Audit II Final Exam
Qualitative factors
(Main) Qualitative factors (harder to apply but intuitive) F/S user perspective (what could affect their judgment) Changes earnings trend (does the misstatement flip earnings? i.e. from an earnings to a loss position) Affect management compensation (with adjustment, there wouldn't a bonus) Affect compliance with laws/regulations (i.e. adjustment affects a loan covenant) Management intent (why doesn't management want to adjust for something). We need to consider both quantitative and qualitative factors to determine if a misstatement is material
Why is viability so important?
A disruption of the availability of audited financial information could threaten the stability of the financial system as a whole Investor trust/perception would be further damaged (confidence in the audit) Fewer firms = less competition = higher fees and perhaps less concern about maintaining high audit quality Attractiveness of the profession would decline
Subcommittees of BOD
- Audit committee (oversees anything related to FR; lots of risks associated in this area) - Compensation (or remuneration) committee o Hire compensation consultant (get it for everyone, including management and AC) - Nomination committee (nominates other directors) o To get on board, need to be nominated - and then voted in by SH. How do you get nominated? If you know someone, usually. They do look for people with expertise, occasionally (i.e. for AC)
The auditor's engagement risk
- Audit risk (unknowingly certifying material misstated F/S), auditor's business risk (mgmt. fraud, lawsuits, reputation), client business risk (future decline in client performance) (if client goes bankrupt, they come after auditors because we have deeper pockets). - Audit risk and auditor's business risk overlap is important because it concerns fraud that we are responsible for recovering.
Reasons preventing small audit firm from emerging as the next Big 4
- Resources, technical ability, limited access to capital, name recognition, geographic limitations, lack of staffing
Limitations of using data analytics
1. Effective auditing still requires professional judgement (high number of false positives) 2. Big data evidence isn't always objective and verifiable 3. We don't currently have auditing standards to address the specifics of data analytics 4. Will regulators support such data? 5. Privacy concerns - how do we restrict the use of personal information
The four V's of big data (main description of big data)
1. Volume (a lot of data from people and machines) 2. Variety (many sources) 3. Velocity (really fast) 4. Veracity (truth - corroborate data) (risky component)
Major differences between audit regulation in the U.S. between 1980 and 2005 Causes of the changes
1980 AICPA members self-regulate individual audit firms Management is the client Microeconomic theory of the services firm (companies exist to make money; laissez-faire) Government answers firm alarms (this is a similarity) 2005 Independent PCAOB regulates audit firms (no cost/benefit test) (don't really know how to account for cost but they're independent compare to self-regulation) Independent audit committee as client Political economic theory of regulated firm (trying to make money but have political rules to regulate) (need rules to regulate businesses) Government answers fire alarms (whenever there's a big crisis, government responds with more regulation Causes (external shocks) of these changes: deregulation; corporate form, compensation change, abuse, corporate governance; information technology. Also, Enron and WorldCom shock led to re-regulation. - Between 1980 and 2005, was a 25-year process of deregulation and re-regulation. - Companies were growing but there was not much control over them, so audits provided accountability. As firms get bigger, more need for audits. Audit regulation has impaired audit quality because it has made audits inefficient because audit firms get worried about inspections. It's improved because internal decision making has increased.
Anchoring/anchoring heuristics; overconfidence; availability heuristics; confirmation bias; rush to solve
Anchoring/anchoring heuristics: anchor and adjust but not adjusting enough. Overconfidence: tendency for an auditor to overestimate his or her own ability to perform tasks or to make accurate assessments of risks or other judgments and decisions. Occurs when you have industry expertise or you are a specialist. Availability heuristics: using past (or what's available) in mind to make a (future or current) decision. Heuristics are rules of thumb that help us via shortcuts. Confirmation bias: relates to over-confidence. Once you have a position, you look for evidence to support only that opinion. Failure to look for disconfirming evidence aka putting more weight on information that is consistent with his or her initial beliefs. Rush to solve: deadlines rush us. Making a quick decision/early consensus based on one piece of information, which doesn't reflect everything. Groupthink is common with this bias
Are the PCAOB inspection reports a good measure of AQ? What do investors say? PCAOB inspection benefits
Are the PCAOB inspection reports a good measure of AQ? Argue that it's not because we would still issue the same opinion. What do investors say? More no than yes on if they find them informative PCAOB states that these aren't measures of audit quality. PCAOB inspection benefits Independent assessment (more than peer reviews) Enforcement authority Increased auditor accountability Improvements in audit quality and quality control
AICPA threats and safeguards to independence
AICPA threats and safeguards to independence 1. Self-review 2. Advocacy 3. Adverse interest 4. Familiarity 5. Undue influence (or intimidation) 6. Financial self-interest 7. Management participation 3 & 7 differ from IESBA Safeguards: (1) profession and regulators, (2) the client, and (3) the audit firm
AS 16
AS 16 PCAOB came up with a new standard, which adds on to AU380 - Significant, unusual transactions - Opinion on going concern (purpose: to provide early warning, if necessary) - Use of other audit firms (worried the AC isn't informed on this) - Work done on "other information" (usually just reading for consistency) - Encouraged two-way communication - PCAOB doesn't have authority over AC, SEC does. It was a way to indirectly improve effectiveness of AC - Get everyone to the right level of communication What does this sound like? What is the answer to this question? There is a high pass rate of PCAOB inspection of auditor compliance with AU380 and AS 16
DQ questions
Accounting estimates and fair values are essentially the same thing 1. An accounting estimate is an amount that cannot be measured precisely because (1) it is about subjective data and (2) relates to future outcomes. Problems for auditors: (1) no certainty (hard to get support for the future), (2) hard to know if management is biased in their calculation/assumptions/model, and (3) we usually aren't experts in area (management has more expertise) 2. Expected value is the most neutral value to select amongst a range of possible values. In practice, if MGMT's estimate is within our range, we usually choose MGMT's numbers. If their numbers are not within our range, we choose the value closest to management's numbers. 3. The PCAOB is considering a change to fair value auditing standards because (1) they had many inspection findings (consistently fair value ones), so they want to improve audit quality. (2) Pressure from PwC. (3) Trying to write something similar to IAASB. Reason for: need more guidance; reasons against: a new standard can't fix problem because it's hard to audit fair values (due to future aspect).
