Chapter IX
External Auditors Roles and Responsibilities
�Chapter Objectives:
Recognize the role independent auditors play in achieving effective corporate governance and reliable financial reports. Understand the history of auditing, the traditional roles of auditors, and regulations recently placed on them. Address the expectation gap regarding what auditors can provide in the way of reasonable assurance and the expectations of investors for a higher level of assurance. Identify the roles and responsibilities of the PCAOB, and discuss the auditing standards published by the PCAOB. Demonstrate the importance of auditor independence both in fact and in appearance. Discuss an integrated audit of both financial statements and ICFR.
Address the issue of a liability cap for independent auditors, and understand the
rationale on both sides of the issue. VIDEO ( VIDEO)
�The Accountancy Investigation & Discipline Board (AIDB) Audit quality Audit risk Audit strategy Auditor independence Control risk Detection risk Expectation gap Inherent risk Integrated audit approach Internal Revenue Service (IRS) International Standards on Auditing (ISAs) PCAOB-US Professional Ethics Executive Committee (PEEC) Standing Advisory Group (SAG) Statements on Auditing Standards
Key Terms
�External Auditing and Corporate Governance
�External Auditor Responsibility
Current auditing standards require that independent auditors provide reasonable assurance that the financial statements are free from material misstatements, whether caused by error or fraud, to render an unqualified opinion on the financial statements.
External auditors are not and should not be expected to provide absolute assurance regarding reliability of financial statements, but the public expectations concerning external auditors performance are high.
Users of audited financial statements generally expect external auditors to detect financial statement fraud and employees illegal acts and fraud, which affects the integrity of financial reports. External auditors, however, are more concerned with material misstatements in the audited financial statements.
�Auditor Competency
1. Professional competencies. To audit public companies, auditors should register with the PCAOB and meet all registration and inspection requirements. 2. Technical competencies. Auditors should be knowledgeable in professional standards, rules, laws and regulations, and understand their clients industry and business, corporate governance, financial reporting process, and internal controls. 3. Process competencies. Auditors ability to choose appropriate evidence-gathering procedures (tests of controls, substantive tests) and execute auditing procedures 4. Reporting competencies. Reporting competencies refer to the auditors ability and willingness to discover and report material misstatements.
�Reports Accompanying Financial Statements
Report on financial statements and related disclosures (prepared by auditor)
Are financial statements and disclosures according to GAAP?
Report on internal control over financial reporting (prepared by management)
Has company maintained effective internal control over financial reporting?
Report on internal control over financial reporting (prepared by auditor)
Is managements assessment of its internal control appropriate? Has company maintained effective internal control over financial reporting?
�The Purpose of the Audit Report
Definition of auditing: ... communicating results to interested users. Indicate whether the FS are in accordance with GAAP
Provide indication of what the FS would be like if GAAP were followed Provide any company-omitted disclosures
Indicate any unusual aspects of the audit examination
Scope limitations Division of responsibility
Indicate any unusual matters related to the company
Going concern uncertainty Consistency Emphasize a matter
�Four Categories of Audit Reports
Standard unqualified (clean opinion)
Unqualified with explanatory paragraph or modified wording Qualified
Adverse or disclaimer
�Definitions: Websters New Unabridged Dictionary
Qualified:
Having met conditions or requirements set
Limited, modified Unqualified: Not having the usual or requisite talents, abilities, or accomplishments Not modified, limited, or restricted by conditions or exceptions
�Types of Audit Reports
Type of Report
Unqualified Opinion
Interpretation
Financial statements taken as a whole present fairly the financial position, results of operations, and cash flows in conformity with generally accepted accounting principles (GAAP). Except for the effects of a particular matter, the financial statements present fairly the financial position, results of operations, and cash flows in conformity with GAAP. Financial statements do not present fairly the financial position, results of operations, and cash flows in conformity with GAAP. Auditor does not express an opinion on the financial position, results of operations, or cash flows.
Qualified Opinion
Adverse Opinion
Disclaimer of Opinion
�Unqualified Reports
�Standard Unqualified Report
The five necessary conditions have been met: 1. All four required statements are included. 2. The three general standards have been followed in all respects on the engagement. 3. Sufficient evidence has been accumulated and the auditor has conducted the engagement in a manner that enables the conclusion that the three standards of field work have been met.
�Standard Unqualified Report
4. The financial statements are presented in accordance with GAAP (including adequate disclosures. 5. There are no circumstances requiring the addition of an explanatory paragraph or modification of the report wording.
