CFRA

NFRA & PCAOB – Dissecting

Peformance Evaluation of Audits and

Its relevance in current times for

Small and Medium Sized practitioners

January 22, 2020

CA Chirag Doshi

CD Financial ReEngineering Advisors LLP(CFRA)

CFRA

Way Forward

PCAOB

Personal Experience

NFRA

NFRA first report

How SMP can deal with it

CFRA

PCAOB

Formation

Top areas of Focus as per 2019

inspection outlook:

System of Quality control in firms

Independence

Recurring audit deficiencies

Internal Control Over Financial Reporting

Revenue Recognition

Allowance for Loan Losses

Other Accounting Estimates

Risks of Material Misstatement

External factors considerations

CFRA

PCAOB Statistics

The report by the Project On Government Oversight (POGO)

A top U.S. accounting watchdog has brought only 18 enforcement actions and

levied just $6.5 million in fines against the Big Four accounting firms in its 16-year

existence

The Washington-based group’s analysis of 16 years’ of PCAOB inspection reports

on the U.S. arms of the Big Four audit firms - Deloitte & Touche, Ernst & Young,

PricewaterhouseCoopers and KPMG - found the regulator identified 808

instances in which the firms issued defective audits.

the agency has only brought 18 enforcement cases related to 21 audits against

the Big Four. The Big Four audit 99% of companies in the S&P 500, according to

POGO.

According to the report, under its powers the agency could have fined the Big

Four a minimum of $1.6 billion, but public records indicate fines of only $6.5

million.

CFRA

My Learning and Experience

PCAOB

Initial Letter

Review consist of 2 parts:

Quality control review

Tone at the top

Partners evaluation, compensation , admission, responsibilities and disciplinary action

Practice for client acceptance and Retention

Independence

Firms internal inspection process

Audit policies and Procedure

Firms Training Calendar

Audit Engagement review

CFRA

My Learning and Experience

PCAOB Procedure

Exhibit A and B to be complied before the review starts

Conference calls

Team visit

Timing and Pre visit call

Team size and calibre

Area of focus

Independence of the team

On field Review procedure

Independent review of files and day end queries

Tricky questions

Discussion with partner

Closing meeting

CFRA

My Learning and Experience

PCAOB

More focus on auditing standards then accounting standards

Risk control matrix

Sampling procedure and techniques

Training of Staff

Internal control Review

Communication with those charge with governance (pre and post audit)

Fraud documentation

External confirmations

CFRA

My Learning and Experience

PCAOB

Current year vs previous year

Audit papers vs client papers

Confidentiality

Xerox copies

Procedures after field reviews

Draft report - Part A and Part B

Our replies

Board Approved

Final Letter and Report on PCAOB website

CFRA

NFRA

Constitution

Media Clips

First report

Combat

CFRA

NFRA

Constitution

Rule 8 of the NFRA Rules, 2018, provides that, for the purpose of monitoring

and enforcing compliance with auditing standards in the act, the NFRA

may:

a . review working papers (including audit plan and other documents) and

communications related to the audit;

evaluate the sufficiency of the quality control system of the auditor and the

manner of documentation of the system by the auditor; and

perform such other testing of the audit, supervisory, and quality control

procedures of the auditor, as may be considered necessary or appropriate.

CFRA

NFRA

Media Clips

CFRA

NFRA – First Report

The AQR is designed

to identify and highlight non-compliance with the requirements of the Standards

on Auditing (SAs) and

to bring out insufficiencies in the quality control system of the audit firm,

To identify shortcomings in the documentation of the audit process.

The AQR also evaluates the quality and adequacy of the supervisory

procedures of the audit firm.

CFRA

First NFRA Report

The AQR process commenced on 25th February, 2019.

Went through several different stages before a draft AQR Report was issued

to DHS on 23’d September, 2019.

After considering the responses of DHS to the draft AQR Report, both at the

oral presentation made by DHS to the NFRA on 30 October, 2019, and

in writing on 4 November, 2019, NFRA has finalized the AQR Report.

