Sarbanes-Oxley Act of 2002 and the PCAOB

AC inquiries should include:

- AC views of fraud in the company - AC knowledge of fraud in the company - Tips or complaints about fraud - AC oversight of fraud risks

Potential changes to the AC's oversight of the independent auditor:

- Additional information about communications between the AC and the independent auditor - Frequency of AC meetings with the independent auditor - Review and discussion of PCAOB inspection report with AC - Whether and how the AC assesses the objectivity and professional skepticism of the auditor

SOX Title II - Auditor Independence Auditors are banned from providing a large number of services to clients they audit, including:

- Bookkeeping - Financial systems design and implementation - Appraisal and valuation - Internal auditing - Human resources - Actuarial - Investment - Legal advice

Material weaknesses include:

- Fraud by senior management - Restatement of previous FS's - Material errors in CY FS

PCAOB AS's require the auditor to obtain written representations from management about its responsibility for ____ and ___ conclusion about the effectiveness of ICOFR as of the end of the fiscal period.

- ICOFR - Management's

PCAOB AS No. 8 - Audit Risk - "susceptibility of an assertion to misstatement" - "risk that errors will not be detected by internal controls" - "risk that substantive audit procedures will not detect an error"

- Inherent risk - Control risk - Detection risk

Nature of Tests of Controls (ordered from least evidence to most evidence produced)

- Inquiry - Observation - Inspection of relevant documentation - Re-performance of a control

Audit procedures include:

- Inspection - Observation - Inquiry - Confirmation - Recalculation - Re-performance - Analytical procedures

Management inquiries should include:

- Knowledge of fraud - Management's process to identify fraud - Internal controls used to address fraud risks - Whether any locations have higher risks than others - Tips or complaints about fraud - Whether management has discussed fraud risks with the AC

PCAOB AS No. 13 - Auditor's Responses to Risk of Misstatement Auditor must design and implement audit responses that address risks, which should include:

- Making appropriate assignments of significant engagement responsibilities - Providing the extent of supervision that is appropriate for the circumstances, including, in particular, the assessed risks of material misstatement - Incorporating elements of unpredictability in the selection of audit procedures to be performed (accounts with small balances, surprise visits, vary timing of tests) - Evaluating the company's selection and application of significant accounting principles

Auditor should assess risk of various locations on overall FS including:

- Nature and amount of assets and transactions - Materiality - Risk of misstatement at a location - Degree of centralization - Effectiveness of management's supervision of locations and frequency of monitoring

PCAOB AS No. 12 - Identifying and Assessing Risks of Misstatement The auditor should perform risk assessment procedures including:

- Obtain understanding of the company and its environment (including objectives and strategies) - Obtain understanding of ICOFR (5 elements) - Consider information from the client acceptance and retention evaluation, audit planning activities, past audits, and other engagements performed for the company - Perform analytical procedures - Conduct discussions among engagement team members regarding the RoMM - Inquire of the AC, management, and others within the company about the RoMM

PCAOB AS No. 14 - Evaluating Audit Results Auditor's evaluation of audit results should include:

- Overall analytical review of FS - Misstatements accumulated during the audit, including uncorrected misstatements (pervasiveness of errors and indication of fraud) - Qualitative aspects of the accounting practices (management's biases) - Conditions related to fraud risk factors - Presentation of FS, including footnote disclosures - Sufficiency and appropriateness of audit evidence obtained

Section 806

- Protection for whistleblowers - No company, officer, employee, etc. may discharge, demote, suspend, threaten, harass, or in any other manner discriminate against an employee in the terms and conditions of employment because of any lawful act done by the employee.

The governing body which has the authority over the PCAOB and may override its laws

- SEC

PCAOB AS No. 16 - Communications with Audit Committees

- Significant issues discussed with management prior to retention - The terms of the engagement - include a copy of the engagement letter - The overall audit strategy, including specialized skills, use of internal audit, use of other accounting firms - Timely observations arising from the audit that are significant to the financial reporting process - Significant and critical accounting policies - Critical accounting estimates - Significant unusual transactions - Auditor's evaluation of the company's financial reporting - Consultations made by the auditor - Management consultation with other audit firms - Going concern issues - Uncorrected and corrected misstatements - Departure from the standard report - Disagreements with management - Difficulties in performing the audit - Other matters

PCAOB AS No. 2 - Audit Documentation

- auditor must retain audit documentation for seven years from the auditor report date - auditor should have a complete and final set of audit documentation assembled for retention no later than 45 days after the report release date

Entity-level controls include:

- controls over management override - risk assessment - period-end financial reporting

Details of SOX Title I - PCAOB

- five independent members of the Board - all accounting firms that audit public U.S. companies are required to register with the PCAOB - PCAOB has the power to investigate possible violations by these registered accounting firms and can impose sanctions - established Auditing Standards to be used by public companies

PCAOB AS No. 18 - Related Parties The auditor is to obtain sufficient appropriate evidence to determine whether related parties and relationships and transactions with related parties have been properly ______, accounted for, and ____ in the FS.

