SARBANES-OXLEY SECTION 404 AN OVERVIEW OF THE PCAOB S REQUIREMENTS

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "SARBANES-OXLEY SECTION 404 AN OVERVIEW OF THE PCAOB S REQUIREMENTS"

Transcription

1 SARBANES-OXLEY SECTION 404 AN OVERVIEW OF THE PCAOB S REQUIREMENTS APRIL 2004

2

3 SARBANES-OXLEY SECTION 404 AN OVERVIEW OF THE PCAOB S REQUIREMENTS 2004 KPMG LLP, the U.S. member firm of KPMG International, a Swiss cooperative. All rights reserved. Printed in the U.S.A APRIL 2004

4

5 PREFACE The Public Company Accounting Oversight Board (PCAOB) has approved its Auditing Standard No. 2, An Audit of Internal Control Over Financial Reporting Performed in Conjunction with an Audit of Financial Statements, and submitted the Standard to the Securities and Exchange Commission (SEC) for its approval. KPMG LLP presents this document to assist management of public companies in better understanding the provisions of the PCAOB s Standard and the provisions of section 404 of the Sarbanes-Oxley Act of This document provides details relating to management s overall responsibilities, including its required assessment and documentation of a public company s internal control over financial reporting. Further, this document provides information regarding the responsibilities of a public company s independent auditor in performing an audit of internal control over financial reporting in conjunction with an audit of financial statements. Readers should understand and appreciate that Auditing Standard No. 2 is presently with the SEC for approval and is therefore subject to change before becoming final. Management is responsible for complying with the provisions of the Sarbanes-Oxley Act, and specifically with section 404, and should consult with legal counsel, external auditors, and other professionals in meeting these obligations.

6

7 CONTENTS Executive Summary 1 Background 8 Management s Responsibilities 9 Management s Evaluation 10 Assessment of the Effectiveness of Internal Control Over Financial Reporting 10 Framework Used by Management to Conduct Its Assessment 10 Reasonable versus Absolute Assurance and Inherent Limitations 11 Example Management Assessment Process 12 Plan and Scope the Evaluation 12 Evaluation of IT Controls 14 Multi-Location Considerations 14 Consideration of Outside Service Organizations 14 Document Controls 15 Evaluate Design and Operating Effectiveness 16 Identify, Assess, and Correct Deficiencies 17 Report on Internal Control 18 Coordination with Section 302 of The Sarbanes-Oxley Act of The Audit of Internal Control Over Financial Reporting 20 Auditor s Responsibilities in the Audit of Internal Control Over Financial Reporting 21 Planning 21 Materiality and Fraud Considerations 21 Multi-Location Considerations 22 Evaluating Management s Assessment Process 24 Obtaining an Understanding of Internal Control 24 Evaluating the Effectiveness of the Audit Committee 25 Identifying Significant Account Balances and Disclosures 25 Identifying Relevant Financial Statement Assertions 26 Identifying Significant Processes and Major Classes of Transactions 26 Understanding the Period-End Financial Reporting Process 26 Performing Walkthroughs 26 Identifying Controls to Test 27 Testing and Evaluating Design and Operating Effectiveness 27 Timing of Tests of Controls 27 Using the Work of Others 28

8 Forming an Opinion 29 Required Communications of Deficiencies 29 Relationship of the Audit of ICOFR to an Audit of Financial Statements 29 Beyond Compliance 30 Appendixes Appendix A: Sample Auditor s Report 33 Appendix B: Management s Report 35 Appendix C: Reference Sources 37

9 EXECUTIVE SUMMARY The Public Company Accounting Oversight Board (PCAOB or the Board) has recently approved Auditing Standard No. 2. The time for compliance is drawing near and the Securities and Exchange Commission is expected to move rapidly in approving a final Standard. All parties responsible for implementation should now be well along in their preparation, feeling a keen sense of urgency. Implementation will be effective if all responsible parties are viewing the requirements through a similar lens. KPMG presents this summary to emphasize the importance of a common understanding between companies and their external auditors and to highlight what we see as the most likely areas where questions may remain. The credibility of public company financial reporting has been sharply questioned by a string of corporate reporting scandals that began with the collapse of a number of major corporations in late The results shook the financial markets and severely eroded investor confidence in the information being reported by companies with publicly traded securities. These historic events led to a number of proposals to improve the financial reporting process and restore investor confidence in the U.S. financial markets. Congress responded with the passage of the Sarbanes-Oxley Act of 2002 (the Act). When President George W. Bush signed the Act into law, he characterized it as the most far reaching reforms of American business practices since the time of Franklin Delano Roosevelt. The Act clearly represents the most significant change in reporting for U.S. publicly traded companies since the Securities Acts of 1933 and In addition, the Act has unprecedented reach both within the United States and internationally for foreign SEC registrants. It is aimed at restoring public confidence and protecting the public interest as well as improving the integrity of financial reporting the foundation on which the U.S. capital markets system is built and thrives. The passage of this Act represents a significant change in both management s reporting responsibilities and the scope and nature of the responsibilities of the independent auditor. Management is now required to both assess and report on the effectiveness of internal control over financial reporting, and the auditor is required to audit and report on the effectiveness of internal control over financial reporting, including management s assessment process. As a result, auditors will be evaluating and testing a company s internal control in a different light and in greater depth. The overall goal of these new requirements is to strengthen internal control over financial reporting, provide more reliable information to investors, and renew investor confidence in the U.S. capital markets. This document contains a general discussion only of the matters included and should not be relied on as advice for any particular company since no consideration is given to individual facts and circumstances, which vary greatly from company to company. 1

10 A MANAGEMENT PERSPECTIVE ON THE IMPACT OF THE SARBANES-OXLEY ACT In late 2003, KPMG set out to understand how senior executives from a cross-section of industries perceived the impact of the legislation. During a two-month period, beginning in October, we conducted 175 interviews among CEOs and CFOs, across a variety of industries, asking them for their opinions on various aspects of the Act. Nearly seven in 10 (68 percent) of the respondents said they believe the Act has boosted investor confidence in corporate America. Most (58 percent) said they believe the Act represents important regulatory legislation, with an additional 29 percent perceiving it as landmark. Do you believe that the Sarbanes-Oxley Act has helped boost investor confidence in corporate America? Yes % Interestingly, these executives representing the financial services, consumer and industrial products, healthcare and public services, and information, communication, and entertainment industries also said significant challenges relating to the Act still lay ahead. Although nearly all respondents (97 percent) reported being on or ahead of schedule with Sarbanes-Oxley readiness, less than a third of them (31 percent) said they have completed more than half of the section 404 preparation. The group identified two areas where they had the most challenges documentation and testing of internal controls. Which of the following best describes your enterprise s current state of Sarbanes-Oxley 404 readiness? Significantly ahead of schedule Ahead of schedule On schedule % 24% 66% 31% Ahead of schedule No Not sure 7% 25% Behind schedule Significantly behind schedule 0% 3% 3% Behind schedule Source: KPMG LLP, 2004 Source: KPMG LLP, 2004 Which of the following best describes your perspective on Sarbanes-Oxley? Landmark legislation 29% Important regulatory legislation 58% Interim solution 10% Undecided 3% Source: KPMG LLP,

11 MANAGEMENT S RESPONSIBILITIES Compliance obligations for publicly traded companies have significantly increased as a result of the Act. Management has a responsibility to report reliable information to public investors and should discuss fulfilling its responsibility under the Act with its attorneys and other advisers. For the auditor to satisfactorily complete an audit of internal control over financial reporting, management must fulfill a number of important responsibilities, including: Accepting responsibility for the effectiveness of the company s internal control over financial reporting Evaluating the effectiveness of the company s internal control over financial reporting using suitable control criteria (e.g., the COSO Committee of Sponsoring Organizations of the Treadway Commission criteria) Supporting its evaluation with sufficient evidence, including documentation Presenting a written assessment about the effectiveness of the company s internal control over financial reporting as of the end of the company s most recent fiscal year If the auditor concludes that management has not fulfilled these responsibilities, the auditor should communicate, in writing, to management and the audit committee that the audit of internal control over financial reporting cannot be satisfactorily completed and must disclaim an opinion. MANAGEMENT S ASSESSMENT PROCESS The process that management undertakes in its assessment should include determining which controls should be tested, evaluating the likelihood that failure of a control could result in a material misstatement, and determining the locations or business units to include in the evaluation, if the company has multiple locations or business units. Management also should evaluate the design and operating effectiveness of internal control over financial reporting and document the results of the evaluation. This process ordinarily would be considered incomplete unless it extended to controls over all relevant assertions (for example, existence and valuation of accounts receivable) related to all significant accounts and disclosures. As part of its assessment, management determines if identified deficiencies in design or operating effectiveness individually or in combination constitute significant deficiencies or material weaknesses. Management then communicates these findings to the auditor and others, if applicable, and evaluates whether those findings are reasonable and support its assessment. ASSESSMENT ENHANCES INTERNAL CONTROL As companies develop processes to assist management in its annual internal control assessment under section 404 of the Act and its annual and quarterly certifications under section 302, the process should result in a continuous strengthening of internal controls. Effective internal control over financial reporting is essential for a company to effectively manage its affairs and to fulfill its obligation to its investors. A company s management and its owners public investors and others must be able to rely on the financial information reported by companies to make decisions. 3

