Accounting and Auditing Standards Update2006 NSAA/NASC Joint Middle Management Conference...
-
Upload
kaylee-duffy -
Category
Documents
-
view
217 -
download
1
Transcript of Accounting and Auditing Standards Update2006 NSAA/NASC Joint Middle Management Conference...
Accounting and Auditing Standards Update—2006
NSAA/NASC JointMiddle Management ConferenceIndianapolis, IndianaApril 10, 2006
Effective Immediately Defining professional standards (SAS 102)
Effective for audits of June 30, 2007 F/S Audit documentation (SAS 103)
Effective for audits of June 30, 2008 F/S Risk assessment standards (SASs 104 –
111)
What We’ll Cover
What’s Coming AICPA Communicating Internal Control
Matters (SAS No. 112?) U.S. GAO Government Auditing
Standards (ED soon) OMB 2006 Compliance Supplement
(Final)
What We’ll Cover
Ethics Rulings (Nos. 113 & 114) Ethics Conceptual Framework
If Time Permits . . .
Our Objectives
As a result of today’s session, participants will be able to:Identify the key the concepts for recently
issued audit standardsFollow and understand the development
of current auditing standards projectsConsider the impact for auditing (or
being audited)
SAS No. 102 and SAE 13—Defining Professional Requirements
SAS No. 102 and SAE No. 13
Defines terminology to describe degree of responsibility to auditor
Unconditional—“Must” or “Is required” Presumptively mandatory—“Should” Explanatory—Descriptive guidance rather
than imperative Applies to existing standards
SAS No. 103—Audit Documentation
Audit Documentation Basics
In sufficient detail for an experienced auditor without connection to the audit to understand:Work performedResults of that workEvidence obtainedConclusions reachedAccounting records agree or reconcile with
the financial statements or other information.
Audit Documentation Basics
An experienced auditor is one who knows enough, including understanding of:Audit processSASs and legal/regulatory requirementsThe entity’s business environmentAuditing and financial reporting issues
relevant to the entity’s industry.
Audit Documentation Basics
Oral explanations are not sufficient support for work performed or
conclusions reached
More Documentation Guidance
What should be in or outElectronic mediaAbstracts and copiesSignificant findings and issuesSuperseded drafts and notesPrior versions
More Documentation Guidance
Identify preparer and reviewerWho performed the audit workThe date such work was completedWho reviewed specific documentationThe date and extent of such review
Document specific items tested
New Dates to Remember
Field workNo earlier than when sufficient evidence
exists to support the opinion Audit files assembled
Within 60 days after report release Retention
Minimum 5 years after report release
SAS Nos. 104–111—Risk Assessment Suite of Standards
Risk Assessment Standards
Most far-reaching change in standards in 20 years
Issued in March 2006 Amends or revises 8 existing
standards
Standards Amended or Revised Amends SAS 1, Due Professional Care Amends SAS 95,GAAS Planning and Supervision Understanding the Entity and Assessing Risks Audit Evidence Audit Risk and Materiality Performing Audit Procedures and Evaluating
Evidence Amends SAS 39, Audit Sampling
Risk Assessment Standards—Objectives More in-depth understanding of entity
and internal controls More rigorous assessment of risks of
misstatement Improved linkage between assessed
risks and audit procedures performed
Planning and Supervision
Enhances guidance onPreliminary activitiesAudit strategy and planEstablishing understanding with
clientCommunication with Governance
Understanding Entity/Assessing Risks Guidance for
Gaining understanding about entitySources of information
Discuss internal control components Describe risk assessment process
Audit Evidence
Enhances guidance onSufficiency of audit evidenceAudit procedures, incl. tests of controls
New assertionsClass of transactions (5)Account balances (4)Presentation and disclosures (4)
New Assertions
Class of transactionsOccurrenceCompletenessAccuracyCutoffClassification
New Assertions
Account balancesExistenceRights and ObligationsCompletenessValuation and Allocation
New Assertions
Presentation and disclosuresOccurrence and Rights and
ObligationsCompletenessClassification and UnderstandabilityAccuracy and Valuation
Risk and Materiality
Guidance forConsidering risk and materiality at the
financial statement levelConsidering risk and materiality at the
transaction, balance, or disclosure level
Reassessing materiality as audit progresses
Risk and Materiality
Evaluating misstatementsKnownLikelyIndividually and in the aggregateIron curtain versus rolloverQualitative
Performing Procedures
Design procedures that respond to risksDetermining overall responseTesting controls (encouraged)Substantive tests
Evaluate sufficiency of evidence
Tests of Controls
Auditors cannot default to “the Max” Tests of effectiveness “encouraged” Explains when controls must be tested
I/C test can be rotated once every 3 yearsAnnual update to confirm no changesTest annually, if changedLengthy discussion of IT controls
Communication of Internal Control Matters Identified in an Audit
Communicating Internal Controls
New definitionsControl deficiencySignificant deficiencyMaterial weakness
New thresholdMore deficiencies required to be identified
as significant or material
Snapshot of the Difference
Old Definitions New Definitions
Material weakness Material weakness
Reportable conditionSignificant deficiency
Management letter comment
Other internal control matter
U.S. GAO Temporary Exemptions and Guidance in Response to Hurricanes Katrina and Rita
The Quick and Dirty . . .
