Select Auditing Considerations for the 2013 Audit Cycle

Transcription

1 Select Auditing Cnsideratins fr the 2013 Audit Cycle This Alert is intended t remind member firms f certain auditing cnsideratins that may be relevant fr the 2013 audit cycle. The Alert identifies and discusses sme f the mre judgmental r cmplex audit areas, including thse which have recently been the subject f attentin and fcus by regulatrs. While the Alert highlights certain areas fr cnsideratin, it shuld nt be relied upn as definitive r all inclusive, and shuld be read tgether with the applicable rules, standards, and guidance in their entirety. The CAQ encurages member firms t cnsider the tpics addressed in this Alert in executing their 2013 audits. This Alert cvers the fllwing auditing cnsideratins: 1. Internal Cntrl Over Financial Reprting 2. Prfessinal Skepticism 3. Engagement Quality Review 4. Accunting Estimates, Including Fair Value Measurements 5. Substantive Analytical Prcedures 6. Inaccurate r Omitted Disclsures Internal Cntrl Over Financial Reprting The Public Cmpany Accunting Oversight Bard (PCAOB) issued Staff Audit Practice Alert N. 11, Cnsideratins fr Audits f Internal Cntrl Over Financial Reprting (Practice Alert N. 11) 1, in Octber Practice Alert N. 11 highlights certain requirements f the PCAOB s auditing standards relating t aspects f audits f internal cntrl ver financial reprting cited frequently in PCAOB inspectin reprts. Practice Alert N. 11 fcuses n seven tpical areas related t the audit f internal cntrl ver financial reprting that are briefly summarized belw: Risk assessment and the audit f internal cntrl ver financial reprting: Risk assessment is a key element f the tp-dwn apprach and it underlies the entire audit prcess in the audit f internal cntrl ver financial reprting. Understanding the flw f transactins and identifying the risks f material misstatement including the types f ptential misstatements that can ccur and the likely surces f thse ptential misstatements is necessary fr the auditr t select apprpriate cntrls t test and t evaluate whether thse cntrls adequately address the risks. Examples f areas t fcus n include: Cnsidering whether review cntrls r ther detective cntrls adequately address the risks f material misstatement Obtaining an understanding f the likely surces f ptential misstatements related t significant accunts r disclsures Cnsidering whether cmpnents f a significant accunt r disclsure are subject t different risks; therefre, the auditr may need t select and test different cntrls t supprt a cnclusin that the cntrls adequately address the risks t the accunt r disclsure 1 See PCAOB alert at 1

2 Cnsidering the risks f material misstatement t the cnslidated financial statements assciated with a lcatin r business unit in a multi-lcatin audit and evaluating whether the cmpany s systems and cntrls were designed and implemented cnsistently acrss multiple lcatins Selecting cntrls t test: The auditr shuld select cntrls that, individually r in cmbinatin, are intended t address the identified risks f material misstatement. This includes selecting cntrls that address the relevant assertins and the cmpnents f the accunt r disclsure with differing risks. Sme risks, including thse related t cmplex prcesses r subjective estimates, may require a cmbinatin f cntrls t prevent r detect misstatements. Als, selecting cntrls t test applies t rutine, as well as, infrequent prcesses, such as analysis f whether lng-lived assets are impaired, and t nnrecurring transactins, such as a material business cmbinatin. Additinally, Auditing Standard N. 5, An Audit f Internal Cntrl Over Financial Reprting That is Integrated with An Audit f Financial Statements (AS 5), requires that a cntrl must be tested directly t btain evidence abut its effectiveness; an auditr cannt merely infer that a cntrl is effective because n misstatements were detected by substantive prcedures. Testing management review cntrls: Auditrs ften select and test management review cntrls in audits f internal cntrl ver financial reprting. As with ther types f cntrls, the auditr shuld perfrm prcedures t btain evidence abut hw a management review cntrl is designed and perates t prevent r detect misstatements. Sme management review cntrls perate at a level f precisin that wuld adequately prevent r detect material misstatements n a timely basis. Factrs that can affect the level f precisin include the fllwing: Objective f the review cntrl Level f aggregatin r disaggregatin Cnsistency f perfrmance Crrelatin t relevant assertins Predictability f expectatins Criteria fr investigatin In additin t assessing precisin, evaluating the design f a management review cntrl generally invlves btaining an understanding and evaluating the fllwing: Whether the cntrl satisfies the crrespnding cntrl bjective Steps invlved in identifying, investigating and reslving significant differences frm expectatins Cmpetence and authrity f thse perfrming the cntrl Frequency f perfrmance f the cntrl Infrmatin used in the review Verifying that a review was signed ff prvides little r n evidence by itself abut the cntrl s effectiveness. Testing perating effectiveness typically invlves evaluating evidence abut the steps 2

