Theresa Golding BA 418 – Auditing Dr. Charles Pineno April 25, 2010 PART 1: “Small Firms May Face Audit Music” (published in The Wall Street Journal on April 19, 2007) addresses the ending of the delay in applying portions of the Sarbanes-Oxley Act of 2002 to smaller companies. At the time of the article, some 6,000 smaller public companies had yet to be required to “make an annual assessment of their internal financial-reporting controls with further review by the company’s outside auditor of these systems designed to help prevent accounting mistakes and fraud. The delay arose from complaints that compliance was overly costly and time consuming for larger companies. According to Mr. Cox, the SEC and the Public Company Accounting Oversight Board (PCAOB) are close to making less burdensome for all companies which would end the need to further exempt the smaller companies. The proposed changes would make realization of compliance in 2008 possible. Delays could again result if the new standards are not issued soon enough to meet the current deadlines. The chairman of PCAOB, Mark Olson, has blamed the high cost of complying on what is viewed as an overly cautious approach.
PCAOB reports that progress is being made but there is still a way to go as some auditing firms still have not fully integrated an audit of the company’s financial statements with an audit of the company’s internal controls which are interrelated. PART 2 –RISK ASSESSMENT STANDARDS: Standard 1 – Reasonable Assurance, Evidence SAS No. 104 (“Amendment to SAS No. 1, Codification of Auditing Standards and Procedures) addresses “the attributes of audit evidence and the concept of reasonable assurance. This particular standard is closely related to General Standard 3: The auditor must exercise due professional care in the performance of the audit and the preparation of the report. Chapter 1: The Role of the Public Accountant in the American Economy The two forms of assurance services that CPAs perform with particular emphasis on “those that increase the reliability of information. ” Since reliability enhancement is such a huge part of assurance services, this standard is fundamental because proper assessment and testing of risk plays a critical role in the reliability of information.
Chapter 2: Professional Standards This chapter introduced the 10 Generally Accepted Auditing Standards as set forth by the AICPA. As previously stated, there is a close relationship between Standard 1 and General Standard 3. Also, this standard also has a close relationship with Standard of Fieldwork 3 which reads: The auditor must obtain “sufficient appropriate audit evidence” by performing audit procedures to afford a reasonable basis for an opinion regarding the financial statements under audit.
The gathering of evidence regarding risk falls into this standard of fieldwork. Chapter 3: Professional Ethics Within the chapter on “Professional Ethics,” we learned that Article V of the AICPA Code of Professional Conduct addresses “Due Care” and states: “A member should observe the profession’s technical and ethical standards, strive continually to improve competence and the quality of services, and discharge professional responsibility to the best of the member’s ability. Reasonable assurance and proper evidence regarding risk assessment would fall under the “Due Care” responsibility. Chapter 4: Legal Liability of CPAs Chapter 4 described the sources of CPA liability as: Contract, Negligence, and Fraud. Should the CPA not incorporate the appropriate levels of reasonable assurance and evidence regarding risk assessment, they could be found liable for at least ordinary or simple negligence. If there was a blatant disregard for this standard, the possibility of gross negligence could also exist. Chapter 5: Audit Evidence and Documentation
The chapter detailed relationships among audit risk, audit evidence,
Chapter 6: Audit Planning, Understanding the Client, Assessing Risks, and Responding “Planning the audit” provides the foundation of the process. The reasonable assurance and evidence standard regarding risk assessment should be considered and integral part of the planning process. Chapter 7: Internal Control Assessment of internal control is part of knowing reasonable assurance can be given and regarding the reliability of the evidence acquired. Chapter 8: Audit Sampling Acceptable risk level is an important element of determining the proper sampling technique and size.
Should an inappropriate sample technique/size be utilized, reasonable assurance will be lacking. Standard 2 – Internal Control, Evidence SAS No. 105 serves as an amendment to SAS No. 95, Generally Accepted Auditing Standards. Along with addressing work by the auditor on internal control, it further addresses audit evidence as well. This standard broadens the understanding the auditor must obtain of the business as well as its environment. Chapter 2: Professional Standards There is a relationship between this Risk Assessment Standard and Standard of Fieldwork 2.
The fieldwork standard addresses the requirement for the auditor obtaining “a sufficient understanding of the entity and its environment”. It has now been further broadened when looking at the level of internal control. Chapter 5: Audit Evidence and Documentation The reliability of the evidence collected directly relates to whether it was “generated through a system of effective controls rather than ineffective controls. ” Those controls will be more thoroughly assessed under this new Risk Assessment Standard.
Chapter 6: Audit Planning, Understanding the Client, Assessing Risks, and Responding The scope of the audit plan is impacted by the level of internal control exercised by the client. Broadening the requirements regarding assessment will allow for a stronger foundation in how the plan is developed. Chapter 7: Internal Control This is likely the most important chapter regarding the ins and outs of internal control and this standard should be forefront when considering the content of the chapter.
