Presentation is loading. Please wait.

Presentation is loading. Please wait.

The External Auditor’s Perspective and use of Internal Audit

Similar presentations


Presentation on theme: "The External Auditor’s Perspective and use of Internal Audit"— Presentation transcript:

1 The External Auditor’s Perspective and use of Internal Audit
Relationships backed by performance. The External Auditor’s Perspective and use of Internal Audit Brent Currey Live Seminar 9:00am – 4:30pm October 12, 2011

2 Use of Internal Audit Seminar: October 12th, 2011 © Frost, PLLC
Disclaimer The interpretations and opinion provided during the course presentation today are my own and not necessarily those of Frost PLLC, FASB, AICPA or the Arkansas Bankers Association. Use of Internal Audit Seminar: October 12th, © Frost, PLLC

3 Institution Size Matters (Sort of)
AT 501 Engagements AT 501 Engagements, Examination on an Entity’s Internal Control over Financial Reporting That Is Integrated With an Audit of Its Financial Statements Required for institutions with assets exceeding $1 billion. Similar requirements for publicly traded companies. Use of AU Section 322 in conjunction with work performed Use of Internal Audit Seminar: October 12th, © Frost, PLLC

4 Institution Size Matters (Sort of)
Non - AT 501 Engagements No attestation over internal control is required; however: Institutions between $500 million and $1 billion are required to individually submit a report attesting to controls over financial reporting written by management. AU Section 322 is still available to use in the audit process when an internal audit function is present. A lesser attestation over financial controls over financial reporting may still be required if participant in HUD program (FHA lending). Use of Internal Audit Seminar: October 12th, © Frost, PLLC

5 Use of Internal Audit Seminar: October 12th, 2011 © Frost, PLLC
The Auditing Standard AU 322 (SAS No. 65) The external auditor considers many factors in determining the nature, timing, and extent of audit procedures to be performed in an audit of an entity’s financial statements. One of the factors is the existence of an internal audit function. This standard provides the external auditor with guidance on considering the work of internal auditors and on using internal auditors to provide direct assistance to the external auditor in an audit performed in accordance with generally accepted auditing standards. This standard is not to be confused with SAS No. 73 (AU 336), Using the Work of a Specialist (Actuary, Appraiser, Valuation Specialist, Etc.). Use of Internal Audit Seminar: October 12th, © Frost, PLLC

6 Use of Internal Audit Seminar: October 12th, 2011 © Frost, PLLC
The Auditing Standard AU 322 (SAS No. 65) Although independent auditors are not independent from the entity, the Institute of Internal Auditors’ Standards for the Professional Practice of Internal Auditing defines internal auditing as an independent appraisal function and requires internal auditors to be independent of the activities they audit. This concept of independence is different from the independence the external auditor maintains under the AICPA Code of Professional Conduct. Use of Internal Audit Seminar: October 12th, © Frost, PLLC

7 Use of Internal Audit Seminar: October 12th, 2011 © Frost, PLLC
The Auditing Standard AU 322 (SAS No. 65) Internal auditors are responsible for providing analyses, evaluations, assurances, recommendations, and other information to the entity’s management and those charged with governance. To fulfil this responsibility, internal auditors maintain objectivity with respect to the activity being audited. Use of Internal Audit Seminar: October 12th, © Frost, PLLC

8 Use of Internal Audit Seminar: October 12th, 2011 © Frost, PLLC
The Auditing Standard AU 322 (SAS No. 65) An important responsibility of the internal audit function is to monitor the performance of an entity's controls. When obtaining an understanding of internal control, the auditor should obtain an understanding of the internal audit function sufficient to identify those internal audit activities that are relevant to planning the audit. The extent of the procedures necessary to obtain this understanding will vary, depending on the nature of those activities. Items to consider include: Use of Internal Audit Seminar: October 12th, © Frost, PLLC

9 Use of Internal Audit Seminar: October 12th, 2011 © Frost, PLLC
The Auditing Standard AU 322 (SAS No. 65) Organizational status within the entity Application of professional standards Audit plan, including the nature, timing, and extent of audit work Access to records and whether there are limitations on the scope of their activities Goals and objectives established for the internal audit function Use of Internal Audit Seminar: October 12th, © Frost, PLLC

10 Use of Internal Audit Seminar: October 12th, 2011 © Frost, PLLC
The Auditing Standard AU 322 (SAS No. 65) Relevant activities are those that provide evidence about the design and effectiveness of controls that pertain to the entity’s ability to initiate, authorize, record, process, and report financial data consistent with the assertions embodied in the financial statements or that provide direct evidence about potential misstatements of such data. The following procedures may be helpful in assessing the relevancy of internal audit activities: Considering knowledge from prior-year audits Reviewing how the internal auditors allocate their audit resources to financial or operating areas in response to their risk-assessment process Reading internal audit reports to obtain detailed information about the scope of internal audit objectives Use of Internal Audit Seminar: October 12th, © Frost, PLLC

11 Use of Internal Audit Seminar: October 12th, 2011 © Frost, PLLC
The Auditing Standard AU 322 (SAS No. 65) If, after obtaining an understanding of the internal audit function, the auditor concludes that the internal auditors' activities are not relevant to the financial statement audit, the auditor does not have to give further consideration to the internal audit function unless the auditor requests direct assistance from the internal auditors. Even if some of the internal auditors' activities are relevant to the audit, the external auditor may conclude that it would not be efficient to consider further the work of the internal auditors. If the external auditor decides that it would be efficient to consider how the internal auditors' work might affect the nature, timing, and extent of audit procedures, the external auditor should assess the competence and objectivity of the internal audit function in light of the intended effect of the internal auditors' work on the audit. Use of Internal Audit Seminar: October 12th, © Frost, PLLC

12 Internal Audit Function
Internal Audit Function – Key Questions Does the internal auditor report directly to the group charged with governance or management? What are the professional qualifications and experience level of the internal auditor? What programs has the internal auditor completed during the course of the year which might be leveraged to reduce the external audit procedures? How complete is the documentation associated with the audit work performed by the internal auditor? Is the internal audit function focused on financial reporting or are they more focused on compliance? Use of Internal Audit Seminar: October 12th, © Frost, PLLC

13 Internal Audit Function
To whom does internal audit report? Reporting is directly to group charged with governance Weekly or monthly reporting takes place directly to Board of Directors, Audit Committee Reports issued do not require Management approval prior to issuance Internal audit is considered independent More reliance is available to work performed (generally large sized institutions) Use of Internal Audit Seminar: October 12th, © Frost, PLLC

14 Internal Audit Function
To whom does internal audit report? Reporting is indirectly to group charged with governance Reporting may directly take place or may be performed by Management Reports issued may require Management approval prior to issuance Internal audit is not considered fully independent Reliance in some aspects is available but not to extent of fully independent internal auditor (generally medium sized institutions) Use of Internal Audit Seminar: October 12th, © Frost, PLLC

15 Internal Audit Function
To whom does internal audit report? Reporting is directly to management Internal audit is not considered independent Reliance on work performed is further weakened and more work is required to rely on results presented (generally small sized institutions) Use of Internal Audit Seminar: October 12th, © Frost, PLLC

