Presentation is loading. Please wait.

Presentation is loading. Please wait.

Sept. 16, 2004 John White, PhD, CPA 1 Sarbanes-Oxley Act from an Accounting Point of View Or “Is There Anything About SOX That I Have Not Heard Before?”

Published byAlyssa Faley Modified over 9 years ago

Similar presentations

Presentation on theme: "Sept. 16, 2004 John White, PhD, CPA 1 Sarbanes-Oxley Act from an Accounting Point of View Or “Is There Anything About SOX That I Have Not Heard Before?”"— Presentation transcript:

1 Sept. 16, 2004 John White, PhD, CPA 1 Sarbanes-Oxley Act from an Accounting Point of View Or “Is There Anything About SOX That I Have Not Heard Before?”

2 Sept. 16, 2004John White, PhD, CPA2 Objectives Discuss how SOX has generally affected the CPA profession (the outside auditors) Discuss the CPA’s use of internal control information in the audit of financial statements, both past and present (SOX) Discuss the CPA’s new interest in IT auditing and the internal and IT auditor’s new interest in the CPA’s FS audit

3 Sept. 16, 2004John White, PhD, CPA3 Quick Review of SOX Became law in 2002, fully effective in ‘04 Seeks to protect investors by improving the accuracy and reliability of corporate disclosures (financial statements or FS) made pursuant to the securities laws Requires most public companies and their external auditors to report on the effectiveness of internal control (IC) over financial reporting including FS

4 Sept. 16, 2004John White, PhD, CPA4 Quick Review of SOX (cont.) The mgmt report on IC will clearly state that mgmt is responsible for and has established and understands IC Thus, mgmt in the c-suite (or below) cannot say “I didn’t know” or “I didn’t understand” Mgmt must state that “We designed IC and IC is operating and IC is effective” Mgmt must also report quarterly and annually any changes in IC over FS

5 Sept. 16, 2004John White, PhD, CPA5 Quick Review of SOX (cont.) Outside auditors must audit mgmt’s assessment of IC and the assessment process, and give an opinion as to whether mgmt’s assessment is correct or incorrect Outside auditors must also assess and give an opinion on IC effectiveness, i.e., CPAs must audit IC in addition to the FS Mgmt must give its outside auditors documentation of its processes, evidence of functioning IC over the processes, and documented results of testing procedures

6 Sept. 16, 2004John White, PhD, CPA6 Quick Review of SOX (cont.) SOX established the Public Company Accounting Oversight Board (PCAOB) Outside auditors (CPAs) will also be subject to an “audit” by PCAOB of their internal procedures, processes, quality controls, and general adherence to auditing standards in conducting outside audits of IC and FS of public companies

7 Sept. 16, 2004John White, PhD, CPA7 PCAOB Duties Register CPA firms that prepare audit reports Establish auditing, quality control, ethics, independence, & other standards relating to the preparation of audit reports (This is a big change for CPAs!) conduct inspections of adherence to auditing standards of registered CPAs in accordance with PCAOB rules

8 Sept. 16, 2004John White, PhD, CPA8 PCAOB Duties (cont.) Conduct investigations and disciplinary proceeding of CPA firms & CPAs Perform other duties

9 Sept. 16, 2004John White, PhD, CPA9 Big Changes for CPAs CPAs are “licensed” by each state, but…. CPAs are “governed” by the American Institute of Certified Public Accountants (AICPA) The AICPA has set auditing, attestation, and ethics standards for CPAs in the past, i.e., the CPA profession has been self- governed as to auditing standards

10 Sept. 16, 2004John White, PhD, CPA10 Big Changes for CPAs Auditing standards used by CPAs were promulgated by the AICPA The AICPA issued 10 generally accepted auditing standards (GAAS) Two examples of GAAS An understanding of IC should be obtained to plan the audit and determine testing of IC Sufficient competent evidence should be obtained to support the audit opinion

