sarbanes oxley act from an accounting point of view l.
Download
Skip this Video
Loading SlideShow in 5 Seconds..
Sarbanes-Oxley Act from an Accounting Point of View PowerPoint Presentation
Download Presentation
Sarbanes-Oxley Act from an Accounting Point of View

Loading in 2 Seconds...

play fullscreen
1 / 35

Sarbanes-Oxley Act from an Accounting Point of View - PowerPoint PPT Presentation


  • 102 Views
  • Uploaded on

Sarbanes-Oxley Act from an Accounting Point of View. Or “Is There Anything About SOX That I Have Not Heard Before?”. Objectives. Discuss how SOX has generally affected the CPA profession (the outside auditors)

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'Sarbanes-Oxley Act from an Accounting Point of View' - alton


Download Now An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
sarbanes oxley act from an accounting point of view

Sarbanes-Oxley Act from anAccounting Point of View

Or

“Is There Anything About SOX

That I Have Not Heard Before?”

John White, PhD, CPA

objectives
Objectives
  • Discuss how SOX has generally affected the CPA profession (the outside auditors)
  • Discuss the CPA’s use of internal control information in the audit of financial statements, both past and present (SOX)
  • Discuss the CPA’s new interest in IT auditing and the internal and IT auditor’s new interest in the CPA’s FS audit

John White, PhD, CPA

quick review of sox
Quick Review of SOX
  • Became law in 2002, fully effective in ‘04
  • Seeks to protect investors by improving the accuracy and reliability of corporate disclosures (financial statements or FS) made pursuant to the securities laws
  • Requires most public companies and their external auditors to report on the effectiveness of internal control (IC) over financial reporting including FS

John White, PhD, CPA

quick review of sox cont
Quick Review of SOX (cont.)
  • The mgmt report on IC will clearly state that mgmt is responsible for and has established and understands IC
    • Thus, mgmt in the c-suite (or below) cannot say “I didn’t know” or “I didn’t understand”
    • Mgmt must state that “We designed IC and IC is operating and IC is effective”
    • Mgmt must also report quarterly and annually any changes in IC over FS

John White, PhD, CPA

quick review of sox cont5
Quick Review of SOX (cont.)
  • Outside auditors must audit mgmt’s assessment of IC and the assessment process, and give an opinion as to whether mgmt’s assessment is correct or incorrect
  • Outside auditors must also assess and give an opinion on IC effectiveness, i.e., CPAs must audit IC in addition to the FS
  • Mgmt must give its outside auditors documentation of its processes, evidence of functioning IC over the processes, and documented results of testing procedures

John White, PhD, CPA

quick review of sox cont6
Quick Review of SOX (cont.)
  • SOX established the Public Company Accounting Oversight Board (PCAOB)
  • Outside auditors (CPAs) will also be subject to an “audit” by PCAOB of their internal procedures, processes, quality controls, and general adherence to auditing standards in conducting outside audits of IC and FS of public companies

John White, PhD, CPA

pcaob duties
PCAOB Duties
  • Register CPA firms that prepare audit reports
  • Establish auditing, quality control, ethics, independence, & other standards relating to the preparation of audit reports (This is a big change for CPAs!)
  • conduct inspections of adherence to auditing standards of registered CPAs in accordance with PCAOB rules

John White, PhD, CPA

pcaob duties cont
PCAOB Duties (cont.)
  • Conduct investigations and disciplinary proceeding of CPA firms & CPAs
  • Perform other duties

John White, PhD, CPA

big changes for cpas
Big Changes for CPAs
  • CPAs are “licensed” by each state, but….
  • CPAs are “governed” by the American Institute of Certified Public Accountants (AICPA)
  • The AICPA has set auditing, attestation, and ethics standards for CPAs in the past, i.e., the CPA profession has been self-governed as to auditing standards

John White, PhD, CPA

big changes for cpas10
Big Changes for CPAs
  • Auditing standards used by CPAs were promulgated by the AICPA
  • The AICPA issued 10 generally accepted auditing standards (GAAS)
  • Two examples of GAAS
    • An understanding of IC should be obtained to plan the audit and determine testing of IC
    • Sufficient competent evidence should be obtained to support the audit opinion

