) Email communication w/Dir. of Rev
5) Email communication w/Dir. of Sales
6) Confirmation email of AJE by COO and CEO (specifying Russia)
(a) - Part of Management Key report testing (page # 27 of PCAOB audit alert
#11)
22. Excel Risk Assessments
Key Steps:
Step 1: Inventory your spreadsheets
Step 2: In-scope worksheets, rate them (see below)
Compliance Made Simple ™ 22
25. Excel is a Powerful Tool
Compliance Made Simple ™ 25
26. Significant Issues on the Horizon
• SEC action on Audit Standard #18- Related
Parties
– Effective for Dec 31st 2015 audits
• Revenue Recognition Standard
– Contracts with Customers
Compliance Made Simple ™ 26
27. COSO Implementation Group
Join Our LinkedIn Group
COSO Framework Discussion & Webinars
Technical Community sharing Ideas ,Templates,
WEBINARS, Advise and Learn from others implementing
new framework.
JOIN Today!
http://www.linkedin.com/groups/2013-COSO-Implementation-
4888186/about
Compliance Made Simple ™ 27
28. Send Questions
Sonia Luna- President, CEO
Aviva Spectrum
www.linkedin.com/in/sonialuna
www.slideshare.net/soxppt
www.avivaspectrum.com/podcast
s
Compliance Made Simple ™ 28
29. Connect with Gabe
Gabe Zubizarreta - CEO, Financial
Effectiveness & Transformation Team
Leader
Silicon Valley Accountants
www.linkedin.com/in/gabez
Gabez@svacpa.com
www.svacpa.com
Compliance Made Simple ™ 29
Editor's Notes
FEI 2014 Audit Fee Survey
On the Horizon
Sonia (lead): the source of why Audit Practice Alert #11 came to be, was a Dec. 2012 report that the PCAOB issued. This report represented a conclusion of internal control audit failures by the top 8 audit firms. The report disclosed some serious concerns about how and when auditors actually tested internal controls and the depth of how they were being tested. Thus, this audit alert #11 came out by the PCAOB to rectify the situation and finally put in black and white what the PCAOB expects from your external auditors when they audit internal controls.
Sonia (lead): the source of why Audit Practice Alert #11 came to be, was a Dec. 2012 report that the PCAOB issued. This report represented a conclusion of internal control audit failures by the top 8 audit firms. The report disclosed some serious concerns about how and when auditors actually tested internal controls and the depth of how they were being tested. Thus, this audit alert #11 came out by the PCAOB to rectify the situation and finally put in black and white what the PCAOB expects from your external auditors when they audit internal controls.
Information Prepared by EntityIPEs What is it and How does it affect Internal controls over Financial Reporting
Controls around IPE
Talking about the Non-Built in controls. The user affected controls.
Use of spreadsheet, affect on numbers
If data source is pure- no testing
Partially pure- test over the unpure portion
Sonia (LEAD): This is a Part II repot on a big 4 audit firm. This was a failure on how the auditors tested the controls over journal entries. We know that there have been some audit failures that lead to restatement. What does that mean? Everyone failed – company’s & auditor’s processes failed (company didn’t document or assess well and underline isn’t correct). Increase the points of failure. We’re going to discuss in-depth what this “level of precision” really means to Public companies and even their internal audit folks!
Sonia (LEAD) Here’s the same firm, however this audit of internal control failure came from period-end close controls. I’m calling your attention to the “limited to observing signatures” sentence. Remember the good old days of just looking at those signatures or for those of you that really lucked out by just auditing initials and dates! This one is for you! This is saying that the signature is no longer just enough. There’s more that we need to document.
Sonia (LEAD)
Sonia (Lead): now I’m putting things together where we’re sharing visually before and after. What SOX 404 for management and the external auditors WAS and NOW what it WILL BE! For those of you not audited by the top 8 auditing firms, I feel sorry for you as the internal control audit wrath is coming and it’s coming soon!
Sonia (LEAD)
Gabe (COMMENTATOR): please offer what you’ve seen in your clients where one thought someone was reviewing something and found out it was never really being reviewed/monitored. A good story would be best for folks to remember.
Sonia (L): now we have the “after” workpaper from this client that decided to update its AR allowance to include more information about judgment in this reserve. Here they provided in the excel file, in a text box, the key reports they used (which it looks like three key reports were used for Russia’s allowance only, including the AR client detail report, Client invoice by product type and others. What’s missing is more information about this other customer called “Trying things Out Customer”, remember we put a blanket 25% allowance. So we know there’s a story there again, some email will be used to validate the judgment here, however we have all been there when either the Director of Sales or even COOs find out that Mr or Mrs. Trying things out aren’t so happy and I’m sure there are more key system generated reports used to conclude on this 25% reserve. So guess what….More testing on the completeness and accuracy of those reports.
Caroline takes presenter rights
Sonia (LEAD) now most of you are using excel in some form or fashion to assist the Company in closing its books! My suggestion is to inventory your most important and critical spreadsheets. Why? Both you and your external auditors need to test them for accuracy, completeness and logical security of course! Now there is some guidance out there on how to RISK Rank your excel spreadsheets and our firm actually created this proprietary template to risk rank only those important spreadsheets you use for SOX 404 purposes which is closing your books. The very first step is inventory what you have. Second step is to rate them based upon the ITGI guidance. We’ve summarized what they want here which is: A) Determining the excel files “purpose” in short, is the file used for analytical review only, financial reporting, or posting to the G/L, each of those has its own rating, then you’ll need to look at the “VALUE” offered by the spreadsheet, such as a) how the dollar thresholds you’re reaching in that spreadsheet impact your materiality for SOX 404 testing.
Rohn (COMMENT): please comment on how your clients HAVE NOT inventoried what they have and what was some of the horror stories you can share when they don’t even know what they have!
Sonia (LEAD): Now let’s move on to the next step which is how likely this spreadsheet will have an impact to your Financial statements.
Sonia (LEAD): now you’ll have to validate each spreadsheet which is just laymen's terms of saying testing it!
Sonia (LEAD): For those of you who haven’t joined COSO Implementation group in LinkedIn, please do so today, as both the template and other offerings such as technical videos will NOT be shared with you unless you are a COSO Implementation member. Here is a hyper link and please join today again to get those announcements when the templates are up and running on our website.