12 DOCUMENTATION SUPPORTING MANAGEMENT S ASSESSMENT Documentation that provides reasonable support for management s assessment of the effectiveness of internal control over financial reporting includes, but is not limited to: The design of controls over relevant assertions related to all significant accounts and disclosures in the financial statements Information about how significant transactions are initiated, authorized, recorded, processed, and reported Enough information about the flow of transactions to identify where material misstatements due to error or fraud could occur Controls designed to prevent or detect fraud, including who performs the controls and the related segregation of duties Controls over the period-end financial reporting process Controls over safeguarding of assets The results of management s testing and evaluation INTERNAL CONTROL AUDIT AND FINANCIAL STATEMENT AUDIT THE IMPORTANCE OF INTEGRATED ACTIVITIES At its core, section 404 of the Act emphasizes the need of investors to have confidence not only in the financial reports issued by a company but also in the underlying processes and controls that are an integral part of producing those reports. The Board recognizes the relationship of the audit of internal control over financial reporting and the audit of the financial statements, and that the two should be viewed by auditors as integrated activities. The PCAOB concluded that the existing Standard governing an auditor s attestation on internal control was insufficient in addressing the requirements of section 404 of the Act. These integrated activities address both the work that is required to audit internal control over financial reporting and the relationship of that audit to the audit of the financial statements. An understanding of the concept of integrated activities requires a common definition of the terms internal control and internal control over financial reporting as used in the context of the Standard. Internal control is a process designed to provide reasonable assurance regarding the achievement of a company s objectives in the areas of financial reporting reliability, operating efficiency and effectiveness, and compliance with applicable laws and regulations. Internal control over financial reporting consists of a company s policies and procedures that are designed and operated to provide reasonable assurance that is, a high but not absolute level of assurance about both the reliability of a company s financial reporting and its process for preparing and fairly presenting financial statements. Internal control over financial reporting includes policies and procedures that pertain to the maintenance of accounting records, the authorization of receipts and disbursements, and the safeguarding of assets. DIRECT EVIDENCE For auditors to form an opinion on the effectiveness of a company s internal control over financial reporting, the auditor must obtain direct evidence relating to the effectiveness of internal control over financial reporting. That means an auditor may not form an opinion on effectiveness solely by evaluating management s process for concluding on control effectiveness. Additionally, in concluding on operating effectiveness, the auditor needs to personally perform enough of the testing so that their work provides the principal evidence for their opinion. The PCAOB reasons that without direct evidence of control effectiveness, the auditor would not have a sufficiently high level of assurance that management s conclusion is correct. Further, the auditor also must evaluate the adequacy of management s documentation of the design of internal controls and their assessment of internal control effectiveness. The Standard provides the auditor with criteria to use in evaluating the adequacy of management s documentation. Inadequate documentation is considered an internal control deficiency. 4

13 LIMITATIONS Regardless of how well any system of internal control over financial reporting is designed and operating, it cannot provide absolute assurance of achieving financial reporting objectives because of inherent limitations. These inherent limitations exist because internal control over financial reporting is a process that involves human diligence and compliance and is subject to lapses in judgment and breakdowns resulting from human failures. Consequently, controls can be intentionally or unintentionally circumvented. MAJOR ISSUES COMPANIES ARE FACING REGARDING MANAGEMENT S ASSESSMENT FOR SECTION 404 COMPLIANCE As part of the fall 2003 survey conducted by KPMG, 175 executives were asked the following question: What are the major issues you are facing regarding the work for management s assessment in connection with Sarbanes-Oxley 404 compliance? Here is a sampling of their responses: A lot of extra paperwork and clarification while trying to balance the workload. Additional disclosure requirements, review of document retention policies, [The need for] Clarity for what is required to do for SOX. Ensuring that any gaps are covered. Definition of [what constitutes] significant controls Going through system implementation; on top of changes of control structure. PCAOB Chief Auditor and Director of Professional Standards Douglas R. Carmichael on the issue of concerns being expressed by public companies that the costs of compliance with Sarbanes-Oxley outweigh its benefits: The greatest cost should be incurred the first time through for many reasons. Because it is the first time, and companies and auditors will be doing things they have never done before, the wise people will be erring on the side of doing too much rather than doing too little. All that will result in the first-year costs probably being the most significant, and it should be reduced in subsequent years. However, companies still need to do enough [to satisfy] the standard. Each year needs to stand on its own. You can t say it was good last year, so it must be good this year. However, having done the work the year before, the focus is on updating your understanding and on the changes. BNA, Securities Regulation & Law Report February 9, 2004 WHAT S DIFFERENT IN THE FINAL PCAOB STANDARD AS COMPARED WITH THE PROPOSED STANDARD? Highlights of the most significant changes to the final Standard are outlined below and discussed in more detail throughout the document. Appendix E of Standard No. 2 discusses the rationale for the changes and conclusions reached by the Board. USING THE WORK OF OTHERS The Board decided to change the provisions in the Proposed Standard regarding using the work of others. The Proposed Standard presented a three-bucket approach for using the work of others areas where audit evidence was required to be derived solely from the independent auditor s own work, limited in certain areas and without specific limitation in other areas. Standard No. 2 revises the categories of controls by focusing on the nature of the controls being tested and evaluating the competence and objectivity of the individuals performing the work. This change generally should result in the auditor exercising their judgment to a greater degree than under the provisions of the Proposed Standard. EVALUATION OF THE AUDIT COMMITTEE S EFFECTIVENESS The Proposed Standard required the auditor to evaluate the effectiveness of the audit committee s oversight of the external financial reporting process and the internal control over financial reporting. Although this concept was retained in Standard No. 2, it was clarified to emphasize that the auditor s evaluation of the audit committee is not required to be a separate evaluation. Instead, it should be made as part of the evaluation of the control environment and monitoring components of internal control over financial reporting. Standard No. 2 explicitly acknowledges 5

14 that the board of directors is responsible for evaluating the effectiveness of the audit committee. In addition, the Board concluded that, if the auditor determines that the audit committee s oversight is ineffective, the auditor should communicate the findings to the full board of directors. The Board also deleted certain factors that addressed compliance with listing standards and sections of the Act. WALKTHROUGHS The Proposed Standard included a requirement that the auditor perform walkthroughs for all of the company s significant processes. The Board decided in Standard No. 2 that the scope of transactions subjected to walkthroughs should be more narrowly defined. As a result, the scope of transactions for which auditors are required to perform walkthroughs pursuant to Standard No. 2 was narrowed by replacing the words all types of transactions with major classes of transactions. AUDITOR S REPORT The Proposed Standard required that the auditor s opinion state whether management s assessment of the effectiveness of the company s internal control over financial reporting, as of the specified date, is fairly stated, in all material respects, based on control criteria. The Board concluded that the expression of two opinions one on management s assessment and one on the effectiveness of internal control over financial reporting is a superior approach to the concept of one opinion on these elements. DEFINITIONS OF SIGNIFICANT DEFICIENCY AND MATERIAL WEAKNESS The definitions for what constitutes a significant deficiency and a material weakness have not changed. However, the Board clarified the term inconsequential with the following definition: A misstatement is inconsequential if a reasonable person would conclude, after considering the possibility of further undetected misstatements, that the misstatement, either individually or when aggregated with other misstatements, would clearly be immaterial to the financial statements. If a reasonable person could not reach such a conclusion regarding a particular misstatement, that misstatement is more than inconsequential. The list of significant deficiencies and strong indicators of material weaknesses was retained and now also includes an ineffective control environment. SMALL AND MEDIUM-SIZED COMPANY CONSIDERATIONS The Proposed Standard discussed small and medium-sized company considerations in its Appendix E. That discussion was removed in the final Standard and replaced with a reference to the existing COSO guidance already tailored for special small and medium-sized company considerations. Standard No. 2 clearly emphasizes that while the cost benefit concerns were considered, the Board recognizes that this exercise will be burdensome in many instances, particularly for some small and medium-sized companies. However, the expected benefits to investors of improved internal control over financial reporting are warranted. The Board recognized that this Standard must appropriately balance the cost to implement the Standard s directions with the benefits of achieving theses important goals. As a result, all the Board s decisions about this Standard were guided by the additional objective of creating a rational relationship between costs and benefits. Investors further recognized that this kind of assurance would come at a price and expressed their belief that the cost of the anticipated benefits was reasonable. 6

15 NEXT STEPS Management should take time to study Standard No. 2 to facilitate a better understanding of their company s state of readiness and to better prepare for their respective reporting deadline. The remaining sections of this document present additional details to the discussion above. Executives would be well served to assign resources in their organization to become familiar with the details of the PCAOB s Auditing Standard No. 2 and with our additional thoughts presented below. Relying solely on the Executive Summary could result in an incomplete understanding of the PCAOB s positions expressed in Standard No. 2. It should be understood that management is responsible for complying with the provisions of the Sarbanes-Oxley Act of 2002, and specifically with section 404. KPMG LLP 7

16 BACKGROUND In July 2002 the president signed the Sarbanes-Oxley Act of 2002 into law. The Act came in response to a string of corporate scandals, including the collapse of a number of businesses that negatively affected the confidence of investors in the capital markets of the United States. The Act created the Public Company Accounting Oversight Board, a quasi-governmental agency that oversees the audits of public companies, intending to protect the interests of investors and other users of an issuer s financial statements. The Board, which is subject to SEC oversight, is empowered to establish auditing standards for public company audits, inspect accounting firms that audit public companies, investigate possible rule violations, and sanction violators. Section 404 of the Act has two parts: Section 404(a) describes management s responsibility for establishing and maintaining an adequate internal control structure and procedures for financial reporting. It also outlines management s responsibility for assessing the effectiveness of internal control over financial reporting. Section 404(b) describes the independent auditor s responsibility for attesting to and reporting on management s internal control assessment. In passing the Act, Congress reasoned that the restoration of investors trust in public companies would depend on demanding that public companies possess strong internal controls over financial reporting. Section 404 of the Act requires that management first assess the effectiveness of the company s internal control over financial reporting (ICOFR) and then report on that assessment at the close of its fiscal year. The Act also requires a company s external auditor to attest to and report on the assessment made by management. 8

17 MANAGEMENT S RESPONSIBILITIES Section 404 of the Act describes management s responsibility for establishing and maintaining an adequate internal control structure and procedures for financial reporting. It also outlines management s responsibility for assessing the effectiveness of the company s ICOFR, and that the company s external auditors attest to management s assessment. Under Standard No. 2, management must: Accept responsibility for the effectiveness of the company s ICOFR Evaluate the effectiveness of the company s ICOFR using suitable control criteria (e.g., the COSO criteria, defined below) Support the evaluation with sufficient evidence, including documentation of the design of controls related to all relevant assertions for its significant financial statement accounts and disclosures Present a written assessment of the effectiveness of the company s ICOFR as of the end of the company s most recent fiscal year If management has not fulfilled its responsibilities as noted above, the auditor is required to issue a disclaimer opinion. Management should fulfill its responsibilities by undertaking a comprehensive approach that includes thorough planning and evaluation of its system of internal controls. Once management has identified significant controls, it can document those controls and proceed with testing their effectiveness. Companies should allow sufficient time to complete this process in the event deficiencies are identified. Early identification of deficiencies may provide management sufficient time to correct deficiencies and determine operating effectiveness of the new control. DEFINITION OF INTERNAL CONTROL OVER FINANCIAL REPORTING Internal control is defined by the Committee of Sponsoring Organizations of the Treadway Commission (COSO) as a process effected by an entity s board of directors, management, and other personnel designed to provide reasonable assurance of the achievement of objectives in the following categories: effectiveness and efficiency of operations, compliance with applicable laws and regulations, and reliability of financial reporting. The SEC rules implementing section 404(a) of the Act focus on those objectives related to the reliability of a company s external financial reporting. This subset of internal control is commonly referred to as internal control over financial reporting. Internal control over financial reporting is defined in Standard No. 2 as a process designed by or under the supervision of the company s principal executive and financial officers, or persons performing similar functions, and effected by the company s board of directors, management, and other personnel to provide reasonable assurance regarding the reliability of financial reporting and the preparation of financial statements for external purposes in accordance with generally accepted accounting principles (GAAP). It also includes policies and procedures that pertain to maintenance of accounting records, authorization of receipts and disbursements, and safeguarding of assets. For purposes of an audit of internal control over financial reporting, internal control over financial reporting includes controls over the safeguarding of assets and controls related to the prevention or timely detection of unauthorized acquisition, use, or disposition of an entity s assets that could have a material effect on the financial statements. These safeguarding controls are a subset of the broader segment of internal control. 9

