Quarterly Auditing Standards Update 2014, Third Quarter By Larry L. Perry, CPA CPA Firm Support Services, LLC Objectives: To become familiar with the Auditing Standards Board’s Clarified Auditing Standards commonly applicable to audits of non-public, non-governmental entities. To understand practical application issues related to certain Clarified Auditing Standards. To be aware of updates from the Accounting and Review Services committee and other AICPA Committees Introduction The AICPA Auditing Standards Board (ASB) has issued its Clarified Auditing Standards that are designed to make U.S. generally accepted auditing standards (GAAS) easier to read, understand, and apply. These standards resulted from the convergence of U.S. GAAS with the International Auditing Standards while, at the same time, avoiding unnecessary conflict with PCAOB standards. The result is over 40 redrafted or clarified auditing standards, the most commonly applied of which are discussed below. I. U.S. Auditing Standards—AICPA (Clarified) A. Introduction In October 2011, the ASB issued SAS No. 122, Statements on Auditing Standards: Clarification and Recodification. SAS No. 122 is the culmination of a multiyear Clarity Project to clarify the SASs and converge them with the International Standards on Auditing. Beginning with SAS No. 122, all new SASs are now included in the section U.S. Auditing Standards—AICPA (Clarified). SAS No. 122 is effective for audits of financial statements for periods ending on or after December 15, 2012. 1. The following table lists the sections of U.S. Auditing Standards—AICPA (Clarified) and their titles. The AU-C references will be permanently retained. AU–C Sections Preface Principles Underlying an Audit Conducted in Accordance With Generally Accepted Auditing Standards AU-C Sections 200–299 General Principles And Responsibilities Au-C Sections 300–499 Risk Assessment And Response To Assessed Risks 1 Au-C Sections 500–599 Audit Evidence Au-C Sections 600–699 Using The Work Of Others Au-C Sections 700–799 Audit Conclusions And Reporting Au-C Sections 800–899 Special Considerations Au-C Sections 900–999 Special Considerations In The United States B. SAS Nos. 122–124 1. The section U.S. Auditing Standards—AICPA (Clarified), incorporates all SASs issued beginning with SAS No. 122. SAS No. 122 contains 39 clarified SASs and supersedes all outstanding SASs through SAS No. 121 except the following which are covered in SASs published later: a) SAS No. 51, Reporting on Financial Statements Prepared for Use in Other Countries (AU sec. 534) b) SAS No. 124, Financial Statements Prepared in Accordance With a Financial Reporting Framework Generally Accepted in Another Country (AU-C sec. 910), supersedes SAS No. 51. c) SAS No. 59, The Auditor’s Consideration of an Entity’s Ability to Continue as a Going Concern, as amended (AU sec. 341) d) SAS No. 65, The Auditor’s Consideration of the Internal Audit Function in an Audit of Financial Statements (AU sec. 322) e) 532) SAS No. 87, Restricting the Use of an Auditor’s Report (AU sec. f) SAS Nos. 117–120 2. SAS No. 122 also withdraws SAS No. 26, Association With Financial Statements, as amended. 3. SAS No. 123 Omnibus Statement On Auditing Standards—2011 Issued October 2011 a) Amends: (1) SAS No. 117, Compliance Audits (AICPA, Professional Standards, AU sec. 801) 2 (2) SAS No. 118, Other Information in Documents Containing Audited Financial Statements (AICPA, Professional Standards, AU sec. 550) (3) Clarified SAS Overall Objectives of the Independent Auditor and the Conduct of an Audit in Accordance With Generally Accepted Auditing Standards (4) Clarified SAS Modifications to the Opinion in the Independent Auditor’s Report (5) Clarified SAS Reports on Application of Requirements of an Applicable Financial Reporting Framework (6) Clarified SAS The Auditor’s Communication With Those Charged With Governance (Redrafted) (7) Clarified SAS Audit Documentation (Redrafted) b) This SAS contains amendments to SAS Nos. 117 and 118 and other finalized clarified SASs that have been issued. These amendments were needed to conform SAS Nos.117 and 118 to the other clarified SASs and to address other changes necessitated by the clarity project. 4. SAS No. 124 Reporting on Financial Statements Prepared in Accordance With a Financial Reporting Framework Generally Accepted in Another Country Issued October 2011 a) This SAS (1) Supersedes SAS No. 51, Reporting on Financial Statements Prepared for Use in Other Countries (AICPA, Professional Standards, vol. 1, AU sec. 534). (2) Redrafts SAS No. 51 to apply the ASB’s clarity drafting conventions, as discussed in the following sections. (3) International Standards on Auditing do not include a corresponding standard. b) Changes From Existing Standards (1) Is not expected to change practice in any significant respect (2) There are some changes to the existing standards 3 (a) Paragraphs .05, .06, and .12 of extant AU section 534 indicate that the auditor “should consider consulting” with persons having expertise in auditing and accounting standards of the other country. The ASB believes that the consideration of consulting with persons having expertise in auditing and accounting standards should not be a requirement. Instead: (i) This standard requires the auditor to obtain an understanding of a relevant financial reporting framework generally accepted in another country and of relevant auditing standards other than U.S. generally accepted auditing standards; (b) The previous requirements (prescribing “how”) have been converted to application material. C. SAS No. 125, Alert That Restricts the Use of the Auditor’s Written Communication The ASB has issued SAS No. 125, Alert That Restricts the Use of the Auditor’s Written Communication, to 1. Supersede SAS No. 87, Restricting the Use of an Auditor’s Report (AICPA, Professional Standards, AU sec. 532 and AU-C sec. 905). 2. SAS No. 125 addresses the auditor’s responsibility, when required or the auditor decides, to include in the auditor’s report or other written communication issued by the auditor in connection with an engagement conducted in accordance with GAAS language that restricts the use of the auditor’s written communication. In an auditor’s report, such language is included in an other-matter paragraph. 3. Significant changes from previous standards as a result of the issuance of SAS No. 125 are: a) Establishes an umbrella requirement to include an alert that restricts the use of the auditor’s written communication when the subject matter of that communication is based on measurement or disclosure criteria that are determined by the auditor to be suitable only for a limited number of users who can be presumed to have an adequate understanding of the criteria, measurement or disclosure criteria that are available only to the specified parties, or matters identified by the auditor during the course of the audit engagement when the identification of such matters is not the primary objective of the audit engagement (commonly referred to as a by-product report). b) The alert language, which states that the communication is intended solely for the information and use of the specified parties, is consistent with AU section 532 and AU-C section 905, except when the 4 engagement is also performed in accordance with Government Auditing Standards, and the written communication pursuant to that engagement is issued in accordance with AU-C section 265, AU-C section 806, or AU-C section 935. In this circumstance, the alert language describes the purpose of the communication and states that the communication is not suitable for any other purpose. No specified parties are identified in this type of alert. c) Modifies the guidance pertaining to single combined reports covering both (a) communications that are required to include an alert restricting its use and (b) communications that are for general use, which do not ordinarily include such an alert. (1) AU section 532 and AU-C section 905 states that if an auditor issues a single combined report, the use of the single combined report should be restricted to the specified parties. (2) SAS No. 125, however, indicates that the alert that restricts the use of the written communication pertains only to the communications required to include such an alert. (3) Accordingly, the intended use of the communications that are for general use is not affected by this alert. d) AU section 532 and AU-C section 905 requires the auditor to consider informing his or her client that restricted use reports are not intended for distribution to non-specified parties. (1) SAS No. 125 does not include a comparable requirement and makes clear that an auditor is not responsible for controlling, and cannot control, distribution of the auditor’s written communication after its release. (2) The alert is designed to avoid misunderstandings related to the use of the written communication, particularly when taken out of the context in which it is intended to be used. An auditor may consider informing the entity or other specified parties that the written communication is not intended for distribution to parties other than those specified in the written communication. II. Clarified Statement on Auditing Standards A. Preface to Codification of Statements on Auditing Standards, Principles Underlying an Audit Conducted in Accordance With Generally Accepted Auditing Standards and Statement on Auditing Standards, Overall Objectives of the Independent Auditor and the Conduct of an Audit in Accordance With Generally Accepted Auditing Standards This released document contains two elements: 5 Preface to Codification of Statements on Auditing Standards, Principles Underlying an Audit Conducted in Accordance With Generally Accepted Auditing Standards, and Statement on Auditing Standards, Overall Objectives of the Independent Auditor and the Conduct of an Audit in Accordance With Generally Accepted Auditing Standards. 1. Changes from Previous Standards a) Supercedes SAS No. 95, as amended, which contains the general, field work, and reporting standards (the 10 standards). b) Consideration by the ASB of the 10 standards (1) SASs are codified within the framework of the 10 standards, viewed as the historical basis for generally accepted auditing standards (GAAS). The clarity drafting conventions adopted by the ASB include establishing an objective or objectives for each SAS. (2) The SAS establishes the overall objectives of the auditor, which are to obtain reasonable assurance about whether the financial statements as a whole are free from material misstatement, whether due to fraud or error, thus, enabling the auditor to express an opinion on whether the financial statements are prepared, in all material respects, in accordance with an applicable financial reporting framework; and to report on the financial statements, or otherwise as required by the SASs, in accordance with the auditor’s findings. (3) Each SAS contains an objective, or objectives that provide a link between the requirements and the overall objectives of the auditor. The SASs taken together provide the standards for the auditor’s work in fulfilling the overall objectives of the auditor. (4) If an auditor fulfills the overall objective of the audit and meets applicable ethical requirements, such as the AICPA Code of Professional Conduct, the ASB believes that the auditor will have fulfilled the requirements currently stated in the 10 standards. Accordingly, the SAS does not contain 10 unconditional requirements that are the direct equivalent of the 10 standards. c) Replacement of the 10 standards with principles (1) To preserve the functions of the 10 standards, the ASB has developed the Principles Governing the Conduct of an Audit in Accordance With Generally Accepted Auditing Standards (referred to as the principles). (2) The principles identified in the preface: (a) have been drafted in the present tense. 6 (b) are not requirements and (c) do not carry any authority. (d) are the fundamental principles that govern an audit and are supported by the objectives and requirements of the individual SASs. (3) Structure of the Principles (a) The purpose of an audit (purpose). To provide financial statement users with an opinion by the auditor on whether the statements are presented fairly, in all material respects, in a manner that conforms to an applicable financial reporting framework (b) Personal responsibilities of the auditor (responsibilities). These include competence and capabilities, compliance with appropriate ethical standards and approaching the work with appropriate professional skepticism and judgment. (c) Auditor actions in performing the audit (performance). Perform the work necessary to be reasonably, but not absolutely, sure that the financial statements are free from material misstatement due to fraud or error. (d) Reporting (reporting). Based on the results of the performance of the audit, express an opinion or state that an opinion cannot be expressed on the financial statements. 2. Applicable Financial Reporting Frameworks The SAS introduces the following terms: a) Financial reporting framework. A set of accounting principles that are used to determine measurement, recognition, presentation, and disclosure of all material items for preparing financial statements in accordance with principles generally accepted in the U.S.(GAAP), International Financial Reporting Standards (IFRSs), issued by the International Accounting Standards Board (IASB), or a special purpose framework prepared on a comprehensive basis of accounting other than GAAP (OCBOA– now referred as Special Purpose Framework). Note: The AICPA’s Financial Reporting Framework for Small- and Medium-Sized Entities is a special purpose framework. b) Applicable financial reporting framework— The financial reporting framework adopted by management in the preparation and presentation of its financial statements. 7 c) Fair-presentation framework— Refers to a financial reporting framework that requires compliance with the requirements of the framework and acknowledges explicitly or implicitly that, to achieve fair presentation of the financial statements, it may be necessary for management to provide disclosures beyond those specifically required by the framework; or acknowledges explicitly that it may be necessary for management to depart from a requirement of the framework to achieve fair presentation of the financial statements. Such departures are expected to be necessary only in extremely rare circumstances. Current reporting requirements do not permit departures from GAAP unless they can be justified under Rule 203-1 of the AICPA Code of Professional Conduct, i.e, when the application of an accounting standard causes financial statements to be misleading. d) Regulatory and contractual-based framework—Refers to a financial reporting framework that requires compliance with the requirements of the framework, but does not contain the acknowledgements in (c) above This type of framework is referred to in the ISAs as a compliance framework; the term was changed for purposes of GAAS to regulatory or contractual-based framework to avoid confusion with the term compliance audit. Practical Note: Underpinning the principles in this standard, the concepts of professional skepticism and professional judgment are discussed in the application material. Professional skepticism includes being alert for contradictory audit evidence, information that brings doubt as to the reliability of documents and managements responses to inquiries and errors or fraud that indicate the need for additional substantive procedures. Professional judgment is necessary on every engagement when considering audit risk and materiality, the nature, extent and timing of audit procedures, evaluating the appropriateness and reasonableness of financial statement assertions and the applicable financial reporting framework. B. Statement on Auditing Standards The Auditor’s Communication with Those Charged with Governance (Redrafted) 1. Objectives of the auditor’s communications with those charged with governance are to a) Communicate clearly the responsibilities of the auditor in relation to the financial statement audit and an overview of the planned scope and timing of the audit. b) Obtain from information relevant to the audit. c) Provide timely observations arising from the audit that are significant and relevant to their responsibility to oversee the financial reporting process. d) Promote effective two-way communication 8 2. Definitions – In this SAS the following terms have the meanings attributed as follows: a) Those charged with governance. The person(s) or organization(s) (for example, a corporate trustee) with responsibility for overseeing the strategic direction of the entity and the obligations related to the accountability of the entity. This includes overseeing the financial reporting process. Those charged with governance may include management personnel; for example, executive members of a governance board or an owner-manager. b) Management. The person(s) with executive responsibility for the conduct of the entity’s operations. For some entities, management includes some or all of those charged with governance; for example, executive members of a governance board or an owner-manager. 