�Standard Unqualified Audit Report (Nonlisted Companies)
Title Address to client Audit notice Identify the financial statement s Report of Independent Auditor To the Board of Directors and stockholders of Any company Audit We have audited the accompanying balance notice sheets of Any company as of December 31, 1990 and 1989, and the related statements of income, retained earnings, and cash flows for the year then ended. These financial statements are the responsibility of the companys management. Our responsibility is to express an opinion on these financial statements based on our audits.
Management responsibility
Auditor responsibility
continued
�Descriptio n of the audit
No special mention of adequate disclosure or consistenc y Signature
Date
We conducted our audits in accordance with generally accepted auditing standards. Those standards require that we plan and perform the audit to obtain reasonable assurance about whether the financial statements are free of material misstatement. An audit includes examining, on a test basis, evidence supporting the amounts and disclosures in the financial statements. An audit also includes assessing the accounting principles used and significant estimates made by management, as well as evaluating the overall financial statement presentation. We believe that our audit provides a In our opinion, the financial statements reasonable basis for our opinion. referred to above present fairly, in all material respects, the financial position of Any company as of December 31, 1990 and 1989, and the results of its operations and its cash flows for the years then ended in conformity with generally accepted accounting principles. ___________________________________, CPA February 28, 1991
Opinion on financial statement s Refer to GAAP
�Audit Failures and Audit Quality
Following is the list of the initiatives that have been suggested to improve audit quality, as well as transparency. 1. 2. 3. 4. 5. Publication of audit engagement letters Shareholders rights to question auditors Publication of auditor resignation statements Lead audit partners signature on audit reports Active audit committee participation in evaluating the scope and results of the integrated audit of both ICFR and financial statements 6. Mandatory rotation of the audit firm every seven to twelve years in the context of the quality of audit work performed by the firm and the audit efficacy 7. Mandatory shareholder vote on the ratification of the independent auditor each year
�Public Company Accounting Oversight Board
The PCAOB profession. created by SOX to regulate the auditing
The PCAOBs primary functions are to:
1. Register public accounting firms that audit public companies. 2. Inspect the registered public accounting firms on a regular basis. 3. Establish auditing, attestation, ethics, quality control, and independence standards. 4. Conduct investigations and disciplinary proceedings.
�PCAOB Auditing Standards
The PCAOB has issued five auditing September 2007: standards as of 1. PCAOB Auditing Standard No. 1 (audit is conducted in accordance with auditing standards of PCAOBUS, the city and state has to be disclosed) 2. PCAOB Auditing Standards No. 2 and 5 (New PCAOB AS No. 5 superseded AS No. 2 and requires the independent audit to opine only on the effectiveness of ICFR, not the management processes and assessments concerning ICFR) 3. PCAOB Auditing Standard No. 3 (auditors are required to maintain the audit documentation in a sufficient manner and keep the records for at least seven years) 4. PCAOB Auditing Standard No. 4 (voluntary engagement for the auditors report on the companys elimination of previously reported material weaknesses in its ICFR)
�Roles and ResponsibilitiesInternal Control over Financial Reporting
Management: Designs and implements the system of internal control over financial reporting; evaluates the effectiveness of the companys internal control over financial reporting and provides a public report on that assessment; prepares the financial statements. Audit Committee: Has responsibility for oversight of the companys financial reporting process. Independent Auditor: Performs an audit of internal control over financial reporting and issues a report on managements assessment of internal control over financial reporting and on the effectiveness of internal control over financial reporting; also performs an audit of the companys financial statements.
20
�What Managements Report Will Include
Under the SEC rules, managements report on internal control over financial reporting should include the following information: Statement of managements responsibility for establishing and maintaining adequate internal control over financial reporting. Statement identifying the framework used by management to evaluate the effectiveness of internal control over financial reporting. Managements assessment of the effectiveness of the companys internal control over financial reporting as of the end of the companys most recent fiscal year, including an explicit statement as to whether that control is effective and disclosing any material weakness identified by management in that control. Statement that the registered public accounting firm that audited the financial statements included in the annual report has issued an attestation report on managements internal control assessment.
21
�PCAOB Auditing Standard No. 2:
An Audit of Internal Control over Financial Reporting Performed in Conjunction with an Audit of Financial Statements
1. AS No. 2 required three integrated reports on:
a. Financial statements audited by registered public accounting firms. b. Managements assessment of the effectiveness of internal control over financial reporting (Section 404). c. The effectiveness of internal control over financial reporting over financial reporting based on the auditors attestation of internal control.
