Planning the external audit. The audit committee guide series

Planning the external audit The audit committee guide series

Effective audit committees are critical to the quality of financial reporting and the proper conduct of business. This guide is one of a series that is meant to help audit committees meet their oversight and fiduciary responsibilities. Trent Gazzaway, National Managing Partner of Audit Services Contents 2 Role of the external auditor 3 Audit planning 4 Financial statement assertions 6 Designing audits 7 Judging materiality 9 Assessing audit risk 10 Evaluating risk of material misstatement 11 Overseeing plan and team 12 Performing audit tests 13 Using the work of others The audit committee guide series has been adapted from The Audit Committee Handbook, Fifth Edition, published by John Wiley & Sons and available for purchase at www. GrantThornton.com/ACHandbook and through major online booksellers and bookstores nationwide. 14 Evaluating the audit plan 15 More guidance 17 Grant Thornton s audit services 20 Suggested reading 21 Offi ces of Grant Thornton LLP

When it comes to an external audit, the audit committee has responsibility to ensure auditors work is done right and with integrity. In the U.S., the audit committee is charged with overseeing the integrity of the financial reporting process and the external auditor. To fulfill these responsibilities, audit committee members must be prepared to evaluate and oversee both the external audit plan and the external auditor. That responsibility extends to appointing, compensating and overseeing the work of any registered public accounting firm employed by the company. During the audit engagement, external auditors report directly to the audit committee. To fulfill their duty to oversee the external audit function, audit committee members must be familiar with how auditors consider management assertions contained in the financial statements, and the planning process auditors go through prior to issuing an opinion. The remainder of this issue of the audit committee guide series summarizes the audit planning process and provides some attributes that audit committee members may look for in an effective audit plan. How will financial reform impact your company? The regulatory landscape is changing for companies and their audit committees. Visit www.grantthornton.com/financialreform to read about the Dodd-Frank Act and how it may affect your company. Planning the external audit 1

Role of the external auditor External auditors are independent audit professionals who audit the financial statements of a company, legal entity or organization. They are expected to express an opinion on whether an entity s financial statements are free of material misstatements and are a true and fair representation of actual financial position. The external auditor s primary responsibilities are to: 1. identify items that have a reasonable possibility of causing the financial statements to be materially misstated; 2. design and execute tests to determine whether such misstatements have occurred; and 3. in certain public company audits, test the effectiveness of internal control over financial reporting. 1 1 Applicable to companies subject to Section 404(b) of the Sarbanes-Oxley Act of 2002. 2 Planning the external audit

Audit planning Audit planning is a three-step iterative process undertaken by the external auditor, and evaluated by the audit committee, each audit cycle. Audit planning, as defined in International Standards on Auditing (ISA) No. 300, includes: 1. obtaining an understanding of the entity, its environment and its internal control system; 2. assessing the risk of material misstatement in the financial statements; and 3. designing audit procedures commensurate with the assessed level of risk. Audit Process Flow Planning the external audit 3

Financial statement assertions When management issues financial statements, it makes assertions regarding the recognition, measurement, presentation and disclosure of information in those financial statements. Assertions identify the most important elements of a given financial reporting line item or disclosure. In the planning phase, when the auditor is designing the tests that will be used during the audit, assertions allow the auditor to focus on what is most important to financial statement users. For example, an auditor will focus on the existence of cash rather than the valuation of cash. Likewise, an auditor will focus on items that potentially could be understated rather than those that may be overstated. Although terminology may differ, auditors generally will consider the following assertions, separated into three categories: Transactions 1. Occurrence Transactions took place. 2. Completeness Transactions that should have been recorded have been recorded. 3. Accuracy Transaction amounts and other data have been recorded appropriately. 4. Cutoff Transactions have been recorded in correct accounting period. 5. Classification Transactions have been recorded in proper accounts. 4 Planning the external audit

Account balances 1. Existence Assets, liabilities and equity interests exist. 2. Rights and obligations The entity has rights to assets and is obligated for liabilities. 3. Completeness All assets, liabilities and equity interests that should have been recorded have been recorded. 4. Valuation and allocation Assets, liabilities and equity interests are included and adjustments are recorded appropriately in the financial statements. Presentation and disclosure 1. Occurrence, rights and obligations Disclosed transactions have occurred and pertain to the entity. 2. Completeness Disclosures that should have been included have been included. 3. Classification and understandability Financial information is presented and described appropriately, and disclosures are expressed clearly. 4. Accuracy and valuation Information is disclosed fairly and at appropriate amounts. Assertions Financial statements represent a complex and interrelated set of assertions. Auditors generally test assertions in three areas transactions and events, account balances, and presentation and disclosure. Planning the external audit 5

