1 / 71

Problems and Warning Signs

Problems and Warning Signs. 1990. 2000. During the economic boom of the late 1990s and the early 2000s, accounting firms aggressively sought opportunities to market a variety of high-margin nonaudit services to their audit clients. Problems and Warning Signs. An Explosion of Scandals.

rlois
Download Presentation

Problems and Warning Signs

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Problems and Warning Signs 1990 2000 During the economic boom of the late 1990s and the early 2000s, accounting firms aggressively sought opportunities to market a variety ofhigh-margin nonaudit services to their audit clients.

  2. Problems and Warning Signs

  3. An Explosion of Scandals WorldCom Enron Tyco Adelphia Xerox

  4. Government Regulation In July 2002, Congress passed the Sarbanes-Oxley Public Company Accounting Reform and Investor Protection Act. The Sarbanes-Oxley Act effectively ended the profession’s era of “self-regulation,” creating and transferring authority to set and enforce standards to the Public Company Accounting Oversight Board (PCAOB).

  5. A Model of Business Business organizations exist to create value for their stakeholders. Due to the way resources are invested and managed in the modern business world, a system of corporategovernance is necessary, through which managers are overseen and supervised. Board of Directors Audit Committee

  6. Auditing Standards PCAOB Auditing Standards Board Public Companies Nonpublic Companies Auditing standards serve as guidelines for and measures of the quality of the auditor’s performance.

  7. GAAS

  8. Statements on Auditing Standards (SAS)—Interpretations of GAAS GAAS and SAS are considered to be minimum standards of performance for auditors. PCAOB adopted, on an interim basis, GAAS and SAS. Standards issued by PCAOB are called Auditing Standards (AS).

  9. Organizations That Affect the Public Accounting Profession American Institute of Certified Public Accountants (AICPA) Securities and Exchange Commission (SEC) Public Company Accounting Oversight Board (PCAOB) Financial Accounting Standards Board (FASB)

  10. Legal Liability

  11. Historical Perspective Due to a slump in the economy in the early 1970’s and the recession of the 1980’s, it became more common for auditors to be sued. Claims against auditors were relatively uncommon before the 1970’s. The recession of 1990-1992 led to another upsurge in litigation against auditors. The profession pushed for litigation reform, and in the 1990’s Congress passed litigation reform acts that provided some limits to auditor liability and made it more difficult to sue auditors successfully. 1980 1970 1990

  12. Historical Perspective Due to a slump in the economy in the early 1970’s and the recession of the 1980’s, it became more common for auditors to be sued. Claims against auditors were relatively uncommon before the 1970’s. The recession of 1990-1992 led to another upsurge in litigation against auditors. 1980 1970 1990 2002 Due to several high-profile frauds, Congress refocused attention on auditors in the Sarbanes-Oxley Act of 2002.

  13. Privity Near Privity Reasonably Foreseeable 3rd Parties Foreseen 3rd Parties Common Law—Third Parties Four Legal Standards for Third Parties

  14. Common Law—Third Parties Near Privity 3rd parties whose relationship with the CPA approaches privity. Foreseen 3rd Parties3rd parties whose reliance should be foreseen, even if the specific person is unknown to the auditor. Reasonably Foreseeable 3rd Parties3rd parties whose reliance should be reasonably foreseeable, even if the specific person is unknown to the auditor.

  15. Common Law—Third Parties NegligenceThird Party Must Prove • The auditor had a duty to the plaintiff to exercise due care. • The auditor breached that duty and was negligent in not following the professional standards. • The auditor’s breach of due care was the direct cause of the 3rd party’s injury. • The 3rd party suffered an actual loss as a result.

  16. Common Law—Third Parties NegligenceAuditor’s Defense • No duty was owed to the 3rd party (level of duty required depends on the case law followed by the courts). • The 3rd party was negligent. • The auditor’s work was performed in accordance with professional standards. • The 3rd party suffered no loss. • Any loss was caused by other events. • The claim is invalid because the statute of limitations has expired.

  17. Fraud If an auditor has acted with knowledge and intent to deceive a third party, he or she can be held liable for fraud.

  18. Fraud Third Party Must Prove • A false representation by the CPA. • Knowledge or belief by the CPA that the representation was false. • The CPA intended to induce the 3rd party to rely on the false representation. • The 3rd party relied on the false representation. • The 3rd party suffered damages.

  19. Statutory Liability Three major statutes that provide sources of liability for auditors: The Securities Act of 1933 The Securities Exchange Act of 1934 Sarbanes-Oxley Act of 2002

  20. Securities Act of 1933 Generally regulates the disclosure of information in a registration statement for a new public offering of securities. Section 11 imposes a liability on issuers and others, including auditors, for losses suffered by 3rd parties when false or misleading information is included in a registration statement.