3 perfrmed t identify and investigate significant differences and cnclusins reached in the reviewer s investigatin. The assessment f the sufficiency f management s dcumentatin may als be imprtant t allw the auditr t prperly evaluate the perfrmance and effectiveness, reliance n inquiry f management alne is nt sufficient. Infrmatin technlgy (IT) cnsideratins, including system-generated data and reprts: PCAOB standards require the auditr t btain an understanding f the cmpany s infrmatin technlgy systems relevant t financial reprting and take IT cnsideratins int accunt in assessing the risks f material misstatement. This includes btaining an understanding f the extent f manual cntrls and autmated cntrls used by the cmpany, including the infrmatin technlgy general cntrls (ITGCs) that are imprtant t the effective peratin f the autmated cntrls. The auditr als shuld btain an understanding f specific risks t a cmpany s internal cntrl ver financial reprting resulting frm IT. If a cntrl selected uses system-generated data r reprts, the effectiveness f the cntrl depends, in part, n the cntrls ver the accuracy and cmpleteness f the system-generated data r reprts. In that situatin, assessing the effectiveness f the selected cntrl wuld invlve testing bth the selected cntrl and the cntrls ver the system-generated data and reprts. The existence f cntrl deficiencies in ITGCs may, hwever, impact the auditr s ability t cnclude n the effectiveness f the IT-dependent cntrl, as well as affect the nature and extent f cntrls identified ver such data and reprts. Rll-frward f cntrls tested at an interim date: Althugh the auditr expresses an pinin n internal cntrl ver financial reprting as f a specific date, auditrs may decide t test sme imprtant cntrls during the year. When auditrs test cntrls at an interim date, PCAOB standards require auditrs t perfrm rll-frward prcedures t update the results f interim testing thrugh the as f date f the reprt. In develping the rll-frward prcedures, the auditr may cnsider amng ther items, such factrs as significance f the risks related t the cntrl, length f the rll-frward perid, and extent f testing at an interim date. Using the wrk f thers: PCAOB standards allw the auditr t use the wrk f thers (e.g., internal audit) as evidence f the effectiveness f selected cntrls, and AS 5 requires auditrs t evaluate the extent t which the wrk f thers will be used. PCAOB standards prvide that the extent t which the wrk f thers can be used depends n the risk assciated with the cntrl being tested and the cmpetence and bjectivity f the persns whse wrk the auditr plans t use. The risk assciated with the cntrl is the risk that a cntrl might nt be effective and, if nt effective, that a material weakness culd result. As the risk assciated with the cntrl increases, the need fr the auditr t perfrm his r her wn testing f the cntrl increases. When the auditr uses the wrk f thers, the auditr als shuld test and evaluate that wrk, including evaluating the quality and effectiveness f the thers wrk. Evaluating identified cntrl deficiencies: Cntrl deficiencies might als be identified during the audit f the financial statements. PCAOB standards require auditrs t evaluate whether misstatements detected by substantive prcedures might alter the auditr s judgment abut the effectiveness f cntrls. PCAOB standards als require auditrs t evaluate the severity f each cntrl deficiency that cmes t his r her attentin t determine whether the deficiencies individually r in cmbinatin with ther deficiencies, including cntrl deficiencies that were identified with respect t the ITGCs are material 3