Designing audits It is not possible to design a practical audit that eliminates all risk of misstatement. Auditors must design audits to focus on areas that have the highest likelihood of containing material misstatements, and use methodologies that provide reasonable assurance that misstatements do not exist. 2 To do so, auditors consider two key factors in planning and executing audits: materiality and audit risk. 2 Statement on Auditing Standard No. 1, par. 2 states, The auditor has a responsibility to plan and perform the audit to obtain reasonable assurance about whether the fi nancial statements are free of material misstatement, whether caused by error or fraud. 6 Planning the external audit

Judging materiality Materiality is used to evaluate audit findings and determine whether any uncorrected errors render financial statements materially inaccurate. Both quantitative and qualitative measures are used to judge materiality. Quantitative materiality is calculated as a percentage of a meaningful financial statement number, such as pretax net income or total assets. Auditors then use a fraction of that overall materiality number to design their tests. This fraction of overall materiality is called the tolerable error. It represents the maximum undetected error that the auditor is willing to accept or tolerate in the samples he or she selects for testing. Materiality, or the degree to which a reasonable person might be influenced by an omission or misstatement, affects the scope of an audit, such as the fi nancial accounts and disclosures on which to focus, as well as the locations, subsidiaries or divisions to include in the audit. The presence of qualitative risk considerations may cause the auditor to adjust testing scopes. They might also influence the auditor s conclusions about the significance of an identified error that might, in purely quantitative measures, be considered immaterial. Planning the external audit 7

Exhibit 1 lists some qualitative factors that auditors might consider. Exhibit 1: Qualitative factors that may influence the determination of materiality Qualitative considerations may include: The potential effect of the misstatements on trends, especially trends in profi tability A misstatement that changes a loss into income or vice versa The potential effect of the misstatement on the entity s compliance with loan covenants, other contractual agreements, and regulatory provisions The existence of statutory or regulatory reporting requirements that affect materiality thresholds A change masked in earnings or other trends, especially in the context of general economic and industry conditions A misstatement that has the effect of increasing management s compensation, for example, by satisfying the requirements for the award of bonuses or other forms of incentive compensation The sensitivity of the circumstances surrounding the misstatement, for example, the implications of misstatement involving fraud and possible illegal acts, violations of contractual provisions such as debt covenants, and conflicts of interest The signifi cance of the fi nancial statement element affected by the misstatement, for example, a misstatement affecting recurring earnings as contrasted to one involving a nonrecurring charge or credit, such as an extraordinary item The effects of misclassifi cations, for example, misclassifi cation between operating and nonoperating income or recurring and nonrecurring income items, or a misclassifi cation between fund-raising costs and program activity costs in a not-for-profi t organization The signifi cance of the misstatement relative to reasonable user needs, for example: Earnings to investors and the equity amounts to creditors The magnifying effects of a misstatement on the calculation of purchase price in a transfer of interests (buy-sell agreement) The effect of misstatement of earnings when contrasted with expectations Copyright 2010. American Institute of Certifi ed Public Accountants. All rights reserved. Used with permission. 8 Planning the external audit

Assessing audit risk Audit risk is the risk that the auditor may unknowingly fail to modify his opinion on financial statements that are materially misstated. It relates to (1) the risk that the financial statements prepared by management are materially misstated (material misstatement risk) and (2) the risk that the auditor will not detect such material misstatement (detection risk). Misstatement risk and detection risk are inversely related. The greater the material misstatement risk, the less the detection risk the auditor can accept. Conversely, the lower the material misstatement risk, the greater the detection risk acceptable by the auditor. 3 When audit risk is high, external auditors design audits with more extensive testing, less reliance on the work of others and less interim work. As that risk diminishes, auditors rely less on extensive testing and more on the work of others, and perform more interim work during the audit cycle. 3 SAS No. 107, par. 25 (New York: AICPA, 2006); and ISA 200, par. A42 (New York: IFAC 2009). Planning the external audit 9

Evaluating risk of material misstatement The auditor evaluates a company s risk of material misstatement by evaluating: 4 Inherent risk (natural risk irrespective of internal controls). Some examples of inherent risk considerations include: volume, complexity, susceptibility of an asset to theft, estimates, and industry circumstances. 5 Control risk (risk that the internal control system will not prevent or detect a material misstatement). Some factors that influence inherent risk can also impact control risk (complexity, judgment required, susceptibility to fraud). Other control risks include the nature of operations, changes in operations and environmental factors. 6 4 Ibid., SAS No. 107, par. 21; and ISA 200, par. 13(n). 5 See the AICPA Audit Guide: Assessing and Responding to Audit Risk in a Financial Statement Audit, par. 2.10. 6 See COSO, Guidance on Monitoring Internal Control Systems, vol. 2, par. 58. 10 Planning the external audit