  21. Securities Act of 1933 Third Party Must Prove • The 3rd party suffered losses by investing in the registered security. • The audited financial statements contained a material omission or misstatement.

  22. Securities ExchangeAct of 1934 Concerned primarily with ongoing reporting by companies whose securities are listed and traded on a stock exchange. Section 18 imposes liability on any person who makes a material false or misleading statement in documents filed with the SEC. Section 10(b) and Rule 10b-5 are the greatest source of liability for auditors under this act.

  23. Securities ExchangeAct of 1934 Third Party Must Prove • A material, factual misrepresentation or omission. • Reliance on the financial statements. • Damages suffered as a result of reliance on the financial statements. • Scienter.

  24. Private Securities Litigation ReformAct of 1995 and the Securities Litigation Uniform Standards Act of 1998 Private Securities Litigation Reform Act of 1995 Securities Litigation Uniform Standards Act of 1998 Provides for proportionate liability for defendants based on percentage of responsibility and a specific statement of fraud at the beginning of the case Prevents plaintiffs from seeking to evade the protections that Federal law provides against abusive litigation by filing suit in State, rather than Federal Court

  25. Sarbanes-Oxley Act of 2002 Creation of PCAOB Most sweeping securities law since 1934 Stricter independence rules Audits of internal controls Increased reporting responsibilities

  26. SEC and PCAOB Sanctions Suspend Practicing Privilege Impose Fines Remedial Measures

  27. Foreign Corrupt PracticesAct (FCPA) Passed in 1977 in response to the discovery of bribery and other misconduct on the part of more than 300 American companies. An auditor may be subject to administrative proceedings, civil liability, and civil penalties.

  28. Racketeer Influenced and Corrupt Organizations Act (RICO) Passed in 1970 to combat the infiltration of legitimate businesses by organized crime. RICO provides for civil and criminal sanctions for certain illegal acts.

  29. Criminal Liability Auditors can be held criminally liable under the laws discussed in the previous section. Criminal prosecutions require that some form of criminal intent be present, such as gross negligence or fraud. Gross Negligence Fraud

  30. Approaches to MinimizingLegal Liability • Firm Level • Institute sound quality control and review procedures. • Ensure independence. • Follow sound client acceptance and retention procedures. • Be alert to risk factors. • Perform and document work diligently. • Professional Level • Establish stronger auditing and attestation standards. • Update Code of Professional Conduct and sanction members who do not comply. • Educate users.

  31. Sarbanes-Oxley Act of 2002 Creation of PCAOB Most sweeping securities law since 1934 Stricter independence rules Audits of internal controls Increased reporting responsibilities

  32. Management Responsibilities under Section 404 Section 404 of the Sarbanes-Oxley Act requires managements of publicly traded companies to issue an internal control report that explicitly accepts responsibility for establishing and maintaining “adequate” internal control over financial reporting.

  33. Management Responsibilities under Section 404 Management must comply with the following in order for its public accounting firm to complete an audit of internal control over financial reporting. • Accepts responsibility for the effectiveness of the entity’s internal control over financial reporting. • Evaluate the effectiveness of the entity’s internal control over financial reporting using suitable control criteria. • Support its evaluation with sufficient evidence, including documentation. • Present a written assessment of the effectiveness of the entity’s internal control over financial reporting as of the end of the entity’s most recent fiscal year.

  34. Auditor Responsibilities under Section 404 The entity’s independent auditor must audit and report on management’s assertion about the effectiveness of internal control. The auditor is required to conduct an integrated audit of the entity’s internal control over financial reporting and its financial statements.

  35. Internal Control over Financial Reporting Defined Internal control over financial reporting is defined as a process designed to provide reasonable assurance regarding the reliability of financial reporting and the preparation of financial statements in accordance with GAAP. Controls include procedures that: • Pertain to the maintenance of records that fairly reflect the transactions and dispositions of the assets of the company. • Provide reasonable assurance that transactions are recorded in accordance with GAAP. • Provide reasonable assurance regarding prevention or timely detection of unauthorized acquisition, use or disposition of the company’s assets.

  36. Internal Control Deficiencies Defined A control deficiency exists when the design or operation of a control does not allow management or employees, in the normal course of performing their assigned functions, to prevent or detect misstatements on a timely basis. A significant deficiency is a control deficiency, or combination of control deficiencies, that adversely affects the entity’s ability to initiate, authorize, record, process, or report external financial data reliably in accordance with GAAP such that there is more than a remote likelihood that a misstatement of the entity’s annual or interim financial statements that is more than inconsequential will not be prevented or detected (AS2, ¶9).

