Response e-mailed to comments@pcaobus.org



Similar documents
) ) ) ) ) ) ) ) ) ) ) )

BDO Seidman, LLP Accountants and Consultants

Addressing Disclosures in the Audit of Financial Statements

Risk Management Advisory Services, LLC Capital markets audit and control

How To Audit A Company

) ) ) ) ) ) ) ) ) ) CONCEPT RELEASE ON POSSIBLE REVISIONS TO PCAOB STANDARDS RELATED TO REPORTS ON AUDITED FINANCIAL STATEMENTS

AN AUDIT OF INTERNAL CONTROL OVER FINANCIAL REPORTING THAT IS INTEGRATED WITH AN AUDIT OF FINANCIAL STATEMENTS:

STAFF AUDIT PRACTICE ALERT NO. 5 AUDITOR CONSIDERATIONS REGARDING SIGNIFICANT UNUSUAL TRANSACTIONS. April 7, 2010

) ) ) ) ) ) ) ) ) ) ) )

INTERNATIONAL STANDARDS FOR THE PROFESSIONAL PRACTICE OF INTERNAL AUDITING (STANDARDS)

STANDING ADVISORY GROUP MEETING

Thomas P. O Connor, Certified Public Accountant

STANDING ADVISORY GROUP MEETING

Auditor's Objective in an Audit of Internal Control Over Financial Reporting

INTERNATIONAL STANDARD ON AUDITING 200 OBJECTIVE AND GENERAL PRINCIPLES GOVERNING AN AUDIT OF FINANCIAL STATEMENTS CONTENTS

INTERNATIONAL STANDARDS FOR THE PROFESSIONAL PRACTICE OF INTERNAL AUDITING (STANDARDS)

Concept Release on Possible Revisions to PCAOB Standards Related to Reports on Audited Financial Statements; PCAOB Rulemaking Docket Matter No.

September 9, Office of the Secretary Public Company Accounting Oversight Board 1666 K Street, N.W. Washington, D.C.

ISA 200, Overall Objective of the Independent Auditor, and the Conduct of an Audit in Accordance with International Standards on Auditing

RE: PCAOB Rulemaking Docket Matter No. 041: Concept Release on Audit Quality Indicators

Inspection Observations Related to PCAOB "Risk Assessment" Auditing Standards (No. 8 through No.15)

Background. Audit Quality and Public Interest vs. Cost

November 21, Public Company Accounting Oversight Board 1666 K Street Washington, DC 20006

ISRE 2400 (Revised), Engagements to Review Historical Financial Statements

OBSERVATIONS FROM 2010 INSPECTIONS OF DOMESTIC ANNUALLY INSPECTED FIRMS REGARDING DEFICIENCIES IN AUDITS OF INTERNAL CONTROL OVER FINANCIAL REPORTING

Performing Audit Procedures in Response to Assessed Risks and Evaluating the Audit Evidence Obtained

ISACA is responding to the PCAOB questions principally from an information technology (IT) perspective.

RE: PCAOB Rulemaking Docket Matter No. 004 Statement Regarding the Establishment of Auditing and Other Professional Standards

Design Standard Requirements and Regulations for Personal Protective Equipment

26 February Ms. Nancy M. Morris, Secretary Securities and Exchange Commission 100 F Street NE Washington, DC

Guide to Pcaob Inspections

RE: Staff Consultation Paper , The Auditor's Use of the Work of Specialists

Re: PCAOB Release No (Docket Matter No. 41) Concept Release on Audit Quality Indicators ( Concept Release )

STANDING ADVISORY GROUP MEETING

GAO. Government Auditing Standards: Implementation Tool

Standards for the Professional Practice of Internal Auditing

Internal Control over Financial Reporting Guidance for Smaller Public Companies

PCAOB Concept Release on Audit Quality Indicators Summary & Considerations for Stakeholder Comment

