Presentation is loading. Please wait.

Presentation is loading. Please wait.

BA 427 – Assurance and Attestation Services Lecture 7 Reporting on Internal Controls.

Published byLogan May Modified over 8 years ago

Similar presentations

Presentation on theme: "BA 427 – Assurance and Attestation Services Lecture 7 Reporting on Internal Controls."— Presentation transcript:

1 BA 427 – Assurance and Attestation Services Lecture 7 Reporting on Internal Controls

2  1978: The Cohen Commission recommended that auditors expand their consideration of internal controls in connection with a financial statement audit.

3  The Treadway Report, 1987 Formally: The Report of the National Commission on Fraudulent Financial Reporting. Recommended a management report that includes management’s opinion on the effectiveness of the company’s internal controls. Reporting on Internal Controls

4  The Treadway Report, 1987 Recommended that the auditor’s standard report should describe the extent to which the auditors have reviewed and evaluated the system of internal accounting control. Recommended that the ASB should provide explicit guidance to address the situation where the auditors disagree with management’s assessment of internal control. Reporting on Internal Controls

5  The Treadway Report, 1987 Did not recommend increasing the extent to which the auditors must review and evaluate internal accounting controls. Reporting on Internal Controls

6  1988: The Auditing Standards Board issued SAS No. 55, which required auditors to obtain, on every audit, a sufficient understanding of a company’s internal control structure to assist in planning the audit. Reporting on Internal Controls

7  1988: The SEC issued proposed rules that would have required management to report annually on its responsibilities for internal controls.  These rules would not have required the auditors to attest to management’s report. Reporting on Internal Controls

8 Section 36(b)(2) Annual reporting requirements (b) Management report. Each … institution shall prepare … a report signed by the chief executive officer and the chief accounting or financial officer … which contains: (A) A statement of the management’s responsibilities for … establishing and maintaining an adequate internal control structure and procedures for financial reporting … F.D.I.C.I.A. (1991)

9 Section 36(b)(2) Annual reporting requirements (b) Management report. Each … institution shall prepare … a report signed by the chief executive officer and the chief accounting or financial officer … which contains: (B) An assessment, as of the end of the institution’s most recent fiscal year, of … the effectiveness of such internal control structure and procedures …. F.D.I.C.I.A. (1991)

10 Section 36(c) Annual reporting requirements In general: with respect to any internal control report required by subsection (b)(2) of any institution, the institution’s independent public accountant shall attest to, and report separately on, the assertions of the institution’s management contained in such report. F.D.I.C.I.A. (1991)

11  1992: Due to negative feedback on its proposal, the SEC withdrew its proposed rules on management’s report on internal controls. Reporting on Internal Controls

12  1992: The Committee of Sponsoring Organizations (COSO) issues its report Internal Controls – Integrated Framework.  The report provides guidance on, among other internal control topics, management’s assessment of, and reporting on, internal controls.  Recent survey data suggests that prior to Sarbanes-Oxley, about one-third of companies did not use the 1992 COSO framework. Reporting on Internal Controls

13  1993: The Auditing Standards Board issued Statement on Standards for Attestation Engagements (SSAE) No. 2, Reporting on an Entity’s Internal Control over Financial Reporting.  SSAE No. 2 provided guidance for performing and reporting on engagements to attest to management’s report on internal control.  SSAE No. 2 was amended in 1995 by SSAE No. 6. Reporting on Internal Controls

14  1995: The Auditing Standards Board issued SAS 78, which recognized COSO’s definition and description of internal control, including the five components: Control environment Risk assessment Control activities Information and communication Monitoring Reporting on Internal Controls

15  1995: Baring Investment Bank fails due to trading losses incurred on its behalf by Nick Leeson.  Internal control weaknesses allowed Leeson to hide trading losses for a critical period of time, allowing Leeson to incur additional losses that bankrupt the firm. Reporting on Internal Controls

16 GAO: The Accounting Profession – Major Issues: Progress and Concerns (1996) “the actions of the accounting profession have not been totally effective in resolving several major issues. Issues remain about auditor independence, auditor responsibility for detecting fraud and reporting on internal controls, public participation in standard setting, the timeliness and relevancy of accounting standards, and maintaining the independence of FASB. Reporting on Internal Controls

