AgriBank District Accounting Conference 2014

Size: px

Start display at page:

Download "AgriBank District Accounting Conference 2014"

Harold Garrett
6 years ago
Views:

1 AgriBank District Accounting Conference 2014 Lessons from 2013 Audit and 2014 Audit Focus Agenda Introductions Lessons from 2013 Audit 2014 Audit Timeline 2014 Audit Focus New for 2014 Audit Other Items Questions & Comments? AgriBank District Accounting Conference 2014 May 13,

2 Introductions Suzy Danner- Engagement Partner Kerri Hansen- Senior Associate Taylor Keup- Experienced Associate AgriBank District Accounting Conference 2014 May 13, Lessons from 2013 Audit Review Controls Controls Designed to Prevent and Detect Wire Fraud Control Populations Control Sample Sizes TDR Testing Testing of Immaterial Balances Open Communication Channels 4 2

3 Lessons from 2013 Audit Review Controls: Inspection results published by the PCAOB last summer indicated a significant number of internal control findings related to review controls. Accordingly, as a firm responded by issuing additional guidance to all audit teams. As there was some confusion with this review control guidance we wanted to provide additional clarity: What are Review Controls? While not formally defined by PCAOB standards, the term review control is generally used to describe those controls where the control operator reviews certain information and takes other necessary actions based on the results of the review. Examples include: Reviews of journal entries Reviews of reconciliations Supervisory reviews of final calculations, memoranda or other analyses related to accounting judgments or estimates (including Allowance estimates) Such as impairment judgments, reserve analyses and tax provision calculations Entity-level controls that monitor the results of operations Reviews that monitor the effectiveness of other controls. 5 Lessons from 2013 Audit Continued Review Controls: What can management do? A key consideration in evaluating the reliance we place on entity-level and other review controls is the level of precision at which the control operates Documentation regarding the design of each review control, including sufficient details regarding what the control operator (i.e., the reviewer ) does in executing the control is important in supporting the precision and overall design effectiveness of the control For example, within the control narratives it should be indicated what the reviewer is looking for as part of their review and how and/or when they would follow up with additional questions Consider the question, Does the control documentation support a reasonable conclusion that the reviewer would prevent or detect a material misstatement? If not, the documentation should be enhanced. 6 3

4 Lessons from 2013 Audit Continued Review Controls: What can management do? Assess the documentation produced in the execution of the control: o Is that documentation consistent with the design description? o Is that documentation sufficiently detailed to support a reasonable conclusion about the operating effectiveness of the control? o Is all follow-up and the results of the follow-up included within the documentation? Assess the documentation of results of the control testing: o In order for us to rely on internal audit or management s testing of review controls, testing of all of the above must be documented in the workpapers. 7 Lessons from 2013 Audit Continued Review Controls: Example Control: The Controller reviews and approves all balance sheet reconciliations. Control narrative should document what Controller is reviewing for in his/her review, procedures for any necessary follow up, and how the review is indicated (reminder: a signature alone is not sufficient) Control operation should be clearly documented with notes, tickmarks, highlights to indicate adequate review on the reconciliation Any follow up performed and resolutions reached should be well documented on the reconciliation or attached to the reconciliation Control testing should include a review to ensure control operation has been clearly evidenced by the prescribed notations, and any documented follow-up should be reviewed to ensure resolution was reached. Noncompliance could result in control deficiencies, additional control testing, and/or additional substantive testing. 8 4

5 Lessons from 2013 Audit Continued Controls Designed to Prevent and Detect Wire Fraud: Over the past couple years, there have been increased attempts to perpetrate fraud via wire transfer requests within the AgriBank District. While this is primarily operationally based, if undetected, these frauds pose an increased risk of misstatement. We would like to see controls in place within the wire transfer process of each entity to verify the identity of the borrower. This verification should be based on some form of personally identifiable information (Last 4 digits of SSN, pre set-up code, etc.) and include a call back feature for ed wire transfer requests. An example of this would be a control which requires the control operator to call the borrower back on their system listed phone number and obtain the wire authorization code which was previously set up. The documentation of this control activity should include evidence of this verification. Example: After calling back the borrower, the control operator writes down the date and time of the call-back, who they spoke with and the verification of the code word. 9 Lessons from 2013 Audit Continued Control Populations Frequency The population should be based off the number of times the control will operate during the year. For example: A cash receipts and disbursements control which operates daily at each branch (let s assume 5 branches) would operate roughly 250 times per year at each branch for a total of 1,250 times per year. While the control operates daily at each branch, based on the total occurrences of the control which is over 250, it should be tested as multiple times per day. Additionally, we need to ensure we re looking at a complete population. For controls such as manual journal entry and reconciliation review and approval, we need to be able to assess whether the control population is complete. For example: Having a folder of all manual journal entries is not an acceptable population. There is no reasonable means to ensure the completeness of this folder. 10 5

Lessons from 2013 Audit Continued Control Populations Completeness Management needs to ensure they are looking at a complete population in determining frequency and selecting samples to test.