16 Internal Audit Function
Qualifications of Internal Auditor Does the internal auditor have related degrees / certifications? Does the internal auditor have experience performing their current duties? Is the internal auditor participating in continuing education? Use of Internal Audit Seminar: October 12th, © Frost, PLLC

17 Internal Audit Function
Internal Audit Procedures Performed and Documentation Programs have been established and key risk assessment matrices are complete and well documented Internal audit programs are thorough and perform similar program steps to those performed in the external audit process Detailed outlines of current internal control processes over key elements of financial reporting Vouching from system generated information to source documents Test populations are large enough to obtain external reliance The procedures performed are re-performable Use of Internal Audit Seminar: October 12th, © Frost, PLLC

18 Scope of Work Considerations
What are significant areas related to the external audit How much would use of internal audit’s work allow for reduction of external audit procedures Use of Internal Audit Seminar: October 12th, © Frost, PLLC

19 Scope of Work Considerations
How extensive are the current planned procedures for an area due to size, complexity and number of transactions Is there the ability to rely upon internal controls to reduce substantive testing Is the internal audit work performed comprehensive enough to allow for reduction of procedures Were there issues outlined in the internal audit work performed and if so were they subsequently corrected How much re-performance of work would be required to rely upon internal auditor’s work, is it less than the substantive procedures originally required Use of Internal Audit Seminar: October 12th, © Frost, PLLC

20 Scope of Work Considerations
Audit areas that can be leveraged Where areas are complex and transactions significant the external auditor will prefer to use substantive analytics and control testing rather than substantive procedure testing alone. This means they would prefer to leverage as much work internal audit would have already put together to reduce the time necessary to complete the audit area. The next slide is a general guide of what types of work the external auditor may utilize to reduce their time. Use of Internal Audit Seminar: October 12th, © Frost, PLLC

21 Scope of Work Considerations
Audit areas that can be leveraged Flow charts or internal control memorandum can be used directly by the external auditor. These can be leveraged efficiently by simply performing the walkthrough to ensure the accuracy of the data. Program steps where the internal auditor vouches from their internal detail schedules to source documentation. While these cannot replace the external auditors work, they can reduce the sample sizes required by the external audit process when performed and documented appropriately. Analysis or audit of key management estimates. Documentation regarding collection of information and use is also often beneficial. Use of Internal Audit Seminar: October 12th, © Frost, PLLC

22 Scope of Work Considerations
Limitations on internal audit use All of the ability to leverage the internal audit function will be limited by the independence, qualifications, and documentation available to re-test. Not all work in areas may provide benefit. While the internal audit scopes are much more broad in scope from the external audit scopes, there are significant variances in the approach and desired results of the approaches. The internal audit function is usually more focused on compliance testing rather than financial reporting. As such their test steps (even over similar financial line items) are often different from those required by the external auditor. This is because the internal audit function often has a different end purpose. Use of Internal Audit Seminar: October 12th, © Frost, PLLC

23 Scope of Work Considerations
Assessing use of internal audit In making judgments about the extent and effect of the internal auditor’s work on the auditor’s procedures, the external auditor considers the following: The materiality of the financial statement amounts – that is, account balances or classes of transactions. The risk (consisting of inherent risk and control risk) of material misstatement of the assertions related to these financial statement amounts. The degree of subjectivity involved in the evaluation of the audit evidence gathered in support of the assertions (valuation and disclosure). Use of Internal Audit Seminar: October 12th, © Frost, PLLC

24 Scope of Work Considerations
Assessing use of internal audit As the materiality of the financial statement amounts increases and either the risk of material misstatement or the degree of subjectivity increases, the need for the external auditor to perform his or her own tests of the assertions increases. As these factors decrease, the need for the auditor to perform his or her own tests of the assertion decreases. Use of Internal Audit Seminar: October 12th, © Frost, PLLC

25 Reporting Considerations
Reporting responsibility and external audit plan The responsibility to report on the financial statements rests solely with the external auditor. Unlike the situation where an external auditor uses the work of other independent external auditors, this responsibility cannot be shared with internal auditors. Because the external auditor has the ultimate responsibility to express an opinion on the financial statements, judgments about assessments of inherent and control risks, the materiality of misstatements, the sufficiency of tests performed, the evaluation of significant accounting estimates, and other matters affecting the external auditor’s report should always be those of the auditor. Due to sometimes different approaches and potentially different reporting groups, there can be variation in the perceived risk assessments between the external and internal audit partners. Use of Internal Audit Seminar: October 12th, © Frost, PLLC

26 Identified Control Deficiencies
Internally identified internal control deficiencies Often internal audit functions focus on controls over key processes. When breakdowns in controls over these processes are identified internally but not subsequently corrected these may lead to larger questions regarding the effectiveness of the internal audit function. In the case of smaller institutions where there are not enough personnel to adequately segregate duties, this lack of correction is not necessarily indicative of a poor or untimely governance structure. Identification of potential control issues also helps the external auditor tailor their initial procedures to focus on material financial statement areas which may be susceptible to internal control breakdowns. Use of Internal Audit Seminar: October 12th, © Frost, PLLC

27 Use of Internal Audit Seminar: October 12th, 2011 © Frost, PLLC
HUD Internal Control HUD Audit Requirements When Congress enacted the “Helping Families Save Their Homes Act of 2009” (Public Law ) on May 20, 2009, our government changed the audit requirements for all banks participating in the FHA lending program. As a result, the FHA program administrators, which are supervised by HUD, determined that they would add significant regulations and oversight. This created overlapping regulation and reporting requirements. Prior to passage, banks got a pass on the reporting requirements established for mortgage companies, because they were already subject to greater oversight by their respective federal and state regulatory authority. FHA lenders were required to have separate and distinctly different audits. In the prior year FHA passed a waiver for bank’s below the $500 million threshold for the separate audit requirement; however, they still required the compliance attestation. Currently the waiver is set to expire unless renewed this year. Use of Internal Audit Seminar: October 12th, © Frost, PLLC

28 Use of Internal Audit Seminar: October 12th, 2011 © Frost, PLLC
HUD Internal Control HUD Audit Requirements Effective in the prior year HUD began requiring governmental audits of all financial institutions which generated or serviced more than $300,000 in FHA loans. The procedures outlined by HUD for compliance with their supervised mortgagee’s were extensive and time consuming. Key items internal audit should be focusing on regarding this area include primarily the following documentation requirements: Review of secondary mortgage departments compliance with HUD documentation requirements. The secondary mortgage department is often overlooked due to the fact that they are not generating a significant portion of the financial institution’s loan portfolio; however, they are often responsible for a significant level of the financial institution’s loan activity. Use of Internal Audit Seminar: October 12th, © Frost, PLLC

29 Use of Internal Audit Seminar: October 12th, 2011 © Frost, PLLC
HUD Internal Control Documentation and quality control plan HUD requires approved mortgagees to establish and maintain a written quality control plan to assist management in determining whether it personnel are following HUD requirements. The monthly quality control procedures may be conducted by the entity itself internally, by personnel not involved in any aspect of mortgage origination or servicing, or by an external reviewer. This review is often conducted by either internal audit or the compliance officer (if applicable). In all cases, an annual external audit is required for all institutions regarding compliance with these activities. Use of Internal Audit Seminar: October 12th, © Frost, PLLC

