(The news featured
below is a selection from the news covered in Federal Securities Law Reporter,
which is distributed to subscribers of Federal
Securities Law Reporter.)
PCAOB Issues Policy Statement on the Implementation of Auditing Standard No.
2
The Public Company Accounting Oversight Board has issued a
policy statement on the implementation of Auditing Standard No. 2 to clarify
concerns that have been raised about the costs and implementation of the
standard. At the same time, the PCAOB published a series of additional questions
and answers related to the standard that address misimpressions about the manner
in which the standard must be applied. The policy statement, which was
unanimously approved by the five board members, notes that a failure to apply
the concepts of the policy may reflect poor audit planning and result in
unnecessary costs.
The policy statement outlines the board's view that the
proper planning and performance of an effective audit under the standard
requires an integration of the audits of internal control with the audits of the
client's financial statements. The evidence obtained and the tests conducted in
either audit will contribute to the completion of both audits. Second, the board
emphasized the importance of exercising judgment to plan an audit that fits the
client rather than using a checklist that may not sufficiently address high risk
areas.
The board advised auditors to use a top-down approach to
the audit that begins with company-level controls to identify accounts and
processes that are relevant to internal controls over financial reporting.
Auditors should apply risk assessment measures to focus on areas more likely to
result in material misstatements. The board reminds auditors that the standard
provides significant flexibility to rely on the work of others. The policy
statement also makes clear that auditors may and should communicate with their
clients on accounting and internal control issues before their clients make a
decision, implement their internal control processes or finalize their financial
reports.
The board acknowledges that the costs of implementing
Section 404 have been too high and must be reduced in future years. Some of the
costs are attributable to first-year startup costs, but the board is also
concerned that auditors are not taking advantage of the standard's flexibility
that could reduce costs without sacrificing quality.
Integrated Audits
The policy statement explains that an integrated audit
combines the audit of internal control over financial reporting with the audit
of the financial statements to achieve the objectives of both audits with a
single coordinated process. The examination of internal control is validated by
the findings in the audit of the financial statements. In addition, the findings
and conclusions reached during the audit of internal control help to plan and
conduct the procedures for determining whether the financial statements are
fairly presented. The integrated audit is more cost-effective than performing
two separate audits, according to the board. The failure to integrate the audits
wastes resources and jeopardizes the quality of the overall audit by potentially
leading to the failure to detect key issues that could implicate an accounting
or reporting problem, in the board's view.
Professional Judgment
The board is disappointed by reports of auditors that have
applied a checklist rather than tailoring an audit plan to their client in the
first year of Section 404 and audit standard implementation. One-size-fits-all
audit plans do not address the unique issues and risks of a particular client's
financial reporting processes, the board advised. In addition, standardized
checklists may lead auditors to focus on controls in low-risk areas rather than
on areas that pose higher risks of misstatement.
Top-Down Approach
The top-down approach focuses the auditor on the
company-level controls and significant accounts, which then lead to significant
processes and, finally, individual controls at the process, transaction or
application levels. This approach also provides a roadmap through the internal
control system, the board explained, to ensure that the individual controls that
are selected for testing are relevant to internal controls over financial
reporting. A risk-based approach to the testing strategy can also reduce costs
and increase audit effectiveness, according to the board. An auditor may not
rely solely on testing company-level controls, but strong company level controls
would enable the auditor to do less work and to rely to a greater extent on the
work of others.
Using the Work of Others
Using the work of others is not only appropriate, but is
also the most efficient way to perform an audit, the board advised. To redo
another's work may unnecessarily increase costs without providing an increase in
audit quality. The board is concerned that auditors are not using the
flexibility provided by the audit standard because of the standard's requirement
that the external auditor must obtain the principal evidence to support the
opinion on the effectiveness of internal control. The policy statement makes
clear that these provisions are not in conflict and that the principal evidence
provision requires the auditor to perform sufficient auditing to reach his or
her own independent opinion. The auditor should perform more work in high risk
areas and rely on the use of others in lower risk areas. The board believes that
by following the risk-based principles regarding the use of the work of others,
auditors will obtain the principal evidence needed to support their opinions.
Advice to Audit Clients
The board advised that auditors' unwillingness to provide
accounting advice to their audit clients or to encourage their clients to finish
their assessments of internal control and their financial statements before the
auditor begins audit work, is neither necessary nor advisable. The board said
that auditors must use professional judgment and common sense when providing
advice. Where management makes its own decisions on the accounting principles to
apply, the auditor may discuss the meaning and significance of those principles.
The board added that audit clients may share draft
financial statements with their auditors. This form of information sharing is
needed, in the board's view. The auditor should be concerned in instances where
a company has completed its financial statements without recognizing a potential
material misstatement, according to the board.
Auditors also may provide technical advice on the proper
application of GAAP, including suggestions for improving the disclosure and
financial statement quality of their audit clients. Management may also discuss
preliminary drafts of accounting research memos, spreadsheets and other working
papers to obtain the auditor's views on the assumptions and methods selected by
management. The board suggested timely and open oral communications on these
matters.
Management may also seek the auditor's assistance in
determining the proper accounting for a transaction. The auditor can explain how
the accounting principles apply to the transaction and review management's
preliminary conclusions, according to the board.
Board Approach
The PCAOB intends to use the upcoming inspections to
evaluate how firms conducted the first round of audits under the audit standard.
The inspections should result in improvements in the effectiveness and
efficiency of audits of internal control by identifying poor planning and risk
assessment. The inspectors will also identify audits that have not applied the
approaches described by the policy statement and will ask auditors to justify
their decisions and how their audit plan met the objectives of the audit
standard. The staff will not require auditors to reduce their costs and will not
focus narrowly on technical compliance. The staff will not second-guess good
faith audit judgments, according to the board. However, if an audit does not
reflect the use of professional judgment to asses the risks of the audit client,
the staff will not hesitate to demand changes to the auditor's approach to
implementing the standard.
The policy statement will be published in a forthcoming
Report.
|