17  1987: The Treadway Report indicated that 45% of cases brought by the SEC against public companies between 1981 and 1986 alleged fraud because of breakdown in internal controls.  1998: KPMG survey finds that internal control weaknesses are a contributing cause in 60% of frauds perpetuated against companies. Reporting on Internal Controls

18  Sarbanes-Oxley Act of 2002 Title IV – Enhanced Financial Disclosures  Section 404: Management Assessment of Internal Controls Reporting on Internal Controls

19  (a) The [SEC] shall prescribe rules requiring each annual report … to contain an internal control report, which shall: (1) state the responsibility of management for establishing and maintaining an adequate internal control structure and procedures for financial reporting Sarbanes-Oxley, Section 404

20  (a) The [SEC] shall prescribe rules requiring each annual report … to contain an internal control report, which shall: (2) contain an assessment as of the end of the most recent fiscal year of the issuer, of the effectiveness of the internal control structure and procedures of the issuer for financial reporting. Sarbanes-Oxley, Section 404

21  (b) With respect to the internal control assessment required by subsection (a), each registered public accounting firm that prepares or issues the audit report for the issuer shall attest to, and report on, the assessment made by the management of the issuer. An attestation made under this subsection shall be made in accordance with standards for attestation engagements issued or adopted by the Board. Any such attestation shall not be the subject of a separate engagement. Sarbanes-Oxley, Section 404

22  SEC and PCAOB Rules The SEC oversees the PCAOB. The SEC issues rules directly. The PCAOB issues rules, including auditing standards. Hence, the rules that auditors and public companies must follow with respect to internal controls reporting come from both the SEC and the PCAOB. Reporting on Internal Controls

23  SEC and PCAOB Rules The most important standard issued by the PCAOB so far is Auditing Standard #2: An Audit of Internal Control over Financial Reporting Performed in Conjunction with an Audit of Financial Statements. Reporting on Internal Controls

24  SEC and PCAOB Rules These rules became effective for large public companies (called “accelerated filers”; with market value more than $75 million) for years ending on or after Nov. 15, 2004. The effective date for non-accelerated filers continues to be postponed. Reporting on Internal Controls

25  PCAOB Auditing Standard #2 Three levels of evaluating the absence of internal controls for any given audit objective:  Control deficiency  Significant deficiency  Material Weakness Reporting on Internal Controls

26  PCAOB Auditing Standard #2 Control Deficiency  Exists if the design or operation of a control does not allow management or employees, in the normal course of performing their assigned functions, to prevent or detect misstatements on a timely basis. Reporting on Internal Controls

27  PCAOB Auditing Standard #2 Significant Deficiency  A control deficiency, or combination of control deficiencies, that adversely affects the company’s ability to initiate, author- ize, record, process, or report external financial data reliably in accordance with GAAP, such that there is more than a remote likelihood that a misstatement that is more than inconsequential will not be prevented or detected. Reporting on Internal Controls

28  PCAOB Auditing Standard #2 Significant Deficiency  The term remote likelihood is defined as in SFAS No. 5: Remote: The chance of the future event occurring is slight. Reporting on Internal Controls

29  PCAOB Auditing Standard #2  A misstatement is inconsequential if a reasonable person would conclude, after considering the possibility of further undetected misstatements, that the misstatement, either individually or when aggregated with other misstatements, would clearly be immaterial to the financial statements. Reporting on Internal Controls

30  PCAOB Auditing Standard #2 Material Weakness:  A significant deficiency, by itself, or in combination with other significant deficiencies, results in a more than remote likelihood that a material misstatement of the financial statements will not be prevented or detected. Reporting on Internal Controls

31  PCAOB Auditing Standard #2 Examples of “strong indicators” that a material weakness exists:  Restatement of previously issued financial statements to correct a misstatement.  Identification by the auditor of a material misstatement in the current period F/S that was not detected by the company.  Identification of fraud of any magnitude on the part of senior management. Reporting on Internal Controls