30 Use of Internal Audit Seminar: October 12th, 2011 © Frost, PLLC
HUD Internal Control Additional reporting requirements An additional requirement generated by these procedures is the new requirement for an attestation of internal controls over financial reporting associated with a governmental attestation. Although similar in presentation, this report is substantially less in scope than that outlined in an AT 501 engagement. Often, when an internal audit function is present, they will provide a significant level of documentation regarding internal control structure during this reporting process. Use of Internal Audit Seminar: October 12th, © Frost, PLLC

31 Coordination Across Industries
Bank Holding Companies vs. Bank Only Entities Another key component of the external audit process differentiates between whether an audit includes only a financial institution versus a holding company with several organizations. In a bank holding company audit the size of the financial institution compared to the other entities may reduce the required use of internal audit at the financial institution. Where the other companies may have an internal audit function as well I would encourage the parties to work together. Particularly where there are significant numbers of transactions between related parties. Use of Internal Audit Seminar: October 12th, © Frost, PLLC

32 Significant Financial Statement Items
Internal controls over significant financial statement line items Materiality as part of the external audit process often begins with the materiality threshold of the individual financial statement line item value. In addition to the value itself, there are other factors to consider such as the subjectivity in the value and the associated required disclosures. External auditors will create a risk assessment matrix based on the financial statement line items very similar to what internal audit will generate. Use of Internal Audit Seminar: October 12th, © Frost, PLLC

33 Use of Internal Audit Seminar: October 12th, 2011 © Frost, PLLC
Break Time Let’s take about 10 minutes to stretch our legs. Use of Internal Audit Seminar: October 12th, © Frost, PLLC

34 Use of Internal Audit Seminar: October 12th, 2011 © Frost, PLLC
Outsourced Processes SSAE 16 (formerly SAS No. 70, AU 324) Addresses the standards for attestation engagements undertaken by a service external auditor to report on controls at organizations that provide services to user entities when those controls are likely to be relevant to user entities’ internal control over financial reporting. Organizations utilize these reports to verify their internal control processes and oversight are properly designed and implemented. Users of these services use this reporting for similar purposes particularly regarding understanding the internal controls present for services that are outsourced. Use of Internal Audit Seminar: October 12th, © Frost, PLLC

35 Use of Internal Audit Seminar: October 12th, 2011 © Frost, PLLC
Outsourced Processes SSAE 16 (formerly SAS No. 70, AU 324) It provides for a process designed to provide reasonable assurance regarding the achievement of objectives related to the reliability of financial reporting, effectiveness and efficiency of operations, and compliance with applicable laws and regulations. Such controls may pertain to assertions about presentation and disclosure relating to account balances, classes of transactions or disclosures, or may pertain to evidence that the user auditor evaluates or uses in applying auditing procedures. Use of Internal Audit Seminar: October 12th, © Frost, PLLC

36 Use of Internal Audit Seminar: October 12th, 2011 © Frost, PLLC
Outsourced Processes SSAE 16 Report Example Usage A payroll processing service organization’s controls related to the timely remittance of payroll deductions to government authorities may be relevant to a user entity because late remittances could incur interest and penalties that would result in a liability for the user entity. Similarly, a service organization’s controls over the acceptability of investment transactions from a regulatory perspective may be considered relevant to a user entity’s presentation and disclosure of transactions and account balances in its financial statements. Use of Internal Audit Seminar: October 12th, © Frost, PLLC

37 Use of Internal Audit Seminar: October 12th, 2011 © Frost, PLLC
Outsourced Processes SSAE 16 Report Key Elements A SSAE 16 report should include several key elements. These include: Management’s description of the service organization’s system that is likely to be relevant to the user entities’ internal control over financial reporting. The design and operating effectiveness of the controls that are necessary to achieve the control objectives stated in management’s description of the service organization’s system. The controls are suitably designed and operating effectively to achieve the control objectives stated in management’s description of the service organization’s system if: Management has identified the risks that threaten the achievement of the control objectives stated in management’s description of the service organization’s system. The controls identified in management’s description of the service organization’s system would, if operating as described, provide reasonable assurance that those risks would not prevent the control objectives stated in the description from being achieved. The controls were consistently applied as designed throughout the specified period. This includes whether manual controls were applied by individuals who have the appropriate competence and authority. When the criteria for this opinion are met, controls will have provided reasonable assurance that the related control objectives stated in management’s description of the service organization’s system were achieved throughout the specified period. Use of Internal Audit Seminar: October 12th, © Frost, PLLC

38 Use of Internal Audit Seminar: October 12th, 2011 © Frost, PLLC
Outsourced Processes SSAE 16 Report Key Elements All of that previous slide in English this time: Management’s general description of the service organization’s controls over financial reporting that you care about. What those controls that you care about actually are in a detailed version. If those controls they outlined are actually working or not working. Use of Internal Audit Seminar: October 12th, © Frost, PLLC

39 Use of Internal Audit Seminar: October 12th, 2011 © Frost, PLLC
Outsourced Processes Your Service Organization has a SSAE 16 Report This is great news. Get the report and review the report’s details. Do the controls that you care about work? If so then great, this reduces everyone’s assessment criteria (both internal and external auditor’s considerations). The controls that you care about don’t work perfectly, but the variances were considered isolated and the controls in place are considered sufficient. While not as good, this still can be significantly helpful depending on the types of errors. The controls you need to work simply do not. Basically, having the SSAE 16 report does not help your audit process and you have to follow the path as if you had not received a report in the first place. You will probably need a bridge letter. These reports generally will not coincide with your year-end and you need another letter documenting there have not been any significant changes in controls from the date of the report. Use of Internal Audit Seminar: October 12th, © Frost, PLLC

40 Use of Internal Audit Seminar: October 12th, 2011 © Frost, PLLC
Outsourced Processes Your Service Organization does not have a SSAE 16 Report You have a couple of options, and neither of them is pleasant. One thing to consider is how important the service being provided is to the financial statement line item and the level of subjectivity included in the service being provided. For the internal audit function the options are as follows: You can monitor controls related to processing. In this case you essentially review the input and output and verify that all of the information processed was recorded accurately. You can go to the service provider and perform control testing over your specific transactions. I am not aware of any service providers that would allow this option in practice although its presented as an alternative. Use of Internal Audit Seminar: October 12th, © Frost, PLLC

41 Use of Internal Audit Seminar: October 12th, 2011 © Frost, PLLC
Outsourced Processes Your Service Organization does not have a SSAE 16 Report From the external auditor’s perspective this can be problematic. In the case of payroll the answer may be a case where the process is not material to the overall financial statements; however, in the case of investments and valuation it will almost always be critical for financial institutions. In this case the external auditor will need to perform additional procedures based on their assessments which might include: Use of Internal Audit Seminar: October 12th, © Frost, PLLC

42 Use of Internal Audit Seminar: October 12th, 2011 © Frost, PLLC
Outsourced Processes Your Service Organization does not have a SSAE 16 Report Assume there are not any functioning controls which can be relied upon the areas, assess control risk at it’s maximum in your assessment process, and test the entire area substantively. Test the controls at the service organization yourself. This would involve you going to the service provider’s location, carving out transactions related to your client, and testing the controls over those specific transactions. Test all of the inputs and outputs to verify the servicer is recording the transactions properly. Possibly involve an outside third party specialist to verify the results provided by the service organization if the material is subjective in nature. Use of Internal Audit Seminar: October 12th, © Frost, PLLC