John White, PhD, CPA

big changes for cpas11
Big Changes for CPAs
  • AICPA has also issued over 100 more specific and detailed Statements on Auditing Standards or SAS
  • Several SASs pertain to the understanding of IC needed by the CPA for the audit of FS – SAS 55, 78, & 94
  • PCAOB has adopted all SASs as their standards until replaced by new AS

John White, PhD, CPA

big changes for cpas12
Big Changes for CPAs
  • Prior to SOX, CPAs had to understand IC, but not audit nor give an opinion on IC itself, only an opinion on FS
  • Since the audit opinion did not cover IC, CPA could collect evidence about FS $ amounts using methods that did not require strong IC, i.e., substantive testing
    • This “model” is gone with the wind
    • Must audit IC which means audit IT IC

John White, PhD, CPA

big changes for cpas13
Big Changes for CPAs
  • PCAOB has issued AS #2 – Auditing IC over Financial Reporting as of 3/9/04
  • CPAs will have to become more knowledgeable and competent concerning IT controls and IT auditing
    • Auditing “around” the computer is dead
    • Continuous auditing will grow, e.g.
      • Embedded audit modules
      • Snapshots
      • Integrated test facilities

John White, PhD, CPA

how does the cpa audit fs
How Does the CPA Audit FS?
  • Understand the business & its processes & its information system
    • Start with the financial cycles of the business
      • Revenue cycle, expenditure cycle, conversion cycle
    • What are the significant and material accounts in the FS (all of them?) and which financial cycles produce them and what process do they go through in each cycle in the sequence of recognition, authorization, recording, summarizing, and reporting?

John White, PhD, CPA

the cpa audit of fs cont
The CPA Audit of FS (cont.)
  • Understand mgmt’s assertions about FS
    • Existence or occurrence – do assets exist and did revenues actually occur (World Com ?)
    • Completeness – have all liabilities and expenses have been reported (Enron ?)
    • Valuation or allocation - $ amount is correct?
    • Rights and obligations – assets & liabilities
    • Presentation and disclosure – format and classifications of BS and IS and content of notes

John White, PhD, CPA

the balance sheet
The Balance Sheet

ASSETS

LIABILITIES & EQUITY

Cash

  • LIABILITIES
  • Accts Payable
  • Accrued Expense
  • Notes Payable
  • Bonds Payable

Accounts Receivable

Inventory

=

Long-term Assets

Less: Accum Depr

  • OWNERS EQUITY
  • Common Stock
  • Retained Earnings
  • Other Comp. I/L

Other Assets

John White, PhD, CPA

the income statement
The Income Statement

John White, PhD, CPA

the cpa audit of fs cont18
The CPA Audit of FS (cont.)
  • Determine any threats to mgmt’s assertions about its FS
  • Determine if IC are in place to mitigate the threats and risks concerning mgmt’s assertions about FS
    • Design of controls
    • Operation of controls
    • Effectiveness of controls via testing

John White, PhD, CPA

the cpa audit of fs cont19
The CPA Audit of FS (cont.)
  • Plan the audit based on the strength or weakness of controls and the assessed level of control risk
    • If strong IC, less substantive testing and evidence
    • If weak IC, more substantive testing and evidence
  • Before SOX, could ignore IC, assess IC risk at max, and perform more substantive testing to reach conclusion

John White, PhD, CPA

internal controls
Internal Controls
  • IC is part of management’s planning & control function
  • Internal control (IC) of what?
    • Business processes & procedures
      • The system of IC is itself a business process
    • SOX only addresses IC over Financial Reporting and FS
    • Both manual controls and IT controls are included in the scope

John White, PhD, CPA

internal controls21
Internal Controls
  • Who defines IC and its processes?
    • The committee of Sponsoring Organizations of the Treadway Commission, aka COSO
    • COSO has issued a report in 1992 defining and discussing the objectives and components of IC
    • COSO’s framework of IC has been blessed by PCAOB AS #2 as one that can be used by companies and CPAs in their SOX compliance; others can be used instead