18 MANAGEMENT S EVALUATION ASSESSMENT OF THE EFFECTIVENESS OF INTERNAL CONTROL OVER FINANCIAL REPORTING Management must maintain sufficient evidence of its assessment of the effectiveness of ICOFR, including documentation. The development and maintenance of such documentation is an important element of effective internal control. The assessment of a company s ICOFR must be based on procedures sufficient to both evaluate design and test operating effectiveness. Controls subject to such assessment include, but are not limited to: Controls over initiating, authorizing, recording, processing, and reporting significant account balances and disclosures and related assertions included in the financial statements Controls related to the selection and application of accounting policies in accordance with GAAP Controls related to the prevention, identification, and detection of fraud Controls related to the initiation and processing of nonroutine and non-systematic transactions UNIQUE SYSTEMS OF INTERNAL CONTROL COSO recognizes that no two companies will, or should, have the same internal control system. Companies and their internal control needs differ dramatically by industry and size, and by culture and management philosophy. Consequently, each The nature of a company s testing activities will depend approach to implementing inter- company may take a different nal control. Nevertheless, the largely on the circumstances of internal control principles discussed in this document apply to the company and the significance of the particular control. all companies. However, inquiry only generally will not provide an adequate basis for management s determination of operating effectiveness. FRAMEWORK USED BY MANAGEMENT TO CONDUCT ITS ASSESSMENT Management is required to base its assessment on a suitable, recognized control framework established by a body of experts that followed public due-process procedures to develop the framework. In the United States, the Committee of Sponsoring Organizations of the Treadway Commission has published Internal Control Integrated Framework, which is commonly used for purposes of management s assessment. Because COSO is expected to be the most frequently used control framework in the United States, the guidance in Standard No. 2 is based on COSO concepts. A CONCISE DESCRIPTION OF THE FIVE COSO COMPONENTS OF INTERNAL CONTROL OVER FINANCIAL REPORTING Source: KPMG LLP, 2004 OPERATIONS FINANCIAL REPORTING COMPLIANCE ACTIVITY 2 ACTIVITY 1 UNIT B UNIT A Control Environment The control environment sets the tone of an organization, influencing the control consciousness of its people. It is the foundation for all other components of internal control, providing discipline and structure. Risk Assessment Every entity faces a variety of financial reporting risks from external and internal sources that must be assessed at both the entity and the activity levels. These risks include external and internal events and circumstances that may occur and adversely affect an entity s ability to initiate, record, process, and report financial data consistent with the assertions of management embodied in the financial statements. Control Activities Control activities are the policies and procedures that help ensure management directives are carried out. These controls help ensure that transactions occurred, are authorized, and are completely and accurately recorded and processed. Information and Communication Pertinent information must be identified, captured, and communicated in a form and time frame that supports all other control components. The quality of system-generated information, including the accounting system and other information technology applications, affects management s ability to make appropriate decisions in controlling the entity s activities and to prepare reliable financial reports. Monitoring Internal control systems need to be monitored a process that assesses the quality of the system s performance over time. 10

19 Internal control as defined by COSO consists of a number of interrelated components that are inherent in the way a company is managed. These components include the control environment, risk assessment, control activities, information and communication, and monitoring. COSO provides criteria for evaluating whether internal control is effective based on these components. Although the five internal control components are applicable to all entities, small and mid-sized organizations may implement them differently than large entities. Controls in a small entity may be less formal and less structured, yet a small company can maintain effective ICOFR. We believe that the underlying concepts regarding ICOFR apply to entities of all sizes. The application of auditing standards in general is subject to auditor judgment and is dependent on a number of factors, including the size and complexity of the particular entity. We believe that Standard No. 2 provides a framework for the audit of ICOFR for all entities, regardless of size. REASONABLE VERSUS ABSOLUTE ASSURANCE AND INHERENT LIMITATIONS ICOFR consists of company policies and procedures that are designed and operated to provide reasonable assurance but not an absolute level of assurance about the reliability of a company s financial reporting. Management s assessment of the effectiveness of ICOFR is expressed at the level of reasonable assurance. Reasonable assurance includes an understanding that there is a relatively low risk that material misstatements will not be prevented or detected on a timely basis. Although reasonable assurance is not absolute assurance, it provides a high level of assurance. WHY REASONABLE ASSURANCE AND NOT ABSOLUTE ASSURANCE? Regardless of how well any system of ICOFR is designed and operating, it cannot provide absolute assurance of achieving financial reporting objectives because of inherent limitations. These inherent limitations exist because ICOFR is a process that involves human diligence and compliance and is subject to lapses in judgment and breakdowns resulting from human failures. Consequently, ICOFR can be circumvented intentionally by collusion or improper management override. To ensure financial stability, a company must support the execution of its objectives with rigorous internal controls and effective risk management. An effective internal control apparatus is critical to provide reasonable assurance that the information produced by the organization is timely and reliable and that errors and irregularities are discovered and corrected promptly. Effective risk management is based on a foundation of good corporate governance and rigorous internal controls. Taking calculated risks is part of any business enterprise. That is well understood. At the same time, each company needs to have in place the technical systems and management processes necessary not only to identify the risks associated with its activities but also to effectively measure, monitor, and control them. An effective risk management and control structure is not sufficient, however, if it is not accompanied by an institutional culture that ensures that written policies and procedures are actually translated into practice. Ultimately, a company s culture is determined by the board of directors and the senior management it installs. In particular, the actions of senior management and the consistency of their decisions and behavior with the values and principles they articulate are critical to shaping company culture. William J. McDonough, Chairman, PCAOB at the January 14, 2004, meeting of Women in Housing and Finance 11

20 EXAMPLE MANAGEMENT ASSESSMENT PROCESS There are a number of methods a company may choose in developing an approach to fulfill its responsibilities relating to its assessment of ICOFR. The following is an example of one way a company may approach its assessment process: 1 Plan & Scope the Evaluation Establish internal control evaluation process. Determine significant controls and locations/business units to be included. Define project approach, milestones, timeline, and resources. Launch project. 2 Document Controls Document design of controls over relevant assertions related to all significant accounts and disclosures. 3 Evaluate Design & Operating Effectiveness Evaluate design and operating effectiveness of internal control over financial reporting and document results of evaluation. 4 Identify, Assess & Correct Deficiencies Identify, accumulate, and evaluate design and operating control deficiencies. Communicate findings and correct deficiencies. 5 Report on Internal Control Prepare written assertion of the effectiveness of internal control over financial reporting. The process of evaluating the effectiveness 1 Plan & Scope the Evaluation of ICOFR may require careful planning due to the complexity and breadth of the control structure within an entity. This evaluation plan may include a process to examine the overall approach to documentation, identification of controls and evaluation procedures, significant milestones, and anticipated time lines. The plan also may include the institution of policies and procedures that will be used in the evaluation process as well as appropriate internal communication processes. As part of the KPMG fall 03 Survey, CEOs and CFOs were asked: Which functions are involved in your Sarbanes-Oxley 404 planning activities? Internal audit External audit Legal IT Tax operations Source: KPMG LLP, % 57% 60% 74% 86% 12

21 Management may identify the team responsible for performing the evaluation. The project may have an executive sponsor, a project manager, and personnel from operations, finance and accounting, human resources, information systems, tax, legal, and internal audit all of whom should have appropriate skills, knowledge of COSO, and an understanding of controls evaluation. Where necessary, management may consider training programs to supplement existing knowledge. Among the most important Period-end financial reporting, including preparing financial activities in the planning statements and disclosures process is one that identifies the controls to be included in the scope of the evaluation. According to the PCAOB, the evaluation should include controls related to all significant accounts and disclosures in the financial statements. Under Standard No. 2, an account is considered significant if there is more than a remote likelihood that it could contain misstatements that individually or when aggregated with others could have a material effect on the financial statements. In practice, we believe this will result ROLE OF INTERNAL AUDIT in a relatively low threshold Management may consider the role that the internal audit function will play during its assessnation of accounts that are over the selection and determiment process and, in particular, during the planning and scoping deemed to be significant. phase. Internal audit can be used to identify controls and test and A financial statement caption evaluate design and operating effectiveness, among other may consist of a number of things. Internal auditors normally have greater competence account balances, the components of which are subject to and objectivity with regard to ICOFR than other company differing risks or different controls that should be personnel. considered Controls over significant account balances and disclosures for purposes of evaluating the effectiveness of ICOFR include controls over: Initiating, authorizing, recording, processing, and reporting significant accounts and disclosures and related assertions embodied in the financial statements The selection and application of accounting policies in conformity with GAAP Antifraud programs and controls Information technology general controls or other controls on which other significant controls are dependent (i.e., pervasive controls) Significant non-routine and non-systematic transactions Significance in this context may be determined by the value, volume, or financial reporting risk associated with transactions processed. Management may consider establishing controls to review the appropriate application of new accounting pronouncements, interpretations, or emerging issues in a timely manner. It is management s responsibility to design and carry out programs and controls to prevent, deter, and detect fraud. Management, along with those who have responsibility for oversight of the financial reporting process, should set the proper tone by creating and maintaining a culture of honesty and high ethical standards. General computer controls support the effective functioning of many application controls by helping to ensure the continued proper operation of computer information systems. General computer controls commonly include controls over program development and changes, computer operations, and access to programs and data. These may include accounts involving significant judgments and estimates. Choosing which controls to evaluate may, for example, involve consideration of the complexity of the estimating process and any bias on the part of the estimator. Specific controls include those over procedures used to enter transaction totals into the general ledger to initiate, authorize, record, and process journal entries in the general ledger and to record recurring and nonrecurring adjustments to the financial statements. INCOME TAXES Taxes are often one of the largest expenses in a company s financial statements. This is why companies cannot ignore tax processes as part of their evaluation of internal controls. To comply with section 404, management will need to identify and evaluate all significant controls, including those related to taxation. The impact of tax operations is not associated only with corporate income taxes and provisions. In reality, tax-related activities range from sales or value-added taxes to accounting for inter-company, customs, and cross-border transactions. The complex and ever-changing rules of taxing jurisdictions and the estimated liabilities often will require that controls over these activities be included in management s evaluation process. In KPMG s survey of 175 CEOs and CFOs, only 24 percent reported increased spending in the last 12 months to address tax function financial control deficiencies 37 percent anticipate increased spending in the next 12 months. separately as potential significant accounts. For example, a financial institution may have several significant account balances within its loan portfolio (e.g., commercial and residential loans). These significant accounts are subject to different financial reporting risks and different controls. 13