43 Financial Statement Line Item Risk
Cash – Internal Audit Perspective Usually covered by a large amount of policies and procedures internally within the institutions. How many controls does your institution have in place to ensure that cash is not misappropriated. Usually a significant balance on the balance sheet; however, generally consists of a large number of small accounts (teller and vault funds). How much does internal audit focus on potential loss related to cash funds? Usually a large amount of work is performed by internal audit within this area regardless of the institution size. Use of Internal Audit Seminar: October 12th, © Frost, PLLC

44 Financial Statement Line Item Risk
Cash – External Perspective Generally a significant financial line item in the reporting process Considered highly controlled at the institution level with a large amount of duty segregation and documentation Often we can utilize a significant amount of internal audit function to reduce our testing within this area. Particularly as it relates to audits of teller, vault funds, and electronic ACH/Wire transactions Reduction of testing can either increase the scopes used, reduce the number of tests, or both. Use of Internal Audit Seminar: October 12th, © Frost, PLLC

45 Financial Statement Line Item Risk
Investments – Internal Perspective Internal audit function can vary by institution depending on the number of personnel involved in the investment function. When controlled by a few individuals there will generally be less work performed than when there are robust internal controls in place. Focused on existence rather than valuation. Often controlled by key members of management / ownership so less weight is assigned to testing these areas. Use of Internal Audit Seminar: October 12th, © Frost, PLLC

46 Financial Statement Line Item Risk
Investments – External Perspective Investment portfolios are generally managed by a key officer within the institution and that individual’s investment decisions are rarely challenged due to the complexity of today’s investment options. Monitoring controls may be established for oversight by the board of directors but more often than not, the committees are more focused on areas such as loan losses, other real estate owned or employee expenses.   Focused on valuation and existence, but valuation is a much greater piece of today’s reporting requirements. Looking for current segregation of duties and controls over the investment process which are subject to potential management override of controls. Use of Internal Audit Seminar: October 12th, © Frost, PLLC

47 Financial Statement Line Item Risk
Loans – Internal Perspective Supported by a separate administration group. Often obtain multiple layers of properly segregated duties to ensure accurate recording and proper authorization of loans.  Focused on existence and testing primarily relates to confirmation process and account dispute resolution process. May review some elements of valuation process (allowance for loan loss). Use of Internal Audit Seminar: October 12th, © Frost, PLLC

48 Financial Statement Line Item Risk
Loans – External Perspective Focused on valuation, and while the loans themselves are a significant amount on the related balance sheet, the allowance for loan loss is the critical estimate controlled by management. As such testing generally revolves around how the estimate is generated and supported.  Focused on existence related to confirmation process and account dispute resolution process. Use of internal audit confirmation work can reduce the scope of the confirmation process. Includes review and testing of elements around the disclosure process (particularly related to economic concentrations, troubled debt restructuring, interest generated on past due loans). Use of Internal Audit Seminar: October 12th, © Frost, PLLC

49 Financial Statement Line Item Risk
Prepaid Expenses – Internal Perspective Focused on valuation and procedures include vouching costs to properly approved documentation.  More often than not a low risk area overall. Often only tested every other or third year depending on internal risk assessment. Use of Internal Audit Seminar: October 12th, © Frost, PLLC

50 Financial Statement Line Item Risk
Prepaid Expenses – External Perspective Focused on valuation and procedures include vouching costs to properly approved documentation (when material).  More often than not a low risk area overall. Use of Internal Audit Seminar: October 12th, © Frost, PLLC

51 Financial Statement Line Item Risk
Fixed Assets – Internal Perspective Focused on valuation and procedures include vouching costs to properly approved documentation.  More often than not a low risk area overall. Often only tested every other or third year depending on internal risk assessment. Use of Internal Audit Seminar: October 12th, © Frost, PLLC

52 Financial Statement Line Item Risk
Fixed Assets – External Perspective Focused on valuation and procedures include vouching costs to properly approved documentation (when material).  More often than not a low risk area overall. Again, one of the areas where the internal and external perspectives generally agree. Use of Internal Audit Seminar: October 12th, © Frost, PLLC

53 Financial Statement Line Item Risk
OREO – Internal Perspective Focused on valuation and policies associated with maintaining related assets. Reviews of related OREO files would include comparing appraised values to carrying value located on the OREO schedule. Ensure that OREO is recorded at lesser of carrying value or fair market value. Verify that current procedures in place are in conformity with current laws and regulations regarding OREO. Use of Internal Audit Seminar: October 12th, © Frost, PLLC

54 Financial Statement Line Item Risk
OREO – External Perspective Focused on valuation methodology used to arrive at the ending recorded value of the property being carried on the balance sheet. Reviews of related OREO files would include comparing appraised values and estimated selling costs as well as additional capitalized cost to carrying value located on the OREO schedule. Review controls in place to ensure there are proper controls over the valuation process and subsequent sales. Verify that sales of OREO properties qualify as sales under ASC (formerly FAS 66). Use of Internal Audit Seminar: October 12th, © Frost, PLLC

55 Financial Statement Line Item Risk
Deposits and Other Liabilities – Internal Perspective Focused on existence. Procedures are more often than not related to confirmation of account balances. Review controls in place to ensure there are proper controls over the cash receipt / disbursement. Use of Internal Audit Seminar: October 12th, © Frost, PLLC

56 Financial Statement Line Item Risk
Deposits and Other Liabilities – External Perspective Focused on existence. Procedures are more often than not related to confirmation of account balances. Review controls in place to ensure there are proper controls over the cash receipt / disbursement processes and account setup and maintenance processes. Review of conflict resolution regarding customer deposit balance discrepancies. Test input of depository information into system for control testing purposes. Use of Internal Audit Seminar: October 12th, © Frost, PLLC

57 Financial Statement Line Item Risk
Income Taxes – Internal Perspective Often no programs in place related to income taxes. Use of Internal Audit Seminar: October 12th, © Frost, PLLC

58 Financial Statement Line Item Risk
Income Taxes – External Perspective Focused on valuation. Procedures are more often than not related to analysis of tax balances to determine whether it is more likely than not that future deferred tax assets will be realized. Review current book / tax differences to ensure current income tax provision reported on the financial statements is appropriately recorded. Review deferred tax calculation to analyze whether ending deferred tax balances are recorded properly. Use of Internal Audit Seminar: October 12th, © Frost, PLLC

59 Financial Statement Line Item Risk
Income Statement – Internal Perspective While there may be some work performed in this area, generally the internal audit function is focused on the balance sheet. Larger institutions will have dedicated personnel to perform individual branch analysis and global income statement analysis. Use of Internal Audit Seminar: October 12th, © Frost, PLLC

60 Financial Statement Line Item Risk
Income Statement – External Perspective Focuses on substantive analytics based on local economic data and industry trends. Analysis is usually completed on a global rather than a branch level. Unusual or irregular variances from original expectations are tested alternatively through additional inquiry and corroboration of management representations. Generally these analyses are relationship based and compared with the underlying balance sheet item. Use of Internal Audit Seminar: October 12th, © Frost, PLLC