- identified - disclosed

What's next for the PCAOB? PCAOB is looking to enhance auditor _____, objectivity and ____ ____ by mandating audit firm _____.

- independence - professional skepticism - rotation The PCAOB is not satisfied with the current level of professional skepticism.

"Ripe conditions" for management manipulation include:

- ineffective control environment - lack of sufficient capital - declining industry conditions

PCAOB AS No. 11 - Materiality Materiality is the ____ at which a "__ __" makes a different decision.

- level - reasonable shareholder

The higher the RoMM, the ____ the level of detection risk needs to be in order to reduce audit risk to an appropriately ___ level.

- lower - low

Potential changes to AC's process for appointing and retaining auditors:

- public disclosure about the reasoning for retaining or selecting an independent auditor - whether the AC sought requests for proposal and factors in selection of the independent auditor - Disclosure of the company's policy about where auditor selection is sole that of the AC or whether the Board of Shareholders should ratify the decision

SOX requires auditors to discuss with a firm's AC their "judgments about the ___, not just the ____, of the entity's accounting principles as applied in its financial reporting."

- quality - acceptability

PCAOB AS No. 15 - Audit Evidence The audit evidence must be _____ sufficient (enough) and ____ appropriate (relevant and reliable).

- quantitatively - qualitatively

PCAOB AS. No 5 - Integrated Audits

- relates to the integration of the audit of ICOFR for public companies

PCAOB has ___ year record retention of audit reports

- seven

SOX reinforces the link between the AC and external auditor's and strengthen the external auditors' independence from management by:

- stating that the AC is responsible for hiring, compensating, and supervising the company's external auditors - external auditors must report directly to the AC

PCAOB AS No. 10 - Supervision The engagement partner is responsible for the _____ of the work of the engagement team members and for ______ with PCAOB standards. Additionally, the partner should inform each team member of their _______, direct team members to bring issues to partner or manager, and review work of team members.

- supervision - compliance - responsibilities

Most deficiencies relate to _____ of complex financial instruments, inappropriate use of ______ procedures, and inappropriate reliance on ______.

- valuation - analytical - controls

Auditors are now required to perform two different types of audit in a public company

1) FS 2) ICOFR

Audit Committee reforms The AC must be composed of:

1) independent directors 2) at least one director must be financial literate

Sarbanes-Oxley Act

A federal securities law passed by congress and signed into law by George W. Bush that regulates publicly traded companies and their auditors, and effectively established the PCAOB.

SOX Title III - Public Company AC's Rule 302 says:

All executive and financial managers must file documents saying that: - the officer has reviewed the document - the officer believes all items are true - the officer is responsible for internal controls - any fraud (material or not) has been reported

One or more material weaknesses results in which opinion?

An adverse opinion on internal control

Destruction, alteration, or falsification of records is a ___ ___ with penalties up to 20 years in prison.

Criminal offense

The auditor should test the ____ _____ of controls by determining whether company's controls, satisfy the company's control objectives and can effectively prevent or detect errors or fraud that could result in material misstatement in the FS.

Design effectiveness

PCAOB AS No. 9 - Audit Planning The _____ partner is responsible for the engagement and its performance, including planning the audit.

Engagement (lead partner)

The auditor should test the ___ ___ of a control by determining whether the control is operating as designed and whether the person performing the control possesses the authority and competence to perform the control effectively.

Operating effectiveness

Section 404 of SOX

Requires all public annual reports to include management's assessment of internal controls and the auditor's attestation of management's assessment.

___ year retention of audit work papers

Seven

Details of partner rotation

The lead partner and the reviewing partner must rotate at least once every five years.

PCAOB AS No. 1 - Audit Opinions

audit opinions of public companies must refer to the "standards of the PCAOB", rather than "GAAS".

Deficiencies should be:

reported in writing to management

Significant deficiencies should be:

reported in writing to management and the audit committee

PCAOB AS No. 17 - Auditing Supplemental Information The auditor is to obtain ____ ____ evidence to express an opinion on whether the supplemental information is fairly stated, in all material respects, in relation to the FS as a whole.

sufficient appropriate

Communications can be oral or written, but they must be documented in the ____ ____.

work papers