Presentation chapter 9

• 1. Chapter IXExternal Auditors Roles andResponsibilities

2. Chapter Objectives: Recognize the role independent auditors play in achieving effective corporategovernance and reliable financial reports. Understand the history of auditing, the traditional roles of auditors, and regulationsrecently placed on them. Address the expectation gap regarding what auditors can provide in the way ofreasonable assurance and the expectations of investors for a higher level ofassurance. Identify the roles and responsibilities of the PCAOB, and discuss the auditingstandards published by the PCAOB. Demonstrate the importance of auditor independence both in fact and in appearance. Discuss an integrated audit of both financial statements and ICFR. Address the issue of a liability cap for independent auditors, and understand therationale on both sides of the issue.VIDEO ( VIDEO) 3. Key TermsThe Accountancy Investigation & Discipline Board (AIDB)Audit qualityAudit riskAudit strategyAuditor independenceControl riskDetection riskExpectation gapInherent riskIntegrated audit approachInternal Revenue Service (IRS)International Standards on Auditing (ISAs)PCAOB-USProfessional Ethics ExecutiveCommittee (PEEC)Standing Advisory Group (SAG)Statements on Auditing Standards 4. External Auditing and CorporateGovernance 5. External Auditor ResponsibilityCurrent auditing standards require that independent auditorsprovide reasonable assurance that the financial statementsare free from material misstatements, whether caused byerror or fraud, to render an unqualified opinion on the financialstatements.External auditors are not and should not be expected toprovide absolute assurance regarding reliability of financialstatements, but the public expectations concerning externalauditors performance are high.Users of audited financial statements generally expectexternal auditors to detect financial statement fraud andemployees illegal acts and fraud, which affects the integrityof financial reports. External auditors, however, are moreconcerned with material misstatements in the auditedfinancial statements. 6. Auditor Competency1. Professional competencies. To audit public companies, auditors should register with the PCAOB and meet all registration and inspection requirements.2. Technical competencies. Auditors should be knowledgeable in professional standards, rules, laws and regulations, and understand their clients industry and business, corporate governance, financial reporting process, and internal controls.3. Process competencies. Auditors ability to choose appropriate evidence-gathering procedures (tests of controls, substantivetests)andexecute auditing procedures4. Reporting competencies. Reporting competencies refer to the auditors ability and willingness to discover and report material misstatements. 7. Reports AccompanyingFinancial Statements Report on financial statements and related disclosures (prepared by auditor) Are financial statements and disclosures according to GAAP? Report on internal control over financial reporting (prepared by management) Has company maintained effective internal control over financialreporting? Report on internal control over financial reporting (prepared by auditor) Is managements assessment of its internal control appropriate? Has company maintained effective internal control over financialreporting? 8. The Purpose of the Audit Report Definition of auditing: ... communicating results tointerested users. Indicate whether the FS are in accordance with GAAP Provide indication of what the FS would be like if GAAP were followed Provide any company-omitted disclosures Indicate any unusual aspects of the audit examination Scope limitations Division of responsibility Indicate any unusual matters related to the company Going concern uncertainty Consistency Emphasize a matter 9. Four Categories ofAudit Reports Standard unqualified (clean opinion) Unqualified with explanatory paragraph ormodified wording Qualified Adverse or disclaimer 10. Definitions: Websters New Unabridged Dictionary Qualified: Having met conditions or requirements set Limited, modified Unqualified: Not having the usual or requisite talents,abilities, or accomplishments Not modified, limited, or restricted by conditionsor exceptions 11. Types of Audit ReportsType of ReportInterpretationUnqualified Financial statements taken as a whole present fairlyOpinion the financial position, results of operations, and cashflows in conformity with generally acceptedaccounting principles (GAAP).Qualified Opinion Except for the effects of a particular matter, thefinancial statements present fairly the financialposition, results of operations, and cash flows inconformity with GAAP.Adverse Opinion Financial statements do not present fairly the financialposition, results of operations, and cash flows inconformity with GAAP.Disclaimer of Auditor does not express an opinion on the financialOpinion position, results of operations, or cash flows. 12. Unqualified Reports 13. Standard Unqualified ReportThe five necessary conditions have been met: 1. All four required statements are included. 2. The three general standards have beenfollowed in all respects on the engagement. 3. Sufficient evidence has been accumulatedand the auditor has conducted theengagement in a manner that enables theconclusion that the three standards of fieldwork have been met. 14. Standard Unqualified Report4. The financial statements are presented in accordance with GAAP (including adequate disclosures.5. There are no circumstances requiring the addition of an explanatory paragraph or modification of the report wording. 15. Standard Unqualified Audit Report (Nonlisted Companies)TitleReport of Independent AuditorAddress To the Board of Directors and stockholders of Anyto client companyAudit AuditWe have audited the accompanying balancenoticenotice of Any company as of December 31, 1990sheetsand 1989, and the related statements of income,IdentifyManagementretained earnings, and cash flows for the yearthe responsibilitythen ended. These financial statements are thefinancial responsibility of the companys management. Ourstatement responsibility is to express an opinion on theseAuditors financial statements based on our audits. responsibility continued 16. We conducted our audits in accordance with generally accepted auditing standards. Those standards require that we plan and perform the audit to obtain reasonable assurance about whether the financial statements are free of material misstatement. An audit includesDescriptio examining, on a test basis, evidence supportingn of the the amounts and disclosures in the financialauditstatements. An audit also includes assessing the accounting principles used and significant estimates made by management, as well as evaluating the overall financial statementNo special presentation. We believe that our audit provides a Opinion onIn our opinion, the financial statementsmention of reasonableabove for our opinion. all material referred to basis present fairly, in financialadequatestatement respects, the financial position of Any company asdisclosures of December 31, 1990 and 1989, and the resultsor of its operations and its cash flows for the years Refer toconsistenc then ended in conformity with generally accepted GAAPy accounting principles.Signature ___________________________________,CPADate February 28, 1991 17. Audit Failures and Audit QualityFollowing is the list of the initiatives that have beensuggested to improve audit quality, as well as transparency.1. Publication of audit engagement letters2. Shareholders rights to question auditors3. Publication of auditor resignation statements4. Lead audit partners signature on audit reports5. Active audit committee participation in evaluating the scope and results of the integrated audit of both ICFR and financial statements6. Mandatory rotation of the audit firm every seven to twelve years in the context of the quality of audit work performed by the firm and the audit efficacy7. Mandatory shareholder vote on the ratification of the independent auditor each year 18. Public Company Accounting Oversight BoardThe PCAOBcreated by SOX to regulate the auditingprofession.The PCAOBs primary functions are to:1. Register public accounting firms that audit publiccompanies.2. Inspect the registered public accounting firms on a regularbasis.3. Establish auditing, attestation, ethics, quality control, andindependence standards.4. Conduct investigations and disciplinary proceedings. 19. PCAOB Auditing StandardsThe PCAOB has issued five auditing standards as ofSeptember 2007:1. PCAOB Auditing Standard No. 1 (audit is conducted inaccordance with auditing standards of PCAOBUS, the city andstate has to be disclosed)2. PCAOB Auditing Standards No. 2 and 5 (New PCAOB AS No.5 superseded AS No. 2 and requires the independent audit toopine only on the effectiveness of ICFR, not the managementprocesses and assessments concerning ICFR)3. PCAOB Auditing Standard No. 3 (auditors are required tomaintain the audit documentation in a sufficient manner andkeep the records for at least seven years)4. PCAOB Auditing Standard No. 4 (voluntary engagement forthe auditors report on the companys elimination of previouslyreported material weaknesses in its ICFR) 20. Roles and ResponsibilitiesInternal Control overFinancial Reporting Management: Designs and implements the system ofinternal control over financial reporting; evaluates theeffectiveness of the companys internal control over financialreporting and provides a public report on that assessment;prepares the financial statements. Audit Committee: Has responsibility for oversight of thecompanys financial reporting process. Independent Auditor: Performs an audit of internal controlover financial reporting and issues a report onmanagements assessment of internal control over financialreporting and on the effectiveness of internal control overfinancial reporting; also performs an audit of the companysfinancial statements. 20 21. What Managements ReportWill IncludeUnder the SEC rules, managements report on internal control overfinancial reporting should include the following information: Statement of managements responsibility for establishing andmaintaining adequate internal control over financial reporting. Statement identifying the framework used by management to evaluatethe effectiveness of internal control over financial reporting. Managements assessment of the effectiveness of the companysinternal control over financial reporting as of the end of the companysmost recent fiscal year, including an explicit statement as to whether thatcontrol is effective and disclosing any material weakness identified bymanagement in that control. Statement that the registered public accounting firm that audited thefinancial statements included in the annual report has issued anattestation report on managements internal control assessment. 21 22. PCAOB Auditing Standard No. 2:An Audit of Internal Control over Financial Reporting Performed in Conjunction withan Audit of Financial Statements1. AS No. 2 required three integrated reports on: a. Financial statements audited by registered public accountingfirms. b. Managements assessment of the effectiveness of internalcontrol over financial reporting (Section 404). c. The effectiveness of internal control over financial reportingover financial reporting based on the auditors attestation ofinternal control.2. AS No. 2 was effective beginning June 17, 2004. 22 23. The Independent Auditors OpinionThe content of the auditors report is prescribed by thePCAOB standard. The most common opinions on theeffectiveness of internal control over financial reporting willbe: Unqualified Opinion. An opinion that internal control overfinancial reporting is effective: no material weaknesses ininternal control over financial reporting exist as of the fiscalyear-end assessment date. Adverse Opinion. An opinion that internal control overfinancial reporting is not effective: one or more materialweaknesses exist as of the fiscal year-end assessmentdate. Disclaimer of Opinion. A report stating that restrictions onthe scope of the auditors work prevent the auditor fromexpressing an opinion on the companys internal controlover financial reporting.23 24. Report of Independent Registered Public Accounting Firm1. Introductory2. Scope 3. DefinitionParagraphParagraphParagraph 6. Inherent5. Explanatory4. Opinion LimitationsParagraph*Paragraph Paragraph7. Signature 8. City and9. Date State or County*The explanatory paragraph is required only when the auditors opinion is other than unqualified and may also be placed after the opinion paragraphwhen the auditor issues two separate reports on the audit of financial statements and internal controls, thus making reference to opinion on thefinancial statement audit in the report on the internal control audit.24 25. 25Source: Release No. 2004-001, pages 116137, Appendix AIllustrative Reports, available at pcaobus.org. 26. Source: Release No. 2004-001, pages 116137, Appendix AIllustrative Reports, available at pcaobus.org. 26 27. Source: Release No. 2004-001, pages 116137, Appendix AIllustrative Reports, available at pcaobus.org. 27 28. PCAOB Auditors IndependenceThe new rules restrict public accounting firms inperforming a variety of tax services to their audit clients.The new rules are intended to prevent the selling ofabusive tax shelters. 29. Audit Committee Oversight of External AuditorsThe extended oversight responsibilities for the auditcommittee are:1. Appointment, compensation, and retention of registeredpublic accounting firms2. Preapproval of audit services and permissible nonauditservices3. Review of the independent auditors plan for an integratedaudit of both ICFR and annual financial statements4. Review and discussion of financial statements audited orreviewed by the independent auditor5. Monitoring the auditors independence6. Auditor rotation requirement 30. Audit Committee Oversight of External AuditorsThe number of companies that change auditors, and thenumber of auditors changed 31. Independent AuditorsCommunications with the AuditCommitteeCommunications from the committee to the Communications from the independentindependent auditor: auditor to the audit committee:1. Appointment and retention approval of the 1. Seeking committee preapproval of all audit andindependent auditornonaudit services in a timely manner2. Formal approval of audit and permissible nonaudit 2. The critical accounting policies and practices used byservices management in the preparation of financial statements3. Formal approval of fees for both audit and nonaudit 3. All alternative treatments of financial information withinservices with a keen focus on improving the quality of GAAPaudit and nonaudit services4. Any accounting disagreements between the4. Any concerns or risks threatening managementsindependent auditor and the companys managementreputation and integrity, etc. 5. Any material, written communications between the5. Allegations of financial statement fraudindependent auditor and the companys management throughout the course of the audit 6. Significant deficiencies and material weaknesses of ICFR 7. The audit report on annual financial statements 8. The review report on quarterly financial statements 9. The audit report on managements assessment of the effectiveness of ICFR 10. The audit report on the effectiveness of ICFR 11. Financial risks associated with financial reports 32. Auditor IndependenceAuditor Independence 33. Consolidation and Competition in Public Accounting FirmsSEC rules require public companies that change their publicaccounting firms to file a Form 8-K, Item 4.01, to disclosechanges within four days, whereas auditors are required toprovide standard letters within ten days stating whether theyagree with the companys disclosure without specifying anyreasons. 