3. Requirements–This SAS contains the following requirements a) Determine who is charged with governance of the entity. (1) Communications With the Audit Committee or Other Subgroup of Those Charged With Governance may need to be supplemented by communications to the entire governing body (2) When all of those charged with governance are involved in managing the entity the communications do not need to be repeated to the same persons. b) Matters to be communicated should include (1) The Auditor’s Responsibilities in Relation to the Financial Statement Audit (2) Planned Scope and Timing of the Audit (3) Significant Findings or Issues From the Audit (4) Uncorrected Misstatements c) When not all of those charged with governance are involved in management the auditor should also communicate to the governing body: (1) Material corrected misstatements that were brought to the attention of management through the audit process. (2) Significant findings or issues (including the Auditor’s views) that arose through audit procedures and were discussed with or communicated to management. (3) d) Written representations that the auditor is requesting. The Communication Process 9 (1) Establishing the Communication Process (2) Forms of Communication (3) Restricted Use (4) Timing of Communications (5) Adequacy of the Communication Process e) Documentation of the oral and written communications with management and the governing body should be made for workpaper retention. Practical Notes: Communication of the auditor’s responsibilities should include: o A discussion of the reasonable assurance, not absolute, that is, provided by an audit in accordance with GAAS. o That internal control is considered in designing an audit strategy but that no opinion of offered as to its effectiveness. o That significant matters related to the audit, determined by the auditor’s professional judgment, will be communicated to those charged with governance. Matters related to the planned scope and timing of the audit to be communicated may include: o How the auditor plans to address significant risks of material misstatement. o The impact of risks of material misstatement on the consideration of materiality levels. o Other matters related to the structure and responsibilities of the board of governance. Significant audit findings concerning accounting estimates and qualitative aspects of significant accounting practices may be communicated. Significant difficulties encountered during the audit, such as delayed or unavailable expected information, management restrictions and additional time necessary to obtain appropriate audit evidence may be communicated. C. Statement on Auditing Standards Audit Documentation (Redrafted) 1. Objective of the auditor 10 a) To prepare documentation that provides (1) a sufficient and appropriate record of the basis for the auditor’s report; and (2) evidence that the audit was planned and performed in accordance with GAAS and applicable legal and regulatory requirements. 2. Definitions – This SAS contains the following terms: a) Audit documentation. The record of audit procedures performed, relevant audit evidence obtained, and conclusions the auditor reached (terms such as working papers or workpapers are also sometimes used). b) Audit file. One or more folders or other storage media, in physical or electronic form, containing the records that constitute the audit documentation for a specific engagement. c) Documentation completion date. The date, no later than 60 days following the report release date, on which the auditor has assembled for retention a complete and final set of documentation in an audit file. d) Experienced auditor. An individual (whether internal or external to the firm) who has practical audit experience, and a reasonable understanding of (1) audit processes; (2) GAAS and applicable legal and regulatory requirements; (3) the business environment in which the entity operates; and (4) auditing and financial reporting issues relevant to the entity’s industry. e) Report release date. The date the auditor grants the entity permission to use the auditor’s report in connection with the financial statements. 3. Requirements – This SAS covers the following requirements: a) Timely Preparation of Audit Documentation b) Documentation of the Audit Procedures Performed and Audit Evidence Obtained c) Form, Content, and Extent of Audit Documentation d) Departure From a Relevant Requirement e) Matters Arising After the Date of the Auditor’s Report 11 f) Assembly and Retention of the Final Audit File Practical Note: Audit documentation normally includes audit plans, analyses, memorandums, summaries of significant findings or issues, confirmation and representation letters, various practice aids and correspondence. Such documentation should demonstrate compliance with GAAS and SQCS No. 8. All documentation that contains substantive audit evidence must include the identifying characteristics of the documents inspected, inquiries of client personnel performing procedures and their responses and the details of any observation procedures. D. Statements on Auditing Standards, Risk Assessment 1. This section covers the following SASs: a) SAS, Audit Evidence (Redrafted) b) SAS, Materiality in Planning and Performing an Audit (Redrafted) c) SAS, Evaluation of Misstatements Identified During the Audit (Redrafted) d) SAS, Planning an Audit (Redrafted) e) SAS, Understanding the Entity and Its Environment and Assessing the Risks of Material Misstatement (Redrafted) f) SAS, Performing Audit Procedures in Response to Assessed Risks and Evaluating the Audit Evidence Obtained (Redrafted) 2. Significant Changes From Existing Standards a) SAS, Audit Evidence (AU section 326) (Redrafted) (1) Consistent with ISA 500, Considering the Relevance and Reliability of Audit Evidence, the ASB transferred the requirements and guidance related to the auditor’s use of assertions from AU section 326 to redrafted AU section 314, Understanding the Entity and Its Environment and Assessing the Risks of Material Misstatement. b) SAS, Materiality in Planning and Performing an Audit (AU section 312) (Redrafted) (1) To make the standard clearer and consistent with ISA 320 (Revised), Materiality in Planning and Performing an Audit, and ISA 450, Evaluation of Misstatements Identified during the Audit, the ASB separates AU section 312 into two separate standards. 12 (a) SAS, Materiality in Planning and Performing an Audit (Redrafted), addresses the use of materiality in planning and performing the audit. (b) A separate standard, Evaluation of Misstatements Identified During the Audit, addresses the evaluation of misstatements identified during the audit. (2) The definition of audit risk and its components are now defined in the SAS, Overall Objectives of the Independent Auditor and the Conduct of an Audit in Accordance With Generally Accepted Auditing Standards. (3) The ASB eliminates the mandatory requirement of the auditor to consider audit risk in an audit because the ASB believes that the consideration of audit risk is fundamental in the audit process, and an explicit requirement is not necessary. (4) Paragraphs .62–.67 of AU section 312 address the auditor’s responsibilities to evaluate the overall effect of audit findings on the auditor’s report. The ASB deleted these paragraphs from this section because these requirements and guidance are included in redrafted AU section 508, Reports on Audited Financial Statements (AICPA, Professional Standards, vol. 1). c) SAS, Planning an Audit (AU section 311) (Redrafted) (1) The ASB deleted Paragraphs .05–.10 of AU section 311, Planning and Supervision, which address the auditor’s responsibilities about the early appointment of the independent auditor and establishing the terms of the engagement. These requirements are included in the SAS, Terms of the Engagements. (2) The ASB deleted Paragraphs .28–.32 of AU section 311 which covers supervision in an audit. These requirements and guidance are included in the SAS, Quality Control for Audit Engagements, d) SAS, Understanding the Entity and Its Environment and Assessing the Risks of Material Misstatement (AU section 314) (Redrafted) (1) Most of the paragraphs written in the form of presumptive and mandatory requirements, particularly in the content dealing with internal control, have been moved to application guidance. (2) Paragraph .19 of AU section 314 contains a requirement of the auditor to perform the audit with professional skepticism. This requirement is was deleted from AU section 314 because it is addressed by the SAS, Overall Objectives of the Independent 13 Auditor and the Conduct of an Audit in Accordance with Generally Accepted Auditing Standards. (3) Paragraph .45 of AU section 314 contains a requirement that the auditor consider whether the entity has disclosed a particular matter appropriately. This requirement was deleted because this requirement is addressed in the redraft of AU section 508, Reports on Audited Financial Statements. Practical Note: While there are no significant changes to practice in the redrafted risk assessment SASs, the auditor’s focus should be on the content of engagement documentation. Documentation of compliance with the requirements of the quality control standards and the auditing standards, including the auditor’s professional judgment in engagement circumstances, must be included in engagement files. E. Statement on Auditing Standards, Audit Considerations Relating to an Entity Using a Service Organization (Redrafted) 1. Changes from previous standards a) A user organization is known as a user entity. b) In a type 2 report, the service auditor’s report would contain an opinion on the fairness of the description of the service organization’s system and on the suitability of the design of the controls for a period rather than as of a specified date, as it currently does in a type 1 report. c) A user auditor is permitted to make reference to the work of a service auditor in his or her report to explain a modification of the user auditor’s opinion. In those circumstances, the user auditor’s report would be required to indicate that such reference does not diminish the user auditor’s responsibility for that opinion. d) A user auditor is required to inquire of management of the user entity about whether the service organization has reported to the user entity any fraud, noncompliance with laws and regulations, or uncorrected misstatements. If so, the user auditor would be required to evaluate how such matters affect the nature, timing, and extent of the user auditor’s further audit procedures. e) The SAS is applicable to situations in which an entity uses a shared service organization that provides services to a group of related entities. 14 Practical Note: As with the previous SAS No. 70 report, reliance on a type 1 or a type 2 report requires specific determination that the service auditor’s procedures provide sufficient evidence about specific internal control procedures that may be necessary to evaluate all relevant financial statement assertions in the audit of the user entity. F. Statement on Auditing Standards Consideration of Laws and Regulations in an Audit of Financial Statements SAS Consideration of Laws and Regulations in an Audit of Financial Statements supersedes SAS No. 54, Illegal Acts by Clients (AICPA, Professional Standards, vol. 1, AU sec. 317). 1. Effect of Laws and Regulations a) The impact of laws and regulations on financial statements varies considerably. b) The applicable laws and regulations constitute the legal and regulatory framework of the entity. c) Some laws or regulations have provisions with a direct effect on the financial statements because they determine the reported amounts and disclosures required in an entity’s financial statements. d) Other laws or regulations are to be complied with by management, or set the provisions under which the entity is allowed to conduct its business, but do not have a direct effect on an entity’s financial statements. e) Some entities operate in heavily regulated industries (such as banks and chemical companies) while others are subject only to the many laws and regulations that relate generally to the operating aspects of the business (such as those related to occupational safety and health and equal employment opportunity). f) Noncompliance with laws and regulations may result in fines, litigation, or other consequences for the entity that may have a material effect on the financial statements. 2. Responsibility for Compliance with Laws and Regulations a) Responsibility of Management– Management’s responsibility, with the oversight of those charged with governance, is (1) to ensure that the entity’s operations are conducted in accordance with the provisions of laws and regulations, including compliance with the provisions of laws and regulations that 15 determine the reported amounts and disclosures in an entity’s financial statements. b) Responsibility of the Auditor (1) The requirements in this SAS are designed to assist the auditor in identifying material misstatement of the financial statements due to noncompliance with laws and regulations. (2) The auditor is not responsible for preventing noncompliance and cannot be expected to detect noncompliance with all laws and regulations. (3) The auditor is responsible for obtaining reasonable assurance that the financial statements as a whole are free from material misstatement, whether caused by fraud or error. (4) The auditor is responsible for taking into account the applicable legal and regulatory framework during the planning and execution of the audit procedures. (5) In the context of laws and regulations, the potential effects of inherent limitations on the auditor’s ability to detect material misstatements are greater for the following reasons: (a) Many laws and regulations (relating principally to the operating aspects of an entity) typically do not affect the financial statements and are not captured by the entity’s information systems relevant to financial reporting. (b) Noncompliance may involve acts designed to conceal it, such as collusion, forgery, deliberate failure to record transactions, management override of controls, or intentional misrepresentations made to the auditor. (c) Whether an act constitutes noncompliance is ultimately a matter for legal determination, such as by a court of law. (6) This SAS distinguishes the auditor’s responsibilities in relation to compliance with the following two categories of laws and regulations that may have a material effect on the financial statements of the company: (a) The provisions of those laws and regulations generally recognized to have a direct effect on the determination of material amounts and disclosures in the financial statements, such as tax and pension laws and regulations. 