4 weaknesses. Fr example, an IT cntrl might nt be intended t prevent r detect misstatements by itself but an IT cntrl deficiency might impair the effectiveness f imprtant IT-dependent cntrls acrss multiple accunts. Evaluating whether a cntrl deficiency r a cmbinatin f cntrl deficiencies, results in a material weakness requires prfessinal judgment and a careful analysis f the evidence btained, including cnsideratin f misstatements identified as well as, assessment f the ptential magnitude f misstatement. Auditrs are encuraged t read Practice Alert N. 11, as well as AS 5, fr a mre thrugh examinatin f each f the abve tpics. Prfessinal Skepticism The auditr is required t plan and perfrm his r her wrk with due prfessinal care, which requires the auditr t exercise prfessinal skepticism. The PCAOB issued Staff Practice Alert N. 10, Maintaining and Applying Prfessinal Skepticism in Audits 2, in December 2012, certain aspects f which are discussed belw. PCAOB standards define prfessinal skepticism as an attitude that includes a questining mind and a critical assessment f audit evidence. As a result, prfessinal skepticism shuld be exercised thrughut the audit prcess, including in the areas discussed abve and in thse areas f the audit that invlve significant management judgments, and transactins that are utside the nrmal curse f business, and as it relates t the auditr s cnsideratin f fraud in an audit. In exercising prfessinal skepticism, the auditr shuld nt be satisfied with less than persuasive evidence because f a belief that management is hnest. The engagement partner is respnsible fr, amng ther things, setting an apprpriate tne that emphasizes the need t maintain a questining mind thrughut the audit and t exercise prfessinal skepticism in gathering and evaluating evidence, s that, fr example, engagement team members have the cnfidence t challenge management representatins. The engagement partner and ther senir engagement team members shuld als be invlved in planning, directing, and reviewing the wrk f ther engagement team members s that matters requiring audit attentin, such as unusual matters r incnsistencies in audit evidence, are identified and addressed apprpriately. Prfessinal skepticism invlves, amng ther things, cnsidering what can g wrng with the financial statements, perfrming audit prcedures t btain sufficient apprpriate audit evidence rather than merely btaining the mst readily available evidence t crrbrate management s assertins, and critically evaluating all evidence regardless f whether it crrbrates r cntradicts management s assertins. The fllwing are examples f audit prcedures in the PCAOB standards that reflect the need fr prfessinal skepticism: Reslving incnsistencies in r dubts abut the reliability f cnfirmatins Examining jurnal entries and ther adjustments fr evidence f pssible material misstatements due t fraud Reviewing accunting estimates fr biases that culd result in material misstatements due t fraud Evaluating the business ratinale fr significant unusual transactins 2 See PCAOB alert at 4

5 Evaluating whether there is substantial dubt abut an entity s ability t cntinue as a ging cncern fr a reasnable perid f time The auditr exercises prfessinal skepticism in evaluating audit results. Examples f areas in the evaluatin that reflect the need fr the auditr t exercise prfessinal skepticism include: Evaluating whether uncrrected misstatements result in material misstatement f the financial statements Evaluating ptential management bias, such as in accunting estimates and the selectin and applicatin f accunting principles Evaluating whether the financial statements include the infrmatin essential fr a fair presentatin f the financial statements in cnfrmity with the applicable financial reprting framewrk Engagement Quality Review On December 6, 2013, the PCAOB released a reprt n registered audit firms' implementatin and cmpliance with Auditing Standard N. 7, Engagement Quality Review (AS 7) 3. The PCAOB fund that, while firms' methdlgies generally were cnsistent with the requirements f AS 7, they did nt always result in an apprpriately executed engagement quality review. The reprt ntes that in a number f engagements in which the PCAOB inspectins staff identified audit deficiencies, the audit deficiency shuld have been identified by the engagement quality reviewer. In additin t the supervisin and review prvided by the engagement partner and ther senir engagement team members, the engagement quality reviewer als plays an imprtant rle in executin f an audit in accrdance with PCAOB standards. In particular, the engagement quality reviewer, pursuant t AS 7 is required t perfrm specific prcedures t evaluate the significant judgments made by the engagement team and the related cnclusins reached in frming the verall cnclusin n the engagement and in preparing the audit reprt. The specific prcedures identified in AS 7 include: Evaluating the significant judgments that relate t engagement planning, the identificatin f significant risks, and audit respnses t thse risks Reviewing the engagement team s evaluatin f the audit firm s independence Evaluating the significant judgments made abut (1) the materiality and dispsitin f crrected and uncrrected misstatements and (2) the severity and dispsitin f identified cntrl deficiencies Reviewing the engagement cmpletin dcument, cnfirming with the engagement partner that there are n significant unreslved matters Reviewing f the financial statements and related reprts (e.g., management s reprt n internal cntrl) Reading the ther infrmatin in dcuments cntaining the financial statements t be filed with the Securities and Exchange Cmmissin (SEC), and evaluating whether the engagement team has taken apprpriate actin with respect t any material incnsistencies with the financial statements r material misstatements f fact f which the engagement quality reviewer is aware 3 See PCAOB reprt at 5

