AgriBank District Accounting Conference 2014

Similar documents
An Examination of an Entity s Internal Control Over Financial Reporting That Is Integrated With an Audit of Its Financial Statements

Use of data and technology in the audit

CLIENT ALERT: INTERNAL CONTROL OVER FINANCIAL REPORTING

Implementation Tool for Auditors

AN AUDIT OF INTERNAL CONTROL THAT IS INTEGRATED WITH AN AUDIT OF FINANCIAL STATEMENTS: GUIDANCE FOR AUDITORS OF SMALLER PUBLIC COMPANIES

Chapter 18. Integrated Audits of Public Companies. McGraw-Hill/Irwin. Copyright 2012 by The McGraw-Hill Companies, Inc. All rights reserved.

Internal Audit and SOX Best Practices

Preparing for a Headache-free Audit

Comparison of the PCAOB s Auditing Standards No. 5 and No. 2 (Certain key differences are highlighted by underlining)

IAASB Main Agenda (December 2004) Page Agenda Item

IAASB Main Agenda (March 2005) Page Agenda Item 12-C

Audit Training-of-Trainers Workshop, November 2014, Vienna Components of internal control within organization

Audit Quality Assurance workshop Audit Planning by: CPA Steve Obock Associate Director- KPMG Kenya March 2017

Annual Audit and Other Financial Matters

An Audit of Internal Control Over Financial Reporting Performed in Conjunction with An Audit of Financial Statements

An Audit of Internal Control Over Financial Reporting Performed in Conjunction with An Audit of Financial Statements

Case Report:Deficiencies in Audit Quality Control (English version)

Auditing Standards and Practices Council

Auditing Standards and Practices Council

INTERNATIONAL STANDARD ON AUDITING 315 UNDERSTANDING THE ENTITY AND ITS ENVIRONMENT AND ASSESSING THE RISKS OF MATERIAL MISSTATEMENT CONTENTS

Memo. Date: October 2018 INTRODUCTION

SECTION A CASE QUESTIONS (Total: 50 marks)

RREGULATION ON INTERNAL CONTROLS AND INTERNAL AUDIT FUNCTION IN MICROFINANCE INSTITUTIONS. Article 1 Scope and Purpose

Internal Audit. Lecture # 09 By: Kanchan Damithendra

REGISTERED CANDIDATE AUDITOR (RCA) TECHNICAL COMPETENCE REQUIREMENTS

Accounting 408 Exam 2, Chapters 3, 4, 5, 6, E, F

covered member immediate family impaired not a covered member close relative not impaired

What s the cost of control? Keeping control of your business when cash is king

Seminar Internal Control Identification and Filtering

PART 6 - INTERNAL CONTROL

What Are Your Auditors Doing? Presented by Carrie Kennedy, Partner Travis Smith, Partner Moss Adams LLP

Characteristics of Audit Sampling 7

Engagement Performance 49% Independence and Ethical Requirements 40% Human Resources 31% Monitoring 28%

Guide to using the work papers

UK FSA Code of Practice. The relationship between supervisors and external auditors

ECON 132A SPRING 2008 MT#2

SARBANES-OXLEY COMPLIANCE MANAGING CHANGING EXPECTATIONS January 20, 2017

A Discussion About Internal Controls February 2016

How to Maximize Your Internal Controls Program. June 15, 2017 Atlanta, GA

WATCH WORDS FROM THE PEER REVIEW PROCESS

Center for Plain English Accounting: Risk Assessment FAQs

FDICIA Reporting for Financial Institutions. Reporting Changes Under Part 363 and SAS 130

Internal financial controls

Understanding the Entity and Its Environment and Assessing the Risks of Material Misstatement

VERSION #1 WRITE ON YOUR SCANTRON!!!

Kentucky State University Office of Internal Audit

An Overview of the 2013 COSO Framework. August 2013

SAS Teleconference

CHAPTER 9 TESTS OF CONTROLS

Special Considerations Audits of Group Financial Statements (Including the Work of Component Auditors)

INTERNATIONAL STANDARD ON AUDITING (UK AND IRELAND) 505 EXTERNAL CONFIRMATIONS

Audit Workshop Part 2 12 December 2009

See your auditor clearly. Transparency report: How we perform quality audit engagements

B S R & Co. LLP. Reporting on Internal. Reporting An Overview. Sarbanes Oxley Act (SOX) 28 December 2013

Chapter 06. Audit Planning, Understanding the Client, Assessing Risks, and Responding. McGraw-Hill/Irwin

CPA REVIEW SCHOOL OF THE PHILIPPINES M a n i l a AUDITING THEORY AUDIT PLANNING

Present and functioning: Fine-tuning your ICFR using the COSO update

Sarbanes-Oxley 404(a) Efficient, Effective Consulting Solutions

Internal Financial Control (IFC)& Internal Financial Controls over Financial Reporting (IFCoFR)

Audit Preparation Best Practices

What Else Is There to Know About External Audits?