16 (b) The provisions of other laws and regulations that do not have a direct effect on the determination of the amounts and disclosures in the financial statements but compliance with which may be: (i) fundamental to the operating aspects of the business, (ii) fundamental to an entity’s ability to continue its business, or necessary for the entity to avoid material penalties (for example, compliance with the terms of an operating license, regulatory solvency requirements, or environmental regulations). c) Differing requirements are specified for each of the previously mentioned categories of laws and regulations. (1) Auditor’s responsibility for the category referred to in (6) (a) is to obtain sufficient appropriate audit evidence regarding material amounts and disclosures in the financial statements that are determined by the provisions of those laws and regulations. (2) Auditor’s responsibility for the category referred to in (6) (b) is limited to performing specified audit procedures that may identify noncompliance with those laws and regulations that may have a material effect on the financial statements. d) The auditor is required to remain alert to the possibility that other audit procedures applied for the purpose of forming an opinion on financial statements may bring instances of identified or suspected noncompliance with laws and regulations to the auditor’s attention. Practical Note: This SAS requires determination and consideration of direct and indirect laws and regulations during the planning and performance phases of an audit engagement. A section of a planning document, as well as other documentation create during engagement performance, should include evidence of compliance with these requirements. G. Statement on Auditing Standards, Related Parties (Redrafted) 1. Changes From Previous Standards a) Previous AU section 334 was premised on the related party requirements in Financial Accounting Standards Board (FASB) Statement No. 57, Related Party Disclosures. Therefore it is focused on auditing the amounts and disclosures pursuant to GAAP in the United States and is centered on the provisions of FASB Statement No. 57. b) This SAS is framework neutral so it includes all approved financial reporting frameworks, including special purpose frameworks described in 17 the SAS Special Considerations—Audits of Financial Statements Prepared in Accordance with Special Purpose Frameworks. c) The applicability of the objectives, requirements, and definitions in the SAS are irrespective of whether the framework establishes such requirements. 2. The SAS contains sections on: a) Nature of Related Party Relationships and Transactions—Many related party transactions are in the normal course of business and they may carry no higher risk of material misstatement of the financial statements than similar transactions with unrelated parties. However, the nature of related party relationships and transactions may give rise to higher risks of material misstatement of the financial statements than transactions with unrelated parties. b) Responsibilities of the Auditor: (1) Because related parties are not independent of each other, financial reporting frameworks establish specific accounting and disclosure requirements for related party relationships, transactions, and balances to enable users of the financial statements to understand their nature and actual or potential effects on the financial statements. Therefore, the auditor has a responsibility to perform audit procedures to identify, assess, and respond to the risks of material misstatement arising from the entity’s failure to appropriately account for or disclose related party relationships, transactions, or balances. (2) An understanding of the entity’s related party relationships and transactions is relevant to the auditor’s evaluation of whether one or more fraud risk factors are present, as required by the SAS Consideration of Fraud in a Financial Statement Audit (Redrafted), because fraud may be more easily committed or disguised through related parties. c) An audit has inherent limitations, so an unavoidable risk exists that some material misstatements of the financial statements may not be detected, even though the audit is properly planned and performed in accordance with US GAAS. In the context of related parties, the potential effects of inherent limitations on the auditor’s ability to detect material misstatements are greater because management may be unaware of the existence of all related party relationships and transactions. Related party relationships may present a greater opportunity for collusion, concealment, or manipulation by management. d) Planning and performing the audit with professional skepticism– The SAS Overall Objectives of the Independent Auditor and the Conduct of an Audit in Accordance With Generally Accepted Auditing Standards, requires the auditor to plan and perform the audit with professional 18 skepticism. It is in context, given the potential for undisclosed related party relationships and transactions. Practical Note: Even though this is a redrafted SAS, it specifically requires that an auditor perform risk assessment procedures for related party transactions. While risk assessment may be performed for transactions with related parties when scanning the general ledger for transactions greater than the lower limit for individually significant items, transactions below that amount may not be considered. Since related party transactions must be considered in the aggregate when determining materiality, related party transactions should be identified early in the planning phase of an engagement. After making inquiries of management and accounting personnel, reading minutes of directors’ meetings and reviewing the prior year’s engagement files, all transactions, large and small, with related parties should be considered. 3. Requirements a) Risk Assessment Procedures and Related Activities b) Identification and Assessment of the Risks of Material Misstatement Associated With Related Party Relationships and Transactions c) Responses to the Risks of Material Misstatement Associated With Related Party d) Relationships and Transactions Evaluation of the Accounting for, and Disclosure of, Identified Related Party Relationships and Transactions H. e) Communication With Those Charged With Governance f) Documentation Statement on Auditing Standards, External Confirmations 1. Changes from Previous Standards a) It does not change practice in any significant respect; b) To reflect a more principles-based approach to standard setting, certain requirements that are duplicative of broader requirements in SAS No. 67 have been moved to application and other explanatory material, consistent with ISA No. 505. In the ASB’s view, this has not changed the overall effectiveness of the proposed SAS. c) Most significant changes to previous standards are as follows: (1) Responsibilities of the auditor when management refuses to allow the auditor to send a confirmation request. These responsibilities include inquiries as to reasons for the refusal, evaluating alternative procedures and impact on the risk assessment. When and if the auditor concludes that management’s refusal is unreasonable, or the auditor is unable to 19 obtain relevant and reliable audit evidence from alternative audit procedures the auditor should include communicate with those charged with governance. (2) Added application material to the SAS regarding the use of oral responses to confirmation requests as audit evidence. (a) It clarifies that the receipt of an oral response to a confirmation request does not meet the definition of an external confirmation. (b) Provides guidance on how the response may be considered part of alternative procedures performed in order to obtain sufficient appropriate audit evidence. (c) The definition of confirmation has been changed. (i) The ASB has expanded the ISA definition of an external confirmation to include direct access by the auditor to information held by a third party. (ii) Third-party involvement is increasingly common, and the ASB believes that the inclusion of this concept clarifies the definition. (iii) The ASB believes this clarification is an improvement to the ISA definition because it specifically addresses a situation that is becoming increasingly common, and this change to the ISA definition is not inconsistent with the intent of the IAASB’s definition. Practical Note: Electronic confirmation processes must be secure and controlled. A secure confirmation environment depends on the auditor’s and respondent’s processes or mechanisms that minimize the possibility of compromise. I. Statement on Auditing Standards Subsequent Events and Subsequently Discovered Facts 1. Objectives of the auditor: a) to obtain sufficient appropriate audit evidence about whether events occurring between the date of the financial statements and the date of the auditor’s report that require adjustment of, or disclosure in, the financial statements are appropriately reflected in those financial statements in accordance with the applicable financial reporting framework 20 b) to respond appropriately to facts that become known to the auditor after the date of the auditor’s report that, had they been known to the auditor at that date, may have caused the auditor to revise the auditor’s report. 2. The objective of a predecessor auditor who is requested to reissue a previously issued auditor’s report on financial statements that are to be presented on a comparative basis with audited financial statements of a subsequent period is to perform specified procedures to determine whether the previously issued auditor’s report is still appropriate before such report is reissued. 3. Definitions – This SAS contains the following terms: a) Date of the financial statements. The date of the end of the latest period covered by the financial statements. b) Date of the auditor’s report. The date that the auditor dates the report on the financial statements, in accordance with the SAS Forming an Opinion and Reporting on Financial Statements. For non-public entities, this is the date financial statements are available to be issued; for public entities, the date financial statements are issued should be used. c) Subsequent events. Events occurring between the date of the financial statements and the date of the auditor’s report. d) Subsequently discovered facts. Facts that become known to the auditor after the date of the auditor’s report that, had they been known to the auditor at that date, may have caused the auditor to revise the auditor’s report. 4. Requirements – This SAS covers the following requirements: a) Subsequent Events b) Subsequently Discovered Facts That Become Known to the Auditor Before the Report Release Date c) Subsequently Discovered Facts That Become Known to the Auditor After the Report Release Date d) Predecessor Auditor’s Reissuance of the Auditor’s Report in Comparative Financial Statements e) J. Predecessor Auditor’s Report Reissued Statement on Auditing Standards, Audit Sampling (Redrafted) 1. Changes from Previous Standards a) The SAS does not change or expand SAS No. 39 in any significant respect. 21 b) To reflect a more principles-based approach to standard setting, certain requirements that are duplicative of broader requirements in SAS No. 39 have been moved to application and other explanatory material, consistent with ISA No. 530 (Redrafted). In the ASB’s view, this has not changed the overall effectiveness of the SAS. K. Statement on Auditing Standards Communicating Internal Control Related Matters Identified in an Audit (Redrafted) 1. Objective of the auditor is a) to appropriately communicate to those charged with governance and management (1) deficiencies in internal control that the auditor has identified during the audit and (2) that, in the auditor’s professional judgment, is of sufficient importance to merit their respective attentions. 2. Definitions – This SAS contains the following terms: a) Deficiency in internal control. (1) A deficiency in internal control exists when the design or operation of a control does not allow management or employees, in the normal course of performing their assigned functions, to prevent, or detect and correct, misstatements on a timely basis. (2) A deficiency in design exists when (a) a control necessary to meet the control objective is missing or (b) an existing control is not properly designed so that, even if the control operates as designed, the control objective would not be met. (3) A deficiency in operation exists when a properly designed control does not operate as designed or when the person performing the control does not possess the necessary authority or competence to perform the control effectively. b) Material weakness. A deficiency or a combination of deficiencies, in internal control, such that there is a reasonable possibility that a material misstatement of the entity’s financial statements will not be prevented, or detected and corrected, on a timely basis. c) Significant deficiency. A deficiency, or a combination of deficiencies, in internal control that is less severe than a material weakness yet important enough to merit attention by those charged with governance. 22 3. Requirements – This SAS covers the following requirements: a) Determination of Whether Deficiencies in Internal Control Have Been Identified 4. b) Evaluating Identified Deficiencies in Internal Control c) Communication of Deficiencies in Internal Control This SAS contains illustrative written communications: a) Exhibit A: Illustrative Written Communication b) Exhibit B: Illustrative No Material Weakness Communication c) Exhibit C: Examples of Circumstances That May Be Deficiencies, Significant Deficiencies, or Material Weaknesses Practical Note: Internal control is always relevant to the nature, size and complexity of a reporting entity. Therefore, so should be the contents of the internal control communication letter. Smaller entities will ordinarily have more informal control activities in the hands of one or a few individuals. For smaller entities, key controls performed at the entity level will ordinarily have the most pervasive effects for preventing errors or fraud from occurring and going undetected. L. Statement On Auditing Standards Written Representations 1. Written Representations as Audit Evidence a) Audit evidence–the information used by the auditor in arriving at the conclusions on which the auditor’s opinion is based. b) Written representations–necessary information that the auditor requires in connection with the audit of the entity’s financial statements. c) Similar to responses to inquiries, written representations are audit evidence. d) Written representations provide necessary audit evidence (1) complement other auditing procedures and (2) do not provide sufficient appropriate audit evidence on their own about any of the matters with which they deal. (3) do not affect the nature or extent of other audit procedures that the auditor applies to obtain audit evidence about the 23 fulfillment of management’s responsibilities or about specific assertions. 2. Objectives of the auditor a) to obtain written representations from management (when appropriate, those charged with governance when appropriate) that they believe that they have fulfilled their responsibility (1) for the preparation and fair presentation of the financial statements and (2) for the completeness of the information provided to the auditor b) to support other audit evidence relevant to the financial statements or specific assertions in the financial statements by means of written representations if determined necessary by the auditor or required by other AU-C sections; and c) to respond appropriately to written representations provided by management (when appropriate, those charged with governance) or d) to respond appropriately if management (when appropriate, those charged with governance) do not provide the written representations requested by the auditor. 