Add to collection(s) Add to saved
  1. Business
  2. Management

Powerpoint slides - Center for Audit Quality

advertisement 
CAQ WEBCAST
PCAOB Insights on Internal Control: A
Discussion on
Auditing Standard No. 5
The views expressed by the presenters do not necessarily represent the views, positions, or opinions of
the Center for Audit Quality or the presenters’ respective organizations. These materials, and the oral
presentation accompanying them, are for educational purposes only and do not constitute accounting or
legal advice or create an accountant-client or attorney-client relationship.
Slide 1
Join the CAQ today!
Visit www.thecaq.org/members
or call
1-888-817-3277
Slide 2
Today’s Objectives
Today’s program is designed to help you better
understand:
 Notable changes made to the PCAOB’s
internal control auditing standard no. 2
 Overview of AS 5 and insights on how it can
be scaled for smaller, less complex companies
 Overview of SEC’s Management Guidance on
Internal Control
 Overview of COSO’s Guidance on Monitoring
Internal Control
Slide 3
Today’s Presenters
Thomas Ray, CPA
Chief Auditor and Director of Professional Standards
PCAOB
Sharon Virag, CPA
Director of Technical Policy Implementation
PCAOB
Trent Gazzaway, CPA
Managing Partner of Corporate Governance
Grant Thornton LLP
**********
Cynthia M. Fornelli
Moderator & Executive Director
Center for Audit Quality
Slide 4
CAQ Webcast
PCAOB Insights on
Internal Control:
A Discussion on Auditing
Standard No. 5
Tom Ray
Sharon Virag
5
October 4, 2007
Caveat
The views expressed by Mr. Ray and Ms.
Virag are their own views and do not
necessarily reflect the views of the Board,
individual Board members, or other
members of the staff of the PCAOB.
6
Overview
7

Improvements resulting from Auditing
Standard No. 5

Successful implementation of
AS No. 5 - Next steps
Improvements
Resulting from the
Amendment to Auditing
Standard No. 2
8
Improvements Resulting from Auditing
Standard No. 5
9

Focus the internal control audit on the
most important matters

Eliminate procedures that are
unnecessary to achieve the intended
benefits

Make the audit clearly scalable to fit any
company’s size and complexity

Simplify the standard
Focus the Internal Control Audit on the Most
Important Matters
10

More clearly focuses auditors on
identifying control weaknesses before
they result in material misstatements

Clarifies how auditors should use risk
assessment to focus on the accounts,
disclosures and their relevant assertions

Emphasizes the importance of fraud risk
and anti-fraud controls to assessing risk
Focus the Internal Control Audit on the Most
Important Matters (cont.)
11

Outlines three broad categories of
entity-level controls

Emphasizes the importance of a
company’s control environment

Emphasizes higher risk stages of
financial statement preparation
Eliminate Procedures that Are Unnecessary
to Achieve the Intended Benefits
12

Removes the detailed requirements to
evaluate management's evaluation
process

Permits consideration of knowledge
obtained from the auditor's previous
years’ audits
Eliminate Procedures that Are Unnecessary
to Achieve the Intended Benefits (cont.)



13
Removes barriers to using the work of
others by eliminating the "principal
evidence" provision
Refocuses the multi-location direction on
risk rather than coverage
Clarifies that the top-down approach
describes the auditor’s sequential thought
process in identifying risks and the
controls to test
Eliminate Procedures that Are Unnecessary
to Achieve the Intended Benefits (cont.)



14
Allows auditors to tailor their top-down
approach to the facts and circumstances
of a particular engagement
Focuses the performance requirements
for a walkthrough on fulfilling certain
important objectives
Establishes a principle for evaluation and
communication to the audit committee of
control deficiencies
Make the Audit Clearly Scalable to Fit Any
Company’s Size and Complexity

Discussion of scaling concepts throughout
the standard

Discussion of the attributes of smaller and
less complex companies

15
Larger companies may have some business
units or processes that may be less complex
than others
Simplify the Standard
16

Reduces granularity and redefines key
terms in a simpler way

Clarifies that the auditor’s evaluation of
materiality for an internal control audit is
the same as the financial statement audit

Alignment of terms between the standard
and SEC’s management guidance
Effective Date
17

AS No. 5, Rule 3525, and the amendments will
be effective for audits of fiscal years ending on
or after November 15, 2007.

Earlier adoption is permitted for timely SEC
Filings on or after August 27, 2007.

If continue to comply with AS No. 2 until
superseded, then should apply the definition of
“material weakness” contained in AS No. 5
rather than the definition in AS No. 2.
Successful
Implementation of
AS No. 5 – Next Steps
18
Next Steps
19

Monitor firms response to AS No. 5

Continue outreach programs, including
Small Business Forums

Adjust the PCAOB inspection approach for
AS No. 5

Continue Coordination with SEC

Issue guidance for auditors of smaller
companies
Guidance for Auditors of Smaller Companies
20

Intended to address the
implementation of the internal
control auditing standard in a smaller
public company environment

Derived from practice experience

Developed with auditors and small
issuers
Continue PCAOB Forums on Auditing in the
Small Business Environment