6 Lessons from 2013 Audit Continued Control Populations Completeness Management needs to ensure they are looking at a complete population in determining frequency and selecting samples to test. For example: A folder containing all manual journal entries or account reconciliations does not provide reasonable assurance over the completeness of the population A system export of all manual journal entries from which to select the sample would be an acceptable means of validating the completeness. Account reconciliation control should entail a population of all balance sheet accounts, which should be reconciled at an appropriate frequency based on the account type. Therefore using all balance sheet accounts as the population provides comfort over the completeness of the population. 11 Lessons from 2013 Audit Continued Control Sample Sizes After determining the appropriate population and thus control frequency the following table should be used to determine the sample size for internal audit s testing of controls: Consistent with the prior year the engagement team will communicate to each association the specific sample size to be tested for each control that we deem key for purposes of our audit. 12 6

7 Lessons from 2013 Audit Continued TDR Testing We have modified our approach to testing TDRs to better align with individual association procedures. We test TDRs using controls and substantive procedures, if material. The TDR session of the conference will be discussing TDRs in more detail. 13 Lessons from 2013 Audit Continued Scoping of accounts to test Additional background on the testing of what appear to be insignificant balances: It is necessary to test these seemingly insignificant balances to gain coverage over the larger financial statement line items as a whole. While individually, these balances may seem insignificant, the testing of these balances in aggregate provides us with the substantive audit evidence on which we base our audit opinion. For example: Other expenses as presented in the income state is typically made up of a variety of different accounts. While the individual account balances and related activity are individually immaterial, the aggregate balances that make up the financial statement line item are material. We are required to incorporate unpredictability into our audit plan to appropriately address the risk of fraud. While high dollar balances are typically selected for testing as these are the most efficient means to obtain the necessary audit coverage, this creates a predictable audit plan that could potentially be evaded by fraud. By testing small balance items we incorporate an aspect of unpredictability into our audit plan, that aids in deterring and detecting fraud. 14 7

8 Lessons from 2013 Audit Continued Open Communication Channels We recognize that each association is unique and what works well at one from a coordination/strategy/communication standpoint, may not work well at another. We welcome your feedback and suggestions to help our audit process run more smoothly at your association. To the extent that anyone wants to do a pre-audit planning session, please don t hesitate to reach out, as we are happy to do so. Additionally, we are happy to have deeper discussions on why we do what we do if that would help better facilitate us getting the info we need. We realize that we make a lot of requests via different people on our team, which can cause issues on your end. To help remedy these troubles, we re planning to implement a new PBC management system called Client Connect which will be discussed in further detail later in the presentation Audit Timeline Time Frame June-July 2014 August 2014 August November 2014 November-December 2014 December 2014 January-February 2015 March 2015 Objective - Audit Planning, AgriBank Walkthroughs & Controls Testing - Site Visit Coordination and Preliminary Information Requests Interim Testing Items: - Investment Confirmations (as applicable), as of 6/30/ Journal Entry Testing, as of 6/30/ Lease Classification Testing (as applicable), as of 6/30/ Loan Confirmations, as of 7/31/ Participations Testing, as of 7/31/2014. Site Visits and Off-Site Testing: -Controls and internal Credit Review -Specific Reserves Testing, as of 6/30/2014 -Acquired Property Testing, as of 6/30/2014 Interim Testing Items: -Fixed Assets, as of 9/30/2014 -General Allowance (FAS 5), as of 9/30/2014 -FAS 91, as of 9/30/2014 Year-End PBC Requests Year-End Auditing Activities and Financial Reporting Tie Outs Issuance of Financial Reports 16 8

9 2014 Audit Focus Note that as of right now there are no substantial changes to our audit approach. With our internal Audit Quality Workshop in late May and the /FCS Conference in June, we will work to keep people apprised if there are changes. There have been no major accounting pronouncements going into effect causing an increased focus from our team. The following will be areas of increased focus during the coming audit: COSO Update Review controls ( as discussed above) - Please make sure the control evidence supports the desired level of precision Accounting Estimates Financial Reporting Support - We ve worked with the AgriBank Financial Reporting Group to shore up what they request for support behind figures presented within the reports. Accordingly, please make sure to provide source documents to support all figures presented within the year end annual reports Audit Focus Continued Statement on Auditing Standards No. 128, Using the Work of Internal Auditors Issued February 2014 This auditing standard requires that the external auditor evaluate the application by the internal audit function of a systematic and disciplined approach, including quality control. The factors to be considered in the external auditor s determination of whether the internal audit function applies a systematic and disciplined approach include: The existence, adequacy, and use of documented internal audit procedures or guidance covering such areas as risk assessments, work programs, documentation, and reporting, the nature and extent of which is commensurate with the nature and size of the internal audit function relative to the complexity of the entity. Whether the internal audit function has appropriate quality control policies and procedures (for example, those relating to leadership, human resources, and engagement performance) or quality control requirements in standards set by relevant professional bodies for internal auditors. Such bodies may also establish other appropriate requirements, such as conducting periodic external quality assessments. 18 9