3. Definition –In this SAS the following term has the meaning: a) Written representation –. A written statement by management provided to the auditor to confirm certain matters or to support other audit evidence. Written representations in this context do not include financial statements, the assertions therein, or supporting books and records. 4. Requirements – This SAS covers the following requirements: a) Management from whom written representations are requested (includes management with appropriate responsibilities for the financial statements and knowledge of the matters concerned.) (1) Written representations about management’s responsibilities for (a) Preparation and fair presentation of the financial statements in accordance with an appropriate financial framework. (b) Information provided and completeness of transactions 24 (2) Other Written Representations – The auditor should request management to provide written representations concerning (a) Fraud (b) Laws and Regulations (c) Uncorrected Misstatements (d) Litigation and Claims (e) Estimates (f) Related Party Transactions (g) Subsequent Events b) Additional Written Representations About the Financial Statements (1) Other AU-C sections require the auditor to request written representations. If, the auditor determines that it is necessary to obtain one or more written representations to support other audit evidence relevant to the financial statements or one or more specific assertions in the financial statements, he or she should request such other written representations. 5. Date of, and Period(s) Covered by, Written Representations a) should be as of the date of the auditor’s report on the financial statements. b) should be for all financial statements and period(s) referred to in the auditor’s report. 6. Form of Written Representations – should be in the form of a representation letter addressed to the auditor. 7. Doubt About the Reliability of Written Representations and Requested Written Representations Not Provided a) Doubt About the Reliability of Written Representations – (1) If the auditor has concerns about the competence, integrity, ethical values, or diligence of management or about management’s commitment to, or enforcement of, these, the auditor should determine the effect that such concerns may have on the reliability of representations (oral or written) and audit evidence in general. 25 (2) If written representations are inconsistent with other audit evidence, the auditor should perform audit procedures to attempt to resolve the matter. (a) If the matter remains unresolved, the auditor should reconsider the assessment of the competence, integrity, ethical values, or diligence of management or of management’s commitment to, or enforcement of, these and should determine the effect that this may have on the reliability of representations (oral or written) and audit evidence in general. (b) The auditor should take appropriate action, including determining the possible effect on the opinion in the auditor’s report in accordance with the SAS Modifications to the Opinion in the Independent Auditor’s Report, if the auditor concludes that the written representations are not reliable. 8. Written Representations About Management’s Responsibilities a) Disclaiming an opinion or withdrawing from the engagement. The auditor should disclaim an opinion on the financial statements in accordance with the SAS Modifications to the Opinion in the Independent Auditor’s Report or withdraw from the engagement if (1) the auditor concludes that sufficient doubt exists about the integrity of management such that the written representations required are not reliable or (2) management does not provide the written representations required. b) Requested Written Representations Not Provided – When management does not provide one or more of the requested written representations, the auditor should (1) discuss the matter with management; (2) re-evaluate the integrity of management and evaluate the effect that this may have on the reliability of representations (oral or written) and audit evidence in general; and (3) take appropriate actions, including determining the possible effect on the opinion in the auditor’s report in accordance with the SAS Modifications to the Opinion in the Independent Auditor’s Report, considering the requirement in paragraph 25 of this SAS. 9. Examples –You may find the following examples in this SAS useful a) Exhibit A: Illustrative Representation Letter 26 b) M. Exhibit B: Examples of Specific Written Representations Statement On Auditing Standards Terms of Engagement 1. Objective of the auditor a) Is to accept an audit engagement for a new or existing audit client only when the basis upon which it is to be performed has been agreed upon through: (1) establishing whether the preconditions for an audit are present and (2) confirming that a common understanding of the terms of the audit engagement exists between the auditor and management and, when appropriate, those charged with governance. 2. Definitions–The following terms have the meanings attributed as follows: a) Preconditions for an audit. The use by management of an acceptable financial reporting framework in the preparation of the financial statements and the agreement of management and, when appropriate, those charged with governance, to the premise on which an audit is conducted. b) Recurring audit. An audit engagement for an existing audit client for whom the auditor performed the preceding audit. 3. Requirements –The requirements in this SAS covers such things a) Preconditions for an Audit—covers whether the preconditions for an audit are present which include (1) Determining whether the financial reporting framework to be applied in the preparation of the financial statements is acceptable (2) Obtaining the agreement of management that it acknowledges and understands its responsibility for: (a) The preparation and fair presentation of the financial statements in accordance with the applicable financial reporting framework; (b) The design, implementation, and maintenance of internal controls relevant to the preparation and fair presentation of financial statements that are free from material misstatement, whether due to fraud or error; and 27 (c) To provide the auditor with (i) access to all information of which management is aware that is relevant to the preparation and fair presentation of the financial statements, such as records, documentation, and other matters; (ii) additional information that the auditor may request from management for the purpose of the audit; and (iii) unrestricted access to persons within the entity from whom the auditor determines it necessary to obtain audit evidence. b) Management-Imposed Limitation on Scope Prior to Audit Engagement Acceptance That Would Result in a Disclaimer of Opinion. If this entity: (1) Imposes a scope limitation on the auditor such that the auditor believes the limitation will result in the auditor disclaiming an opinion on the financial statements as a whole, the auditor should not accept such a limited engagement as an audit engagement. (2) However if the entity is required by law or regulation to have an audit and it imposes such a scope limitation and a disclaimer of opinion is acceptable under the applicable law or to the regulator, the auditor is permitted, but not required, to accept the engagement. c) Other Factors Affecting Audit Engagement Acceptance (1) If the preconditions for an audit are not present, and the auditor is not required by law or regulation to accept the proposed audit engagement, the auditor should discuss the matter with management and decline to accept the proposed engagement. (2) If the auditor has determined that the financial reporting framework to be applied in the preparation of the financial statements is unacceptable or if the agreement referred to above has not been obtained the auditor should not accept the engagement. d) Agreement on Audit Engagement Terms (1) The auditor should agree upon the terms of the audit engagement with management or those charged with governance, as appropriate. 28 (2) The terms of the audit engagement should be documented in an audit engagement letter or other suitable form of written agreement and should include the following: (a) The objective and scope of the audit of the financial statements (b) The responsibilities of the auditor (c) The responsibilities of management (d) A statement that because of the inherent limitations of an audit, together with the inherent limitations of internal control, an unavoidable risk exists that some material misstatements may not be detected, even though the audit is properly planned and performed in accordance with GAAS (e) Identification of the applicable financial reporting framework for the preparation of the financial statements (f) Reference to the expected form and content of any reports to be issued by the auditor and a statement that circumstances may arise in which a report may differ from its expected form and content e) Initial Audits, Including Reaudit Engagements –Covers steps the auditor should take before accepting an engagement for an initial audit (or a reaudit engagement) including requesting (1) Management to authorize the predecessor auditor to respond fully to the auditor’s inquiries regarding matters that will assist the auditor in determining whether to accept the engagement. (a) Should management refuses to authorize the predecessor auditor to respond, or limits the response, the auditor should inquire about the reasons and consider the implications of that refusal in deciding whether to accept the engagement. (b) The auditor should evaluate the predecessor auditor’s response, or consider the implications if the predecessor auditor provides no response or a limited response, in determining whether to accept the engagement. f) Recurring Audits – covers requirements in assessing whether circumstances require the terms of the audit engagement to be revised. 29 g) Acceptance of a Change in the Terms of the Audit Engagement – covers the auditor’s consideration of changes to the terms of the audit engagement when no reasonable justification for doing so exists. (1) If the terms of the audit engagement are changed by agreement, the auditor and management should (a) agree on and document the new terms of the engagement in an engagement letter or other suitable form of written agreement. (2) If the auditor concludes that no reasonable justification for a change of the terms of the audit engagement exists and is not permitted by management to continue the original audit engagement, the auditor should (a) withdraw from the audit engagement when possible under applicable law or regulation (b) communicate the circumstances to those charged with governance, and (c) determine whether any obligation, either legal, contractual, or otherwise, exists to report the circumstances to other parties, such as owners, or regulators. h) Additional Considerations in Engagement Acceptance (1) Auditor’s Report Prescribed by Law or Regulation (a) If law or regulation prescribes a specific layout, form, or wording of the auditor’s report that significantly differs from the requirements of GAAS, the auditor should evaluate (i) whether users might misunderstand the auditor’s report and, if so, (ii) whether the auditor would be permitted to reword the prescribed form to be in accordance with the requirements of GAAS or attach a separate report. (b) If the auditor determines that rewording the prescribed form or attaching a separate report would not be permitted or would not mitigate the risk of users misunderstanding the auditor’s report, 30 (i) The auditor should not accept the audit engagement unless the auditor is required by law or regulation to do so. (ii) An audit performed in accordance with such law or regulation does not comply with GAAS. (iii) The auditor should not include any reference to the audit having been performed in accordance with GAAS within the auditor’s report. Practical Note: Because an engagement letter forms a contract between the reporting entity and the auditor, and because both parties to the contract must understand its contents for it to be valid, the letter should be delivered by the engagement leader or partner. In addition to the contents of the letter, the entity’s business, the current economic environment, potential fraud risks and other important planning considerations should be discussed and documented when the letter is delivered. N. Statement on Auditing Standards, Quality Control for an Engagement Conducted in Accordance With Generally Accepted Auditing Standards 1. Changes from Previous Standards a) Supersedes SAS No. 25, The Relationship of Generally Accepted Auditing Standards to Quality Control Standards (AICPA, Professional Standards, vol. 1, AU sec. 161). b) The SAS contains requirements and application material that address specific responsibilities of the auditor regarding quality control procedures for an audit of financial statements. c) Quality control systems, policies, and procedures are the responsibility of the audit firm. d) The SAS specifies quality control procedures at the engagement level that assist the auditor in achieving the objectives of the quality control standards. e) Since these procedures are required to be established by SQCS No. 8, A Firm’s System of Quality Control (Redrafted) (AICPA, Professional Standards, vol. 2, QC sec. 10), the SAS should not result in a change to existing practice. f) The SAS strengthens previous standards by making it easier for auditors to understand and apply those quality control procedures that apply to an audit of financial statements. 31 Practical Note: A major impact of this pronouncement relates to SQCS No. 8. This standard emphasizes the importance of integrating quality control policies and procedures into engagement performance. Such quality control elements as leadership involvement, client acceptance and continuance decision-making and consultations must be documented in engagement files. The AICPA’s practice aid, Establishing and Maintaining a System of Quality Control for a CPA Firm, contains illustrative policies and procedures for various size firms, including sole practitioners. O. Statement On Auditing Standards Consideration of Omitted Procedures After the Report Release Date 1. Objectives of the auditor are to a) assess the effect of omitted procedures of which the auditor becomes aware on the auditor’s present ability to support the previously expressed opinion on the financial statements and b) respond appropriately. 2. Definition – In this SAS the following term has the meaning attributed as follows: a) Omitted procedure. An auditing procedure that the auditor considered necessary in the circumstances existing at the time of the audit of the financial statements but which was not performed. 3. Requirements – This SAS covers the following requirements: a) If, subsequent to the report release date, the auditor becomes aware of an omitted procedure, the auditor (1) Should assess the effect of the omitted procedure on the auditor’s present ability to support the previously expressed opinion on the financial statements. (2) Concludes that an omitted procedure of which the auditor has become aware (a) impairs the auditor’s present ability to support a previously expressed opinion on the financial statements and (b) he or she believes that there are users currently relying, or likely to rely, on the previously released report, the auditor should promptly perform the omitted procedure, or alternative procedures, to determine whether there is a satisfactory basis for the auditor’s previously expressed opinion. 