• Shuffle
    Toggle On
    Toggle Off
  • Alphabetize
    Toggle On
    Toggle Off
  • Front First
    Toggle On
    Toggle Off
  • Both Sides
    Toggle On
    Toggle Off
  • Read
    Toggle On
    Toggle Off
Reading...
Front

Card Range To Study

through

image

Play button

image

Play button

image

Progress

1/152

Click to flip

Use LEFT and RIGHT arrow keys to navigate between flashcards;

Use UP and DOWN arrow keys to flip the card;

H to show hint;

A reads text to speech;

152 Cards in this Set

  • Front
  • Back
sets standards that affect auditor
PCAOB/FASB
when does the SEC usually take action?
when the public gets concerned.... Congress tells SEC to do something
what org can regulate management?
SEC
who does the pcaob have power over?
just the auditors, NOT MANAGEMENT
Helps users of FS most accurately predict amount and timing of cash flows?
FASB
who regulates US public company auditors?
PCAOB
oversees management with respect to financial reporting
audit committee
- independent of management
picks auditor to ensure trustworthiness and independence
audit committee / independent directors
post vs. pre-sox
hiring auditor
pre - management
post - independent directors
post vs. pre-sox

$$$ for FASB/PCAOB (used to be AICPA)
FASB/AICPA used to get money from contributions from companies

now FASB/PCAOB get $$$ from tax on stocks
who makes up AC?
3 independent of management
1 accounting expert
In the UK…
• Auditors followed standards, but got blamed for not warning that banks were going to fail
• But the Bank of England was backing banks so was it really a going concern???
AS 16
auditor/audit committee communications
AS 16 required communications
• Accounting choices and alternatives, “quality” of accounting choices, estimate processes
• Discuss significant RMM, audit approach, use of “other auditors” accounting disagreements with management
• Audit differences – booked or not
• Any audit problems, significant “unusual transactions” and business basis for them
• Any illegal acts or fraud / significant ICFR deficiencies
• Ask audit committee about other illegal acts or fraud
• Justify audit firm’s u to audit committee
probability for disclosure-footnotes MW vs. SD
remote / reasonable possible / probable (70-100??)
who monitors on behalf of shareholders/all parties?
independent directors
IFAC
2 roles of directors
1. performance
(monitor on behalf of SH/all parties)
- value creation and resource utilization

2. Conformance
(conform with laws, practices)
- accountability assuacne
The structure that is intended to make sure that the right questions get asked and that checks and balances are in place to make sure that the answers reflect what is best for the creation of long-term sustainable value
corporate governance
is corporate governance running a business?
no corporate business is making sure a business is run well
2 dimensions of corporate governance according to the IFAC
1. performance
2. conformance
confident investor (world wide) wants...
- legal system to minimize probability of squander or theft of assets (US: sec, justice department, jail time, in top 25%)

- directors vigilant in protecting shareholder interest (debatable about US)

- audits to verify information relevant to performance and future prospects of company (US really good)

- fair voting on major decisions (US no, really hard to oust director)

- freedom to sell shares easily (US yes, small transaction fee)
objectives (wish list) for corporate governance
1. add value through.....
- transparency (disclosures, help others understand co)
- encourage efficient and effective strategy and operations

2. conserve value through...
- compliance with law and behavioral norms
- early warning of problems
- quick corrective action when needed

Problem?
these two conflict... to create and conserve value
- won't try anything new (QB and interceptions) and hard to tell if investors messing up or not
corporations and conflicts
- corporations as a person with limited liability, unlimited life, vague objectives and limited accountability (just to get #s right), operated by its managers for disperse (and transient) owners

- CEOs, once elected, control all strategic and operating decisions, directs, contracts, and gatekeepers; subject to oversight based on audited GAAP-based accounting

