Rittenberg/Schwieger/Johnstone
Auditing: A Business Risk Approach
Sixth Edition
Chapter 2
Corporate Governance,
Audit Standards
Copyright © 2008 Thomson South-Western, a part of the Thomson Corporation. Thomson, the Star logo,
and South-Western are trademarks used herein under license.
1
Define Corporate Governance
"a process by which the owners and
creditors of an organization exert control
and require accountability for the
resources entrusted to the organization.
The owners (stockholders) elect a board of
directors to provide oversight of the
organization's activities"
2
The primary parties involved in
corporate governance
Stockholders
Boards of Directors
Audit Committees of the Board
Management
Self-Regulatory Accounting Organizations (e.g.
AICPA, FASB)
Other Self-Regulatory Organizations (e.g.
NYSE, NASD)
Regulatory Agencies (e.g. SEC)
External Auditors
Internal Auditors
3
What are SEC concerns regarding
the auditing profession?
Auditors were no longer willing to confront
clients over questionable accounting
practices
Consulting fees were impairing auditor
independence
Accountants were using technical
interpretations of GAAP to push the limits
of accounting
4
What are the Public Oversight
Board (POB) concerns?
Analytical procedures used inappropriately to
replace direct tests of account balances
Audit firms not thoroughly evaluating internal
control and applying substantive procedures to
address weaknesses in control
Audit documentation, especially related to audit
planning, did not meet professional standards
Auditors ignored warning signs of fraud and
other problems
Auditors were not providing sufficient warning
about companies that might not continue as
'going concerns'
5
The Sarbanes/Oxley Act of 2002 was
passed by Congress in response to
massive accounting scandals.
Significant provisions include:
 Establishes the Public Companies Accounting Oversight
Board (PCAOB) with broad authority, including the power
to set auditing standards for audits of publicly traded
companies
 Requires the CEO and CFO certify the financial
statements
 Requires companies to provide a comprehensive report
on internal controls over financial reporting and that
auditors report on internal controls
 Audit Committees given expanded powers as the 'audit
client' and must pre-approve any non-audit services by
its external auditors
 Audit Committees must report their activities to the public
6
The Sarbanes/Oxley Act of 2002
(continued)
 Audit Committees must have at least one person who is
a financial expert. Other members must be
knowledgeable in financial accounting and control
 Audit engagement partners, as well as other partners
and managers with significant roles in the audit, must be
rotated off the engagement every five years
 A "cooling off" period before an audit partner or manager
can take a high-level position with an audit client without
jeopardizing the independence of the public accounting
firm
 Increased disclosure of "off-balance sheet" transactions
or agreements that may have a material effect Requires
the GAO to study a number of issues including the effect
of consolidation on competition with the accounting
profession, and an analysis of mandatory audit firm
7
rotation
Sarbanes/Oxley granted the PCAOB
broad authority including the power to
 Set auditing standards - the PCAOB has chosen to set
auditing standards
 Set financial accounting standards - the PCAOB has
chosen to let the FASB continue to set accounting
standards
 Set standards for the reports on internal control and risk
management
 Perform quality reviews of public accounting firms and
recommend penalties if the firms fail to perform
 Establish quality control standards for the audits of public
companies
 Require all public accounting firms that audit public
companies to register with the PCAOB and become
licensed to perform such audits
8
What are auditor independence
provisions?
Prohibits audit firms from performing
consulting work for their audit clients (in
most cases)
Makes the Audit Committee the auditor's
client
Requires the Audit Committee to preapprove any non-audit services by the
audit firm
Requires partner rotation on all public
company audits every five years
9
Discuss Corporate Responsibility
for Financial Reports
Sarbanes/Oxley Act requires the CEO and CFO
to certify the accuracy of the financial statements
and provides criminal penalties for
misrepresentation
The Act also- Requires management to describe whether they
have implemented a Corporate Code of Conduct
Requires management to report on the
effectiveness of internal control over financial
reporting
10
What is the enhanced role of audit
committees under Sarbanes?
Is designated as the audit client
Has oversight responsibilities over the internal
audit and financial reporting processes
Must be comprised of "outside" directors, i.e. not
members of management or have other
relationships with the organization
Must report on its activities, including the results
of significant discussions with the external
auditor
11
Audit committee responsibilities
include
 Be apprised of all significant accounting decisions made
by management
 Be apprised of all significant changes in accounting
systems and system controls
 Have authority to hire and fire the external auditor
 Review the audit plan and discuss audit results with the
auditor
 Have authority to hire and fire the head of the internal
audit function and set the budget for the internal audit
function
 Review the audit plan and discuss all significant results
 Receive all regulatory audit reports and meet with
regulatory auditors to discuss findings
12
What are the required
communications to the audit
committee?
Auditing standards (SAS 61) require specific
communications between the audit committee
and the external auditor:
Auditor's responsibility under Generally
Accepted Auditing Standards
Significant Accounting Policies
Management Judgments and Accounting
Estimates
Significant Audit Adjustments
Other Information in Annual Reports
Disagreements with Management
13
Generally Accepted Auditing
Standards (GAAS)
General Standards provide guidance in
hiring and training of auditors
Fieldwork Standards help auditors plan
and perform the audit
Reporting Standards help ensure clear
communication between auditor and
statement users
14
General Standards
1. The examination is to be performed by a
person or persons having adequate technical
training and proficiency as an auditor
2. In all matters relating to the assignment, the
auditor must maintain an independent mental
attitude
3. Due professional care is to be exercised in the
performance of the examination and
preparation of the report
15
Fieldwork Standards
1.
The work shall be adequately planned and assistants,
if any, properly supervised
2.