AUDIT OF INTERNAL CONTROL THAT IS INTEGRATED WITH AN AUDIT OF FINANCIAL STATEMENTS: GUIDANCE FOR AUDITORS OF SMALLER PUBLIC COMPANIES

Auditing Standards Committee Auditing Section American Accounting Association

) ) ) ) ) ) ) ) ) ) ) ) AUDITING STANDARD No. 17. PCAOB Release No October 10, 2013

Professional Development for Engagement Partners Responsible for Audits of Financial Statements (Revised)

Consultation Response

Audit Risk and Materiality in Conducting an Audit

Internal Control Integrated Framework. May 2013

Staff Consultation Paper No The Auditor s Use of the Work of Specialists

Dear Members of the Board and Staff of the Public Company Accounting Oversight Board:

Audit Documentation See section 9339 for interpretations of this section.

STAFF QUESTIONS AND ANSWERS

SECTION B DEFINITION, PURPOSE, INDEPENDENCE AND NATURE OF WORK OF INTERNAL AUDIT

REPORT ON INSPECTIONS OF DOMESTIC FIRMS THAT AUDIT 100 OR FEWER PUBLIC COMPANIES

GAO. Government Auditing Standards Revision. By the Comptroller General of the United States. United States Government Accountability Office

STANDARD-SETTING AGENDA OFFICE OF THE CHIEF AUDITOR DECEMBER 31, 2014

Understanding the Entity and Its Environment and Assessing the Risks of Material Misstatement

STANDING ADVISORY GROUP MEETING

Sears Hometown and Outlet Stores, Inc. Audit Committee of the Board of Directors Charter

Practice Guide COORDINATING RISK MANAGEMENT AND ASSURANCE

An Examination of an Entity s Internal Control Over Financial Reporting That Is Integrated With an Audit of Its Financial Statements

INSTITUTE OF CERTIFIED PUBLIC ACCOUNTANTS OF RWANDA (ICPAR)

Inspection of Fazzari + Partners LLP Chartered Accountants (Headquartered in Vaughan, Canada) Public Company Accounting Oversight Board

File Number S , SEC Concept Release: Possible Revisions to Audit Committee Disclosures

Inspection of Chang G Park (Headquartered in San Diego, California) Public Company Accounting Oversight Board

STAFF GUIDANCE FOR AUDITORS OF SEC-REGISTERED BROKERS AND DEALERS JUNE 26, 2014

Guide to Public Company Auditing

Risk Assessment Standards

Risks (Audit Risk Formula)

Professional Scepticism in an Audit of a Financial Report

Strategy for : Fulfilling Our Public Interest Mandate in an Evolving World

COMMUNICATIONS WITH AUDIT COMMITTEES OVERVIEW OF PCAOB AUDITING STANDARD NO. 16

[RELEASE NOS ; ; FR-77; File No. S ]

The Auditor s Communication With Those Charged With Governance

Elizabeth M. Murphy, Secretary Securities and Exchange Commission 100 F Street, NE Washington, DC USA

B o a r d of Governors of the Federal Reserve System. Supplemental Policy Statement on the. Internal Audit Function and Its Outsourcing

How quality assurance reviews can strengthen the strategic value of internal auditing*

A I. C A Q A p p r o a c h to A u d i t Q u a l i ty I n d i c a to r s

EUROPEAN CONFEDERATION OF INSTITUTES OF INTERNAL AUDITING (IVZW)

Sarbanes-Oxley Section 404: Management s Assessment Process

STAFF QUESTIONS AND ANSWERS

Guide to Internal Control Over Financial Reporting

October 27, Docket No. CFPB , RIN 3170-AA10 Home Mortgage Disclosure (Regulation C)

INTERNATIONAL STANDARD ON AUDITING (UK AND IRELAND) 240 THE AUDITOR S RESPONSIBILITY TO CONSIDER FRAUD IN AN AUDIT OF FINANCIAL STATEMENTS CONTENTS

