American Accounting Association Auditing Section Auditing Standards Committee. RE: Invitation to Comment on PCAOB Rulemaking Docket Matter No.

Similar documents
RE: PCAOB Rulemaking Docket Matter No. 025: Proposed Auditing Standard - Engagement Quality Review.

α β 19 November 2003 Office of the Secretary Public Company Accounting Oversight Board 1666 K Street, N.W. Washington, D.C.

American Accounting Association Auditing Section Auditing Standards Committee. RE: Invitation to Comment on PCAOB Rulemaking Docket Matter No.

Via November 21, 2003

February 23, Office of the Secretary Public Company Accounting Oversight Board 1666 K Street, N.W. Washington, D.C.

ABA. Defending Liberty Pursuing Justice AMERICAN BAR ASSOCIATION

31 May Dear Ms. Brown:

November 21, Office of the Secretary Public Company Accounting Oversight Board 1666 K Street, N.W. Washington, D.C.

CLIENT ALERT: INTERNAL CONTROL OVER FINANCIAL REPORTING

Mr. Thomas Ray Deputy Chief Auditor Office of the Secretary Public Company Accounting Oversight Board 1666 K Street, N.W. Washington, DC

American Society of Corporate Secretaries. November 21, 2003

Office of the Secretary Public Company Accounting Oversight Board 1666 K Street, NW Washington, DC

Re: PCAOB Rulemaking Docket Matter No. 25, Proposed Auditing Standard Engagement Quality Review

February 23, Public Company Accounting Oversight Board Office of the Secretary 1666 K Street, N.W. Washington, D.C.

Reference: File Number Second-year experiences with the Implementation of Internal Control Reporting and Auditing Provisions

August 15, Office of the Secretary Public Company Accounting Oversight Board 1666 K Street, NW Washington, DC

Via

November 21, Office of the Secretary Public Company Accounting Oversight Board 1666 K Street, N.W. Washington, D.C.

1666 K Street, NW K Street, NW Washington, D.C Telephone: (202) Facsimile: (202)

1095 Avenue of the Americas New York, NY Peter M. Carlson Executive Vice President and Chief Accounting Officer

STANDING ADVISORY GROUP MEETING ENGAGEMENT QUALITY REVIEW APRIL 2, 2009

Community Bankers Conference

) ) ) ) ) ) ) ) ) ) ) )

November 15, 2017 Office of the Secretary Public Company Accounting Oversight Board 1666 K Street, N.W. Washington, D.C.

up Texas Society of ~ Certified Public Accountants

What Companies Need to Do

Response ed to Re: PCAOB Rulemaking Docket Matter No. 028

) ) ) ) ) ) ) ) ) ) ) ) REPORTING ON WHETHER A PREVIOUSLY REPORTED MATERIAL WEAKNESS CONTINUES TO EXIST. PCAOB Release No July 26, 2005

STANDING ADVISORY GROUP MEETING AUDITOR'S REPORTING MODEL MAY 18 19, 2016

PCAOB Release No , PCAOB Rulemaking Docket Matter No. 042

Response ed to

August 22, VIA . Office of the Secretary PCAOB 1666 K Street, N.W. Washington DC

National Association

Audit & Assurance Update January 16, In This Issue. Background. Background. Key Provisions of the Estimates Standard

PCAOB PROPOSED INTERNAL CONTROL AUDIT STANDARD

In 1992, the Committee of Sponsoring Organizations of the Treadway Commission (COSO) issued a

RE: Internal Control Integrated Framework: Guidance on Monitoring Internal Control Systems Discussion Document

\\R~~~::o~~i '~":.,~, Response ed to comments(fpcaobus.org

Standing Advisory Group Meeting

) ) ) ) ) ) ) ) ) ) ) ) PROPOSED AUDITING STANDARDS RELATED TO THE AUDITOR'S ASSESSMENT OF AND RESPONSE TO RISK

STAFF QUESTIONS AND ANSWERS

Auditing Standard 16

) ) ) ) ) ) ) ) ) ) ) ) PCAOB Release No June 9, 2004

ABA Section of Business Law. Internal Control Reporting Under Section 404: An Update and Current Assessment. November 19, 2004

