The Audit Market Principles of Auditing: An Introduction to International Standards on Auditing - Ch. 2 Rick Stephan Hayes, Philip Wallage, and Hans Gortemaker
Management controls the accounting systems, the internal controls, and the financial reports to investors. • Management is not independent or objective because their success depends on positive reports. • The auditor increases the confidence of the report users by giving an independent opinion on the fairness of these reports.
Demand for audit services explained by several different theories: • The Policeman Theory • The Lending Credibility Theory • The Theory of Inspired Confidence • Agency Theory
Agency Theory • A company is viewed as the result of 'contracts', in which several groups make some kind of contribution to the company, given a certain 'price'. • Management is seen as the “agent,” trying to obtain contributions from “principals” such as bankers, stockholders and employees. • Management tries to do what is best for management and has a considerable advantage over the principals regarding information about the company (information asymmetry). • Cost of an agency relationship are monitoring costs, bonding costs, and residual loss.
Audits Required • In most countries, audits are now legally required for some types of companies (statutory audits) • E.g., listed companies, companies receiving government money, certain industries • Major bourses (including NYSE, NASDAQ, London Stock Exchange, Tokyo NIKKEI, and Frankfurt DAX) have listing rules that require all companies to have an audited annual report.
Audit Regulation Although there is regulation around the world, two that may be the most influential are: • The Sarbanes-Oxley Act of 2002 required the U.S. Securities and Exchange Commission (SEC) to create a Public Company Accounting Oversight Board (PCAOB). • European Union Eighth Council Directive 84/253/EEC and EU Directive 2006/43/EC
Independent Oversight • International Forum of Independent Audit Regulators (IFIAR), • In Australia - Financial Reporting Council, • In the UK -The Review Board, • In the Netherlands - Authority for the Financial Markets (AFM), • France - Autorité des marchés financiers(AMF) • USA -Public Company Accounting Oversight Board
The International Forum of Independent Audit Regulators (IFIAR) Core Principles • comprehensive and well defined accounting and auditing principles and standards • legal requirements for the preparation and publication of financial statements according to those principles and standards; • an enforcement system for preparers of financial statements to ensure compliance with accounting standards • corporate governance practices that support high‐quality corporate reporting and auditing practice; and • effective educational and training arrangements for accountants and auditors.
Who supervises Auditingrules and Auditing Firms? Public Company Accounting Oversight Board (PCAOB) Created by the Sarbanes-Oxley Act of 2002 US classes
PCAOB’s Audit Standards PCAOB has passed 16 audit standards as of December 2010. They also enforce as “temporary standards” the existing audit standards by the Audit Standards Board called Statements of Audit Standards (SAS) US classes
PCAOB’s Audit Standards – US classes • AS No. 1: References in Auditors’ Reports to the Standards of the Public Company Accounting Oversight Board • AS No. 3: Audit Documentation • AS No. 4: Reporting on Whether a Previously Reported Material Weakness Continues to Exist • AS No. 5: An Audit of Internal Control Over Financial Reporting That Is Integrated with An Audit of Financial Statements • AS No. 6: Evaluating Consistency of Financial Statements • AS No. 7: Engagement Quality Review US classes
PCAOB’s Audit Standards – US classes • AS No. 8: Audit Risk • AS No. 9: Audit Planning • AS No. 10: Supervision of the Audit Engagement • AS No. 11: Consideration of Materiality in Planning and Performing an Audit • AS No. 12: Identifying and Assessing Risks of Material Misstatement • AS No. 13: The Auditor's Responses to the Risks of Material Misstatement • AS No. 14: Evaluating Audit Results • AS No. 15: Audit Evidence US classes
Communications With Audit Committees (PCAOB Audit Standard 16) • http://pcaobus.org/Rules/Rulemaking/Docket030/Release_2012-004.pdf (August 15, 2012) • Replaces AU 310 and 380 • Requires the auditor to record the terms of the engagement in an engagement letter, to have the engagement letter signed and determine that the audit committee has acknowledged and agreed to the terms. • Adds a requirement for the auditor to communicate to the audit committee significant unusual transactions that are outside the normal course of business for the company or that otherwise appear to be unusual and to communicate the auditor's understanding of the business rationale for such transactions. • improves and enhances current auditor communication requirements (pages 9-12)