22 EVALUATION OF IT CONTROLS Information technology controls represent an integral part of ICOFR. Management may determine which applications or systems are within the scope of ICOFR and which IT controls need to be evaluated (i.e., user-level and infrastructure). An evaluation of a company s IT controls also may determine whether existing systems have been changed or a new system has been put in place. Controls within the system are important, but so are the controls dealing with access to IT systems. Management would be well served by evaluating details of the following broad categories of the IT function: IT governance Change management Interface and application controls Security and access controls Systems development life cycle Data center operations The specific risks that IT poses to an entity s internal control may include reliance on systems or programs that are inaccurately processing data, processing inaccurate data, or both. IT also may involve the risk of unauthorized access to systems, including unauthorized changes to existing applications as well as unauthorized changes to data, and the potential for loss of data. MULTI-LOCATION CONSIDERATIONS Companies with multiple business units, geographic locations, or reporting units may need to determine which locations are relevant and should be included in their assessment. Management may consider which locations are financially significant in terms of the potential for a material misstatement. It is likely that a relatively small number of locations or business units may encompass a large portion of the company s operations and financial position. Management also may consider whether there are locations that have specific significant risks or whether individual locations or business units that are not significant by themselves may be financially significant when aggregated with others. CONSIDERATION OF OUTSIDE SERVICE ORGANIZATIONS Many companies use outside service organizations to process a variety of transactions. Management may need to consider the controls at the service organization in its assessment of ICOFR. Management may take an inventory of all outside service organizations used to process data and determine which controls at each service organization are relevant for management s evaluation, document those controls, and obtain evidence of the design and operating effectiveness of the controls. Service organizations often obtain a report from a service auditor regarding the effectiveness of their internal control. Management would be well served by initiating discussions with outside service organizations about the scope of the service auditor s report, period covered, and timing for receiving the report. If a report is available, management may consider if the service auditor s report provides sufficient evidence to support an assessment of the operating effectiveness of the related controls. In particular, management may determine whether the report considers the operating effectiveness of controls (referred to in U.S. auditing standards as a Type II SAS 70 report) and the time period covered by the report. Management may need to ensure that the service organization provides Type II reports on a timely basis, preferably at or close to the company s fiscal year-end. 14

23 Documentation of a company s ICOFR is an 2 Document Controls essential part of management s evaluation process. It provides evidence that controls related to management s assertion including changes to those controls have been identified, can be communicated to those responsible for their performance, and can be monitored. Under Standard No. 2, management should provide documentation that provides reasonable support for its assessment of the effectiveness of ICOFR covering: The design of controls over relevant assertions related to all significant accounts and disclosures in the financial statements, including documentation of the five components of ICOFR discussed in the COSO framework Information about how significant transactions are initiated, authorized, recorded, processed, and reported Enough information about the flow of transactions to identify where material misstatements due to error or fraud could occur Documentation of controls may take many forms and can include a variety of information, including policy manuals, process models, flowcharts, job descriptions, documents, and forms. No one kind of documentation is required and the extent of documentation will vary depending on the size, nature, and complexity of the company. Management should consider establishing companywide documentation standards for capturing and reporting information. Documentation of processes and controls will be an important element in the test of internal control design effectiveness. PERFORMANCE OF WALKTHROUGHS FOR EACH MAJOR CLASS OF TRANSACTIONS Standard No. 2 states that the auditor should perform at least one walkthrough for each major class of transactions which means the auditor must trace the life of the transaction from its initiation through its publication in the financial statements. In a February 2004 interview with BNA s Securities Regulation & Law Report, PCAOB Chief Auditor and Director of Professional Standards Douglas R. Carmichael described the Board s thinking behind instituting walkthroughs: The goal there is to make sure that the auditor understands how the systems work and what the controls are. During the walkthrough, the questions auditors may ask company personnel include: What do they do when they find an error? What are they looking for to determine if there is an error? What kinds of errors have been found? What happened as a result of finding the errors? How were the errors resolved? Have personnel ever been asked to override the process or controls? Controls designed to prevent or detect fraud, including who performs the controls and the related segregation Although the extent to of duties which management Controls over the period-end documents its evaluation is financial reporting process a matter of judgment, such Controls over safeguarding documentation should go of assets beyond a simple conclusion The results of management s testing and evaluation that the control is designed and operating effectively. To provide a sufficient basis for its conclusion, management should document the procedures performed, the results, and other evidence obtained regarding operating effectiveness. Internal control deficiencies noted also should be documented along with appropriate remediation proposals. Inadequate documentation of the design of controls and the absence of sufficient documented evidence to support management s assessment of the operating effectiveness of ICOFR are control deficiencies under Standard No. 2. COSO provides example documentation that could be useful for management in documenting the results of its evaluation. The examples in COSO include numerous evaluation programs and worksheets. To collate and evaluate the documentation of the results of the evaluation, management may consider a manual approach, an automated approach, or a combination of the two. Whatever the choice, management may consider establishing enterprise-wide documentation standards for capturing the results. An automated tool may assist in ensuring that the documentation output of the evaluation process meets management s requirements. With the use of an automated tool, the information could be summarized and reported in a format tailored by management. An added benefit of using an automated tool may be to assist with project management; for example, to monitor the progress of the documentation and evaluation process and identify areas that need 15

Sarbanes-Oxley Section 404: Management s Assessment Process

Sarbanes-Oxley Section 404: Management s Assessment Process Sarbanes-Oxley Section 404: Management s Assessment Process Frequently Asked Questions ADVISORY Contents 1 Introduction 2 Providing a Road Map for Management 3 Questions and Answers 3 Section I. Planning

More information

SARBANES-OXLEY SECTION 404

SARBANES-OXLEY SECTION 404 SARBANES-OXLEY SECTION 404 A TOOLKIT FOR MANAGEMENT AND AUDITORS VOLUME 2 Public Company Accounting Oversight Board The Public Company Accounting Oversight Board (PCAOB) was established by Congress under

More information

November 21, Office of the Secretary Public Company Accounting Oversight Board 1666 K Street, N.W. Washington, D.C.

November 21, Office of the Secretary Public Company Accounting Oversight Board 1666 K Street, N.W. Washington, D.C. 280 Park Avenue Telephone 212-909-5600 New York, N.Y. 10017 Fax 212-909-5699 8 th Floor Office of the Secretary 1666 K Street, N.W. Washington, D.C. 20006-2803 Dear Mr. Secretary: PCAOB Rulemaking Docket

More information

An Examination of an Entity s Internal Control Over Financial Reporting That Is Integrated With an Audit of Its Financial Statements

An Examination of an Entity s Internal Control Over Financial Reporting That Is Integrated With an Audit of Its Financial Statements Examination of an Entity s Internal Control 1403 AT Section 501 An Examination of an Entity s Internal Control Over Financial Reporting That Is Integrated With an Audit of Its Financial Statements Source:

More information

) ) ) ) ) ) ) ) ) ) ) )

) ) ) ) ) ) ) ) ) ) ) ) 1666 K Street, N.W. Washington, DC 20006 Telephone: (202) 207-9100 Facsimile: (202) 862-8430 www.pcaobus.org PROPOSED AUDITING STANDARD AN AUDIT OF INTERNAL CONTROL OVER FINANCIAL REPORTING PERFORMED IN

More information

Understanding the Entity and Its Environment and Assessing the Risks of Material Misstatement

Understanding the Entity and Its Environment and Assessing the Risks of Material Misstatement Understanding the Entity and Its Environment 1667 AU Section 314 Understanding the Entity and Its Environment and Assessing the Risks of Material Misstatement (Supersedes SAS No. 55.) Source: SAS No. 109.

More information

Communicating Internal Control Related Matters Identified in an Audit

Communicating Internal Control Related Matters Identified in an Audit Communicating Internal Control 1843 AU Section 325 Communicating Internal Control Related Matters Identified in an Audit (Supersedes SAS No. 112.) Source: SAS No. 115. Effective for audits of financial

More information

COSO Internal Control Integrated Framework (2013)

COSO Internal Control Integrated Framework (2013) COSO Internal Control Integrated Framework (2013) The Committee of Sponsoring Organizations of the Treadway Commission (COSO) released its updated Internal Control Integrated Framework (2013 Framework)

More information

PricewaterhouseCoopers LLP

PricewaterhouseCoopers LLP PricewaterhouseCoopers LLP 500 Campus Dr. Florham Park NJ 07932 Telephone (973) 236 7000 Facsimile (973) 236 7200 November 21, 2003 Office of the Secretary Public Company Accounting Oversight Board 1666

More information

Guide to Internal Control Over Financial Reporting

Guide to Internal Control Over Financial Reporting Guide to Internal Control Over Financial Reporting The Center for Audit Quality prepared this Guide to provide an overview for the general public of internal control over financial reporting ( ICFR ).