11 Sept. 16, 2004John White, PhD, CPA11 Big Changes for CPAs AICPA has also issued over 100 more specific and detailed Statements on Auditing Standards or SAS Several SASs pertain to the understanding of IC needed by the CPA for the audit of FS – SAS 55, 78, & 94 PCAOB has adopted all SASs as their standards until replaced by new AS

12 Sept. 16, 2004John White, PhD, CPA12 Big Changes for CPAs Prior to SOX, CPAs had to understand IC, but not audit nor give an opinion on IC itself, only an opinion on FS Since the audit opinion did not cover IC, CPA could collect evidence about FS $ amounts using methods that did not require strong IC, i.e., substantive testing This “model” is gone with the wind Must audit IC which means audit IT IC

13 Sept. 16, 2004John White, PhD, CPA13 Big Changes for CPAs PCAOB has issued AS #2 – Auditing IC over Financial Reporting as of 3/9/04 CPAs will have to become more knowledgeable and competent concerning IT controls and IT auditing Auditing “around” the computer is dead Continuous auditing will grow, e.g. Embedded audit modules Snapshots Integrated test facilities

14 Sept. 16, 2004John White, PhD, CPA14 How Does the CPA Audit FS? Understand the business & its processes & its information system Start with the financial cycles of the business Revenue cycle, expenditure cycle, conversion cycle What are the significant and material accounts in the FS (all of them?) and which financial cycles produce them and what process do they go through in each cycle in the sequence of recognition, authorization, recording, summarizing, and reporting?

15 Sept. 16, 2004John White, PhD, CPA15 The CPA Audit of FS (cont.) Understand mgmt’s assertions about FS Existence or occurrence – do assets exist and did revenues actually occur (World Com ?) Completeness – have all liabilities and expenses have been reported (Enron ?) Valuation or allocation - $ amount is correct? Rights and obligations – assets & liabilities Presentation and disclosure – format and classifications of BS and IS and content of notes

16 Sept. 16, 2004John White, PhD, CPA16 The Balance Sheet Cash Other Assets  LIABILITIES  Accts Payable  Accrued Expense  Notes Payable  Bonds Payable  OWNERS EQUITY  Common Stock  Retained Earnings  Other Comp. I/L = Accounts Receivable Inventory Long-term Assets Less: Accum Depr ASSETSLIABILITIES & EQUITY

17 Sept. 16, 2004John White, PhD, CPA17 The Income Statement

18 Sept. 16, 2004John White, PhD, CPA18 The CPA Audit of FS (cont.) Determine any threats to mgmt’s assertions about its FS Determine if IC are in place to mitigate the threats and risks concerning mgmt’s assertions about FS Design of controls Operation of controls Effectiveness of controls via testing

19 Sept. 16, 2004John White, PhD, CPA19 The CPA Audit of FS (cont.) Plan the audit based on the strength or weakness of controls and the assessed level of control risk If strong IC, less substantive testing and evidence If weak IC, more substantive testing and evidence Before SOX, could ignore IC, assess IC risk at max, and perform more substantive testing to reach conclusion

20 Sept. 16, 2004John White, PhD, CPA20 Internal Controls IC is part of management’s planning & control function Internal control (IC) of what? Business processes & procedures The system of IC is itself a business process SOX only addresses IC over Financial Reporting and FS Both manual controls and IT controls are included in the scope

21 Sept. 16, 2004John White, PhD, CPA21 Internal Controls Who defines IC and its processes? The committee of Sponsoring Organizations of the Treadway Commission, aka COSO COSO has issued a report in 1992 defining and discussing the objectives and components of IC COSO’s framework of IC has been blessed by PCAOB AS #2 as one that can be used by companies and CPAs in their SOX compliance; others can be used instead

22 Sept. 16, 2004John White, PhD, CPA22 COSO Who are the sponsoring organizations? AICPA, IIA, FEI, IMA, AAA COSO was formed to reach agreement on a definition of IC COSO has recently updated and expanded its original framework Not widely reported nor discussed, but it is COSO nevertheless and the auditor may want to use it in the audit of IC