- conflicts of interest are pervasive; design problem is converting conflict to alignment of interests!
or how to balance
- competence
- conflicts of interest
- commitment (effort - restrictive stock)
should directors have a financial interest?
restrictive stock so they care if company does well
alignment of interest
board member duties
• Select, compensative (motivate?), evaluate, and replace (if necessary) the CEO
• Advice and counsel CEO
• Review strategies, plans, financials, given corporate objectives
• Nominate board candidates, evaluate board of directors
• Review adequacy of compliance systems for applicable laws and regulations
Management is responsible for financial statements and has discretion to…
• Choose transactions in which to engage
• Choose methods to account for transactions and events
• Choose how carefully to apply chosen methods
• Choose to misapply methods
….and is motivated to manage reported earnings
do SH own the corporation?
• No, they own rights to claims of net assets of the company
is gaap good for corporate governance?
it's indented to focus on LT and future cash flows BUT can lead to manipulation
constraints on corporate governance design
- free markets, voluntary contracts
- limited measurement criteria
- public disclosure downside
- limited statutory authority of SEC
- market alternatives for capital, resources, products, and regulation
who decides whether to record corrections?
CLIENT decides whether to record corrections, NOT THE AUDITOR
auditor's proposed corrections must be recorded to avoid an accounting qualification if they are...
1. individually material
2. material in the aggregate
3. qualitatively material (SAB 99)
5 audit procedures to verify BV are valid
• Observe
• Inspect
• Inquire
• Reperform
• Analyze
EVOC
existence
valuation
ownership
completeness
SAB 99
materiality if man correct no problem
if not consider 9 bullets and consider QUALITATIVELY MATERIAL
SAB 99
9 bullets for qualitative
1. hide trend change
2. manipulate earnings
3. meet target
4. profit sharing bonus
5.consensus forecasts
6. stock price
7. loan covenant
8. loss to profit
9. M a hard number
Central to corporate governance and social control of corporations?
• Auditing FS using standardized accounting
Third (and new) demand for auditing
• As central to mandated corporate governance
Now central to understanding auditing practice?
• Regulation (and political economic theory)
Affect the cost and value of being an accountant
• Human nature, economics, law, technology, culture, and markets interact to
Three uses of standardized financial information
1. by management: to better run the business

2. by investors and creditors: to make investment and lending decisions (inform outsiders)

3. by those charged with governance: to make intervention decisions
Is standardized world-wide financial reporting possible?
There’s no worldwide governing body, but business’ doing work globally want comparable numbers – lots of demand for this
how best to set global standards?
- individual national government mandates with convergence across nations

- global political group representation and voting

*- independent experts, due process, independent over sign with voluntary national adoption

- national government approved "global standard +" option

- individual global network firm choice - let market decide
other assurance standard
ISAE
IFAC standards
IAASB (ISAs auditing, ISAEs other assurance)
IESBA (ethics)
IAESB (education)
IPSASB (public sector accounting)
PCAOB standards
AS (auditing)
AT (other assurance)
Independence rules (ethics)
QC standards
Sarbanes-Oxley Act (2002)
Key US public company only provisions
Regarding ICFR quality:
o 404(a) requires CEO and CFO evaluate and report upon ICFR
o 404(b) requires audit and audit report on ICFR

Management “certification” (not audited per se, but…_
o 302 “disclosure controls effective”
o 906 financial statements “present fairly…”

Independent audit committee to hire and fire audit firm

Public company auditor inspections by PCAOB

Management can’t lie to registered auditor
404a
requires CEO and CFO evaluate and report upon ICFR
404b
requires audit and audit report on ICFR
302
management "certifications"
disclosure controls effective
906
management "certifications"
financial statements "present fairly..."
3 other SOX stuff
- independent AC to hire and fire audit firm
- public company auditor inspections by PCAOB
- management can't lie to registered auditor
Top 10 differences in design of IAASB and PCAOB
IAASB PCAOB
Global by design Some global influence via inspections or foreign filers (much more power, much less voluntary)
Market-driven services (e.g., no ICFR audits – no std. unless mkt demnds) Statute-driven (domestic crisis politics as force)
Public interest objective Investor protection objective
Comprehensive (all assurance services, all entities, all auditors) Limited to financial & ICFR audits of US public companies
Voluntary adoption (quality of stds, must be good or no adopt) Uses mandated by US law, no cost effective test
Developed in sunshine Unknown- but not sunshine
Diversity in members 3 non CPAs, 2 CPAs, stds staff
Audit expertise on board (all) No expertise necessary
Independent in selection, oversight, oath (only chairman paid) Staff is hired/paid by Board
Independent oversight by PIOB Oversight by SEC personnel
There are problems with and questions about standardized global financial reporting
• No single solution, but, Apparent demand for...
- Market-driven mechanisms