2. AS No. 2 was effective beginning June 17, 2004.
22
�The Independent Auditors Opinion
The content of the auditors report is prescribed by the PCAOB standard. The most common opinions on the effectiveness of internal control over financial reporting will be: Unqualified Opinion. An opinion that internal control over financial reporting is effective: no material weaknesses in internal control over financial reporting exist as of the fiscal year-end assessment date. Adverse Opinion. An opinion that internal control over financial reporting is not effective: one or more material weaknesses exist as of the fiscal year-end assessment date. Disclaimer of Opinion. A report stating that restrictions on the scope of the auditors work prevent the auditor from expressing an opinion on the companys internal control over financial reporting.
23
�Report of Independent Registered Public Accounting Firm
1. Introductory Paragraph 2. Scope Paragraph 3. Definition Paragraph
6. Inherent Limitations Paragraph
5. Explanatory Paragraph*
4. Opinion Paragraph
7. Signature
8. City and State or County
9. Date
*The explanatory paragraph is required only when the auditors opinion is other than unqualified and may also be placed after the opinion paragraph
when the auditor issues two separate reports on the audit of financial statements and internal controls, thus making reference to opinion on the financial statement audit in the report on the internal control audit.
24
�Source: Release No. 2004-001, pages 116137, Appendix AIllustrative Reports, available at [Link].
25
�Source: Release No. 2004-001, pages 116137, Appendix AIllustrative Reports, available at [Link].
26
�Source: Release No. 2004-001, pages 116137, Appendix AIllustrative Reports, available at [Link].
27
�PCAOB Auditors Independence
The new rules restrict public accounting firms in performing a variety of tax services to their audit clients. The new rules are intended to prevent the selling of abusive tax shelters.
�Audit Committee Oversight of External Auditors
The extended committee are: oversight responsibilities for the audit
1. Appointment, compensation, and retention of registered public accounting firms 2. Preapproval of audit services and permissible nonaudit services 3. Review of the independent auditors plan for an integrated audit of both ICFR and annual financial statements 4. Review and discussion of financial statements audited or reviewed by the independent auditor 5. Monitoring the auditors independence 6. Auditor rotation requirement
�Audit Committee Oversight of External Auditors
The number of companies that change auditors, and the number of auditors changed
�Independent Auditors Communications with the Audit Committee
Communications from the committee to the independent auditor:
1. Appointment and retention approval of the independent auditor 2. Formal approval of audit and permissible nonaudit services 3. Formal approval of fees for both audit and nonaudit services with a keen focus on improving the quality of audit and nonaudit services 4. Any concerns or risks threatening managements reputation and integrity, etc. 5. Allegations of financial statement fraud
Communications from the independent auditor to the audit committee:
1. Seeking committee preapproval of all audit and nonaudit services in a timely manner 2. The critical accounting policies and practices used by management in the preparation of financial statements 3. All alternative treatments of financial information within GAAP 4. Any accounting disagreements between the independent auditor and the companys management 5. Any material, written communications between the independent auditor and the companys management throughout the course of the audit 6. Significant deficiencies and material weaknesses of ICFR 7. The audit report on annual financial statements 8. The review report on quarterly financial statements 9. The audit report on managements assessment of the effectiveness of ICFR 10. The audit report on the effectiveness of ICFR 11. Financial risks associated with financial reports
�Auditor Independence
Auditor Independence
�Consolidation and Competition in Public Accounting Firms
SEC rules require public companies that change their public accounting firms to file a Form 8-K, Item 4.01, to disclose changes within four days, whereas auditors are required to provide standard letters within ten days stating whether they agree with the companys disclosure without specifying any reasons.
�Integrated Audit Approach
Management assessment on the effectiveness of ICFR
Effectiveness of both design and operation of ICFR based on control criteria Fair presentation of financial statements in conformity with GAAP
�Audit Strategy
Audit Strategy: 1. No limited tests of controls 2. No use of cycle rotation in tests of controls 3. Dual testing of controls and substantive audit procedures
Auditors should focus on prevention, detection, and correction of controls at both the company level and the transaction level. Auditors should perform tests of controls as a basis for forming an opinion on the effectiveness of ICFR. Auditors should also perform substantive tests as a basis for expressing an opinion on the fair presentation of financial statements, regardless of the identified significant deficiencies and material weaknesses in internal controls.