PCAOB Audit Standard # 1: References in Auditors’ Reports to the Standards of the Public Company Accounting Oversight Board • adopted as interim standards, on an initial, transitional basis, GAAP in AICPA’s Auditing Standards Board's Statement on Auditing Standards No. 95 • the auditor in their opinion must refer to "the standards of the Public Company Accounting Oversight Board (United States)." US classes
Report of independent Registered Public Accounting Firm The Board of Directors and Shareholders of Wal-Mart Stores, Inc. We have audited the accompanying consolidated balance sheets of Wal-Mart Stores, Inc. as of January 31, 2010 and 2009, and the related consolidated statements of income, shareholders’ equity, and cash flows for each of the three years in the period ended January 31, 2010. These financial statements are the responsibility of the Company’s management. Our responsibility is to express an opinion on these financial statements based on our audits. We conducted our audits in accordance with the standards of the Public Company Accounting Oversight Board (United States). Those standards require that we plan and perform the audit to obtain reasonable assurance about whether the financial statements are free of material misstatement. An audit includes examining, on a test basis, evidence supporting the amounts and disclosures in the financial statements. An audit also includes assessing the accounting principles used and significant estimates made by management, as well as evaluating the overall financial statement presentation. We believe that our audits provide a reasonable basis for our opinion. US classes
In our opinion, the financial statements referred to above present fairly, in all material respects, the consolidated fi nancial position of Wal-Mart Stores, Inc. at January 31, 2010 and 2009, and the consolidated results of its operations and its cash flows for each of the three years in the period ended January 31, 2010, in conformity with U.S. generally accepted accounting principles. As discussed in Note 8 to the consolidated financial statements, effective February 1, 2007, the Company changed its method of accounting for uncertainty in income taxes. We also have audited, in accordance with the standards of the Public Company Accounting Oversight Board (United States), Wal-Mart Stores, Inc.’s internal control over financial reporting as of January 31, 2010, based on criteria established in Internal Control – Integrated Framework issued by the Committee of Sponsoring Organizations of the Treadway Commission and our report dated March 30, 2010 expressed an unqualified opinion thereon. Ernst & Young Rogers, Arkansas March 30, 2010 US classes
PCAOB Audit Standard # 3: Audit Documentation • This standard establishes general requirements for documentation the auditor should prepare and retain in connection with engagements • Audit documentation is the written record of the basis for the auditor's conclusions that provides the support for the auditor's representations, whether those representations are contained in the auditor's report or otherwise • The auditor must retain audit documentation for seven years from the date the auditor grants permission to use the auditor's report in connection with the issuance of the company's financial statements ( report release date ), US classes
PCAOB Audit Standard # 4: Reporting on Whether a Previously Reported Material Weakness Continues to Exist • Establishes requirements and provides direction that apply when an auditor is engaged to report on whether a previously reported material weakness in internal control over financial reporting continues to exist as of a date specified by management US classes
Report of Independent Registered Public Accounting Firm We have previously audited and reported on management's annual assessment of XYZ Company's internal control over financial reporting as of December 31, 200X based on [ Identify control criteria, f or example, "criteria established in Internal Control-Integrated Framework issued by the Committee of Sponsoring Organizations of the Treadway Commission (COSO)." ]. Our report, dated [ date of report ], identified the following material weakness in the Company's internal control over financial reporting: [ Describe material weakness ] We have audited management's assertion, included in the accompanying [title of management's report], that the material weakness in internal control over financial reporting identified above no longer exists as of [ date of management's assertion ] because the following control(s) addresses the material weakness: [ Describe control(s) ] … In our opinion, the material weakness described above no longer exists as of [ date of management's assertion ]. ….. US classes