Accounting/auditing in corporate governance
Accounting/auditing in corporate governance Audited GAAP-based FS are primary (sole) comprehensive and comparable information source for CG (for AC to evaluate mgmt.) (limited evaluation) For completeness need more (financial performance measures/non-financial performance measures/risk assessments) what is this about? Aka need more what Audit committee is auditor's window for action, yet they don't do anything How did SOX change the auditor's governance role? - Always provided audited F/S to AC. Now, we provide the following information to AC: (a) internal control audits (this only applies to companies that need ICFR audits right, so for smaller companies, nothing changed, they just have to provide audited F/S to AC?), (b) increase auditor's role because we give them more information (what new information do we provide?), (c) AC hires auditors instead of management (hopefully to increase independence).
Why does the PCAOB care so much about advisory?
Advisory partners are awarded differently Outsider perception decreases, independence in appearance is weakened Scope creep - start doing work that isn't supposed to be done (aka outside of scope). Threat of moving higher performing individuals from audit to advisory
Agreed-upon procedures
Agree with client (or specified user) on procedures to perform on specific subject matter (no risk, just have to do what you're told) Conduct procedures Report outcome or findings of procedures - no conclusion, just findings get reported Report distribution is limited to those who agree to the procedures (audits go to all investors but these reports usually go to management only) Not assurance (no opinion), therefore independence isn't required The specified user agrees to take responsibility for the procedures and what to do with the information.
What are the components of audit committee's risk?
Audit committee's risk Audit risk (unknowingly accept materially misstated F/S) (this is the only area that auditors affect) Corporate misconduct risk (fraud by management or employees; illegal corporate acts, unethical acts, excess perks, excess risk, laziness, incompetence) Corporate business risk (future decline in corporate performance) (about performance) Which is about compliance, and which is both? A/C has the most risk out of everyone on BOD
Why aren't audits performed consistently across countries/what is being done
Audit engagements are not performed consistently across countries because of the differences between these countries. But (1) the IAASB is trying to get people to adopt their standards and IFIAR, regulators from different countries/committees trying to regulate audits in company, trying to share best practices on inspections. The problems that are preventing us from being consistent: (1) lack of ISA adoption/changes after adoption, and (2) inconsistent enforcement (UK inspection is less than US inspection).
Audit regulation process constants
Audit regulation process Constants: audit determination value (trustworthiness, measurement method relevance, and care in measurement process.); structure of audit firms/contract; expectations gap - Limitations for structure of audit firms/contracts: audit firms are either partnerships or LLPs, which means they have less resources and litigation could hit harder; however, we've grown so big that we have good enough resources. We are still hired by the client but by AC not MGMT (still constant because the company). - Expectations gap has been constant because every time something bad happens, people ask where the auditors were.
Auditor & AC relationship. Questions for auditor to ask AC and vice versa
Auditor & AC relationship Both are trying to ensure the other party is effective. Questions for auditor to ask AC (during the engagement) - Asking about operating risks might be more helpful than FR risk. - How much do you trust management? (This is tricky because management and AC might be friends) - What incentives does management have to commit fraud? - Her questions: (1) What is COSO? This is to see if they know anything about accounting/auditing aka to see if AC is informed. (2) Were there any whistleblowers this or last year, were problems addressed? Because the AC is supposed to fix these issues. (3) Biggest areas of risk? (4) How open are they to our calls. Questions for AC to ask the auditor (at the end of the engagement) - Her questions: any unadjusted errors and why didn't you adjust them? (i.e. anything material that management convinced you wasn't?)
Things keeping the auditor accountable
Auditor accountability - PCAOB inspection - Internal firm inspection - Peer reviews - SEC enforcement - Litigation - Internal quality control system (work paper reviews, tone at the top, annual reviews, etc.)
Auditor legal liability
Auditor legal liability Should be limited because it can protect collapse in market, and we already have many checks to ensure good quality. Shouldn't be limited because a good auditor shouldn't be worried.
Threats?
Auditor plays vital role in capital markets and little progress has been made to reduce concentration Extremely large claims exist - But only 4.8% of alleged claims are usually paid out - However, one large claim could be disastrous - Loss is not equivalent to audit fees Discourage best and brightest, judgment (results in defensive auditing) Insurance coverage (self-insure with partner money) Merit can never be known (merit of suit can never be known but firm reputation will always be hurt; jurors don't know how audits work)
Auditor's objective To obtain evidence that:
Auditor's objective To obtain evidence that: - All material estimates have been developed and recorded (completeness) - Those estimates are reasonable in relation to the F/S as a whole - Those estimates are presented in conformity with GAAP and properly disclosed (aka use professional judgment) - For FV measurements, whether valuation methods are appropriate and incorporate market participant assumptions. This includes looking at the balance and looking at how management got to the balance (tricky because it's a process)
Auditor/audit committee communications to educate/inform (AU380)
Auditor/audit committee communications to educate/inform (AU380) Things auditor has to tell audit committee - Accounting choices and disclosure adequacy o Acceptable accounting alternatives and auditor's preferred alternatives o Management's processes for estimates/auditor concerns - Any audit problems o Accounting disagreements with management - Audit differences - booked or not - Any illegal acts or fraud - Significant ICFR deficiencies - Any possible reasons to question auditor's independence
What are the principles, threats and safeguards for the code of ethics for accountants?