McGraw-Hill/Irwin. Copyright 2013 by The McGraw-Hill Companies, Inc. All rights reserved.

Evaluating Internal Controls

CPA REVIEW SCHOOL OF THE PHILIPPINES M a n i l a. AUDITING THEORY Risk Assessment and Response to Assessed Risks

Internal controls over Financial Reporting Key concepts. Presentation by Jayesh Gandhi at WIRC

2013 INSPECTION OF ENTERPRISE CPAS, LTD.

Mapping of Original ISA 315 to New ISA 315 s Standards and Application Material (AM) Agenda Item 2-C

New Hire Training. Level One 1. Level One Summary. Module Summary. Module Information. Learning Objectives. Contact Sheriff Consulting

This charter defines the purpose, authority and responsibility of News Corporation s (the Company ) Corporate Audit Department.


Financial Reporting Council BDO LLP AUDIT QUALITY INSPECTION

How well you are prepared to deal with IFC

Navigating the PCAOB s and SEC s internal control expectations A discussion. June 2015

The Basics of Internal Controls & Segregation of Duties

Texas Municipal Retirement System Audit plan for the year ended December 31, 2016 March 30-31, 2017

ISQC1 - Quality controls for audit firms

Utility Debt Securitization Authority

3.6.2 Internal Audit Charter Adopted by the Board: November 12, 2013

TOPIC 11: PRE APPOINTMENT PROCEDURES - LETTER OF ENGAGEMENT

STATEMENT OF AUDITING STANDARDS 500 AUDIT EVIDENCE

Audit of Weighing Services. Audit and Evaluation Services Final Report Canadian Grain Commission

SUGGESTED SOLUTIONS Audit and Assurance. Certificate in Accounting and Business II Examination March 2014

Diving into the 2013 COSO Framework. Presented by: Ronald A. Conrad

Detailed competency map

2013 PUBLIC ENTITIES OVERVIEW FOR KNOWLEDGE COACH USERS

(Effective for audits of financial statements for periods ending on or after December 15, 2013) CONTENTS

Special Audit Techniques. CA Final Paper 3: Advanced Auditing & Professional Ethics Chapter 5 CA Arijit Chakraborty

Module Practical Application Checklist:

The Auditor s Responses to Assessed Risks

HCCA AUDIT & COMPLIANCE COMMITTEE CONFERENCE

The Blue Sage Group. Sarbanes-Oxley. 404 Compliance Program. The Blue Sage Group

MicroCred Internal Control Basics. Assessing the internal control structure 9/29/2014. Goals of the internal control structure

Internal Controls Over Financial Reporting (ICoFR) Overview and Practical Aspects

AUDIT COMMITTEE CHARTER

INTERNATIONAL STANDARD ON AUDITING 210 TERMS OF AUDIT ENGAGEMENTS CONTENTS

Case Report:Deficiencies in Audit Quality Control

Loch Lomond and The Trossachs National Park Authority. Key Controls Report

Statements. This Standard is effective for reviews of financial statements for periods ending on or after 31 December 2013.

In 1992, the Committee of Sponsoring Organizations of the Treadway Commission (COSO) issued a

THE AUDITOR S RESPONSES TO ASSESSED RISKS SRI LANKA AUDITING STANDARD 330 THE AUDITOR S RESPONSES TO ASSESSED RISKS

Transcription:

www.pwc.com AgriBank District Accounting Conference 2014 Lessons from 2013 Audit and 2014 Audit Focus Agenda Introductions Lessons from 2013 Audit 2014 Audit Timeline 2014 Audit Focus New for 2014 Audit Other Items Questions & Comments? AgriBank District Accounting Conference 2014 May 13, 2014 2 1

Introductions Suzy Danner- Engagement Partner Kerri Hansen- Senior Associate Taylor Keup- Experienced Associate AgriBank District Accounting Conference 2014 May 13, 2014 3 Lessons from 2013 Audit Review Controls Controls Designed to Prevent and Detect Wire Fraud Control Populations Control Sample Sizes TDR Testing Testing of Immaterial Balances Open Communication Channels 4 2

