Reliable Financial Reporting. Evaluating Deficiencies in Internal Control Over Financial Reporting

Similar documents
Navigating the PCAOB s and SEC s internal control expectations A discussion. June 2015

Report on Inspection of KPMG AG Wirtschaftspruefungsgesellschaft (Headquartered in Berlin, Federal Republic of Germany)

The New COSO Framework: Avoiding Deficiencies and Driving Change

Report on Inspection of Deloitte LLP (Headquartered in Toronto, Canada) Public Company Accounting Oversight Board

Comparison of the PCAOB s Auditing Standards No. 5 and No. 2 (Certain key differences are highlighted by underlining)

Chapter 18. Integrated Audits of Public Companies. McGraw-Hill/Irwin. Copyright 2012 by The McGraw-Hill Companies, Inc. All rights reserved.

Report on Inspection of KPMG Auditores Consultores Ltda. (Headquartered in Santiago, Republic of Chile)

CLIENT ALERT: INTERNAL CONTROL OVER FINANCIAL REPORTING

covered member immediate family impaired not a covered member close relative not impaired

Community Bankers Conference

International Standard on Auditing (Ireland) 315

FRAUD AWARENESS UPDATE

Report on. Issued by the. Public Company Accounting Oversight Board. June 16, 2016 THIS IS A PUBLIC VERSION OF A PCAOB INSPECTION REPORT

Report on Inspection of KAP Purwantono, Sungkoro & Surja (Headquartered in Jakarta, Republic of Indonesia)

Minneapolis Public Schools Special School District No. 1 Minneapolis, Minnesota. Communications Letter of the Student Activity Accounts.

US U.S. AAM vs. DTTL AAM A Refresher Deloitte Touche Tohmatsu

SRI LANKA AUDITING STANDARD 315 (REVISED)

(Effective for audits of financial statements for periods ending on or after December 15, 2013) CONTENTS

CPA REVIEW SCHOOL OF THE PHILIPPINES M a n i l a. AUDITING THEORY Risk Assessment and Response to Assessed Risks

B S R & Co. LLP. Reporting on Internal. Reporting An Overview. Sarbanes Oxley Act (SOX) 28 December 2013

Internal controls over Financial Reporting Key concepts. Presentation by Jayesh Gandhi at WIRC

Report on Inspection of K. R. Margetson Ltd. (Headquartered in Vancouver, Canada) Public Company Accounting Oversight Board

Report on Inspection of KPMG Cardenas Dosal, S.C. (Headquartered in Mexico City, United Mexican States)

Speech by SEC Staff: Remarks before the 2007 AICPA National Conference on Current SEC and PCAOB Developments

Business development companies

Auditing Standards and Practices Council

Identifying and Assessing the Risks of Material Misstatement through Understanding the Entity and Its Environment

29 th Regional Conference of WIRC

CAAS 104 Cost Audit and Assurance Standard on Knowledge of Business, its Processes and the Business Environment

INTERNATIONAL STANDARD ON AUDITING (NEW ZEALAND) 315 (Revised)

[RELEASE NOS ; ; FR-77; File No. S ]

US Inspection Findings and Internal Control Methodology Changes

Evaluating Internal Controls

SARBANES-OXLEY COMPLIANCE MANAGING CHANGING EXPECTATIONS January 20, 2017

Report on Inspection of Deloitte & Associes (Headquartered in Neuilly-sur-Seine, French Republic) Public Company Accounting Oversight Board

AUDIT COMMITTEE CHARTER

INTERNATIONAL STANDARD ON AUDITING 315 UNDERSTANDING THE ENTITY AND ITS ENVIRONMENT AND ASSESSING THE RISKS OF MATERIAL MISSTATEMENT CONTENTS

Cost Auditing Standard Cost Auditing Standard on Knowledge of Business, its Processes and the Business Environment

IAASB CAG Public Session (March 2018) CONFORMING AND CONSEQUENTIAL AMENDMENTS ARISING FROM DRAFT PROPOSED ISA 540 (REVISED) 1

AN AUDIT OF INTERNAL CONTROL THAT IS INTEGRATED WITH AN AUDIT OF FINANCIAL STATEMENTS: GUIDANCE FOR AUDITORS OF SMALLER PUBLIC COMPANIES

Chapter 06. Audit Planning, Understanding the Client, Assessing Risks, and Responding. McGraw-Hill/Irwin

International Standard on Auditing (UK) 315 (Revised June 2016)

2016 INSPECTION OF BHARAT PARIKH & ASSOCIATES CHARTERED ACCOUNTANTS. Preface

An Audit of Internal Control Over Financial Reporting Performed in Conjunction with An Audit of Financial Statements

An Audit of Internal Control Over Financial Reporting Performed in Conjunction with An Audit of Financial Statements

Auditing Standard 16

How to Maximize Your Internal Controls Program. June 15, 2017 Atlanta, GA

November 21, Office of the Secretary Public Company Accounting Oversight Board 1666 K Street, N.W. Washington, D.C.