More information

COSO s 2013 Internal Control Framework in Depth: Implementing the Enhanced Guidance for Internal Control over External Financial Reporting

COSO s 2013 Internal Control Framework in Depth: Implementing the Enhanced Guidance for Internal Control over External Financial Reporting in Depth: Implementing the Enhanced Guidance for Internal Control over External Financial Reporting Table of Contents EXECUTIVE SUMMARY... 3 BACKGROUND... 3 SIGNIFICANT CHANGES AFFECTING INTERNAL CONTROL

More information

[RELEASE NOS. 33-8810; 34-55929; FR-77; File No. S7-24-06]

[RELEASE NOS. 33-8810; 34-55929; FR-77; File No. S7-24-06] SECURITIES AND EXCHANGE COMMISSION 17 CFR PART 241 [RELEASE NOS. 33-8810; 34-55929; FR-77; File No. S7-24-06] Commission Guidance Regarding Management s Report on Internal Control Over Financial Reporting

More information

An overview of COSO s 2013 Internal Control-Integrated Framework

An overview of COSO s 2013 Internal Control-Integrated Framework An overview of COSO s 2013 Internal Control-Integrated Framework Prepared by: Sara Lord, Partner, National Professional Standards Group, McGladrey LLP sara.lord@mcgladrey.com May 2013 Introduction In 1992,

More information

OBSERVATIONS FROM 2010 INSPECTIONS OF DOMESTIC ANNUALLY INSPECTED FIRMS REGARDING DEFICIENCIES IN AUDITS OF INTERNAL CONTROL OVER FINANCIAL REPORTING

OBSERVATIONS FROM 2010 INSPECTIONS OF DOMESTIC ANNUALLY INSPECTED FIRMS REGARDING DEFICIENCIES IN AUDITS OF INTERNAL CONTROL OVER FINANCIAL REPORTING 1666 K Street, N.W. Washington, DC 20006 Telephone: (202) 207-9100 Facsimile: (202) 862-8430 www.pcaobus.org OBSERVATIONS FROM 2010 INSPECTIONS OF DOMESTIC ANNUALLY INSPECTED FIRMS REGARDING DEFICIENCIES

More information

AN AUDIT OF INTERNAL CONTROL OVER FINANCIAL REPORTING THAT IS INTEGRATED WITH AN AUDIT OF FINANCIAL STATEMENTS:

AN AUDIT OF INTERNAL CONTROL OVER FINANCIAL REPORTING THAT IS INTEGRATED WITH AN AUDIT OF FINANCIAL STATEMENTS: 1666 K Street, NW Washington, D.C. 20006 Telephone: (202) 207-9100 Facsimile: (202) 862-8430 www.pcaobus.org STAFF VIEWS AN AUDIT OF INTERNAL CONTROL OVER FINANCIAL REPORTING THAT IS INTEGRATED WITH AN

More information

STAFF AUDIT PRACTICE ALERT NO. 11 CONSIDERATIONS FOR AUDITS OF INTERNAL CONTROL OVER FINANCIAL REPORTING. October 24, 2013

STAFF AUDIT PRACTICE ALERT NO. 11 CONSIDERATIONS FOR AUDITS OF INTERNAL CONTROL OVER FINANCIAL REPORTING. October 24, 2013 1666 K Street, NW Washington, D.C. 20006 Telephone: (202) 207-9100 Facsimile: (202)862-8430 www.pcaobus.org STAFF AUDIT PRACTICE ALERT NO. 11 CONSIDERATIONS FOR AUDITS OF INTERNAL CONTROL OVER FINANCIAL

More information

INTERNAL CONTROLS EVALUATION

INTERNAL CONTROLS EVALUATION INTERNAL CONTROLS EVALUATION Planning an Internal Controls Evaluation Project Internal Control Documentation Internal Control Testing Evaluation of Internal Control Deficiency Reporting Internal Control

More information

(Effective for audits of financial statements for periods beginning on or after December 15, 2009) CONTENTS

(Effective for audits of financial statements for periods beginning on or after December 15, 2009) CONTENTS INTERNATIONAL STANDARD ON AUDITING 315 IDENTIFYING AND ASSESSING THE RISKS OF MATERIAL MISSTATEMENT THROUGH UNDERSTANDING THE ENTITY AND ITS ENVIRONMENT (Effective for audits of financial statements for

More information

Thomas Ray, Deputy Chief Auditor (202/207-9112; rayt@pcaobus.org), Laura Phillips, Associate Chief Auditor (202/207-9111; phillipsl@pcaobus.org).

Thomas Ray, Deputy Chief Auditor (202/207-9112; rayt@pcaobus.org), Laura Phillips, Associate Chief Auditor (202/207-9111; phillipsl@pcaobus.org). 1666 K Street, N.W. Washington, DC 20006 Telephone: (202) 207-9100 Facsimile: (202) 862-8430 www.pcaobus.org AN AUDIT OF INTERNAL CONTROL OVER FINANCIAL REPORTING PERFORMED IN CONJUNCTION WITH AN AUDIT

More information

CHAPTER 3 INTERNAL CONTROL OVER FINANCIAL REPORTING: MANAGEMENT S RESPONSIBILITIES AND IMPORTANCE TO THE EXTERNAL AUDITORS

CHAPTER 3 INTERNAL CONTROL OVER FINANCIAL REPORTING: MANAGEMENT S RESPONSIBILITIES AND IMPORTANCE TO THE EXTERNAL AUDITORS A U D I T I N G A RISK-BASED APPROACH TO CONDUCTING A QUALITY AUDIT 9 th Edition Karla M. Johnstone Audrey A. Gramling Larry E. Rittenberg CHAPTER 3 INTERNAL CONTROL OVER FINANCIAL REPORTING: MANAGEMENT

More information

SARBANES-OXLEY SECTION 404: A Guide for Management by Internal Controls Practitioners

SARBANES-OXLEY SECTION 404: A Guide for Management by Internal Controls Practitioners SARBANES-OXLEY SECTION 404: A Guide for Management by Internal Controls Practitioners SARBANES-OXLEY SECTION 404: A Guide for Management by Internal Controls Practitioners The Institute of Internal Auditors

More information

CHAPTER 5 PROFESSIONAL AUDITING STANDARDS AND THE AUDIT OPINION FORMULATION PROCESS

CHAPTER 5 PROFESSIONAL AUDITING STANDARDS AND THE AUDIT OPINION FORMULATION PROCESS A U D I T I N G A RISK-BASED APPROACH TO CONDUCTING A QUALITY AUDIT 9 th Edition Karla M. Johnstone Audrey A. Gramling Larry E. Rittenberg CHAPTER 5 PROFESSIONAL AUDITING STANDARDS AND THE AUDIT OPINION

More information

INTERNATIONAL STANDARD ON AUDITING (UK AND IRELAND) 315

INTERNATIONAL STANDARD ON AUDITING (UK AND IRELAND) 315 INTERNATIONAL STANDARD ON AUDITING (UK AND IRELAND) 315 IDENTIFYING AND ASSESSING THE RISKS OF MATERIAL MISSTATEMENT THROUGH UNDERSTANDING THE ENTITY AND ITS ENVIRONMENT (Effective for audits of financial

More information

INTERNATIONAL STANDARD ON REVIEW ENGAGEMENTS 2410 REVIEW OF INTERIM FINANCIAL INFORMATION PERFORMED BY THE INDEPENDENT AUDITOR OF THE ENTITY CONTENTS

INTERNATIONAL STANDARD ON REVIEW ENGAGEMENTS 2410 REVIEW OF INTERIM FINANCIAL INFORMATION PERFORMED BY THE INDEPENDENT AUDITOR OF THE ENTITY CONTENTS INTERNATIONAL STANDARD ON ENGAGEMENTS 2410 OF INTERIM FINANCIAL INFORMATION PERFORMED BY THE INDEPENDENT AUDITOR OF THE ENTITY (Effective for reviews of interim financial information for periods beginning

More information

Report on. 2010 Inspection of PricewaterhouseCoopers LLP (Headquartered in New York, New York) Public Company Accounting Oversight Board

Report on. 2010 Inspection of PricewaterhouseCoopers LLP (Headquartered in New York, New York) Public Company Accounting Oversight Board 1666 K Street, N.W. Washington, DC 20006 Telephone: (202) 207-9100 Facsimile: (202) 862-8433 www.pcaobus.org Report on 2010 (Headquartered in New York, New York) Issued by the Public Company Accounting

More information

INFORMATION FOR AUDIT COMMITTEES ABOUT THE PCAOB INSPECTION PROCESS

INFORMATION FOR AUDIT COMMITTEES ABOUT THE PCAOB INSPECTION PROCESS 1666 K Street, N.W. Washington, DC 20006 Telephone: (202) 207-9100 Facsimile: (202) 862-8430 www.pcaobus.org INFORMATION FOR AUDIT COMMITTEES ABOUT THE PCAOB INSPECTION PROCESS PCAOB Release No. 2012-003

More information

Sarbanes-Oxley Section 404: Compliance Challenges for Foreign Private Issuers

Sarbanes-Oxley Section 404: Compliance Challenges for Foreign Private Issuers Sarbanes-Oxley Section 404: Compliance s for Foreign Private Issuers Table of Contents Requirements of the Act.............................................................. 1 Accelerated Filer s...........................................................

More information

Performing Audit Procedures in Response to Assessed Risks and Evaluating the Audit Evidence Obtained

Performing Audit Procedures in Response to Assessed Risks and Evaluating the Audit Evidence Obtained Performing Audit Procedures in Response to Assessed Risks 1781 AU Section 318 Performing Audit Procedures in Response to Assessed Risks and Evaluating the Audit Evidence Obtained (Supersedes SAS No. 55.)