�The Audit
Video
�Brief History Fraud Investigation
1900s -- Fraud detection was a primary objective of the audit 1940s -- Detection of fraud considered to be a responsibility not assumed 1960s -- Auditor acknowledged responsibility for detecting fraud that would normally be uncovered by an examination performed in accordance with GAAS. 1980s -- Auditor had responsibility to search for fraud that may have a material affect on the financial statements. 1997 -- SAS No. 82; 2002 SAS No. 99
37
�Types of Fraud
Financial Statement Fraud Misrepresentation of material facts Misappropriation of assets Concealment of material facts Illegal Acts Bribery Conflict of Interest Embezzlement of money or property Breach of fiduciary duty Theft of trade secrets of intellectual property Illegal acts
Management Fraud
FRAUD
Employee Fraud
�Why People Commit Fraud
Studies show that employees are likely to commit fraud when four conditions exist:
PRESSING FINANCIAL NEED OPPORTUNITY REASONABLE JUSTIFICATION LACK OF MORAL PRINCIPLES
39
�Embezzlement Formula
MOTIVE
OPPORTUNITY
+
+
RATIONALIZATION
CRIME [FRAUD]
40
�Profile of Fraud Perpetrators
The fraud perpetrator is more likely to be an ordinary member of the community: intelligent, respected, never suspected of dishonesty, NOT YOUR TYPICAL CRIMINAL TYPE. MORE LIKELY TO BE: A woman Married Church member Older Heavier Have children Have a higher education Never been arrested Have high self-esteem High achiever LESS LIKELY TO BE: Divorced Alcoholic Tattooed
41
�Financial Statement Fraud
Definition Deliberate misstatements or omissions of amounts or disclosures of financial statements to deceive financial statement users, particularly investors and creditors Financial statement fraud has become a daily thing. Press reports challenge the corporate responsibility and integrity of major companies such as Lucent, Xerox, Rite-Aid, Waste Management, Microstrategy, KnowledgeWare, Sunbeam, Cendent, and ZZZ Best, Enron, WorldCom, Qwest, Madoff, Satyam, Stanford Financial, and Parmalat.
42
�High-Profile Financial statement Fraud
Basis of the Fraud Older Example ZZZZ Best 1987 Phar-Mor 1992 Adelphia Year Recent Example Enron 2001 Year Fictitious revenue, documentation forgery and theft of corporate assets Personal use of assets, false documentation and financial statement fraud
2002
Capitalizing expenses, among Waste other issues Management
Abuse of accounting standards Savings and Loan Crisis
1997
WorldCom
2002
1982
Stock Options Backdating
2006
�Symptoms of Financial Statement Fraud
Continuous Deterioration of Quality and Quantity of Earnings Inadequacy of Cash Flow Overstatement of Inventories Overly Aggressive Accounting Management Short-termism Improper Revenue Recognition Overstatement of Assets
�Elements of Fraud
A false representation of a material nature Knowledge that the representation is false or reckless disregard for the truth (Scienter) Reliance on the false representation by the victim Financial damages are incurred (to the benefit of the perpetrator). The act was intentional.
�Auditor and Investigator Responsibilities
External Auditors (CPAs)
SAS 99: Consideration of Fraud in a Financial Statement Audit
Design audit to provide reasonable assurance of detecting fraud that could have a material effect on the financial statements. Perform fraud-related procedures
SAS 54: Illegal Acts
Focused primarily is on direct-effect illegal acts
SAS 61: Communication with Audit Committees
Internal Auditors (CIAs)
SIAS 3: Deterrence, Detection, Investigation, and Reporting of Fraud
Governmental Auditors
Focus on laws and regulations (compliance), design audit to detect abuse and illegal acts, report to the appropriate authority
Certified Fraud Examiners (CFEs)
Assignments begin with predication (probable cause)
46
�Auditors Responsibility for Detecting Fraud
GAAS makes NO DISTINCTION between the auditors responsibilities for searching for errors or for fraud Per SAS No. 99, auditors must specifically assess the risk of material misstatement due to fraud
47
�Assessing the Risk of Fraud
Pressure or incentive to commit the fraud
Direct financial gain, such as misappropriation of assets or retaining job Indirect financial gain, such as increase in stock price Perceived opportunity to commit the fraud
Can fraud be perpetrated without detection?