CFRA

First NFRA Report

The AQR has disclosed that DHS has failed to comply with the requirements

of the SAs. The instances of failure noticed are of such significance that it

appears to NFRA that DHS did not have adequate justification for issuing

the audit report asserting that the audit was conducted in accordance

with the SAs.

For listed entities,

Engagement Quality

Control Review is

compulsory and not

an option

CFRA

First NFRA Report

The independence of the auditor was compromised by the provision of

non-audit services for substantial fees; that these non-audit services were

clearly prohibited services in terms of Section 144 of the Companies Act,

2013; and the mandatory approval of the Audit Committee that would

have been required if the provision of such services was permissible was not

obtained

Annexure to the report provide all details of other services provided by Firms and

its network firms

The need to maintain

independence in mind,

and also independence

in appearance, is

paramount.

There is no definition of

“management services”

provided in the Act;

hence it is to be

understood in its literal

meaning

Audit Committee

approval as mandated

by Section 144 of the

Companies Act, 2013

was NOT found

CFRA

First NFRA Report

The Engagement Partner, i.e., the partner designated by DHS as the person

in overall charge of the statutory audit work had signed the Audit Report

without discharging most of the important duties that the Engagement

Partner is required to fulfill; the Audit Firm also violated SQC 1 and SA 220 by

naming two partners as Engagement Partners, thereby leading to loss of

accountability.

Having more than

one EP can only

enhance audit

quality

Could it then be 5

or 10, or even

more? Clearly, the

absurdity of this

argument need

not be explained

further

CFRA

First NFRA Report

DHS did not display the required professional skepticism, and did not challenge the management on important issues;

More reliance on Management Representations

DHS failed to appropriately deal with identification, categorization and minimization of Engagement risk, especially looking at the size, nature and economic significance of the Auditee company. The risk of misstatement due to fraud was ruled out by DHS. This led to inadequate audit responses.

DHS did not adequately question the going concern assumption on the basis of which the management had prepared the financial statements.

There were significant contradictions in the assessment of ROMM which lead to

the conclusion that the assessment had been carried out in so casual a manner

as to result in a complete sham.

CFRA

First NFRA Report

DHS accepted the stand of the management about not disclosing the fact

that the Net Owned Funds (NOF) and the Capital to Risk Assets Ratio

(CRAR) of IFIN as on 31st March, 2018 were both negative, and that this

situation would lead to cancellation of the NBFC license of the company.

DHS certified the accounts showing positive NOF and CRAR, accepting the

explanations of the management which were clearly contrary to law.

The Audit Firm seems to imply that this communication of the RBI was not

available to them. This explanation we held to be unacceptable for the reason

that this clearly showed the complete lack of due diligence and professional

skepticism on the part of the Audit Firm. Had proper enquiries been made both

with TCWG and the RBI, it is certain that this communication would have been

formally made available to the Audit Firm

CFRA

First NFRA Report

DHS did not question the management and challenge the inflation of profit

by over Rs.180 crores through inclusion of the value of a derivative asset

which was entirely unjustified.

DHS did not communicate any matter arising out of the audit to those

charged with governance of the IFIN, even though mandated by the SAs

to do so

Similarly, as regards the argument that all work was done in the company’s office, and hence communication with the Management was on a daily basis, is concerned, this

argument, logically, would mean that no documentation at all would be required. Hence, the unacceptability of such an argument is obvious.

The actions of the auditor in not having done so, and having accepted the

stand of the management without question, shows clearly a gross dereliction

of duty and negligence on the part of Audit Firm.

CFRA

First NFRA Report

The Engagement Quality Control Review, as said to have been carried out,

has been shown to have been a complete sham

NFRA has concluded that the quality control system and processes of DHS

are severely inadequate and ineffective

Reference to global

standards for any reason,

notwithstanding any

similarity to Indian

standards, does not

meet the essence of the

engagement and is not

in compliance with the

section 143(9) of the Act.