More information

Communicating Internal Control Related Matters Identified in an Audit

Communicating Internal Control Related Matters Identified in an Audit Communicating Internal Control Related Matters 227 AU-C Section 265 Communicating Internal Control Related Matters Identified in an Audit Source: SAS No. 122; SAS No. 125; SAS No. 128. See section 9265

More information

RISK BASED AUDITING: A VALUE ADD PROPOSITION. Participant Guide

RISK BASED AUDITING: A VALUE ADD PROPOSITION. Participant Guide RISK BASED AUDITING: A VALUE ADD PROPOSITION Participant Guide About This Course About This Course Adding Value for Risk-based Auditing Seminar Description In this seminar, we will focus on: The foundation

More information

Guide to the Sarbanes-Oxley Act: IT Risks and Controls. Frequently Asked Questions

Guide to the Sarbanes-Oxley Act: IT Risks and Controls. Frequently Asked Questions Guide to the Sarbanes-Oxley Act: IT Risks and Controls Frequently Asked Questions Table of Contents Page No. Introduction.......................................................................1 Overall

More information

INTERNATIONAL STANDARD ON ASSURANCE ENGAGEMENTS 3000 ASSURANCE ENGAGEMENTS OTHER THAN AUDITS OR REVIEWS OF HISTORICAL FINANCIAL INFORMATION CONTENTS

INTERNATIONAL STANDARD ON ASSURANCE ENGAGEMENTS 3000 ASSURANCE ENGAGEMENTS OTHER THAN AUDITS OR REVIEWS OF HISTORICAL FINANCIAL INFORMATION CONTENTS INTERNATIONAL STANDARD ON ASSURANCE ENGAGEMENTS 3000 ASSURANCE ENGAGEMENTS OTHER THAN AUDITS OR REVIEWS OF HISTORICAL FINANCIAL INFORMATION (Effective for assurance reports dated on or after January 1,

More information

The Importance of IT Controls to Sarbanes-Oxley Compliance

The Importance of IT Controls to Sarbanes-Oxley Compliance Hosted by Deloitte, PricewaterhouseCoopers and ISACA/ITGI The Importance of IT Controls to Sarbanes-Oxley Compliance 15 December 2003 1 Presenters Chris Fox, CA Sr. Manager, Internal Audit Services PricewaterhouseCoopers

More information

INTERNATIONAL STANDARD ON AUDITING 330 THE AUDITOR S PROCEDURES IN RESPONSE TO ASSESSED RISKS CONTENTS

INTERNATIONAL STANDARD ON AUDITING 330 THE AUDITOR S PROCEDURES IN RESPONSE TO ASSESSED RISKS CONTENTS INTERNATIONAL STANDARD ON AUDITING 330 THE AUDITOR S PROCEDURES IN RESPONSE TO ASSESSED RISKS (Effective for audits of financial statements for periods beginning on or after June 15, 2006) CONTENTS Paragraph

More information

COSO 2013: WHAT HAS CHANGED & STEPS TO TAKE TO ENSURE COMPLIANCE

COSO 2013: WHAT HAS CHANGED & STEPS TO TAKE TO ENSURE COMPLIANCE COSO 2013: WHAT HAS CHANGED & STEPS TO TAKE TO ENSURE COMPLIANCE COMMITTEE OF SPONSORING ORGANIZATIONS (COSO) 2013 The Committee of Sponsoring Organizations (COSO) Internal Controls Integrated Framework,

More information

INTERNATIONAL STANDARD ON AUDITING 600 SPECIAL CONSIDERATIONS AUDITS OF GROUP FINANCIAL STATEMENTS (INCLUDING THE WORK OF COMPONENT AUDITORS) CONTENTS

INTERNATIONAL STANDARD ON AUDITING 600 SPECIAL CONSIDERATIONS AUDITS OF GROUP FINANCIAL STATEMENTS (INCLUDING THE WORK OF COMPONENT AUDITORS) CONTENTS INTERNATIONAL STANDARD ON AUDITING 600 SPECIAL CONSIDERATIONS AUDITS OF GROUP FINANCIAL STATEMENTS (INCLUDING THE WORK OF COMPONENT AUDITORS) (Effective for audits of group financial statements for periods

More information

Annual Assessment of the External Auditor

Annual Assessment of the External Auditor Annual Assessment of the External Auditor TOOL FOR AUDIT COMMITTEES January 2014 ENHANCING AUDIT QUALITY AUDIT COMMITTEES iii Table of Contents Introduction 1 1. Determine the scope, timing and process

More information

(Effective for audits of financial statements for periods beginning on or after December 15, 2009) CONTENTS

(Effective for audits of financial statements for periods beginning on or after December 15, 2009) CONTENTS INTERNATIONAL STANDARD ON 200 OVERALL OBJECTIVES OF THE INDEPENDENT AUDITOR AND THE CONDUCT OF AN AUDIT IN ACCORDANCE WITH INTERNATIONAL STANDARDS ON (Effective for audits of financial statements for periods

More information

STANDING ADVISORY GROUP MEETING

STANDING ADVISORY GROUP MEETING 1666 K Street, NW Washington, D.C. 20006 Telephone: (202) 207-9100 Facsimile: (202)862-8430 www.pcaobus.org STANDING ADVISORY GROUP MEETING BROKER-DEALER AUDIT CONSIDERATIONS JULY 15, 2010 Introduction

More information

Report on. 2009 Inspection of PricewaterhouseCoopers LLP. Public Company Accounting Oversight Board

Report on. 2009 Inspection of PricewaterhouseCoopers LLP. Public Company Accounting Oversight Board 1666 K Street, N.W. Washington, DC 20006 Telephone: (202) 207-9100 Facsimile: (202) 862-8433 www.pcaobus.org Report on 2009 (Headquartered in New York, New York) Issued by the Public Company Accounting

More information

Guide to Pcaob Inspections

Guide to Pcaob Inspections Guide to Pcaob Inspections october 2012 Since 2002, a new regulator, the Public Company Accounting Oversight Board (PCAOB), has had responsibility for overseeing auditors of public companies. Regular inspections

More information

Auditor Attestation of Internal Control Over Financial Reporting: What You Can Expect. A Smaller Public Company Perspective

Auditor Attestation of Internal Control Over Financial Reporting: What You Can Expect. A Smaller Public Company Perspective Auditor Attestation of Internal Control Over Financial Reporting: What You Can Expect A Smaller Public Company Perspective Smaller public companies were required to comply with the management assertion

More information

Compliance Audits 2463. Effective for compliance audits for fiscal periods ending on or after June 15, 2010. Earlier application is permitted.

Compliance Audits 2463. Effective for compliance audits for fiscal periods ending on or after June 15, 2010. Earlier application is permitted. Compliance Audits 2463 AU Section 801 Compliance Audits (Supersedes SAS No. 74.) Source: SAS No. 117. Effective for compliance audits for fiscal periods ending on or after June 15, 2010. Earlier application

More information

INTERNATIONAL STANDARD ON AUDITING (UK AND IRELAND) 200

INTERNATIONAL STANDARD ON AUDITING (UK AND IRELAND) 200 INTERNATIONAL STANDARD ON AUDITING (UK AND IRELAND) 200 OVERALL OBJECTIVES OF THE INDEPENDENT AUDITOR AND THE CONDUCT OF AN AUDIT IN ACCORDANCE WITH INTERNATIONAL STANDARDS ON AUDITING (UK AND IRELAND)

More information

A LAYPERSON S GUIDE INTERNAL CONTROL OVER FINANCIAL REPORTING (ICFR)

A LAYPERSON S GUIDE INTERNAL CONTROL OVER FINANCIAL REPORTING (ICFR) A LAYPERSON S GUIDE TO INTERNAL CONTROL OVER FINANCIAL REPORTING (ICFR) Prepared by Kayla J. Gillan, Member of the Public Company Accounting Oversight Board For The Council of Institutional Investors Annual

More information

CYBER SUPPLY INC. (Exact name of registrant as specified in its charter)

CYBER SUPPLY INC. (Exact name of registrant as specified in its charter) UNITED STATES SECURITIES AND EXCHANGE COMMISSION Washington, D.C. 20549 FORM 10-K/A-1 [X] ANNUAL REPORT UNDER TO SECTION 13 OR 15(d) OF THE SECURITIES EXCHANGE ACT OF 1934 For the fiscal year ended February

More information

Report on. 2015 Inspection of Deloitte AS (Headquartered in Oslo, Kingdom of Norway) Public Company Accounting Oversight Board

Report on. 2015 Inspection of Deloitte AS (Headquartered in Oslo, Kingdom of Norway) Public Company Accounting Oversight Board 1666 K Street, N.W. Washington, DC 20006 Telephone: (202) 207-9100 Facsimile: (202) 862-8433 www.pcaobus.org Report on 2015 (Headquartered in Oslo, Kingdom of Norway) Issued by the Public Company Accounting

More information

INTERNATIONAL STANDARD ON AUDITING 400 RISK ASSESSMENTS AND INTERNAL CONTROL CONTENTS

INTERNATIONAL STANDARD ON AUDITING 400 RISK ASSESSMENTS AND INTERNAL CONTROL CONTENTS INTERNATIONAL STANDARD ON 400 RISK ASSESSMENTS AND INTERNAL CONTROL (This Standard is effective, but will be withdrawn when ISA 315 and 330 become effective) * CONTENTS Paragraph Introduction... 1-10 Inherent

More information

COSO 2013 Internal Control Integrated Framework FRED J. PETERSON, PARTNER MOSS ADAMS LLP

COSO 2013 Internal Control Integrated Framework FRED J. PETERSON, PARTNER MOSS ADAMS LLP COSO 2013 Internal Control Integrated Framework FRED J. PETERSON, PARTNER MOSS ADAMS LLP Disclaimer The material appearing in this presentation is for informational purposes only and should not be construed

More information

Re: PCAOB Rulemaking Docket no. 008, Proposed Auditing Standard An Audit of Internal Control Over Financial Reporting

Re: PCAOB Rulemaking Docket no. 008, Proposed Auditing Standard An Audit of Internal Control Over Financial Reporting November 21, 2003 Office of the Secretary Public Company Accounting Oversight Board 1666 K Street, N.W. Washington, D.C. 20006-2803 Re: PCAOB Rulemaking Docket no. 008, Proposed Auditing Standard An Audit

More information

Identifying and Assessing. Understanding the Entity

Identifying and Assessing. Understanding the Entity Issued June 2009; revised July 2010, July 2012 Effective for audits of financial statements for periods beginning on or after 15 December 2009* Hong Kong Standard on Auditing 315 Identifying and Assessing

More information

INTERNATIONAL STANDARD ON AUDITING (UK AND IRELAND) 330 THE AUDITOR S PROCEDURES IN RESPONSE TO ASSESSED RISKS

INTERNATIONAL STANDARD ON AUDITING (UK AND IRELAND) 330 THE AUDITOR S PROCEDURES IN RESPONSE TO ASSESSED RISKS INTERNATIONAL STANDARD ON AUDITING (UK AND IRELAND) 330 THE AUDITOR S PROCEDURES IN RESPONSE TO ASSESSED RISKS (Effective for audits of financial statements for periods beginning on or after 15 June 2006)