Pre-Engagement Activities and Audit Planning By: Tariq Mahmood FCA, ACMA

Remediation of Material Weaknesses Related to Employee Compensation

Audrey A. Gramling Kennesaw State University. Larry E. Rittenberg. University of Wisconsin Madison. Karla M. Johnstone

Report on Inspection of PricewaterhouseCoopers Audit (Headquartered in Neuilly-Sur-Seine, French Republic)

TEVA PHARMACEUTICAL INDUSTRIES LIMITED AUDIT COMMITTEE CHARTER

and Assessing the Risks of Material Misstatement through Understanding the Entity and Its Environment

Seminar Internal Control Identification and Filtering

Understanding the Entity and Its Environment and Assessing the Risks of Material Misstatement

COSO Updates and Expectations. IIA San Diego Chapter January 8, 2014

AUDIT RESPONSIBILITIES AND OBJECTIVES

Mapping of Original ISA 315 to New ISA 315 s Standards and Application Material (AM) Agenda Item 2-C

Internal financial controls

Office of the Secretary Public Company Accounting Oversight Board 1666 K Street, NW Washington, DC

GAIT FOR BUSINESS AND IT RISK

Auditing Standards and Practices Council

Report on Inspection of Ernst & Young Accountants LLP (Headquartered in Rotterdam, Kingdom of the Netherlands)

GAP INC. AUDIT AND FINANCE COMMITTEE CHARTER February 23, 2016

Background of CEIV Credential September 6 and 7, 2017

Institute of Chartered Accountants of India. Standards on Auditing

What Companies Need to Do

2013 INSPECTION OF ENTERPRISE CPAS, LTD.

Internal Financial Control (IFC)& Internal Financial Controls over Financial Reporting (IFCoFR)

2013 PUBLIC ENTITIES OVERVIEW FOR KNOWLEDGE COACH USERS

PCAOB Public Company Accounting Oversight Board

Case Report:Deficiencies in Audit Quality Control (English version)

PUBLIC COMPANY ACCOUNTING OVERSIGHT BOARD

Public Company Accounting Oversight Board

9. Internal control Internal control, as defined in accounting and auditing, is a process for assuring achievement of an organization's objectives in

Chapter 8. Planning and Testing Operating Effectiveness of Internal Control over Financial Reporting. Prepared by Richard J.

After completing this Session, you should be able to answer the following questions:

Special Considerations Audits of Group Financial Statements (Including the Work of Component Auditors)

IAASB Teleconference (April 24, 2018) Proposed ISA 540 (Revised) Selected Paragraphs Marked

REGISTERED CANDIDATE AUDITOR (RCA) TECHNICAL COMPETENCE REQUIREMENTS

OSHKOSH CORPORATION BOARD OF DIRECTORS AUDIT COMMITTEE CHARTER. As Amended as of May 9, 2016

Report on Inspection of Crowe Horwath LLP (Headquartered in Chicago, Illinois) Public Company Accounting Oversight Board

The Auditor s Consideration of the Internal Audit Function in an Audit of Financial Statements

Audit Practice Introduced by HKSA (HKSA 315 and 330) 1 February 2008

Corporate Governance Update. SOX 404 and Internal Controls

AUDIT COMMITTEE CHARTER

Report on Inspection of Grant Thornton Auditores Independentes (Headquartered in Sao Paulo, Federative Republic of Brazil)

AUDIT COMMITTEE CHARTER

Case Report:Deficiencies in Audit Quality Control

STATEMENT OF AUDITING STANDARDS 500 AUDIT EVIDENCE

ILLUSTRATIVE RISKS OF MATERIAL MISSTATEMENT, RELATED CONTROL OBJECTIVES AND CONTROL ACTIVITIES. (Refer paragraphs 77 and 100)

Proposed Attestation Requirements for FR Y-14A/Q/M reports. Overview and Implications for Banking Institutions

Audit Quality Assurance workshop Audit Planning by: CPA Steve Obock Associate Director- KPMG Kenya March 2017

Our mission is to promote transparency and integrity in business. We monitor the quality of UK Public Interest Entity audits. We have responsibility f

ASC 606 Transition: The role of ICFR and Auditor Expectations. Presented by Dave Christensen, Managing Consultant, Finance & Accounting February 2017

Non-SEC Regulated Charter. Organization. Statement of Policy. Responsibilities

INTERNATIONAL STANDARD ON AUDITING 500 AUDIT EVIDENCE CONTENTS

20 Years in the Making. Meet the New ICIF: Revisions to COSO s Internal Control Integrated Framework. Dr. Sandra Richtermeyer COSO Board Member

Internal Controls Over Financial Reporting (ICoFR) Overview and Practical Aspects

Transcription:

Reliable Financial Reporting Evaluating Deficiencies in Internal Control Over Financial Reporting Steve Glover May 2017 The right to use this material without explicit written permission is hereby granted to faculty in connection with classroom use and other educational endeavors of a not for profit nature.