SARBANES-OXLEY SECTION 404: A Guide for Management by Internal Controls Practitioners

Re: Exposure draft: Proposed changes to the Code of Ethics for Professional Accountants related to provisions addressing a

INTERNATIONAL STANDARD ON ASSURANCE ENGAGEMENTS 3000 ASSURANCE ENGAGEMENTS OTHER THAN AUDITS OR REVIEWS OF HISTORICAL FINANCIAL INFORMATION CONTENTS

AMTRUST FINANCIAL SERVICES, INC. AUDIT COMMITTEE CHARTER

Special Considerations Audits of Group Financial Statements (Including the Work of Component Auditors)

Clear, transparent reporting The new auditor s report

Exposure Draft: Improving the Structure of the Code of Ethics for Professional Accountants Phase 1

INTERNATIONAL STANDARD ON AUDITING 800 SPECIAL CONSIDERATIONS AUDITS OF FINANCIAL STATEMENTS PREPARED IN ACCORDANCE WITH SPECIAL PURPOSE FRAMEWORKS

Internal Audit Standards

Independent Auditors Report

Consideration of Fraud in a Financial Statement Audit

Initial Professional Development - Professional Values, Ethics, and Attitudes (Revised)

Report on Inspection of Deloitte AS (Headquartered in Oslo, Kingdom of Norway) Public Company Accounting Oversight Board

IMPLEMENTATION OF THE CLARIFIED INTERNATIONAL STANDARDS ON AUDITING (ISAs)

Professional Judgment Resource

ISAE 3000 (Revised), Assurance Engagements Other Than Audits or Reviews of Historical Financial Information

Staff Paper. IFRIC Meeting Agenda reference 18. Going concern disclosure. Purpose of this paper

The Auditor's Responsibilities Relating to Other Information

Report on Inspection of Deloitte & Touche GmbH Wirtschaftsprüfungsgesellschaft (Headquartered in Munich, Federal Republic of Germany)

Transcription:

Richard F. Chambers Certified Internal Auditor Certified Government Auditing Professional Certification in Control Self-Assessment President and Chief Executive Officer DATE Office of the Secretary PCAOB 1666 K Street, N.W. Washington, DC 20006-2803 USA Response e-mailed to comments@pcaobus.org RE: PCAOB Rulemaking Docket Matter No. 026: Proposed Auditing Standards Related to the Auditor s Assessment of and Response to Risk Dear Sir/Madam: The Institute of Internal Auditors (IIA) welcomes the opportunity to respond to the revisions to the PCAOB s proposed auditing standards related to the auditor s assessment of and response to risk. Our comments are based on a thorough analysis and discussion, utilizing a core team of audit experts who serve on The IIA s Professional Issues Committee. These individuals consist of Certified Public Accountants and Certified Internal Auditors who have worked in public accounting and in management position in small, medium, and large multinational companies. These standards are extremely important to The Institute as our members work closely with external auditors on a daily basis. They will have a tremendous influence on the manner in which audits are performed and the level of testing required during an audit. As internal audit professionals, we are well-positioned to understand the true impact the standards have on audit practices as well as on governance and control practices within companies. We applaud the PCAOB s revisions to the original proposed standards. We believe these standards to be of high quality, and the changes in the draft, as advocated by many respondents, have aided in the improvement of such standards. We believe the transparency shown by the PCAOB in providing a second comment period enhances the objectivity of the process and exemplifies the professionalism of the PCAOB standards-setting process. The following are our principal comments and observations. Detailed responses to the questions posed in the exposure document, and other matters related to specific standards, can be found in Attachment A. 1. We recommend simplifying the overall language within each of the standards, with more examples to reduce the chance of practitioner misunderstanding. In addition, avoiding unnecessary terms will ensure that the reader clearly understands the definition and intent of essential terms within the standards.

