1. Presented by: Ivan Sotomayor, CPA, MBA 1) AUDITING CONSIDERATIONS FOR FRAUD UNDER PCAOB STANDARDS 2) THE INTEGRATED AUDIT OF PUBLIC COMPANIES UNDER PCAOB STANDARDS

2. Auditing Considerations for Fraud under PCAOB standards Session 1 October 30, 2009

3. The Auditor’s Responsibility for Fraud Detection in a PCAOB Audit  In an audit under PCAOB standards the auditor must provide reasonable assurance that the financial statements are free of material misstatement, including material misstatement caused by fraud. The auditor is not responsible for detecting all fraud, it is responsible got detecting material misstatements caused by the fraud.  In an audit of financial statements it is the job of the auditor to plan and perform the audit to provide reasonable assurance that the financial statements are free of material misstatements. That responsibility includes both unintentional errors and intentional acts that result in a material misstatement of the financial statements.

4. Assessing the Risk of Material Misstatement  In planning the audit the auditor documents specific risks, including identified fraud risks, relating to each significant audit area. Sometimes, the identified risk will suggest the appropriate additional procedures needed. For example, if the risk for sales and recievables is that sales cutoff errors are likely to occur, the auditor may choose to apply more procedures to test sales cutoff.  Types of misstatement  Understatement of account balance  Overstatement of account balance  Causes of misstatement  Error (unintentional)  Cooking the books (intentional)  Theft (intentional)

5. Common Cash Fraud Schemes Misappropriation of Assets Fraud SchemeSymptomsAudit Responses Skimming all or part of a cash sale Cash sales or receipts differ from normal or expected patterns Cash deposit totals differ from normal or expected patterns Inventory discrepancies Unusual amount or pattern of cash over/short Customer complaints Declining gross profit Mutilated or destroyed cash register control tapes and tapes with faint ink Use alternate party to perform procedures Compare inventory Analyze gross profit

6. Common Cash Fraud Schemes Misappropriation of Assets Fraud SchemeSymptomsAudit Responses Theft of a daily cash deposit Cash sales or receipts differ from normal or expected patterns Cash deposit totals differ from normal or expected patterns Inventory discrepancies Lack of segregation of duties Missing deposit slips Missing sales invoices Unusual journal entries or unusual items on the bank reconciliation Differences between daily list of receipts and deposits on bank statement Compare bank deposits to cash receipts records Prepare proof of cash Review bank reconciliations Review journal entries

7. The Integrated Audit of Public Companies under PCAOB Standards Session 2 October 30, 2009

8. Overview of the Sarbanes – Oxley Act  In 2001, Enron Corp, one of the biggest companies at the time, failed to comply and report on its financial statements and to the SEC  Sales of stock to special-purpose entities (SPE)  The non-consolidation of certain SPEs  The noncompliance caused material overstatement of assets, shareholder’s equity, net income and the concealment of substantial debt obligations.  Public policy discussions and media criticism centered primarily on the failure of the financial statements to warn investors of the impending collapse of Enron and on  Lack of independence and objectivity of a self-regulating profession that offers both consulting and auditing services to its clients  Numerous other high profile business failures and accounting scandals occurred or came to light during this period.  The revelation of a massive $11 million fraud by WorldCom led directly to the enactment of SOX

9. The PCAOB  The Act created the PCAOB as an independent non-profit organization under the supervision of the SEC  The principal functions of the PCAOB under the law is to oversee the audit of public companies that are listed with the SEC in order to protect the interests of investors and further the public interest in the preparation of informative, accurate and independent audit reports of public companies.  The Board has 5 members, only 2 members could be CPAs  Only CPA firms that are registered with the PCAOB could audit or participate in the audit of a public company, including foreign CPA firms  Under the Act the PCAOB has the authority to enact auditing, quality control and independence standards for CPA firms that audit public companies  The Act requires the PCAOB to periodically inspect registered CPA firms and associated persons that audit public companies. Annually for CPA firms with more that 100 issuers and at least every 3 years for others

