Audit awareness: SAS Nos. 104-111 fundamentally alter how auditors ply their trade.The AICPA's Audit Risk Standards (SAS (1) (SAS Institute Inc., Cary, NC, www.sas.com) A software company that specializes in data warehousing and decision support software based on the SAS System. Founded in 1976, SAS is one of the world's largest privately held software companies. See SAS System. Nos. 104-111) are continuing the trend of reworking the landscape of financial statement audits. These standards are effective for audits of financial statements for periods beginning on or after Dec. 15, 2006, and affect the way auditing firms assess the risk of material misstatements in financial statements. [ILLUSTRATION OMITTED] To gain some insight on the need for, and utilization of, these standards, California CPA (Computer Press Association, Landing, NJ) An earlier membership organization founded in 1983 that promoted excellence in computer journalism. Its annual awards honored outstanding examples in print, broadcast and electronic media. The CPA disbanded in 2000. recently interviewed CPA Lynford Graham, Ph.D., CFE CFE Conventional Forces in Europe (treaty) CFE Cash Flow to Equity (finance/accounting) CFE Comisión Federal de Electricidad (México) CFE Certified Fraud Examiner . As a former member of the AICPA's Auditing Standards Board In the United States, the Auditing Standards Board (ASB) is the senior technical committee designated by the American Institute of Certified Public Accountants (AICPA) to issue auditing, attestation, and quality control statements, standards and guidance to certified public and Risk Assessment Standards Task Force, and chair of the Risk Assessment and Risk Response Audit Guide Task Force, Graham was instrumental in developing these Audit Risk Standards. A frequent lecturer on the subject nationwide, Graham also is the author of a handbook on documenting internal controls for non-public companies. Q: What were the goals and objectives of the ASB ASB Asbestos ASB Arbeiter Samariter Bund (German medical help organisation) ASB Anti-Social Behaviour ASB Accounting Standards Board (UK FRC) ASB Aarhus School of Business and Risk Assessment Standards Task Force? A: The ASB, in coordination with the International Audit and Attest To solemnly declare verbally or in writing that a particular document or testimony about an event is a true and accurate representation of the facts; to bear witness to. To formally certify by a signature that the signer has been present at the execution of a particular writing so as Standards Board, undertook a joint project in the latter 1990s to clarify many of the core auditing standards and advance more guidance on the role and performance of risk assessment. This was in response to concerns that audits were becoming increasingly risk-based, but there was a lack of guidance on how to go about the risk assessment process. There were also concerns that, in some cases, too little audit work was being done to identify and correct any errors that might exist in the pre-audit financial statement records. Auditors of major entities were becoming more reliant on the seemingly improved and automated systems, and internal audit resources of these entities. The role of the Task Force was to coordinate the domestic and international standards-setting efforts and to make sure the standards fit well within the existing U.S. audit literature in terms of form and language. The disastrous events and audit failures in early 2000 that lead to the Sarbanes-Oxley Act See SOX. of 2002 are evidence that the project was on target, but that it was too late to avoid the events of Enron, WorldCom and the litany litany (lĭt`ənē) [Gr.,=prayer], solemn prayer characterized by varying petitions with set responses. The term is mainly used for Christian forms. Litanies were developed in Christendom for use in processions. of business and audit failures in that time period. SAS No. 99, Consideration of Fraud in a Financial Statement Audit (a revision of SAS No. 82), was originally part of the group of risk assessment standards, but was pulled out of the "suite" and issued as final in early 2002, in response to the stormy climate that was brewing. While released for exposure here and internationally in 2002, the formation of the PCAOB PCAOB Public Company Accounting Oversight Board in 2002 created a pause in the implementation of these standards, pending the formation of the PCAOB and conversations as to how the ASB and PCAOB would work together. When it was clear that the PCAOB would go its own way in future standards setting, the ASB reorganized re·or·gan·ize v. re·or·gan·ized, re·or·gan·iz·ing, re·or·gan·iz·es v.tr. To organize again or anew. v.intr. To undergo or effect changes in organization. the Task Force, tuned-up the proposed risk assessment "suite" and re-exposed the standards in 2005. Q: What were the goals and objectives of the Risk Assessment and Risk Response Audit Guide Task Force? A: The Guide was envisioned as key to the effective implementation of the standards. Words in the auditing standards are carefully considered results of Task Force and ASB discussions, but professionals need a clear understanding of their meaning. The ASB's Audit Guide is the way to do this. Q: How revolutionary are these standards? A: Tough question. Much of the answer depends on what you have been doing in your audits all along. The standards mostly clarify the intent of existing standards. Many firms have been successfully using the concepts in these new standards for a long time. For example, using audit