- Expertise of independent public interest groups

- Appropriate oversight at all levels with appropriate national government enforcement
who does SAB 99 apply to?
both man and auditor
FCPA
foreign corrupt practices act
- management can't put out materially misstated financial statements
untended consequence of PCAOB inspections?
double risk
- stop taking risky clients, punishment for partners
Part 1
list of mistakes by engagement
public
Part 2
about audit firm itself, across engagements, quality control
- private unless not fixed within 1 year
China and PCAOB
• Chinese government won’t allow PCAOB to inspect audit of EY Taiwan (for example)
• PCAOB/SEC doesn’t like bc major part of group audit of a US company
• Firm won’t give work papers bc might be killed
• Won’t allow foreigners to access numbers
• US gov hasn’t said give us, auditors can’t fix problem
• Problem → big part of total audit uninspected (Can you rely on firm to monitor their own people?)
Alternative to PCAOB inspections
• There are alternative ways of monitoring audit quality – for example, conducting “internal control audits” of audit firms’ internal quality control system supplemented by “substantive audits” of a few randomly selected audits
2 PCAOB embarrassments
1. Moore and Associates
o 321 clients, but still every 3 years, PCAOB not paying attention
o no one on staff had been to college
o 2 partners
o 7th largest
o SEC shut down

2. India
o Company with biggest fraud ever in India’s history
• Cash fraud, not looked at bc low risk accounts
sets and inspects own standards
PCAOB
how many standards changed since PCAOB inspections began?
0
AS 11
materiality and tolerable misstatement
• Current PCAOB standard
• Way shorter than IAASB (more how to, why)
• Doesn’t give %
• Good definition of terms
• Short checklist → PCAOB wants inspectable bullet points
• Big 4 manuals elaborate
standards for group audits
PCAOB - none; AS 11 component materiality

IAASB - ISA 600 - group covers US public
AICPA - AU-C 600 nonpublic
™ =
must correct above....
⅓ of M for stmts as a whole
1/6 of M for individual accounts
what applies to both management and auditors?
Only SEC stuff
so SAB 99
if FS are off by an immaterial quantitative amount are they wrong? What if management refuses to correct?
Not necessarily, must look at SAB 99
9 bullets for qualitative
4. Does the auditor have a responsibility to plan the audit to detect quantitatively immaterial misstatements? What about correction of such misstatements, if discovered?
• No, unless knew fraud/error prone area
who does AS 11 apply to?
only auditors
Component Materiality
• Group audit
• Amount a component can be misstated without the whole being off
• Misstatement allowed in 1 group so that total not materially misstated
Tolerable misstatement
• Amount an account balance can be off without making total misstated
• ½ M*
Internal Control Components (per COSO)
Group/entity level controls
- Control environment – overall context of control
process
- Monitoring – analysis of functioning of other
components of internal control
Process Level
- Risk assessment – identification, sourcing, and
sizing of threats
- Control activities – policies and procedures to
reduce likelihood that risk will exceed acceptable
limits
- Information and communication – systematic
transfer of information within and outside the entity
How can group auditor reliably assess RMM for a component?
• internal auditor and tests of entity-level “controls over controls” (internal audit process and test group controls)
• Test of group’s controls over component ICFR and internal audit across the group as a whole
• Analytical procedures for component as a whole (do #s seem reasonable?)
an audit is of high quality when
all professional and ethical and auditing standards are met
Why are there initiatives for AQI’s and how will they work?
• IAASB → if you can’t define AQ, how do you measure it?

• PCAOB → shouldn’t inspectors already know AQ? Here’s what AC should look for, but can’t release inspection report client specific information
o Encourage AC to ask their auditor

• CAQ → center for audit quality; organization started after PCAOB; lobbying group; represent AICPA; first to put out CAMs; usually do stuff fist and IAASB and PCAOB tweaks and adopts
Complications in evaluating Audit Quality
• Audits and auditors are economically motivated and pressured – motivation and pressures matter

• Underlying correctness of FS is unobservable and uncertain – uncertainty and risk matter

• Audits are idiosyncratic – differences matter

• Economical audits involve systematic processes – process matters

• Audits involve judgment – judgments differ along multiple dimensions across context and time frame
IAASB says… audit quality
• Quality audit when audit opinion can be relied upon because it was based on sufficient appropriate evidence from an engagement team with:
o Appropriate values, ethics, attitudes
o Sufficient knowledge, experience, and time
o Rigorous audit process and QC procedures
o Valuable and timely audit report
o Appropriate interactions with stakeholder