CFRA

Tips for Small and Mediums Size Practicing

Firms

Audit Manual model

Process and Procedure

Independence Confirmation

Firm

Staff

Partner in charge

Team members

Trainings

SQC 1

Quality reviews Partner

Internal Inspections

CFRA

Contents of a Audit manual

Table of Contents

Chapter 1: INTRODUCTION AND FUNDAMENTAL PRINCIPLES

1.1 USE OF THIS MANUAL

1.2 REASONABLE ASSURANCE

1.3 OBJECTIVE OF AN AUDIT

1.4 AUDIT EVIDENCE

1.5 DOCUMENTATION

1.6 FINANCIAL REPORTING FRAMEWORK

1.7 QUALITY CONTROL

1.8 ETHICS

1.9 PROFESSIONAL SCEPTICISM

1.10 TECHNICAL STANDARDs

CFRA

Contents of a Audit manual

Chapter 2: PRE-ENGAGEMENT ACTIVITIE

2.1 INTRODUCTION

2.2 BASIC ENGAGEMENT INFORMATION

2.3 ENGAGEMENT EVALUATION: CLIENT ACCEPTANCE / CONTINUANCE

2.4 INDEPENDENCE DECLARATIONS

2.5 STAFF ASSESSMENT AND AUDIT BUDGET

2.6 PLANNING MEETING

2.7 TERMS OF THE ENGAGEMENT

CFRA

Contents of a Audit manual

Chapter 3: PLANNING THE AUDIT

3.1 DEVELOPMENT OF AUDIT APPROACH

3 .2 GATHERING KNOWLEDGE OF THE BUSINESS, LAWS AND REGULATION AND UNDERSTANDING THE ACCOUNTING SYSTEMS AND INTERNAL CONTROLS