More information

COMMUNICATIONS WITH AUDIT COMMITTEES OVERVIEW OF PCAOB AUDITING STANDARD NO. 16

COMMUNICATIONS WITH AUDIT COMMITTEES OVERVIEW OF PCAOB AUDITING STANDARD NO. 16 FEBRUARY 2013 www.bdo.com AN OFFERING FROM BDO S CORPORATE GOVERNANCE PRACTICE BDO USA CORPORATE GOVERNANCE PRACTICE BDO USA s Corporate Governance Practice was developed to provide guidance to corporate

More information

BAKER HUGHES INCORPORATED. CHARTER OF THE AUDIT/ETHICS COMMITTEE OF THE BOARD OF DIRECTORS (as amended and restated October 24, 2012)

BAKER HUGHES INCORPORATED. CHARTER OF THE AUDIT/ETHICS COMMITTEE OF THE BOARD OF DIRECTORS (as amended and restated October 24, 2012) BAKER HUGHES INCORPORATED CHARTER OF THE AUDIT/ETHICS COMMITTEE OF THE BOARD OF DIRECTORS (as amended and restated October 24, 2012) The Board of Directors of Baker Hughes Incorporated (the Company ) has

More information

Inspection of Fazzari + Partners LLP Chartered Accountants (Headquartered in Vaughan, Canada) Public Company Accounting Oversight Board

Inspection of Fazzari + Partners LLP Chartered Accountants (Headquartered in Vaughan, Canada) Public Company Accounting Oversight Board 1666 K Street, N.W. Washington, DC 20006 Telephone: (202) 207-9100 Facsimile: (202) 862-8433 www.pcaobus.org Inspection of Fazzari + Partners LLP (Headquartered in Vaughan, Canada) Issued by the Public

More information

TABLE OF CONTENTS. OMB Bulletin No , Audit Requirements for Federal Financial Statements

TABLE OF CONTENTS. OMB Bulletin No , Audit Requirements for Federal Financial Statements TABLE OF CONTENTS SUMMARY OF SIGNIFICANT CHANGES... 1 SECTION 1: BACKGROUND... 3 SECTION 2: DEFINITIONS... 3 SECTION 3: FREQUENCY OF AUDIT... 6 SECTION 4: RESPONSIBILITY FOR AUDIT... 6 SECTION 5: COMMUNICATION...

More information

ISA 700 (Revised), Forming an Opinion and Reporting on Financial Statements

ISA 700 (Revised), Forming an Opinion and Reporting on Financial Statements ISA 700 (Revised) April 2015 International Standard on Auditing ISA 700 (Revised), Forming an Opinion and Reporting on Financial Statements Explanatory Foreword INTERNATIONAL STANDARD ON AUDITING 700 (REVISED)

More information

[300] Accounting and internal control systems and audit risk assessments

[300] Accounting and internal control systems and audit risk assessments [300] Accounting and internal control systems and audit risk assessments (Issued March 1995) Contents Paragraphs Introduction 1 12 Inherent risk 13 15 Accounting system and control environment 16 23 Internal

More information

INTERNATIONAL STANDARD ON AUDITING 200 OBJECTIVE AND GENERAL PRINCIPLES GOVERNING AN AUDIT OF FINANCIAL STATEMENTS CONTENTS

INTERNATIONAL STANDARD ON AUDITING 200 OBJECTIVE AND GENERAL PRINCIPLES GOVERNING AN AUDIT OF FINANCIAL STATEMENTS CONTENTS INTERNATIONAL STANDARD ON AUDITING 200 OBJECTIVE AND GENERAL PRINCIPLES GOVERNING (Effective for audits of financial statements for periods beginning on or after December 15, 2005. The Appendix contains

More information

On the Setting of the Standards and Practice Standards for. Management Assessment and Audit concerning Internal

On the Setting of the Standards and Practice Standards for. Management Assessment and Audit concerning Internal (Provisional translation) On the Setting of the Standards and Practice Standards for Management Assessment and Audit concerning Internal Control Over Financial Reporting (Council Opinions) Released on

More information

INTERNATIONAL FRAMEWORK FOR ASSURANCE ENGAGEMENTS CONTENTS

INTERNATIONAL FRAMEWORK FOR ASSURANCE ENGAGEMENTS CONTENTS INTERNATIONAL FOR ASSURANCE ENGAGEMENTS (Effective for assurance reports issued on or after January 1, 2005) CONTENTS Paragraph Introduction... 1 6 Definition and Objective of an Assurance Engagement...

More information

Understanding the Entity and Its Environment and Assessing the Risks of Material Misstatement

Understanding the Entity and Its Environment and Assessing the Risks of Material Misstatement Understanding the Entity and Its Environment 267 AU-C Section 315 Understanding the Entity and Its Environment and Assessing the Risks of Material Misstatement Source: SAS No. 122; SAS No. 128. Effective

More information

Risk Management Advisory Services, LLC Capital markets audit and control

Risk Management Advisory Services, LLC Capital markets audit and control Risk Management Advisory Services, LLC Capital markets audit and control November 14, 2003 Office of the Secretary Public Company Accounting Oversight Board 1666 K Street, N.W. Washington, D.C., 20006-2803

More information

ISA 200, Overall Objective of the Independent Auditor, and the Conduct of an Audit in Accordance with International Standards on Auditing

ISA 200, Overall Objective of the Independent Auditor, and the Conduct of an Audit in Accordance with International Standards on Auditing International Auditing and Assurance Standards Board Exposure Draft April 2007 Comments are requested by September 15, 2007 Proposed Revised and Redrafted International Standard on Auditing ISA 200, Overall

More information

Inspection Observations Related to PCAOB "Risk Assessment" Auditing Standards (No. 8 through No.15)

Inspection Observations Related to PCAOB Risk Assessment Auditing Standards (No. 8 through No.15) 1666 K Street, N.W. Washington, DC 20006 Telephone: (202) 207-9100 Facsimile: (202) 862-8430 www.pcaobus.org Inspection Observations Related to PCAOB "Risk Assessment" Auditing Standards (No. 8 through

More information

Consideration of Fraud in a Financial Statement Audit

Consideration of Fraud in a Financial Statement Audit Consideration of Fraud in a Financial Statement Audit 1719 AU Section 316 Consideration of Fraud in a Financial Statement Audit (Supersedes SAS No. 82.) Source: SAS No. 99; SAS No. 113. Effective for audits

More information

B o a r d of Governors of the Federal Reserve System. Supplemental Policy Statement on the. Internal Audit Function and Its Outsourcing

B o a r d of Governors of the Federal Reserve System. Supplemental Policy Statement on the. Internal Audit Function and Its Outsourcing B o a r d of Governors of the Federal Reserve System Supplemental Policy Statement on the Internal Audit Function and Its Outsourcing January 23, 2013 P U R P O S E This policy statement is being issued

More information

Sarbanes-Oxley Control Transformation Through Automation

Sarbanes-Oxley Control Transformation Through Automation Sarbanes-Oxley Control Transformation Through Automation An Executive White Paper By BLUE LANCE, Inc. Where have we been? Where are we going? BLUE LANCE INC. www.bluelance.com 713.255.4800 info@bluelance.com

More information

STANDING ADVISORY GROUP MEETING

STANDING ADVISORY GROUP MEETING 1666 K Street, NW Washington, D.C. 20006 Telephone: (202) 207-9100 Facsimile: (202)862-8430 www.pcaobus.org REASONABLE ASSURANCE OCTOBER 5-6, 2005 Introduction The Board's interim auditing standards 1/

More information

Report on. 2015 Inspection of PricewaterhouseCoopers Accountants N.V. (Headquartered in Amsterdam, Kingdom of the Netherlands)

Report on. 2015 Inspection of PricewaterhouseCoopers Accountants N.V. (Headquartered in Amsterdam, Kingdom of the Netherlands) 1666 K Street, N.W. Washington, DC 20006 Telephone: (202) 207-9100 Facsimile: (202) 862-8433 www.pcaobus.org Report on 2015 (Headquartered in Amsterdam, Kingdom of the Netherlands) Issued by the Public

More information

Sarbanes -Oxley DISASTER RECOVERY. World JOURNAL. in a. The Journal Dedicated to. Business Continuity

Sarbanes -Oxley DISASTER RECOVERY. World JOURNAL. in a. The Journal Dedicated to. Business Continuity DISASTER RECOVERY The Journal Dedicated to Business Continuity JOURNAL Spring 2004 Volume 17, Number 2 $4.00 www.drj.com in a Sarbanes -Oxley World Photo by Williams James Warren/CORBIS ALSO... 20 Rules

More information

CVS HEALTH CORPORATION A Delaware corporation (the Company ) Audit Committee Charter Amended as of September 24, 2014

CVS HEALTH CORPORATION A Delaware corporation (the Company ) Audit Committee Charter Amended as of September 24, 2014 CVS HEALTH CORPORATION A Delaware corporation (the Company ) Audit Committee Charter Amended as of September 24, 2014 Purpose The Audit Committee (the Committee ) is created by the Board of Directors of

More information

How quality assurance reviews can strengthen the strategic value of internal auditing*

How quality assurance reviews can strengthen the strategic value of internal auditing* How quality assurance reviews can strengthen the strategic value of internal auditing* PwC Advisory Internal Audit Table of Contents Situation Pg. 02 In response to an increased focus on effective governance,

More information

ISSAI 1315. Identifying and Assessing the Risks of Material Misstatement through Understanding the Entity and Its Environment

ISSAI 1315. Identifying and Assessing the Risks of Material Misstatement through Understanding the Entity and Its Environment The International Standards of Supreme Audit Institutions, ISSAI, are issued by the International Organization of Supreme Audit Institutions, INTOSAI. For more information visit www.issai.org. Financial

More information

Information about 2015 Inspections

Information about 2015 Inspections Vol. 2015/2 October 2015 Staff Inspection Brief The staff of the Public Company Accounting Oversight Board ( PCAOB or Board ) prepares Inspection Briefs to assist auditors, audit committees, investors,

More information

Sarbanes-Oxley 404. Sarbanes-Oxley Background. SOX 404 Internal Controls. Goals of Sarbanes-Oxley

Sarbanes-Oxley 404. Sarbanes-Oxley Background. SOX 404 Internal Controls. Goals of Sarbanes-Oxley Sarbanes-Oxley Background Sarbanes-Oxley 404 Internal Controls in Financial Reporting: Implications for Actuaries Legislation passed July 30, 2002 Applies to GAAP financial statements filed with SEC Effective