23 Sept. 16, 2004John White, PhD, CPA23 COSO IC Framework in 3-D

24 Sept. 16, 2004John White, PhD, CPA24 COSO Control Activities Component Computer Controls General controls Application controls Physical controls – all systems incl. IT Transaction authorization Segregation of duties Supervision Accounting records Access control Independent verification

25 Sept. 16, 2004John White, PhD, CPA25 COSO Information & Communication The AIS consists of the records and methods used to initiate, identify, analyze, classify, and record the transactions and to account for the related assets and liabilities The quality of information generated by the AIS impacts management’s ability to take actions and make decisions and to prepare accurate and reliable financial statements

26 Sept. 16, 2004John White, PhD, CPA26 COSO Information & Communication An effective AIS will Identify and record all financial transactions Provide timely information in sufficient detail to permit classification and financial reporting Accurately measure the financial value of transactions so their effects can be recorded in the financial statements in the proper $ amount Accurately record transactions in the time period in which they occurred

27 Sept. 16, 2004John White, PhD, CPA27 COSO Information & Communication The auditor must have sufficient knowledge of the AIS to understand: The classes of transactions that are material to the FS and how they are initiated The accounting records and accounts used in processing transactions Transaction processing steps involved from initiation of a transaction to its inclusion in the financial statements The financial reporting process used to prepare financial statements, disclosures, and accounting estimates

28 Sept. 16, 2004John White, PhD, CPA28 COSO Risk Mgmt Framework

29 Sept. 16, 2004John White, PhD, CPA29 SOX, COSO, and CobiT SOX requires assessment of IC SOX suggest COSO as an IC framework to use in assessing IC COSO does not specify specific IT control objectives or procedures CobiT can (should? must?) be combined with COSO to forge a complete IC framework that includes IT control activities

30 Sept. 16, 2004John White, PhD, CPA30 PCAOB Audit Standard #2 185 pages Defines an IC deficiency, significant deficiency, and material weakness IC cannot be effective if a material weakness exists Inadequate documentation by management is a deficiency in IC over FS Documentation includes design and planned operation Also includes mgmt’s process to evaluate IC

31 Sept. 16, 2004John White, PhD, CPA31 PCAOB Audit Standard #2 (cont.) IT general controls mentioned Program development Program change controls Computer operation controls Access security of programs and data

32 Sept. 16, 2004John White, PhD, CPA32 PCAOB Audit Standard #2 (cont.) Using the work of others: internal auditors, IT auditors, and others CPA must evaluate the competence and objectivity of IA or ITA Competence factors Education & experience Professional certification & continuing education Supervision & review of their activities Quality of the documentation of their work Performance evaluations

33 Sept. 16, 2004John White, PhD, CPA33 PCAOB Audit Standard #2 (cont.) Objectivity factors Who they report to Policies/procedures relating to objectivity and conflict of interest of IA/ITA CPA must test the work (tests) of IA/ITA to evaluate their quality & effectiveness CPA must product the majority of IC evidence himself by independent (of IA) testing

34 Sept. 16, 2004John White, PhD, CPA34 PCAOB AS #2 and CobiT

35 Sept. 16, 2004John White, PhD, CPA35 Any Conclusions ?? The worlds of IA and CPA have collided The CPA must increase knowledge and skills in IT auditing, with all that entails IA must spend more time documenting their systems because of the control deficiency definition IA must increase knowledge and skills in accounting, financial reporting, and mgmt’s FS assertions

Download ppt "Sept. 16, 2004 John White, PhD, CPA 1 Sarbanes-Oxley Act from an Accounting Point of View Or “Is There Anything About SOX That I Have Not Heard Before?”"

Similar presentations

Chapter 10 Accounting Information Systems and Internal Controls

Chapter 10 Accounting Information Systems and Internal Controls
Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1.

Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1.
Control and Accounting Information Systems

Control and Accounting Information Systems
Auditing Concepts.

