PCAOB Auditing Standards
advertisement
1 MODULE 1 — CHAPTER 1 PCAOB Auditing Standards LEARNING OBJECTIVES At the completion of this chapter, you should understand: The reporting requirements of PCAOB AS-1. The impact of PCAOB AS-2 on the conduct of audit field work. The additional documentation requirements of PCAOB AS-3. The requirements for reporting on the elimination of a material weakness under proposed PCAOB AS-4. INTRODUCTION During 2004 the PCAOB issued three auditing standards and released the draft of a fourth. This chapter discusses the new and proposed standards. Their full text appears on the PCAOB’s website at www.pcaobus.org. Application of these standards is mandatory only for SEC issuers. However, as discussed in AS-1 and covered later in this chapter, non-SEC issuers may elect to apply them. Auditing Standard No. 1, References in Auditors’ Reports to the Standards of the Public Company Accounting Oversight Board (AS-1), is a brief standard that requires registered firms to reference the auditing and related professional practice standards of the PCAOB in their reports for SEC issuers. However, it also allows auditors to use the PCAOB standards for audits of non-SEC entities. The “trickle-down” effect of this provision to nonpublic companies is expected to be significant and will be discussed in this chapter. Auditing Standard No. 2, An Audit of Internal Control Over Financial Reporting Performed in Conjunction With An Audit of Financial Statements (AS-2), is an extensive document on the testing and reporting on the internal control of public companies. Auditing Standard No. 3, Audit Documentation (AS-3), establishes additional requirements for audit documentation and retention. This pronouncement adds significantly to the materials that must be included in audit workpapers. It also caused the AICPA to propose a new standard for audit documentation, to bring its standards into closer alignment with SEC practice. Finally, a proposed auditing standard concerning reporting on the elimination of a material weakness was released for public comment. If adopted it would create an optional engagement for companies to obtain an auditor’s assurance that a material weakness reported on in the previous fiscal year’s audit had since been eliminated. Top_Aud_06_book.indb 1 8/24/2005 3:31:52 PM 2 TOP AUDITING ISSUES FOR 2006 CPE COURSE PCAOB AUDITING STANDARD NO. 1, REFERENCES IN AUDITORS’ REPORTS TO THE STANDARDS OF THE PUBLIC COMPANY ACCOUNTING OVERSIGHT BOARD This standard applies to all audits and all reviews of interim financial information of SEC issuers. It makes two changes to the standard auditors’ report previously used under generally accepted auditing standards: The report is required to bear the title “Report of Independent Registered Public Accounting Firm.” The reference to “U.S. generally accepted auditing standards” in the first sentence of the scope paragraph is replaced with the term “the standards of the Public Company Accounting Oversight Board (United States).” The rationale for deleting any reference to generally accepted auditing standards is that the PCAOB adopted those standards, along with their effective dates, as interim standards as they existed on April 16, 2003, thus including them in the PCAOB standards. Since the adoption of AS-1, reference to generally accepted auditing standards in auditors’ reports is no longer necessary or appropriate. This pronouncement contains illustrative wording for reports on an audit of financial statements, as well as a review of interim financial information, which is accessible on the PCAOB’s website (www.pcaobus.org). STUDY QUESTIONS 1. Auditors’ reports on the financial statements of SEC issuers are now required to contain a reference to the standards of the Public Company Accounting Oversight Board, rather than to generally accepted auditing standards. True or False? PCAOB AUDITING STANDARD NO. 2, AN AUDIT OF INTERNAL CONTROL OVER FINANCIAL REPORTING PERFORMED IN CONJUNCTION WITH AN AUDIT OF FINANCIAL STATEMENTS General Provisions In March of 2004, the PCAOB issued Auditing Standard No. 2, An Audit of Internal Control Over Financial Reporting Performed in Conjunction with an Audit of Financial Statements ( AS-2). This standard is mandatory for public companies. It affects nonpublic entities only if they elect to be audited under PCAOB standards. It imposes significant additional reporting and testing requirements upon auditors. This section discusses those requirements and their effect on the conduct of audit field work. Top_Aud_06_book.indb 2 8/24/2005 3:31:53 PM M O D U L E 1 — C H A P T E R 1 — PCAOB Auditing Standards 3 AS-2 applies to engagements in which an auditor audits both an entity’s financial statements and management’s assessment of the effectiveness of the entity’s internal control over financial reporting. Information obtained during the financial statement audit is potentially significant to the auditor’s conclusions about the effectiveness of internal control. Therefore, the auditor cannot audit internal control over financial statements without also auditing those financial statements. This “integrated” standard addresses both the work that is required to audit internal control over financial reporting and its relationship to the audit of the related financial statements. The integrated audit will result in two opinions from the independent auditors covering the financial statements and internal control over financial reporting. Key Definitions AS-2 creates certain new terms and defines some existing terms differently than the way they are used elsewhere in professional standards. The most significant terms are: Internal control over financial reporting. A process intended to provide reasonable assurance regarding the reliability of financial reporting and the preparation of financial statements for external purposes in accordance with generally accepted accounting principles. This process is designed by, or under the supervision of, the company’s principal executive and principal financial officers or persons performing similar functions and is affected by the company’s board of directors, management, and other personnel. It includes those policies and procedures that: Pertain to the maintenance of records that, in reasonable detail, accurately and fairly reflect the transactions and dispositions of the assets of the company. Provide reasonable assurance that transactions are recorded as necessary to permit preparation of financial statements in accordance with generally accepted accounting principles and that receipts and expenditures of the company are being made only in accordance with authorizations of management and directors of the company. Provide reasonable assurance regarding prevention or timely detection of unauthorized acquisition, use, or disposition of the company’s assets that could have a material effect on the financial statements. Top_Aud_06_book.indb 3 8/24/2005 3:31:53 PM 4 TOP AUDITING ISSUES FOR 2006 CPE COURSE Control deficiency. A deficiency in the design or operation of a control that does not allow management or employees, in the normal course of performing their assigned functions, to prevent or detect misstatements on a timely basis. A deficiency in design exists when a control necessary to meet the control objective is missing or an existing control is improperly designed so that, even if the control operates as designed, the control objective is not always met. A deficiency in operation exists when a properly designed control does not operate as designed or when the person performing the control does not possess the necessary authority or qualifications to perform the control effectively. Significant deficiency. A significant deficiency is a control deficiency, or combination of control deficiencies, that adversely affects the company’s ability to initiate, authorize, record, process, or report external financial data reliably, in accordance with generally accepted accounting principles, such that there is more than a remote likelihood that a misstatement of the company’s annual or interim financial statements that is more than inconsequential will not be prevented or detected. Material Weakness. A material weakness is a significant deficiency, or combination of significant deficiencies, that results in more than a remote likelihood that a material misstatement of the annual or interim financial statements will not be prevented or detected. The terms “internal control over financial reporting” and “internal control” are used interchangeably within this standard. Suitability of the Control Framework Used to Conduct the Internal Control Assessment Management is required to base its assessment of the effectiveness of the company’s internal control on a “suitable control framework.” A control framework is suitable only if it meets certain criteria (e.g., it must be free from bias) and if it is established by a body of experts that follow due process procedures, including the broad distribution of the control framework for public comment. Suitable frameworks include those issued by the Committee of Sponsoring Organizations (COSO) of the Treadway Commission’s report, Internal Control—Integrated Framework and certain regulatory agencies, such as the Securities and Exchange Commission (SEC) and the Federal Deposit Insurance Corporation (FDIC). The concepts and guidance in AS-2 are based on the widely used COSO framework. Top_Aud_06_book.indb 4 8/24/2005 3:31:53 PM M O D U L E 1 — C H A P T E R 1 — PCAOB Auditing Standards 5 Timing of Testing The Act requires management’s assessment and the auditor’s opinion to address whether internal control was effective as of the end of the company’s most recent fiscal year. However, in order to express an opinion on internal control as of a point in time, the auditor has to obtain evidence that the internal control operated effectively over an appropriate period of time. Therefore, the auditor may obtain evidence about operating effectiveness at different times throughout the year, as long as he or she updates those tests or obtains other evidence that the controls still operated effectively at the end of the company’s fiscal year. Inherent Limitations Management’s assessment of the effectiveness of internal control over financial reporting is expressed at the level of “reasonable assurance.” The concept of reasonable, rather than absolute, assurance recognizes that the cost of internal control should not exceed its expected benefits. In addition, inherent limitations exist because audits incorporate many tests of samples of transactions as opposed to 100 percent testing. Therefore, because “absolute” proof is unknown in the audit process and the auditor’s judgment is not infallible, the auditor must obtain sufficient evidence to provide a reasonable basis for an opinion. Materiality Considerations AS-2 requires the auditor to apply the concept of materiality in an audit of internal control at both the financial-statement level and at the individualaccount-balance level. The definitions, concepts, and guidance relating to materiality in audits of financial statements also apply to audits of internal control over financial reporting. Fraud Considerations AS-2 requires the auditor to evaluate all controls intended to address the risks of material fraud. In an audit of internal control, the evaluation of these controls is interrelated with the evaluation of controls in the financial statement audit. During the audit of internal control the auditor may identify deficiencies in controls designed to prevent and detect fraud. In such situations, the auditor should modify the nature, timing, or extent of procedures to be performed during the financial statement audit to respond to those deficiencies. Top_Aud_06_book.indb 5 8/24/2005 3:31:53 PM 6 TOP AUDITING ISSUES FOR 2006 CPE COURSE Key Requirements for Satisfactory Completion of the Audit of Internal Control over Financial Reporting In order for the auditor to satisfactorily complete an audit of internal control, management must: Accept responsibility for the effectiveness of the entity’s internal control. Evaluate the effectiveness of the entity’s internal control using suitable control criteria (e.g., the COSO report). Support the evaluation of the effectiveness of the entity’s internal control with sufficient competent evidential matter and adequate documentation. Present a written assessment of the effectiveness of the entity’s internal control as of the end of the entity’s most recent fiscal year. If any of these conditions is not met, the auditor will be unable to satisfactorily complete the engagement. In such circumstances, the auditor should communicate this situation to management and the audit committee in writing and state that he or she is required to disclaim an opinion. Performing an Audit of Internal Control Over Financial Reporting AS-2 establishes the fieldwork and reporting standards for an audit of internal control over financial reporting. However, the auditor also must adhere to the general standards in AU Section 150, Generally Accepted Auditing Standards, which require the auditor to: Have technical training, proficiency, and competence in the subject matter of internal control