Temporary exemption for some from:Certain independence standardsPeer review requirementsContinuing professional education
requirements
The Quick and Dirty . . .
Guidance for some for:Required audits when auditee’s
records are lost or destroyedCompleted or in-process audit
documentation lost or destroyed before audit report issued
U.S. GAO Plans for Revising Government Auditing Standards
Yellow Book Revisions for 2006 GAO drafting Advisory Council reviewing Exposure draft in late April/early May 2006 Version issued late Summer/
early Fall Likely effective for 2007
Yellow Book Revisions for 2006 Strengthen audit quality Evidence and data reliability in
performance audits Expand categories of nonaudit
services Reporting deficiencies in internal
control
Yellow Book Revisions for 2006 Enhanced ethics discussion Auditor’s responsibilities for
restatements Use of GAGAS with other standards Clarification and clean up
Strengthen Audit Quality
ObjectivesIncreased emphasis on qualityIncreased transparencyConsideration of peer review and
internal inspection quality
Strengthen Audit Quality
Defines elements of QC systemEthical requirementsAcceptance and continuation of auditsHuman resourcesAudit performance and reportingMonitoring of quality
Strengthen Audit Quality
Defines “normal” monitoringFormal and documentedFor the entire yearCover all elements of QC systemReview of audit documentationPerformed by those not performing workWritten report and appropriate follow-up
Strengthen Audit QualityNew external peer review timeframes
If the most recent peer review is:
Adverse Annual external review
Modified Annual follow-up
Unmodified, no enhanced criteria
Triennial external review
Unmodified, with enhanced criteria
Quinquennial external review
Strengthen Audit Quality
Enhanced monitoring criteriaRigorous annual internal inspection
Review independence and human capital Review audits Survey professional staff Formal report to top management Consideration and corrective action
Strengthen Audit Quality
Enhanced monitoring criteriaTransparency: public disclosure of
Description of QC systemInternal inspection resultsExternal peer review opinion and letter
of comments
Strengthen Audit Quality
Enhanced monitoring criteriaOther criteria:
Most recent external peer review included review of inspection process
No major changesNo violations or sanctions
Evidence and Data Reliability for Performance Audits
ObjectivesClearly articulate level of assurance in
performance auditsImprove consistency in practiceUpdate concept of appropriateness of
data used as evidence
Evidence and Data Reliability for Performance Audits
Defining level of assuranceReasonable assurance over answers to
audit questionsReasonable assurance of adequate
support to achieve objectivesLevel of assurance and tests of evidence
will vary
Evidence and Data Reliability for Performance Audits
Sufficient, appropriate evidenceReplaces sufficient, competent,
relevantPrevious: competent = valid, reliableNow: appropriate = relevant, reliable,
valid
Evidence and Data Reliability for Performance Audits New “overall assessment of evidence”
Discussion for evaluating sufficiency and appropriateness
Assess data and information used as: Appropriate—gives reasonable assurance Not appropriate—unacceptably high risk for
use Undetermined appropriateness—cannot
conclude about appropriateness
Evidence and Data Reliability for Performance Audits Enhanced reporting
Expanded discussion of data assessments in Objectives, Scope and Methodology section
Expanded GAGAS citation—adds:“We believe the evidence obtained provides a reasonable basis for our findings and conclusions based on our audit objectives.”
Expand categories of nonaudit services
ObjectivesClarify other nonaudit services we
performReiterate need to consider in relation
to independence
Expand categories of nonaudit services
Four new categories on nonaudit servicesFor us, the legislature, or external partyRoutine activitiesProviding basic or limited servicesActivities replacing entity
Expand categories of nonaudit services
Legislature/others Would not impair
Routine activities Would not impair
Limited services Safeguards needed
Replacing entity Would impair
Reporting Deficiencies in Internal Control
Objectives—consistency with PCAOB and AICPA
Same revisions as AICPA’s new revisions
New reporting requirements
Reporting Deficiencies in Internal Control
New reporting guidanceMaterial weaknesses in I/C ReportSignificant deficiencies
Can be in same reportCan be in separate report, if issued to same recipients within 45 days
Reporting Deficiencies in Internal Control New challenges for auditors
Timing of issuing I/C Report—same as financial statements
How to report significant deficiencies—in same report or separate?