32 (3) Should document the procedures performed, in accordance with the provisions of the clarified SAS Audit Documentation (Redrafted). b) When, as a result of the subsequent performance of an omitted procedure or alternative procedures, the auditor becomes aware of facts that were unknown during the audit then the auditor should apply the provisions of the clarified SAS Subsequent Events and Subsequently Discovered Facts. P. Statement on Auditing Standards, Initial Audit Engagements, Including Reaudits—Opening Balances 1. Changes from Previous Standards a) Incorporates guidance from ISA No. 510, Initial Audit Engagements—Opening Balances, which requires the auditor to obtain sufficient appropriate audit evidence about whether (1) Opening balances contain misstatements that materially affect the current period's financial statements; (2) Accounting policies reflected in the opening balances have been consistently applied in the current period’s financial statements, and whether changes in the accounting policies have been properly accounted for and adequately presented and disclosed in accordance with the applicable financial reporting framework. b) Incorporates relevant guidance from SAS No. 84, as amended c) Clarifies that initial audit engagements include reaudits, and eliminates from previous AU section 315 requirements and guidance directed to reaudits that are repetitive with other generally accepted auditing standards. Q. Statement on Auditing Standards, Consideration of Fraud in a Financial Statement Audit (Redrafted) 1. Changes from Previous Standards a) Does not change or expand SAS No. 99 in any significant respect. b) To reflect a more principles-based approach to standard setting, certain requirements that are duplicative of broader requirements in SAS No. 99 have been moved to application and other explanatory material, consistent with ISA 240 (Redrafted). The ASB’s view is that this has not changed the overall effectiveness of the SAS. 2. Additions to the SAS 33 a) The Clarity Project of the ASB has added some sections to the redrafted SAS’s. In this case Objectives are added. Objectives refer to the objectives of the auditor. In this SAS objectives are to: (1) identify and assess the risks of material misstatement of the financial statements due to fraud; (2) obtain sufficient appropriate audit evidence about the assessed risks of material misstatement due to fraud, through designing and implementing appropriate responses; (3) respond appropriately to identified or suspected fraud. Practical Note: When considering the possibility of misstatement due to error or fraud, professional skepticism may be the auditor’s most important defensive weapon. A higher level of professional skepticism requires an ongoing questioning attitude when considering the content and reliability of audit evidence. It is considering the integrity and honesty of client personnel, the entity’s control environment and other internal controls when evaluating evidence. The higher the risk of potential misstatement, the more inquiries and other substantive procedures that are required. R. Statement on Auditing Standards Reports on Application of Requirements of an Applicable Financial Reporting Framework 1. Changes From Previous Standards a) Does not change or expand SAS No. 50 in any significant respect. b) To reflect a more principles-based approach to standard setting, certain requirements that are duplicative of broader requirements in SAS No. 50 have been moved to application and other explanatory material. S. Statement on Auditing Standards Analytical Procedures (Redrafted) 1. Changes From Previous Standards a) Previous AU section 329 addresses the use of analytical procedures as planning, substantive, and overall review procedures. (1) The use of analytical procedures as a risk assessment procedure is addressed in the clarified SAS Understanding the Entity and Its Environment and Assessing the Risks of Material Misstatement, paragraph 6 and related application guidance, and accordingly is not addressed in SAS Analytical Procedures. 34 Practical Note: Since analytical procedures are often the most pervasive and least expensive substantive evidence, they should be used to the maximum extent practical to gather evidence for evaluating the appropriateness and reasonableness of relevant financial statement assertions. Evidence from risk assessment procedures and analytical procedures may enable an auditor to significantly reduce evidence required from the detailed tests of balances. The nature, extent and timing of tests of balances are affected by the assessed levels of risk. T. Statement on Auditing Standards Using the Work of an Auditor’s Specialist 1. Changes From Previous Standards a) Previous AU section 336 addresses the use of the auditor’s specialist and the use of management’s specialist. b) Previous AU section 336 specifically scopes out from the standard use of specialists employed by the firm who participate in the audit. (1) The SAS does not encompass in-firm specialists, however, the SASs, Quality Control for an Engagement Conducted in Accordance With Generally Accepted Auditing Standards and Planning an Audit, do address those situations. (2) The ASB believes that this change in the scope of the standard will affect current practice because it will create incremental documentation requirements. c) Other than the changes previously mentioned, the SAS does not change or expand AU section 336 in any significant respect. d) To reflect a more principles-based approach to standard setting, certain requirements that are duplicative of broader requirements in previous AU section 336 have been moved to application and other explanatory material, consistent with ISA 620. In the ASB’s view, this has not changed the overall effectiveness of the SAS. U. Statement on Auditing Standards Audit Evidence⎯Selected Items Considerations For Selected Items 1. Changes From Previous Standards a) Many of the requirements of previous AU section 332 are essentially similar to requirements in other clarified standards, primarily the risk assessment standards and the SAS Auditing Accounting Estimates, Including Fair Value Accounting Estimates and Related Disclosures (Redrafted); 35 b) The ASB concluded that the application of those requirements in the other clarified standards to the subject matter addressed by previous AU section 332 is most appropriately addressed as interpretative guidance in the audit guide Auditing Derivative Instruments, Hedging Activities, and Investments in Securities. (1) Consideration of these requirements and related application guidance will be a specific focus in updating the audit guide. (2) AICPA staff has prepared a supplementary schedule which further explains how the material in the previous AU section 332 has been addressed in the SAS or what is proposed to be addressed by a revised Audit Guide Auditing Derivative Instruments, Hedging Activities, and Investments in Securities. c) In Exhibit B of the SAS, the ASB concluded that it was appropriate to include certain requirements (primarily addressing auditing the valuation assertion) from previous AU section 332 in this SAS. d) The ASB also made certain changes to the requirements from those included in previous AU section 332 to exclude investments accounted for using the equity method from their scope because the auditing of equity investees is addressed more broadly by the SAS Audits of Group Financial Statements (Including the Work of Component Auditors). e) The ASB believes that the incorporation of previous AU section 332 into the clarified SASs in the manner described in this section will not have a significant effect on practice, with the possible exception of changes that may be necessary because equity method investees now fall within the scope of SAS Audits of Group Financial Statements (Including the Work of Component Auditors). f) Paragraph 6 of previous AU section 337 states, in part, “the auditor should request the client's management to send a letter of inquiry to those lawyers with whom management consulted concerning litigation, claims, and assessments.” g) In contrast, paragraph 18 of the SAS requires the auditor to seek direct communication with the entity’s external legal counsel (through a letter of inquiry) if the auditor assesses a risk of material misstatement regarding litigation or claims, or when audit procedures performed indicate that material litigation or claims may exist. h) The ASB believes that paragraph 18 of the SAS may change existing practice because following the SAS, there potentially could be situations when, based on the assessment of the risk of material misstatement, the auditor might not be required to send letters of inquiry to lawyers with whom management consulted concerning litigation, claims, and assessments (for example, if the auditor does not assess a risk of material misstatement regarding identified litigation or claims). 36 2. Other than the changes previously mentioned, a) The SAS does not change or expand extant standards in any significant respect. b) To reflect a more principles-based approach to standard setting, certain requirements that are duplicative of broader requirements in previous standards have been moved to application and other explanatory material, consistent with ISA 501. V. Statement on Auditing Standards, Auditing Accounting Estimates, Including Fair Value Accounting Estimates and Related Disclosures (Redrafted) 1. Changes From Previous Standards a) Does not change or expand SAS No. 57 or SAS No. 101 in any significant respect. b) The SAS is restructured to reflect a more principles-based approach to standard setting. c) As done in other revised SASs, certain requirements that are duplicative of broader requirements (in this case SAS No. 57 and SAS 101) have been moved to application and other explanatory material, consistent with ISA 540. d) Consistent with the approach taken by the IAASB in the development of ISA 540 (Revised and Redrafted), Auditing Accounting Estimates, Including Fair Value Estimates and Related Disclosures, the SAS combines previous AU section 342, Auditing Accounting Estimates with previous AU section 328, Auditing Fair Value Measurements and Disclosures (AICPA, Professional Standards, vol. 1). W. Statement on Auditing Standards, Special Considerations—Audits of Group Financial Statements (Including the Work of Component Auditors) 1. Requirements —The requirements of the SAS address the following: a) Acceptance and continuance considerations b) The group engagement team’s process to assess risk c) The determination of materiality to be used to audit the group financial statements d) The determination of materiality to be used to audit components e) testing The selection of components and account balances for audit 37 f) Communications between the group engagement team and component auditors g) Assessing the adequacy and appropriateness of audit evidence by the group engagement team in forming an opinion on the financial statements 2. In situations when the group engagement partner does not make reference to a component auditor in the audit report on the group financial statements, all of the requirements of the SAS apply, when relevant in the context of the specific group audit engagement. Practical Note: Documentation mentioned in the standard includes a) analysis and identification of significant components, b) any components to which reference will be made in the auditor’s report, c) written communications setting forth the group engagement team’s requirements for component auditors, and d) the financial statements of components and auditors reports for those referred to in the group auditor’s report. X. Statement on Auditing Standards, Engagements to Report on Summary Financial Statements 1. Changes From Previous Standards In converging with ISA 810, the SAS: a) addresses the auditor’s responsibilities for specified procedures and reporting formats when reporting on summary financial statements derived from financial statements audited by that same auditor. b) Procedures required: (1) requires the auditor to determine whether the criteria applied by management in the preparation of the summary financial statements are acceptable. (2) requires the auditor to obtain management’s agreement that it acknowledges and understands its responsibilities for the summary financial statements, including its responsibility to make the audited financial statements readily available to the intended users of the summary financial statements. The audited financial statements need not accompany the summary financial statements. (3) requires the auditor to request management to provide, in the form of a representation letter addressed to the auditor, written representations relating to the summary financial statements. (4) stipulates specific procedures to be performed as the basis for the auditor’s opinion on the summary financial statements. 38 c) Reporting requirements. In addition to standard reporting elements in the new standard: (1) eliminates reporting on selected financial data (2) stipulates specific elements of the auditor’s report, including management’s responsibility and a description of the auditor’s procedures. (3) requires the auditor to deny an opinion on the summary financial statements when the auditor issued an adverse opinion or disclaimer of opinion on the audited financial statements. This type of report will require the auditor to: (a) state that the auditor’s opinion on the audited financial statements contains an adverse opinion or disclaimer of opinion (b) describe the basis for that adverse or disclaimer of opinion. (c) state that, as a result of the adverse opinion or disclaimer of opinion, it is inappropriate to express, and the auditor does not express an opinion on the summary financial statements. The auditor is not required to include the paragraph describing the procedures. However the auditor should indicate that the report is prepared in accordance with the standards established by the American Institute of Certified Public Accountants. d) clarifies the auditor’s responsibilities related to subsequent events and subsequently discovered facts when the date of the auditor’s report on the summary financial statements is later than the date of the auditor’s report on the audited financial statements. e) includes requirements relating to comparatives, unaudited information presented with summary financial statements, and other information included in a document containing the summary financial statements and related auditor’s report. Y. Statements on Auditing Standards, Special Considerations—Audits of Financial Statements Prepared in Accordance With Special Purpose Frameworks Special Considerations—Audits of Single Financial Statements and Specific Elements, Accounts, or Items of a Financial Statement 1. This Statement on Auditing Standards (SAS), contains two SASs. Those SASs were issued as: 39 a) Special Considerations—Audits of Financial Statements Prepared in Accordance with Special Purpose Frameworks, and b) Special Considerations—Audits of Single Financial Statements and Specific Elements, Accounts, or Items of a Financial Statement. 