assertions as an integral part of the audit planning and performance of the audit is not new. Neither is the assessment of controls as part of understanding the audited entity. That requirement extends to before SAS No. 55. There are only a few "new" concepts, such as the identification of "significant risks" for audit engagements, which was not part of the auditing literature before, but were still practices of some firms before SAS No. 109. In any case, the extent of change these standards will bring will differ from firm to firm. Q: What are the implementation areas that firms are struggling with? A: The requirement to assess internal controls design and implementation for audit clients seems to be giving some firms consternation. While not a new concept, this assessment was often glossed over for smaller client audits where controls reliance was not planned. Clarifying this requirement creates a need for broad understanding of the COSO COSO Committee of Sponsoring Organizations of the Treadway Commission COSO Church of Spiral Oak COSO Corporate South COSO Class of Service Override COSO Combat Oriented Supply Operations (USAF) framework and its components, how control objectives or attributes are used to assess controls design, and how to identify any obvious "holes" in the internal controls of an entity. Concerns are out there that this is a Sarbanes approach, which it is not. SAS No. 78 put the COSO framework clearly in our literature long ago, before SOX (1) (Schema for Object-oriented XML) An XML schema developed by Veo Systems and Muzino Communications, which was submitted to the W3C. SOX is based on DTD, but adds data typing and reuse mechanisms. . The "suite" requirement is only to assess the design of controls and there is no requirement to test them. In addition, the controls requirements can be limited to the most significant control activity processes, like sales, major cost processes and payroll, and maybe the consolidation and closing process. SOX requirements are much more extensive and require controls testing. Reporting material weaknesses and significant deficiencies in controls, in writing, to the governance group is also an area of attention and concern. While not officially in the suite, SAS No. 112, Communicating Internal Control Related Matters Identified in an Audit, works with SAS No. 109 to ensure internal control matters are identified and communicated. More issues will be identified as more attention is given to controls under SAS No. 109. As Yogi Berra Noun 1. Yogi Berra - United States baseball player (born 1925) Berra, Lawrence Peter Berra, Yogi is quoted as saying "It's amazing a·maze v. a·mazed, a·maz·ing, a·maz·es v.tr. 1. To affect with great wonder; astonish. See Synonyms at surprise. 2. Obsolete To bewilder; perplex. v.intr. what you see when you look." The number of disputes over "who is responsible" for what and "who told whom what, and when" are rising, especially on non-issuer engagements. Documentation of such matters can clarify the communications. Q: Are these primarily large client or large firm standards? Will these standards make it harder for small firms to compete? A: The standards are not focused on just large entity audits. The ASB is focused on the standard's needs of the smaller firms and smaller clients, even though many non-issuers are larger entities, including governments. However, audits of smaller entities are not supposed to be a second-class service compared with audits of larger entities. By clarifying the standards, all firms will compete on an equal footing, and not by re-defining what constitutes an audit under Generally Accepted Auditing Standards Generally Accepted Auditing Standards, or GAAS, are ten auditing standards, developed by the AICPA, consisting of general standards, standards of field work, and standards of reporting, along with interpretations. . A 2006 Certified Fraud Examiners Certified Fraud Examiner (CFE) is a designation awarded by The Association of Certified Fraud Examiners (ACFE). The ACFE is a 41,000 member-based global association dedicated to providing anti-fraud education and training. survey revealed the median size of reported fraud in entities of less than 100 employees is $190,000. How many businesses of that size can withstand losing that amount of money and survive? Auditors need to be reminded that our professional responsibility is to design our audit to detect and prevent material misstatement mis·state tr.v. mis·stat·ed, mis·stat·ing, mis·states To state wrongly or falsely. mis·state  ment n. in
the financial statements, whether due to error or fraud. Can nonprofit A corporation or an association that conducts business for the benefit of the general public without shareholders and without a profit motive.Nonprofits are also called not-for-profit corporations. Nonprofit corporations are created according to state law. entities withstand allegations of waste and fraud and still attract contributions? Will the IRS An abbreviation for the Internal Revenue Service, a federal agency charged with the responsibility of administering and enforcing internal revenue laws. challenge the tax-exempt status of organizations that do not keep adequate books and records and have proper internal controls in place? Will governments provide grants to entities without adequate controls? We need to step up to the plate in this regard. What auditors sometimes do not realize is that the standards have a defensive element. By following the standards as written and intended, the auditor will identify more critical audit issues and avoid