10. The PCAOB (cont’d)  The act authorizes the PCAOB to conduct investigations and discipline registered CPA firms and associated person of such firm for any act or practice, or omission to act on any provision of the SOX Act, rules of the PCAOB and securities laws in the preparation and issuance of audit reports  Disciplinary or remedial sanctions under the law:  Temporary or permanent revocation of registration with the PCAOB  Temporary or permanent suspension or bar of a person from further association with a registered CPA firm  Temporary or permanent limitation on the activities, functions, or operations of such firm or person  Civil money penalty for each violation in an amount equal to  No more than $100,000 for a natural person or $2 million for others  In case of intentional or other knowing conduct $750,000 for a natural person or $15 million for others  Censure  Additional CPE or training

11. Sarbanes-Oxley Act Cost vs. Benefits  Decrease in IPO activity in NY  Increase in compliance cost  Increase in audit fees  Increase in legal fees  SOX 404 has led to reduced stock valuation of small companies  Companies from highly regulated counties do not benefit from better ratings, only the cost  Cost of complying with SOX 404 impacts smaller companies disproportionally  Companies have improved their IT thus, financial statements are perceived more reliable  Borrowing costs are lower for companies that improved IT  SOX 404 has led to conservative reported earnings  Companies from badly regulated countries benefit from better ratings by complying with US mandated SOX CostBenefits

12. Integrated Audit Process – AS No.5  Integrating the audits  Risk assessment, including fraud risk assessment  Top-down approach  Small companies considerations

13. Integrating the Audits  Audit of Internal Control over Financial Reporting (ICFR) should be integrated with the audit of the financial statements  Objectives of the audits are not identical, and the auditor must plan and perform the work to achieve the objectives of both audits  Auditor should design testing of controls to accomplish the objectives of both audits simultaneously

14. Role of Risk Assessment  Risk assessment underlies the entire audit process described by AS No. 5, including  The determination of significant accounts and disclosures and relevant assertion  The selection of controls to test  The determination of the evidence necessary for a given control

15. Addressing the Risk of Fraud  Auditor should take into account the results of his or her fraud risk assessment.  Auditor should evaluate whether the company’s controls sufficiently address identified risks of fraud  AS No. 5 provides examples of mitigating controls

16. Using a Top-down Approach  Auditor should use a top-down approach to the audit of ICFR to select the controls test  Top-down approach begins at the financial statement level and with the auditor’s understanding of the overall risks to ICFR  Auditor then focuses on the entity-level controls and works down to significant accounts and disclosures and their relevant assertions

17. Evaluating Entity Level Controls  Auditor must test those entity-level controls that are important to the auditor’s conclusion about whether the company has effective ICFR  Auditor’s evaluation of entity-level controls can result in increasing or decreasing the testing that the auditor otherwise might have performed on other controls

18. Assessing Risk of Management Override  Additional opportunities of override exist because  Senior management is extensively involved in operations  There are fewer levels of management  Controls that might address risk of management override  Maintaining integrity and ethical values  Monitoring controls over journal entries  Increased oversight by audit committee  Whistleblower program

19. Evaluating Segregation of Duties and Alternative Controls  Fewer employees, therefore limited opportunities to segregate duties  Auditor can evaluate involvement of external parties  Auditor can evaluate alternative controls, including:  Management review  Management oversight  Entity level controls

20. Auditing Information Technology  Off-the-shelf software commonly used  Few users and few dedicated IT personnel  End-user computing prevalent  IT generated reports used in manual controls

21. Considering Financial Reporting Competencies and their Effect on ICFR  Smaller companies may use outside professionals because of the lack of internal expertise  Auditor should consider management oversight over the work of outside professionals  Who evaluates the professional qualifications  Who makes key judgments  What controls exist over their work

22. Obtaining Sufficient Competent Evidence When the Company has Less Formal Documentation  Depending on risk, inquiry combined with other procedures might provide sufficient evidence of control effectiveness  Consider using walkthroughs to understand the flow of transactions if management documentation is limited  Consider other documentation of processes and controls (what company uses to run its business

23. Reporting Considerations  Evaluation of control deficiencies  Expression of Assessment of effectiveness of ICFR by management  Disclosures about material weaknesses  Impact of a restatement of previously issued financial statements on management’s report on ICFR  Inability to assess Certain Aspects of ICFR