Overseeing plan and team 7 The auditor must adequately plan the work and must properly supervise any assistants. 8 Accordingly, the audit committee might ask the auditor-incharge about: 9 The experience, training and amount of resources assigned to specific audit areas. When such resources are to be assigned, and how much time they are expected to incur. How resources are to be managed, directed and supervised, such as: When and how often team briefing and debriefing meetings are expected to be held. Whether the auditor will utilize a concurring reviewer or other form of engagement quality review. Every audit of a company listed on a U.S. exchange must include a concurring partner (or equivalent) quality review. 7 Ibid., par. 15. See also ISA 220, par. 14 15. 8 Statement on Auditing Standards No. 108, par. 1. New York: AICPA, 2006. 9 Ibid., par. 15. See also ISA 220, par. 14-15. Planning the external audit 11

Performing audit tests Auditors perform two different types of audit tests: tests of controls and substantive procedures. Tests of controls are designed to evaluate the effectiveness of the internal control system in preventing or in detecting and correcting errors before they result in a material misstatement in the fi nancial statements. Tests may include: a walkthrough, from beginning to end, of one or more transactions; and selecting samples of controls at a point in time, or over time, and observing or reperforming them to obtain evidence that they operate effectively. Audit committee considerations: The audit committee should know whether internal control areas exist that the auditor does not believe are effective enough to warrant any level of audit reliance. Such areas may lead to errors in internal reports used for decision-making purposes. Substantive procedures are designed to detect material misstatements at the assertion level by testing the output from the fi nancial reporting process. Procedures consist of: 10 tests of details, which may include inspection, observation, external confi rmation, recalculation, and/or inquiry 11 on a sample of transactions or accounts; and substantive analytical procedures, 12 which may range from simple comparisons to complex analyses using advanced statistical techniques. Examples may include analyzing fi nancial trends over time, comparing fi nancial ratios (e.g., gross margin percentages) to established expectations, and comparing fi nancial and non-fi nancial information (e.g., payroll costs and number of employees). Audit committee considerations: If an auditor s substantive procedure discovers a material error, it is because the internal control system did not. Substantive procedures are performed for each material class of transactions, account balance and disclosure. 10 See ISA 500, par. A14-A22, and SAS No. 110, par 11. 11 See ISA 315, par. A67, and SAS No. 110, par. 29. 12 Audit committee members may hear auditors talk about planning analytics. While planning analytics employ the same tools as substantive analytical procedures, auditors perform them for a different purpose. Auditors use planning analytics early in the audit cycle to help identify inherent and control risks. They employ substantive analytical procedures (which usually are more comprehensive than planning analytics) throughout the audit cycle to determine whether material misstatements have occurred. 12 Planning the external audit

Using the work of others External auditors often can enhance the efficiency and effectiveness of their audits by using the work performed by others. Most standards that govern this topic relate to using the work performed by the internal audit functions. 13 In the U.S., however, the PCAOB has expanded that potential use to include the work of company personnel (in addition to internal auditors), and third parties working under the direction of management or the audit committee when gathering evidence about the effectiveness of internal control over financial reporting. 14 Audit committee members should understand the extent to which auditors plan to use the work of others, 15 and question whether auditors have considered the following: The nature, scope and adequacy of work performed by others The assessed risks of material misstatement The degree of subjectivity in evaluating audit evidence gathered by others to support relevant assertions The objectivity and technical competence of others Whether the others work is carried out with due professional care Whether effective communication is likely to occur between others and the external auditor The expected effect of the work of others on the nature, timing, or extent of the external auditor s procedures 13 See ISA 610 and SAS No. 65. 14 See PCAOB Auditing Standard No. 5, par. 17. 15 See ISA 240, par. A14. Planning the external audit 13

Evaluating the audit plan Audit committee members will want to be confident that the external audit plan: 1. covers all risks that have a reasonable possibility of materially affecting the financial statements; 2. focuses on the effectiveness of the internal control system s ability to mitigate those risks, with minimal time spent on controls whose failure likely would be immaterial, or detected and corrected by other controls; 3. takes appropriate advantage of the work performed by others, especially that of internal audit, but does not place unwarranted reliance on such work; and 4. focuses appropriately on areas where the risk of fraud is meaningful. 14 Planning the external audit