2. Changes From Previous Standards a) SAS Special Considerations—Audits of Financial Statements Prepared in Accordance with Special Purpose Frameworks is converged with ISA 800. It (1) Addresses special considerations in the application of the previous AU sections to an audit of financial statements prepared in accordance with a special purpose framework, which now includes cash, tax, regulatory, or contractual basis of accounting. (a) The cash, tax, and regulatory bases of accounting were commonly referred to as other comprehensive bases of accounting (OCBOA). (b) The term OCBOA was replaced with the term special purpose framework. The new term no longer includes the broader concept of a definite set of criteria having substantial support that is applied to all material items appearing in financial statements. (2) Requires the auditor to obtain an understanding of: (a) the purpose for which the financial statements are prepared, (b) the intended users, and (c) the steps taken by management to determine that the special purpose framework is acceptable in the circumstances. (3) Requires the auditor to obtain the agreement of management that it acknowledges and understands its responsibility to include all informative disclosures that are appropriate for the special purpose framework being used. (4) Requires the explanation of management’s responsibility for the financial statements in the auditor’s report, and if management has a choice of financial reporting frameworks in the preparation of the financial statements, to make reference to management’s responsibility for determining that the applicable financial reporting framework is acceptable in the circumstances. (5) Requires the auditor, if the financial statements are prepared in accordance with a contractual basis of accounting, to 40 obtain an understanding of any significant interpretations of the contract that management made in the preparation of those financial statements and to evaluate whether the financial statements adequately describe such interpretations. (6) Requires the auditor’s report, if the financial statements are prepared in accordance with a regulatory or contractual basis of accounting, to describe the purpose for which the financial statements are prepared or refer to a note in the special purpose financial statements that contains that information. (7) Requires the auditor’s report to include specific elements if the auditor is required by law or regulation to use a specific layout, form, or wording of the auditor’s report. b) SAS Special Considerations—Audits of Single Financial Statements and Specific Elements, Accounts, or Items of a Financial Statement is converged with ISA 805. It (1) Addresses special considerations in the application of the previous AU sections to an audit of a single financial statement or of a specific element, account, or item of a financial statement. (2) Clarifies that a single financial statement and a specific element of a financial statement includes the related notes. (3) Related notes ordinarily comprise a summary of significant accounting policies and other explanatory information relevant to the financial statement or to the element. (4) Requires the auditor, if the auditor is not also engaged to audit the entity’s complete set of financial statements, (a) To determine whether the audit of a single financial statement or of a specific element of those financial statements in accordance with generally accepted auditing standards is practicable and (b) To determine whether the auditor will be able to perform procedures on interrelated items. (c) In the case of an audit of a specific element that is, or is based upon, the entity’s stockholders’ equity or net income or the equivalent, the SAS requires the auditor to perform procedures necessary to obtain sufficient appropriate audit evidence about financial position, or financial position and results of operations, respectively. (5) Requires the auditor to determine the acceptability of the financial reporting framework, including whether application of the financial reporting framework will result in a presentation that 41 provides adequate disclosures to enable the intended users to understand the information conveyed in the financial statement or the element, and the effect of material transactions and events on the information conveyed in the financial statement or the element. (6) Requires the auditor, if, in conjunction with an engagement to audit the entity’s complete set of financial statements, the auditor undertakes an engagement to audit a single financial statement or a specific element of a financial statement, to issue a separate auditor’s report and express a separate opinion for each engagement. (7) Requires the auditor, if an audited single financial statement and an audited specific element of a financial statement are published together with the entity’s audited complete set of financial statements, to inform management that it may not publish the auditor’s report containing the opinion on the single financial statement or on the specific element of a financial statement together with the entity’s complete set of financial statements unless the auditor is satisfied with the differentiation or separation from the complete set of financial statements. (8) Requires the auditor, if the opinion in the auditor’s report on an entity’s complete set of financial statements is modified, or that report includes an emphasis of matter or an other matter paragraph, (a) To determine the effect that this may have on the auditor’s report on a single financial statement or on a specific element of those financial statements. (b) In the case of an audit of a specific element of a financial statement, if the modified opinion on the entity’s complete set of financial statements is relevant to the audit of the specific element or an interrelated item of the specific element, the SAS requires the auditor to: (i) Express an adverse opinion on the specific element when the modification on the complete set of financial statements arises from a material misstatement. (ii) Disclaim an opinion on the specific element when the modification on the complete set of financial statements arises from an inability to obtain sufficient appropriate audit evidence. (c) Allows the auditor, if the auditor concludes that it is necessary to express an adverse opinion or disclaim an opinion on the entity’s complete set of financial statements 42 as a whole but, in the context of a separate audit of a specific element that is included in those financial statements, the auditor nevertheless considers it appropriate to express an unmodified opinion on that element, to do so only if (i) That opinion is expressed in an auditor’s report that is neither published together with nor otherwise accompanies the auditor’s report containing the adverse opinion or disclaimer of opinion; and (ii) The specific element does not constitute a major portion of the entity’s complete set of financial statements or the specific element is not, or is not based upon, the entity’s stockholders’ equity or net income or the equivalent. Z. Statements on Auditing Standards, Forming an Opinion and Reporting on Financial Statements 1. This SAS promotes consistency in the auditor’s report. Consistency a) when the audit has been conducted in accordance with GAAS, promotes credibility in the marketplace b) helps promote users’ understanding and identification of unusual circumstances when they occur. 2. Objectives of the auditor a) to form an opinion on the financial statements based on an evaluation of the audit evidence obtained, including evidence obtained about comparative financial statements or comparative financial information, and b) to express clearly that opinion on the financial statements through a written report that also describes the basis for that opinion. 3. Most significant changes to previous standards. This clarified statement lists the most significant changes as: a) A requirement to describe management’s responsibility for the preparation and fair presentation of the financial statements in more detail than what was required in previous AU section 508. b) The description includes an explanation that management is responsible for 43 (1) The preparation and fair presentation of the financial statements in accordance with the applicable financial reporting framework, and (2) The design, implementation, and maintenance of internal control relevant to the preparation and fair presentation of financial statements that are free from material misstatement, whether due to fraud or error. c) The ASB believes that this addition to the auditor’s report will communicate more clearly the responsibilities of management for the preparation of the financial statements. d) The SAS requires the use of headings throughout the auditor’s report to clearly distinguish each section of the report. 4. This clarified SAS contains sections on a) Requirements – The “shoulds” for the auditor including such things as (1) Forming an opinion on the financial statements (2) The auditor’s evaluations of the financial statements. b) Form of Opinion–When and how the auditor should express his or her opinion on the financial statements, in particular: (1) Unmodified opinion–Is expressed when the auditor concludes that the financial statements are presented fairly, in all material respects, in accordance with the applicable financial reporting framework. (2) Modified opinion–Is expressed when in the auditor’s report, in accordance with the clarified SAS Modifications to the Opinion in the Independent Auditor’s Report, he or she (a) concludes that, based on the audit evidence obtained, the financial statements as a whole are materially misstated or (b) is unable to obtain sufficient appropriate audit evidence to conclude that the financial statements as a whole are free from material misstatement. (c) If the auditor concludes that the financial statements do not achieve fair presentation, he or she should discuss the matter with management and, depending on how the matter is resolved, should determine whether it is necessary to modify the opinion in the auditor’s report in accordance with the clarified SAS 44 Modifications to the Opinion in the Independent Auditor’s Report. 5. Auditor’s Report–Contains the requirements for the form of the auditor’s report, including the sections of the report and that it should be in writing. a) GAAS Form of Auditor’s Report for Audits Conducted in Accordance With (1) Title – that includes the word independent to clearly indicate that it is the report of an independent auditor. (2) Addressee – Addressed as required by the circumstances of the engagement. (3) Introductory Paragraph–should (a) identify the entity whose financial statements have been audited, (b) state that the financial statements have been audited, (c) identify the title of each statement that the financial statements comprise, and (d) specify the date or period covered by each financial statement that the financial statements comprise. (4) Management’s Responsibility for the Financial Statements– (a) Describes management’s responsibility for the preparation and fair presentation of the financial statements, including (i) explanation that management is responsible for the preparation and fair presentation of the financial statements in accordance with the applicable financial reporting framework; (ii) and this responsibility includes the design, implementation, and maintenance of internal control relevant to the preparation and fair presentation of financial statements that are free from material misstatement, whether due to fraud or error. (b) Should not be referenced to a separate statement by management about such responsibilities if such a 45 statement is included in a document containing the auditor’s report. b) Auditor’s Responsibility– The auditor’s report should state (1) That the responsibility of the auditor is to express an opinion on the financial statements based on the audit. (2) That the audit was conducted in accordance with (a) generally accepted auditing standards and should identify the United States of America as the country of origin of those standards. (b) should also explain that those standards require that the auditor plan and perform the audit to obtain reasonable assurance about whether the financial statements are free from material misstatement. (c) should describe an audit by stating that (i) an audit involves performing procedures to obtain audit evidence about the amounts and disclosures in the financial statements. (ii) the procedures selected depend on the auditor’s judgment, including the assessment of the risks of material misstatement of the financial statements, whether due to fraud or error (unless the auditor has a responsibility to opine on the effectiveness of internal control. Se paragraph (3) below.) (iii) In making those risk assessments, the auditor considers internal control relevant to the entity’s preparation and fair presentation of the financial statements in order to design audit procedures that are appropriate in the circumstances but not for the purpose of expressing an opinion on the effectiveness of the entity’s internal control, and accordingly, no such opinion is expressed. (iv) an audit also includes evaluating the appropriateness of the accounting policies used and the reasonableness of significant accounting estimates made by management, as well as the overall presentation of the financial statements. (3) Internal Control–If the auditor also has a responsibility to express an opinion on the effectiveness of internal control in 46 conjunction with the audit of the financial statements, he or she should omit the phrase concerning internal control above that the auditor’s consideration of internal control is not for the purpose of expressing an opinion on the effectiveness of internal control, and accordingly, no such opinion is expressed. (4) The auditor’s report should state whether the auditor believes that the audit evidence the auditor has obtained is sufficient and appropriate to provide a basis for the auditor’s opinion. c) Auditor’s Opinion – The section with the heading “Opinion.” (1) Unmodified opinion on financial statements–the auditor’s opinion should state that the financial statements present fairly, in all material respects, the financial position of the entity as of the balance sheet date and the results of its operations and its cash flows for the period then ended, in accordance with the applicable financial reporting framework. (2) The auditor’s opinion should identify the applicable financial reporting framework and its origin. 6. Other Reporting Responsibilities – A separate section a) Should be included if the auditor addresses other reporting responsibilities in the auditor’s report on the financial statements that are in addition to the auditor’s responsibility under GAAS b) Should be subtitled “Report on Other Legal and Regulatory Requirements” or otherwise, as appropriate to the content of the section. Note: If the auditor’s report contains a separate section on other reporting responsibilities, the headings, statements, and explanations referred to above should be under the subtitle “Report on the Financial Statements” and the “Report on Other Legal and Regulatory Requirements” should follow the “Report on the Financial Statements.” 7. Signature of the Auditor –Should include the manual or printed signature of the auditor’s firm. 8. Auditor’s Address – should name the city and state where the auditor practices. 9. Date of the Auditor’s Report a) Dated no earlier than the date on which the auditor has obtained sufficient appropriate audit evidence on which to base the auditor’s opinion on the financial statements, including evidence that (1) the audit documentation has been reviewed; 47 (2) all the statements that the financial statements comprise, including the related notes, have been prepared; and (3) management has asserted that they have taken responsibility for those financial statements. 10. This clarified SAS also contains the following sections: a) Auditor’s report for audits conducted in accordance with both GAAS and another set of auditing standards b) Comparative financial statements and comparative information c) Audit procedures d) Prior period financial statements audited by a predecessor auditor e) Prior period financial statements not audited 11. Application and Other Explanatory Material – Clarified SASs contain a section devoted to application of the requirements of the SAS and additional explanatory material. This clarified SASs contains examples of the Auditor’s opinion. 