Code of ethics for accountants principles: integrity, objectivity (free of bias), professional competence and due care (have skills and brains), confidentiality, professional behavior (don't discredit the profession) Threats: self-interest (i.e. financial interest), self-review, advocacy (i.e. for the client), familiarity (i.e. know the client), intimidation (i.e. threaten to fire you) Safeguards: education, training, experience, internal and external monitoring, professional standards and membership
Steps to take before relying on a component auditor's work:
Ensure they are following ethical requirements, are competent, clarify roles, availability of information—how much information they're willing/able to provide you (in a timely manner), understanding their regulatory environment, and REVIEW THEIR WORK
Common inspection findings (PCAOB vs IFIAR)
Common inspection findings PCAOB Testing management estimates (including fair value measurements) Internal controls Assessing and responding to risks of material misstatement Methodologies are good but the execution is the problem IFIAR Fair value measurement Internal control testing Adequacy of disclosures
Common issues in auditing estimates
Common issues in auditing estimates Failing to obtain sufficient understanding of process, likely sources of misstatement, assumptions and methods used by management Failing to test completeness and accuracy of underlying data (and related controls) Failure to demonstrate evidence of professional skepticism in evaluation of management's estimates Failure to identify and evaluate contrary evidence Failure to test accuracy of calculations in spreadsheets or models Failure to test cash flow estimates
Complexities of the international group audit:
Complexities of the international group audit: - Decision to serve as the principal auditor; involvement of other audit firms (including affiliates); refer to other auditors or assume responsibility for their work?; evaluating the qualifications/ethics of other auditors; planning and coordinating with other auditors internationally; determining audit procedures to be performed by other auditors; determining materiality for components of the group; reporting by other auditors; review of component auditor's work; differing regulatory requirements; language and cultural differences
Define consultations, advisory services, implementation services, transaction services, staff support, and product services
Consultations: using existing personal knowledge to give advice Advisory services: develop findings, conclusions, and recommendations after gathering evidence Implementation services: put action plan into effect Transaction services: specific client transactions Staff support: do client's work (rent a CFO) Product services: develop and sell a product
quantitative factors
Benchmarks: but not exclusive reliance - Steps in an audit (what is this supposed to mean?) - This is usually 5% of NI or 5% of total assets. You take the smaller of the two. The amount you apply to an account would depend (you might divide it in half or something like that). You could further apply this amount to a transaction by dividing it even further. - Where most audits begin, you set this at the beginning of an audit with preliminary F/S and must adjust it if the numbers change. Aggregation - but can't offset to make something immaterial - Must aggregate all immaterial misstatements and see the total effect on B/S accounts (do the positive and negative separately). Effect of prior years' errors on current year F/S. Use both methods to determine if MM exists in the current year. - Rollover method - Iron curtain method
benford's law; selective attention; familiarity bias; planning fallacy
Benford's law: number of one's appear a lot (about 30%): this doesn't apply to preassigned data (i.e. postal codes). This could be used in fraud detection. Selective attention: when focused on something, we don't always gather all the evidence (i.e. when you remember an event, we don't remember everything just the things we focused on). So, we aren't always going to see the whole picture. Familiarity bias: comfort with the known and discomfort with the foreign and distant. For example: people tend to trade in the securities with which they are familiar. People tend to pick more familiar gamble even if the odds of winning are lower. The problem with this is that you underestimate the amount of risk in an investment and don't take steps to hedge/adjust for the risk. This affects auditing because we might not take the same precautions because we are familiar with the client. People tend to rank their home country's performance better. Planning fallacy: I can get this assignment done in one hour, but in reality, it usually takes three times longer.
Contingent fee for attorneys in class action litigation
Contingent fee for attorneys in class action litigation Drains money from stockholders Attorney agrees to front-end out-of-pocket cost of bringing case to verdict at trial: - If plaintiff loses the verdict at trial, then attorney gets nothing - If plaintiff wins the verdict at trial, or settles out of court, then the attorney gets 1/3 of the settlement plus recovery of out-of-pocket costs. This system encourages attorney to get a settlement (sucks for victims).
Contrast effect; gender bias
Contrast effect: when something is compared to something different, it looks different. Translation to audit: risky clients are not as risky when surrounded by high risk clients. Bunch of risky clients, one client is relatively clean, so when you compare all the clients, the relatively clean client looks a lot cleaner. Example of gender bias: most people believe that surgeons are males.
AQIs
CAQ wants AQIs to be voluntary (because AQIs would differ depending on the client, but would lose comparability) and only available to AC AQI framework - audit professionals, audit process, audit results - Input based: types of resources going into audit (i.e. expertise, knowledge, skill of audit personnel) - Output-based: restatement, fraud, going concern, number of hours on audit, manager/CEO evaluation of auditor AQI's are currently voluntary? Like you can do it or not and you can choose which to do? And they are for each client of the big four?
Case 11
Case 11 1. Audit standards currently in place to govern group audits: (1) AU-C Section 600 is the AICPA guidance for private company audits. (2) ISA 600 is the IAASB guidance. (3) PCAOB guidance includes: AU 543, AS 1205 (is the main), AS 2102 (plan an audit), AS 1202, AS 1215 (documentation), AS 1220 (engagement quality review). Broad standards for all audits but standard should be applied in group audits. - ISA doesn't allow you to make a division of responsibility. Only in the US can you divide responsibility in the audit report. 2. ISA 600 and AU-C section 600 are both pretty similar and rigorous. 3. In the US the lead auditor doesn't always have to take responsibility of another auditor's work but internationally, you do. However, even if you don't take responsibility in the U.S., you are not protected from liability. 4. (ASK AMEE) 5. PCAOB proposed change: they have to do enough work to serve as lead auditor - but the partner decides on how much to consider as being lead auditor (is this the 80% rule?). Inform of scope work to do. Obtain and review work papers. Document what you reviewed and obtain a written report 8. Auditors are not in favor of new standard because they want more clarity (i.e. being lead auditor or steps to take when there is no access to W/P). Companies and investors are neutral but against if there is higher costs. Two concerns from comment letters: (1) end up with checklist mentality (and not thinking about risks). (2) Concern that if principal auditor has to do 80% of it, they might not have the proper expertise to do the whole audit therefore audit quality is decreased (because need multiple auditors sometimes because you don't know how to do all the work, the 80% requirement forces them to do more work in areas they don't understand/have access to). 9. PCAOB won't adopt AU-C 600 because they want to maintain their relevance/don't trust AICPA standards because not independent of audit profession. 10. It will ultimately get passed but not in it's current form (will take a while).
Case 12: need for transparency standard
Case 12: need for transparency standard Not in favor because: increase liability for auditors (we have many things to keep us accountable), over emphasizes the role of the partner, investors don't need this info because they can't do much with it because their vote doesn't have much weight; increased audit cost. In favor because of increased accountability Disclosure is on separate Form AP because PCAOB is trying to minimize liability because if disclosed on audit report (aka SEC report) it is held to a higher standard (stricter because federal form). PCAOB is just a regulatory agency so the form reduces liability. It was a compromise solution. This new form will allow the public to track the history/record of a partner (i.e. number of restatements; industry expertise of partner; how often they issue going concern with a bankrupt company; tenure of partner at a client; anything on public domain). Unintended consequence: de-incentive partners from taking risky clients therefore lower quality partners holding higher risk clients. For other firms involved - could inform investors of jurisdiction issues (areas PCAOB can't inspect), disciplinary history, industry expertise. Partners don't want proposal because increased litigation. Investors are neutral-yes, because insight into audit but as long as it doesn't cost much. AC is neutral because they already know the info about their own auditors. Investors didn't call for this standard, the PCAOB wanted this. These disclosures are required outside the U.S. already.