You can’t really argue with this definition, but very vague/nonspecific
• Doesn’t seem to help much
GAO says…
• An audit performed in accordance with GAAS to provide reasonable assurance that FS and disclosures are presented in accordance with GAAP
• So… material deviations from GAAS (or GAAP?) are presumed to reflect poor audit quality → restatements of previously released audited financial statements may mean poor audit quality
AS 2
IC audits
AS 5
change AS2 (IC)
PCAOB says…
AQ
• Nothing about AQ, but
• An audit failure is: a deficiency of such significance that the audit firm failed to obtain sufficient appropriate evidence to support its audit opinion (in other words, there is no “safe harbor” on quality”)
• Thus, a single inspections comment = a “low quality audit”?
o Bad regulator? Bc now more failures than when started
Academia says....
AQ
• The “market-assessed joint probability that a given auditor will both discover and report a breach in the clients accounting system”… when breach exists!
• Requires: competence, effort, objectivity, professional skepticism, independence
• Implicitly assumes that a “breach” is a GAAP violation and GAAP is relevant
AU 320
professional skepticism
Professional Skepticism – AU 320
• Questioning mind
• Critical assessment of evidence
Examples
• Willingness to challenge management
• Understand management’s motives
• Alert for evidence that is inconsistent
• Assessment of presumed honesty should not override inconsistent evidence
PCAOB: Auditor’s skepticism weak for
• Areas of significant management judgment

• Areas of greatest uncertainty

• Transactions outside of normal course of business
o Non-recurring transactions, financing activities, related party transactions, considerations of fraud
“Accounting Estimates” are required to...
• reduce receivables and inventory to their net realizable values
• determine accrual for warranty claims
• determine useful lives or expected pattern of future benefits from depreciable assets
• determine likely future costs to reorganize
• record provision for possible loss from litigation
• determine “fair value” of financial assets
• ….among other examples
Auditing Directly vs. Indirectly
• Count the beans
• Review the bean counting procedures
• Review subsequent events to assess BV of beans at balance sheet date
Which is best as to evidence?
• Quantities – best evidence is go count yourself
• Condition/MV – bean expert
• FV of contract – specialized, rely more on management’s knowledge
Human Judgments differ (a lot) given:
• Available information
• Available models for information integration
• “judge’s” knowledge, training, incentives, personality/inclinations, whose side on?
• time the judgment is being made; retrospective?
• Who gets to move first
o BVs, FV models, ICFR= SD or MV?; anchoring
3 ways to audit fair values
1. testing management’s specific assumptions, the valuation model, and the underlying data
o discounted CF; interest rates
o confirmation bias, just look at management’s first – sways you

2. developing independent FV estimates for corroborative purposes
o most rigorously and reliable
o really hard, lots of info they don’t have
o time consuming and costly

3. review subsequent events and transactions
AU 328
FV audits
PCAOB Meeting Last Week
• Inspections → motivation problems of inspections/preserve incentives/need for some random-based selection
• Audit Reporting Model → likely to re-expose given comments being received
• Audit standards setting → behind schedule and some are open to a change in process
• Center for economic analysis → cost benefit test for standards to be addressed by research
• Monitoring EC/FRC/IAASB developments → on tendering, joint audits, audit reports, engagement partner naming
• Consulting by global network firms → concern for both audit and non-audit clients (audit fees = 18% of total fees for one large firm)
what are AS?
new auditing standards
16
what are AU?
old auditing standards
written by AICPA in early 2000s
ICFR helps →
intentional employee and unintentional
ICFR doesn’t help much →
intentional management
• Controls designed by management so they can override
• Controls designed by management to make sure employees are not steeling / making mistakes
PFR
pervasive factors risk
o Design, walkthrough, operating effectiveness
o Weak controls
404(a)
• assess ICFR
• annual
• audited? Yes/no
• 2004 if MKTfloat > 75M
302
• certify disclosure controls and procedures
• interim and annual
• audited? NO
o except AU 550
• auditor read all other stuff filed with 10-K matches up with what financial statements say; don’t audit info, but make sure it matches
• 2003
906
• financial statements
• fairly presented
• interim (10-Q) and annual (10-K)
• Audited? Yes
• 2002
AU 550
• auditor read all other stuff filed with 10-K matches up with what financial statements say; don’t audit info, but make sure it matches
COSO
Internal control includes:
1. Effectiveness and efficiency of operation
2. Financial reporting
3. Compliance with laws and regulations
Components (criteria for ICFR in US per PCAOB):
Entity Level
- Control environment
- Monitoring

Process Level
- Risk assessments
- Control activities
- Information and communication
a lot less ___ if you can rely on controls
DR
- large clients
if you can't rely on controls...
lots of vouching/counting
what has to be done with MW?
don't have to correct
just have to disclose
direct costs of SOX 404(a) and (b)
1. audit fees
2. consultant fees
3. employee ICFR review and remediation
SOX 404(a) and (b) costs and potential disclosure benefits

Disclosure Benefits
• Lower cost of debt
• Lower cost of equity (about 1%)
• Customer/supplier trading benefits
• Labor terms benefits
Internal Benefits of SOX 404(a) and (b)
• Audit committee effort/confidence
• Better day-to-day operating decisions; less employee fraud
A deficiency in ICFR exists when
design or operation of a control does not allow management or employees, in the normal course of duties, to prevent or detect (any possible) misstatement on a timely basis
• Design deficiency exists when
control is missing or improperly designed
• Operation deficiency exists when
properly designed control is not operating as designed or person operating the control has inadequate authority or competency
Significant Deficiency →
is less than a material weakness, yet important enough to mention to those charged with oversight of ICFR
Material Weakness →
a deficiency or combination thereof, such that there is a reasonable possibility that a material misstatement of annual or interim financial statements not prevented or detected on a timely basis
ICFR limitations – AS 5
1. HUMAN FAILURES due to lack of diligence or compliance and to carelessness, distraction, mistakes of judgment, misunderstanding instructions

2. COLLUSION of lower management or an employee with insiders or outsiders to circumvent controls

3. Improper MANAGEMENT OVERRIDE of ICFR
Auditor reports ICFR…
• Deficiencies
management
Auditor reports ICFR…
• Significant Deficiencies
o management and audit committee (if not top management involved)
o audit committee (if top management involved)
Auditor reports ICFR…
• Material Weaknesses
o Audit committee (even if weakness is incompetent or ineffective audit committee)
o and disclose MW in annual audit report on ICFR
audits of internal controls are what kind?
direct assurance engagement
Financial Statement Audit Report (reasonable assurance)

Responsibilities →
statements are management’s… we express an opinion based on our audits
Financial Statement Audit Report (reasonable assurance)

Scope →
audit according to PCAOB standards to obtain reasonable assurance that… statements are free of material misstatement (test checking, assess account principle uses, and estimates)
Financial Statement Audit Report (reasonable assurance)

Opinion →
in our opinion, statements presented fairly in all material respects in compliance with GAAP
Financial Statement REVIEW Report (limited assurance)

Scope →
we have reviewed… (F/S) are the responsibility of management
Financial Statement REVIEW Report (limited assurance)


Procedures →
review in accordance with PCAOB standards… analytical procedures and inquiry of those… less than an audit… therefore, we express no opinion
Financial Statement REVIEW Report (limited assurance)


Opinion →
based on our review, we are not aware of any modification that should be made… to be in conformity with GAAP
INTERNAL CONTROL AUDIT REPORT (reasonable assurance/direct)

Intro →
we have audited the effectiveness of Co’s ICFR as of 12/31/13 based on COSO
INTERNAL CONTROL AUDIT REPORT (reasonable assurance/direct)

Opinion →
in our opinion, Co maintained effective ICFR as of 12/31/13… based on (COSO)
As of a date: not saying good all year or will be good going forward
INTERNAL CONTROL AUDIT REPORT (reasonable assurance/direct)

Inherent limitations →
because of its inherent limitations, ICFR may not prevent/detect material misstatements
INTERNAL CONTROL AUDIT REPORT (reasonable assurance/direct)

Definition →
ICFR is a process designed to…
INTERNAL CONTROL AUDIT REPORT (reasonable assurance/direct)

Scope →
audit provides reasonable assurance… in accordance with PCAOB standards
Testing Identified Controls – AS 5

Testing Operating Effectiveness
• Is the control operating as designed?
• Test via: inquiry of personnel, observation of operations, document inspection, re-performance of control
Testing Identified Controls – AS 5

Testing Design Effectiveness
• If operated by persons of authority and competence, would control prevent/detect material misstatement?

• Walkthroughs that include inquiry of personnel, observation of operations, and document inspection are ordinarily sufficient to evaluate design effectiveness!
ICFR reporting under AS 5
Material Weakness if it results in a reasonable possibility of a material misstatement of… FS
(material weakness if based on potential for or occurrence of material misstatement)
In forming opinion on IC, the auditor considers:
• Auditor’s evaluation of ICFR design and tests and operating effectiveness
• Auditor’s financial statement audit results (i.e., do detected misstatements suggest MW in ICFR?)
Auditor issues adverse ICFR opinion if material weaknesses exist OR a disclaimer if a scope restriction (or withdraw from engagement)
Alternative for ICFR audits (cheapest and least effective first)
1. comply or explain why not / audit or not = AU 550 if management says “we comply” when clearly don’t
o Voluntary guidelines – do or explain why don’t

2. nothing from management/enhanced control disclosure (i.e., source all misstatements to cause and include findings as auditor commentary)
o Auditor keeps track and lets public know about MW

3. SOX 404 (a) Management report / enhanced control disclosure
o Management self evaluate; avoid full IC audit

4. SOX 404 (A) management report / entity-level ICFR audit with enhanced control disclosure
o If entity good then can ignore procedures
FV audit problem
wiggle room (range) is more than materiality
AICPA and PCAOB differ now because of...
IC audits
4 constants
information quality (value) depends on decision maker's perception of ....
- measurement method relevance
- care in measurement process
- trustworthiness of measurement display

audit firm structure

public expectations and politics as fire alarm trigger
why did big 8 merger?
based on audit methods
2003-2013: PCAOB Decisions and Problems
• Decision to set own standards “in house”

• Decision to inspect partial engagement on “double risk biased” selection

• Decision to base need for standards revision on inspections rather than feedback from audit firms and independent experts

• Regulator objectives and competition

• Current proposals
standard setter vs PCAOB objectives
Standards Setters’ Objectives
• Maximize value of CPA while maintaining public interest
• Time pressure to get job done bc not paid big bucks and part time

PCAOB Objectives
• Oversea audits of public companies in order to protect interest of investors and further public interest in the preparation of informative, accurate, independent audit reports
• Std setters are full time and mostly not in audit business
• No big mess up until I get off board, no vested interest bc not auditors
3 expectation gaps
fraud
going concern
fv
3 problems
product mix
litigation
structure
3 fundamental roles for assurance
ensure running co well
inform others raising cap
corp gov
• at least three proposals each for
audit firm rotation, naming audit participants, disclosure of audit methods, and scope of services limits – all focused on “issuer pays” independence problem
formular for ICFR audit risk
no simple formula like AuR=IR x CR x APR x TDR

OR

in concept
ICFR AuR = f ( IR, DRCdesign, DRCoper, DRmisstatement)
3 test or procedures the auditor apply for an integrated audit of a client's ICFR under AS 5

pros and cons of each
1. source all misstatements as to cause and note if MW
+ cheap, catches most companies MWs
- doesn't catch MW if no mistakes found

2. test control DESIGN effectiveness
+ may find MW reasonably possible even if 0 mistakes
- requires experiences auditor to work

3. test control OPERATING effectiveness
+ audit staff may find good control not applied
- can be costly to apply and imprecise
AU 550
read all documents that accompany audited FS such as in 10-K and if any material statements of fact or materially misleading statements are found, withhold opinion until resolved

important bc SOX requires management statements in 10-K about MW via 404(a) and 302 - even if there is no 404(b) audit of ICFR
measurement criteria

ICFR under AS5
COSO
assurance standards
ICFR
PCAOB/AS 5
ICFR report

auditor finds theoretical MW in ICFR design by company argues no and no misstatements have even been detected
adverse
ICFR report

Co reports effective ICFR but auditor didn't audit ICFR but FS correct
not applicable - no report
ICFR report

MW found 12/31/11 auditor found no MW for 2012, auditor believes SD in 2012
none