REVISED CORPORATE GOVERNANCE PRINCIPLES FOR BANKS (CONSULTATION PAPER) ISSUED BY THE BASEL COMMITTEE ON BANKING SUPERVISION

An Audit of Internal Control Over Financial Reporting Performed in Conjunction with An Audit of Financial Statements

October 11, Auditing Standards Board American Institute of Certified Public Accountants 1211 Avenue of the Americans New York, NY

An Audit of Internal Control Over Financial Reporting Performed in Conjunction with An Audit of Financial Statements

COSO 2013: Updated internal control framework

REPORT 2016/033 INTERNAL AUDIT DIVISION

UNIVERSITY OF ILLINOIS AT URBANA-CHAMPAIGN

Proposed International Standard on Auditing 315 (Revised)

Auditing & Assurance Services, 7e (Louwers) Chapter 2 Professional Standards

STANDARD-SETTING UPDATE OFFICE OF THE CHIEF AUDITOR SEPTEMBER 30, 2017

Report on Inspection of KPMG AG Wirtschaftspruefungsgesellschaft (Headquartered in Berlin, Federal Republic of Germany)

PCAOB Rulemaking Docket Matter No. 044 Proposed Amendments to Auditing Standards for Auditor s Use of the Work of Specialists

Comparison of the PCAOB s Auditing Standards No. 5 and No. 2 (Certain key differences are highlighted by underlining)

Speech by SEC Staff: Remarks before the 2007 AICPA National Conference on Current SEC and PCAOB Developments

SAS Teleconference

AN AUDIT OF INTERNAL CONTROL THAT IS INTEGRATED WITH AN AUDIT OF FINANCIAL STATEMENTS: GUIDANCE FOR AUDITORS OF SMALLER PUBLIC COMPANIES

Checkpoint Contents Accounting, Audit & Corporate Finance Library Editorial Materials Audit and Attest PCAOB Audits Chapter 1 Overview 100 Background

Inspection of Petrie Raymond, Chartered Accountants L.L.P. (Headquartered in Montreal, Canada) Public Company Accounting Oversight Board

May 16, Ms. Kathleen Healy International Auditing and Assurance Standards Board 545 Fifth Avenue, 14th Floor New York, New York 10017

Re: Proposed Amendments to Auditing Standards for Auditor s Use of the Work of Specialists, PCAOB Rulemaking Docket Matter No. 044

August 15, Office of the Secretary Public Company Accounting Oversight Board 1666 K Street, N.W. Washington, D.C

International Standard on Auditing (UK) 701

IAASB Main Agenda (March 2016) Agenda Item. Initial Discussion on the IAASB s Future Project Related to ISA 315 (Revised) 1

Re: PCAOB Rulemaking Docket Matter No. 37

Chapter 02. Professional Standards. Multiple Choice Questions. 1. Control risk is

Public Company Accounting Oversight Board

Office of the Secretary Public Company Accounting Oversight Board 1666 K Street, N.W. Washington, DC

Report on Inspection of K. R. Margetson Ltd. (Headquartered in Vancouver, Canada) Public Company Accounting Oversight Board

Report on Inspection of Deloitte LLP (Headquartered in Toronto, Canada) Public Company Accounting Oversight Board

August 1, A. Overall Comments; B. Request for Specific Comments; and

The use of the work of specialists in our current practice

Report on. Issued by the. Public Company Accounting Oversight Board. June 16, 2016 THIS IS A PUBLIC VERSION OF A PCAOB INSPECTION REPORT

PUBLIC COMPANY ACCOUNTING OVERSIGHT BOARD

An Examination of an Entity s Internal Control Over Financial Reporting That Is Integrated With an Audit of Its Financial Statements

ED: Proposed ISA 540 (Revised), Auditing Accounting Estimates and Related Disclosures

Audit Risk. Exposure Draft. IFAC International Auditing and Assurance Standards Board. October Response Due Date March 31, 2003

2013 New COSO 2013 Framework and Current Trends in Risk Management

International Auditing and Assurance Standards Board International Federation of Accountants 529 Fifth Avenue, 6 h Floor New York, NY 10017

Report on Inspection of Ernst & Young Accountants LLP (Headquartered in Rotterdam, Kingdom of The Netherlands)

INTERNATIONAL STANDARD ON AUDITING 701 COMMUNICATING KEY AUDIT MATTERS IN THE INDEPENDENT AUDITOR S REPORT

2013 INSPECTION OF ENTERPRISE CPAS, LTD.

The class discussed the above proposed rule and has attached our comments.