Auditing Concepts.
CHAPTER 1 AUDITING AND THE PUBLIC ACCOUNTING PROFESSION Fall 2007 u What is auditing? u Types of Audits u Independent Auditor Relationships u Services.

CHAPTER 1 AUDITING AND THE PUBLIC ACCOUNTING PROFESSION Fall 2007 u What is auditing? u Types of Audits u Independent Auditor Relationships u Services.
©2010 Prentice Hall Business Publishing, Auditing 13/e, Arens/Elder/Beasley 2 - 1 The CPA Profession Chapter 2.

©2010 Prentice Hall Business Publishing, Auditing 13/e, Arens/Elder/Beasley The CPA Profession Chapter 2.
Chapter 1: Auditing, Assurance, and Internal Control

Chapter 1: Auditing, Assurance, and Internal Control
1 Sarbanes-Oxley Section 404 June 29, 2005. 2  SOX 404 Background 3  SOX 404 Goals 4  SOX 404 Requirements 5  SOX 404 Assertions 6  SOX 404 Compliance.

1 Sarbanes-Oxley Section 404 June 29,  SOX 404 Background 3  SOX 404 Goals 4  SOX 404 Requirements 5  SOX 404 Assertions 6  SOX 404 Compliance.
New Audit Risk Standards Are You Ready? John P. Langan, CPA Principal in Charge Public Service Group Metro, DC Office LarsonAllen LLP.

New Audit Risk Standards Are You Ready? John P. Langan, CPA Principal in Charge Public Service Group Metro, DC Office LarsonAllen LLP.
Audit Planning and Analytical Procedures Chapter 8.

Audit Planning and Analytical Procedures Chapter 8.
Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1.

Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1.
Intro & Chapter 2-1 Bob Anderson, UCSB CHAPTER 2-1 PROFESSIONAL STANDARDS: CHAPTER 2 WELCOME TO ECON 132- AUDIT.

Intro & Chapter 2-1 Bob Anderson, UCSB CHAPTER 2-1 PROFESSIONAL STANDARDS: CHAPTER 2 WELCOME TO ECON 132- AUDIT.
Assurance and Attestation Services BA 427 Winter 2007 Substantive Procedures Glenn Lovett, Shareholder.

Assurance and Attestation Services BA 427 Winter 2007 Substantive Procedures Glenn Lovett, Shareholder.
Chapter 2 Professional Standards “All my growth and development led me to believe that if you really do the right thing, and if you play by the rules,

Chapter 2 Professional Standards “All my growth and development led me to believe that if you really do the right thing, and if you play by the rules,
CHAPTER 9 UNDERSTANDING INTERNAL CONTROLS Winter 2004

CHAPTER 9 UNDERSTANDING INTERNAL CONTROLS Winter 2004
Internal Control Pertemuan 05 s.d 06 Matakuliah: F0712 / Lab Sistem Informasi Akuntansi Tahun: 2007.

Internal Control Pertemuan 05 s.d 06 Matakuliah: F0712 / Lab Sistem Informasi Akuntansi Tahun: 2007.
Introduction to Financial Statements and Other Financial Reporting Topics COPYRIGHT ©2007 Thomson South-Western, a part of the Thomson Corporation. Thomson,

Introduction to Financial Statements and Other Financial Reporting Topics COPYRIGHT ©2007 Thomson South-Western, a part of the Thomson Corporation. Thomson,
Filmmaker Krisztof Kieslowski

Filmmaker Krisztof Kieslowski
Internal Control. COSO’s Framework Committee of Sponsoring Organizations 1992 issued a white paper on internal control Since this time, this framework.

Internal Control. COSO’s Framework Committee of Sponsoring Organizations 1992 issued a white paper on internal control Since this time, this framework.
Auditing A Risk-Based Approach To Conducting A Quality Audit

Auditing A Risk-Based Approach To Conducting A Quality Audit

Similar presentations

Ads by Google