over financial reporting. Be independent in fact and appearance. To be independent, the auditor cannot: Act as management or as an employee of the audit client. Audit his or her own work. Serve in a position of being an advocate for the client. Have mutual or conflicting interests with the audit client. Exercise due professional care, including professional skepticism. The auditor and the audit committee have substantial responsibilities for determining and evaluating whether the auditor’s services impair independence. AS-2 precludes the auditor from accepting an engagement to provide internal-control-related services to an audit client unless the engagement has been pre-approved by the audit committee. Under this standard, performing an audit of internal control over financial reporting involves the following steps: Planning the engagement. Evaluating the process management has used to perform its assessment of the effectiveness of internal control over financial reporting. Obtaining an understanding of internal control over financial reporting. Top_Aud_06_book.indb 6 8/24/2005 3:31:53 PM M O D U L E 1 — C H A P T E R 1 — PCAOB Auditing Standards 7 Testing and evaluating the effectiveness of both the design and operation of internal control over financial reporting. Considering and using the work of others in the audit of internal control over financial reporting. Evaluating the results of testing. Forming an opinion on the effectiveness of internal control over financial reporting. The following paragraphs provide additional guidance on the application of these steps. Planning the Engagement When planning the audit of internal control, the auditor must consider and evaluate the effect of the following on the audit procedures: Knowledge of the entity’s internal control obtained during the course of other professional engagements (e.g., audit of the entity’s financial statements). Matters affecting the industry in which the entity operates (e.g., financial reporting practices, economic conditions, government regulations, technological changes). Matters relating to the entity’s business (e.g., operating characteristics, capital structure). The nature and extent of any recent changes in the entity, its operations, or its internal control. Management’s method of evaluating the effectiveness of the entity’s internal control based on established control criteria. Preliminary judgments about materiality, inherent risk, and the likelihood of material weaknesses. Internal control deficiencies previously communicated to the audit committee or management. Legal or regulatory matters of which the company is aware. The nature and extent of evidential matter pertaining to the effectiveness of the entity’s internal control. Preliminary judgments about the effectiveness of internal control. The number of significant locations or units involved, and the nature and extent of management’s documentation and monitoring of controls over them. Evaluating the Process Management Used to Perform its Assessment of the Effectiveness of Internal Control Over Financial Reporting The auditor must understand and evaluate management’s process for assessing the effectiveness of the company’s internal control over financial reporting. This should encompass an understanding of the results of procedures per- Top_Aud_06_book.indb 7 8/24/2005 3:31:53 PM 8 TOP AUDITING ISSUES FOR 2006 CPE COURSE formed by others, including the internal auditors and third parties working under the direction of management. In connection with this understanding, the auditor should determine whether management has addressed: The controls that should be tested, including those pertaining to all relevant assertions related to all significant accounts and disclosures in the financial statements. The likelihood that failure of the control could result in a misstatement, the magnitude of such misstatement, and the degree to which other controls achieve the same control objectives. The locations or business units, if any, that should be included in the company’s evaluation. Evaluation of both the design and operating effectiveness of controls. Deficiencies in internal control over financial reporting that represent significant deficiencies or material weaknesses. Communication of the findings to the auditor and, if applicable, to others. Evaluation of whether the findings are reasonable and support management’s assessment. AS-2 also requires the auditor to evaluate whether management’s documentation provides reasonable support for its assessment and whether the documentation includes: The design of controls pertaining to all relevant assertions related to all significant accounts and disclosures in the financial statements. The documentation should include the five components of internal control: Control environment Risk assessment Control activities Information and communication Monitoring Information about how significant transactions are initiated, authorized, recorded, processed, and reported. Sufficient information about the flow of transactions, in order to identify where material misstatements, whether caused by error or fraud, could occur. Controls designed to prevent or detect fraud, including who performs the controls and the related segregation of duties. Controls over the financial reporting process as of the end of the period. Controls over safeguarding of assets. The results of management’s testing and evaluation. If management’s documentation is inadequate, the auditor should determine the significance of the documentation deficiency and whether a scope limitation exists. Top_Aud_06_book.indb 8 8/24/2005 3:31:53 PM M O D U L E 1 — C H A P T E R 1 — PCAOB Auditing Standards 9 Obtaining an Understanding of Internal Control Over Financial Reporting The auditor should obtain an understanding of the design of specific controls related to each of the five components of internal control by performing appropriate procedures, including: Inquiring of appropriate management, supervisory, and staff personnel within the entity. Observing the application of specific controls. Inspecting entity documents and records. Tracing transactions through the information system relevant to financial reporting. Performing walkthroughs. The most effective way to do this is for the audi- tor to perform “walkthroughs” of the company’s significant processes. In a walkthrough, the auditor traces all types of company transactions and events: from origination, through the company’s accounting, information, and financial reporting system, to their inclusion and disclosure in the company’s financial statements. Because of the importance of walkthroughs and the fact that they accomplish several objectives, AS-2 requires the auditor to: Perform walkthroughs in each annual audit of internal control over financial reporting. Perform the walkthroughs directly and not to delegate them to others, such as to management or to internal auditors. Perform at least one walkthrough for each major class of transactions. OBSERVATION This requirement is a significant departure from previously established practices in financial statement auditing. Under earlier practices, auditors often “rolled forward” the results of walkthroughs of internal control processes when no changes to the internal control system were evident. When walkthroughs were performed, they were often delegated to internal auditors or management. Also, auditors often did not perform walkthroughs on every major class of transactions, when other procedures were, in their judgment, adequate. The new requirements will mean that it will be most economical for auditors to incorporate the required walkthrough procedures for an internal control audit in with the field work for the financial statement audit. Identifying company-level controls. Controls at the company level generally have a pervasive effect on controls at the process, transaction, or application level. Therefore, it might be beneficial to test and evaluate the design effectiveness of company-level controls first. This could form a basis for the evaluation of other aspects of internal control over financial reporting. Top_Aud_06_book.indb 9 8/24/2005 3:31:53 PM 10 TOP AUDITING ISSUES FOR 2006 CPE COURSE EXAMPLE Examples of company-level controls are: Controls to monitor the results of operations. Controls to monitor other controls, such as activities of the internal audit function and the audit committee. Board-approved policies that address significant business control and risk-management practices. Evaluating the effectiveness of the audit committee. The auditor should also evaluate the effectiveness of the audit committee’s oversight of the company’s external financial reporting and internal control over financial reporting. Ineffective oversight by the audit committee is usually a significant deficiency and may be a strong indicator of material weakness in internal control. Identifying significant accounts and relevant financial statement assertions. Determining specific controls to test begins by identifying significant accounts and disclosures within the financial statements. AS-2 requires the auditor to identify significant accounts and disclosures at the financial-statement level (e.g., inventory) and at the account or disclosure-component level (e.g., raw materials, workin-process, finished goods, and allowance for obsolescence). While identifying significant accounts, the auditor should evaluate both quantitative and qualitative factors. In addition, AS-2 requires the auditor to determine, for each significant account, the relevance of each of the following financial statement assertions: Existence or occurrence. Does the asset or liability exist or did the transaction occur? Completeness. For example, has the company included all loans outstanding in its debt obligations? Valuation or allocation. For example, have inventories or marketable securities been properly valued? Rights and obligations. For example, does the entity have the rights to the accounts receivable and are the loans payable the proper obligation of the entity? Presentation and disclosure. Are the amounts in the financial statements properly presented, and adequately disclosed? Identifying significant processes and major classes of transactions. Because of the importance of significant processes and major classes of transactions in the design of the auditor’s procedures, AS-2 requires the auditor to identify each significant process (e.g., sales, purchasing) over each major class of transactions affecting significant accounts. Major classes of transactions are those classes of transactions that are significant to the company’s financial statements; for example, if fixed assets are significant, recording depreciation expense would be a major class of transactions. Top_Aud_06_book.indb 10 8/24/2005 3:31:53 PM M O D U L E 1 — C H A P T E R 1 — PCAOB Auditing Standards 11 Understanding the period-end financial reporting process. According to AS-2, the period-end financial reporting process includes those procedures that the company uses to: Enter transaction totals into the general ledger. Initiate, authorize, record, and process journal entries in the general ledger. Record recurring and nonrecurring adjustments, such as consolidating entries, report combinations, and classifications. Draft annual and quarterly financial statements and related disclosures. Because the period-end financial reporting process is always significant, the auditor should understand and evaluate it, including how it relates to the company’s other significant processes. Identifying controls to test. To identify the controls to be tested, the audi- tor should evaluate: Points at which errors or fraud could occur. The nature of the controls that management has implemented. The significance of each control in achieving the objectives of the control criteria. The risk that the controls might not be operating effectively. AS-2 requires the auditor to obtain evidence about the effectiveness of controls for all relevant assertions related to all significant financial statement accounts and disclosures. Testing and Evaluating the Effectiveness of Both the Design and Operation of Internal Control Over Financial Reporting The auditor should test and evaluate the effectiveness of the design of specific controls and determine whether they are suitably designed to prevent or detect material errors or fraud. Procedures for testing and evaluating the design effectiveness include: Inquiries of client personnel. Observation of internal controls. Walkthroughs. A specific evaluation of whether the controls are likely to prevent or detect financial statement misstatements if they operate as designed. AS-2 requires the auditor to obtain evidence about the operating effectiveness of controls related to all relevant financial statement assertions for all significant accounts and disclosures in the financial statements. The auditor should evaluate operating effectiveness by determining whether the control is working as designed and whether the person performing the control possesses the necessary authority and qualifications to perform it effectively. Top_Aud_06_book.indb 11 8/24/2005 3:31:53 PM 12 TOP AUDITING ISSUES FOR 2006 CPE COURSE These tests