12. Note: Exhibit A contains a number of such examples: . Illustration 1—An Auditor's Report on Consolidated Comparative Financial Statements Prepared in Accordance With Accounting Principles Generally Accepted in the United States of America Illustration 2—An Auditor's Report on a Single Year Prepared in Accordance With Accounting Principles Generally Accepted in the United States of America Illustration 3—An Auditor's Report on Consolidated Comparative Financial Statements Prepared in Accordance With Accounting Principles Generally Accepted in the United States of America When the Audit Has Been Conducted in Accordance With Both Auditing Standards Generally Accepted in the United States of America and International Standards on Auditing Illustration 4—An Auditor's Report on a Single Year Prepared in Accordance With Accounting Principles Generally Accepted in the United States of America When Comparative Summarized Financial Information Derived From Audited Financial Statements for the Prior Year Is Presented Illustration 5—An Auditor's Report on a Single Year Prepared in Accordance With Accounting Principles Generally Accepted in the United States of America When Comparative Summarized Financial Information Derived From Unaudited Financial Statements for the Prior Year 48 Is Presented 49 INDEPENDENT AUDITOR’S REPORT [Appropriate Addressee] Report on the Financial Statements We have audited the accompanying consolidated financial statements of ABC Company and its subsidiaries, which comprise the consolidated balance sheets as of December 31, 20X1 and 20X0, and the related consolidated statements of income, changes in stockholders’ equity and cash flows for the years then ended, and the related notes to the financial statements. Management’s Responsibility for the Financial Statements Management is responsible for the preparation and fair presentation of these consolidated financial statements in accordance with accounting principles generally accepted in the United States of America; this includes the design, implementation, and maintenance of internal control relevant to the preparation and fair presentation of consolidated financial statements that are free from material misstatement, whether due to fraud or error. Auditor’s Responsibility Our responsibility is to express an opinion on these consolidated financial statements based on our audits. We conducted our audits in accordance with auditing standards generally accepted in the United States of America. Those standards require that we plan and perform the audit to obtain reasonable assurance about whether the consolidated financial statements are free from material misstatement. An audit involves performing procedures to obtain audit evidence about the amounts and disclosures in the consolidated financial statements. The procedures selected depend on the auditor’s judgment, including the assessment of the risks of material misstatement of the consolidated financial statements, whether due to fraud or error. In making those risk assessments, the auditor considers internal control relevant to the entity’s preparation and fair presentation of the consolidated financial statements in order to design audit procedures that are appropriate in the circumstances, but not for the purpose of expressing an opinion on the effectiveness of the entity’s internal control. Accordingly, we express no such opinion. An audit also includes evaluating the appropriateness of accounting policies used and the reasonableness of significant accounting estimates made by management, as well as evaluating the overall presentation of the consolidated financial statements. We believe that the audit evidence we have obtained is sufficient and appropriate to provide a basis for our audit opinion. Opinion In our opinion, the consolidated financial statements referred to above present fairly, in all material respects, the financial position of ABC Company and its subsidiaries as of December 31, 20X1 and 20X0, and the results of their operations and their cash flows 50 for the years then ended in accordance with accounting principles generally accepted in the United States of America. Report on Other Legal and Regulatory Requirements [Form and content of this section of the auditor’s report will vary depending on the nature of the auditor’s other reporting responsibilities.] [Auditor’s signature] [Auditor’s city and state] [Date of the auditor’s report] 51 AA. Statement on Auditing Standards Modifications to the Opinion in the Independent Auditor’s Report 1. Types of Modified Opinions – three types of modified opinions: a) a qualified opinion, b) an adverse opinion, and c) a disclaimer of opinion. d) The type of modified opinion is determined by considering the nature of the matter giving rise to the modification (that is, whether the financial statements are materially misstated or, in the case of an inability to obtain sufficient appropriate audit evidence, may be materially misstated) e) The auditor’s judgment about the pervasiveness of the effects or possible effects of the matter on the financial statements f) The clarified SAS Emphasis-of-Matter Paragraphs and Other-Matter Paragraphs in the Independent Auditor’s Report addresses situations when the auditor considers it necessary, or is required, to include additional communications in the auditor’s report that are not modifications to the auditor’s opinion. 2. Objective of the auditor a) is to express clearly an appropriately modified opinion on the financial statements that is necessary when he or she (1) concludes, based on the audit evidence obtained, that the financial statements as a whole are materially misstated or (2) is unable to obtain sufficient appropriate audit evidence to conclude that the financial statements as a whole are free from material misstatement. 3. Definitions applicable to this clarified SAS include: a) Modified opinion. A qualified opinion, an adverse opinion, or a disclaimer of opinion. b) Pervasive. A term used in the context of misstatements to describe the effects on the financial statements of misstatements that are known or the possible effects on the financial statements of misstatements if any that are undetected due to an inability to obtain sufficient appropriate audit evidence. (1) Pervasive effects on the financial statements are those that, in the auditor’s judgment 52 (a) are not confined to specific elements, accounts, or items of the financial statements; (b) if so confined, represent or could represent a substantial proportion of the financial statements; or 4. (c) in relation to disclosures, are fundamental to users’ understanding of the financial statements. This clarified SAS contains a number of requirements including: a) Circumstances When a Modification to the Auditor’s Opinion Is Required b) Determining the Type of Modification to the Auditor’s Opinion (See the table at the end of this section) c) Qualified Opinion– when to express a qualified opinion. (1) The auditor should express a qualified opinion when (a) Having obtained sufficient appropriate audit evidence, he or she concludes that misstatements, individually or in the aggregate, are material but not pervasive to the financial statements or (b) He or she is unable to obtain sufficient appropriate audit evidence on which to base the opinion, but the auditor concludes that the possible effects on the financial statements of undetected misstatements, if any, could be material but not pervasive. d) Adverse Opinion – When to express an adverse opinion (1) The auditor should express an adverse opinion when (a) He or she, having obtained sufficient appropriate audit evidence, concludes that misstatements, individually or in the aggregate, are both material and pervasive to the financial statements. e) Disclaimer of Opinion–When to disclaim an opinion. (1) He or she should disclaim an opinion when the auditor (a) is unable to obtain sufficient appropriate audit evidence on which to base the opinion, and (b) concludes that the possible effects on the financial statements of undetected misstatements, if any, could be both material and pervasive. 53 f) Inability to Obtain Sufficient Appropriate Audit Evidence Due to a Management-Imposed Limitation After the Auditor Has Accepted the Engagement. This condition should result in compunctions with those charged with governance to request that management remove the limitation or withdrawal from the engagement if the limitation remains and appropriate alternative procedures are not performed. g) Other Considerations Relating to an Adverse Opinion or Disclaimer of Opinion. If it is necessary for the auditor to express an adverse or disclaimer of opinion, the auditor should not separately provide an unmodified opinion related to the same financial reporting framework on a single financial statement or one or more specific elements, accounts, or items of a financial statement. h) Form and Content of the Auditor’s Report When the Opinion Is Modified (1) Basis for Modification Paragraph – modifying the opinion on the financial statements requires the auditor to, in addition to the specific elements required by the clarified SAS Forming an Opinion and Reporting on Financial Statements, include a paragraph in the auditor’s report that provides a description of the matter giving rise to the modification. The auditor should place this paragraph immediately before the opinion paragraph in the auditor’s report and use a heading that includes “Basis for Qualified Opinion,” “Basis for Adverse Opinion,” or “Basis for Disclaimer of Opinion,” as appropriate. (2) Note: The application section of this clarified SAS contains this example of the auditor’s qualified opinion in Exhibit A: Illustrations of Auditors’ Reports With Modifications to the Opinion, Illustration 1: An Auditor’s Report Containing a Qualified Opinion Due to a Material Misstatement of the Financial Statements. We include only the paragraphs concerning the qualified opinion: (a) Basis for Qualified Opinion (i) The Company has stated inventories at cost in the accompanying balance sheets. Accounting principles generally accepted in the United States of America require inventories to be stated at the lower of cost or market. If the Company stated inventories at the lower of cost or market, a write down of $xxx and $xxx would have been required as of December 31, 20X1 and 20X0, respectively. Accordingly, cost of sales would have been increased by $xxx and $xxx, and net income, income taxes, and stockholders’ equity would have been reduced by $xxx, $xxx, and $xxx, and $xxx, 54 $xxx, and $xxx, as of and for the years ended December 31, 20X1 and 20X0, respectively. (b) Qualified Opinion (i) In our opinion, except for the effects of the matter described in the Basis for Qualified Opinion paragraph, the financial statements referred to above present fairly, in all material respects, the financial position of ABC Company as of December 31, 20X1 and 20X0, and the results of its operations and its cash flows for the years then ended in accordance with accounting principles generally accepted in the United States of America. i) Form and Content of the Auditor’s Report When the Opinion Is adverse. Section A of the statement contains an illustration of an auditor’s report containing an adverse opinion. We have included the paragraphs which would be included in the adverse opinion. (1) Illustration 3: An Auditor’s Report Containing an Adverse Opinion Due to a Material Misstatement of the Financial Statements (2) Basis for Adverse Opinion (3) (a) As described in Note X, the Company has not consolidated the financial statements of subsidiary XYZ Company that it acquired during 20X1 because it has not yet been able to ascertain the fair values of certain of the subsidiary’s material assets and liabilities at the acquisition date. This investment is therefore accounted for on a cost basis by the Company. Under accounting principles generally accepted in the United States of America, the subsidiary should have been consolidated because it is controlled by the Company. Had XYZ Company been consolidated, many elements in the accompanying consolidated financial statements would have been materially affected. The effects on the consolidated financial statements of the failure to consolidate have not been determined. Adverse Opinion (a) In our opinion, because of the significance of the matter discussed in the Basis for Adverse Opinion paragraph, the consolidated financial statements referred to above do not present fairly the financial position of ABC Company and its subsidiaries as of December 31, 20X1, or the results of their operations or their cash flows for the year then ended. 55 j) This clarified SAS, in the Application section paragraph A1, contains a table that you may find useful. It illustrates how the auditor’s judgment about the nature of the matter giving rise to the modification and the pervasiveness of its effects or possible effects on the financial statements affects the type of opinion to be expressed: Nature of Matter Giving Rise to the Modification Auditor’s Judgment About the Pervasiveness of the Effects or Possible Effects on the Financial Statements Material But Not Pervasive Material and Pervasive Financial statements are materially misstated Qualified opinion Adverse opinion Inability to obtain sufficient appropriate audit evidence Qualified opinion Disclaimer of opinion BB. Statement On Auditing Standards Emphasis-of-Matter Paragraphs and Other-Matter Paragraphs in the Independent Auditor’s Report 1. Objective of the auditor–if after the auditor has formed an opinion on the financial statements, he or she decides it is necessary to draw users’ attention, by way of clear additional communication in the auditor’s report, to draw a user’s attention a) To a matter, although appropriately presented or disclosed in the financial statements, that is of such importance that it is fundamental to users’ understanding of the financial statements or b) As appropriate, any other matter that is relevant to users’ understanding of the audit, the auditor’s responsibilities, or the auditor’s report. c) A separate paragraph should be added tot the auditor’s report. 2. Definitions–In this SAS the following terms have the meanings attributed to them: a) Emphasis-of-matter paragraph. A paragraph included in the auditor’s report that is required by GAAS, or is included at the auditor’s discretion, and that refers to a matter appropriately presented or disclosed in the financial statements that, in the auditor’s judgment, is of such 56 importance that it is fundamental to users’ understanding of the financial statements. b) Other-matter paragraph. A paragraph included in the auditor’s report that is required by GAAS, or is included at the auditor’s discretion, and that refers to a matter other than those presented or disclosed in the financial statements that, in the auditor’s judgment, is relevant to users’ understanding of the audit, the auditor’s responsibilities, or the auditor’s report 3. Requirements a) Emphasis-of-Matter Paragraphs in the Auditor’s Report is included (1) If the auditor considers it necessary to draw users’ attention to emphasize a matter that is appropriately presented or disclosed in the financial statements that, in the auditor’s judgment, is of such importance that it is fundamental to users’ understanding of the financial statements, (2) Provided that the auditor has obtained sufficient appropriate audit evidence that the matter is not materially misstated in the financial statements. (3) Such a paragraph should refer only to information already presented or disclosed in the financial statements. (4) When the auditor includes an emphasis-of-matter paragraph in the auditor’s report, the auditor should (a) include it immediately after the opinion paragraph in the auditor’s report, (b) use the heading “Emphasis of Matter” or other appropriate heading, (c) include in the paragraph a clear reference to the matter being emphasized and to where relevant disclosures that fully describe the matter can be found in the financial statements, and (d) indicate that the auditor’s opinion is not modified with respect to the matter emphasized. b) Other-Matter Paragraphs in the Auditor’s Report (1) If the auditor considers it necessary to communicate a matter other than those that are presented or disclosed in the financial statements that, in the auditor’s judgment, is relevant to users’ understanding of the audit, the auditor’s responsibilities, or the auditor’s report, the auditor should do so in a paragraph in the 57 auditor’s report with the heading “Other Matter” or other appropriate heading. (2) The auditor should include this paragraph immediately after the opinion paragraph and any emphasis-of-matter paragraph or elsewhere in the auditor’s report if the content of the other-matter paragraph is relevant to the “Other Reporting Responsibilities” section. 