Chapter 2

Corporate Governance and

Audits

Copyright © 2010 South-Western/Cengage Learning

AuditingA Business Risk Approach

7e

Rittenberg

Johnstone

Gramling

LO1: Corporate Governance

“A process by which the owners and creditors of an organization exert control and require accountability for the resources entrusted to the organization. The owners (stockholders) elect a board of directors to provide oversight of the organization's activities and accountability to stakeholders"

Primary parties involved in corporate governance

• Stockholders• Boards of Directors• Audit Committee as a subcommittee of the Board• Management• Internal Auditors• Self-Regulatory Accounting Organizations (e.g. AICPA,

FASB)• Other Self-Regulatory Organizations (e.g. NYSE, NASD)• Regulatory Agencies (e.g. SEC, FDIC, Environmental

Protection Agency)• External Auditors

Overview of Corporate Governance

LO2: Corporate Governance Responsibilities and Failures

• What are SEC concerns regarding the auditing profession?– Auditors were no longer willing to confront clients

over questionable accounting practices– Consulting fees were impairing auditor

independence– Accountants were using technical interpretations

of GAAP to push the limits of accounting

What are the Public Oversight Board (POB) concerns?

• Analytical procedures used inappropriately to replace direct tests of account balances

• Audit firms not thoroughly evaluating internal control and applying substantive procedures to address weaknesses in control

• Audit documentation, especially related to audit planning, did not meet professional standards

• Auditors ignored warning signs of fraud and other problems

• Auditors were not providing sufficient warning to investors about companies that might not continue as 'going concerns'

LO3: The Sarbanes/Oxley Act of 2002

Was passed by Congress in response to massiveaccounting scandals

Significant provisions include:• Establishes the Public Companies Accounting

Oversight Board (PCAOB) with broad powers, including the power to set auditing standards for audits of public companies

• Requires the CEO and CFO certify the financial statements

• Requires companies to provide a comprehensive report on internal controls over financial reporting

• Requires companies to certify correctness of financial statements quality of its internal controls

• Audit Committees given expanded powers as the 'audit client' and must pre-approve any non-audit services by its external auditors

• Audit Committees must report their activities to the public

• Audit Committees must have at least one person who is a financial expert. Other members must be knowledgeable in financial accounting and control

The Sarbanes/Oxley Act of 2002 (continued)

The Sarbanes/Oxley Act of 2002 (continued)

• Audit engagement partners, as well as other partners and managers with significant roles in the audit, must be rotated off the engagement every five years

• A "cooling off" period before an audit partner or manager can take a high-level position with an audit client without jeopardizing the independence of the public accounting firm

• Increased disclosure of "off-balance sheet" transactions or agreements that may have a material effect Requires the GAO to study a number of issues including the effect of consolidation on competition with the accounting profession, and an analysis of mandatory audit firm rotation

What are auditor independence provisions?

• Prohibits audit firms from performing consulting work for their audit clients (in most cases)

• Makes the Audit Committee the auditor's client• Requires the Audit Committee to pre-approve all

non-audit services by the audit firm• Requiring the audit committee to pre-approve any

nonaudit services provided by the public accounting firm

LO4: Corporate Responsibility for Financial Reporting

• Sarbanes/Oxley Act requires the CEO and CFO to certify the accuracy of the financial statements and provides criminal penalties for materially misstated financial statements

• The Act also-– Requires management to describe whether they have

implemented a Corporate Code of Conduct

– Requires management to report on the effectiveness of internal control over financial reporting

– Discusses the increased penalties for management

LO5: Enhanced role of audit committees

• As per Sarbanes-Oxley Act audit committees– Is designated as the audit client

– Has oversight responsibilities over the internal audit and financial reporting processes

– Must be comprised of "outside" directors, i.e. not members of management or have other relationships with the organization

– Must report on its activities, including the results of significant discussions with the external auditor

Audit committee responsibilities include

• Be apprised of all significant accounting decisions made by management

• Be apprised of all significant changes in accounting systems and system controls

• Have authority to hire and fire the external auditor. Review the audit plan and discuss audit results with the auditor

• Have authority to hire and fire the head of the internal audit function and set the budget for the internal audit function. Review the audit plan and discuss all significant results

• Receive all regulatory audit reports and meet with regulatory auditors to discuss findings

LO6: Required Audit Firm communications to the audit committee

• Auditing standards (SAS 61) require specific communications between the audit committee and the external auditor:

• Auditor's responsibility under Generally Accepted Auditing Standards

• Significant Accounting Policies• Management Judgments and Accounting Estimates• Significant Audit Adjustments• Other Information in Annual Reports• Disagreements with Management

LO7: Importance of Good Governance to the Audit

• Are less likely to engage in “financial engineering” and less risky to audit

• Have a code of conduct reinforced by actions of top management and independent board members

• Take the requirements of good internal control over financial reporting seriously

• Make a commitment to financial competencies needed

LO8: Audit Standard Setting

• Auditing standards are set by various authorities with one common objective– to provide assurance to the public that audits are conducted

in a professional manner and that misstatements are prevented and the financial results are clearly communicated

• Auditing and Assurance standards that apply to the auditor’s task of developing and communicating an opinion on the financial statements

• Attestation standards is a term used by the AICPA to describe assurance services that involve gathering

Audit Standard Setting (continued)

evidence regarding specific assertions and communicating an opinion on the fairness of the presentation to a third party

• Compilation and review standards or AICPA financial reporting standards which apply only to nonpublic companies where the board or a user has requested a lower level of assurance than that provided by an audit

LO10: Generally Accepted Auditing Standards (GAAS) and IAASB Principles

• General Standards provide guidance in hiring and training of auditors

• Fieldwork Standards help auditors plan and perform the audit

• Reporting Standards help ensure clear communication between auditor and statement users