should take into consideration the: Nature of the tests. Tests of controls over operating effectiveness should include inquiries of entity personnel, inspection of relevant documentation, observation of the entity’s operations, and re-application or re-performance of the specific control. Timing of the test. The auditor must perform tests of controls over a period of time that is adequate to determine whether, as of the date specified in management’s report, the controls necessary for achieving the objectives of the control criteria are operating effectively. Extent of the tests. In determining the extent of procedures to perform, the auditor should design the procedures to provide a high level of assurance that the control being tested is operating effectively. The nature, timing, and extent of testing should vary from year to year to introduce an element of unpredictability and to respond to changes in circumstances at the company. Considering and Using the Work of Others in the Audit of Internal Control Over Financial Reporting Under AS-2, the auditor is required to understand the results of procedures performed by others on internal control over financial reporting. This includes work performed by internal auditors, other company personnel, and third parties working under the direction of management. The auditor is required to review all reports issued during the year by the internal audit staff that address internal control over financial reporting and evaluate any deficiencies identified in those reports. However, the auditor must directly perform enough of the testing so that his or her own work provides the principal evidence for the auditor’s opinion. In addition, the auditor should test some of the work of others to evaluate the quality and effectiveness of that work. This may be accomplished either by testing some of the controls that others tested or by testing similar controls not actually tested by others. Evaluating the Results of Testing The auditor must evaluate the control deficiencies that are identified during the engagement and determine whether, individually or in the aggregate, they represent significant deficiencies or material weaknesses. The significance of a control deficiency depends on the potential for a misstatement, not on whether a misstatement has actually occurred. Appendix D of AS-2 includes examples of significant deficiencies and material weaknesses. AS-2 also identifies the following circumstances that it considers significant deficiencies, which are strong indicators that a material weakness exists: Restatement of previously issued financial statements to reflect the correction of a misstatement. Top_Aud_06_book.indb 12 8/24/2005 3:31:54 PM M O D U L E 1 — C H A P T E R 1 — PCAOB Auditing Standards 13 Material misstatement in the current-period financial statements identified by the auditor that was not initially identified by the company’s internal controls. An ineffective oversight by the audit committee of the company’s external financial reporting and internal control over financial reporting. An ineffective internal audit function for larger, more complex entities. An ineffective risk assessment function for larger, more complex entities. Ineffective regulatory compliance function for complex entities in highly regulated industries. Identification of any fraud committed by senior management. Significant deficiencies that have been communicated to management and the audit committee but that remain uncorrected after a reasonable period of time. An ineffective control environment. Forming an Opinion on the Effectiveness of Internal Control Over Financial Reporting The auditor may issue an unqualified opinion on management’s assessment of the effectiveness of internal control over financial reporting only when no material weaknesses have been identified and when there have been no restrictions on the audit scope. If any material weaknesses have been identified, an adverse opinion is required. If there have been any restrictions on the scope of the auditor’s work, the auditor should express a qualified opinion or a disclaimer of opinion, depending on the significance of the scope limitation. If the auditor is unable to express an overall opinion, AS-2 requires the auditor to explain why. Written Representations From Management According to AS-2, the auditor must obtain written representations from management in which it: Acknowledges its responsibility for establishing and maintaining effective internal control. States that it has performed an assessment of the effectiveness of the entity’s internal control and specifies the control criteria. States that it did not base its assessment of the effectiveness of internal control over financial reporting on the auditor’s procedures performed during the audits of internal control over financial reporting or the financial statements. States its conclusion about the effectiveness of the company’s internal control over financial reporting based on the control criteria as of a specified date. States that it has disclosed to the auditor all deficiencies in the design or operation of internal control over financial reporting and specifically those deficiencies it believes to be significant deficiencies or material weaknesses. Top_Aud_06_book.indb 13 8/24/2005 3:31:54 PM 14 TOP AUDITING ISSUES FOR 2006 CPE COURSE Describes any material fraud and any other fraud that, although not material, involves management, senior management, or other employees who have a significant role in the entity’s internal control. States whether control deficiencies identified and communicated to the audit committee during previous engagements have been resolved, and a specific identification of those deficiencies that have not been resolved. States whether there were any subsequent changes in internal control or other factors that might significantly affect internal control, including any corrective actions taken by management with respect to significant deficiencies and material weaknesses. Refusal to furnish all appropriate representations is a scope limitation sufficient to preclude an unqualified opinion and would ordinarily cause the auditor to disclaim an opinion or withdraw from the engagement. Documentation Requirements AS-2 imposes requirements to document all of the following: The auditor’s understanding and evaluation of the design of each of the five components of the company’s internal control over financial reporting. How the auditor determined the accounts, disclosures, and major classes of transactions that were deemed significant. How the auditor determined the locations or business units at which to perform testing. The identification of the points at which misstatements pertaining to relevant financial statement assertions could occur within significant accounts, disclosures, and major classes of transactions. The extent of the auditor’s reliance on work performed by others, including his or her assessment of their competence and objectivity. The evaluation of any deficiencies identified during testing. Other findings that could result in a modification to the auditor’s report. If control risk is assessed as other than low for certain assertions or significant accounts, along with the reasons for that conclusion. If a conclusion was reached that control risk is other than low for relevant assertions related to any significant accounts in connection with the financial statement audit, the effect of that conclusion on the auditor’s opinion on the audit of internal control. Reporting on Internal Control Over Financial Reporting Management should provide to the auditor, both in its report on internal control over financial reporting and in its representation letter, a written conclusion about the effectiveness of the company’s internal control over financial reporting. The conclusion can take many forms: for example, by using Top_Aud_06_book.indb 14 8/24/2005 3:31:54 PM M O D U L E 1 — C H A P T E R 1 — PCAOB Auditing Standards 15 phrases such as “management’s assessment that XYZ Company maintained effective internal control over financial reporting as of December 31, 20X4,” or “management’s assessment that XYZ Company’s internal control over financial reporting as of December 3, 20X4 is sufficient to meet the stated objectives.” However, the conclusion should not use subjective terms, such as “very effective, “superior,” excellent,” or “outstanding internal control.” Management may not conclude that the company’s internal control is effective if one or more material weaknesses exist. Furthermore, management must disclose all material weaknesses that exist as of the end of the most recent fiscal year. The auditor may issue either separate reports or a combined report on the company’s financial statements and on internal control over financial reporting. If a separate report on internal control is issued, AS-2 requires the auditor to add a paragraph to the auditor’s report on the financial statements making reference to the auditor’s report on internal control, and to add a paragraph to the auditor’s report on internal control making reference to the auditor’s report on the financial statements. Because the auditor cannot audit the company’s internal control over financial reporting without also auditing its financial statements, the reports should be for the same date. The auditor’s report on management’s assessment of the effectiveness of internal control over financial reporting must include certain specific elements, which are set forth in paragraph 167 of AS-2. Appendix A of AS-2 includes examples of separate and combined auditor’s reports. Report Modifications The standard report on internal control must be modified in the following circumstances: Management’s assessment is inadequate or management’s report is inappropriate. Material weaknesses exist. Scope limitations exist. The opinion is based in part on the report of another auditor. A significant subsequent event has occurred. Other information is contained in management’s report on internal control over financial reporting. Implications of an Adverse Opinion on Internal Control Over Financial Reporting to the Auditor’s Opinion on the Financial Statements As a result of material weaknesses identified, the auditor might issue an adverse opinion on internal control but an unqualified report on the financial statements. Top_Aud_06_book.indb 15 8/24/2005 3:31:54 PM 16 TOP AUDITING ISSUES FOR 2006 CPE COURSE EXAMPLE An unqualified report on the financial statements accompanied by an adverse opinion on internal control might result when the auditor does not rely on certain controls during the audit of the financial statements and, based on additional substantive procedures performed, there are no material misstatement in the accounts related to the controls. After considering the facts and circumstances, the auditor might conclude that the opinion on the financial statements is unaffected by the adverse opinion on internal control. In such circumstances, AS-2 requires the auditor to modify the paragraph that describes the material weakness in the report on internal control over financial reporting, by including language such as: This material weakness was considered in determining the nature, timing, and extent of audit tests applied in our audit of the 20X4 financial statements, and this report does not affect our report dated [date of report] on those financial statements. [This wording should be revised for use in a combined report.] Alternatively, the auditor might conclude that the opinion on the financial statements is affected by the adverse opinion on internal control. If so, the auditor should modify the paragraph that describes the material weakness in the report on internal control over financial reporting, by including such language as: This material weakness was considered in determining the nature, timing, and extent of audit tests applied in our audit of the 20X4 financial statements. Subsequent Discovery of Information Existing at the Date of the Auditor’s Report on Internal Control Subsequent to the issuance of the report on internal control, the auditor may become aware of conditions that both existed at the date of the report but were not known to him or her, and that would have affected the auditor’s report had he or she then been aware of such information. In such circumstances, the auditor should promptly determine whether: The information is reliable. The facts existed at the date of the audit report. The facts would have changed the report if the auditor had been aware of them. Persons are currently relying on or likely to rely on the auditor’s report. Top_Aud_06_book.indb 16 8/24/2005 3:31:54 PM M O D U L E 1 — C H A P T E R 1 — PCAOB Auditing Standards 17 The auditor should refer to AU section 561, Subsequent Discovery of Facts Existing at the Date of the Auditor’s Report, when evaluating subsequent information. Filings under Federal Securities Statutes The auditor should apply AU Section 711, Filings under Federal Securities Statutes, when reporting on management’s assessment of the effectiveness of internal control included in registration statements, proxy statements, or periodic reports filed under the federal securities statutes. When the auditor