6 Based n these prcedures, the engagement quality reviewer shuld als evaluate if apprpriate cnsultatins have ccurred n difficult r cntentius matters, whether the cnclusins relating t such matters have been apprpriately dcumented, and whether apprpriate matters have been cmmunicated, r identified fr cmmunicatin t the audit cmmittee, management, and ther parties The respnsibilities f the engagement quality reviewer shuld be carried ut with bjectivity and the applicatin f due care, with the firm apprpriately addressing the reviewer's findings befre issuing the audit reprt. Mrever, dcumentatin f an engagement quality review shuld cntain sufficient infrmatin t enable an experienced auditr, having n previus cnnectin with an engagement, t understand the prcedures perfrmed by the engagement quality reviewer t cmply with AS 7. Accunting Estimates, Including Fair Value Measurements The auditr is respnsible fr evaluating hw accunting estimates, which culd be material t the financial statements have been develped; assessing the reasnableness f accunting estimates made by management in the circumstances; and assessing whether they are presented in cnfrmity with applicable accunting principles and are apprpriately disclsed. Examples f management estimates may include, amng thers, thse related t the fair value f investments, allwances fr dubtful accunts and lan lsses, and uncertain tax psitins. When issuing an pinin n internal cntrl ver financial reprting r relying n internal cntrls in a financial statement audit, the auditr is respnsible fr testing the relevant internal cntrls related t significant estimates. When evaluating and testing management s cntrl(s) ver an accunting estimate, relevant aspects include: The reliability f underlying data used by management in develping the estimate Preparatin f the accunting estimate by qualified persnnel, and whether management has engaged an external specialist t assist in the develpment f the accunting estimate Adequate review and apprval f the estimates including, fr example, surces f relevant factrs and the develpment f assumptins Cmparisn f prir accunting estimates with subsequent results t assess the reliability f the prcess used t develp estimates Cnsideratin by management f whether the resulting accunting estimate is cnsistent with the peratinal plans f the entity Fr the financial statement audit, in evaluating the reasnableness f management s estimates, the auditr shuld btain an understanding f hw management develped the estimate and based upn that understanding, use ne, r a cmbinatin f the fllwing appraches 4 : Review and test the prcess used by management t develp the estimate. Fr example, testing management s gdwill impairment assessment wuld include reviewing and testing relevant assumptins inherent in management s prcess such as frecasted cash flw infrmatin r the discunt rate used 4 AU Sectin 342, Auditing Accunting Estimates, paragraph 10. 6