Internal Controls and Reliable Financial Reporting Importance of internal control over financial reporting (ICFR) for reliable financial reporting o Management assessment and performance o Internal and External Auditor assessment and performance

Management Performance around ICFR In 2004, 15.7% of accelerated filers disclosed ineffective ICFR. Dropped to 3.4% in 2010. In 2015 the percentage was 5.3%. (Source: Audit Analytics) Handout 1: Examples of Public Company Material Weaknesses Control Environment Tone at the top, insufficient number of personnel Journal Entry and Account Reconciliation Access and segregation Accounting for Contingencies Management Review Controls Methodology to Estimate Credit Loss Allowance Error in methodology Goodwill Impairment Testing Reviews of impairment indicators

Auditor Performance around ICFR PCAOB Inspection Results, Helen Munter, Director of Inspections Over the last few years, the audit of internal control has topped the list of deficiencies in the audit work we have reviewed. (Sept 2015) The most frequent audit deficiencies continue to be in the key areas related to auditing ICFR. (April 2017)

Auditor Performance around ICFR PCAOB Inspection Results Of the inspection 61 deficiencies reported by the PCAOB for Big 4 related to audit work for the 2015, 88% of findings related to ICFR. (Source: PCAOB inspection reports) Categories of typical deficiencies Failure to sufficiently test the design and/or operating effectiveness of control Failure to identify and test any controls that addressed the risks related to a particular account or assertion Failure to perform sufficient testing of the information technology general controls ("ITGCs") over the IT systems that initiated, processed, and recorded revenue transactions Failure to sufficiently test user-access controls for certain of these IT systems

Auditor Performance around MRC PCAOB Inspection Results, Munter Dec 2016 (Continued) Inspections staff continued to identify deficiencies related to testing the effectiveness of controls that include a review element. Specifically, some auditors did not sufficiently evaluate the procedures performed by management, including the criteria management used to identify matters for investigation and the steps involved in investigating and resolving such matters. a root cause of these deficiencies may be auditors not understanding the extent of procedures and evidence that needs to be obtained when they test controls with a review element.

Reaching Consensus on MRC Fogarty, Feb 2016 Management review controls (MRCs) are the reviews conducted by management of estimates and other kinds of financial information for reasonableness. They require significant judgment, knowledge, and experience. These reviews typically involve comparing recorded amounts with expectations of the reviewers based on their knowledge and experience. MRCs have a higher-level focus than transaction controls, as they examine aggregated results rather than individual transactions. Also, MRCs are inherently subjective. Unlike transaction controls, which are yes/no, MRCs typically involve some level of subjectivity and uncertainty (i.e., shades of grey, not black and white).

Typical Management Review Control Description The CFO reviews the impairment analysis for appropriateness. Monthly, the controller prepares an undiscounted cash flow analysis, which is then reviewed and approved by the CFO. The CFO reviews the various schedules and signs off on the control package.

Reaching Consensus on MRC Fogarty, Feb 2016 Because of their highly qualitative nature, there is a great deal of controversy over what MRCs should look like. Some businesses are concerned about the level of supporting detail that auditors and the PCAOB inspectors now require when evaluating MRCs. There are widely varying opinions about the appropriate level of detail a review must be conducted at and about the need for testing the accuracy and completeness of data used in the reviews. CFO.com, Feb. 2016 Reaching a Consensus on Management Review Controls by John Fogarty

Problems with a Typical MRC Description The CFO reviews the impairment analysis for appropriateness. Monthly, the controller prepares an undiscounted cash flow analysis, which is then reviewed and approved by the CFO. The CFO reviews the various schedules and signs off on the control package.

Improved MRC Fogarty, Feb 2016 Inputs: Undiscounted Cash Flow Analysis (UCFA), including supporting schedules. Specific monthly review activities: CFO (1) discusses the current and forecasted business environment with the CEO, the COO, and the vice president of operations; (2) reviews each of the assumptions and support within the UCFA with a particular focus on the weighting assigned to each outcome; (3) challenges any assumptions or weights that may have a significant impact on the conclusion. Outputs: Any questions are sent to the controller to be addressed and resolved to the satisfaction of the CFO, at which point the CFO signs off on the UCFA.