34. Integrated Audit ApproachManagement assessment on the effectiveness of ICFREffectiveness of both designand operation of ICFR based on control criteria Fair presentation of financial statements in conformity withGAAP 35. Audit StrategyAudit Strategy:1. No limited tests of controls2. No use of cycle rotation in tests of controls3. Dual testing of controls and substantive audit proceduresAuditors should focus on prevention, detection, and correctionof controls at both the company level and the transactionlevel. Auditors should perform tests of controls as a basis forforming an opinion on the effectiveness of ICFR. Auditorsshould also perform substantive tests as a basis forexpressing an opinion on the fair presentation of financialstatements, regardless oftheidentifiedsignificantdeficiencies and material weaknesses in internal controls. 36. The AuditVideo 37. Brief History Fraud Investigation 1900s -- Fraud detection was a primary objective of the audit 1940s -- Detection of fraud considered to be a responsibility not assumed 1960s -- Auditor acknowledged responsibility for detecting fraud that would normally be uncovered by an examination performed in accordance with GAAS. 1980s -- Auditor had responsibility to search for fraud that may have a material affect on the financial statements. 1997 -- SAS No. 82; 2002 SAS No. 99 37 38. Types of Fraud Financial Statement Fraud Misrepresentation of material facts Misappropriation of assets Concealment of material factsManagementFraud Illegal Acts Bribery Conflict of Interest Embezzlement of money orFRAUDpropertyBreach of fiduciary duty Theft of trade secrets of Employeeintellectual propertyFraudIllegal acts 39. Why People Commit FraudStudies show that employees are likely tocommit fraud when four conditions exist: PRESSING FINANCIAL NEED OPPORTUNITY REASONABLE JUSTIFICATION LACK OF MORAL PRINCIPLES 39 40. Embezzlement FormulaMOTIVE+OPPORTUNITY +RATIONALIZATION =CRIME [FRAUD]40 41. Profile of Fraud PerpetratorsThe fraud perpetrator is more likely to be an ordinary member of thecommunity: intelligent, respected, never suspected of dishonesty,NOT YOUR TYPICAL CRIMINAL TYPE.MORE LIKELY TO BE: LESS LIKELY TO BE: A woman Divorced Married Alcoholic Church member Tattooed Older Heavier Have children Have a higher education Never been arrested Have high self-esteem High achiever 41 42. Financial Statement Fraud Definition Deliberate misstatements or omissionsof amounts or disclosures of financial statements todeceive financial statement users, particularlyinvestors and creditors Financial statement fraud has become a daily thing.Press reports challenge the corporate responsibilityand integrity of major companies such as Lucent,Xerox, Rite-Aid, Waste Management,Microstrategy, KnowledgeWare, Sunbeam,Cendent, and ZZZ Best, Enron, WorldCom, Qwest,Madoff, Satyam, Stanford Financial, and Parmalat. 42 43. High-Profile Financial statement FraudBasis of the FraudOlder ExampleYear Recent Example YearFictitious revenue, ZZZZ Best Enrondocumentation forgery and19872001theft of corporate assetsPersonal use of assets, false Phar-Mor 1992 Adelphia 2002documentation and financialstatement fraudCapitalizing expenses, among Waste 1997 WorldCom 2002other issues ManagementAbuse of accounting Savings and Loan 1982 Stock Optionsstandards CrisisBackdating 2006 44. Symptoms of FinancialStatement Fraud Continuous Deterioration of Quality andQuantity of Earnings Inadequacy of Cash Flow Overstatement of Inventories Overly Aggressive Accounting Management Short-termism Improper Revenue Recognition Overstatement of Assets 45. Elements of Fraud A false representation of a material nature Knowledge that the representation is false orreckless disregard for the truth (Scienter) Reliance on the false representation by thevictim Financial damages are incurred (to thebenefit of the perpetrator). The act was intentional. 46. Auditor and InvestigatorResponsibilities External Auditors (CPAs) SAS 99: Consideration of Fraud in a Financial Statement Audit Design audit to provide reasonable assurance of detecting fraud that could have a material effect on the financial statements. Perform fraud-related procedures SAS 54: Illegal Acts Focused primarily is on direct-effect illegal acts SAS 61: Communication with Audit Committees Internal Auditors (CIAs) SIAS 3: Deterrence, Detection, Investigation, and Reporting of Fraud Governmental Auditors Focus on laws and regulations (compliance), design audit to detect abuse and illegal acts, report to the appropriate authority Certified Fraud Examiners (CFEs) Assignments begin with predication (probable cause) 46 47. Auditors Responsibility for Detecting Fraud GAAS makes NO DISTINCTIONbetween the auditors responsibilities forsearching for errors or for fraud Per SAS No. 99, auditors mustspecifically assess the risk of materialmisstatement due to fraud47 48. Assessing the Risk of Fraud Pressure or incentive to commit the fraud Direct financial gain, such as misappropriationof assets or retaining job Indirect financial gain, such as increase instock price Perceived opportunity to commit the fraud Can fraud be perpetrated without detection?48 49. Misappropriation of Assets Risk Factors Susceptibility of assetsto misappropriation Employee relationshipsor pressures Deficiencies in internalcontrol49 50. Red Flags Personal financial pressure Vices (drugs, alcohol or gambling) Extravagant lifestyles Real or imagined grievances againstcompany Related parties Increased stress Internal pressures50 51. How Frauds Occurred Poor