costly mistakes that, farther down the road, can threaten their own business viability. By not following the standards, auditors are more exposed to missing these critical issues and are exposed to peer review sanctions and auditor liability. There are a lot of auditor-client disputes and litigations that take place under the radar This article is about the magazine. For other uses, see Under the Radar (disambiguation). Under the Radar is an American magazine that bills itself as "The solution to music pollution." It features interviews with accompanying photo-shoots. screen because they don't involve public disputes. The professional standards are crafted to communicate best audit practices and detective procedures that have been effective in identifying and correcting errors, and yet allow for auditor judgment. The AICPA AICPA See American Institute of Certified Public Accountants (AICPA). is committed to enforcing the implementation of the risk assessment suite of standards in its peer review program. Q: Was your appointment to the ASB your first standards setting experience? A: No. Back in the late 1970s, when at Coopers & Lybrand, I was appointed to the Statistical Sampling subcommittee working on SAS No. 39, Audit Sampling. I also served as an adviser and later a Task Force member to the Audit Risk and Materiality MATERIALITY. That which is important; that which is not merely of form but of substance. 2. When a bill for discovery has been filed, for example, the defendant must answer every material fact which is charged in the bill, and the test in these cases seems to standard (SAS No. 47). I sense my historical perspective on these two keystone key·stone n. 1. Architecture The central wedge-shaped stone of an arch that locks its parts together. Also called headstone. 2. The central supporting element of a whole. standards was helpful to the ASB in the revisions to these standards. In the national audit policy groups of Coopers & Lybrand and BDO Seidman BDO Seidman, LLP is the United States arm of BDO International, one of the largest accounting firms outside of the Big Four. History BDO Seidman, LLP was founded as Seidman and Seidman in New York City in 1910 by Maximillian L. Seidman. LLP LLP - Lower Layer Protocol , I've also been involved in various auditing standards projects over the years. It was a hoot to serve on the IAASB IAASB International Auditing and Assurance Standards Board Task Force on Materiality and Risk and be part of their deliberations on those issues. Q: What is being done to get the word out regarding these standards? A: There is a multi-point plan to communicate and educate practitioners: * The AICPA "suite" Guide and several Audit Risk alerts are primary guidance tools to assist in defining the requirements. * The AICPA developed several courses related to the risk suite. One specifically addresses internal controls to assist company auditors in implementing controls documentation for non-issuers. There have also been several AICPA webcasts. * The Journal of Accountancy has run two articles directed at the suite that are designed to communicate an overview of the SASs, including SAS 103. * The risk assessment suite was a topic at all major AICPA conferences in 2006 and again in 2007. * The major vendors of CPA materials are releasing practice aids and guidance. * The AICPA is marketing an internal controls software program called ControlsDocsm designed around the COSO framework to assist companies in documenting their controls. ControlsDocsm can also be used by auditors to document their understanding of client controls. It can be flexibly and economically used for non-issuer audits or for SOX engagements in smaller public companies. More information can be obtained at www.cpa2biz biz n. Informal Business. biz Noun Informal business Noun 1. .com or www.cobre.com. * This summer I have a book coming out, Internal Controls: Guidance for Private, Government and Nonprofit Entities, which helps companies understand how to document their controls and helps to bridge the auditor-client issues in controls assessment and testing. It is specifically directed to non-issuer entities. I also co-authored with Xenia Xenia (zē`nēə), city (1990 pop. 24,664), seat of Greene co., SW Ohio; inc. 1814. It is a trade and industrial center in a farm area. Rope and twine, plastics, potato chips, valves, and hydraulic lifts are among its manufactures. Parker the 2007 edition of Information Technology Audits, a reference work for auditors assessing IT issues, one of the control elements the new SASs require auditors to include in their controls assessments. The work was updated to include the new SASs as well as for audits of internal control (PCAOB Standard No. 5). Q: What do CPAs need to understand most clearly about the standards? A: Many of the new requirements will require a real first-year effort to get up and running. The maintenance in year two, and beyond, of well-implemented changes will not be that hard or expensive. The changes we are talking about will benefit practitioners and clients in creating value in the audit. By embracing the requirements and developing a plan for cost-effective implementation and integration into their practices, firms will be protecting themselves and the profession--helping third parties see the value of the audit and preserving the value the audit brings to the financial reporting process. And if we do not take up the challenge, further changes in the profession will be forthcoming. |
|
||||||||||||||||||
Printer friendly
Cite/link
Email
Feedback
Reader Opinion