What is corporate governance
Corporate governance: set of responsibilities and practices exercised by the board with the goal of: (a) providing strategic direction, (b) ensuring that goals are achieved, (c) ascertaining that risks are managed, and (d) verifying that org's resources are used responsibly. They also ensure that the company acts in the best interest of SH. - The audit committee is on the side of the auditor with disagreements with management, they are our avenue of communication. Also, they inform us of risks and help us to assess RMM. - The auditor's role tells problems/accounting issues to AC. Our audited F/S are used to evaluate management's performance. Want assurance that the numbers management provided them are good.
Does NAS improve or impair AQ
Does NAS improve or impair AQ Argument for: reputation control, going to do more work because really scared, code will keep us in check for social norms, knowledge spillover Argument against: economic dependence, audit own work (managerial independence), perception - people see us differently PCAOB is worried about perception and scope creep
Impact of fraud
Does fraud make it material? Yes, unless it's paper supplies You must tell the level above (i.e. supervisor of the division) and the AC If fraud is found, it usually implies a material weakness in IC.
how do you conduct a group audit
Done in the planning phase of an audit 1. Auditor ID's components that existed within consolidated groups 2. ID which are significant based on (1) financial or (2) qualitative 3. Make scoping decisions. Are we going to have full audit (of all F/S) or limited at that component audit (aka audit of specific account or disclosure, analytical procedures only, certain audit procedures for an account/disclosure) 4. Determine materiality for each component (this would be overall materiality for the component) 5. Audit is conducted 6. Evaluate component auditor's audit work 7. Overall conclusion on misstatement Component audit is usually lesser scope than standalone audit (statutory audit for certain components in certain areas/countries).
ISA 540
ISA 540 (IAASB standard in 2009) For estimates that give rise to significant risk, the auditor must evaluate: (a) reasonableness of management's assumptions, (b) management's consideration of alternatives, (c) steps taken to address uncertainty, and (d) whether estimates complies with financial reporting framework (FRF).
DQ's
DQ's 2. Do you expect historical characteristics to remain the same in the future? The expectations gap might get better because changes to standard but they might get worse because it might become more difficult to understand a lengthy audit report. Audit value probably won't change. Neither will the structure. She doubts there will be much change. 4. Firms with more than 100 issuers need an annual inspection and firms with 100 or fewer issuers get inspected tri-annually. PCAOB determines clients to inspect using a risk-based approach. Answer to the last part of the question? Working on at least 20% of an audit could lead you to be audited. They don't take a random sample, they are choosing the riskiest audits, so it's not truly representative of overall audit quality. 5. Part I is public and reports on selected audits. Part II is private (unless you don't fix issues within 12 months) and are ways to improve audit quality control systems of the audit firm. Part II is believed to be more useful than part I. Part II could affect the trust we place in F/S. 6. PCAOB regulates auditors not publicly traded companies. 7. Ways to improve inspection report: more consistent in inspection framework; more timely and transparent; random sample. They also don't treat all audit firms equally (big vs small). 9. There is inconsistent oversight over audits worldwide because not all regulators have same resources. No one enforces the AICPA standards except the AICPA, the PCAOB enforces their own standards. IAASB is enforced by the country that adopts their policies. 10. Politics slows things down and makes them inefficient in regards to PCAOB's standard-setting and inspection process.
DQ's:
DQ's: 1. Corporate governance is the board monitoring management because they are the only group with power to do so since SH have little rights/power. They are only marginally effective at providing corporate oversight and board oversight. 3. Must be nominated by the nominating committee to become an independent director. The CEO serves the BOD, technically; but in reality, it is usually the opposite because you get nominated if the CEO knows you. 6. PCAOB believed we needed additional standard about auditor-audit committee communication to strengthen communication between the two. Also, hoping to indirectly manage the AC. The cynical answer is that they don't believe AICPA standards are good enough. 7. AU380 and AS16 dictate the amount and kind of auditor-audit committee communication. We are considering changing the audit report between the auditor and AC to provide investors with more transparency and information, gives more accountability on AC. 9. SOX made AC independent and they have to hire the auditor; they are supposed to also have financial expertise (don't have to but must disclose if they don't. It should help in overseeing auditor). So, SOX strengthened AC's oversight of the auditor.
DQ:
DQ: 2. PCAOB/IAASB defines good audit quality as enough (sufficient and appropriate) support for audit opinion. GAO definition: perform an audit in accordance with GAAS to ensures F/S are in accordance with GAAP and there are no MM due to error or fraud. 7. Pros of AQIs: stimulate competition between small and big firms (hard because big 4 has more resources), helps AC make their selections. Cons: poor measure of AQ because each AQI is limited information value. Not consistent across firms. Companies have the ability to manage what numbers get disclosed and measured to make the numbers look better. Spending money on things that don't impact AQ to make AQI look better (i.e. firing/hiring personnel).
What is effective CG?
Ensures that long-term strategic objectives are established and the structure functions to maintain the corp.'s integrity, reputation, and accountability to its constituencies. Ensures the right questions get asked and the answers reflect what is best for the creation of LT sustainable value Ensures alignment of information, incentive, and capacity to act among all of the various constituencies to achieve the optimal conditions for growth and renewal (aka goal alignment of BOD and constituents)
Group audits; multi-location audits; group auditor; component auditor; significant component
Group audits mean multiple components—they are audits of F/S that include the financial info of more than one component (i.e. subsidiaries, locations, division, etc.). Multi-location audit means many locations. Components are determined by how a company does their accounting; each component would have their own accounting with own F/S that get consolidated later into the group F/S. - The involvement of multiple audit firms doesn't make it a group audit. You don't need to have multiple audit firms to have a group audit either. Group auditor: the firm coordinating the audit of the group (including all components) and signing the group audit report Component auditor: the auditor of each component Significant component: (i) individually of financial significance to the group (i.e. revenues) (quantitative, but could be qualitative) or (ii) is likely to include significant risks of MM to the group of F/S - Qualitative: poor controls, related party transactions, new product lines/multiple product lines that are hard to account for, complex operating environment, accounting for subsequent events
Is it possible for auditors to be independent?
Hard to determine if auditors are independent because independence is a state of mind - We might be a little more independent if we weren't paid by the client. - More independent as a staff vs a manager because you're brand new and less attached to the company (but tradeoff is that you're less informed) - The threat of being penalized addresses the conscious side but not the unconscious side
What is a strong governing body?