More information

Professional Competence for Engagement Partners Responsible for Audits of Financial Statements (Revised)

Professional Competence for Engagement Partners Responsible for Audits of Financial Statements (Revised) IFAC Board Exposure Draft December 2013 Comments due: April 17, 2014 Proposed International Education Standard (IES) 8 Professional Competence for Engagement Partners Responsible for Audits of Financial

More information

APPENDIX A Illustrative Reports on Internal Control Over Financial Reporting

APPENDIX A Illustrative Reports on Internal Control Over Financial Reporting Page A 90 Standard APPENDIX A Illustrative Reports on Internal Control Over Financial Reporting A1. Paragraphs 167 through 199 of this standard provide direction on the auditor's report on management's

More information

SEC ISSUES FINAL RULES FOR NEW CEO/CFO CERTIFICATION UNDER SECTION 302 OF THE SARBANES-OXLEY ACT

SEC ISSUES FINAL RULES FOR NEW CEO/CFO CERTIFICATION UNDER SECTION 302 OF THE SARBANES-OXLEY ACT CLIENT MEMORANDUM SEC ISSUES FINAL RULES FOR NEW CEO/CFO CERTIFICATION UNDER SECTION 302 OF THE SARBANES-OXLEY ACT As noted in our previous client memoranda, the Sarbanes-Oxley Act of 2002 (the Act ) calls

More information

Risk Assessment Standards

Risk Assessment Standards Risk Assessment Standards Virginia Government Finance Officer's Association Spring Conference May 23, 2008 P R C P KMPG LLP J M P C B H H H T M AICPA Presentation Objectives 1. Discuss background of risk

More information

HALOZYME THERAPEUTICS, INC. CHARTER OF THE AUDIT COMMITTEE OF THE BOARD OF DIRECTORS ORGANIZATION AND MEMBERSHIP REQUIREMENTS

HALOZYME THERAPEUTICS, INC. CHARTER OF THE AUDIT COMMITTEE OF THE BOARD OF DIRECTORS ORGANIZATION AND MEMBERSHIP REQUIREMENTS HALOZYME THERAPEUTICS, INC. CHARTER OF THE AUDIT COMMITTEE OF THE BOARD OF DIRECTORS I. STATEMENT OF POLICY The Audit Committee (the Committee ) of the Board of Directors (the Board ) of Halozyme Therapeutics,

More information

Framework for Performing and Reporting on Compilation and Review Engagements

Framework for Performing and Reporting on Compilation and Review Engagements Compilation and Review Engagements 1999 AR Section 60 Framework for Performing and Reporting on Compilation and Review Engagements Issue date, unless otherwise indicated: December 2009 Source: SSARS No.

More information

(Effective for audits for periods beginning on or after December 15, 2009) CONTENTS

(Effective for audits for periods beginning on or after December 15, 2009) CONTENTS INTERNATIONAL STANDARD ON AUDITING 805 SPECIAL CONSIDERATIONS AUDITS OF SINGLE FINANCIAL STATEMENTS AND SPECIFIC ELEMENTS, ACCOUNTS OR ITEMS OF A FINANCIAL STATEMENT (Effective for audits for periods beginning

More information

PwC. Bill 198 Overview September 2004

PwC. Bill 198 Overview September 2004 PwC Bill 198 Overview September 2004 Agenda Welcome and overview Regulatory environment and background Three rules: 52-109 Strategies for implementing the CEO/CFO certification process 52-110 Requirements

More information

THIRD REPORT ON THE PROGRESS OF THE INTERIM INSPECTION PROGRAM RELATED TO AUDITS OF BROKERS AND DEALERS

THIRD REPORT ON THE PROGRESS OF THE INTERIM INSPECTION PROGRAM RELATED TO AUDITS OF BROKERS AND DEALERS 1666 K Street, N.W. Washington, DC 20006 Telephone: (202) 207-9100 Facsimile: (202) 862-8430 www.pcaobus.org THIRD REPORT ON THE PROGRESS OF THE INTERIM INSPECTION PROGRAM RELATED TO AUDITS OF BROKERS

More information

Addressing Disclosures in the Audit of Financial Statements

Addressing Disclosures in the Audit of Financial Statements Exposure Draft May 2014 Comments due: September 11, 2014 Proposed Changes to the International Standards on Auditing (ISAs) Addressing Disclosures in the Audit of Financial Statements This Exposure Draft

More information

Thomas P. O Connor, Certified Public Accountant

Thomas P. O Connor, Certified Public Accountant Phone: 708-448-5522 email: oconnortom@live.com September 30, 2011 Public Company Accounting Oversight Board Office of the Secretary 1666 K Street, N.W. Washington, D.C. 20006-2803 Reference: PCAOB Rulemaking

More information

International Standard on Auditing (UK and Ireland) 315

International Standard on Auditing (UK and Ireland) 315 Standard Audit and Assurance Financial Reporting Council June 2013 International Standard on Auditing (UK and Ireland) 315 Identifying and assessing the risks of material misstatement through understanding

More information

In-Depth Guide to Public Company Auditing: The Financial Statement Audit

In-Depth Guide to Public Company Auditing: The Financial Statement Audit In-Depth Guide to Public Company Auditing: The Financial Statement Audit Why an In-Depth Guide to Public Company Auditing? The foundation for confidence in U.S. capital markets is strengthened through

More information

RE: PCAOB Rulemaking Docket Matter No. 004 Statement Regarding the Establishment of Auditing and Other Professional Standards

RE: PCAOB Rulemaking Docket Matter No. 004 Statement Regarding the Establishment of Auditing and Other Professional Standards May 12, 2003 Office of the Secretary Public Company Accounting Oversight Board 1666 K Street, N.W. Washington, D.C. 20006-2803 RE: PCAOB Rulemaking Docket Matter No. 004 Statement Regarding the Establishment

More information

INTERNATIONAL STANDARD ON AUDITING 240 THE AUDITOR S RESPONSIBILITIES RELATING TO FRAUD IN AN AUDIT OF FINANCIAL STATEMENTS CONTENTS

INTERNATIONAL STANDARD ON AUDITING 240 THE AUDITOR S RESPONSIBILITIES RELATING TO FRAUD IN AN AUDIT OF FINANCIAL STATEMENTS CONTENTS INTERNATIONAL STANDARD ON 240 THE AUDITOR S RESPONSIBILITIES RELATING TO (Effective for audits of financial statements for periods beginning on or after December 15, 2009) CONTENTS Paragraph Introduction

More information

International Forum of Independent Audit Regulators Report on 2014 Survey of Inspection Findings March 3, 2015

International Forum of Independent Audit Regulators Report on 2014 Survey of Inspection Findings March 3, 2015 International Forum of Independent Audit Regulators Report on 2014 Survey of Inspection Findings March 3, 2015 Executive Summary In 2014, the International Forum of Independent Audit Regulators (IFIAR)

More information

This is Appendix A: Sarbanes-Oxley and Other Recent Reforms, appendix 1 from the book Governing Corporations (index.html) (v. 1.0).

This is Appendix A: Sarbanes-Oxley and Other Recent Reforms, appendix 1 from the book Governing Corporations (index.html) (v. 1.0). This is Appendix A: Sarbanes-Oxley and Other Recent Reforms, appendix 1 from the book Governing Corporations (index.html) (v. 1.0). This book is licensed under a Creative Commons by-nc-sa 3.0 (http://creativecommons.org/licenses/by-nc-sa/

More information

STANDING ADVISORY GROUP MEETING

STANDING ADVISORY GROUP MEETING 1666 K Street, N.W. Washington, DC 20006 Telephone: (202) 207-9100 Facsimile: (202) 862-8430 www.pcaobus.org RISK ASSESSMENT IN FINANCIAL STATEMENT AUDITS Introduction The Standing Advisory Group ("SAG")

More information

2015-16 Internal Control Questionnaire and Assessment

2015-16 Internal Control Questionnaire and Assessment Bureau of Financial Monitoring and Accountability Florida Department of Economic Opportunity September 9, 2015 107 East Madison Street Caldwell Building Tallahassee, Florida 32399 www.floridajobs.org TABLE

More information

Appendix C. Glossary

Appendix C. Glossary Glossary Appendix C Accounting control. Plan of organization and the procedures and records that are concerned with the safeguarding of assets and the reliability of the financial records. See internal

More information

Report on. 2014 Inspection of PricewaterhouseCoopers Incorporated (Headquartered in Johannesburg, Republic of South Africa)

Report on. 2014 Inspection of PricewaterhouseCoopers Incorporated (Headquartered in Johannesburg, Republic of South Africa) 1666 K Street, N.W. Washington, DC 20006 Telephone: (202) 207-9100 Facsimile: (202) 862-8433 www.pcaobus.org Report on 2014 Inspection of PricewaterhouseCoopers Incorporated (Headquartered in Johannesburg,

More information

CPCAF Comfort Letter Procedures. Copyright 2005 by the American Institute of Certified Public Accountants, Inc., New York, New York.

CPCAF Comfort Letter Procedures. Copyright 2005 by the American Institute of Certified Public Accountants, Inc., New York, New York. Comfort Letter Procedures Relating to Capsule Financial Information Presented In a Registration Statement Prior to the Issuance of the Year-End Financial Statements This white paper is not authoritative

More information

The Auditor s Communication With Those Charged With Governance

The Auditor s Communication With Those Charged With Governance The Auditor s Communication With Governance 2083 AU Section 380 The Auditor s Communication With Those Charged With Governance (Supersedes SAS No. 61.) Source: SAS No. 114. Effective for audits of financial

More information

Chapter 5. Rules and Policies NATIONAL INSTRUMENT 52-109 CERTIFICATION OF DISCLOSURE IN ISSUERS ANNUAL AND INTERIM FILINGS

Chapter 5. Rules and Policies NATIONAL INSTRUMENT 52-109 CERTIFICATION OF DISCLOSURE IN ISSUERS ANNUAL AND INTERIM FILINGS Chapter 5 Rules and Policies 5.1.1 NI 52-109 Certification of Disclosure in Issuers Annual and Interim Filings TABLE OF CONTENTS NATIONAL INSTRUMENT 52-109 CERTIFICATION OF DISCLOSURE IN ISSUERS ANNUAL

More information