48
�Misappropriation of Assets Risk Factors
Susceptibility of assets to misappropriation
Employee relationships or pressures
Deficiencies in internal control
49
�Red Flags
Personal financial pressure Vices (drugs, alcohol or gambling) Extravagant lifestyles Real or imagined grievances against company Related parties Increased stress Internal pressures
50
�How Frauds Occurred
Poor internal controls Management override of internal controls Collusion between employees and third parties Collusion between employees or management Lack of control over management Poor or nonexistent corporate ethics policy
51
�Reasons Auditors Fail to Detect Fraud
Over reliance on client representations Lack of awareness or failure to recognize that an observed condition may indicate a material fraud Lack of experience Personal relationships with clients
52
�SAS No. 99
The Fraud Triangle
Rationalization
Incentives/ Pressures
Opportunities
53
�The Fraud Triangle
Incentives/Pressures
95 percent of all fraud cases involve either:
Financial pressures Vice-related pressures, including drug or alcohol addiction Expensive romantic relationships Need to maintain a particular lifestyle Medical problems
54
�The Fraud Triangle
Rationalization is the reconciliation of what we are doing with what our conscience tells us we should do. "I was only borrowing it; I planned to return it after things improved."
55
�The Fraud Triangle
Opportunity
Easiest to control of the three components Most frequently achieved with internal controls
Segregation of duties Authorizations Independent checks Physical safeguards Adequate documents and records
56
�3Cs of Financial statement Fraud
�Evaluate Control Environment
Tests of Controls Audit Risk Inherent Risk X Control Risk X
Detection Risk
Errors
Errors
Errors
Analytical Procedures
Misappropriation of Assets Financial Statement Fraud
Misappropriation of Assets Financial Statement Fraud Evaluate Controls Over Assets Opportunity
Misappropriation of Assets
Tests of Details
Financial Statement Fraud
Forensic Procedures
Management Integrity R 1 R 2
Evaluate Top Management Controls
Incentive/ Pressure
Incentive/ Pressure Fraud Risk Factors
Attitude/ Rationalization Fraud Risk Factors
Opportunity Fraud Risk Factors
58
�Audit of Defined Benefit Pensions
Employer-defined benefit pension reforms, as proposed by the administration and introduced by both the House and the Senate, would require plan sponsors to make minimum funding contributions equal to the greater of: (1)the contributions required under the plans funding standard account estimated based on the plans actuarial accrued liability, (2)deficient reduction contributions calculated under current liability rules. These reforms would replace the current laws double-barrel system with a single measure of assets and liabilities and required funding method.
�Auditors Liability Limitation Agreement
In February 2006, the Federal Financial Regulatory Agencies issued an interagency advisory that raised concerns regarding the negative impacts on the quality and reliability of audits when financial institutions agree to limit their independent auditors liability. The advisory, while observing an increase in the types and extent of provisions in financial institutions external audit engagement letters that limit auditor liability, informs financial institutions that they should not enter into an audit engagement that includes unsafe and unsound limitation of liability provisions relevant to an integrated audit of their financial statements and ICFR.
�Auditors Liability Limitation Agreement
�Conclusion
The audit function should be regarded as an external corporate governance mechanism that serves to protect investors from receiving incomplete, inaccurate, or misleading financial information and thus adds value to the effectiveness of corporate governance. SOX drastically changed the characteristics of the accounting profession by connecting the audit function to the corporate governance structure by requiring that the audit committee be directly responsible for not only hiring, compensating, and firing external auditors, but also overseeing their work, monitoring their independence, and avoiding potential conflicts of interest. In the auditing profession, the so-called expectation gap is referred to as the difference between (1) what the investing public and other users of audited financial statements believe the responsibilities of auditors are, and (2) what auditors are willing to assume as responsibilities according to their professional standards. New PCAOB AS No. 5 superseded AS No. 2 and requires the independent audit to opine only on the effectiveness of ICFR, not the management processes and assessments concerning ICFR.
�Conclusion
Sections 201 and 202 of SOX require that all audit and permissible nonaudit services to be performed by the companys independent auditor be approved by the audit committee. Auditor independence is the backbone of the auditing profession, affecting the auditors planning, evidence-gathering procedures, findings, judgment, and credibility, and public trust in the auditors opinion. Auditor independence is derived and guided by these three principles: (1) independent auditors may not audit their own work, (2) independent auditors may not function in the role of their clients management, and (3) independent auditors may not serve in an advocacy role for their audit clients. Tests of controls must be broadened to include understanding of ICFR and provide reasonable assurance about the effectiveness of both the design and operation of internal controls. Any contractual provisions that limit the external auditors liability or require waiving the right to a jury trial may have detrimental effects on auditor impartiality, objectivity, and quality.