Office of the Secretary PCAOB February 18, 2009 Page Two 2. All seven proposed standards are rooted in the concept of audit risk. As such, we recommend improved references in the Audit Risk proposed standard to the other six proposed standards. In addition, all seven standards would benefit by including enhanced references and links to other related guidance. While we recognize the desire to limit cross references and have each standard stand alone, the reality is that these standards rely on one another to be understood and properly executed. 3. As the standards are written, there is not a clear connection between the various components of audit risk and how such risks impact the risk assessment process. All risk types should be clearly defined in the standards to explain how these risk types correlate. Specifically, a clearer discussion of the interrelationship of inherent risk, control risk, detection risk, and audit risk should be considered. Practitioners should clearly understand how inherent risk influences the expected design and operating effectiveness of internal controls that practitioners encounter during compliance testing to assess control risk. The level of substantive procedures is influenced by the final level of control risk (determined after the assessment of inherent risk and results of the compliance assessment) and level of detection risk the auditor is willing to accept. Inherent, control, and detection risk are not evaluated in separate silos. The increase or decrease in one as evaluated by the practitioner throughout the course of the audit will influence the others. This interaction should also be discussed, with relevant examples. 4. We recommend a standard on audit supervision be separated from the standard on planning as they are two individual and distinct topics. A discussion on supervision could better delineate the roles and responsibilities of the engagement partner versus other members of the audit team, as well as discuss the concept of risk and level of review that are currently discussed in the proposed standard, The Auditor s Responses to the Risks of Material Misstatement. By including all aspects of supervision within one standard as opposed to including aspects throughout the other standards, we believe it strengthens the message of the standards as a whole. The IIA welcomes the opportunity to discuss any and all of these recommendations with you. We offer our assistance to the PCAOB in the continued development of this guidance. Best Regards, DRAFT Richard F. Chambers, CIA President and Chief Executive Officer About The Institute of Internal Auditors The IIA is the global voice, acknowledged leader, principal educator, and recognized authority of the internal audit profession and maintains the International Standards for the Professional Practice of Internal Auditing (Standards). These principles-based standards are recognized globally and are available in 29 languages. The IIA represents more than 170,000 members across the globe and has 103 affiliates in 165 countries that serve members at the local level.

Attachment A Institute of Internal Auditors (IIA) Response to PCAOB Proposed Auditing Standards Related to the Auditor s Assessment of and Response to Risk Questions from Appendix 9 of the proposed standards are in bold italics, with The IIA s responses following. General Areas of Comment on the Original Proposed Standards 1. Are the objectives in the proposed standards useful in providing context for the requirements in the standards? Other general comments have been highlighted in the response letter itself. Proposed Standard - Audit Risk in an Audit of Financial Statements 2. Does the new proposed standard on audit risk describe clearly the concept of audit risk and its components? No. We believe improved clarity relating to audit risk and the various components of audit risk, including relevant examples, would strengthen the proposed standard. In addition, risk should be assessed at the assertion level only as a mechanism to determine the level of risk at the financial statement line item or disclosure level, not as a stand-alone assessment. This distinction should be clarified. 3. Does the new proposed standard on audit risk describe clearly the relationship between detection risk and substantive procedures? No. As it is written, the proposed standard does not provide clarity. We recommend the language be modified to clarify the fact that detection risk can be reduced by varying the nature, timing, and extent of procedures to be performed. In addition, we believe that the concept of control risk should also be a key part of this discussion, as practitioners should understand how all the components of risk should be considered in tandem when performing an audit. We recommend that paragraph 6 be enhanced by altering the examples provided. A lack of sufficient capital is not directly tied to a risk of material misstatement. Alternative language might be stylized as A lack of sufficient capital or may increase the level of fraud risk, drive a decline in control systems, or influence an increase in risk taking by the firm all of which may lead to a higher risk of material misstatement. In addition, more information on inherent risk and related examples would clarify this proposed standard. We believe the standard could be improved by adding a discussion of the connection between the adequacy of a company s system of internal controls and the likelihood of a material misstatement. Currently, paragraph 9 of this proposed standard states: The level of detection risk is reduced by performing substantive procedures. The word performing should be replaced with adjusting the nature, timing, and extent of. In addition, this paragraph does not adequately link the concepts of inherent risk and control risk from paragraph 7 to detection risk in paragraph 9. As it is currently written, the basic approach of the standard is that there is a binary view of control risk it either is at maximum or at some low level. In reality, however, control risk varies between these extremes. Understanding the components of internal Appendix A Page 1