intends to consent to the inclusion of the report on management’s assessment of the effectiveness of internal control in the securities filing, the consent should indicate that both the audit report on financial statements and the audit report on management’s assessment of internal control are included in the consent. Evaluating Management’s Certification Disclosures About Internal Control Over Financial Reporting A company’s management is required to make quarterly and annual certifications with respect to the company’s internal control over financial reporting. These evaluations are not as extensive as the annual evaluation. Management is required to evaluate only those changes to the company’s internal control that occurred during a fiscal quarter that have materially affected (or are reasonably likely to materially affect) the company’s internal control over financial reporting. On a quarterly basis, the auditor is required to perform the following limited procedures to determine whether any material modifications should be made to the disclosures about changes in internal control over financial reporting: Inquire about significant changes in the design or operation of internal control that could have occurred since the prior annual audit or review of interim financial information. Evaluate the implications of misstatements identified in connection with the review of interim financial information as they relate to internal control. Determine whether any change in internal control has materially affected, or is reasonably likely to materially affect, the company’s internal control over financial reporting. If modifications to the quarterly disclosures about changes in internal control are necessary, the auditor should promptly communicate such matters to management. If management does not respond timely and appropriately, the auditor should inform the audit committee. If the audit committee does not respond timely and appropriately, the auditor should consider resigning from the engagement and consulting with legal counsel. Top_Aud_06_book.indb 17 8/24/2005 3:31:54 PM 18 TOP AUDITING ISSUES FOR 2006 CPE COURSE In addition, if as a result of the audit of internal control, the auditor believes that modifications to the disclosures addressing changes in internal control occurring during the fourth quarter are necessary for the annual certifications to be accurate, the auditor should follow the same communication responsibilities described above. If management and the audit committee do not respond timely and appropriately, the auditor should include an explanatory paragraph in his or her report on the audit of internal control over financial reporting describing the reasons the auditor believes management’s disclosures should be modified. Required Communications With Management and the Audit Committee The auditor must communicate to management and the audit committee all significant deficiencies and material weaknesses identified during the audit. This communication should: Be in writing. Be made prior to the issuance of the auditor’s report on internal control over financial reporting. Distinguish between matters that are significant deficiencies and those that are material weaknesses. In addition, the auditor must comply with the following communication requirements: If a significant deficiency or material weakness exists because the oversight of the company’s external financial reporting and internal control over financial reporting by the company’s audit committee is ineffective, the auditor must communicate that specific significant deficiency or material weakness in writing to the board of directors. If the auditor identifies deficiencies in internal control that do not rise to the magnitude of “significant deficiencies,” the auditor should communicate in writing such deficiencies to management and also should inform the audit committee when such a communication has been made. All the required written communications should indicate that they are intended solely for the information and use of the board of directors, audit committee, management, and others within the organization. If the company is required to furnish such reports to governmental authorities, the written communications may also include specific reference to such regulatory agencies. All the required written communications should include the definitions of control deficiencies, significant deficiencies, and material weaknesses and should specify the category to which the communicated deficiencies belong. The auditor is precluded from issuing a written report indicating that no significant deficiencies were identified during an audit of internal control over financial reporting. Top_Aud_06_book.indb 18 8/24/2005 3:31:54 PM M O D U L E 1 — C H A P T E R 1 — PCAOB Auditing Standards 19 The auditor should make the required communications during the course of the audit, rather than at the end of the engagement, when timely communication is considered important. STUDY QUESTIONS 2. The design of internal control over the financial reporting process is primarily the responsibility of the auditor. True or False? 3. A “control deficiency” is a deficiency in the design or operation of a control that results in more than a remote likelihood that a material misstatement of the annual or interim financial statements will not be prevented or detected. True or False? 4. Management’s assessment of the effectiveness of internal control must be made: a. At different times throughout the year. b. Over an appropriate period of time. c. As of the end of the company’s most recent fiscal year. 5. Which of the following is not required of management for satisfactory completion of an audit of internal control over financial reporting? a. b. c. d. Acceptance of responsibility for the effectiveness of internal control. Evaluation of internal control using suitable control criteria. Performing “walkthroughs” of significant control processes. Presenting a written assessment of the effectiveness of internal control as of the end of the most recent fiscal year. 6. Auditors are required to perform “walkthroughs” of significant internal control processes in each annual audit of internal control and to perform at least one walkthrough for each major class of transactions. True or False? 7. Auditors must identify significant processes and major classes of transactions in designing their procedures for an audit of internal control. True or False? 8. An auditor must issue separate reports on a company’s financial statements and on its internal control over financial reporting. True or False? PCAOB AUDITING STANDARD NO. 3, AUDIT DOCUMENTATION Audit documentation and questions of exactly what it should contain, how far and how deep it should go, and how long it should be kept have been hot topics in the profession ever since Enron. The AICPA responded to this concern in 2002 by issuing SAS 96, Audit Documentation. However, by the following year, the PCAOB had decided that this standard was, in its words, “insufficient for the Board to discharge appropriately its standard-setting obligations” under the Top_Aud_06_book.indb 19 8/24/2005 3:31:54 PM 20 TOP AUDITING ISSUES FOR 2006 CPE COURSE Sarbanes-Oxley Act. Thus, it issued AS-3, also entitled Audit Documentation, which supersedes SAS 96 for audits of SEC issuers for years ending on or after November 15, 2004. This standard brings sweeping changes to the documentation requirements for audits of SEC issuers. As a result of this standard, the AICPA issued an exposure draft of a revised set of requirements for nonpublic companies, which will more closely reflect the PCAOB’s standard. That exposure draft is discussed in Chapter 8 of this course. The “Background and Basis for Conclusions” appearing as Appendix A to AS-3 states that the Board’s objective in publishing AS-3 is to improve audit quality and the public’s confidence in audit quality. It sets forth ways in which good documentation improves the quality of audit work, as well as how inadequate documentation reduces its quality. Good audit documentation: Provides assurance that the auditor accomplished the planned audit objectives by recording the actual work performed. Facilitates reviews by supervisory personnel, engagement and concurring review partners, and PCAOB inspectors. Improves audit efficiency by reducing time-consuming and sometimes inaccurate oral explanations of what was or was not done. Inadequate audit documentation: Casts doubt on whether necessary work was done, thus making it hard for the engagement team and others to determine the procedures applied and conclusions reached. Makes it hard, when audit staff turns over, for a subsequent engagement team to determine what was done and what conclusions were reached. AS-3 introduces the “experienced auditor” criterion as a touchstone for the sufficiency of audit documentation. It requires an experienced auditor having no previous connection with the engagement to be able to look at the audit documentation and readily determine what audit work was performed and what conclusions were reached. This requirement is similar to a requirement that has long been a part of GAO standards. AS-3 defines an “experienced auditor” as one who has a “reasonable understanding” of audit activities and “has studied” the company’s industry, as well as the auditing and accounting issues relevant to it. For such an experienced auditor, the documentation must stand on its own, without supplementary oral explanation. The rationale for this requirement is that it will facilitate both supervisory and concurring partner review, as well as regulatory review. Oral explanations given after the audit are inefficient and often inaccurate, especially since engagement staff can be expected to turn over regularly. Accordingly, oral explanations of audit documentation are not “persuasive evidence” that can be used to support an auditor’s opinion. The “Background and Basis for Conclusions” appearing in Appendix A of AS-3 provide, however, that oral explanations are acceptable when used to clarify other written audit evidence. Top_Aud_06_book.indb 20 8/24/2005 3:31:54 PM M O D U L E 1 — C H A P T E R 1 — PCAOB Auditing Standards 21 Under AS-3, the audit documentation must contain enough information to allow the “experienced auditor” to understand and determine: The nature, timing, extent and results of the procedures performed. The evidence obtained. The conclusions reached. Who performed the work. The date the work was completed. The person who reviewed the work. The date of the review. In response to a question that has long been debated in the profession, the Board indicates that sign-offs on audit programs, by themselves, are not usually enough to show that a procedure was performed or that a conclusion was reached. It indicates that the audit program steps should be supported with proper documentation in the working papers. OBSERVATION Some auditors expressed concern that these documentation standards would require them to reduce to writing every conversation that occurred between the engagement team or with the client, and every scrap of work performed during the engagement. The Board makes clear that this is not so. It realizes that auditing is a process, and that many preliminary or interim conclusions may be reached along the road to a final conclusion. In general, the documentation should include material sufficient to support the final conclusions, including the process that was used to reach the conclusion. It offers some guidelines as to specific types of documents that need not be retained: Inquiries should be documented when they are important to a particular procedure. Every conversation with a client need not be documented. Interim conclusions that are reached, in the process of arriving at a final conclusion, that are based on incomplete information or incorrect understandings, and the discussions related to them, need not be retained in the audit documentation. Information that initially seems inconsistent with or contradictory to the final conclusion need not be retained if it is based on incomplete or incorrect data or understandings. Differences of professional opinion based on preliminary views, incorrect or incomplete data need not be retained. Superseded drafts, memoranda, financial statements, regulatory filings, and notes on superseded drafts, memos, statements, etc., that reflect preliminary thinking, need not be retained. For example, in the review process, annotations may be made on workpapers. Those annotations may later be “cleared” and the workpapers revised electronically, with a new copy being generated. The old copy need not be retained. Top_Aud_06_book.indb 21 8/24/2005 3:31:55 PM 22 TOP AUDITING ISSUES FOR 2006 CPE COURSE Previous copies of workpapers that have been corrected for typographical errors or errors due to training of audit personnel need not be retained. Duplicate documents need not be retained. AS-3 defines two key dates for audit engagements. The first is the “release date.” This is the date on which the auditor grants permission to use the auditor’s report in connection with the issuance of the company’s financial statements. The auditor must have completed all necessary procedures and