61 Use of Internal Audit Seminar: October 12th, 2011 © Frost, PLLC
Segregation of Duties Lack of proper segregation of duties on key financial line items When reviewing the balance sheet account controls there are often several key financial statement line items where policies and procedures are not comprehensive. Just to name a few of these are as follows OREO Investments Tax Credit Investments Other Assets / Investments Use of Internal Audit Seminar: October 12th, © Frost, PLLC

62 Use of Internal Audit Seminar: October 12th, 2011 © Frost, PLLC
Segregation of Duties Lack of proper segregation of duties on key financial line items When proper segregation of duties are not present, the use of internal audit may augment the work performed by the external auditor; however, it will not usually result in the ability to reduce work performed for the area due to the risk involved. Use of Internal Audit Seminar: October 12th, © Frost, PLLC

63 Best Practice Perspective
So what is available from a best practice perspective? When possible, review the internal control structure to ensure that controls in place are commensurate with the risk associated with potential loss. When the internal controls in place are weak for a critical area see if there are potential ways to re-task responsibilities among existing personnel to provide check and balance to the financial line item area. Ask your peers and external accountants for suggestions / recommendations regarding your potential issues if identified. Use of Internal Audit Seminar: October 12th, © Frost, PLLC

64 Use of Internal Audit Seminar: October 12th, 2011 © Frost, PLLC
Question and Answer Does anyone have any questions that we haven’t previously addressed during the presentation so far? Use of Internal Audit Seminar: October 12th, © Frost, PLLC

65 Use of Internal Audit Seminar: October 12th, 2011 © Frost, PLLC
Lunch Time Break for lunch, and we’ll come back in about an hour. Use of Internal Audit Seminar: October 12th, © Frost, PLLC

66 Re-Performance of Work
So you decided to use internal audit to reduce the scope of work. How exactly do you accomplish that? Use of Internal Audit Seminar: October 12th, © Frost, PLLC

67 Re-Performance of Work
To use the work of internal audit we go back to AU 322. Remember to consider the independence and objectivity of the internal auditor. Consider the procedures the internal auditor performed and to whom they were reported. Then re-perform the work to the level considered necessary. Use of Internal Audit Seminar: October 12th, © Frost, PLLC

68 Re-Performance of Work
What is the appropriate level of re-performance needed? The short answer is it’s professional judgment. Use of Internal Audit Seminar: October 12th, © Frost, PLLC

69 Re-Performance of Work
What is the appropriate level of re-performance needed? Another answer from AU 322 is as follows:  ”In making the evaluation, the auditor should test some of the internal auditors' work related to the significant financial statement assertions. These tests may be accomplished by either (a) examining some of the controls, transactions, or balances that the internal auditors examined or (b) examining similar controls, transactions, or balances not actually examined by the internal auditors. In reaching conclusions about the internal auditors' work, the auditor should compare the results of his or her tests with the results of the internal auditors' work. The extent of this testing will depend on the circumstances and should be sufficient to enable the auditor to make an evaluation of the overall quality and effectiveness of the internal audit work being considered by the auditor.” Use of Internal Audit Seminar: October 12th, © Frost, PLLC

70 Re-Performance of Work
Professional judgment is key. In the end, it will be up to the external auditor in charge of the engagement to determine the level of re-performance needed. There are several quantitative and qualitative factors which will go into the evaluation process including: Use of Internal Audit Seminar: October 12th, © Frost, PLLC

71 Re-Performance of Work
Professional judgment is key. The appropriateness of the procedures performed by internal audit as compared to the identified audit risks within the related areas. The timing of the procedures performed in comparison to the audit date. The quantity of testing related to the control components the external auditor wants to utilize from the testing reviewed. The level of documentation and the ability should the external auditor choose to re-perform the related work to ensure accuracy of information within the internal auditor’s workpapers. Use of Internal Audit Seminar: October 12th, © Frost, PLLC

72 Use of Internal Audit Seminar: October 12th, 2011 © Frost, PLLC
Documentation Threshold of internal audit documentation In order to use the work of the internal auditor the documentation of their workpapers needs to follow the same standards as we are required to follow under AU 339 (SAS 103). The auditor should prepare audit documentation that enables an experienced auditor, having no previous connection to the audit, to understand the following: Use of Internal Audit Seminar: October 12th, © Frost, PLLC

73 Use of Internal Audit Seminar: October 12th, 2011 © Frost, PLLC
Documentation An experienced auditor should be able to understand: The nature, timing, and extent of auditing procedures performed to comply with SASs and applicable legal and regulatory requirements; The results of the audit procedures performed and the audit evidence obtained; The conclusions reached on significant matters; and That the accounting records agree or reconcile with the audited financial statements or other audited information. Use of Internal Audit Seminar: October 12th, © Frost, PLLC

74 Use of Internal Audit Seminar: October 12th, 2011 © Frost, PLLC
Confirmations How many and how often? Fortunately the state and federal regulators are fairly consistent in the minimum thresholds they recommend (for internal auditors). Although there is no written guidance they generally are allowed to be performed at any time throughout the year as long as they occur at least annually. And while not officially published, internal auditors can be relatively comfortable with their current confirmation percentages on a routine basis provided there is not any push back during the examination process. Use of Internal Audit Seminar: October 12th, © Frost, PLLC

75 Use of Internal Audit Seminar: October 12th, 2011 © Frost, PLLC
Confirmations How many and how often? Unfortunately for external auditors we are directed to AU 350 Audit Sampling. There are literally hours and hours of training and discussion available on the subject and generally there is not a consensus on how to properly apply the statute within the industry. Use of Internal Audit Seminar: October 12th, © Frost, PLLC

76 Use of Internal Audit Seminar: October 12th, 2011 © Frost, PLLC
Confirmations Methods of selecting confirmations available to external auditors There are two approaches to the confirmation process available under AU 350. Confirming balances designed as a substantive test. Confirming balances designed as a control test. Both approaches are allowable; however, when looking at deposit and loan portfolio’s the control testing populations will almost always be smaller. Use of Internal Audit Seminar: October 12th, © Frost, PLLC

77 Use of Internal Audit Seminar: October 12th, 2011 © Frost, PLLC
Confirmations In my experience This is always an area where the use of internal audit’s results have proven beneficial to me. I prefer to use the work of internal audit in this area to augment my testing so that my populations can concentrate on the larger dollar values. Under AU 350 the audit sample confirmation populations are required to be indicative of the population as a whole but they are not required to be statistical. Use of Internal Audit Seminar: October 12th, © Frost, PLLC

78 Use of Internal Audit Seminar: October 12th, 2011 © Frost, PLLC
Confirmations Official AU 350 excerpt regarding sample methodology “Statistical sampling helps the auditor (a) to design an efficient sample, (b) to measure the sufficiency of the audit evidence obtained, and (c) to evaluate the sample results. By using statistical theory, the auditor can quantify sampling risk to assist himself in limiting it to a level he considers acceptable. However, statistical sampling involves additional costs of training auditors, designing individual samples to meet the statistical requirements, and selecting the items to be examined. Because either nonstatistical or statistical sampling can provide sufficient audit evidence, the auditor chooses between them after considering their relative cost and effectiveness in the circumstances.” Use of Internal Audit Seminar: October 12th, © Frost, PLLC