control, and the level of control risk, is critical when assessing the level of substantive testing required to overcome the inherent risk of material misstatement. As currently stated, the standard implies that the effectiveness of the design and operation of internal controls is irrelevant to the level of substantive testing needed. The standard should clearly explain that inherent risk can be reduced by the adequacy of the company s system of internal controls, while the adequacy of the controls and resulting control risk determination can have an impact on the level of substantive testing required. Proposed Standard Audit Planning and Supervision 4. Are the proposed requirements for multi-location engagements appropriately aligned with Auditing Standard No. 5? 5. Is it clear how the proposed requirements for multi-location engagements would be applied in audits of financial statements only? 6. Are the differences between the responsibilities for supervision of engagement team members and oversight of specialists in accordance with AU sec. 336 appropriate in light of the auditor s responsibilities to opine with reasonable assurance on whether the financial statements are fairly presented, in all material respects, in conformity with the applicable financial reporting framework? Yes, but we recommend adding language to stress the importance of assessing the independence of specialists used during an audit. We believe the language included in paragraphs 20 and 21 regarding initial audits is too brief for the importance of this discussion. We suggest inserting language to emphasize the additional risks associated with a new client as well as the additional procedures that should be performed in these circumstances. Discussion of the increased level of detection risk inherent in initial engagements should be emphasized. As noted in our overall comments, we believe supervision deserves a separate standard with expanded details regarding expectations for supervision such as the level of partner review of work versus subordinate staff, and the level of supervision of an expert s work product. Proposed Standard Consideration of Materiality in Planning and Performing an Audit 7. Are the provisions in the new proposed standard regarding consideration of materiality in multi-location engagements appropriate in light of the auditor s responsibility to plan and perform audit procedures to detect misstatements that, individually or in combination, would result in material misstatement of the financial statements? 8. Are the revised provisions regarding reassessment of materiality appropriate in light of the auditor s responsibility to plan and perform audit procedures to detect misstatements that, individually or in combination, would result in material misstatement of the financial statements? Appendix A Page 2

While we believe the new definition of materiality included in paragraph 2 of the proposed standard is excellent, we are not as favorable of the discussion of tolerable misstatement in paragraphs 8 and 9. While we understand this is a tool utilized by some external auditors and may be helpful when auditing large companies, we do not believe it should be a requirement, since this concept may not be as useful when auditing smaller companies. We suggest modifying the language in paragraph 8 around this concept to be a suggestion may determine the amount at the account or disclosure level as opposed to a mandate. Paragraph eight should provide guidance to meeting paragraph 3 s requirement to design and perform audit procedures to detect misstatements that, individually or in combination with other misstatements The current language could be misinterpreted and result in the auditor applying what is effectively a lower level of materiality and performing unnecessary procedures. Proposed Standard Identifying and Assessing Risks of Material Misstatement 9. Does the new proposed standard adequately describe the auditor s responsibilities for performing risk assessment procedures that are sufficient to provide a reasonable basis for the identification and assessment of risks of material misstatement due to error or fraud and to design further audit procedures? 10. Are the auditor s responsibilities regarding the additional procedures for understanding the company and its environment in paragraph 11 clear? Yes, although we suggest adding a bullet regarding relationships with insiders (e.g., officers, directors, and stakeholders). 11. Are the proposed requirements regarding obtaining an understanding of internal control over financial reporting appropriate in light of the auditor s responsibilities for identifying and assessing the risks of material misstatement? 12. Are the proposed requirements regarding the discussion among engagement team members about risks of material misstatement appropriate given the auditor s responsibilities for identifying and assessing the risks of material misstatement? Related to this proposed standard, we recommend several sections be rewritten or expanded upon to improve the messages included therein. First, we recommend expanding upon examples included in paragraphs 16 and 17 on company performance measures to clarify this discussion and why this understanding is useful when identifying and assessing risks of material misstatement. As it is written, the vagueness of the term company performance measures could cause confusion as to the true intent of this proposed standard, and the examples provided do not explain why the measures are useful to the assessment process. For instance, these measures may become the basis for pressure on company executives. As it is written, the language appears to reference entity-level controls performed by management, which would reduce risk if deemed adequate. We believe the intent is to require the auditor to consider business trends and activities that may increase pressure on management and therefore increase the risk of inappropriate accounting due to a lapse in internal controls or fraud. These performance measures influence inherent risk which in turn influences control and detection risk. Appendix A Page 3