obtained sufficient evidence to support the representation in the auditor’s report prior to the release date. Documenting the release date is important because it starts two other important time periods, the “document completion date” and the “document retention period.” The “document completion date” falls forty-five calendar days after the release date. At this time, a complete and final set of audit documentation must be assembled for retention. After this date, no material may be deleted from the audit documentation. Additions may be made, but they must show the name of the person adding them, the date of the addition, and the reason for addition. The “document retention period” begins on the release date. Audit firms are required to preserve all audit documentation for seven years after the release date. When procedures on a registration statement are performed after the documentation completion date (pursuant to AU Section 711, Filings Under Federal Securities Statutes) and up to the effective date of the registration statement, those additions to the audit documentation must be so identified. OBSERVATION When firms rely heavily upon electronic documentation, the technological means to recover that documentation must also be retained for the document retention period, in order to allow the firm to call up the documentation if needed. Another of AS-3’s new requirements is for an “engagement completion document.” This is to be a single document which summarizes in one centralized place in the workpapers all the significant findings or issues affecting the engagement. The Board’s intent is that this document will contain all the information necessary to understand the audit’s significant findings or issues. The standard defines “significant findings or issues” as “substantive matters that are important to the procedures performed, evidence obtained, or conclusions reached.” Top_Aud_06_book.indb 22 8/24/2005 3:31:55 PM M O D U L E 1 — C H A P T E R 1 — PCAOB Auditing Standards 23 Some of those matters are similar to the existing provisions of SAS 96: Significant matters concerning the selection, application and consistency of accounting principles and related disclosures, such as: Accounting for unusual or complex transactions. Accounting estimates. Uncertainties and management’s related assumptions. Results of auditing procedures that indicate: Need for significant modification of planned auditing procedures. The existence of material misstatements. Omissions in the financial statements. Significant deficiencies or material weaknesses in internal control over financial reporting. Circumstances that cause difficulty in applying auditing procedures. Matters that could lead to a modified auditor’s report. It also adds items not previously included in the definition of significant matters: Audit adjustments, which it defines as a correction of a material misstatement, whether or not corrected by management. Significant changes in the audit risk assessment for particular audit areas and the auditor’s response to those changes. Significant findings or issues discovered during the review of interim financial information. These items are the minimum requirements for an engagement completion document but are not intended to limit what the auditor may consider significant or what he or she may choose to record in the engagement completion document. OBSERVATION It is permissible to cross-reference other documentation in the workpapers in the engagement completion document. As a practical matter, this will be the most efficient way to formulate this document and will be the way that most firms choose to structure it. STUDY QUESTIONS 9. PCAOB AS-3 requires that an audit be documented sufficiently that an individual who possesses the competencies and skills that would have enabled him or her to perform the audit can readily determine what audit work was performed and what conclusions were reached. True or False? Top_Aud_06_book.indb 23 8/24/2005 3:31:55 PM 24 TOP AUDITING ISSUES FOR 2006 CPE COURSE 10. The PCAOB requires all of the following to be a part of the engagement completion document except: a. The results of auditing procedures that indicate the existence of material misstatements. b. Differences of professional opinion based on preliminary views. c. Matters that could lead to a modified auditor’s report. d. Circumstances that cause difficulty in applying auditing procedures. PROPOSED PCAOB AUDITING STANDARD NO. 4, REPORTING ON THE ELIMINATION OF A MATERIAL WEAKNESS In March of 2005 the PCAOB exposed a draft of a proposed standard for reporting on the elimination of material weaknesses in a company’s internal control over financial reporting. This proposed standard would create a voluntary engagement to be performed at the company’s option. Under AS-2, auditors are required to report on management’s annual assessment of its internal control over financial reporting. When deficiencies or material weaknesses have been identified, it may be important to users of the financial statements to have assurances about the effectiveness of management’s corrective actions. Until investors can be assured that a material weakness has been eliminated, they may harbor doubts about the reliability of the company’s statements. Some companies may feel that their public disclosure of the elimination of material weaknesses is enough to remove these doubts. Others may believe that an auditor’s attestation strengthens their credibility. AS-2 was created to allow companies to provide such an assurance on an interim basis. An engagement under AS-4 would be more narrowly focused than under AS-2. The objective of the engagement under AS-4 is to express an opinion on whether a previously reported material weakness has been eliminated. Testing in an AS-4 engagement is limited to the controls specifically identified by management as eliminating that weakness. EXAMPLE Weaknesses that arise in the first quarter after the most recent AS-2 report, which are disclosed in connection with the company’s quarterly report and that are remedied in the second quarter would not fall within the scope of and AS-4 engagement because they were not a part of the original AS-2 engagement. Top_Aud_06_book.indb 24 8/24/2005 3:31:55 PM M O D U L E 1 — C H A P T E R 1 — PCAOB Auditing Standards 25 An auditor may report on the elimination of a material weakness only if the client’s management meets all of the following conditions: It must accept responsibility for the effectiveness of internal control over financial reporting. It must use the same control criteria that it used for its most recent annual assessment in evaluating the control that it believes eliminates the material weakness. It must assert that the specific control identified effectively achieves the stated control objective. It must support this assertion with sufficient evidence It must prepare a written report to accompany the auditor’s report, containing the following elements: A statement of its responsibility for establishing and maintaining effective internal control. An identification of the control criteria it used to conduct the required annual assessment of internal control. An identification of the material weakness that was cited in its annual assessment. An identification of the control objectives addressed by implementation or modification of specified controls. A statement that the specified controls achieve the specified objectives at a certain date. A statement that the implementation of those controls has eliminated the material weakness as of the same date. There is a great deal of flexibility in this standard: An engagement under AS-4 could be undertaken at any time during the year. An engagement under AS-4 does not have to be undertaken in connection with an audit or review of financial statements. An auditor can report on the elimination of one or more material weaknesses as part of a single engagement. In other words, not all of the material weaknesses in the annual AS-2 report need be a part of an AS-4 engagement. If the auditor determines that a material weakness has not been eliminated, the company can undertake additional corrective actions, “re-set” the assertion date, and ask the auditor to re-test. If an auditor determines that a material weakness has not been eliminated, the auditor may issue an adverse report. However, if no public report is issued, the auditor is required to report to the company’s audit committee in writing that the material weakness has not been eliminated. Top_Aud_06_book.indb 25 8/24/2005 3:31:55 PM 26 TOP AUDITING ISSUES FOR 2006 CPE COURSE The comment period on this proposed standard closed on May 16, 2005. Users of this course should check with PCAOB’s website (www.pcaobus.org) for possible changes and for an effective date for implementation. STUDY QUESTIONS 11. The proposals of AS-4, if adopted, would create mandatory reporting on the elimination of material weaknesses. True or False? Top_Aud_06_book.indb 26 8/24/2005 3:31:55 PM 27 MODULE 1 — CHAPTER 2 The PCAOB Inspection Process LEARNING OBJECTIVES At the completion of this chapter, you should understand: The nature of the PCAOB inspection program. The types of deficiencies cited in the most recent round of PCAOB inspections. INTRODUCTION Section 104 (a) of the Sarbanes-Oxley Act directs the PCAOB to conduct a continuing program of inspections of firms that audit SEC registrants. The results of the inspections that have been conducted to date demonstrate that this program is far more exhaustive and rigorous than any of the practice monitoring initiatives of the AICPA. NATURE OF THE PCAOB INSPECTION PROGRAM Scope of the PCAOB Inspection Program The scope of the PCAOB’s inspection program differs from that of the AICPA practice monitoring programs in that it covers only SEC clients, while the peer review program of the AICPA’s Center for Public Company Accounting Firms, which is discussed in Chapter 3, covers only the firm’s non-SEC auditing and accounting practice. OBSERVATION Thirty-four states, as a condition of licensure, require some form of practice monitoring or peer review of a firm’s entire auditing and accounting practice. The PCAOB’s inspection program, because it includes only SEC engagements, will be likely not to meet the licensure requirements of these states. The peer review program of the Center for Public Company Accounting Firms is being designed to bridge the gap between the PCAOB inspection and the licensure requirements. Firms should check with their state boards of accountancy, as well as the AICPA and PCAOB websites for developments on this issue. Timing of Inspections Inspection will generally occur annually for firms that regularly audit more than a hundred issuers. For firms that regularly audit one hundred or fewer issuers, inspection will generally occur no less frequently than every three years. Top_Aud_06_book.indb 27 8/24/2005 3:31:55 PM 28 TOP AUDITING ISSUES FOR 2006 CPE COURSE Results of Recent Inspections Limited inspections of the four largest U.S. firms were conducted in the last half of 2003. The purpose of these limited inspections was to provide the Board with a foundation for full-scale inspections and to develop a baseline understanding of the firms’ systems of quality control over their SEC audit practices. Copies of the public portions of these reports are available on PCAOB’s website at www.pcaobus.org. The reports on the limited inspections of these firms were issued in August 2004. They identified significant auditing and accounting issues that the firms’ systems of quality control failed to detect and expressed concern about significant aspects of each firm’s QC system. PCAOB Chairman William J. McDonough said of these inspections that, “…their emphasis on criticisms do not reflect any broad negative assessment of the firms’ audit practices.” He went on to express that: … our findings say more about the benefits of the robust, independent inspection process envisioned in the Sarbanes-Oxley Act of 2002 than they do about any infirmities in these firms’ audit practices. None of our findings has shaken our belief that these firms are capable of the highest quality auditing. (“Board Releases Reports on 2003 Limited Inspections of Big Four Accounting Firms,” Public Company Accounting Oversight Board: Washington, D.C., August 26, 2004.) The findings of these limited inspections are summarized below. It is worthy of note that these findings arise from a sample of sixty four engagements (sixteen at each of the four firms) plus a limited number of additional engagements selected as follow-ups to the findings of the initial selection. It is also significant to note that the reports showed wide disparities between the four firms. Of the sixty three serious findings cited in these reports, one firm accounted for only five of them, while two others accounted for 24 and 25 findings. Nature of Findings Number of Instances Liability restatements under EITF 95-22, resulting in restatement of the financial statements. 15 Other immaterial GAAP departures, not resulting in restatement. 22 Audit procedures insufficient to support conclusions. 19 Untimely archival of audit documentation. 