Lessons from 2013 Audit Review Controls: Inspection results published by the PCAOB last summer indicated a significant number of internal control findings related to review controls. Accordingly, as a firm responded by issuing additional guidance to all audit teams. As there was some confusion with this review control guidance we wanted to provide additional clarity: What are Review Controls? While not formally defined by PCAOB standards, the term review control is generally used to describe those controls where the control operator reviews certain information and takes other necessary actions based on the results of the review. Examples include: Reviews of journal entries Reviews of reconciliations Supervisory reviews of final calculations, memoranda or other analyses related to accounting judgments or estimates (including Allowance estimates) Such as impairment judgments, reserve analyses and tax provision calculations Entity-level controls that monitor the results of operations Reviews that monitor the effectiveness of other controls. 5 Lessons from 2013 Audit Continued Review Controls: What can management do? A key consideration in evaluating the reliance we place on entity-level and other review controls is the level of precision at which the control operates Documentation regarding the design of each review control, including sufficient details regarding what the control operator (i.e., the reviewer ) does in executing the control is important in supporting the precision and overall design effectiveness of the control For example, within the control narratives it should be indicated what the reviewer is looking for as part of their review and how and/or when they would follow up with additional questions Consider the question, Does the control documentation support a reasonable conclusion that the reviewer would prevent or detect a material misstatement? If not, the documentation should be enhanced. 6 3

Lessons from 2013 Audit Continued Review Controls: What can management do? Assess the documentation produced in the execution of the control: o Is that documentation consistent with the design description? o Is that documentation sufficiently detailed to support a reasonable conclusion about the operating effectiveness of the control? o Is all follow-up and the results of the follow-up included within the documentation? Assess the documentation of results of the control testing: o In order for us to rely on internal audit or management s testing of review controls, testing of all of the above must be documented in the workpapers. 7 Lessons from 2013 Audit Continued Review Controls: Example Control: The Controller reviews and approves all balance sheet reconciliations. Control narrative should document what Controller is reviewing for in his/her review, procedures for any necessary follow up, and how the review is indicated (reminder: a signature alone is not sufficient) Control operation should be clearly documented with notes, tickmarks, highlights to indicate adequate review on the reconciliation Any follow up performed and resolutions reached should be well documented on the reconciliation or attached to the reconciliation Control testing should include a review to ensure control operation has been clearly evidenced by the prescribed notations, and any documented follow-up should be reviewed to ensure resolution was reached. Noncompliance could result in control deficiencies, additional control testing, and/or additional substantive testing. 8 4

Lessons from 2013 Audit Continued Controls Designed to Prevent and Detect Wire Fraud: Over the past couple years, there have been increased attempts to perpetrate fraud via wire transfer requests within the AgriBank District. While this is primarily operationally based, if undetected, these frauds pose an increased risk of misstatement. We would like to see controls in place within the wire transfer process of each entity to verify the identity of the borrower. This verification should be based on some form of personally identifiable information (Last 4 digits of SSN, pre set-up code, etc.) and include a call back feature for emailed wire transfer requests. An example of this would be a control which requires the control operator to call the borrower back on their system listed phone number and obtain the wire authorization code which was previously set up. The documentation of this control activity should include evidence of this verification. Example: After calling back the borrower, the control operator writes down the date and time of the call-back, who they spoke with and the verification of the code word. 9 Lessons from 2013 Audit Continued Control Populations Frequency The population should be based off the number of times the control will operate during the year. For example: A cash receipts and disbursements control which operates daily at each branch (let s assume 5 branches) would operate roughly 250 times per year at each branch for a total of 1,250 times per year. While the control operates daily at each branch, based on the total occurrences of the control which is over 250, it should be tested as multiple times per day. Additionally, we need to ensure we re looking at a complete population. For controls such as manual journal entry and reconciliation review and approval, we need to be able to assess whether the control population is complete. For example: Having a folder of all manual journal entries is not an acceptable population. There is no reasonable means to ensure the completeness of this folder. 10 5

Lessons from 2013 Audit Continued Control Populations Completeness Management needs to ensure they are looking at a complete population in determining frequency and selecting samples to test. For example: A folder containing all manual journal entries or account reconciliations does not provide reasonable assurance over the completeness of the population A system export of all manual journal entries from which to select the sample would be an acceptable means of validating the completeness. Account reconciliation control should entail a population of all balance sheet accounts, which should be reconciled at an appropriate frequency based on the account type. Therefore using all balance sheet accounts as the population provides comfort over the completeness of the population. 11 Lessons from 2013 Audit Continued Control Sample Sizes After determining the appropriate population and thus control frequency the following table should be used to determine the sample size for internal audit s testing of controls: Consistent with the prior year the engagement team will communicate to each association the specific sample size to be tested for each control that we deem key for purposes of our audit. 12 6