Chapter 8: Consideration of Internal Control in an Information Technology Environment Technological advances have done much to advance levels of internal control. However, if technology is not being utilized effectively, it can also raise the level of risk and under the new standard must be evaluated very carefully. Chapter 9: Audit Sampling Internal control plays an immense role in the level of sampling that should be done. Given the broader consideration now due to internal control, sampling levels will likely be impacted. Standard 3 – Evidence
The standard defines evidence as comprising “all information that supports the auditor’s opinion on the financial statements. ” It also “stresses the importance of supporting management’s assertions regarding the financial statements by gathering audit evidence. ” Chapter 1: The Role of the Public Accountant in the American Economy The assurance service of reliability will only be at the proper level if the appropriate evidence is collected and examined with regards to the assertion of management. Chapter 2: Professional Standards Fieldwork standard 3 addresses the requirement of obtaining “sufficient appropriate audit evidence. This evidence directly ties to Reporting Standard 4 regarding the expression of an opinion regarding management’s assertions. Chapter 3: Professional Ethics Article II of the Code addresses serving the public interest. The public will look to the auditor’s opinion regarding management’s assertions and thus the evidence gathered should serve the purpose of protecting the public well. Chapter 4: Legal Liability of CPAs The inappropriate gathering of evidence could lead to the issuance of an incorrect opinion regarding management’s assertions and open the CPA to liability issues.
Chapter 5: Audit Evidence and Documentation Audit risk, audit evidence, and financial statement assertions are closely intertwined and the Risk Standard puts more emphasis on that relationship and will do much to increase the reliability regarding the assertions about the financial statements. Chapter 6: Auditing Planning, Understanding the Client, Assessing Risks, and Responding To guarantee the opinions issued regarding management’s assertions, it is imperative that a CPA plan the audit appropriately and have a working knowledge of the client.
This standard will strengthen risk assessment and the depth of knowledge the CPA will have about the client. Chapter 7: Internal Control Management’s assertions are influenced by their effective use of internal control. Analyzing and reporting on the level of internal control plays an important role in the opinion that will be issued regarding management’s assertions. Chapter 9: Audit Sampling The sampling scope needs to have the strength necessary to offer an appropriate opinion regarding management’s assertions.
The evidence gathered determines the level of sampling needed and due care must be exercised throughout the process with the CPA remaining cognizant of management’s assertions. Standard 4 – Audit Risk, Materiality SAS No. 107 addresses the relationship between audit risk and materiality and has employed a Modified Audit Risk Model. Chapter 2: Professional Standards Assessment of the risk of material misstatement of the financial statements is covered heavily in Standard of Fieldwork 2. The level of risk will greatly determine the design of the audit procedures.
Chapter 4: Legal Liability of CPAs Should the auditor not accurately assess the risk of material misstatement, issues of liability could arise. Chapter 5: Audit Evidence and Documentation The evidence collected and documentation kept is done in an effort to reduce audit risk and thus must be taken seriously and the level of risk must be adequately determined to provide this. Chapter 6: Audit Planning, Understanding the Client, Assessing Risks, and Responding The planning of audit should be undertaken in such a way that the level of risk determined can be sufficiently addressed.
A clear understanding of the client and a clear procedure for assessing risks are fundamental to the overall process. Chapter 7: Internal Control The stronger the internal control, the lesser the risk and vice versa. It is imperative that a proper assessment of internal control be done to insure that the risk level is known prior to the collection of evidence and the conducting of sampling. Chapter 9: Audit Sampling The greater the amount of sampling conducted, the lower the level of audit risk.
Proper risk assessment procedures are instrumental in determining the necessary level of sampling to be done. Standard 5 – Planning, Supervision SAS No. 108 “superseded guidance provided in previous standards and deals with the understanding of the engagement and planning issues. ” This standard provides that the auditor plan the strategy concurrently with planning the engagement. Chapter 1: The Role of the Public Accountant in the American Economy The nature of the attest engagement must be clear to both the CPA and the firm and clearly defined at the onset of planning.
Chapter 2: Professional Standards General Standard 1 requires “adequate technical training and proficiency” for the auditor and staff. Standard of Fieldwork 1 requires that the auditor “adequately plan the work and properly supervise any assistants. ” Should these standards not be adhered to, the audit risk will be higher than an acceptable norm and during the planning of both the engagement and audit procedures, the auditor should remain cognizant of the roles these standards are playing/not playing. Chapter 3: Professional Ethics
Auditors without proper training and proficiency that do not fulfill this responsibility are not acting in the ethical manner required of the profession and could likely face consequences. Chapter 4: Legal Liability of CPAs Auditors who do agree to an engagement for which they lack the proper training and/or technical ability (to include their assistants) could be open to liability issues in the area of contract and negligence. Chapter 5: Audit Evidence and Documentation Should proper planning and supervision not occur, the level of audit risk will be extremely high and likely not accounted for properly during the process.