Independent (CEO and chairman separation (not required) Objective Performance is evaluated Interests are aligned with stakeholders
dual method of evaluating errors
If previously issued F/S are MM (identified via rollover method), they should be corrected promptly (aka file Form 10-k/A this is an amended filing). If not MM, they may be corrected prospectively (depending on what the iron curtain method shows us). Rollover method: shows how much I/S is misstated that year. Use rollover method to determine if previously issued F/S were materially misstated. Iron curtain method: shows how much I/S is misstated on a rolling/accumulated basis Use both methods to determine if misstatement is material in the CY. DUAL CLASS ACTIVITY 1. Look at the rollover method, which includes naturally reversing items, and if none of them are material in that year, then move on. This means that you don't have to refile amended F/S. You can apply prospective treatment. 2. Look at the iron curtain method, which cumulates the errors in each year. In the most recent 10-K filing, you check if the adjustment in the current year's year-end F/S will affect materiality, to determine the kind of prospective treatment a. If no, then ask if it will affect the current quarter. Regardless, you will make the adjustment to current year's numbers (DR comp exp. CR Comp liability), but if it will affect materiality in the current quarter, then you have to make a separate filing. b. If yes, then in the newest filings, you have to correct the previous year's numbers in the next filing. (i.e. in the next filing) (DR comp exp. and R/E CR Comp liability). c. If the total accumulated error was less than overall materiality, then we wouldn't have had to make an adjustment to R/E, we could have applied everything to the current year filing.
In-class case #7 about AC report
In-class case #7 1. Proxy statement: packet that goes out to SH, gives them all the things to vote on before annual meeting. Meant to be info to SH. Each country has their audit committee report in a different spot because it is done based on regulations in the country. - UK: corporate governance code - encourages/suggests that the audit committee report goes in the annual report. UK standard is to comply or explain why not. - US: audit committee report is included in the proxy statement. The concern is that we are confusing investors, but a savvy investor should find it regardless. But it makes sense to have the information all in one area. 2. Hard to determine which AC has greater responsibilities, but they are pretty similar. 3. The auditor is invited to AC meetings but they are not required to go, they usually don't attend. 4. Vodafone reviews auditor effectiveness by: (a) looking at what executives say about auditor, (b) inspector report, (c) AC makes own formal assessment, (d) asks for auditor's firm's own feedback on auditor's performance. Verizon: (a) tenure, (b) reviews mgmt. rec letter on retention of auditor (might indicate that mgmt. is choosing auditor), (c) PCAOB inspection report. There is no standardized reporting so it is hard to tell which AC is doing a better job 5. Effectiveness of AC is assessed by...for Vodafone: hires external party to do independent review. For Verizon: self-assessment (board does review audit committee; takes a lot to get fired as AC member, though). 6. SH vote or ratify but they don' really have that much influence/power. 7. Vodafone has a "significant judgment and issues" and how they addressed them section (which is the big difference between the two). The goal was to keep AC accountable by requiring them to write something down. 9. Reasons against SEC's effort to expand AC report: (a) information overload, (b) hard to interpret, (c) it might become too boilerplate. Reasons for: (a) more AC accountability and (b) investor will be able to use this info. Key takeaways: - Non-comparability between reports - UK has expanded AC report, not the US - Placement in annual report in the UK - SEC is trying to follow the lead of the rest of the world and provide more information Why is the SEC pushing for more AC transparency? Because it is confusing for investors to find information because it is spaced out. Other side says that savvy investors will know where to find this information.
What is independence (managerial, economic), negative and positive approach?
Independence Independence: without bias and with an attitude of judicial impartiality with respect to the client Managerial independence: not part of management Economic independence: not financially invested in the company) In-fact vs in appearance Approaches to auditor independence Negative approach - you're not independent if you: own stock, make management decisions, keep management's books, do internal auditing, are an advocate for management's interests, have mutual or conflicting interests Positive approach - you're independent if you have: high integrity and objectivity; monitoring controls to mitigate your interest in pleasing management
Independent audit committees
Independent audit committees Independent means (1) managerial independence aka can't act as management and (2) compensation can only come from their role as an AC member. They only meet a minimum of four (quarterly) board meetings). Can we trust them? Not sure because we don't know much about them. Should they own stock in the company? They're allowed if they get stock from their role in AC. - Pro-stock: it incentivizes the AC to improve value for SH. Con: incentive to manipulate to inflate share price (so a LT stock is probably more effective, because it would eliminate this risk). They are allowed to have social ties with the CEO. SOX 301 says that the AC should be independent. The tradeoff with independence is expertise and familiarity.
Inspections in Europe
Inspections in Europe Inspections are less frequent (third or sixth year) EightH EU council directive of 2006 (inspectors may be less independent) How or is oversight consistent across EU countries?
what did research find?
Kinney, palmrose, scholz: were able to obtain audit fee data to see if consulting impairs independence. IC fees, tax fees, and other internal audit fees. Tax consulting benefits audit quality. Other category did impair because it was positively correlated with poor audit quality. So, most consulting doesn't impair. Francis: no obvious clear evidence that independence is impaired but evidence shows that perception of independence is impaired due to decrease in stock price. Regulator imposed independence rules may help or harm (because cost is high) society through higher cost or higher/lower quality professional services. Why did regulators ban audit firms providing certain NAS because they wanted to restore trust in (1) FR and (2) audit quality.
Major risks facing group audit engagements:
Major risks facing group audit engagements: - Identifying significant components - Scoping decisions - Assessing materiality - Assessing results of audit - Cultural difference - Communication differences - Insufficient review of component auditors work (biggest area of deficiency) (principal auditor usually gets (1) component auditor's opinion. (2) Any adjustments. (3) Deficiencies in controls to review (they use these three things to assess the component auditors work)). We have MM at the group level because component level has MM. Assigning materiality at the right level. Insufficient by reviewing W/P (cultural and language differences).
What is materiality
Materiality: there is substantial likelihood that the fact would have been viewed by the reasonable investor as having significantly altered the total mix of information made available. A misstatement might not be material if a "reasonable person" doesn't think so.
What is Form AP
New PCAOB transparency standard requires all accounting firms to file Form AP (audit participation), which discloses the name of the engagement partner (key feature); the name, location, and extent of participation of each other accounting firm participating in the audit whose work constituted at least 5% of total audit hours; and the number and aggregate extent of participation of all other accounting firms participating in the audit whose individual participation was less than 5% of total audit hours. - Want to do this to let investors know all audit participants to hold them accountable (relevance and reliability) - Transparency (to reduce expectations gap by understanding what's in an audit and who participates) and accountability (by disclosing names) The only information investors have on audit quality is the inspection report from the PCAOB (have to go find them on the website); they can only find the firm name and location at the bottom of the audit report, then must look for PCAOB inspection report. This could help expectations gap because investors then realize how complicated an audit can be; opposite could be that they overlook complicated-ness if there is only one firm involved.