3.3 FRAUD RISK DISCUSSIONS AND INDICATORS

3.4 RELATED PARTIES

CFRA

Contents of a Audit manual

Chapter 4: RISK ASSESSMENT PROCEDURES

4.1 RISK OF MATERIAL MISSTATEMENT AT THE FINANCIAL STATEMENT LEVELS

4.2 RISK ASSESSMENT AT THE BALANCES, TRANSACTIONS AND DISCLOSURES

4.3 SIGNIFICANT RISKS

4.4 FRAUD RISK ASSESSMENT AT FINANCIAL STATEMENT LEVEL

4.5 FRAUD RISK ASSESSMENT AT ACCOUNT BALANCE LEVEL Policy

4.6 GOING CONCERN CONSIDERATION AT THE PLANNING STAGE

CFRA

Contents of a Audit manual

Chapter 5: PLANNING MATERIALITY

Chapter 6: AUDIT PROGRAMMES

Chapter 7: DIRECTION, SUPERVISION AND REVIEW

Chapter 8: TEST OF CONTROLS AND SUBSTANTIVE TESTS

8.1 TESTS OF CONTROLS

8.2 SUBSTANTIVE TESTS

Chapter 9: CONSIDERING THE WORK OF INTERNAL AUDIT

CFRA

Contents of a Audit manual

Chapter 10: PERFORMING THE AUDIT

10.1 AUDIT SAMPLING

10.2 INITIAL ENGAGEMENTS

10.3 CONSIDERATION OF LAWS AND REGULATIONS

10.4 ENQUIRIES REGARDING LITIGATION AND CLAIMS

10.5 EXTERNAL CONFIRMATIONS

10.6 ANALYTICAL PROCEDURES

10.7 AUDITING ACCOUNTING ESTIMATES

10.8 AUDITING FAIR VALUE MEASUREMENTS AND DISCLOSURES – If applicable

10.9 RELATED PARTIES

10.10 PROVISIONS, CONTINGENT ASSETS AND CONTINGENT LIABILITIES AND COMMITMENTS

CFRA

Contents of a Audit manual

0.11 GOING CONCERN CONSIDERATION DURING THE CONDUCT OF THE AUDIT

10.12 USING THE WORK OF ANOTHER AUDITOR

10.13 CONSIDERING THE WORK OF INTERNAL AUDIT

10.14 USING THE WORK OF AN EXPERT

10.15 ATTENDANCE AT PHYSICAL INVENTORY COUNTING

10.16 VALUATION AND DISCLOSURE OF LONG TERM INVESTMENTS

10.17 SEGMENT INFORMATION

10.18 JOURNALS

10.19 SERVICE ORGANISATIONS – As applicable

10.20 COMPARATIVES

10.21 OTHER INFORMATION IN DOCUMENTS CONTAINING AUDITED FINANCIAL STATEMENTS

CFRA

Contents of a Audit manual

Chapter 11: FINALISATION: AUDIT CONCLUSIONS AND REPORTING

11.1 ADEQUACY OF PRESENTATION AND DISCLOSURE

11.2 SUBSEQUENT EVENTS

11.3 GOING CONCERN CONSIDERATION AT THE FINALISATION STAGE AND GENERAL PRINCIPLES

11.4 FINAL ANALYTICAL REVIEW

11.5 FINAL MATERIALITY ASSESSMENT AND UNADJUSTED ERRORS

11.6 EVALUATION OF AUDIT TEST RESULTS

11.7 CONSIDERATION OF THE AUDITOR’S REPORT

11.8 REPORTABLE IRREGULARITIES

11.9 REPORT TO THOSE CHARGED WITH GOVERNANCE

11.10 ENGAGEMENT PARTNER’S CONSIDERATION OF COMPLIANCE WITH ETHICS AT THE COMPLETION OF THE AUDIT.

11.11 MANAGEMENT REPRESENTATIONS

CFRA

Example

2.4 INDEPENDENCE DECLARATIONS

Policy

2.4.01 We will comply with relevant ethical requirements relating to audit engagements.

2.4.02 We will therefore comply with the Code of Ethics and the Code of Professional Conduct

2.4.03 The engagement partner will consider whether members of the engagement team have complied with ethical requirements.

2.4.04 The fundamental principles of the Code may be threatened by a broad range of circumstances. These threats will fall into one of the following categories: self-interest threats, self-review threats, advocacy threats, familiarity threats and intimidation threats. We will as far as possible avoid any of these threats. In exceptional cases we will ensure we have appropriate safeguards in place for those threats than can not be avoided.

CFRA

Example

2.4.05 The engagement partner will ensure compliance with independence requirements that apply to the audit engagement. In doing so, the engagement partner will:

Obtain relevant information from the firm and, where applicable, network firms, to identify and evaluate

circumstances and relationships that create threats to independence;

Evaluate information on identified breaches, if any, of the firm’s independence policies and procedures to

determine whether they create a threat to independence for the audit engagement;

Take appropriate action to eliminate such threats or reduce them to an acceptable level by applying

safeguards. The engagement partner will promptly report to the firm any failure to resolve the matter for

appropriate action; and

Document conclusions on independence and any relevant discussions with the firm that support these

conclusions.

2.4.06 We will perform the following activities at the beginning of the current audit engagement:

Perform procedures regarding the continuance of the client relationship and the specific audit

engagement;

Evaluate compliance with ethical requirements, including independence; and

Establish an understanding of the terms of the engagement.

CFRA

Example

Procedures

2.4.07 The Code of Professional Conduct is forwarded to all audit staff annually. Staff is required to familiarise themselves with the requirements.

2.4.08 A copy of Code of Professional Conduct is provided to all new audit staff. The Code, SQC 1 and SA 220R is discussed annually with all new audit staff joining the firm as part of staff orientation.

2.4.09 Audit staff have been instructed to discuss any concerns in respect of the FAC Code with any of the Partners.

2.4.10 Independence declarations in terms of the FAC code is completed by audit staff for all audit engagements and placed on the relevant audit file.

2.4.11 A list of prohibited investments is forwarded by the MP to the firm staff at the beginning of each year. Firm staff complete declarations stating that they do not have any such investments and return it to the MP’s PA for filing in the Quality Control Manuals.

2.4.12 We will attempt to resolve all ethical conflicts but if, after exhausting all relevant possibilities, the ethical conflict remains unresolved we will, where possible, refuse to remain associated with the matter creating the conflict. We may determine that, in the circumstances, it is appropriate to withdraw from the assignment.

2 Independence Confirmation_Employee name.doc

CFRA

Example

11.9 REPORT TO THOSE CHARGED WITH GOVERNANCE –

Policy

11.9.01 If we have identified a fraud or has obtained information that indicates that a fraud may exist; we will communicate these matters as soon as practicable to the appropriate level of management.