General Standards

• The examination is to be performed by a person or persons having adequate technical training and proficiency as an auditor

• In all matters relating to the assignment, the auditor must maintain an independent mental attitude

• Due professional care is to be exercised in the performance of the examination and preparation of the report

Fieldwork Standards• The work shall be adequately planned and assistants, if

any, properly supervised

• A sufficient understanding of the entity and its environment, including its internal control, is to be obtained to assess the risk of material misstatement of the financial statements whether due to error or fraud, and to design the nature, timing, and extent of further audit procedures

• Sufficient competent audit evidence is to be obtained through audit procedures performed to provide a reasonable basis for an opinion regarding the financial statements under examination

Reporting Standards

• The audit report shall state whether statements are fairly presented in accordance with Generally Accepted Accounting Principles

• The audit report shall identify those circumstances in which accounting principles have not been applied on a consistent basis with the preceding period

• Informative disclosures in the financial statements are to be regarded as reasonably adequate unless otherwise stated in the audit report

Reporting Standards (continued)

• The audit report shall contain either expression of opinion regarding the financial statements, taken as a whole, or an assertion that an opinion cannot be expressed. When an opinion cannot be expressed, the reasons should be stated. In all cases where an auditor's name is associated with financial statements, the report should contain a clear-cut indication of the character of the auditor's examination, if any, and the degree of responsibility the auditor is taking

LO11: Fundamental Principles of IAASB Auditing Standards

• Objective of an audit of financial statements• Comply with relevant ethical requirements relating to

the audit engagement• Audit should be conducted in accordance with

International Standards on Auditing• Auditor should plan and perform an audit with an

attitude of professional skepticism• Reasonable assurance provided• Audit risk and materiality• Acceptability of the Financial Reporting Framework

Assurance Standards

• Reasonable assurance engagements– “Engagements in which a practitioner expresses a

conclusion designed to enhance the degree of confidence of the intended users other than the responsible party about the outcome of the evaluation or measurement of a subject matter against criteria"

• Limited assurance engagements– This is one in which the objective is to provide more

limited assurance by doing less work that may be appropriately understood by all three parties. Limited assurance engagements normally result in “negative assurance” and check to see if anything comes to their attention indicating a problem.

Elements of Assurance engagement Identified by IAASB

• A three-party relationship involving a practitioner, a responsible party, and intended users

• An appropriate subject matter• Suitable criteria • Sufficient appropriate evidence • A written assurance report in the form appropriate to

a reasonable assurance engagement or a limited assurance engagement

LO12: Attestation Standards

• Financial statement audits are only a small part of the demand for assurance services

• Attestation standards have been developed to ensure quality for a broader array of services beyond financial statement audits

• Such services include attesting to financial forecasts and projections, pro forma financial information, internal controls, compliance with contracts or regulatory requirements, and agreed-upon procedures

Attestation Standards (continued)

Similar to GAAS with the exception of• Assertions are specific to the area on which the

attestation is being performed• Practitioner must have adequate knowledge in subject

matter of the assertion• Practitioner shall perform engagement only if the

assertion is capable of evaluation against an established reasonable criteria and reasonable consistent estimation or measurement

• The report provides assurance related to the specific assertion

Overview of Audit ProcessA Standards-Based Approach (1)

• Planning the Audit• Understanding with the Audit Client• Scope of services to be provided• Management responsibilities• Coordination of work with client personnel• Audit fees and expectations of each party• Develop an Understanding of Materiality

– Audit must be planned to provide reasonable assurance that material misstatements will be detected

Overview of Audit ProcessA Standards-Based Approach (2)

• Develop a Preliminary Audit Program– Develop understanding of client business and industry

– Develop understanding of risks client faces and how they might affect the company's financial statements

• Develop understanding of management compensation plans and how those plans may motivate management actions

• Develop preliminary understanding of client's internal controls over financial reporting

Overview of Audit ProcessA Standards-Based Approach (3)

• Develop audit program on audit risk, internal control quality,– accounting assertions, and materiality

• Develop understanding of client's accounting policies and procedures

• Anticipate financial statement items likely to require adjustment

• Identify factors that might require modification of audit tests

• Determine the type of reports to be issued

Overview of Audit ProcessA Standards-Based Approach (4)

• Gathering Audit Evidence: Testing Assertions• Third Standard of Fieldwork requires auditor to

gather "sufficient, competent, evidential matter" in order to reach a conclusion on the fairness of the financial statements

• Audit Process is Designed to Examine AssertionsThe assertions inherent in the accounting communication: • existence,

• completeness, rights and obligations, valuation, and disclosure

• presentation

Overview of Audit ProcessA Standards-Based Approach (5)

Summarize Audit Evidence and Reach Audit

Conclusion• If the evidence supports fair presentation, auditor can

move on to– other areas of investigation

• If the evidence does not support fair presentation, auditor will gather additional evidence. This will lead auditor to one of three states:

Overview of Audit ProcessA Standards-Based Approach (5) (continued)

– Auditor reaches a conclusion and the client agrees to adjust the financial statements

– Auditor reaches a conclusion, but the client disagrees. The auditor will issue a report describing the differences in opinion

– Auditor is unable to reach a conclusion and the amounts are so material, the auditor cannot render an opinion

Overview of Audit ProcessA Standards-Based Approach (6)

• Reach an Audit Conclusion and Issue a Report• For most engagements, the auditor will reach a

conclusion that the financial statements are fairly stated and will issue an unqualified audit report

• Before issuing the report, the auditor will meet with the audit committee to discuss the audit process and the overall fairness of the company's financial statements