FREQUENTLY ASKED QUESTIONS ABOUT INTERNAL CONTROL OVER FINANCIAL REPORTING

Standard on Auditing (SA) 701, Communicating Key Audit Matters in the Independent Auditor s Report Contents Paragraph(s) Introduction Scope of this SA

IAASB CAG Public Session (March 2016) Agenda Item. Initial Discussion on the IAASB s Future Project Related to ISA 315 (Revised) 1

SECURITIES DISCLOSURE

Audit Committee Oversight of Auditors

Re: PCAOB Rulemaking Docket Matter No. 003 Proposal of Ethics Code For Board Members, Staff and Designated Contractors and Consultants

Office of the Secretary Public Company Accounting Oversight Board 1666 K Street, N.W. Washington, DC September 2011

Report on Inspection of KPMG Auditores Consultores Ltda. (Headquartered in Santiago, Republic of Chile)

ISA 701, Communicating Key Audit Matters in the Independent Auditor s Report

Report on Inspection of BDO LLP (Headquartered in Singapore, Republic of Singapore) Public Company Accounting Oversight Board

Evaluating Internal Controls

Business development companies

Airports Council International-North America 2006 Economic Specialty Conference June 5, 2006

November 3, Office of the Secretary Public Company Accounting Oversight Board 1666 K Street, N.W. Washington, D.C.

Transcription:

American Accounting Association Auditing Section Auditing Standards Committee February 23, 2007 Office of the Secretary Public Company Accounting Oversight Board 1666 K Street, N.W. Washington, D.C. 20006-2803 Via email to comments@pcaobus.org RE: Invitation to Comment on PCAOB Rulemaking Docket Matter No. 021 Dear Board Members: The Auditing Standards Committee of the Auditing Section of the American Accounting Association welcomes the opportunity to comment on PCAOB Release 2006-007. We offer the attached comments to address the objectives and substance of the proposed standards; we also provide suggestions to enhance the clarity of the proposed standards. We have focused our comments on the proposed auditing standard that would supersede Auditing Standard No. 2, An Audit of Internal Control Over Financial Reporting That is Integrated with an Audit of Financial Statements, and on the related proposed auditing standard, Considering and Using the Work of Others in an Audit. The views expressed in this letter are those of the Auditing Standards Committee members and do not reflect an official position of the American Accounting Association. In addition, the comments reflect the overall consensus view of the Committee, not necessarily the views of every individual member. We hope that our attached comments and suggestions are helpful and will assist in finalizing the guidance. Please feel free to contact our committee chair for additional follow-up. Finally, we appreciate the opportunity to provide input into the Board s standard setting process. The public input component of the standards setting process greatly adds to the credibility of the PCAOB s activities. We strongly encourage the PCAOB to provide opportunity for additional public comment if the Board intends to introduce new concepts, including auditor liability issues, into the standard. Respectfully Submitted, Auditing Standards Committee Auditing Section, American Accounting Association

Page 2 Committee Members: Audrey A. Gramling, Kennesaw State University (Chair) 770-423-6495, agramli1@kennesaw.edu Robert Allen, University of Utah (Past Chair) Randy Elder, Syracuse University Thomas M. Kozloski, Wilfrid Laurier University Evelyn Patterson, Indiana University Robert J. Ramsay, University of Kentucky Sandra Shelton, DePaul University Mark Taylor, Creighton University (Vice-Chair)