More guidance Auditors and audit committee members may find Exhibit 2 to be helpful in planning the audit and in tracking progress. The Audit Committee Handbook, Fifth Edition, contains more detailed guidance and is available for purchase at www.grantthornton.com/achandbook and through major online booksellers and bookstores nationwide. Exhibit 2: Example audit planning schedule Q2 Q3 Q4 Q1-Next Year Budgeted Hours Hours to Date ETC Month 4 5 6 7 8 9 10 11 12 1 2 3 Phase I Planning, risk assessment and control design Integrated audit planning Review and comment on client s entity-level risk assessment and project plan (i.e., determine locations for testing) Identify signifi cant accounts/ cycles and critical assertions Update entity-level control documentation Update activity-level control documentation Evaluate control design effectiveness and note key controls Execute walkthroughs of identifi ed (and potentially key) controls Follow up on previous recommendations for improvement Planning the external audit 15

Q2 Q3 Q4 Q1-Next Year Budgeted Hours Hours to Date ETC Month 4 5 6 7 8 9 10 11 12 1 2 3 Phase II Tests of controls and preliminary fi nancial statement testing Identify key controls Review management s testing methodology Finalize testing strategy for key controls Evaluate competence and objectivity of client s control testers Determine possible use of others work Determine controls to test and testing procedures Execute and document tests of controls (including review of work of others) Quarterly fi nancial statement reviews Q2 Q3 Q4 Q1-Next Year Budgeted Hours Hours to Date ETC Month 4 5 6 7 8 9 10 11 12 1 2 3 Phase III Final testing, evaluate results and wrap up Evaluate and document defi ciencies Make recommendations for improvements Annual audit procedures Communicate and report results Draft opinion Complete review and documentation Issue opinion Total - - - 16 Planning the external audit

Grant Thornton s audit services Credible, timely and relevant financial information is fundamental to promoting confidence in a company. Audit committees, as well as management, play a unique role in establishing and maintaining that confidence. Because audit committee members must rely heavily on both internal and external auditors being independent and candid, finding the right auditors is paramount to the audit committee s oversight role. Grant Thornton provides audit solutions that offer real value to today s dynamic global organizations. For over 80 years, we have served a wide range of private and public clients across America s heartland. With Grant Thornton, you get: access to industry specialists and technical resources; local support from our 52 U.S. offices and access to the global resources of Grant Thornton International Ltd member and correspondent firms in more than 100 countries; a high level of partner involvement and personalized service; experienced professionals who have the leadership and communications skills to deliver constructive feedback on complex issues; and quality services delivered consistently with state-of-the art tools. Planning the external audit 17

Contact us for help with either your internal or external audit needs Warren Stippich Partner and National Governance, Risk and Compliance Solution Leader T 312.602.8499 E Warren.Stippich@us.gt.com Trent Gazzaway National Managing Partner of Audit Services T 312.602.8034 E Trent.Gazzaway@us.gt.com 18 Planning the external audit

Subscribe to Grant Thornton publications at www.grantthornton.com/subscribe Receive relevant white papers and timely updates on industry issues and the regulatory environment. CorporateGovernor white paper series Ensure your public company is run well and in accordance with applicable laws and regulations. Explore a range of topics from fraud prevention and detection to fi nancial reporting control and SOX compliance: Enterprise risk management: Creating value in a volatile economy discusses why implementing an enterprise risk management (ERM) program can benefi t companies in a down economy and how ERM can help enhance business strategy. Hear that whistle blowing! Establishing an effective complaint-handling process addresses an important mandate of the Sarbanes-Oxley Act: the requirement that audit committees establish procedures for receiving, documenting and handling complaints related to accounting and auditing matters. Fraud in the economic recovery As companies pick up the pieces following a bruising bout of the economic blues, they need to be on the lookout for fraud. From heightened fraud risk to due diligence strategies for companies purchasing distressed assets, this CorporateGovernor white paper provides a sound overview of fraud prevention in today s economic environment. Timely updates Tailored to management, boards and audit committees of mid-cap public companies, these updates help you stay abreast of issues that affect the marketplace and your business. Boardroom awareness: Service organization reports in transition to new U.S. and international standards In this issue of CorporateGovernor newsletter, Grant Thornton advisory professionals discuss the new service organization reporting standards that are set to replace Statement on Auditing Standards No. 70 (SAS 70) by mid-2011. Information overload: How to make data analytics work for the internal audit function Learn how your internal audit department can effectively use data analytics to add value to your organization. Planning the external audit 19