32  SEC and PCAOB Rules Management’s report must  Identify the framework used to evaluate the effectiveness of internal controls.  Report management’s assessment of the design of internal controls over financial reporting.  Report management’s assessment of the operating effectiveness of those controls, as of the fiscal year-end, based on the results of tests. Reporting on Internal Controls

33  SEC and PCAOB Rules The Design of Internal Control  Management evaluates whether controls are designed to prevent and detect material misstatements in the financial statements.  The focus is on controls over all relevant assertions related to all significant accounts and disclosures in the financial statements. Reporting on Internal Controls

34  SEC and PCAOB Rules The Design of Internal Control  Management evaluates information about how significant transactions are initiated, authorized, recorded, processed, and reported, to identify how errors and fraud could occur.  Management must determine whether existing controls will be effective if they operate as designed, and whether all necessary controls are in place. Reporting on Internal Controls

35  SEC and PCAOB Rules Operating Effectiveness of Controls  Management must test the operating effectiveness of controls, to determine whether controls operate as designed.  These tests must be documented, and form the basis for management’s assertions.  Management must disclose any material weaknesses in internal control. Reporting on Internal Controls

36  SEC and PCAOB Rules Operating Effectiveness of Controls  A material weakness at fiscal year-end precludes the conclusion that controls are effective.  In other words, material weaknesses cannot be corrected after the fact, to generate a clean opinion. Reporting on Internal Controls

37  SEC and PCAOB Rules Operating Effectiveness of Controls  Management’s tests include Inquiries of personnel Inspection of documentation Observation of company operations Re-performance of the application of controls  Tests must be performed over a period of time, not only at year-end. Reporting on Internal Controls

38 Sample Management Report on Internal Controls The management of Dutch Brothers Corporation is responsible for establishing and maintaining adequate internal control over financial reporting. The Company’s internal control system was designed to provide reasonable assurance to the Company’s management and board of directors regarding the preparation and fair presentation of published financial statements.

39 Sample Management Report on Internal Controls, cont. Dutch Brothers management assessed the effectiveness of the company’s internal control over financial reporting as of December 31, 2006. In making this assessment, it used the criteria set forth by COSO in its report Internal Control – Integrated Framework. Based on our assessment, we believe that, as of December 31, 2006, the company’s internal control over financial reporting is effective based on those criteria.

40 Sample Management Report on Internal Controls, cont. Dutch Brothers’ independent auditors have issued an audit report on our assessment of the company’s internal control over financial reporting. This report appears on the following page. January 31, 2007 Jim Reed, CEO Kristina Frankenburger, CFO

41  PCAOB Auditing Standard #2 An Audit of Internal Control over Financial Reporting Performed in Conjunction with an Audit of Financial Statements. The auditor’s objective is to express an opinion on management’s assessment of the effectiveness of the company’s internal control over financial reporting. Reporting on Internal Controls

42  PCAOB Auditing Standard #2 The auditor’s report on internal controls includes two opinions: an opinion on  whether management’s assessment of the effectiveness of internal controls over financial reporting as of the end of the fiscal period is fairly stated, in all material respects;  whether the company maintained, in all material respects, effective internal control over financial reporting as of the specified date. Reporting on Internal Controls

43  PCAOB Auditing Standard #2 To issue a clean opinion on internal controls, two conditions must be met:  No material weaknesses were identified A material weakness results in an adverse opinion.  There were no restrictions on the auditor’s scope A scope restriction results in a qualified opinion or a disclaimer of opinion. Reporting on Internal Controls

44  PCAOB Auditing Standard #2 Significant deficiencies and material weaknesses must be communicated to the company’s Audit Committee. Lesser internal control weaknesses are communicated in a separate letter, called a Management Letter, or a Letter of Recommendations. Management Letters were generally issued prior to SOX, and are still used for nonpublic companies. Reporting on Internal Controls

Download ppt "BA 427 – Assurance and Attestation Services Lecture 7 Reporting on Internal Controls."

Similar presentations

AICPA SAS 112: Case studies and Intermediate Reporting Issues Presented by Frank Crawford, CPA Crawford & Associates, P.C.