79 Use of Internal Audit Seminar: October 12th, 2011 © Frost, PLLC
Loan Review Function The loan review department (or outsourced party) performs one of the most critical functions we focus on related to the audit of a financial institution. One important aspect regarding the financial statements is management estimates. No where on the balance sheet does management usually have more control over a key estimate than as it relates to the loan loss allowance. I look at this department as an extension of internal audit since they are essentially reporting on the effectiveness of management’s estimate process regarding loan grading. Use of Internal Audit Seminar: October 12th, © Frost, PLLC

80 Use of Internal Audit Seminar: October 12th, 2011 © Frost, PLLC
Loan Review Function Management’s attitude and tone at the top often plays a key role in the effectiveness of this function. Where an institution is aggressive in reporting earnings, management may push loan review to be more lenient towards the grading of loans in order to improve reported earnings. This can potentially lead to misstated financial statements and inflated capital ratio’s. Where an institution is conservative in reporting earnings, management may push loan review to be more stringent towards grading of loans in order to reduce reported earnings. This also can lead to potentially misstated financial statements. Use of Internal Audit Seminar: October 12th, © Frost, PLLC

81 Use of Internal Audit Seminar: October 12th, 2011 © Frost, PLLC
Loan Review Function Qualifications of loan review department (outsourced function) One consideration of the loan review function needs to be the qualification of the personnel involved. Are they experienced in the area? Do they have any certifications? Use of Internal Audit Seminar: October 12th, © Frost, PLLC

82 Use of Internal Audit Seminar: October 12th, 2011 © Frost, PLLC
Loan Review Function Who does the loan review department report to? Do they report directly to the Board of Director’s or to Management? These questions matter because the more independence and competence you can assign to this function, the more reliance you can place on their reporting. Use of Internal Audit Seminar: October 12th, © Frost, PLLC

83 Use of Internal Audit Seminar: October 12th, 2011 © Frost, PLLC
Loan Review Function And if I can assign more value to the work performed within the loan review process internally I can reduce the scope of loan review I an required to perform during the external audit process. You are still required to go through the same steps as if they were the internal auditor. When this process is outsourced to a third party you should reference AU 336 (formerly SAS 73) the use of a specialist; however, qualitative factors involved are virtually identical to the internally generated work. The major difference is that you may be able to establish a greater level of independence. Use of Internal Audit Seminar: October 12th, © Frost, PLLC

84 Use of Internal Audit Seminar: October 12th, 2011 © Frost, PLLC
Other Investments What “other investments” are present and who is maintaining them? Sometimes known as the black hole area of an audit this is where assets (or expenditures) have been classified because they are either non-allowable assets for capital purposes or do not fit neatly into any of the other categories available to a financial institution. Use of Internal Audit Seminar: October 12th, © Frost, PLLC

85 Use of Internal Audit Seminar: October 12th, 2011 © Frost, PLLC
Other Investments Supporting documentation for “other investments” This is often difficult to obtain. Internal audit generally does not test this area and very few controls usually exist for these items. Often they are maintained by a key member of management and are static in that they do not change values often. The problem presented by these assets is often one of valuation. How do you go about analyzing for potential impariment? Use of Internal Audit Seminar: October 12th, © Frost, PLLC

86 Use of Internal Audit Seminar: October 12th, 2011 © Frost, PLLC
Deferred Income Taxes Supporting documentation related to deferred income tax calculation when prepared by an outside expert. Is the schedule properly supported by related tax details? And do the supporting book tax difference schedules agree to the audited values for book purposes? Does management have the ability to review and understand the related tax calculations prepared by the external party. Use of Internal Audit Seminar: October 12th, © Frost, PLLC

87 Use of Internal Audit Seminar: October 12th, 2011 © Frost, PLLC
Break Time Let’s take about 10 minutes to stretch our legs. Use of Internal Audit Seminar: October 12th, © Frost, PLLC

88 New Compliance Requirements
HUD Reporting Requirements (FHA Lenders) Interagency Advisory on Interest Rate Risk Management Correspondent Concentration Risks FDIC Assessments Transaction Guarantee Program Extension The Dodd-Frank Act (and the fact that most of the legislation has yet been defined) Use of Internal Audit Seminar: October 12th, © Frost, PLLC

89 New Compliance Requirements
The increase in compliance requirements has led to increased size and scopes of compliance departments. The role of compliance departments and the internal audit departments have been blurred. Loan compliance and comprehensive deposit audits are primarily the function of the compliance department; however, the audits within these areas are duplicated to a lesser extent during the external audit process. Again the work performed during these “compliance” audits has the ability to be leveraged during the external audit process just as the work performed as part of the internal audit function. Use of Internal Audit Seminar: October 12th, © Frost, PLLC

90 New Compliance Requirements
The future holds more compliance rather than less. The Dodd-Frank Act, among many other changes, will: Create new regulations for companies that extend credit to customers, exempt small public companies from Section 404(b) of the Sarbanes-Oxley Act of 2002 (SOX), Make auditors of broker-dealers subject to Public Company Accounting Oversight Board (PCAOB) oversight, and change the registration requirements for investment advisers. Mandates over 60 different studies and reports by various oversight agencies on a range of issues. Because these new regulations will most likely be produced over the next few years, the impact of these reforms will be staggered. This may provide opportunities for the financial institutions industry to respond to the proposed regulations and work with regulators in developing reporting requirements, formats, and timetables that are practical to implement. Large, complex financial institutions, in particular, and newly regulated entities with new reporting requirements will be challenged to update their systems, policies, procedures, and data infrastructures. Use of Internal Audit Seminar: October 12th, © Frost, PLLC

91 Off Balance Sheet Instruments
As part of the audit process, when material disclosure auditing of key reported data is required. Unused letters of credit Commitments to originate, purchase or sell loans Commitments to lend at variable and fixed rates Derivative potential commitments Cash requirements of these related contracts The institution’s policy for requiring collateral or other security to support financial instruments subject to credit risk, information about the institution’s access to that collateral or other security, and the nature and a brief description of the collateral or other security supporting those financial instruments. Use of Internal Audit Seminar: October 12th, © Frost, PLLC

92 Use of Internal Audit Seminar: October 12th, 2011 © Frost, PLLC
Fair Value Fair value considerations and reporting are more important in the standards now than they have ever been. Fortunately most were required to be implemented in the prior year and included the following ASU’s ASU Fair Value Measurements and Disclosures (Topic 820)—Improving Disclosures about Fair Value Measurements ASU Receivables (Topic 310) -- Disclosures about the Credit Quality of Financing Receivables and the Allowance for Credit Losses (which was actually deferred until this year for public entities) Use of Internal Audit Seminar: October 12th, © Frost, PLLC

93 Fair Value - Disclosures
Today the fair value footnote’s within a financial institutions financial statements are larger than they have ever been. There are a myriad of disclosures required ranging from the standard quantitative which has historically been reported to much more qualitative information regarding valuation methods. Use of Internal Audit Seminar: October 12th, © Frost, PLLC

94 Fair Value - Disclosures
We are also required to use more “buckets” In practice there has been a wide variety of application of this standard in the reporting process. Some entities have continued to use their significant category maintaining that investments within those categories are homogeneous in risk profile. Some entities have broken out their categories to unprecedented levels that are not necessarily indicative of the risk of the related groups. There is definitely not a consensus within the industry group. Use of Internal Audit Seminar: October 12th, © Frost, PLLC

95 Fair Value - Disclosures
Tomorrow’s will be even more comprehensive. Qualitative information references the fact that we were required to present information regarding how the level 2 and 3 categories were valued. These included the valuation technique and inputs used to arrive at the valuation, how the valuation technique was developed, a description of the policies and procedures used to determine the best method to choose the valuation technique and any changes between periods that might change. (Delayed until 2012) Use of Internal Audit Seminar: October 12th, © Frost, PLLC

96 Fair Value - Disclosures
Tomorrow’s will be even more comprehensive. We are also in the process of converting some of the language for our fair value disclosures to be consistent with IFRS. (ASU ) These will be effective for both public and non-public entities in 2012. Use of Internal Audit Seminar: October 12th, © Frost, PLLC

97 Fair Value - Disclosures
And yesterday’s fair value disclosures are not going away. We did no “lose” any of the previous fair value disclosure requirements. As a result the fair value disclosure footnote presentation is growing exponentially. This growth is an attempt by the standard setters to supply more information about the qualitative aspects (IFRS method) of the fair value estimation methodologies. Use of Internal Audit Seminar: October 12th, © Frost, PLLC

98 Fair Value - Disclosures
What is internal audit doing in this area? Some internal audit groups are obtaining pricing verification, but most are primarily focused on the existence assertion rather than valuation. As such there usually is not a lot of leveraging in this area that can take place. A primary area where internal auditor’s are looking more at valuation is in OREO (Non-recurring fair value assessments). This has been productive as financial institutions OREO portfolio’s have grown and they have been improving methods in establishing the fair value of these assets. Use of Internal Audit Seminar: October 12th, © Frost, PLLC

99 Fair Value - Disclosures
Can internal audit provide some relief in this area? The short answer is yes. The internal auditor as part of their audit function or the financial statement preparer can compile the information to ensure there is enough information to meet the financial statement reporting requirements. Often time is lost during the audit process as the external auditor attempts to pull the needed schedules for the disclosures from the financial institution’s investment portfolio statements. Often (particularly in smaller institutions) the monthly investment statement package will not have all of the needed schedules to meet the disclosure requirements. Use of Internal Audit Seminar: October 12th, © Frost, PLLC

100 Fair Value - Disclosures
Can internal audit provide some relief in this area? Another means of helping comes when a SSAE 16 report for the outsourced pricing service is unavailable. Internal audit can help verify pricing with another source as part of their internal audit program or recommend to their Board’s that the institution consider a pricing service that has better documented and tested controls over their process. These can be presented to the Board as an improvement in the accuracy and reliability of reporting regarding valuation of their investment portfolio. Use of Internal Audit Seminar: October 12th, © Frost, PLLC

101 Use of Internal Audit Seminar: October 12th, 2011 © Frost, PLLC
Key Estimates Investment security valuation This is usually one of the largest estimates on the balance sheet. Often uses an outside third party to value the related assets. Internal audit may or may not be involved in assessing the valuation techniques utilized. Use of Internal Audit Seminar: October 12th, © Frost, PLLC

102 Use of Internal Audit Seminar: October 12th, 2011 © Frost, PLLC
Approach to Testing Investment securities – approach to testing. Verification of existence (confirmation). This includes both to the portfolio statement provider where applicable but also to the safekeeping agent. Remember, Bernie Madoff was sending nice pretty investment statements to his customers, but nobody was verifying that he was properly maintaining custody of those investments on the customer’s behalf. Use of Internal Audit Seminar: October 12th, © Frost, PLLC

103 Use of Internal Audit Seminar: October 12th, 2011 © Frost, PLLC
Approach to Testing Investment securities – approach to testing. Verification of pricing information provided on the investment statements is also important to the auditing process. The simple answer is that the institution is using a service which provides a documented report that their pricing information is accurate. When not available then alternative methods should be employed. Use of Internal Audit Seminar: October 12th, © Frost, PLLC

104 Use of Internal Audit Seminar: October 12th, 2011 © Frost, PLLC
Approach to Testing Investment security valuation – approach to testing. Comparing investment income to outstanding investment assets. Review of the returns recorded by the institution as compared to those outlined on the information in the investment statements is often a strong indicator of reporting accuracy. Use of Internal Audit Seminar: October 12th, © Frost, PLLC

105 Use of Internal Audit Seminar: October 12th, 2011 © Frost, PLLC
Key Estimates Allowance for Loan Losses This is usually the largest estimate which Management has ability to control directly. May or may not use an outside party to aid in the evaluation process. Internal audit may or may not be involved in assessing the valuation techniques utilized. Where internal audit (or an equivalent group which reports to the Board) are present use of their work may reduce the scope of our required testing. Use of Internal Audit Seminar: October 12th, © Frost, PLLC

106 Use of Internal Audit Seminar: October 12th, 2011 © Frost, PLLC
Approach to Testing ALLL – Approach to testing Review of evaluation process currently in place. Is it appropriate for the institution’s size? Does the scope of internal the internal evaluation process allow the external auditor to reduce the scope of their testing? Is the internal evaluation considered independent enough to rely upon their findings? Re-test to ensure observations are consistent with reported evaluations. Recalculate mathematically to ensure output values are correct. Use of Internal Audit Seminar: October 12th, © Frost, PLLC

107 Use of Internal Audit Seminar: October 12th, 2011 © Frost, PLLC
Key Estimates Valuation of impaired loans Often performed by either a credit analyst, loan review department, or loan officer. Not normally audited by internal audit; however, work performed by other institution employees can be used similar to internal audit workpapers provided the documentation is available. Use of Internal Audit Seminar: October 12th, © Frost, PLLC

108 Use of Internal Audit Seminar: October 12th, 2011 © Frost, PLLC
Approach to Testing Valuation of impaired loans Review last available appraisal and any adjustments related to estimated potential selling costs which are considered appropriate by management. Review estimated cash flow worksheet (if prepared) and assumptions used in creating the cash flow model identifying anticipated future performance on the loan. Review related credit documentation (tax returns, financial statements, etc.) to ensure documentation agrees to the assumptions utilized by management in their analysis. Use of Internal Audit Seminar: October 12th, © Frost, PLLC

109 Use of Internal Audit Seminar: October 12th, 2011 © Frost, PLLC
Key Estimates Valuation of foreclosed assets Often performed by either a credit analyst, key officer, or area manager for the financial institution. Historically this had not been an important function, but in recent years the internal audit function has elevated this area due to the economic trends. Now internal auditors have been including programs similar to what we perform on the external audit. Use of Internal Audit Seminar: October 12th, © Frost, PLLC

110 Use of Internal Audit Seminar: October 12th, 2011 © Frost, PLLC
Approach to Testing Valuation of foreclosed assets Review last available appraisal and any adjustments related to estimated potential selling costs which are considered appropriate by management. Review the carrying value of the loan associated with the related foreclosed asset to ensure that the OREO was recorded and the lesser of fair market or carrying value of the loan. Review OREO which has been on hand greater than one year. Challenge valuations if they continue to be the same as in the prior year. Review current property listings to identify whether the institution’s marketed price for the related property is equal to or greater than the value the property is carried at on the balance sheet. Use of Internal Audit Seminar: October 12th, © Frost, PLLC

111 Use of Internal Audit Seminar: October 12th, 2011 © Frost, PLLC
Key Estimates Deferred Income Taxes Usually performed by an outside expert; although some larger institutions will perform their own calculations in-house. Internal audit usually does perform any procedures in this area. Use of Internal Audit Seminar: October 12th, © Frost, PLLC

112 Use of Internal Audit Seminar: October 12th, 2011 © Frost, PLLC
Approach to Testing Deferred Income Taxes Review supporting tax schedules to ensure that ending book / tax difference are properly reported. Review tax details for reasonableness where estimates are present. Vouch tax payments and receipts recorded during the year. Assessing whether the deferred tax assets are considered realizable at some point in the future. Use of Internal Audit Seminar: October 12th, © Frost, PLLC

113 Use of Internal Audit Seminar: October 12th, 2011 © Frost, PLLC
Basic A&A Update What new schedules will the auditors be asking for this year? Many of these request will be related to investments. Your auditors may want to review the current breakout of your investment portfolio by more meaningful information groupings such as: Securities segregated by type and then by state Securities segregated by asset quality or agency rating Securities segregated by valuation methodology Or a hybrid version of any of the above Use of Internal Audit Seminar: October 12th, © Frost, PLLC

114 Use of Internal Audit Seminar: October 12th, 2011 © Frost, PLLC
Basic A&A Update What new schedules will the auditors be asking for this year? Your auditor’s may be asking for much more information regarding investments in how your portfolio services or pricing services arrive at their values. The assumption and how they are generating those valuation models. These request will not be for new disclosures; however, they will probably be assessing the impact on the future financial statement reporting process. Use of Internal Audit Seminar: October 12th, © Frost, PLLC

115 Use of Internal Audit Seminar: October 12th, 2011 © Frost, PLLC
Basic A&A Update Change in goodwill calculations (hopefully this won’t affect anyone in the room), ASU Under Topic 350 on goodwill and other intangible assets, testing for goodwill impairment is a two-step test. When a goodwill impairment test is performed (either on an annual or interim basis), an entity must assess whether the carrying amount of a reporting unit exceeds its fair value (Step 1). If it does, an entity must perform an additional test to determine whether goodwill has been impaired and to calculate the amount of that impairment (Step 2). The objective of this Update is to address questions about entities with reporting units with zero or negative carrying amounts because some entities concluded that Step 1 of the test is passed in those circumstances because the fair value of their reporting unit will generally be greater than zero. Use of Internal Audit Seminar: October 12th, © Frost, PLLC

116 Use of Internal Audit Seminar: October 12th, 2011 © Frost, PLLC
Basic A&A Update Another change in goodwill potential impairment calculation, ASU The FASB changed their requirements for the annual goodwill calculation. Now the requirements allow for a qualitative assessment of whether the fair value of the reporting unit is less than the carrying value. If after the evaluation of relevant circumstances or events it is determined that the fair value of the reporting unit exceeds the carrying value, the actual calculation as originally required in Step 1 is no longer required. Although effective for 2012, early adoption is permitted. Use of Internal Audit Seminar: October 12th, © Frost, PLLC

117 Use of Internal Audit Seminar: October 12th, 2011 © Frost, PLLC
Basic A&A Update Other Comprehensive Income, ASU Current U.S. GAAP allows reporting entities three alternatives for presenting other comprehensive income and its components in financial statements. One of those presentation options is to present the components of other comprehensive income as part of the statement of changes in stockholders' equity. This Update eliminates that option. In addition, current U.S. GAAP does not require consecutive presentation of the statement of net income and other comprehensive income. Finally, current U.S. GAAP does not require an entity to present reclassification adjustments on the face of the financial statements from other comprehensive income to net income, which is required by the guidance in this Update. These changes apply to both annual and interim financial statements issued after December 15, 2012 (early adoption is permitted because compliance with these amendments is already available in the current literature). Use of Internal Audit Seminar: October 12th, © Frost, PLLC

118 Use of Internal Audit Seminar: October 12th, 2011 © Frost, PLLC
Basic A&A Update Troubled Debt Restructuring, ASU In evaluating whether a restructuring constitutes a troubled debt restructuring, a creditor must separately conclude that both of the following exist: The restructuring constitutes a concession. The debtor is experiencing financial difficulties. The amendments to Topic 310 clarify the guidance on a creditor's evaluation of whether it has granted a concession The issue with reporting TDR’s is that in general examiner’s generally believe these represent substandard loans when that is not necessarily the case in practice. Use of Internal Audit Seminar: October 12th, © Frost, PLLC

119 Use of Internal Audit Seminar: October 12th, 2011 © Frost, PLLC
Basic A&A Update Proposed change to netting arrangements. In U.S. GAAP, a principle would be established that would preclude offsetting, unless specifically required or permitted by a specific Topic, similar to the principle that exists in IFRSs. The proposals would eliminate the exception in U.S. GAAP that allows offsetting for some derivative and sale and repurchase (and reverse sale and repurchase) contracts when the right of setoff is conditional, there is no intention to set off, or such intention is conditional. The proposal would also eliminate several industry specific practices. It would also modify the offsetting criteria in IRFSs by clarifying that the right of setoff should not only be currently enforceable. The proposals would enhance disclosures required by U.S. GAAP and IFRSs by requiring improved information about eligible assets and eligible liabilities subject to setoff, and related arrangements (such as collateral agreements) and the effect of those arrangements on an entity's financial position. Use of Internal Audit Seminar: October 12th, © Frost, PLLC

120 Use of Internal Audit Seminar: October 12th, 2011 © Frost, PLLC
Basic A&A Update Leases- On the horizon During the third quarter of 2010, the IASB and FASB published for public comment joint proposals to improve the financial reporting of lease contracts. These proposals would result in a consistent approach to lease accounting for both lessees and lessors—a “right of use” approach. Currently, the accounting for a lease depends on its classification; an operating lease results in the lessee not recording any assets or liabilities in the statement of financial position under either IFRSs or U.S. GAAP, whereas a capital lease results in the lessee recognizing an asset and obligation. Under the proposed guidance, lessees would not able to use the operating lease method of accounting, which would produce more complete and comparable financial reporting, in addition to reducing the opportunity to structure transactions to achieve a desired accounting outcome. Use of Internal Audit Seminar: October 12th, © Frost, PLLC

121 Use of Internal Audit Seminar: October 12th, 2011 © Frost, PLLC
Resources Authoritative Literature Financial Accounting Standards Board Accounting Standard Codification (“ASC”) Accounting Standard Updates (“ASU”) The American Institute of CPA’s Accounting and Audit Guides (“AAG”) Statements of Auditing Standards (“SAS”) Auditing (United States) (“AU”) Attestation Engagements (“AT”) Use of Internal Audit Seminar: October 12th, © Frost, PLLC

122 Use of Internal Audit Seminar: October 12th, 2011 © Frost, PLLC
Contact Brent Currey Assurance Manager Frost PLLC (501) – Direct Line (501) – Cell Line Use of Internal Audit Seminar: October 12th, © Frost, PLLC


Download ppt "The External Auditor’s Perspective and use of Internal Audit"

Similar presentations


Ads by Google