21
Eight forums scheduled in 2007

New York – October 22-23

Chicago – November 9

Washington, DC – December 4
Meeting materials and registration
information posted on Board's Web site
Three legs to the “404-improvement” stool
Value to companies
through improved use of
monitoring
Value to auditors through
ability to focus on good
COSO’s
monitoring controls
Guidance on
Monitoring
SEC’s
Guidance
PCAOB’s
AS5
(for mgmt)
(for auditors)
Separate but
consistent
Slide 22
SEC’s new interpretive guidance
 Interpretive guidance proposed in December 2006
comment period ended February 26, 2007
over 200 comment letters received
 Approved by Commission on May 23, 2007
www.sec.gov/rules/interp/2007/33-8810.pdf
Slide 23
SEC's guidance
Key attributes:
 Principles-based
 Directs efforts to
highest risks of material
misstatement
 Allows evaluation to be
tailored to facts and
circumstances
 Provides guidance on
supporting evidence
and documentation
 Provides guidance for
evaluating deficiencies
 Does not replace
control frameworks
 Voluntary
Slide 24
SEC's guidance
Encourages a focus on "entity-level" controls:
 Indirect - those that have an indirect effect on
control system effectiveness (e.g., tone at the top)
 Monitoring - those that monitor the effectiveness of
other controls (see the COSO monitoring guidance)
 Precise - those that operate at a level of precision
that would adequately prevent or detect
misstatements on a timely basis
Slide 25
SEC's guidance
Discusses documentation and evidence:
 Documentation of the design of identified controls
is an integral part of management's reasonable
support
 Nature and extent will vary based on the size, nature
and complexity of the company
 Evidence of operating effectiveness provided by
ongoing monitoring or separate evaluation activities
Slide 26
SEC's guidance
Also includes:
 A framework for evaluating control deficiencies
 Indicators of material weaknesses
 Guidance regarding disclosures
 Note, the four required disclosure components have not
changed (i.e., mgmt is responsible for ICFR, whether
ICFR is effective, the framework used, and a reference to
the auditor's opinion)
 SEC continues to see disclosures that do not adequately
describe the nature and impact of identified deficiencies
Slide 27
SEC's Revised FAQ document
Released September 24, 2007:
 Eliminated 12 FAQs the staff believed were no
longer relevant, necessary, or were addressed in the
interpretive guidance (#s 5, 7, 10–13, 15–20)
 Renumbered remaining questions
 Added four new questions pertaining to foreign
private issuers (see FAQs 12–15)
Slide 28
COSO's guidance on monitoring
Discussion
document
available at …
www.coso.org
Slide 29
COSO's guidance
Effective monitoring – value proposition:
 Provides management with most of the evidence it
needs about ICFR effectiveness to support its
assertion
 Encourages effective
control operation
 Helps manage
and/or mitigate
risk
Slide 30
COSO's guidance
Let's look at a simple example of the concept …
 assume:
 a reconciliation control is deemed important to
financial reporting
 the supervisor of the area performs an
appropriately detailed review of the
reconciliation each time it is prepared
Slide 31
COSO's guidance
Simple example (cont'd)
 The supervisor's review (if it is effective)
accomplishes two things:
 tells him or her whether the control is working
 encourages continued effective operation of
the control
Slide 32
COSO's guidance
How do we often deal with this risk in today’s 404
environment?
Management’s
404 Process
Auditor’s
404 Audit Process
4. Test the
Review
6. Test the
Review
3. Test the
Recon.
2. Review
Reconciliation
1. Perform
Reconciliation
5. Test the
Recon.
Slide 33
COSO's guidance
How might it be done better in a large organization?
Management’s
Monitoring Process
3. Test the
Review
2. Review
Reconciliation
1. Perform
Reconciliation
Auditor’s
404 Audit Process
or
4a. Possibly
Use the
Work of
Others
4b. Test
the Review
Slide 34
COSO's guidance
How might it be done better in a small organization?
Auditor’s
404 Audit Process
Management’s
Monitoring Process
If the reconciliation review
is performed at the seniormanagement level, no
further evaluation may
be necessary
2. Review
Reconciliation
3. Test the
Review
1. Perform
Reconciliation
Slide 35
COSO's guidance
Two primary project goals:
 Help companies recognize effective monitoring
when it is already present and “take credit” for it
 Help companies identify places where effective
monitoring is lacking and provide guidance
regarding possible improvements
Slide 36
COSO's guidance
Two project phases:
 Phase I: Proof-of-concept stage — issued a
discussion document presenting the fundamental
concepts of effective monitoring
 Phase II: Practical examples and tools stage —
working to prepare case studies, examples and
tools to help organizations implement the
fundamental concepts
Slide 37
COSO's guidance
Key questions:
1. What to evaluate
2. How to evaluate it
3. When and how often to evaluate it
These decisions are influenced by the level of risk and
the corresponding importance of identified controls
Slide 38
COSO's guidance
Elements of effective monitoring:
Slide 39
SEC and COSO guidance
Location reminder:
 SEC's Interpretive Guidance for Management
www.sec.gov/rules/interp/2007/33-8810.pdf
 COSO's Discussion Document – Guidance on
Monitoring Internal Control
www.coso.org
Slide 40
Questions & Summary
Slide 41
Thank you for participating!
Please visit us at
www.theCAQ.org
Slide 42
CAQ WEBCAST
PCAOB Insights on Internal Control: A
Discussion on
Auditing Standard No. 5
Slide 43
Related documents
COSO Presentation-An Internal Control Framework
COSO Presentation-An Internal Control Framework
An Update of COSO`s Internal Control–Integrated Framework
An Update of COSO`s Internal Control–Integrated Framework
The Green Book
The Green Book
Evolution of an Automated Internal Audit Management System
Evolution of an Automated Internal Audit Management System
Practical Enterprise Risk Management using the COSO Framework
Practical Enterprise Risk Management using the COSO Framework
Getting to Know Internal Auditing - The Institute of Internal Auditors
Getting to Know Internal Auditing - The Institute of Internal Auditors
Slides from Session
Slides from Session
grp-2
grp-2
Presentation - Accounting Day
Presentation - Accounting Day
internal control
internal control
Keeping Pace with SOX Compliance: COSO, Costs and the PCAOB
Keeping Pace with SOX Compliance: COSO, Costs and the PCAOB
Download
advertisement