John White, PhD, CPA

slide22
COSO
  • Who are the sponsoring organizations?
    • AICPA, IIA, FEI, IMA, AAA
  • COSO was formed to reach agreement on a definition of IC
  • COSO has recently updated and expanded its original framework
    • Not widely reported nor discussed, but it is COSO nevertheless and the auditor may want to use it in the audit of IC

John White, PhD, CPA

coso ic framework in 3 d
COSO IC Framework in 3-D

John White, PhD, CPA

coso control activities component
COSO Control Activities Component
  • Computer Controls
    • General controls
    • Application controls
  • Physical controls – all systems incl. IT
    • Transaction authorization
    • Segregation of duties
    • Supervision
    • Accounting records
    • Access control
    • Independent verification

John White, PhD, CPA

coso information communication
COSO Information & Communication
  • The AIS consists of the records and methods used to initiate, identify, analyze, classify, and record the transactions and to account for the related assets and liabilities
  • The quality of information generated by the AIS impacts management’s ability to take actions and make decisions and to prepare accurate and reliable financial statements

John White, PhD, CPA

coso information communication26
COSO Information & Communication
  • An effective AIS will
    • Identify and record all financial transactions
    • Provide timely information in sufficient detail to permit classification and financial reporting
    • Accurately measure the financial value of transactions so their effects can be recorded in the financial statements in the proper $ amount
    • Accurately record transactions in the time period in which they occurred

John White, PhD, CPA

coso information communication27
COSO Information & Communication
  • The auditor must have sufficient knowledge of the AIS to understand:
    • The classes of transactions that are material to the FS and how they are initiated
    • The accounting records and accounts used in processing transactions
    • Transaction processing steps involved from initiation of a transaction to its inclusion in the financial statements
    • The financial reporting process used to prepare financial statements, disclosures, and accounting estimates

John White, PhD, CPA

coso risk mgmt framework
COSO Risk Mgmt Framework

John White, PhD, CPA

sox coso and cobit
SOX, COSO, and CobiT
  • SOX requires assessment of IC
  • SOX suggest COSO as an IC framework to use in assessing IC
  • COSO does not specify specific IT control objectives or procedures
  • CobiT can (should? must?) be combined with COSO to forge a complete IC framework that includes IT control activities

John White, PhD, CPA

pcaob audit standard 2
PCAOB Audit Standard #2
  • 185 pages
  • Defines an IC deficiency, significant deficiency, and material weakness
    • IC cannot be effective if a material weakness exists
    • Inadequate documentation by management is a deficiency in IC over FS
      • Documentation includes design and planned operation
      • Also includes mgmt’s process to evaluate IC

John White, PhD, CPA

pcaob audit standard 2 cont
PCAOB Audit Standard #2 (cont.)
  • IT general controls mentioned
    • Program development
    • Program change controls
    • Computer operation controls
    • Access security of programs and data

John White, PhD, CPA

pcaob audit standard 2 cont32
PCAOB Audit Standard #2 (cont.)
  • Using the work of others: internal auditors, IT auditors, and others
  • CPA must evaluate the competence and objectivity of IA or ITA
    • Competence factors
      • Education & experience
      • Professional certification & continuing education
      • Supervision & review of their activities
      • Quality of the documentation of their work
      • Performance evaluations

John White, PhD, CPA

pcaob audit standard 2 cont33
PCAOB Audit Standard #2 (cont.)
    • Objectivity factors
      • Who they report to
      • Policies/procedures relating to objectivity and conflict of interest of IA/ITA
  • CPA must test the work (tests) of IA/ITA to evaluate their quality & effectiveness
  • CPA must product the majority of IC evidence himself by independent (of IA) testing

John White, PhD, CPA

pcaob as 2 and cobit
PCAOB AS #2 and CobiT

John White, PhD, CPA

any conclusions
Any Conclusions ??
  • The worlds of IA and CPA have collided
  • The CPA must increase knowledge and skills in IT auditing, with all that entails
  • IA must spend more time documenting their systems because of the control deficiency definition
  • IA must increase knowledge and skills in accounting, financial reporting, and mgmt’s FS assertions

John White, PhD, CPA