7 Total 63 Liability Restatements Under EITF 95-22 Each of the Big Four accounting firms was cited for noncompliance with EITF 95-22, which requires that borrowings under revolving lines of credit Top_Aud_06_book.indb 28 8/24/2005 3:31:55 PM MODULE 1 — CHAPTER 2 — The PCAOB Inspection Process 29 be classified as current liabilities if the agreements contain both a subjective acceleration clause and a lock-box requirement. As a result of these findings, the financial statements of the affected issuers have been restated. Other GAAP Departures Among the other GAAP departures cited by the PCAOB inspectors were the following: Failure to segregate current deferred tax from noncurrent. Inappropriate recognition of certain income tax benefits under FASB 109. Inappropriate reporting of certain “reclassification adjustments” under FASB 130. Accrual of restructuring charges that did not meet the recognition criteria of EITF 94-3. Accrual of legal exposures that were not supportable under the criteria of FASB 5. Failure to disclose certain guarantees required by FASB 5. Inappropriate reporting of losses on sales of securities and fair value adjustments under FASB 115. Misapplication of FASB 91 in accounting for loan origination fees and costs. Inadequate disclosures related to goodwill impairment under FASB 142. Misapplication of EITF 95-8 in connection with contingent consideration paid in certain business combinations. Failure to address whether a forward sales commitment is a derivative under FASB 133. Audit Procedures Insufficient to Support Conclusions Firms were cited for the following departures from professional standards: Inadequate documentation of: Audit work performed on provision for income taxes, deferred tax assets and liabilities, income taxes payable, and valuation allowances. Evaluation of going concern issues. Evaluation of asset impairment. Evaluation of accounting estimates. Communication with audit committees under SAS 61. Accounts receivable confirmations. Unsigned or missing representation letters. Unsigned workpapers. Inventory observation and test counts for perpetual inventory cycle counts. Unadjusted audit differences. Projections of known misstatements to untested portions of inventory balance in connection with non-statistical sampling. Top_Aud_06_book.indb 29 8/24/2005 3:31:55 PM 30 TOP AUDITING ISSUES FOR 2006 CPE COURSE Inappropriately low assessment of engagement risk when significant going concern issues, asset impairments, and contingent liabilities were noted. Failure to issue written communication to the audit committee regarding independence. Business relationships with audit clients that raised questions about auditor independence, such as strategic alliances, reseller arrangements, and joint marketing and sales arrangements. Undue reliance on the work of internal auditors. Failure to adequately test additions to capitalized costs. Inadequate consideration or documentation of work performed by specialists. Insufficient audit procedures on warranty liabilities. Inappropriate reliance on data provided by service organizations. In most of the cases in which documentation deficiencies or omission of certain audit procedures were cited, the firms elected to supplement their work with additional procedures or documentation. The 2004 inspections began in May. The PCAOB currently employs 90-100 inspectors of the 200 that it initially budgeted for. Current indications, however, are that it is experiencing difficulty hiring and retaining qualified inspectors, due to the job’s heavy travel requirements and that it is not expected to reach its 200 inspector target within the coming year. Furthermore, high turnover in these positions is expected, as PCAOB inspectors with a year or two of experience can be expected to be offered more attractive salaries and lighter travel by returning to employment with public accounting firms. The PCAOB inspection program will apparently take a two-tiered structure. For the larger audit firms, which audit 100 or more issuers, the inspection process will be ongoing, although the reporting will be annual. The rest of the firms will be on a three year cycle. Note that this cycle is “at least” every three years, which indicates that firms that have problems in their initial inspection might expect to be inspected more often. The initial round of inspections in 2004 shows that this process will be far more exhaustive than any of the AICPA practice monitoring programs have been. As an example, the report on one firm ran to 290 pages and recited every issue with every engagement. The AICPA peer review report and letter of comments (LOC) on the same firm, which covered roughly the same period, ran only to five pages but covered substantially the same issues. Smaller firms with fewer than five issuers have presented the most problems in the initial round of inspections. The inspections of smaller firms can be expected to be more engagement and less system oriented. Anecdotal reports from firms that have undergone inspections: describe, for example, a small firm that had one SEC issuer, to which the PCAOB sent three Top_Aud_06_book.indb 30 8/24/2005 3:31:56 PM MODULE 1 — CHAPTER 2 — The PCAOB Inspection Process 31 inspectors, who spent five days at the firm. The focus was on “tone at the top.” Another small firm reported two inspectors who spent two full days. Initial data arising from the first wave of inspections of nine smaller firms, ranging in size from a sole practitioner to a firm of 80 professionals, show that six of these firms had no deficiencies that warranted discussion in the inspection report. In the case of two other firms, inspection findings caused the firms to apply additional auditing procedures, which resulted in financial statement restatements. The findings of those inspections are summarized below and include: Inappropriate accounting for a reverse merger. Improper deferral of costs related to an aborted securities offering. Failure to document understanding of internal controls. Failure to test certain specific audit areas, including: Data from a service organization. Value of securities issued. Revenue and expense recognition. Contingent legal liabilities. Valuation of investment securities. Valuation of deferred taxes. Evaluation of asset impairment. Evaluation of self-insurance reserves. Existence, valuation, and realizability of notes receivable. Inappropriate reporting, including: Omission of a going concern paragraph. Improper reference to the work of another auditor. Inappropriate reliance on the work of another auditor. Failure to evaluate the effect of prior year’s adjustments on current financial statements. OBSERVATION The overall results of PCAOB inspections suggest two threads that appear to run through both sets of findings. These have implications for all sizes and levels of audit practice. The need to consult. Both the GAAP and GAAS departures seem to cluster around misunderstanding, misapplication, or ignorance of arcane, obscure, or infrequently seen standards. Virtually all of these shortcomings could have been avoided if the firms had consulted with professional literature or with technical experts. The fact that these findings were so pervasive suggests that most engagements are likely to contain some issue of accounting or auditing that is unfamiliar to the engagement team. Given the growing complexity and volume of professional standards, it is not surprising to see this result. This points to the need for auditors to read the professional literature or to Top_Aud_06_book.indb 31 8/24/2005 3:31:56 PM 32 TOP AUDITING ISSUES FOR 2006 CPE COURSE consult with technical experts not only in extraordinary or complex situations, but in more mundane cases when a client engages in some form of transaction that is new to its business or that the audit firm or engagement team has either not seen before or has not dealt with recently. It also suggests that it would not be a bad idea for auditors to re-read some of the literature that they think they understand. This might be appropriate especially when large amounts or new activities are involved. This may become a mantra in the profession. Under the PCAOB standards, as well as under evolving AICPA standards, a failure to document a procedure equates to a failure to perform it. If audit documentation leaves doubt that a necessary procedure was performed, PCAOB inspectors are likely to conclude that it was not. This means that firms will have to strengthen their quality control policies and procedures in several areas: Documenting in an unambiguous fashion the results of their work. Systematizing and standardizing documentation procedures to facilitate both performance and review. Training audit personnel in documentation procedures. Emphasizing pre-issuance supervisory reviews for adequacy of documentation. Conducting ongoing internal inspection and monitoring activities to assure that documentation policies and procedures are being observed. “Document like your life depended on it.” The PCAOB posts inspection results to its website (www.pcaobus.org) on a regular basis. As this course went to press there were 25 reports posted. Users should check PCAOB’s website for the most currently posted inspections. STUDY QUESTIONS 1. Which of the following statements does not apply to the PCAOB Inspection Program? a. It covers only the SEC practice of registered firms. b. Firms with less than 100 SEC clients may not be inspected more frequently than every three years. c. Firms with 100 or more SEC clients will be inspected annually. 2. Which of the following is not a significant finding cited in PCAOB’s reports on the limited inspections of the Big Four audit firms conducted in 2004? a. Untimely archival of audit documentation. b. Failure to meet GAO continuing education requirements. c. Liability restatements under EITF 95-22, resulting in restatement of the financial statements. d. Audit procedures insufficient to support conclusions. Top_Aud_06_book.indb 32 8/24/2005 3:31:56 PM MODULE 1 — CHAPTER 2 — The PCAOB Inspection Process 33 3. The PCAOB inspection results suggest that auditors should consult more often with professional literature or technical experts when engagements involve the application of auditing or accounting standards that are unfamiliar to them. True or False? 4. Inspection results suggest that PCAOB inspectors are likely to regard the failure to document an auditing procedure as a failure to perform that procedure. True or False? 5. Documentation shortcomings cited by PCAOB inspectors have implications in all of the following quality control system areas except: a. b. c. d. Top_Aud_06_book.indb 33 Training of audit engagement staff. Supervisory review of audit documentation. Auditor independence. Ongoing internal inspection and monitoring activities. 8/24/2005 3:31:56 PM Top_Aud_06_book.indb 34 8/24/2005 3:31:56 PM 35 MODULE 1 — CHAPTER 3 The Center for Public Company Audit Firms LEARNING OBJECTIVES At the completion of this chapter, you should understand: The membership requirements of the AICPA Center for Public Company Audit Firms. The nature of the Center’s peer review program. INTRODUCTION Starting on January 1, 2004, the Center for Public Company Audit Firms (the “Center”) took over from the SEC Practice Section (SECPS) as the AICPA membership’s organization for firms that audit or that are interested in audits of public companies. Among the Center’s functions are the creation and administering of the peer review program for the non-SEC portion of member firms’ accounting and auditing practices. THE CENTER’S ACTIVITIES Membership in the Center Membership in the Center is voluntary. There are no situations in which a firm is required to become a member of the Center. However, any AICPA member firm may join, regardless of the nature of its clientele. Some firms that do not have SEC practices elect to join the Center, usually either in anticipation of acquiring an SEC practice in the near future or out of a perception that Center membership lends additional credibility to the firm’s resume. All former SECPS member firms were automatically enrolled in the Center. Firms that were SECPS members as of December 31, 2003 that no longer wish to be members of the Center may resign from it. The form for doing so can be accessed through the AICPA’s website (www.aicpa.org/centerprp/index. htm). Firms that were not members on December 31, 2003 but wish to become members may submit an enrollment form through the same website. The requirements for membership in the Center for Public Company Audit Firms are generally less than those of the former SECPS. Those requirements are detailed on the AICPA’s website (http://cpcaf.aicpa.org/ Memberships/Membership+Requirements.htm). Top_Aud_06_book.indb 35 8/24/2005 3:31:56 PM 36 TOP AUDITING ISSUES FOR 2006 CPE COURSE In summary, they are: All U.S. resident audit partners eligible for membership in the AICPA must be AICPA members. Firms must use their best efforts to ensure compliance with this requirement including: Annually advising all audit partners of this requirement. Taking appropriate corrective actions in the event of noncompliance. All member firms must file an annual report with the Center that will be open to public inspection. This form is accessible through the AICPA’s website (www.aicpa.org/cpcaf/download/CPCAF_Annual _Report_Form.pdf). All member firms must pay dues as established by the Center’s Executive Committee. The dues schedule will be available through the website (http://cpcaf.aicpa.org/Memberships/MembershipDues.htm). If subject to the Center’s peer review program, member firms must pay administrative fees related to peer review and comply with the requirements of and actions directed by the Center’s peer review committee. Member firms’ peer review reports will be open to public inspection. This applies whether the peer review is conducted under the Center’s program or the AICPA Peer Review Program. Peer Review The Center’s Peer Review Program does not cover a firm’s SEC practice. Because the PCAOB’s inspection program covers this portion of a firm’s practice and because of the broad regulatory powers of the PCAOB, the AICPA felt that the inclusion of SEC practice within its peer review process would not benefit either the public interest or the interests of its member firms. It is important to note that membership in the Center is not the same as enrollment in its peer review program. Center members that do not have an SEC practice may enroll in either the AICPA peer review program or the Center’s program. However, all AICPA member firms that are required to be registered with or inspected by the PCAOB are required to be enrolled in the Center’s peer review program. A firm does not have to be a member of the Center to enroll in its peer review program. The AICPA is currently developing publications for the Center’s member firms, including standards for its peer review program. Users of this course should check with the AICPA website (http://cpcaf.aicpa.org) for updates on these matters. While new literature is under development, the two publications that pertain to the old SEC Practice Section, as supplemented and amended by guidance posted on the AICPA’s website, will continue to be used in the Center’s peer review program. Top_Aud_06_book.indb 36 8/24/2005 3:31:56 PM MODULE 1 — CHAPTER 3 — The Center For Public Company Audit Firms 37 SEC Practice Section Reference Manual. The Center is currently writing administrative and operational procedures which will result in future revisions to Section 1000 of this manual. It is also revising other sections, including those related to administrative fees and contents of public files. The following sections have been deleted as being no longer applicable to the Center’s peer review process: Section 7000, “Quality Control Inquiry Committee” Section 8000, “Continuing Professional Education Requirements” Section 9000, “Professional Issues Task Force” SEC Practice Section Peer Review Program Manual (PRM). This manual, which contains the review guidelines and checklists used in performing a Center peer review, was last updated in print in July 2002. Since then, the Center Peer Review Committee has modified certain of its checklists and documents to assist reviewers in performing reviews in 2004 and thereafter. Most of the modifications are deletions of requirements to review SEC engagements or to test SECPS membership requirements. Although the new documents still bear “SECPS” titles in many cases, they should nonetheless be used for performing and reporting on Center peer reviews. The revised Manual is no longer available in paper format. It can be accessed in electronic form at the Center’s website (www.aicpa.org/centerprp/manualreq.htm). STUDY QUESTIONS 1. Membership in the AICPA’s Center for Public Company Audit Firms is restricted to firms that audit SEC registrants. True or False? 2. Which of the following statements does not apply to the Center’s peer review program? a. All Center member firms must have a peer review under the Center peer review program. b. The Center peer review program covers only the firm’s non-SEC accounting and auditing practice. c. The Center peer review program manual is available in electronic form through the Center’s website. Top_Aud_06_book.indb 37 8/24/2005 3:31:56 PM 169 TOP AUDITING ISSUES FOR 2006 CPE COURSE Answers to Study Questions MODULE 1—CHAPTER 1 1. True. Correct. PCAOB AS-1 requires that the reference to “U.S. generally accepted auditing standards” in the first sentence of the scope paragraph of the auditor’s report be replaced with the phrase, “the standards of the Public Company Accounting Oversight Board (United States).” False. Incorrect. The rationale for deleting any reference to generally accepted auditing standards is that the PCAOB adopted those standards, along with their effective dates, as interim standards as they existed on April 16, 2003, thus including them in the PCAOB standards. Since the adoption of AS-1, reference to generally accepted auditing standards in auditors’ reports is no longer necessary or appropriate. 2. False. Correct. Internal control over financial reporting is designed by or under the supervision of the company’s principal executive and financial officers and is affected by the company’s board of directors, management and other personnel. True. Incorrect. AS-2 precludes an auditor from accepting an engagement to provide internal control-related services to an audit client, unless the engagement has been pre-approved by the audit committee. 3. False. Correct. A “material weakness” is a deficiency in the design or operation of a control that results in more than a remote likelihood that a material misstatement of the annual or interim financial statements will not be prevented or detected. True. Incorrect. A “control deficiency” is a deficiency in the design or operation of a control that does not allow management or employees, in the normal course of performing their assigned functions, to prevent or detect misstatements on a timely basis. AS-2 requires that management’s assessment of the effectiveness of internal control be made as of the end of the company’s fiscal year. a. Incorrect. As a practical matter, management may, and usually will as an ongoing process, assess the effectiveness of internal control at different times throughout the year. However, for purposes of making and reporting on its assessment to comply with AS-2, its evaluation must be updated as of the end of the company’s fiscal year. b. Incorrect. Management may assess the effectiveness of internal control over appropriate periods of time within the company’s fiscal year but AS-2 4. c. Correct. Top_Aud_06_book.indb 169 8/24/2005 3:32:10 PM 170 TOP AUDITING ISSUES FOR 2006 CPE COURSE leaves no discretion as to what constitutes an “appropriate period of time” for purposes of compliance with its provisions. When assessing and reporting on internal control, the assessment must cover the entire fiscal year. 5. c. Correct. An auditor is required to perform “walkthroughs” of significant control processes as a part of an audit of internal control over financial reporting. These “walkthroughs” may not be delegated to management. a. Incorrect. Management is required to accept responsibility for the effectiveness of internal control b. Incorrect. Management is required to evaluate internal control using suitable criteria d. Incorrect. Management is required to present a written assessment of the effectiveness of internal control as of the end of the most recent fiscal year. 6. True. Correct. An auditor is required to perform walkthroughs as a part of each annual audit of internal control and must perform at least one walkthrough for each major class of transactions. False. Incorrect. AS-2 specifically requires at least one annual walkthrough for each major class of transactions. AS-2 requires the auditor to identify each significant process, such as sales or purchasing, over each major class of transactions affecting significant accounts. False. Incorrect. Because of the importance of significant processes and major classes of transactions in the design of auditor’s procedures, they must be identified. 7. True. Correct. An auditor may issue separate reports on a company’s financial statements and on its internal control over financial reporting. When separate reports are issued, each must make reference to the other. However, a combined report on a company’s financial statements and its internal control over financial reporting may be issued at the auditor’s discretion. True. Incorrect. An auditor is not required to issue separate reports on a company’s financial statements and its internal control over financial reporting. 8. False. Correct. AS-2 requires that “an experienced auditor having no previous connection with the engagement” be able, from the audit documentation, to readily determine what audit work was performed and what conclusions were reached. The standard defines “experienced auditor” as one who has a reasonable understanding of audit activities and who has studied the company’s industry. 9. False. Correct. Top_Aud_06_book.indb 170 8/24/2005 3:32:10 PM ANSWERS TO STUDY QUESTIONS — Module 1 — Chapter 2 171 True. Incorrect. The “individual who possesses the competencies and skills that would have enabled him or her to perform the audit” is a criterion of the AICPA’s proposed new standard on audit documentation but is not a part of PCAOB standards. Differences of professional opinion based on preliminary views should not be a part of the engagement completion document. a. Incorrect. The engagement completion document must contain the results of auditing procedures that indicate the existence of material misstatements. c. Incorrect. Matters that could lead to a modified auditor’s report are required to be included in the engagement completion document. d. Incorrect. Circumstances that cause difficulty in applying audit procedures must be included in the engagement completion document. 10. b. Correct. The proposed standard creates a mechanism for reporting on the elimination of a material weakness but does not require such a report. True. Incorrect. The reporting on the elimination of a material weakness is an optional engagement under the proposed standard. 11. False. Correct. MODULE 1—CHAPTER 2 1. b. Correct. The cycle is “at least” every three years, which indicates that firms that have problems in their initial inspection might expect to be inspected more often. a. Incorrect. The PCAOB inspection program does cover only the SEC practice of registered firms. c. Incorrect. Inspection will generally occur annually for firms that regularly audit more than a hundred issuers. 2. b. Correct. Failure to meet GAO continuing education requirements would not be a finding in a PCAOB inspection because PCAOB inspections are geared toward compliance with PCAOB standards rather than GAO standards. a. Incorrect. Untimely archival of audit documentation was cited as a finding in seven instances. c. Incorrect. Liability restatements under EITF 95-22, which resulted in restatement of the financial statements, was cited as a finding in fifteen instances. d. Incorrect. Audit procedures insufficient to support conclusions was cited as a finding in nineteen instances. Top_Aud_06_book.indb 171 8/24/2005 3:32:10 PM 172 TOP AUDITING ISSUES FOR 2006 CPE COURSE 3. True. Correct. Recent PCAOB inspections have shown that complex or unusual accounting or auditing standards are frequently misapplied or misinterpreted. Increased consultation, whether with professional literature or technical experts, is one effective means of avoiding a misunderstanding of standards. False. Incorrect. Many of the deficiencies cited in the recent PCAOB inspections would likely have been avoided if the firms had consulted with professional literature or technical experts, especially in areas that are unusual, unfamiliar, or complex. 4. True. Correct. PCAOB auditing standards require that audit documentation stand on its own, such that another experienced auditor could determine from the documentation alone what procedures were applied and what conclusions were reached. Given this standard, omitting documentation of a procedure is presumed to indicate a failure to perform it. False. Incorrect. The recent round of PCAOB inspections cites a pervasive range of documentation deficiencies. The PCAOB standards leave little room for supplementing inadequate documentation with oral explanations. Thus, when audit documentation does not clearly describe the procedures applied or conclusions reached, inspectors have little choice but to conclude that a procedure was not performed. 5. c. Correct. While auditor independence continues to be a crucial concern of both the PCAOB and the accounting profession, significant documentation deficiencies in this area have not been cited in recent inspection reports. a. Incorrect. The training of audit staff in proper documentation techniques and procedures will be increasingly important in addressing the kinds of documentation issues cited in recent PCAOB inspections. b. Incorrect. Supervisory review will be increasingly important in assuring that audit documentation meets both PCAOB and firms’ quality control standards. d. Incorrect. Ongoing internal monitoring, in the form of inspections, and pre- or post-issuance reviews, will take on increased importance as firms strive to assure that their audit documentation meets PCAOB standards. MODULE 1—CHAPTER 3 Some firms that do not have SEC practices elect to join the Center, usually either in anticipation of acquiring an SEC practice in the near future or out of a perception that Center membership lends additional credibility to the firm’s resume. True. Incorrect. Any AICPA member firm may join the Center, regardless of the nature of its clientele. 