Second, related to paragraph 69, we believe that while the presumption should be that improper revenue recognition (fraud) is a higher level risk, this presumption is not correct for every industry and company. As a result, we recommend rewording this paragraph to state that while revenue recognition should be presumed to represent a higher level risk, there are exceptions. In those cases, a determination that this risk is less than high risk for revenue recognition should be documented appropriately. Finally, we believe the concept of significant risks included in paragraph 71 should be defined prior to this discussion to provide more insight to the reader. If the intent is to label these examples as having a higher likelihood of leading to a material misstatement, then the factors for evaluating the risk should be listed. If the intent is to label these examples as events that require additional emphasis and special audit procedures regardless of risk level in a given organization, then there should be an explanation as to why there is an emphasis on these items and what special procedures should be performed. It is not clear that special procedures are required if risk levels are not high. Proposed Standard The Auditor s Responses to the Risks of Material Misstatement 13. Are the proposed requirements for overall responses and responses involving the nature, timing, and extent of audit procedures appropriate given the auditor s responsibility to opine with reasonable assurance about whether the financial statements are presented fairly, in all material respects, in conformity with the applicable financial reporting framework? 14. Does the new proposed standard clearly describe when tests of controls are necessary in an audit of financial statements only? However, it is not clear which standards apply to financial statements only. We assume, with the exception of paragraphs 16 through 18, all sections of the standards apply to both integrated audits and audits of financial statements only. Proposed Standard Evaluating Audit Results 15. Does the new proposed standard clearly describe the auditor s responsibilities for accumulating and evaluating misstatements? 16. Does the new proposed standard appropriately describe the auditor s responsibilities for evaluating the presentation of the financial statements, including evaluating bias, in light of the auditor s responsibility to opine with reasonable assurance on whether the financial statements are presented fairly, in all material respects, in conformity with the applicable financial reporting framework? Paragraphs 10 and 11 introduce the concept of clearly trivial. The PCAOB may wish to consider introducing this concept in guidance on materiality in the proposed standard Consideration of Materiality in Planning and Performing an Audit. Proposed Standard Audit Evidence Appendix A Page 4

17. Does the new proposed standard describe clearly how the auditor should determine the financial statement assertions to use for both integrated audits and audits of financial statements only? No, however, we do not believe the proposed standard should address how the auditor should determine the financial statement assertions to use. In addition, we do not believe the assertion discussion in paragraphs 11 and 12 makes sense in the context of this standard. We recommend modifying this section to better align with the topic Audit Evidence. 18. Are there provisions in the to-be-superseded standards that should be retained? No. Paragraph 11 regarding Financial Statement Assertions is not appropriate in the Evidence Standard. This section is better suited in the standards regarding risk assessment and responses to risk assessment. Not all assertions should be considered at risk of material misstatement for a given organization. Appendix A Page 5

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information