4. Communication With Those Charged With Governance a) If the auditor expects to include an emphasis-of-matter or othermatter paragraph in the auditor’s report, he or she should communicate with those charged with governance regarding this expectation and the proposed wording of this paragraph. 5. Application and Other Explanatory Material–This clarified SAS contains examples of a) Applications and other explanatory material. b) Examples of emphasis-of-matter paragraphs in the auditor’s report c) Examples of other-matter paragraphs in the auditor’s report. CC. Statement on Auditing Standards Consistency of Financial Statements 1. Objectives of the Auditor – The objectives of the auditor are to a) Evaluate the consistency of the financial statements for the periods presented and b) Communicate appropriately in the auditor’s report when the comparability of financial statements between periods has been materially affected by a change in accounting principle or by adjustments to correct a material misstatement in previously issued financial statements. 2. Requirements — This SAS covers the following areas: a) Evaluating Consistency—The auditor should evaluate whether the comparability of the financial statements between periods has been materially affected by a change in accounting principle or by adjustments to correct a material misstatement in previously issued financial statements. The periods included in the auditor’s evaluation of consistency depend on the periods covered by the auditor’s opinion on the financial statements and include the year prior to the reporting period. b) Change in Accounting Principle—The auditor should evaluate a change in accounting principle to determine whether the newly adopted 58 accounting principle is in accordance with the applicable financial reporting framework, the method of accounting for the effect of the change is in accordance with the applicable financial reporting framework, the disclosures related to the accounting change are appropriate and adequate, and the entity has justified that the alternative accounting principle is preferable. (1) If the auditor concludes that the criteria above has been met, and the change in accounting principle has a material effect on the financial statements, the auditor should include an emphasis-of-matter paragraph in the auditor’s report that describes the change in accounting principle and provides a reference to the entity’s disclosure. (2) If the criteria above are not met, the auditor should evaluate whether the accounting change results in a material misstatement and whether the auditor should modify the opinion accordingly. c) Correction of a Material Misstatement in Previously Issued Financial Statements—The auditor should include an emphasis-of-matter paragraph in the auditor’s report when there are adjustments to correct a material misstatement in previously issued financial statements. The auditor should include this type of emphasis-of-matter paragraph in their report when the related financial statements are restated to correct the prior material misstatement. The paragraph need not be repeated in subsequent periods. The emphasis-of-matter paragraph should include (1) A statement that the previously issued financial statements have been restated for the correction of a material misstatement in the respective period and (2) A reference to the entity’s disclosure of the correction of the material misstatement. d) Change in Classification—The auditor should evaluate a material change in financial statement classification and the related disclosure to determine whether such a change is also either a change in accounting principle or an adjustment to correct a material misstatement in previously issued financial statements. If so, the requirements of the paragraphs above apply. SAS No. 126 (AU-C 570)—GOING CONCERN Effective Date The SAS is effective for audits of financial statements for periods ending on or after December 15, 2012. 59 Changes From SAS No. 59 (AU 341) There are no significant changes to practice. Paragraph 18 of the SAS requires the auditor to obtain written representations from management if conditions or events have been identified that indicate there could be substantial doubt about the entity's ability to continue as a going concern. Interpretation No. 1, "Eliminating a Going-Concern Explanatory Paragraph From a Reissued Report," of AU section 341, The Auditor's Consideration of an Entity's Ability to Continue as a Going Concern (AICPA, Professional Standards, AU sec. 9341 par. .01– .02), which addresses the auditor's responsibilities when the auditor agrees to reissue an audit report that contained a going-concern explanatory paragraph, has been incorporated into the SAS. Paragraph 20 of the SAS requires the auditor to reassess the going-concern status of the entity by performing certain procedures when determining whether to eliminate the going-concern emphasis-of-matter paragraph. SAS NO. 127—Omnibus Statement on Auditing Standards (Amendments to SAS No. 122, Sections 600 and 800) Amendments to SAS No. 122, Section 600—Audits of Group Financial Statements The existing SAS precludes making reference to the audit of a component auditor in the auditor’s report on group financial statements unless the component’s financial statements are prepared using the same financial reporting framework as that used for the group financial statements. These amendments permit such reference under certain conditions. In these circumstances the group auditor’s reports must disclose that the group auditor is taking responsibility for evaluating the appropriateness of the conversion adjustments. Amendments to SAS No. 122, Section 800—Special Purpose Frameworks This existing section introduced the term “special purpose frameworks,” which is a cash, tax, regulatory or contractual basis of accounting (previously known as an other comprehensive basis of accounting). This amendment adds an other basis of accounting that uses a definite set of logical, reasonable criteria that is applied to all material items appearing in financial statements. This would include, of course, the AICPA’s new financial reporting framework for small and medium-sized entities. SAS No. 128—Using the Work of Internal Auditors SAS No. 128 addresses the external auditor’s responsibilities if using the work of internal auditors. Using the work of internal auditors includes (a) using the work of the internal audit function in obtaining audit evidence and (b) using internal auditors to provide direct assistance under the direction, supervision, and review of the external auditor. SAS No. 128 introduces the concept of a systematic and disciplined approach, which is not included in SAS No. 65. Paragraph 13 of SAS No. 128 would require, among other things, as a prerequisite to being able to use the work of the internal audit function, that the external auditor evaluate the application by the internal audit function of a systematic and disciplined 60 approach, including quality control. Paragraphs A12–A14 of SAS No. 128 provide application guidance with regard to the evaluation of the application of a systematic and disciplined approach by the internal audit function. The ASB believes that relative to SAS No. 65, this requirement represents an additional and explicit evaluation that the external auditor is required to determine whether the work of internal auditors can be used in obtaining audit evidence. CONCLUSION Details of each of these pronouncements summarized above are available in the Auditing Standards Board pages of the AICPA’s website. Live and on-demand webcasts on practical applications of the auditing standards are available by clicking the applicable box on the left side of the home page at www.cpafirmsupport.com. Larry Perry’s weekly articles and blog on www.accountingweb.com, entitled Today’s World of Audits, also contain practical discussions of applications of auditing standards to comply with the standards’ requirements and to, at the same time, maximize audit efficiency. 61 COSO I. Introduction 1. In 2013, the Committee of Sponsoring Organizations of the Treadway Commission (COSO) released an updated internal control framework designed to help organizations perform with more agility and confidence. An Executive Summary may be downloaded from COSO’s website, www.coso.org. 2. COSO has updated its nearly 20-year-old framework for new technology demands and capabilities, in addition to globalization. COSO has provided greater clarity on how to design and maintain an effective system of internal control. 3. The updated framework doesn’t change core objectives or definitions, but explicitly specifies 17 guiding principles divided among the five components of internal control that were put into place with the initial framework in 1992. 4. The original five components of the framework, control environment, risk assessment, control activities, information and communications, and monitoring remain the same. 5. Enhancements to the Framework a) Now includes enhancements that clarify concepts and ease use and application. b) Most important enhancement: (1) Is the codification of internal control concepts from the original framework into principles and attributes (2) Provides clarity for the user in the design and development of systems of internal control. (3) Principles and attributes can be used to support the assessment of the effectiveness of internal controls. c) Other updates and enhancements to the Framework (1) Help the user address changes in business and operating environments, including (a) Expectations for governance oversight (b) Globalization of markets and operations (c) Changes in business models (d) Demands and complexities in laws, rules, regulations, and standards. 62 (e) Expectations for competencies and accountabilities (f) Use of, and reliance on, evolving technologies (g) Expectations relating to preventing and detecting corruption. 6. The Framework provides: a) assistance to managers, boards of directors, external stakeholder, and other interacting with the entity without being overly prescription. 7. b) greater understanding of what constitutes internal control c) insight into when internal control is being applied effectively. For management and boards of directors the Framework provides: a) An opportunity to expand the application of a recognized framework beyond financial reporting and to support a universal framework of internal control b) A means to apply internal control to any type of entity, regardless of industry or legal structure, the entity, level of entity, operating unit, or function. c) A principles–based approach that provides flexibility and allows for judgement in maintaining and improving internal control–principles that can be applied at the entity, operating and functional levels. d) A basis for evaluating the effectiveness of internal control systems by considering components, principles, and attributes. e) A means to identify and analyze risk, and develop and manage appropriate responses to risks within acceptable levels and with a greater focus on anti-fraud measures. f) An opportunity to reduce costs by eliminating ineffective, redundant, or inefficient controls that provide minimal value in reducing risks to the achievement of the entity’s objectives. 8. For external stakeholders of an entity and others that interact with the entity, the Framework provides: a) Greater confidence in the board of directors’ oversight over internal control systems b) Greater confidence in the organization’s ability to responds to risk and changes in the business and operating environments. 63 c) A greater understanding of the criteria used to design, implement, and evaluate internal control. d) Recognition that through the use of appropriate judgment management may be able to reduce costs by eliminating ineffective, redundant or inefficient controls. e) A means to align internal control with other standards to develop an integrated view of specific functions and other areas of focus. ETHICS CPA Ethics Codification Project The Professional Ethics Executive Committee (PEEC) has updated the AICPA Code of Professional Conduct. The American Institute of Accountants the predecessor of the AICPA adopted eight rules of conduct on only one sheet of paper. In 2009, the AICPA launched the Codification Project to reformat and enhance its ethics literature. The AICPA will continue to converge the Code with international standards where appropriate. Revised AICPA Code of Professional Conduct The PEEC has revised the AICPA Code of Professional Conduct (Code) so that members and others can apply the rules and reach correct conclusions more easily and intuitively. SSARS On November 15, 2012, the Accounting and Review Services Committee issued these exposure drafts: Review of Financial Statements Review of Financial Statements—Special Considerations These exposure drafts were issued as redrafts to apply the ARSC’s clarity drafting conventions (similar to those of the Auditing Standards Board) and include some addition changes from existing standards. More important changes are: To permit reviews of specified elements, accounts, or items of a financial statement, supplementary information, required supplementary information, financial information in a tax return and other historical information. To require a signed engagement letter. To require the use of section headings in the accountant’s report. To add several requirements for reviews of financial statements prepared with special purpose frameworks. 64 To require emphasis-of-matter reports when special purpose frameworks are presented or when financial statements are revised for subsequently discovered facts. To define “required supplementary information” and require an other-matter paragraph to refer to such information along with various reporting requirements. On October 23, 2013 the Accounting and Review Services Committee issued these exposure Drafts: The proposed SSARS, Preparation of Financial Statements, would provide requirements and guidance when an accountant is engaged to prepare financial statements for an entity but has not been engaged to perform a compilation, review, or audit with respect to those financial statements. The proposed SSARS, Compilation Engagements, would provide requirements and guidance that would apply only when an accountant is engaged to perform a compilation of historical financial statements. The proposed SSARS, Association With Financial Statements, would provide requirements and guidance when an accountant agrees to permit the use of the accountant’s name in a report document, or written communication that includes financial statements with respect to which the accountant did not issue a compilation, review, or audit report. On November 26, 2013, the Accounting and Review Services Committee issued the exposure draft, Framework for Performing and Reporting on Compilation and Review Engagements. This exposure draft applies the Clarity Project drafting conventions and the Committee believes that there would be no significant changes to existing section AR 60 if the proposed SSARS is issued as a final standard. Copies of exposure drafts and comment deadlines may be obtained at www.aicpa.org, under the Research tab. 65