  37. Internal Control Deficiencies Defined A control deficiency may be serious enough that it is to be considered not only a significant deficiency but also a material weakness in the system of internal control. A material weakness is a significant deficiency, or combination of significant deficiencies, that results in more than a remote likelihood that a material misstatement of the annual or interim financial statements will not be presented or detected (AS2, ¶10). As illustrated on the next slide, the auditor must consider two dimensions of the control deficiency: likelihood (remote or more than remote) and magnitude (material, consequential, or inconsequential).

  38. Materialweakness MAGNITUDE Material Significant deficiency Consequential Control deficiency Inconsequential Remote More than remote L I K E L I H O O D Internal Control Deficiencies Defined

  39. Management’s Assessment Process • Management must: • Design and implement an effective system of internal control. This process involves determining whether a necessary control is missing or an existing control is not properly designed. • Develop an ongoing assessment process for the internal controls in place. Management must assess the likelihood that failure of a control could result in a misstatement. • Management must decide which business units to include in the assessment process.

  40. Management’s Documentation Management must develop sufficient documentation to support its assessment of the effectiveness of internal control. This documentation may take many forms, such as paper, electronic files, or other media. It also includes policy manuals, job descriptions, flowcharts, and process models.

  41. COSO LO# 7 Framework Used by Management to Conduct Its Assessment Most entities use the framework developed by COSO.This framework identifies three primary objectives of internal control: (1) reliable financial reporting;(2) efficiency and effectiveness of operations;and (3) compliance with laws and regulations.

  42. Evaluate management’sassessment process. Performing an Audit of Internal Control over Financial Reporting Plan the engagement. The auditor typically obtains his or her understanding of management’s assessment process through inquiry of management and others.

  43. Evaluate management’sassessment process. Obtain and document anunderstanding of internal control. Performing an Audit of Internal Control over Financial Reporting Plan the engagement. As part of gaining this understanding the auditor must: • Understand and assess company-level controls. • Evaluate the effectiveness of the audit committee. • Identify significant accounts. • Identify relevant financial statement assertions. • Identify significant processes and major classes of transactions. • Understand the period-end financial reporting process. • Perform walkthroughs. • Identify controls to test.

  44. Evaluate the management’sassessment process. Obtain and document anunderstanding of internal control. Evaluate the design effectiveness of internal control. Performing an Audit of Internal Control over Financial Reporting Plan the engagement. Controls are effectively designed when they prevent or detect errors or fraud that could result in material misstatements in the financial statements.

  45. Evaluate the management’sassessment process. Obtain and document anunderstanding of internal control. Evaluate the design effectiveness of internal control. Test and evaluate the operatingeffectiveness of internal control. Performing an Audit of Internal Control over Financial Reporting Plan the engagement. In testing the effectiveness of controls, the auditor needs to consider the nature, timing, and extentof testing.

  46. Evaluate the management’sassessment process. Obtain and document anunderstanding of internal control. Evaluate the design effectiveness of internal control. Test and evaluate the operatingeffectiveness of internal control. Form an opinion of theeffectiveness of internal control. Performing an Audit of Internal Control over Financial Reporting Plan the engagement. The auditor should evaluate all evidence before forming an opinion on internal control, including (1) the adequacy of management’s assessment, (2) the results of the auditor’s evaluation, (3) the negative results of substantive procedures performed, (4) any control deficiencies.

  47. Special Consideration:Using the Work of Others AS2 requires the auditor to perform enough of the testing that his or her own work provides the principal evidence for the auditor’s opinion. However, a major consideration for the external auditor is how much the work performed by others (internal auditors or others working for management) can be relied on in adjusting the nature, timing, or extent of the auditor’s work. In determining the extent to which the auditor may use the work of others, the auditor should: (1) evaluate the nature of the controls subjected to the work of others, (2) evaluate the competence and objectivity of the individuals who performed the work, and (3) test some of the work performed by others to evaluate the quality and effectiveness of their work.

  48. Written Representations In addition to the management representations obtained as part of a financial statement audit, the auditor also obtains written representations from management related to the audit of internal control over financial reporting. Failure to obtain written representations from management, including management’s refusal to furnish them, constitutes a limitation on the scope of the audit sufficient to preclude an unqualified opinion.

  49. Auditor Documentation Requirements The auditor must properly document the processes, procedures, judgments, and results relating to the audit of internal control. When an entity has effective internal control over financial reporting, the auditor should be able to perform sufficient testing of controls to assess control risk for all relevant assertions at a low level.

  50. Reporting on Internal Control Sarbanes-Oxley requires management’s description of internal control to include: • A statement of management’s responsibility for establishing and maintaining adequate internal control. • A statement identifying the framework used by management to conduct the required assessment of the effectiveness of the company’s internal control. • An assessment of the effectiveness of the company’s internal control as of the end of the most recent fiscal year, including an explicit statement as to whether internal control is effective. • A statement that the public account firm that audited the financial statements included in the annual report has issued an attestation report on management’s assessment of internal control.

More Related