11.9.02 If we have identified fraud involving

Management;

Employees who have significant roles in internal control; or

Others where the fraud results in a material misstatement,

We will communicate these matters to those charged with governance as soon as practicable.

11.9.03We will make those charged with governance and management aware, as soon as practicable, and at the appropriate level of responsibility, of material weaknesses in the design or implementation of internal control to prevent and detect fraud which may have come to our attention.

11.9.04We will consider whether there are any other matters related to fraud to be discussed with those charged with governance of the entity.

11.9.05We will document communications about fraud made to management, those charged with governance, regulators and others.

CFRA

Example

11.9.06 When we believe there may be non-compliance with laws and regulations, we will document the findings and discuss them with management.

11.9.07 We will, as soon as practicable, either communicate with those charged with governance or obtain audit evidence that they are appropriately informed, regarding non-compliance with laws and regulations that comes to our attention.

11.9.08 If in our judgment the non-compliance is believed to be intentional and material, we will communicate the finding without delay.

11.9.09 If we suspect that members of senior management, including members of the board of directors, are involved in non-compliance with laws and regulations, we will report the matter to the next higher level of authority at the entity, if it exists, such as an audit committee or a supervisory board.

11.9.10 We will communicate audit matters of governance interest arising from the audit of financial statements with those charged with governance of an entity.

11.9.11 We will determine the relevant persons who are charged with governance and with whom audit matters of governance interest are communicated.

11.9.12 We will inform those charged with governance of those uncorrected misstatements aggregated by us during the audit that were determined by management to be immaterial, both individually and in the aggregate, to the financial statements taken as a whole.

CFRA

Example

11.9.13 We will communicate audit matters of governance interest on a timely basis.

11.9.14 We will make those charged with governance or management aware, as soon as practicable, and at an appropriate level of responsibility, of material weaknesses in the design or implementation of internal control which have come to our attention

11.9.15 If we have identified a material misstatement resulting from error, we will communicate the misstatement to the appropriate level of management on a timely basis, and consider the need to report it to those charged with governance in accordance with SA 260 “Communication of Audit Matters with those charged with Governance”.

CFRA

Example

Procedures

11.9.16 Our communication of audit matters during planning is recorded in hard copy file. We will inform those charged with governance of the general approach and overall scope of the audit, including any expected limitations thereon, or any additional requirements.

11.9.17 Our communication of audit matters during completion is recorded in hard copy file.

11.9.18 Weaknesses in internal controls are discussed with those charged with governance. Our management letter points are filed.

11.9.19 The schedule of unadjusted audit differences are discussed with those charged with governance. The schedule of unadjusted audit differences is in 14 Summary of Unadjusted Difference__Client Name_Period.

11.9.20 During our audit we will come across information which we will want to communicate to management and the board of directors. This information would normally include at a minimum weaknesses in the client’s internal control and possible corrective measures that the client can adopt. A report to management is given at the end of the audit when a summary of all the issues can be compiled.

CFRA

Example

11.9.21“Governance” is the term used to describe the role of persons entrusted with the supervision, control and direction of an entity. Those charged with governance ordinarily are accountable for ensuring that the entity achieves its objectives, with regard to reliability of financial reporting, effectiveness and efficiency of operations, compliance with applicable laws, and reporting to interested parties. Those charged with governance include management only when it performs such functions.

11.9.22“Audit matters of governance interest” are those that arise from the audit of financial statements and, in our opinion, are both important and relevant to those charged with governance in overseeing the financial reporting and disclosure process. Audit matters of governance interest include only those matters that have come to our attention as a result of the performance of the audit. We are not required to design audit procedures for the specific purpose of identifying matters of governance interest.

11.9.23Matters of governance interest may include:

Details of uncorrected misstatements that were determined by management to be immaterial;

Any suspected or identified fraud issues, however material;

Details of any non-compliance with laws or regulations; and

Material weaknesses in the design or operation of the accounting and internal control system which have come to our attention.

The general approach and overall scope of the audit, including any expected limitations thereon, or any additional requirements;…………………….

CFRA

Example

Timing of communications

11.9.28 By communicating audit matters of governance interest on a timely basis we enable those charged with governance to take

appropriate action.