10 2014 Audit Focus Continued SAS No. 128, Using the Work of Internal Auditors, Continued What does this mean for the 2014 Audit? Consistent with prior years, we will be requesting documentation of internal audit s (or equivalent function) procedures and guidance regarding risk assessments, the work performed, documentation and reporting of findings. New for 2014 we will be requesting documentation of the quality control policies and procedures over the internal audit or equivalent department which performs testing our audit team relies on. Quality control policies and procedures may be in the form of hiring policies, continuing education standards, external quality review reports, etc. 19 New for 2014 Audit PBC Management System We will be implementing a new PBC management system called Client Connect for the coming year which will make the process of sending and receiving requested support more streamlined. Client Connect is a secure, web-based portal where documents exchanged during an assurance engagement can be requested and shared. It monitors the status of information on a real time basis. Track status via the personalized dashboard. How it works: engagement team requests documents Client contacts post requested documents Project management capabilities to assign and client contact responsibilities, restrict access to certain documents, set and monitor deadlines, etc. Integrated functionality to notify users of updates 20 10

11 New for 2014 Audit PBC Management System Continued What are the benefits of this system? Security Organization and Tracking Mitigates repeated requests from multiple audit team members. Provides notifications to help limit past due requests. Can transfer large files that can t be sent through . The Client Connect system will be implemented for our interim association requests (near the end of June) with additional detail over the coming weeks. We will provide a presentation detailing all the features of the system and as always we re available to help answer any questions. 21 New for 2014 Audit Continued Rollforward Templates We would like your assistance in completing provided rollforward templates for Fixed Assets. Previously we have received these rollforwards in a variety of formats from each association. In an effort to streamline this process we will be providing the tailored rollforward templates along with our PBC request list and ask all associations to utilize them. When completing the respective rollforwards (as applicable), please provide a detail listing supporting each balance, that ties directly to the rollforward

12 Other Items: Control Remediation and Sample Size Guidance What constitutes "Remediation? When management or learn that a control is not designed or operating effectively to prevent or detect a material misstatement in the financial statement, the control deficiency should be remediated by management either by changing the design of existing control(s), implementing new controls, or both. The date at which these changes have been implemented is know as the safe testing date. After remediation of the control has been performed, testing is required to verify that the control is again operating effectively after the safe testing date. Below are the minimum sample sizes to be used as a guideline, but please communicate with your audit contact as each remediation is different. 23 Other Items Continued: Isolating Control Exceptions Generally, the objective of a test of controls is not met if the actual number of exceptions found in the sample is non-negligible (i.e., it exceeds the number of exceptions allowed for in the testing plan). In those cases, and depending on our understanding of the cause of the exception, we should consider whether additional testing could support a conclusion that the exception rate in the original sample is not representative of that in the total population. (Please note that this is rare) Can only be used on manual controls operating daily or more frequently. Cannot be used if more than one exception is found in original sample. Cannot be used if the nature of the exception indicates systematic and/or recurring exceptions. Cannot be used if the exception resulted in a financial statement misstatement that normally should have been prevented or detected. To isolate, must test an additional sample at least equal to the number of items selected for the first sample (for the year, not for the interim period) with NO additional exceptions found. Any isolated control exceptions should be brought to the attention of with documentation as to how control exception was isolated, but this will not be reported on the SAD

13 Questions or Comments? This publicationhas been prepared for general guidance on mattersof interest only, and does not constituteprofessional advice. You should not act upon the informationcontained in this publicationwithout obtainingspecific professionaladvice. No representation or warranty (express or implied) is given as to the accuracy or completeness of the informationcontained in thispublication,and, to the extent permittedby law, [insert legal nameof the firm], its members, employees and agents do not accept or assumeany liability, responsibilityor duty of care for any consequences of you or anyone else acting, or refrainingto act, in relianceon the informationcontained in this publicationor for any decision based on it PricewaterhouseCoopers, LLC. All rightsreserved. In thisdocument, refers to PricewaterhouseCoopers, LLC which is a member firm of PricewaterhouseCoopers InternationalLimited, each member firm of which is a separate legal entity. We are looking forward to working with the AgriBank District again this year. Please don t hesitate to reach out if you have any suggestions, questions or concerns. Thank you. AgriBank District Accounting Conference 2014 May 13,

14 Contact Information Suzy Danner Phone: Rachel Karsjens Phone: Kerri Hansen Phone: Taylor Keup Phone: AgriBank District Accounting Conference 2014 May 13,

An Examination of an Entity s Internal Control Over Financial Reporting That Is Integrated With an Audit of Its Financial Statements

ASB Meeting July 30 August 1, 2013 Agenda Item 3B AT Section 501 An Examination of an Entity s Internal Control Over Financial Reporting That Is Integrated With an Audit of Its Financial Statements Source: