Introduction  Enron and other corporate scandals resulted in the demise of Andersen and passage of the Sarbanes-Oxley Act  The Act establishes the Public Company Accounting Oversight Board (PCAOB) to provide oversight of auditors of public companies, including establishing auditing and quality control standards  Other changes to the profession include new fraud guidance in SAS No. 99, and the change to a computer-based CPA exam in April 2004

Disposition of Consulting Units  The Big 5 firms began disposing of their consulting practices well before Sarbanes-Oxley, partially to address independence concerns Andersen Consulting separated from Andersen in Aug. 2000, went public, and was renamed Accenture Deloitte Consulting terminated plans to separate from Deloitte & Touche due to market conditions Ernst & Young consulting sold to Cap Gemini in Feb KPMG Consulting went public in Feb. 2001, and was renamed BearingPoint PwC sold its consulting practice to IBM for $3.5 billion in July 2002

Data for Largest CPA Firms Fiscal Year 2002 Revenue (2) Prof. (2) Revenue % Rank Firm $ million Staff A&A Tax MAS Other 1 Deloitte & Touche 5,933 19, PwC 5,174 29,787 (a) Ernst & Young 4,515 15, KPMG 3,400 11, (a) Does not reflect sale of consulting practice Fiscal Year 2000 Revenue (2) Prof. (2) Revenue % Rank Firm $ million Staff A&A Tax MAS 1 PwC 8,878 34, Deloitte & Touche 5,838 20, KPMG 5,400 19, Ernst & Young 4,270 13, Andersen 3,600 17, Source: Accounting Today

Public Company Accounting Oversight Board  Key responsibilities of the PCAOB include: Registering public accounting firms that audit public company financial statements Establishing or adopting auditing, quality control, ethics and independence standards related to audits of public companies Conducting inspections of registered audit firms Conducting investigations and disciplinary proceedings related to registered accounting firms

Audit Report on Internal Control  Auditor must report on management’s assessment of internal control Report is as of the end of the company’s fiscal year Auditor’s report date same as date of auditor’s report on financial statements  Auditor’s report on internal control can be combined with financial statement audit report or issued separately

Prohibited Non-audit Services 1. Bookkeeping or other services related to the accounting records or financial statements 2. Financial information systems design and implementation 3. Appraisal or valuation services, fairness opinions, or contribution-in-kind reports 4. Actuarial services 5. Internal audit outsourcing services 6. Management or human resources functions 7. Broker or dealer, investment adviser, or investment banking services 8. Legal and expert services unrelated to the audit 9. Any other service that the Public Company Accounting Oversight Board (Board) determines, by regulation, is impermissible The Act prohibits the following services, most of which were previously prohibited by the SEC’s rule on auditor independence:

Additional Independence Provisions  Audit committee must pre-approve all audit and non-audit services  Lead audit and review partners must rotate off the audit after five years  One-year employment “cooling off” period – The audit firm cannot audit a client if its CEO, CFO, chief accounting officer, or person in a similar capacity participated in the audit during the one-year period prior to the initiation of the audit

Management Certification  CEO and CFO must certify the annual and quarterly financial statements Management has reviewed the statements The statements contain no untrue material facts or omit a material fact Based on management’s knowledge, the statements are fairly presented Management has evaluated the effectiveness of disclosure controls with 90 days of filing the report Management has disclosed any deficiencies in internal control or fraud to the auditor and audit committee Management has indicated any significant changes in internal controls subsequent to management’s evaluation

Audit Documentation  Mandatory retention of audit documentation in sufficient detail to support the auditor’s conclusions for a period of seven years  Knowing and willful destruction of audit documentation is a criminal offense subject to fines and imprisonment  Documents generally excluded include: Superseded drafts of memos and other records Previous copies of working papers corrected for errors Duplicates of documents Voic messages

Client Acceptance  SEC final rules make the audit committee “the client” Audit committee is responsible for auditor appointment, compensation, and oversight, including pre-approval of all audit and non-audit services Audit committee responsible for resolution of any disagreements between the auditor and management over financial reporting  Auditors are required to report the following matters to the audit committee: All critical accounting policies and practices used by management All material alternative accounting treatments of financial information within GAAP that have been discussed with management Other material written communications between the accounting firm and management

Differences in Scope of Controls Tested in an Audit of Internal Control and an Audit of Financial Statements Internal Controls Used to Assess Control Risk Below Maximum Internal Controls Over Financial Reporting Controls that must be tested in an audit of internal controls Controls that must be tested in an audit of financial statements

Audit Committee Financial “Expert”  Understands GAAP and financial statements  Has the ability to assess the application of principles for estimates, accruals, and reserves  Experience preparing, auditing, or evaluating financial statements similar in complexity to the company’s financial statements  Understands internal controls and procedures for financial reporting  Understands audit committee functions

New Fraud Standard - SAS No. 99  New “brainstorming” meeting among audit engagement team about fraud risks and discussion about professional skepticism  Broader set of information gathered to assess fraud risks  Focus on the “fraud triangle”  Expand auditor responses to fraud risks  Mandate procedures in all audits to address ever-present risk of management override

The “Fraud Triangle” Opportunities Weak Board of Directors Weak Internal Controls Attitudes/Rationalizations Lack of a Code of Conduct Disregard for Financial Reporting Incentives/Pressures Tight Debt Covenants Unrealistic Analyst Expectations

Information to Assess Fraud Risks BrainstormingInquiries Analytical Procedures Fraud Risk Factors Other Information Identified Fraud Risks

Procedures to Address Risk of Management Override of Controls  Examine journal entries and other adjustments for evidence of possible misstatements due to fraud  Review accounting estimates for bias  Evaluate business rationale for significant unusual transactions

Auditor’s Risk Assessment and Risk Response Processes  In December 2002 the ASB issued an exposure draft of several new standards relating to risk assessment  Significant proposed changes include : Auditors must obtain an in-depth understanding of an entity and its environment Auditors must assess risk of material misstatements at the financial statement level and assertion level Eliminates “default to maximum” for control risk Strengthens link between risks and auditor’s response to those risks Strengthens guidance for testing disclosure Expands documentation requirements

Proposed Changes Related to Reliance on Controls  Tests of controls are encouraged by eliminating the default to “maximum risk”  If the auditor plans to rely on controls that have not changed, their operating effectiveness must be tested at least every third audit  If the auditor plans to rely on controls to mitigate a significant risk, all evidence about the operating effectiveness of the controls must be from tests of controls performed in the current period  For significant risks, the auditor is require to perform substantive tests  Greater emphasis is placed on testing disclosures

Computerization of CPA Exam  Significant changes to the CPA exam include: A shortened exam from 15 ½ hours to 14 hours Exam content will change:  Multiple choice questions will comprise approximately 80% of the exam  Case study simulations will comprise the other 20% Case study simulations will contain research activities which will require candidates to use electronic databases and authoritative literature to answer various questions. Candidates will also need to be familiar with spreadsheets and word processing software.

CPA Exam Length Time Breakdowns by Section for Revised Uniform CPA Examination Examination Length (hours) 14 Auditing & Attestation 4.5 Financial Accounting & Reporting 4 Regulation 3 Business Environment & Concepts 2.5

Computerization of CPA Exam  Other significant changes to the exam: Candidates will be allowed to take the exam at any time during four exam windows each year (each exam window lasts three months) Candidates may retain credit for a passed section of the exam for a period of 18 months beginning on the date the first section passed is taken Candidates may sit for each section of the exam individually and in any order

Exam Content Transition Paper-and-Pencil Examination Section Computer-Based Examination Section AuditingAuditing & Attestation Financial Accounting & Reporting (FARE) Financial Accounting & Reporting Accounting & Reporting (ARE)Regulation Business Law & Professional Responsibilities (LPR) Business Environment & Concepts