Page 3 Appendix 1 Proposed Auditing Standard An Audit of Internal Control Over Financial Reporting That Is Integrated With An Audit of Financial Statements Our committee supports the PCAOB s overall objective of simplifying the standard for audits of internal control, clarifying certain definitional items, and responding to concerns voiced by stakeholders of the audits of internal control. The changes embodied by the proposed standard are especially important in light of the thousands of non-accelerated filers that have yet to comply with Section 404 of the Sarbanes-Oxley Act of 2002, and which represent the majority of publicly traded companies. We comment the PCAOB for its efforts in developing this standard. The decision to develop a new standard, rather than revise the existing standard, also seems appropriate. The proposed standard appears to maintain the key requirements for an effective audit of internal control, while reducing unnecessary effort. From an overall perspective, the PCAOB Release 2006-007, Page 30, refers to core principles necessary for an effective audit of internal control and indicates that the proposed standard retains these core principles. However, such principles are not explicitly identified in the Release or in the proposed standard. We believe that the Introduction to the Standard should explicitly identify these core principles, while the remainder of the Standard would then provide guidance on how these principles are to be achieved. By providing a principles-based perspective as part of the Introduction, the readers of the Standard will have an appropriate framework for implementing the Standard. A. Focusing the Audit on the Matters Most Important to Internal Control Risk Assessment: In discussing the concept of risk assessment, references are made to the evaluation of the risk of material weakness (e.g., see paragraph 8) and to the risk of misstatement (e.g., see paragraph 9). Does the standard intend for the auditor to perform two risk assessments? Or is the auditor to perform one risk assessment that evaluates both the risk of material weakness and misstatement? Greater specificity of the expectations on this issue would be useful. Top Down Approach and Company Level Controls: The emphasis placed on company-level controls as part of a top-down approach is a key aspect of the proposed standard. As to adequate articulation, the proposed standard could be modified in places to provide greater clarity. For example, paragraph 18 identifies specific company-level controls, the first of which is the control environment. Next, paragraphs 19 and 20 address the control environment (the first company level control itemized in paragraph 18). The reader might anticipate that the following paragraphs would address the other company level controls listed in paragraph 18. But that is not the case. Rather, paragraphs 21, 22, and 23 address only one additional company level control: period-end close. Our concern is that the discussion of company level controls is shortchanged in that the proposed standard does not address all of the company level controls listed in paragraph 18. We recognize that providing guidance that was not as lengthy as the guidance in AS2 was one objective in developing this proposed standard. However, the company-level control analysis and testing are such key aspects of an internal control audit, that additional coverage of its specific parts is warranted. Clearly, placement of the discussion of company

Page 4 level controls early in the standard assists with the emphasis, but additional articulation of specific company-level controls beyond the control environment would be very appropriate. With respect to the top-down approach, we are concerned that the proposed standard does not adequately articulate the link between company-level controls and the risk of misstatement to a particular account or relevant assertion. More specificity is needed as to the effect of companylevel controls on the reduction or elimination of control testing at the process, transaction, or application levels. Definitions: We appreciate the Board s revisions with respect to the definitions of types of control deficiencies. Our committee believes that the term significant is sufficiently descriptive and is preferable to the term more than inconsequential. We note that more than remote likelihood was too conservative a threshold and likely resulted in auditors performing too much testing. On the other hand, we have concerns regarding the term reasonable possibility and whether it would be interpreted as intended by the Board. For example, Amer Hackenbrack and Nelson (1994) report that the mean (median) probability judgment of audit managers for the term remote was 12.33 (10) and the mean (median) judgment for reasonably possible was 58.57 (60). They also provide numerical interpretations for a number of other probability expressions (Table 2, p.131). (See Amer et al. 1995, p. 27, for a review of other accounting studies on probability expressions. Although the desire to use the likelihood judgments from SFAS No. 5 that already exist in the literature is understandable, it is not obvious that they should be applied to audits of internal control. If the Board feels it is appropriate to adopt this terminology, we encourage the Board to strengthen the link, if possible, between the terminology in SFAS No. 5 and internal control auditing. We also encourage the Board to discuss the rationale for using the terminology in SFAS No. 5. Strong Indicators of a Material Weakness: We commend the Board for providing greater opportunities for auditors to use professional judgment in their conclusions. Our committee members believe this is an important improvement in the new standard. Further, we support the elimination of many of the musts and shoulds which we believe will enhance auditors ability to conduct an efficient audit of internal controls, while still maintaining effectiveness. However, on a related note, the board should consider requiring that auditors document the basis for their judgment that a significant deficiency does not exist when a strong indicator is present. With respect to specific indicators, we find the statement in paragraph 79 suggesting that the lack of independent directors is not necessarily indicative of a control deficiency to be puzzling. We recognize that this guidance only applies when a company is not required by law or listing standards to have independent directors on its audit committee. However, we note that research has demonstrated overwhelmingly a direct relationship between independent directors and lower incidence of misstatements (e.g., DeChow et al. 1996; Beasley 1996; Farber 2005). The COSO framework is clear that independence from management is an important part of the control environment. Perhaps in some limited situations, auditors can conclude that the lack of independent directors is not a significant deficiency or material weakness; but we recommend