Reaching Consensus on MRC Fogarty, Feb 2016 There appear to be differing views between all of the various MRC stakeholders companies, auditors, and regulators about what constitutes enough with respect to MRCs. By establishing a constructive dialogue between companies, auditors, and regulators to clarify and define how much is enough with a focus on creating illustrative examples that bring the definitions to life we believe it is entirely possible to reach a reasonable and practical consensus that works for everyone.

Evaluation of MRC Design Factors Design Factors Appropriateness of the Purpose of the Control and Its Correlation to the Risk/Assertion Competence and Authority of the Person(s) Performing the Control Level of Aggregation and Predictability Frequency and Consistency with Which the Control Is Performed Criteria for Investigation and Process for Follow- Up

Management and Auditor Effort to Design, Document and Test MRC and Transaction Level Controls Handout 2: MRC Control Design Template Illustrate Transaction Level Testing Template

Issues with General IT Control s From a reported Material Weakness: Deficiencies in GITC logical access, including controls intended to ensure that access rights are compatible with job duties (segregation of duties) exist. The following business process controls were adversely affected: controls over revenues and insurance costs; payroll tax and costs... business process controls that are dependent on affected IT systems or resulting electronic data were also deemed to be deficient and have material weaknesses.

Basic Definition Deficiency A3 A deficiency in internal control over financial reporting exists when the design or operation of a control does not allow management or employees, in the normal course of performing their assigned functions, to prevent or detect misstatements on a timely basis. A deficiency in design exists when (a) a control necessary to meet the control objective is missing or (b) an existing control is not properly designed A deficiency in operation exists when a properly designed control does not operate as designed, or when the person performing the control does not possess the necessary authority or competence to perform the control effectively.

Basic Definitions of Deficiency, SD, MW.62 The auditor must evaluate the severity of each control deficiency that comes to his or her attention to determine whether the deficiencies, individually or in combination, are material weaknesses....66 Factors that affect the magnitude of the misstatement that might result from a deficiency - The financial statement amounts or total of transactions exposed to the deficiency; and The volume of activity in the account balance or class of transactions exposed to the deficiency that has occurred in the current period or that is expected in future periods.

SEC Staff Public Comments Where are the Material Weaknesses? "I continue to question whether all material weaknesses are being properly identified. It is surprisingly rare to see management identify a material weakness in the absence of a material misstatement. This could be either because the deficiencies are not being identified in the first instance or otherwise because the severity of deficiencies is not being evaluated appropriately. it may be useful for management to dust off the SEC s 2007 interpretive guidance and compare management s ICFR evaluation process to the SEC guidance to see if improvements are in order. - Brian Croteau, Deputy Chief Accountant, Office of the Chief Accountant, 2013. The other area of internal controls that we wonder about is: when we see a material weakness, it's usually around the time a restatement is announced, but why aren't there more material weaknesses when there's not a restatement announced? You would expect there to be more material weaknesses prior to a restatement, but a controls error always seems to be found at just about the same time. - Paul A. Beswick, Former SEC Chief Accountant, May 1, 2014.

AS5 now AS 2201 Provides Indicators of MW Indicators of material weaknesses- Identification of fraud Restatement Identification by the auditor of a material misstatement of financial statements in the current period that would not have been detected by the company's internal control over financial reporting; and Ineffective oversight by the company's audit committee.

Management Evaluation Tool Handout 3 1. Gather the facts 2. Consider the Potential Misstatement The Key Steps in Evaluating Deficiencies 3. Compensating Controls 4. Conclude

Evaluate Deficiencies The external auditor identified deficiencies related to the operating effectiveness of the Company s controls to ensure the existence, valuation, accuracy, and completeness of inventory on hand. Specifically, we found that physical inventory procedures were not performed with sufficient consistency to ensure the underlying quantities were accurate. Specifically, cycle counts did not cover the complete population of inventory during the year.

Evaluate Deficiencies Handout 4: Case 1 K. Maeser, Inc: Deficiency in the design and operating effectiveness of controls over the assessment of uncertain tax positions an deferred tax asset valuation allowance

Evaluate Deficiencies Handout 4: Case 2 ABC, Inc., Revenue recognition cut-off errors at the Mexican division not in compliance with US GAAP.

Questions

Conclusion The Role of ICFR in Reliable Reporting Importance of ICFR for reliable financial reporting o Management assessment and performance o Auditor assessment and performance Management Review Controls o Lack of consensus ITGC s Evaluation and documentation of controls Significant Deficiencies o Do not require a misstatement or error o The appropriate response from management and audit committee Material Weaknesses o Do not require a misstatement or error

2024 © businessdocbox.com Privacy Policy | Terms of Service | Feedback