How to audit high-risk areas - Journal of Accountancy · MAKE YOUR AUDIT PRACTICE WORK SMARTER, NOT...
Transcript of How to audit high-risk areas - Journal of Accountancy · MAKE YOUR AUDIT PRACTICE WORK SMARTER, NOT...
Sponsored by
By Maria L. Murphy, CPA
ILL
US
TR
AT
ION
S B
Y N
AS
TY
AA
RO
MA
/IS
TO
CK
How to audithigh-risk areas
With the right focus and training, practitioners can master the most complex and challenging areas of audits.
June 201584 | Journal of Accountancy
SPONSORED REPORT
External auditors are under tremendous pressure to plan and execute audits in a constantly changing environment.
New accounting and auditing standards, such as the
converged revenue recognition standard that FASB and
the International Accounting Standards Board issued
and are now revising, create a constant need for audi-
tors to update the way they do their work. Meanwhile,
technology and globalization are changing the way
businesses operate, and regulators and investors are
increasing their scrutiny of auditors and the companies
that they audit.
Amid all this change, certain areas of audits have
emerged as particularly challenging and complex. Audit-
ing revenue recognition, internal control over fnancial
reporting (ICFR), and accounting estimates, including
fair value measurements, have been identifed by the
PCAOB, the Center for Audit Quality (CAQ), and the In-
ternational Forum of Independent Audit Regulators as
areas of high risk or high defciencies in audits. In the
United States, evolving standards related to going con-
cern have made this a challenging area as well.
Getting it right in these areas is a crucial component
of a high-quality audit. But that may not be the frst ques-
tion. PCAOB board member Jay Hanson, CPA, said a
more fundamental question is, “What does ‘right’ look
like?”
“Regulators like the PCAOB are charged with in-
specting for compliance and reporting on defciencies,”
Hanson said. “But we do see audit engagements that
are well done at the same inspected frms where def-
ciencies are found. A different way of thinking would be
for inspection reports to include observations about what
was done right on engagements.”
In the past couple of years, Hanson said, the board
has been trying to shift the discussion from one that in-
cludes the root causes of defciencies to one that also
identifes the root causes of successful audits.
“The successful audits have the right auditor atti-
tudes, engagement team involvement, resources avail-
able, and skill sets applied at the right place and time,”
he said.
PwC LLP’s Len Combs, CPA, said auditors can learn
from inspection fndings, PCAOB staff bulletins, and
CAQ alerts because they provide areas of common fnd-
ings and challenges for auditors. He said areas such as
revenue recognition, going concern, ICFR, and account-
ing estimates/fair value are challenging by nature.
“They often require auditors to evaluate not only what
happened in the past but also management’s expec-
tation of what may happen in the future,” said Combs,
the U.S. chief auditor and leader of auditing services,
methods, and tools for PwC.
The CAQ, which is affliated with the AICPA, issued
an audit risk alert for the 2014 audit cycle that included
these and other areas that can be challenging for audi-
tors. The alert is available at tinyurl.com/l2vq4n3.
Below are examples of some of the more challenging
aspects of auditing, along with suggestions on how to
audit these areas more effectively.
REVENUE RECOGNITION
Because revenue is often a signifcant account involv-
ing signifcant risks, auditors must understand the com-
pany’s business and processes, obtain appropriate audit
evidence, test controls over revenue, and assess poten-
tial misstatements. Auditors must understand the com-
pany’s sources of revenue and types of contracts and
evaluate whether the selection and application of ac-
counting principles for revenue recognition are appropri-
ate. Signifcant accounting estimates often are involved.
Auditing revenue includes testing whether revenue was
recognized in the correct period, performing procedures
to address fraud risk, and evaluating related fnancial
statement disclosures.
Hanson suggested that effective auditing of revenue
today requires a shift away from the approach used by
many auditors in the past, which focused on the balance
sheet with a more limited analytical review of the income
statement.
“Firms are on a journey towards better execution of
effective substantive analytical procedures,” he said.
“Auditors need not only to determine that there was a
reasonable change in revenue period over period, but
also to understand the reason for the relationships and
correlations of the numbers. They need to set expecta-
tions at a granular enough level in order to detect mate-
rial misstatements.”
The PCAOB in September 2014 issued Staff Audit
Practice Alert No. 12, Matters Related to Auditing Rev-
enue in an Audit of Financial Statements, to assist au-
ditors in this diffcult area. Hanson also points out that
auditors must understand the specifc risks of material
misstatements and design procedures around the com-
pany’s business process, including how its customers,
contracts, and products affect revenue recognition. He
suggested that when more senior members of the audit
team are involved in understanding the business and re-
lated processes, the audit work is more effective.
Combs indicated that not all areas of revenue rec-
ognition are high-risk and complex for all companies.
Companies producing a large number of homogeneous
products, which can be sold to a number of different
customers, may have less complexity around revenue
recognition. But he agrees that this area could be one
|
E
REVENUE RECOGNITION
www.benefitmall.com
You can trust Your clients to BenefitMall.
At BenefitMall, we pledge to support the business objectives of our Trusted Advisors. Working with BenefitMall is an easy and cost-effective way for any business to streamline operations and get back to the business at hand. With innovative products, strong customer service, reliable payroll processing and compliance support, it’s no wonder BenefitMall is an industry leader. Discover how BenefitMall can work with you and your clients.
Trust is the Basis of Every Solid Partnership
©2015 BenefitMall. All rights reserved. BenefitMall, the BenefitMall Logo, the BenefitMall ALL TOGETHER, BETTER Logo, the ALL Logo, ALL TOGETHER, BETTER and CompuPay are trademarks or registered trademarks of Centerstone Insurance and Financial Services, Inc. d/b/a BenefitMall or its affiliates in the U.S. California License #063979. *All other trademarks are the property of their respective owners.
June 201586 | Journal of Accountancy
SPONSORED REPORT
with high estimation uncertainty and fraud implications.
Survey statistics show that revenue recognition is a
high-risk area for fnancial statement fraud. Twenty-
three percent of respondents to The 2014 AICPA
Survey on International Trends in Forensic and
Valuation Services said that revenue recogni-
tion would be the most prevalent fnancial
statement misrepresentation issue in the
next two to fve years.
Combs said that although the new,
converged revenue recognition stan-
dard should not change the nature of
how to audit revenue estimates, he
expects it will introduce more situ-
ations where complex estimates
are necessary in accounting
for revenue that potentially
will result in higher assessed
risks and require additional
audit attention.
GOING CONCERN
FASB issued in 2014 Accounting Stan-
dards Update (ASU) No. 2014-15, Pre-
sentation of Financial Statements—
Going Concern (Subtopic 205-40). The
amendments create a new requirement
for management to perform an assess-
ment every reporting period of whether
there is substantial doubt about a company’s ability
to continue as a going concern and to provide related
disclosures of going concern uncertainties in fnancial
statements. FASB defned “substantial
doubt” for purposes of the accounting disclo-
sures, but that defnition does not apply to
the requirements under the auditing standards. Auditors
must assess management’s going concern evaluation
and required disclosures to evaluate whether the fnan-
cial statements are fairly presented in accordance with
GAAP. The audit requirements for evaluating going con-
cern under existing auditing standards (AU Section 341),
for purposes of determining whether to modify the audi-
tor’s report to include an explanatory paragraph about
going concern, have not been changed by the ASU’s is-
suance.
Combs believes this area can be challenging for audi-
tors because they often must evaluate the company’s
ability to generate future cash fows, which includes
management assumptions about the future.
“Specialists may need to be involved in assessing fu-
ture cash fows, sensitivities, and assumptions, including
assessing evidence which is contrary to management’s
projections,” he said. “The complexity and risk vary
based on the company’s environment and the
stability and history of the business.”
Hanson said there have been rel-
atively few inspection fndings based
on the current auditing standard on
going concern but noted that the
PCAOB has heard from investors that
going concern reporting under current
standards may not be meeting their needs.
He encourages auditors to follow the
standard and to think about whether
investors would want to know what
the auditors know about a company’s
ability to continue as a going concern.
The PCAOB issued Staff Audit Practice
Alert No. 13, Matters Related to the Audi-
tor’s Consideration of a Company’s Ability to
Continue as a Going Concern, in September
2014 and is developing a staff consultation pa-
per on whether to change the auditing standard,
including the form of the audit report and how to
test management’s assessment of going con-
cern under the new ASU. Hanson encouraged
auditors and others to send their comments on
the paper to the PCAOB staff after it is issued.
INTERNAL CONTROL
Defciencies in audits of ICFR are frequently noted in
PCAOB inspections, and the PCAOB issued Staff Audit
Practice Alert No. 11, Considerations for Audits of Inter-
nal Control Over Financial Reporting, in October 2013
focusing on this audit area. Auditors must understand
the fow of transactions and identify the risks of material
misstatement to select appropriate controls for testing
that address the risks. Selecting controls to test applies
to both routine and infrequent processes. Management
review controls intended to prevent and detect misstate-
ments should also be evaluated and tested for design
and operation. Auditors must understand information
technology related to fnancial reporting, including man-
ual and automated controls, IT general controls, specifc
risks resulting from IT, and controls over accuracy and
completeness of system-generated data and reports.
Misstatements detected during substantive procedures
must be evaluated to determine whether the internal
controls are defcient and whether the defciencies are
material weaknesses.
Hanson said that the Sarbanes-Oxley Act of 2002,
with its requirement for auditors to report on the effec-
tiveness of internal controls, was one of the most sig-
nifcant changes to audits since the securities laws were
enacted in 1933 and 1934. He added that it took some
time for frms to adjust to the requirements of Auditing
|
GOING CONCERN
INTERNAL CONTROL
© 2015 Thomson Reuters/Tax & Accounting. PPC and Checkpoint are registered trademarks of
Thomson Reuters and its affliated companies. All rights reserved.
MAKE YOUR AUDIT PRACTICE WORK SMARTER, NOT HARDER.Practitioners today need to be more effcient in audit planning and execution, without sacrifcing quality. Now, you can do
all of that and more, using the latest technology and a comprehensive, cutting-edge audit solution designed to maximize
your audit effciency and accuracy.
Discover how smart your audit practice can be with PPC’s SMART Audit Suite. You’ll fnd the innovative, risk-based audit
program design enables you to quickly assess your risk and tailor your procedures, without over-auditing.
See how your peers have made their audit process smarter with the SMART Audit Suite:
“We have improved our realization rates with the implementation and more effective usage of PPC’s SMART Practice Aids.”
“I would say that SMART Disclosure has cut our disclosure requirement time in half on each engagement.”
“I would absolutely recommend SMART Practice Aids (SMART Audit Suite) to a colleague. The suite has been a signifcant time saver for us.”
Find out how the SMART Audit Suite can help your audit practice work smarter, too.
Call 800.950.1216 or visit tax.thomsonreuters.com/smart-suite to learn more.
WINNER 2011-2015
CPA Practice Advisor’s
Readers’ Choice Awards
Best Audit Engagement
Tools
June 201588 | Journal of Accountancy
SPONSORED REPORT
Standard No. 2, and later, No. 5. From 2011 through
2013, PCAOB inspection fndings in this area changed.
“The nature of the fndings evolved. Initially, frms did
not identify and test the proper controls. Now, frms are
identifying the appropriate controls to test, but not taking
all the steps to assess whether the controls were effec-
tive at detecting material misstatements. Auditors don’t
always really understand whether the controls accom-
plished what they were intended to accomplish,” Hanson
said.
Combs said frms are typically less challenged by au-
diting internal control over standard and routine transac-
tions and that automated controls within systems can re-
duce the risk of certain traditional internal control failures
(e.g., revenue recognition timing, where invoices are not
issued by a system until goods are shipped). More chal-
lenging is testing management controls over developing
and recording complex estimates.
“Firms have always followed the auditing standards in
this area, but a more granular analysis of risk and level of
testing is now applied,” he said. “For example, assessing
potential goodwill impairment risk has changed from a
macro risk assessment that goodwill may be impaired to
specifcally assessing that goodwill may be impaired due
to failure to meet specifc future revenue targets based
on assumed annual growth rates or new product intro-
ductions.”
Combs also said that in addition to frms’ consider-
ation of general information technology risks, more em-
phasis is being placed on the specifc risks and controls
over system-generated reports and data that manage-
ment uses when executing internal controls.
Hanson recommended that auditors review the audit-
ing standards and practice alerts in this area and then
construct training tools that use real-life examples of
how internal controls work in different transaction cycles
and how the controls may be audited.
ACCOUNTING ESTIMATES / FAIR VALUE
Auditors are responsible for evaluating how accounting
estimates were developed by management, assessing
the reasonableness of the estimates, and determining
whether they conform with GAAP and are appropriately
disclosed in the fnancial statements. When issuing an
opinion on ICFR or relying on internal controls in a fnan-
cial statement audit, auditors must test the internal con-
trols related to signifcant estimates.
The auditor’s evaluation of accounting estimates in-
cludes the reliability of data used; management’s pro-
cess, review, and approval of estimates; qualifcations of
personnel or specialists involved; comparing estimates
to actual results and prior history; and sometimes inde-
pendently developing estimates. A paradigm shift has
occurred in this area as well, according to Hanson.
“Previously, if an outside expert was engaged by man-
agement, the auditor had the expert’s audit evidence,” he
said. “But the standard requires far more. Auditors must
understand the expert’s methods and assumptions, test
the assumptions used when the estimate is a fair value
measurement, and apply skepticism to challenge man-
agement’s assumptions.”
This area is diffcult because it requires predictions,
which are also challenging for management. A chal-
lenging area includes controls and processes around
fair value measurements, inputs, and models. Hanson
suggested that for auditors to evaluate management’s
estimation process, they must have the right people in-
volved with the right skill sets and coordinate the work
performed and how the audit procedures are document-
ed. He also suggested that auditors manage their time-
line to make sure that management provides needed
information early enough to allow auditors time to under-
stand and challenge the estimates.
“Not all estimates are created equal,” Combs said.
“Auditors must understand the risk of the estimates and
assess how sensitive the estimates are to various as-
sumptions. They also must assess the expertise needed
to audit the estimates in areas where CPAs are not ex-
pected to be experts, such as actuarial valuations, envi-
ronmental regulations, or oil and gas depletion calcula-
tions.”
To the extent that management uses experts, wheth-
er by hiring employees or engaging outside specialists,
their competency and objectivity must be evaluated by
the auditor. This area is especially challenging for smaller
frms that may not have the internal resources and may
have to engage third-party specialists. The PCAOB’s
small business forums include this as a topic area and
provide training and resources. The PCAOB also issued
a staff consultation paper on auditing accounting esti-
mates and fair value measurement in August 2014 and
has engaged its Standing Advisory Group in discussions
on this complex topic.
These challenging audit areas are likely to continue
to be subject to evolving guidance and regulatory scru-
tiny. With the proper focus and training, though, practitio-
ners should be able to competently perform this complex
work and deliver high-quality audits. n
Editor’s note: Jay Hanson is speaking for himself, and
his views do not necessarily represent those of the
Board or the PCAOB as a whole.
—Maria L. Murphy ([email protected]) is a
freelance writer based in Wilmington, N.C.
|
ACCOUNTING ESTIMATES / FAIR VALUE