11.9.29 In order to achieve timely communications, we will have

discussed with those charged with governance the basis and timing of

such communications. In certain cases, because of the nature of the

matter, we may communicate that matter sooner than previously agreed.

Therefore it must be noted that communications are not limited to a report

handed to management at the end of the audit.

CFRA

Example

Forms of communications

11.9.30 Our communications with those charged with governance may be made orally or in writing. The decision whether to communicate orally or in writing is affected by factors such as the following:

The size, operating structure, legal structure, and communications processes of the client being audited.

The nature, sensitivity and significance of the audit matters of governance interest to be communicated.

The arrangements made with respect to periodic meetings or reporting of audit matters of governance interest.

The amount of on-going contact and dialogue we have with those charged with governance.

CFRA

Example

Confidentiality

Communications with regards to fraud

Other Matters

CFRA

Thank You !

CD Financial ReEngineering Advisors

(CFRA)

Checks & Balances

FinTaxTick BridgeGap LetNetWork

Chirag Doshi

chirag@cfradvisors.com

+91 98204 52332

CFRA

PCAOB 2018 – Areas of Common Audit

Deficiencies

Internal Control over Financial Reporting

In many audits inspected, we observed deficiencies related to testing ICFR.

Common audit deficiencies in this area included instances where:

Auditors did not sufficiently test the design and operating effectiveness of

controls that include a review element. We observed that auditors did not obtain

an understanding or evaluate the activities performed and factors considered

by the control owner when reviewing the reasonableness of certain estimates

and assumptions.

Auditors did not select controls for testing that address the specific risks of

material misstatement. We observed that auditors did not obtain a sufficient

understanding of whether the control addressed the assessed risk of material

misstatement.

CFRA

PCAOB 2018 – Areas of Common Audit

Deficiencies

Risk Assessment and Revenue

We observed frequent deficiencies related to the design and performance

of audit procedures that address the assessed risk of material misstatement,

particularly when auditing revenue. For example, we identified audit

deficiencies in testing revenue where:

Auditors agreed the revenue transaction to the company-prepared

invoice without testing whether the invoice agreed to the terms of the

contractual arrangement and without obtaining evidence that the services

or products had been delivered.

Auditors limited their testing to revenue transactions exceeding a certain

amount or transactions recorded near year-end without considering the

need to test the remainder of the population.

CFRA

PCAOB 2018 – Areas of Common Audit

Deficiencies

Accounting Estimates

We continue to identify deficiencies in areas involving accounting

estimates such as allowance for loan and lease losses (ALLL), accounting

for business combinations, and the fair value of financial instruments.

Developing these estimates often involves unobservable inputs, complex

valuation models, and/or subjective judgments. To test accounting

estimates effectively, auditors should exercise professional skepticism and

involve senior engagement team members throughout the audit process.

CFRA

PCAOB 2018 – Areas of Common Audit

Deficiencies

Financial Instruments

We continue to find frequent deficiencies in auditing unobservable inputs used to measure the fair value of certain financial instruments. Common audit deficiencies include instances where:

Auditors did not obtain an understanding of the specific methods and assumptions underlying fair value measurements obtained from pricing services and used in the auditors’ testing.

Auditors did not test the accuracy and/or completeness of company data used to determine the fair value.

Auditors, when developing an independent estimate, did not appropriately corroborate the fair value measurement determined by the company because the auditor used the same pricing source the company used.

It is important for auditors to use professional skepticism when evaluating management’s views because they can be susceptible to bias.

CFRA

PCAOB 2018 – Areas of Common Audit

Deficiencies

Engagement Quality Review

Many of the deficiencies we identified during our inspections occurred in areas

reviewed by EQRs who failed to identify relevant deficiencies. In some instances,

EQRs may have placed too much reliance on discussions with the engagement

team. In other instances, EQRs may have limited their review by reading

summary memos that did not provide sufficient detail to allow for a review with

due professional care.

Audit Committee Communications

In our inspection of triennially inspected audit firms we continue to identify

deficiencies related to auditors failing to communicate to the audit committee

significant risks identified in the audit, including changes to those risks throughout

the audit.