Page 5 that they should be required to explain the factors that mitigate the lack of independence in allowing them to arrive at such a conclusion. Clarifying the Role of Materiality: The proposed standard is clear that materiality is in relation to the annual financial statements. Although eliminating the reference to interim financial statements would simplify matters, it is not clear that this is preferable, since material misstatements in interim information are also a concern. One way to address this is to modify the definition of a material weakness as follows: A material weakness is a control deficiency, or combination of control deficiencies, such that there is a reasonable possibility that a misstatement in the company s annual or interim financial statements that is material to the company s annual financial statements will not be prevented or detected. B. Eliminating Unnecessary Procedures Requirement to Evaluate Management s Process: The revised opinion is an improvement in clarity. The opinion on management s assessment was unnecessary, and the proposed standard preserves the ability for the auditor and management to disagree on the effectiveness of internal control. However, we are concerned with the language that discusses eliminating the evaluation of management s assessment process. Much of the benefit from Section 404 is derived from management s efforts. Although it is true that the auditor can perform an effective audit of internal control without evaluating the effectiveness of management s process (p. 16), the most efficient audit will include this evaluation, as the quality of management s process is inherently linked to the amount of work the auditor will need to do (p. 16). Evaluating management s process should not involve extensive effort beyond understanding management s process, and will provide a basis for reliance on some of management s testing and reduced auditor testing. We encourage the Board to modify the standard to highlight the importance of having the auditor understand and evaluate management s process as part of the auditor s opinion formulation process. Knowledge Obtained During Previous Audits: The concept of cumulative knowledge is appropriate, but insufficiently developed. For example, many auditors may interpret the standard as allowing for reduction of effort in all areas in subsequent years. On the other hand, paragraph 67 seems to suggest this reduction occurs only through the reduction in risk. If the Board does not intend to permit rotation of testing (see Release, page 19), the Board should ensure that the standard contains language explicitly prohibiting the use of rotation. Walkthroughs: We recognize that allowing for reliance on walkthroughs as sufficient evidence of operating effectiveness could result in enhanced efficiency. However, we encourage caution in this area in that we believe a walkthrough would be sufficient to test the operating effectiveness in limited cases, such as for some lesser important controls in some lower risk areas. We further note that paragraph 37 does not indicate that an objective of a walkthrough is to obtain evidence of operating effectiveness, while paragraph 50 indicates that a walkthrough

Page 6 can be viewed as a test of operating effectiveness. Perhaps these two paragraphs should be better aligned. Our position is that the proposed standard should reduce the number of walkthroughs without impairing audit quality. However, the auditor should not be allowed to use the direct assistance of others in performing walkthroughs, at least for significant processes involving significant accounts. Although the proposed standard indicates that the walkthroughs would be performed under the direct supervision of the auditor, it is not clear how this would be accomplished. Because the walkthrough is critical to understanding both the design and implementation of a control, it seems appropriate to require the auditor to gain direct knowledge for significant processes. C. Scaling the Audit for Smaller Companies Guidance for Smaller Companies: The guidance in the standard provides a description of some of the factors auditors should consider in scaling the audit, but it is not clear whether this guidance will result in meaningful reductions in effort. Other provisions in the proposed standard that affect all companies are likely to have a greater effect on the level of effort in auditing internal control at smaller companies. Notwithstanding the Board s goal of ensuring that audits are appropriately scaled for smaller companies, unless the Board is prepared to accept a different opinion on internal control for smaller companies, it should not dictate different procedures for those audits. For example, should the auditor consider interaction of senior management with company personnel a control for small engagements, but not larger ones? Should the auditor accept limited documentation for a smaller company, but not a larger one? Auditors must be allowed to determine the procedures they believe are necessary to provide an opinion on internal control over financial reporting. If an auditor does not consider the size and complexity of his/her client, market forces will result in the removal of that auditor. However, if the board wishes to emphasize that auditors should evaluate the size and complexity of the company, then paragraph 9 without the note is sufficient. The board can also refer to the COSO Guidance for Smaller Public Companies. Size Thresholds: It is not clear that market capitalization and revenue cutoffs are necessary or appropriate. We believe it is a mistake for the Board to provide such specific measures. Provision of such measures potentially implies a different level of assurance for companies over the threshold compared to those under the threshold. Further, it is likely these measures will change over time. If the Board does provide such measures it would probably be preferable to link the measures to SEC defined measures so that they can be revised administratively over time. With respect to scalability, an issue that is probably more relevant is the issue of complexity. For example, consider a distributor whose revenues are larger than the cutoffs noted in the proposed standard. Further, the company has only one line of business. Although its revenues exceed the cutoff, the company s margins are thin, which limits its coverage of administrative functions such as corporate accounting, etc. From a complexity perspective this company is a