What is a non-GAAP financial metric
Non-GAAP financial metric is an adjusted GAAP number; any historic measure that has been adjusted for something. Companies use them because they claim it is a better metric of their performance. SEC's concerns regarding non-GAAP financial metrics: unequal treatment of revenue expenses, scared that non-GAAP numbers have greater prominence, not consistently being reported; no policy of what is a one-off occurrence vs what is reoccurring. - Auditors don't provide assurance over it, but PCAOB wants to change this. The change would benefit auditors because it would make us more relevant and it would provide more accurate information to investors. The con is that it is riskier. In the UK, using non-GAAP numbers affects the audit scope because that is how they calculate materiality, and so each company has a different metric, which makes it inconsistent.
Objectives of auditor legal liability/the legal system?
Objectives of auditor legal liability/the legal system? 1. Regulating auditor behavior, we meet these objectives because threat of lawsuit keeps audit quality high 2. Damage recovery aka paying back shareholders (not always that good, five cents on the dollar) 3. Resolving conflict between two parties (rarely good at this)
Objectives of corporate governance
Objectives of corporate governance: (1) compliance with laws and (2) good operating performance. Add value through... (This is the performance aspect) - Transparency: i.e. disclosures to help outside investors and lenders predict cash flow timing, amount, and uncertainty; help others understand corporation (aka they force mgmt. to give good F/S) - Encourage efficient and effective strategy and operations (board experience and contracts help) (aka helps management to make decisions) Conserve value through... (This is the compliance aspect) - Compliance with law and behavioral norms - Early warning of problems - Quick corrective action when needed
Outcomes (potential consequences) of changes in auditor regulation
Outcomes (potential consequences) of changes in auditor regulation Process auditing (making controls better or auditing something we aren't familiar with) Expectations gap (increases because management can override ICFR) New client (AC) Difficulty in attracting new professionals (because people left after SOX passed) Costs of standards not born by standard-setters (people are writing standards that are too costly but they don't know anything about those)
Corrections/adjustments HW
Overall materiality is usually the 5% of NI. Tolerable deviation would be half of that. (1) Calculate your overall materiality. (2) Apply a haircut to apply to accounts. (3) If For each misstatement, see if it is greater than or lower than the haircut materiality. (4) If greater, then must tell AC and MGMT to correct. (5) If less, aggregate all immaterial (negative and positive should be separately aggregated). If either are greater than haircut materiality, then you have to adjust until the value decreases (have discretion here). - If management refuses to adjust a correction, then tell AC. Regardless, you have to tell AC about material and immaterial adjustments.
PCAOB (independence may be impaired if)
PCAOB (independence may be impaired if) 1. Financial relationship exists (i.e. direct or indirect material financial interest), joint investment or business relationship, certain loans to or from the client 2. Employment or association: serving as an officer, director or employee; immediate family in accounting or financial oversight role. Former members of engagement team subject to one year cooling off period (SEC rule). 3. Providing non-attest services (i.e. management functions)
PCAOB independence rule - tax
PCAOB independence rule - tax Prohibit (not independent of audit client if): Contingent fees for tax services Planning advice for abusive shelters Tax services for financial reporting officers of client Specifically allowed: Tax return preparation Tax compliance services General tax planning and advice Other (minor) services
PCAOB inspection challenges
PCAOB inspection challenges Recruitment of qualified inspectors Allocation of resources (amongst all four responsibilities) Foreign inspections - some blocked jurisdictions - why does this matter to investors?
PCAOB staff consultation paper
PCAOB staff consultation paper (issued in 2014, but no action since then) Considering a new auditing standard for auditing estimates and fair values. Why the need? Audit deficiencies noted, changes in FRFs, growing reliance on third parties, and concerns about quality of the standards. Retain requirements but refine them. It would maintain the three main methods, just more guidance on all three.
DQs
People are more critical of others than themselves because it's easy to judge others. We are more critical of people we don't know (therefore, this might decrease our professional skepticism and evaluations when reviewing other's work). - Fundamental attribution error - tendency to attribute other's behavior to internal reasons rather than external - Self-serving attribution bias - opposite of above Auditors biggest temptation is to cut corners when up against a deadline or budget constraint
PCAOB investigation and enforcement
Potential actions (1) censuring (fine/penalty), (2) suspending licensing, (3) barring (permanent), (4) revoking firm license/registration Recent disciplinary orders How is work divided/shared between PCAOB/SEC?
Principles of good regulation
Principles of good regulation Clear objective in the public interest Proportionate and balanced rule making (to treat everyone fairly) Evidence-based (evidence that drives rule making; cost-benefit analysis) (criticized for this because they don't this well) Appropriately resourced (to enforce own rules) Cooperative (with other regulators and inspectors) Consistent and coherent (criticized for this) Transparent with open consultation (comment period; they used to be criticized for this) Active oversight (SEC over PCAOB; half-criticized for this) Systematic review (of how well rules work; criticized for this) Do these describe the PCAOB? (get more notes on this) Probably more no than yes. Their goal is to protect the investors (so they do have a clear objective) For the second point, it's a no because they have breaks for small/medium sized companies.
Probability of being sued is a function of:
Probability of being sued is a function of: Actual audit quality (auditors have control over this), financial reporting framework and auditing standards* (GAAP & GAAS), client: industry, integrity, profitability, viability (we have control over this because we choose to accept the client), economic conditions**, legal structure*, perceived audit quality** ** No control/unknown * Known but can't do anything about it
Reasons behind the PCAOB proposed standard:
Reasons behind the PCAOB proposed standard: - They wanted to decrease letterbox auditing, more lead auditor involvement - Strengthen existing requirements in group audits/uniform audit behavior: to have better reliance of work papers (ensure auditors are looking at work papers), to decrease inspection findings (aka reduce deficiencies), to get up to par with ISA and AICPA standards
Recommendations to combat against liability
Recommendations Liability caps (never passes because (1) no one can ever agree that we need it (2) nor can we determine what it should be): - Monetary limits? - Percentage of base (i.e. 5x audit fee) (incentivize people to charge lower fees and thus perform poor quality audits) - Negotiate limit with client Other liability solutions - Better auditing standards - Government insurance - ACAP - preservation and rehabilitation plan (bailout plan) - Do good audits - More firms? Independent boards for firms
regression to the mean; randomness in pattern; motivated reasoning/distorted reasoning; halo effect; ego depletion
Regression to the mean: outliers will regress to true performance, the mean. Randomness in pattern: bad at spotting outliers, need statistics software to spot it. Motivated reasoning/distorted reasoning: trying to interpret information to support your beliefs, similar to confirmation bias, usually conscious. Halo effect: we like one attribute, which causes us to like everything (i.e. the CEO is good at golf, you start to think that they are good at everything, affects risk assessment). Ego depletion: professional skepticism deteriorates as the day goes on or as busy season goes on. Resources constrain us, not permanent though, it is temporary because you can rest and restart.