Chapter 6: Audit Planning, Understanding the Client, Assessing Risks, and Responding Planning of the audit is the first and probably most important step in the Audit Process. This step provides the foundation and it is critical that the auditor know the business at hand, and have the necessary personnel with the necessary training to undertake the engagement. With the new standard this step is concurrent with the planning of the engagement as a whole. Chapter 7: Internal Control If the auditor and team do not adequately assess the internal control, audit risk will likely be understated.
It is essential that the risk assessment procedure implemented be understood by all and adequately applied. Chapter 9: Audit Sampling The risk determines the scope of sampling to be conducted. It is also important that ALL members of the team know the level of sampling to be done and have a clear understanding of the sampling procedure. Standard 6 – Understanding and Assessing Risk This standard again “supersedes previous guidance on the auditor’s consideration of internal control” and reiterates the need for the auditor to obtain “an understanding of the entity and its environment. Chapter 2: Professional Standards The easiest way for an auditor to adequately understand and assess risk to clearly understand the entity and its environment as well as the level and effectiveness of internal control which is once again in keeping with Standard of Fieldwork 2. Chapter 3: Professional Ethics Should risk not be properly understood or assessed, the subsequent reports issued will not be done with “Due Care” and thus, will not be in keeping with the Code of Professional Conduct as prescribed by the AICPA. Chapter 4: Legal Liability of CPAs
Misunderstanding and improper assessment of risk will likely create issues of liability for CPAs. Chapter 5: Audit Evidence and Documentation The audit evidence and documentation gathered/prepared should adequately reflect the risk level and thus a clear understanding and assessment of risk need occur to guarantee the appropriateness of said evidence and documentation. Chapter 6: Audit Planning, Understanding the Client, Assessing Risks, and Responding Proper planning can only occur with a proper understanding and assessment of risk.
So while planning the audit is technically the first step in the process, assessment/understanding of risk needs to be considered at the same time. Chapter 7: Internal Control Internal Control is at the center of risk assessment and should be considered part of the process of assessing risk, thus hopefully leading to a clear understanding. Chapter 9: Audit Sampling The needed level of audit sampling directly correlates to the perceived level of audit risk. Thus, a clear understanding and assessment of risk will do much to ensure the appropriate level of sampling.
Standard 7 – Responding to Risks SAS No. 110 (covered as Standard 7) works in conjunction with SAS 109 (covered as Standard 6). Response to risk was covered exclusively for terms of our course in Chapter 6: Audit Planning, Understanding the Client, Assessing Risks, and Responding. As stated in both the article and our chapter, an auditor responds to risk at two levels: 1) overall level of financial statement and 2) level of relevant assertion. This will be of greater focus with the new standards and Response to Risk will be of as much importance as the assessment of said risk.
Standard 8 – Sampling The purpose of SAS No. 111 is to provide guidance which addresses both statistical and nonstatistical sampling. The standard also “notes that the auditor should set tolerable misstatement at a level below that of materiality for the financial statements. ” Chapter 2: Professional Standards Sampling is an integral part of obtaining sufficient evidence which is basis for Standard of Fieldwork 3. Chapter 5: Audit Evidence and Documentation There needs to be an adequate amount of audit evidence collected to meet the sampling need.
The evidence collected also has to be adequate in amount to ease the risk which also applies to the sampling procedure in that the sample sizes need to be substantial enough to account for the risk. Chapter 6: Audit Planning, Understanding the Client, Assessing Risks, and Responding The level of risk is a crucial element in audit planning and the audit plan determines the level of sampling that must be completed to adequately deal with the risk level. Chapter 7: Internal Control
The strength of internal control plays a major role in the level of sampling that will be required because of the inverse relationship between risk and internal control. Chapter 9: Audit Sampling Audit sampling provides the best method for collecting evidence and the amount needed is proportional to the level of risk assessed. PART 3: The SASs described in the article will now need to be at the forefront of the management accountant’s mind when preparing for an audit. The procedures will now be far more involved and as a result, procedural adjustments will likely need to be made.
The auditors will likely expect far more from the management accountants because of the need to assess far more in terms of acceptable level risks. Management accountants would do well to address their internal control issues because the stronger the internal control the less the concern for risk in the eyes of the auditor. Clear understanding of the standards and what changes they have created will benefit a management accountant greatly as they will be better able to anticipate what an auditor and his or her team will likely be inquiring about and what evidence they will probably want to collect.
PART 4: Internal Control when implemented effectively does much to reduce the overall risk of material misstatement by a company. With the drafting and release of these new standards firms will do well to assess their current internal control and consider previous audit reports regarding it. The firms would do well to first address all areas of weakness that have been previously denoted if it has not already done so. Under the new standards, those particular areas will likely receive the most scrutiny from auditors.
Secondly, though other areas may not have been identified as weak in previous audits, they might likely be less effective under the new standards and as such should be assessed as to whether it will stand up under the scrutiny the new standards call for. The importance of quality internal control was not of much significance pre-Sarbanes Oxley, however 2002 brought an end to that and now with the more concise standards set forth recently, is of the utmost importance.