Page 7 smaller public company, but from a threshold perspective this company would not be viewed as a smaller public company. Other Issues Noted in our Review of the Proposed Standard: In Paragraph 22, the Board should consider specifically discussing the importance of controls over spreadsheets used to develop numbers for financial reports. The use of the term control objectives - A3 provides a definition of control objectives that indicates that a control objective provides a target against which to evaluate the effectiveness of controls. Isn t COSO the target against which internal control effectiveness is being assessed? Is the term control objective meant to be synonymous with objectives of the control criteria that is described in paragraph 60? How does the definition in A3 relate to the discussion in paragraph 11 of having a company achieve its control objectives? A3 notes that a control objective relates to a relevant assertion. What is the relation between control objectives and assertions? If the concept of control objectives is important then greater specificity, including examples, would be very helpful. Paragraph 80 Should the standard specifically indicate that one source would be any evidence obtained by the client? The Board should elaborate on the requirement in paragraph 84c that auditors obtain representation that management did not use the auditor's procedures in their evaluation. What is the auditor to do if management did use the auditor's procedures? Would this require a disclaimer of opinion? In conjunction with this concern we would like to see language in the standard that makes it absolutely clear that it is appropriate for management to communicate with the auditor about the engagement and its components. Paragraph 94 refers to the auditor s report on management s assessment of the effectiveness of internal control. Also, the introductory paragraph in the sample opinion in paragraph 96 refers to an audit of management's assessment. However, paragraph 80 indicates that the auditor will be providing an opinion on the effectiveness of internal controls. Paragraphs 94 b and c appear to be redundant. What is the difference between management's conclusion and management s assessment? The definition of an operating deficiency in paragraph A2 should be clarified. Suppose a control does not operate as designed, but operates better than the design. For example, an employee performs extra checking procedures than required by the controls as designed. Perhaps the clarification could incorporate the concept of effectiveness, such as A deficiency in operation exists when a properly designed control operates less effectively than designed. The third sentence in paragraph B6 should be reworded to say To assess control risk for relevant financial statement assertions. Paragraph C7 should be broadened to require auditors to list any known material weaknesses even if the opinion is disclaimed. This is similar to the reporting requirement for financial statement audits that auditors disclose any known material departures from generally accepted accounting principles when giving a disclaimer of opinion.

Page 8 Appendix 2 - Proposed Auditing Standard Considering and Using the Work of Others in an Audit We are pleased to see the development of a single, unified framework for using the work of others. We do offer a few observations regarding the language in the proposal. Paragraph 13. Second sentence states, In performing this evaluation, the auditor should make judgments about the degree of competence and objectivity of the individual rather than form an absolute conclusion about whether the individuals are competent or objective. However, we think that paragraph should explicitly note that the auditor should make an absolute judgment that the work of the individual should not be relied upon if the individual does not possess some basic competencies. The Note to paragraph 15a should be revised to state The auditor should not use tests performed by the same personnel who are responsible for developing or performing the control. Paragraph 18 We recognize that the purpose of testing the work of others is to allow the auditor to assess the quality of the work performed by others, as well as provide additional evidence about the competence or objectivity of those performing the work. However, we believe that the proposed standard should explicitly state that the auditor s testing of this work can not be considered as audit evidence obtained directly by the auditor; that is, the items tested should not be included as part of the sample being tested by the auditor.

2024 © businessdocbox.com Privacy Policy | Terms of Service | Feedback