1. False. Correct. Top_Aud_06_book.indb 172 8/24/2005 3:32:11 PM ANSWERS TO STUDY QUESTIONS — Module 2 — Chapter 4 173 Membership in the Center is not the same as enrollment in its peer review program. Center members that do not have an SEC practice may enroll in either the AICPA peer review program or the Center’s program. However, all AICPA member firms that are required to be registered with or inspected by the PCAOB are required to be enrolled in the Center’s peer review program. A firm does not have to be a member of the Center to enroll in its peer review program. b. Incorrect. The Center’s peer review program does not cover a firm’s SEC practice. Because the PCAOB’s inspection program covers this portion of a firm’s practice and because of the broad regulatory powers of the PCAOB, the AICPA felt that the inclusion of SEC practice within its peer review process would not benefit either the public interest or the interests of its member firms. c. Incorrect. The Center Peer Review Committee has modified certain of its checklists and documents of the former SEC Practice Section Peer Review Program Manual (PRM) to assist reviewers in performing reviews under the Center’s program. Most of the modifications were deletions of requirements to review SEC engagements or to test SECPS membership requirements. Although the new documents still bear “SECPS” titles in many cases, they should nonetheless be used for performing and reporting on Center peer reviews. The revised Manual is no longer available in paper format. It can be accessed in electronic form at the Center’s website. 2. a. Correct. MODULE 2—CHAPTER 4 1. True. Correct. All analytical procedures require an auditor to develop an expectation about an account balance or financial statement item. Analytical procedures involve comparing actual data to some expectation, such as a prior year’s data, predictive calculations by the auditor, a client-prepared budget, or industry data. Without any expectations, there would be nothing to compare False. Incorrect. 2. False. Correct. Analytical procedures must be used in the planning and final phases of a financial statement audit. Their use for other purposes in an audit, such as to supplant substantive procedures or to provide additional support for substantive procedures is optional. True. Incorrect. SAS 56 requires that analytical procedures be performed in all financial statement audits. The fact that plausible relationships among data within financial statements exists, and can be expected to continue in the absence of known conditions to the contrary, makes analytical procedures possible. False. Incorrect. It is a fact that financial statements contain much interrelated data. The ability to leverage off these relationships to assess their plausibility is a key feature of analytical procedures. 3. True. Correct. Top_Aud_06_book.indb 173 8/24/2005 3:32:11 PM 205 TOP AUDITING ISSUES FOR 2006 CPE COURSE CPE Quizzer Instructions The CPE quizzer is divided into three modules. There is a processing fee for each quizzer module submitted for grading. Successful completion of Module 1 is recommended for 3 CPE Credits.* Successful completion of Module 2 is recommended for 7 CPE Credits.* Successful completion of Module 3 is recommended for 6 CPE Credits.* You can complete and submit one module at a time, or all modules at once for a total of 16 CPE Credits.* To obtain CPE credit, return your completed answer sheet for each quizzer module to CCH Tax and Accounting, Continuing Education Department, 4025 W. Peterson Ave., Chicago, IL 60646, or fax it to (773) 866-3084. Each quizzer answer sheet will be graded and a CPE Certificate of Completion awarded for achieving a grade of 70 percent or greater. A quizzer answer sheet is located after each module’s quizzer questions for this course. Express Grading: Processing time for your answer sheet is generally 8-12 business days. If you are trying to meet a reporting deadline, our Express Grading Service is available for an additional $19 per module. To use this service, please check the “Express Grading” box on your answer sheet, and provide your CCH account or credit card number and your fax number. CCH will fax your results and a Certificate of Completion (upon achieving a passing grade) to you by 5:00 p.m. the business day following our receipt of your answer sheet. If you mail your answer sheet for express grading, please write “ATTN: CPE OVERNIGHT” on the envelope. NOTE: CCH will not Federal Express Quizzer results under any circumstances. NEW ONLINE GRADING gives you immediate 24/7 grading with instant results and no Express Grading Fee. The CCH Testing Center website gives you and others in your firm easy, free access to CCH print courses and allows you to complete your CPE exams online for immediate results. Plus, the My Courses feature provides convenient storage for your CPE course certificates and completed exams. Go to www.cchtestingcenter.com to complete your exam online. * Recommended CPE credit is based on a 50-minute hour. Participants earning credits for states that require self-study to be based on a 100-minute hour will receive ½ the CPE credits for successful completion of this course. Because CPE requirements vary from state to state and among different licensing agencies, please contact your CPE governing body for information on your CPE requirements and the applicability of a particular course for your requirements. Top_Aud_06_book.indb 205 8/24/2005 3:32:14 PM 206 TOP AUDITING ISSUES FOR 2006 CPE COURSE The date of completion on your certificate will be the date that you put on your answer sheet. However, you must submit your answer sheet to CCH for grading within two weeks of completing it. Date of Completion: Expiration Date: December 31, 2006 Evaluation: To help us provide you with the best possible products, please take a moment to fill out the course evaluation located at the back of this course and return it with your quizzer answer sheets. CCH INCORPORATED is registered with the National Association of State Boards of Accountancy (NASBA) as a sponsor of continuing professional education on the National Registry of CPE Sponsors. State boards of accountancy have final authority on the acceptance of individual courses for CPE credit. Complaints regarding registered sponsors may be addressed to the National Registry of CPE Sponsors, 150 Fourth Avenue North, Suite 700, Nashville, TN 37219-2417. Web site: www.nasba.org. CCH INCORPORATED is registered with the National Association of State Boards of Accountancy (NASBA) as a Quality Assurance Service (QAS) sponsor of continuing professional education. State boards of accountancy have final authority on the acceptance of individual courses for CPE credit. Complaints regarding registered sponsors may be addressed to NASBA, 150 Fourth Avenue North, Suite 700, Nashville, TN 37219-2417. Web site: www.nasba.org. Recommended CPE: 3 hours for Module 1 7 hours for Module 2 6 hours for Module 3 16 hours for all modules Processing Fee: $39.00 for Module 1 $79.00 for Module 2 $69.00 for Module 3 $187.00 for all modules One complimentary copy of this course is provided with all copies of the Miller Auditing Guides. Additional copies of this course may be ordered for $25.00 each by calling 1-800-248-3248 (ask for product 0-0904-200). Top_Aud_06_book.indb 206 8/24/2005 3:32:15 PM 207 TOP AUDITING ISSUES FOR 2006 CPE COURSE Quizzer Questions: Module 1 1. Auditors’ reports on the financial statements of SEC issuers are now required to contain a reference to the standards of: a. b. c. d. 2. The design of internal control over the financial reporting process is primarily the responsibility of: a. b. c. d. 3. The auditor. The audit committee. The board of directors. Management. A deficiency in the design or operation of a control that results in a more than remote likelihood that a material misstatement of the annual or interim financial statements will not be prevented or detected is defined in AS-2 as a: a. b. c. d. 4. The American Institute of Certified Public Accountants. The Public Company Accounting Oversight Board. Generally accepted auditing standards. Government Auditing Standards. Significant deficiency. Material weakness. Control deficiency. Reportable condition. Management’s assessment of the effectiveness of internal control must be made: a. b. c. d. Top_Aud_06_book.indb 207 At the auditor’s discretion. As of the end of the company’s most recent fiscal year. Over an appropriate period of time. At different times throughout the year. 8/24/2005 3:32:15 PM 208 TOP AUDITING ISSUES FOR 2006 CPE COURSE 5. Which of the following is not required of management for satisfactory completion of an audit of internal control over financial reporting? Supporting the evaluation of the effectiveness of the entity’s internal control with sufficient competent evidential matter and adequate documentation. b. Acceptance of responsibility for the effectiveness of internal control. c. Evaluation of internal control using suitable control criteria. d. Performing “walkthroughs” of significant control processes. a. 6. Auditors must identify all of the following in designing their procedures for an audit of internal control except: a. b. c. d. 7. Sampling probable error. Significant processes. Major classes of transactions. Significant disclosures. An auditor may issue a combined report on a company’s financial statements and on its internal control over financial reporting. True or False? 8. Which of the following statements does not apply to the documentation requirements of PCAOB AS-3? It must be documented sufficiently enough that an experienced auditor can readily determine what audit work was performed and what conclusions were reached. b. It defines an “experienced auditor” as one who has a “reasonable understanding” of audit activities and “has studied” the company’s industry. c. It indicates that sign-offs on audit programs are enough to show that a procedure was performed. d. Oral explanations of audit documentation are not “persuasive evidence” that can be used to support and auditor’s opinion. a. 9. The PCAOB requires all of the following to be a part of the engagement completion document except: The results of auditing procedures that indicate the existence of material misstatements. b. Significant deficiencies in internal control. c. Circumstances that cause difficulty in applying auditing procedures. d. Interim conclusions and related discussions. a. Top_Aud_06_book.indb 208 8/24/2005 3:32:15 PM QUIZZER QUESTIONS — Module 1 10. 209 Which of the following statements about the proposals of AS-4 is correct? AS-4 requires mandatory reporting on the elimination of material weaknesses. b. An AS-4 engagement must be undertaken in connection with a financial statement audit. c. An auditor can report on the elimination of one or more material weaknesses as part of a single AS-4 engagement. d. An AS-4 engagement must be undertaken as of the company’s year end. a. 11. Which of the following statements does not apply to the PCAOB Inspection Program? Firms with 100 or more SEC clients will be inspected annually. Firms with fewer than 100 SEC clients must be inspected at least every three years. c. It covers only the SEC practice of registered firms. d. Firms with fewer than 5 SEC clients and 10 professional staff are exempt from inspection. a. b. 12. Which of the following is not a significant finding cited in the PCAOB’s reports on the limited inspections of the Big Four audit firms conducted in 2004? a. b. c. d. 13. Failure to segregate current deferred tax from noncurrent. Inappropriate reliance on the work of internal auditors. Liability restatements under EITF 95-22. Inappropriate reliance on data provided by service organizations. The PCAOB inspection results suggest that auditors should consider all of the following except: Increasing reliance on service organizations. Consulting more often with professional literature or technical experts. c. Systematizing and standardizing documentation procedures. d. Emphasizing pre-issuance supervisory review for adequacy of documentation. a. b. Top_Aud_06_book.indb 209 8/24/2005 3:32:15 PM 210 TOP AUDITING ISSUES FOR 2006 CPE COURSE 14. Documentation shortcomings cited by PCAOB inspectors have implications in all of the following quality control system areas except: a. b. c. d. 15. Auditor independence. Supervisory review of audit documentation. Consultation. Ongoing internal inspection and monitoring activities. Which of the following statements about the Center’s peer review program is correct? All Center member firms must have a peer review under the Center peer review program. b. The Center peer review program covers the firm’s SEC accounting and auditing practice. c. The Center peer review program manual is available in electronic form through the Center’s website. d. Center membership is available only to firms with SEC practices. a. Top_Aud_06_book.indb 210 8/24/2005 3:32:15 PM