Suggested reading The Audit Committee Handbook, Fifth Edition (Wiley, 2010, ISBN: 978-0-470-56048-8, U.S. $95.00). The Audit Committee Handbook is co-authored by Grant Thornton LLP audit committee experts R. Trent Gazzaway, national managing partner of Audit Services, and Robert H. Colson, retired partner in Public Policy and External Affairs, along with Louis Braiotta Jr., professor of accounting at SUNY Binghamton s School of Management, and Sridhar Ramamoorti, principal at Infogix Advisory Services. The Audit Committee Handbook provides practical, in-depth guidance on all audit committee functions, duties and responsibilities. This latest edition features regulatory updates, new chapters on audit planning and oversight, heightened focus on fraud risk, and broad international coverage. The Audit Committee Handbook is available at www.grantthornton.com/ ACHandbook and through major online booksellers and bookstores nationwide. The Anti-Corruption Handbook: How to Protect Your Business in the Global Marketplace (Wiley, 2010, ISBN: 978-0-470-61309-2, U.S. $75.00) Today s demanding marketplace expects CFOs, auditors, compliance officers and forensic accountants to take responsibility for fraud detection. These expectations are buoyed by such legislation as the Foreign Corrupt Practices Act, which makes it a crime for any U.S. entity or individual to obtain or retain business by paying bribes to foreign government officials. Written by William P. Olsen, the practice leader of Anti-Corruption Services at Grant Thornton LLP, The Anti-Corruption Handbook provides guidelines addressing the challenges of maintaining business integrity in the global marketplace. 20 Planning the external audit

Grant Thornton LLP offices National Office 175 W. Jackson Blvd., 20th Floor Chicago, IL 60604-2687 312.856.0200 Washington National Tax Office 1250 Connecticut Ave. NW, Suite 400 Washington, DC 20036-3531 202.296.7800 Arizona Phoenix 602.474.3400 California Irvine 949.553.1600 Los Angeles 213.627.1717 Sacramento 916.449.3991 San Diego 858.704.8000 San Francisco 415.986.3900 San Jose 408.275.9000 Woodland Hills 818.936.5100 Colorado Denver 303.813.4000 Florida Fort Lauderdale 954.768.9900 Miami 305.341.8040 Orlando 407.481.5100 Tampa 813.229.7201 Georgia Atlanta 404.330.2000 Illinois Chicago 312.856.0200 Oakbrook Terrace 630.873.2500 Schaumburg 847.884.0123 Kansas Wichita 316.265.3231 Maryland Baltimore 410.685.4000 Massachusetts Boston 617.723.7900 Michigan Detroit 248.262.1950 Minnesota Minneapolis 612.332.0001 Missouri Kansas City 816.412.2400 St. Louis 314.735.2200 Nevada Reno 775.786.1520 New Jersey Edison 732.516.5500 New York Albany 518.427.5197 Long Island 631.249.6001 Downtown 212.422.1000 Midtown 212.599.0100 North Carolina Charlotte 704.632.3500 Raleigh 919.881.2700 Ohio Cincinnati 513.762.5000 Cleveland 216.771.1400 Oklahoma Oklahoma City 405.218.2800 Tulsa 918.877.0800 Oregon Portland 503.222.3562 Pennsylvania Harrisburg 717.265.8600 Philadelphia 215.561.4200 South Carolina Columbia 803.231.3100 Texas Austin 512.391.6821 Dallas 214.561.2300 Houston 832.476.3600 San Antonio 210.881.1800 Utah Salt Lake City 801.415.1000 Virginia Alexandria 703.837.4400 McLean 703.847.7500 Washington Seattle 206.623.1121 Washington, D.C. Washington, D.C. 202.296.7800 Wisconsin Appleton 920.968.6700 Madison 608.257.6761 Milwaukee 414.289.8200 Planning the external audit 21

Grant Thornton LLP All rights reserved U.S. member fi rm of Grant Thornton International Ltd The people in the independent fi rms of Grant Thornton International Ltd provide personalized attention and the highest quality service to public and private clients in more than 100 countries. Grant Thornton LLP is the U.S. member fi rm of Grant Thornton International Ltd, one of the six global audit, tax and advisory organizations. Grant Thornton International Ltd and its member fi rms are not a worldwide partnership, as each member fi rm is a separate and distinct legal entity. In the U.S., visit Grant Thornton LLP at www.grantthornton.com.