7 Develp an independent expectatin f the estimate t crrbrate the reasnableness f management s estimate. Fr example, develping an expected fair value fr a financial instrument by using an auditrdevelped mdel and cmparing it t management s estimate f fair value. When using this apprach, the auditr als btains an understanding f the prcess used by management t develp the estimate Review subsequent events r transactins ccurring prir t the date f the auditr s reprt In evaluating the reasnableness f an estimate, the auditr nrmally fcuses n key inputs and assumptins that are: Significant t the accunting estimate Sensitive t variatins Deviatins frm histrical patterns Subjective and susceptible t misstatement and bias Additinally, the auditr generally shuld cnsider histrical experience f the entity in making past estimates as well as the auditr s experience in the industry. After auditing each accunting estimate individually, the auditr shuld cnsider the accunting estimates in the aggregate in rder t evaluate whether the difference between estimates best supprted by the audit evidence and estimates included in the financial statements, which are individually reasnable, indicate a pssible bias n the part f the cmpany s management. A retrspective review is required f significant accunting estimates reflected in the financial statements f the prir year t determine whether management s judgments and assumptins related t the estimates indicate a pssible bias n the part f management. This review will als infrm the auditr n estimatin uncertainty r ther histrical difficulties encuntered. Substantive Analytical Prcedures The auditr may chse t perfrm substantive analytical prcedures as part f the verall testing apprach related t certain assertins fr a significant accunt. Amng ther financial statement areas, these may include certain assertins related t: revenue, depreciatin expense, payrll expense, and interest incme and expense. Substantive analytical prcedures may be effective tests fr relevant assertins related t accunts fr which: (i) ptential misstatements wuld nt be apparent frm an examinatin f the detailed evidence; r (ii) detailed evidence is nt readily available. Hwever, substantive analytical prcedures may nt always be effective in prviding the apprpriate level f assurance. Fr example, fr significant risks f material misstatement it is unlikely that audit evidence btained frm substantive analytical prcedures alne will be sufficient 5. Fr such significant risks, the auditr shuld perfrm substantive prcedures, including tests f details, that are specifically respnsive t the assessed risks 6. If the verall testing apprach includes substantive analytical prcedures, the auditr shuld determine whether there are plausible and predictable relatinships amngst the data used in the analytic. It is imprtant fr the auditr t understand the reasns that make the relatinships plausible and predictable, as data smetimes can appear t be related when there is n relatinship. If the auditr is cmfrtable with the 5 AU Sectin 329, Substantive Analytical Prcedures, paragraph 9. 6 Auditing Standard N. 13, The Auditr's Respnses t the Risks f Material Misstatement, paragraph 11. 7

8 plausibility and predictability f the relatinships and the reliability f the data used in perfrmance f the substantive analytical prcedure, the executin and dcumentatin f the substantive analytical prcedure shuld include the fllwing: Precisin f the expectatin: The precisin f the expectatin shuld cincide with the desired level f assurance such that differences that may be ptential material misstatements, individually r when aggregated with ther misstatements, wuld be identified. Fr example, the mre the data used in the substantive analytical prcedure is disaggregated and detailed, the mre precise it might be in detecting material misstatements. Investigatin and evaluatin f significant differences: In planning the analytical prcedure, the auditr shuld cnsider the amunt f difference frm the expectatin that can be accepted withut further investigatin. The threshld is influenced primarily by materiality and shuld be cnsistent with the level f assurance desired frm the prcedure. Fr example, the mre disaggregated the substantive analytical prcedure is, the smaller the acceptable difference withut investigatin shuld be. Any additinal auditing prcedures perfrmed in respnse t significant unexpected differences: The auditr shuld evaluate differences that are utside the accepted threshld established abve. This wuld generally include btaining sufficient evidence t crrbrate management respnses. Befre using the results btained frm substantive analytical prcedures, the auditr shuld either test the design and perating effectiveness f the cntrls ver financial infrmatin used in the substantive analytical prcedures r perfrm ther prcedures ver the cmpleteness and accuracy f the underlying infrmatin. Each element f the substantive analytical prcedure shuld be dcumented in the audit wrkpapers including the auditr s expectatin. Inaccurate r Omitted Disclsures The auditr must evaluate whether the financial statements are presented fairly, in all material respects, in cnfrmity with the applicable financial reprting framewrk. Evaluatin f the infrmatin disclsed in the financial statements includes matters such as the terminlgy used, the amunt f detail given, the classificatin f items in the financial statements and the basis f amunts set frth. The evaluatin als includes the frm, arrangement, and cntent f the financial statements, including the accmpanying ntes, as well as, cnsideratin f cnsistency with ther infrmatin presented utside the financial statements (e.g. MD&A). The results f this evaluatin shuld be cnsidered and cmmunicated t management r the audit cmmittee, as apprpriate, including the impact n the assessment f internal cntrls ver financial reprting. 8