Lessons from 2013 Audit Continued TDR Testing We have modified our approach to testing TDRs to better align with individual association procedures. We test TDRs using controls and substantive procedures, if material. The TDR session of the conference will be discussing TDRs in more detail. 13 Lessons from 2013 Audit Continued Scoping of accounts to test Additional background on the testing of what appear to be insignificant balances: It is necessary to test these seemingly insignificant balances to gain coverage over the larger financial statement line items as a whole. While individually, these balances may seem insignificant, the testing of these balances in aggregate provides us with the substantive audit evidence on which we base our audit opinion. For example: Other expenses as presented in the income state is typically made up of a variety of different accounts. While the individual account balances and related activity are individually immaterial, the aggregate balances that make up the financial statement line item are material. We are required to incorporate unpredictability into our audit plan to appropriately address the risk of fraud. While high dollar balances are typically selected for testing as these are the most efficient means to obtain the necessary audit coverage, this creates a predictable audit plan that could potentially be evaded by fraud. By testing small balance items we incorporate an aspect of unpredictability into our audit plan, that aids in deterring and detecting fraud. 14 7

Lessons from 2013 Audit Continued Open Communication Channels We recognize that each association is unique and what works well at one from a coordination/strategy/communication standpoint, may not work well at another. We welcome your feedback and suggestions to help our audit process run more smoothly at your association. To the extent that anyone wants to do a pre-audit planning session, please don t hesitate to reach out, as we are happy to do so. Additionally, we are happy to have deeper discussions on why we do what we do if that would help better facilitate us getting the info we need. We realize that we make a lot of requests via different people on our team, which can cause issues on your end. To help remedy these troubles, we re planning to implement a new PBC management system called Client Connect which will be discussed in further detail later in the presentation. 15 2014 Audit Timeline Time Frame June-July 2014 August 2014 August November 2014 November-December 2014 December 2014 January-February 2015 March 2015 Objective - Audit Planning, AgriBank Walkthroughs & Controls Testing - Site Visit Coordination and Preliminary Information Requests Interim Testing Items: - Investment Confirmations (as applicable), as of 6/30/2014. - Journal Entry Testing, as of 6/30/2014. - Lease Classification Testing (as applicable), as of 6/30/2014. - Loan Confirmations, as of 7/31/2014. - Participations Testing, as of 7/31/2014. Site Visits and Off-Site Testing: -Controls and internal Credit Review -Specific Reserves Testing, as of 6/30/2014 -Acquired Property Testing, as of 6/30/2014 Interim Testing Items: -Fixed Assets, as of 9/30/2014 -General Allowance (FAS 5), as of 9/30/2014 -FAS 91, as of 9/30/2014 Year-End PBC Requests Year-End Auditing Activities and Financial Reporting Tie Outs Issuance of Financial Reports 16 8

2014 Audit Focus Note that as of right now there are no substantial changes to our audit approach. With our internal Audit Quality Workshop in late May and the /FCS Conference in June, we will work to keep people apprised if there are changes. There have been no major accounting pronouncements going into effect causing an increased focus from our team. The following will be areas of increased focus during the coming audit: COSO Update Review controls ( as discussed above) - Please make sure the control evidence supports the desired level of precision Accounting Estimates Financial Reporting Support - We ve worked with the AgriBank Financial Reporting Group to shore up what they request for support behind figures presented within the reports. Accordingly, please make sure to provide source documents to support all figures presented within the year end annual reports. 17 2014 Audit Focus Continued Statement on Auditing Standards No. 128, Using the Work of Internal Auditors Issued February 2014 This auditing standard requires that the external auditor evaluate the application by the internal audit function of a systematic and disciplined approach, including quality control. The factors to be considered in the external auditor s determination of whether the internal audit function applies a systematic and disciplined approach include: The existence, adequacy, and use of documented internal audit procedures or guidance covering such areas as risk assessments, work programs, documentation, and reporting, the nature and extent of which is commensurate with the nature and size of the internal audit function relative to the complexity of the entity. Whether the internal audit function has appropriate quality control policies and procedures (for example, those relating to leadership, human resources, and engagement performance) or quality control requirements in standards set by relevant professional bodies for internal auditors. Such bodies may also establish other appropriate requirements, such as conducting periodic external quality assessments. 18 9