AICPA SAS 112: Case studies and Intermediate Reporting Issues Presented by Frank Crawford, CPA Crawford & Associates, P.C.
Additional Assurance Services: Other Information

Additional Assurance Services: Other Information
G L O B A L S E R V I C E / I N D U S T R Y A U D I T / T A X / A D V I S O R Y / L I N E O F B U S I N E S S SAS 112 Presentation California State University.

G L O B A L S E R V I C E / I N D U S T R Y A U D I T / T A X / A D V I S O R Y / L I N E O F B U S I N E S S SAS 112 Presentation California State University.
Internal Control Chapter 7 covers two distinct, but related topics:

Internal Control Chapter 7 covers two distinct, but related topics:
Sarbanes-Oxley Act. 2 What Is It? Act passed by Congress in response to the recent and continuing corporate scandals. Signed into law July 30, 2002. Established.

Sarbanes-Oxley Act. 2 What Is It? Act passed by Congress in response to the recent and continuing corporate scandals. Signed into law July 30, Established.
BA 427 – Assurance and Attestation Services Lecture 18 The Types of Services Offered by Public Accounting Firms.

BA 427 – Assurance and Attestation Services Lecture 18 The Types of Services Offered by Public Accounting Firms.
1 Sarbanes-Oxley Section 404 June 29, 2005. 2  SOX 404 Background 3  SOX 404 Goals 4  SOX 404 Requirements 5  SOX 404 Assertions 6  SOX 404 Compliance.

1 Sarbanes-Oxley Section 404 June 29,  SOX 404 Background 3  SOX 404 Goals 4  SOX 404 Requirements 5  SOX 404 Assertions 6  SOX 404 Compliance.
SOX and IT Audit Programs John R. Robles Thursday, May 31, 2007 Tel: 787-647-396.

SOX and IT Audit Programs John R. Robles Thursday, May 31, Tel:
Internal Controls over Financial Reporting

Internal Controls over Financial Reporting
Current Developments at the PCAOB Ensuring Integrity: 3 rd Annual Auditing Conference at Baruch College December 4, 2008.

Current Developments at the PCAOB Ensuring Integrity: 3 rd Annual Auditing Conference at Baruch College December 4, 2008.
Review of Introduction to Auditing

Review of Introduction to Auditing
Chapter 2 Professional Standards “All my growth and development led me to believe that if you really do the right thing, and if you play by the rules,

Chapter 2 Professional Standards “All my growth and development led me to believe that if you really do the right thing, and if you play by the rules,
Chapter 5 Risk Assessment: Internal Control Evaluation

Chapter 5 Risk Assessment: Internal Control Evaluation
Filmmaker Krisztof Kieslowski

Filmmaker Krisztof Kieslowski
Internal Control. COSO’s Framework Committee of Sponsoring Organizations 1992 issued a white paper on internal control Since this time, this framework.

Internal Control. COSO’s Framework Committee of Sponsoring Organizations 1992 issued a white paper on internal control Since this time, this framework.
Auditing A Risk-Based Approach To Conducting A Quality Audit

Auditing A Risk-Based Approach To Conducting A Quality Audit
18- 1 © 2006 The McGraw-Hill Companies, Inc., All Rights Reserved. Chapter 18 Integrated Audits of Internal Control (For Public Companies Under Sarbanes-Oxley.

18- 1 © 2006 The McGraw-Hill Companies, Inc., All Rights Reserved. Chapter 18 Integrated Audits of Internal Control (For Public Companies Under Sarbanes-Oxley.
Internal Control in a Financial Statement Audit

Internal Control in a Financial Statement Audit
CHAPTER 2 FINANCIAL STATEMENT AUDITS AND AUDITORS’ RESPONSIBILITIES Fall 2007 u G enerally Accepted Auditing Standards u Assurance Provided by an Audit.

CHAPTER 2 FINANCIAL STATEMENT AUDITS AND AUDITORS’ RESPONSIBILITIES Fall 2007 u G enerally Accepted Auditing Standards u Assurance Provided by an Audit.
Section 404 Audits of Internal Control and Control Risk

Section 404 Audits of Internal Control and Control Risk

Similar presentations

Ads by Google