Why does liability arise?
Responsibilities of auditor: - Users: to clients (contract law, common law), to third-party users (common law, statutory law) - Regulators/professional organizations: to SEC (SOX and PCAOB - statutory law), to states (security laws and board of accountancy statutes) Expectations gap: belief that we should find fraud Joint and multiple causation: hard to separate who is responsible (MGMT and auditors) Judgment under GAAP and GAAS
What is rule 2-01 and 2-02?
Rule 2-01 (applies to consulting/advisory and assurance -- applies to all CPAs) (must be a CPA for the rules to apply) 1. Be competent to do engagement (professional competence) 2. Provide due care (due professional care) 3. Appropriately plan and supervise engagement (planning and supervision) 4. Gather sufficient and relevant data Rule 2-02 (applies only to advisory) 1. Serve client interest - accomplish objectives while maintaining integrity and objectivity 2. Develop understanding of client (nature, scope, limits) 3. Communicate back findings 4. Notify of any conflicts of interest or reservations you have This is different from assurance because you're serving the client, not the investor. All parts of the code of ethics applies to consulting except the independence clause. Unless, you're in advisory but your firm also audits, then you have to maintain independence.
SAB 99
SAB 99 and SAB 108 applies to management and auditors, it was written by the SEC (which has jurisdiction over companies too). 99 says that management is primarily responsible for the F/S.
SEC has a principle based approach for threat to independence if relationship or service provided by the auditor:
SEC has a principle based approach for threat to independence if relationship or service provided by the auditor: 1. Creates a mutual or conflicting interest between the accountant and client (adverse and advocacy) 2. Places the auditor in a position of auditing their own work (self-review) 3. Results in an accounting acting as management or an employee of the audit client (management participation) 4. Places the auditor in a position of being an advocate for the client (advocacy threat)
Sarbanes-Oxley Act of 2002
Sarbanes-Oxley Act of 2002 PCAOB (standard setter) mandated as regulator of all aspects of registered accounting firms' practices - Independent, non-expert board with broad duties. Funded by fees collected by national stock exchanges - They are trying restore faith in audits with independent body. Registered accounting firm's client is the mandated independent audit committee Mandates internal control certifications and independent audits by F/S audit firm NAS bans and cooling off period MGMT certification AC independence Goal of sox: strengthen FR including audits, and strengthen trust in FR.
How to set component materiality?
Setting materiality for components is the highest risk area because people don't know how to do it. There is a risk that individual component will contain misstatements that are material to the group F/S (function of size of component, risk from operations, risk from consolidation). How to set materiality: 1. Standard says determine group materiality - overall materiality for group F/S as a whole (i.e. 5% of NI aka $1M) 2. AU-C 600 or ISA 600 says: less than group materiality but more than proportionate materiality (aka if a component is 10% of NI, then 10% of materiality gets allocated to this). This leaves a huge range of options to choose from (must use professional judgment) a. Using group materiality is too aggressive (this is $1M). this could cause us to under-audit b. Using proportionate materiality is too conservative (this is the $100K). This could cause us to over-audit Steps to calculate component materiality 1. Calculate MACM (maximum aggregate component materiality) using benchmark multiples. 2. Allocate MACM to components using proportional allocation technique or weighted allocation technique. Then adjust as appropriate for component risk characteristics (or for unevenly sized components). Reasons to adjust component materiality (risk factors to consider): difference in RMM, complexity of component, diversity of product line, less internal controls, decentralized systems, jurisdiction differences. - MACM should be greater than group materiality - Component materiality cannot be greater or equal to group materiality - Makes materiality complicated
So, is this concentration a problem?
So, is this concentration a problem? PCAOB says yes, within an industry. GAO says no. UK says yes. Auditors say no because there is fierce competition. This matters because with fees there is price competition, and with litigation there is catastrophic risk.
Some tips
Some tips Focus on inputs/assumptions that are: significant to the estimate, sensitive to variation (perform sensitivity analysis), deviate from historical patterns, susceptible to management bias, susceptible to misstatement. Some suggestions on how to do this: review past estimates and outcomes (and future outcomes if they exist), assess whether estimate aligns with the operational plans of the entity, understand the reasons that make the relationship plausible, develop expertise/knowledge and recognize that you could be overconfident in your ability, think of reasons management might be wrong (examine the qualifications of the preparers), don't look at one piece of information at a time.
Sources of accounting firm's exposure to litigation
Sources of accounting firm's exposure to litigation - Users of F/S via class action lawsuits, SEC can sue for violation of the law, state could sue and employees could sue. - For the future, it could come from the partner signature and the expanded audit report
Structured data unstructured data data visualization
Structured data - it is usually the information we are familiar with (it is within the company) Unstructured data - usually data outside of the organization Data visualization helps us identify risks and communicate it to the client and team in an effective manner.
PCAOB inspection basics
Supervisory regulatory agency (inspections rather than enforcement emphasis) (supervise via inspections because they rather let firms fix them first) 50% of budget They use an algorithm to identify risky companies (red flags for PCAOB: fee drops, risky partners, client changes auditors a lot). What is the role of ORA? They have the algorithm? When are QC inspections included and disclosed? Small auditor vs large auditor inspection differences (not a lot of consistency) Problems encountered: difficulty inspecting foreign audits, hiring expertise (usually from Big four), not timely (2015 inspection released in 2017) Four responsibilities of PCAOB: register firms (any auditing firm must register with them), standard setting, inspections, enforcement Registering with PCAOB can increase your credibility for marketing.
The PCAOB's (IOPA) inspection review (aka an inspection on PCAOB)
The PCAOB's (IOPA) inspection review (aka an inspection on PCAOB) 27 recommendations on how to improve documentation (conclusions made, independence, selection choice, etc.) (aka SEC said that the PCAOB isn't documenting well enough) Results of implemented changes? Strained resources, morale issues, judgment limitations What does report suggest about PCAOB's control environment?