Applying language to single audit
Enhanced Ethics Discussion
ObjectivesClarify ethical requirementsHighlights ethical responsibilitiesExpand discussion of professional
judgment
Auditor’s responsibilities for restatements Objectives
Provide guidance for growing problem (in federal financial statements)
Requires auditors to assess management’s judgments, adequacy and timeliness
Requires auditors to communicate to entity and others, if entity fails to do so
Other Standards and Cleanup
Guidance for audits under multiple standards
Defining must, should and should consider
Sundry other minor items
U.S. OMB 2006 Compliance Supplement
2006 Compliance Supplement
Will be a complete version Drafts have been circulated Plan to issue soon Appendix V for list of changes
Part 3—Compliance Requirements
Updated to reflect reissuance of Cost Circulars and cost principles
Clarify common rule requirements Auditors to be alert for Improper
Payments Suspension and debarment
changes
Part 4—Agency Program Requirements Added Food for Peace Program (CFDA
98.008) Changes to Public Works and Economic
Development (CFDA 11.300) and Economic Adjustment (CFDA 11.307)
Lots of isolated/reference/changes changes
Part 5—Clusters of Programs
Updated R&D cluster for areas of vulnerability
Deleted Health Education Assistance Loans (93.108) from SFA Cluster
Added eZ-Audit to SFA program requirements
App. VI—Federal Agency Waivers
Recipients affected by Hurricanes Katrina and Rita (& Wilma)
Auditors should:Verify waiversConsult Dept.’s Internet Home PageStart with Parts 4, 5, or 7, then waiversReport finding if noncompliance and no/invalid
waivers
App. VI—Federal Agency Waivers
Part 3—Davis-Bacon Act Part 4—Table of programs affected
by waivers; and details by CFDA No. Part 5—SFA Cluster
No Changes
Part 6—Internal control Part 7—Guidance when not included App. I—Common Rule exclusions App. II—Federal agency codification App. VII—A-133 advisories App. VIII—SAS 70 for EBT
Updated References
App. III—Federal agency contacts App. IV—Internal references table App. V—List of changes App. IX—Supplement core team
Do we have time?
Ethics Rulings No. 113 and 114—Gifts or Entertainment
Auditors and Gifts or Entertainment
An auditor can offer or accept gifts or entertainment from his or her client (or a vendor), and not impair the auditor’s independence, ifThe gift is insignificant in valueThe gift or entertainment is reasonable
in the circumstances
What’s Reasonable?
Circumstances to considerNature of gift or entertainmentOccasionCost or valueFrequency and value of other giftsIn or around conducting businessWhether others participatedWho participated
Arizona’s Code of Ethics The employee shall not accept or solicit, directly or
indirectly, anything of economic value as a gift, gratuity, favor, entertainment, or loan that is or may appear to be designed to in any manner influence official conduct, particularly from a person who is seeking to obtain contractual or other business or financial arrangements with the employing agency, or who has interests that might be substantially affected by the performance or nonperformance of the employee's duty.
Arizona’s Code of Ethics This provision does not prohibit acceptance by an
employee of food and refreshments of insignificant value on infrequent occasions in the ordinary course of a meeting, conference, or other occasion where the employee is properly in attendance, nor the solicitation or acceptance by an employee of loans from banks or other financial institutions on customary terms to finance proper and usual activities of the employee, nor the acceptance of unsolicited advertising or promotional material such as pens, pencils, calendars, and other items of nominal intrinsic value.
Ethics Conceptual Framework for Independence Standards
Ethics Conceptual Framework
Risk-based tool used by Ethics Executive Committee
Now can be used by auditors when not addressed in existing rulings and interpretations
Risk Based Approach
Identify and evaluate threatsIf threats at acceptable level, no
safeguardsIf threats not at acceptable level,
consider safeguards
Risk Based Approach
Do safeguards eliminate or sufficiently mitigate threat?Use of one or more safeguards against
threatOne safeguard may eliminate one or
more threatsIf safeguards are unavailable or
ineffective, independence is impaired
Risk Based Approach
Definitions Threats—7 types explained Safeguards—3 categories
Created by profession or regulationImplemented by auditeeImplemented by auditor
And More to Come!
Internal Control Attestations—ED Communications with Governance
—ED Quality Control—ED soon Related Parties—ED soon
That’s About It!
Any Questions?