2014 Audit Focus Continued SAS No. 128, Using the Work of Internal Auditors, Continued What does this mean for the 2014 Audit? Consistent with prior years, we will be requesting documentation of internal audit s (or equivalent function) procedures and guidance regarding risk assessments, the work performed, documentation and reporting of findings. New for 2014 we will be requesting documentation of the quality control policies and procedures over the internal audit or equivalent department which performs testing our audit team relies on. Quality control policies and procedures may be in the form of hiring policies, continuing education standards, external quality review reports, etc. 19 New for 2014 Audit PBC Management System We will be implementing a new PBC management system called Client Connect for the coming year which will make the process of sending and receiving requested support more streamlined. Client Connect is a secure, web-based portal where documents exchanged during an assurance engagement can be requested and shared. It monitors the status of information on a real time basis. Track status via the personalized dashboard. How it works: engagement team requests documents Client contacts post requested documents Project management capabilities to assign and client contact responsibilities, restrict access to certain documents, set and monitor deadlines, etc. Integrated e-mail functionality to notify users of updates 20 10

New for 2014 Audit PBC Management System Continued What are the benefits of this system? Security Organization and Tracking Mitigates repeated requests from multiple audit team members. Provides email notifications to help limit past due requests. Can transfer large files that can t be sent through email. The Client Connect system will be implemented for our interim association requests (near the end of June) with additional detail over the coming weeks. We will provide a presentation detailing all the features of the system and as always we re available to help answer any questions. 21 New for 2014 Audit Continued Rollforward Templates We would like your assistance in completing provided rollforward templates for Fixed Assets. Previously we have received these rollforwards in a variety of formats from each association. In an effort to streamline this process we will be providing the tailored rollforward templates along with our PBC request list and ask all associations to utilize them. When completing the respective rollforwards (as applicable), please provide a detail listing supporting each balance, that ties directly to the rollforward. 22 11

Other Items: Control Remediation and Sample Size Guidance What constitutes "Remediation? When management or learn that a control is not designed or operating effectively to prevent or detect a material misstatement in the financial statement, the control deficiency should be remediated by management either by changing the design of existing control(s), implementing new controls, or both. The date at which these changes have been implemented is know as the safe testing date. After remediation of the control has been performed, testing is required to verify that the control is again operating effectively after the safe testing date. Below are the minimum sample sizes to be used as a guideline, but please communicate with your audit contact as each remediation is different. 23 Other Items Continued: Isolating Control Exceptions Generally, the objective of a test of controls is not met if the actual number of exceptions found in the sample is non-negligible (i.e., it exceeds the number of exceptions allowed for in the testing plan). In those cases, and depending on our understanding of the cause of the exception, we should consider whether additional testing could support a conclusion that the exception rate in the original sample is not representative of that in the total population. (Please note that this is rare) Can only be used on manual controls operating daily or more frequently. Cannot be used if more than one exception is found in original sample. Cannot be used if the nature of the exception indicates systematic and/or recurring exceptions. Cannot be used if the exception resulted in a financial statement misstatement that normally should have been prevented or detected. To isolate, must test an additional sample at least equal to the number of items selected for the first sample (for the year, not for the interim period) with NO additional exceptions found. Any isolated control exceptions should be brought to the attention of with documentation as to how control exception was isolated, but this will not be reported on the SAD. 24 12

Questions or Comments? This publicationhas been prepared for general guidance on mattersof interest only, and does not constituteprofessional advice. You should not act upon the informationcontained in this publicationwithout obtainingspecific professionaladvice. No representation or warranty (express or implied) is given as to the accuracy or completeness of the informationcontained in thispublication,and, to the extent permittedby law, [insert legal nameof the firm], its members, employees and agents do not accept or assumeany liability, responsibilityor duty of care for any consequences of you or anyone else acting, or refrainingto act, in relianceon the informationcontained in this publicationor for any decision based on it. 2010 PricewaterhouseCoopers, LLC. All rightsreserved. In thisdocument, refers to PricewaterhouseCoopers, LLC which is a member firm of PricewaterhouseCoopers InternationalLimited, each member firm of which is a separate legal entity. We are looking forward to working with the AgriBank District again this year. Please don t hesitate to reach out if you have any suggestions, questions or concerns. Thank you. AgriBank District Accounting Conference 2014 May 13, 2014 26 13

Contact Information Suzy Danner suzy.danner@us.pwc.com Phone: 612.596.6040 Rachel Karsjens rachel.karsjens@us.pwc.com Phone: 612.710.2904 Kerri Hansen kerri.b.hansen@us.pwc.com Phone: 612.596.6363 Taylor Keup taylor.j.keup@us.pwc.com Phone: 612.229.0635 AgriBank District Accounting Conference 2014 May 13, 2014 27 14

2024 © businessdocbox.com Privacy Policy | Terms of Service | Feedback