Constraints on CG
These things impair the effectiveness of CG Commitment: free markets, voluntary contracts, transferrable shares Limited measurement criteria Conflict: public disclosure downside (liability risk; competitive risk) Oversight: limited statutory authority of SEC Competence: difficulty finding independent members willing to serve
Three approaches to auditing estimates (PCAOB-approved)
Three approaches to auditing estimates (PCAOB-approved) 1. Evaluating subsequent events and transactions (usually no subsequent data, though) 2. Develop independent expectation (rigorous and costly) 3. Testing management's process (hard to catch all biases) 1. Evaluate subsequent events Consider events or transactions occurring subsequent to the B/S date but prior to the date of the auditor's report. Customer bankruptcy (rare to see this). Settlement litigation (usually dragged over years and years). Customer receipts on A/R balances. 2. Develop independent expectations Auditor uses management's or alternative assumptions to develop an independent estimate - build your own model approach. Often, auditors rely on in-house specialists to help them do this. Common to use in-house specialists. 3. Test MGMT's process Some steps: perform retrospective review (evaluate management's track record in the past—review how well management did in the past to see how well old estimates have done. See if they've had a consistency for being conservative/aggressive). Inquire about changes in assumption (is up, down, or no change reasonable). Consider contrary evidence (to fight against biases).
What are the three components of estimates; what are risks associated with all three
Three components of estimates Data: factual information about past and current conditions (more objective, i.e. # of employees) The below two are more subjective Assumptions: predictions of future outcomes Models: calculations that translate data and assumptions, applying relevant accounting principles to produce an estimate Each of these components presents inherent risks and are affected by internal controls (mainly affects the model). Risks of misstatement Data risks: inaccurate, incomplete, or insufficiently relevant data Assumptions risks: unreasonable assumption (maybe inconsistent with external sources) Model risks: inaccurate calculations, spreadsheet errors or inappropriate modeling methods Understanding appropriate GAAP is critical Two biggest risks of misstatement: 1. Estimation uncertainty (of what the right number could be): extent of judgment, sensitivity to changes in assumptions, recognized measurement techniques? (following standard industry practice), length of forecast period (the longer the period, the more difficult it is), available data from external sources, observable or unobservable inputs (had to corroborate some inputs) 2. Management bias: availability of information, anchoring and adjustment, overconfidence, confirmation (exists more at the end of audit), rush to solve (also near the end).
Purpose of data analytics
To aid in making informed decisions using data, statistics, and theory - Predictive analytics - such as what will income be? - Performance evaluation - looking at the past (sometimes called audit analytics). Purpose in auditing: - Anomaly detection (identifying fraud) - Testing an entire population instead of a sample - So more effective and hopefully more efficient auditing
How to avoid biases
To avoid these biases, you must (a) question the experts, (b) encourage opposing viewpoints and consider disconfirming evidence, (c) consider your motivation for what you're doing (i.e. are you concluding because you found all the evidence or because you want to finish to move on), (d) don't rely on first impressions, (e) replenish your resources (aka get some rest), (f) evaluate things on a LT horizon, helps with rusk to solve because you gather more information, (g) explain rationale to others and also read it again later, and (f) define problems/goals before looking for data or support (we sometimes use an answer to look for a problem).
Shareholder vs stakeholder view
Traditional/shareholder view: company works in the best interest of SH Stakeholder view: works in the best interest of all stakeholders Bebchuk believes that mgmt. should make decisions about a company in the best interest of the SH. Lipton believes it should be in the best interest of all stakeholders, not just SH. Who is right and why does this matter? - Both are probably right, no one is really holding the corporation accountable. Matters because liability
Unique characteristics of audits
Unique characteristics of audits Economically motivated response to risk (more fees) Outcome is uncertain and unobservable (can't know about MM for certain) Idiosyncratic (no audits are the same) Process matters Knowledge/skills involves professional judgment
Voluntary settlements
Voluntary settlements make it hard to determine who is at fault and it attracts more litigation
Ways to overcome these biases
Ways to overcome these biases: (1) be aware you have them. (2) Explain your position/write it out (other people will be able to check this too). Not all biases can be corrected (some can) but you can probably reduce your biases.
What is the purpose of regulation?
What is the purpose of regulation? Make the economy run effectively/efficiently/fairly Restore/retain trust in economy/FR system Holding people accountable In the context of auditing Improve trust in audits and to have good audits
Why is it difficult to measure AQ? What is GAO definition?
Why is it difficult to measure AQ? Because it exists on a continuum. People don't' know the definition of AQ. Outcome is always uncertain because audit report has probability even after issued. It is judgmental in nature (i.e. how much evidence to collect). Limited insight into audits (investors only see extremes of fraud and lawsuits). Many different stakeholders with different focuses. - AQI goal is to expose the continuum of audit qualities to see good, medium, okay, and bad audits. GAO definition of AQ: an audit performed in accordance with GAAS to provide reasonable assurance that F/S and disclosures are presented in accordance with GAAP. (most well accepted definition). - Even if auditor is wrong (left a MM), as long as they complied with the proper standard, they shouldn't be blamed.
Shady case
a. Management is responsible for the method/approach to determine fair value and for deciding what assumptions/parameter values to use when operationalizing a fair value method. c. You could inflate your estimates by: using overly optimistic assumptions, manipulating data/assumptions, only giving the auditor one model to evaluate, or show low, medium, and high ranges that are all favorable. d. The auditor would likely be unable to catch your inflation because the data is the only objective part to be able to argue. Assumptions are hard to argue because the auditor must have expertise otherwise, they wouldn't be able to question them. Overall, management has many levers to play around with and auditors must look at all levers and argue back, which is very hard. f. The most rigorous or reliable is the subsequent event data because there is real evidence to support the balance but it almost never exists. g. The approach that is less likely to uncover value manipulation by the management is testing management's significant assumptions. h. Most audits test management's significant assumptions, which makes it difficult to catch a misstatement meaning that the audit is probably not as reliable as we would like. The reason why so many use this approach is because there are many things management can do to bias those numbers, and so the PCAOB has many standards on how to combat those, which implies that the PCAOB wants firms to do that method. But technically, you're able to choose whichever best supports. If able, auditors use all three methods just to be safe. Management assertions (assertions management makes and we attest to): - Existence - Occurrence - Completeness - Rights and obligations (i.e. right to assets) - Valuation - Presentation and disclosure (describe process) The bottom three are most relevant to estimation