A sufficient understanding of the entity and its
environment, including its internal control, is to be
obtained to assess the risk of material misstatement of
the financial statements whether due to error or fraud,
and to design the nature, timing, and extent of further
audit procedures
3.
Sufficient competent audit evidence is to be obtained
through audit procedures performed to provide a
reasonable basis for an opinion regarding the financial
statements under examination
16
Reporting Standards
1. The audit report shall state whether statements
are fairly presented in accordance with
Generally Accepted Accounting Principles
2. The audit report shall identify those
circumstances in which accounting principles
have not been applied on a consistent basis
with the preceding period
3. Informative disclosures in the financial
statements are to be regarded as reasonably
adequate unless otherwise stated in the audit
report
17
Reporting Standards (continued)
4. The audit report shall contain either expression
of opinion regarding the financial statements,
taken as a whole, or an assertion that an
opinion cannot be expressed. When an opinion
cannot be expressed, the reasons should be
stated. In all cases where an auditor's name is
associated with financial statements, the report
should contain a clear-cut indication of the
character of the auditor's examination, if any,
and the degree of responsibility the auditor is
taking
18
Attestation Standards
Financial statement audits are only a small part of
the demand for assurance services.
Attestation standards have been developed to
ensure quality for a broader array of services
beyond financial statement audits.
Such services include attesting to financial
forecasts and projections, pro forma financial
information, internal controls, compliance with
contracts or regulatory requirements, and
agreed-upon procedures
19
Attestation Standards (continued)
Similar to GAAS with the exception of
Assertions are specific to the area on which the
attestation is being performed
Practitioner must have adequate knowledge in
subject matter of the assertion
Practitioner shall perform engagement only if the
assertion is capable of evaluation against an
established reasonable criteria and reasonable
consistent estimation or measurement
The report provides assurance related to the
specific assertion
20
Summary of Audit Standard
Setting and Authority (continued)
Audit Standard Setter
Public Company
Accounting Standards
Board (PCAOB)
Scope and Basis of Authority
Authority Base: U.S. Congress: Expressed in the
Sarbanes-Oxley Act of 2002
Scope: Sets audit standards for the audits of all
public companies that are registered with the SEC
American Institute
of CPAs (AICPA)
Authority Base: Historical, as self-regulatory
organization that had earned the public's trust
Scope:
Auditing standards for the audits of small
non-public companies
Attestation standards for areas other than public
company reports on internal control
Assurance services that are less in scope than an
audit such as reviews and compilations
21
Summary of Audit Standard
Setting and Authority (continued)
General Accounting
Office (GAO)
Authority Base: Congressional laws
establishing the GAO as audit arm of the
Congress and delegating to them the authority
to set standards for audits of governmental
entities
Scope: Sets audit standards for the audits
of all governmental entities in the U.S.
International Audit
Standards Committee
(IASC)
Authority Base: As agreed upon by countries
who agree to abide by their standards
Scope: Standards for financial statement
audits across most of Europe and many
developing countries
22
Summary of Audit Standard
Setting and Authority (continued)
International Audit
Standards Board
organization
Authority Base: Developed by the Institute
of Internal Auditors as a self-regulatory
Scope: Standards for the practice of
internal auditing around the world
23
Overview of Audit Process: A
Standards-Based Approach (1)
Planning the Audit
Understanding with the Audit Client
Scope of services to be provided
 Management responsibilities
Coordination of work with client personnel
Audit fees and expectations of each party
Develop an Understanding of Materiality
Audit must be planned to provide reasonable
assurance that material misstatements will be
detected
24
Overview of Audit Process: A
Standards-Based Approach (2)
Develop a Preliminary Audit Program
Develop understanding of client business and
industry
Develop understanding of risks client faces and how
they might affect
the company's financial statements
Develop understanding of management
compensation plans and how those
plans may motivate management actions
Develop preliminary understanding of client's
internal controls over
financial reporting
25
Overview of Audit Process: A
Standards-Based Approach (3)
Develop audit program on audit risk, internal
control quality,
accounting assertions, and materiality
Develop understanding of client's accounting
policies and procedures
Anticipate financial statement items likely to
require adjustment
Identify factors that might require modification of
audit tests
Determine the type of reports to be issued
26
Overview of Audit Process: A
Standards-Based Approach (4)
Gathering Audit Evidence: Testing Assertions
Third Standard of Fieldwork requires auditor to
gather "sufficient, competent, evidential matter"
in order to reach a conclusion on the fairness of
the financial statements
Audit Process is Designed to Examine
Assertions
The assertions inherent in the accounting
communication: existence,
completeness, rights and obligations, valuation,
and disclosure/
presentation
27
Overview of Audit Process: A
Standards-Based Approach (5)
Summarize Audit Evidence and Reach Audit Conclusion
 If the evidence supports fair presentation, auditor can move on to
 other areas of investigation
 If the evidence does not support fair presentation, auditor will
gather
 additional evidence. This will lead auditor to one of three states:
 Auditor reaches a conclusion and the client agrees to adjust
the

financial statements
 Auditor reaches a conclusion, but the client disagrees. The
auditor
will issue a report describing the differences in opinion
 Auditor is unable to reach a conclusion and the amounts are so
material, the auditor cannot render an opinion
28
Overview of Audit Process: A
Standards-Based Approach (6)
Reach an Audit Conclusion and Issue a
Report
For most engagements, the auditor will
reach a conclusion that the financial
statements are fairly stated and will issue
an unqualified audit report
Before issuing the report, the auditor will
meet with the audit committee to discuss
the audit process and the overall fairness
of the company's financial statements
29