internal controls Management override of internal controls Collusion between employees and thirdparties Collusion between employees ormanagement Lack of control over management Poor or nonexistent corporate ethics policy51 52. Reasons Auditors Fail to Detect Fraud Over reliance on client representations Lack of awareness or failure to recognizethat an observed condition may indicate amaterial fraud Lack of experience Personal relationships with clients 52 53. SAS No. 99 The Fraud TriangleRationalizationIncentives/ OpportunitiesPressures53 54. The Fraud Triangle Incentives/Pressures 95 percent of all fraud cases involve either: Financial pressures Vice-related pressures, including drug or alcohol addiction Expensive romantic relationships Need to maintain a particular lifestyle Medical problems 54 55. The Fraud Triangle Rationalization is the reconciliationof what we are doing with what ourconscience tells us we should do. "I was only borrowing it;I planned to return it after thingsimproved."55 56. The Fraud Triangle Opportunity Easiest to control of the three components Most frequently achieved with internalcontrols Segregation of duties Authorizations Independent checks Physical safeguards Adequate documents and records 56 57. 3Cs of Financial statement Fraud 58. Evaluate ControlEnvironmentTests of Controls AuditInherent Risk XControl Risk X=Detection Risk Risk ErrorsErrorsErrors Analytical ProceduresMisappropriation Misappropriation MisappropriationTests of of Assetsof Assetsof AssetsDetails Financial FinancialStatement StatementFinancial Fraud FraudForensic StatementFraudProcedures Evaluate Management Evaluate Top Controls OverIntegrity ManagementAssetsControls R R 1 2 Incentive/OpportunityPressureIncentive/ Attitude/OpportunityPressure FraudRationalization Fraud Risk Risk Factors Fraud RiskFactorsFactors 58 59. Audit of Defined BenefitPensionsEmployer-defined benefit pension reforms, as proposed by theadministration and introduced by both the House and theSenate, would require plan sponsors to make minimum fundingcontributions equal to the greater of:(1)the contributions required under the plans funding standard account estimated based on the plans actuarial accrued liability,(2)deficient reduction contributions calculated under current liability rules.These reforms would replace the current laws double-barrelsystem with a single measure of assets and liabilities andrequired funding method. 60. Auditors Liability LimitationAgreementIn February 2006, the Federal Financial Regulatory Agenciesissued an interagency advisory that raised concerns regardingthe negative impacts on the quality and reliabilityof audits when financial institutions agree to limit theirindependent auditors liability.The advisory, while observing an increase in the types andextent of provisions in financial institutions external auditengagement letters that limit auditor liability, informsfinancial institutions that they should not enter into an auditengagement that includes unsafe and unsound limitation ofliability provisions relevant to an integrated audit of theirfinancial statements and ICFR. 61. Auditors Liability LimitationAgreement 62. Conclusion The audit function should be regarded as an external corporategovernance mechanism that serves to protect investors fromreceiving incomplete, inaccurate, or misleading financial informationand thus adds value to the effectiveness of corporate governance. SOX drastically changed the characteristics of the accountingprofession by connecting the audit function to the corporategovernance structure by requiring that the audit committee be directlyresponsible for not only hiring, compensating, and firing externalauditors, but also overseeing their work, monitoring theirindependence, and avoiding potential conflicts of interest. In the auditing profession, the so-called expectation gap is referredto as the difference between (1) what the investing public and otherusers of audited financial statements believe the responsibilities ofauditors are, and (2) what auditors are willing to assume asresponsibilities according to their professional standards. New PCAOB AS No. 5 superseded AS No. 2 and requires theindependent audit to opine only on the effectiveness of ICFR, not themanagement processes and assessments concerning ICFR. 63. Conclusion Sections 201 and 202 of SOX require that all audit and permissiblenonaudit services to be performed by the companys independentauditor be approved by the audit committee. Auditor independence is the backbone of the auditing profession,affecting the auditors planning, evidence-gathering procedures,findings, judgment, and credibility, and public trust in the auditorsopinion. Auditor independence is derived and guided by these threeprinciples: (1) independent auditors may not audit their own work, (2)independent auditors may not function in the role of their clientsmanagement, and (3) independent auditors may not serve in anadvocacy role for their audit clients. Tests of controls must be broadened to include understanding ofICFR and provide reasonable assurance about the effectiveness ofboth the design and operation of internal controls. Any contractual provisions that limit the external auditors liability orrequire waiving the right to a jury trial may have detrimental effectson auditor impartiality, objectivity, and quality.