PCAOB Audit Standard # 5: An Audit of Internal Control Over Financial Reporting That Is Integrated with An Audit of Financial Statements • This standard establishes requirements when an auditor is engaged to perform an audit of management's assessmentof the effectiveness of internal control over financial reporting("the audit of internal control over financial reporting") that is integrated with an audit of the financial statements. • If one or more material weaknesses exist, the company's internal control over financial reporting cannot be considered effective. • The audit of internal control over financial reporting should be integrated with the audit of the financial statements. US classes
Report of Independent Registered Public Accounting Firm on Internal Control Over Financial Reporting The Board of Directors and Shareholders of Wal-Mart Stores, Inc. We have audited Wal-Mart Stores, Inc.’s internal control over financial reporting as of January 31, 2010, based on criteria established in Internal Control — Integrated Framework issued by the Committee of Sponsoring Organizations of the Treadway Commission (the COSO criteria). Wal-Mart Stores, Inc’s management is responsible for maintaining effective internal control over financial reporting, and for its assessment of the effectiveness of internal control over financial reporting included in the accompanying “Management’s Report to Our Shareholders.” Our responsibility is to express an opinion on the Company’s internal control over financial reporting based on our audit. We conducted our audit in accordance with the standards of the Public Company Accounting Oversight Board (United States). Those standards require that we plan and perform the audit to obtain reasonable assurance about whether effective internal control over financial reporting was maintained in all material respects. Our audit included obtaining an understanding of internal control over financial reporting, assessing the risk that a material weakness exists, testing and evaluating the design and operating effectiveness of internal control based on the assessed risk, and performing such other procedures as we considered necessary in the circumstances. We believe that our audit provides a reasonable basis for our opinion. A company’s internal control over financial reporting is a process designed to provide reasonable assurance regarding the reliability of financial reporting and the preparation of financial statements for external purposes in accordance with generally accepted accounting principles. A company’s internal control over financial reporting includes those policies and procedures that: (1) pertain to the maintenance of records that, in reasonable detail, accurately and fairly reflect the transactions and dispositions of the assets of the company;. US classes
(2) provide reasonable assurance that transactions are recorded as necessary to permit preparation of financial statements in accordance with generally accepted accounting principles, and that receipts and expenditures of the company are being made only in accordance with authorizations of management and directors of the company; and (3) provide reasonable assurance regarding prevention or timely detection of unauthorized acquisition, use or disposition of the company’s assets that could have a material effect on the financial statements Because of its inherent limitations, internal control over financial reporting may not prevent or detect misstatements. Also, projections of any evaluation of effectiveness to future periods are subject to the risk that controls may become inadequate because of changes in conditions, or that the degree of compliance with the policies or procedures may deteriorate. In our opinion Wal-Mart Stores, Inc. maintained, in all material respects, effective internal control over financial reporting as of January 31, 2010, based on the COSO criteria. We also have audited, in accordance with the standards of the Public Company Accounting Oversight Board (United States), the consolidated balance sheets of Wal-Mart Stores, Inc. as of January 31, 2010 and 2009, and related consolidated statements of income, shareholders’ equity and cash flows for each of the three years in the period ended January 31, 2010 and our report dated March 30, 2010 expressed an unqualified opinion thereon. Ernst & Young Rogers, Arkansas March 30, 2010 US classes
PCAOB Audit Standard # 6: Evaluating Consistency of Financial Statements • This standard establishes requirements for the auditor's evaluation of the consistency of the financial statements. • The auditor should recognize the following matters in an explanatory (matter of emphasis) paragraph a relating to the consistency of the company's financial statements in the auditor's report if those matters have a material effect on the financial statements: • A change in accounting principle • An adjustment to correct a misstatement in previously issued financial statements. US classes
Auditing Standard # 7: Engagement Quality Review • An engagement quality review and concurring approval of issuance are required for each audit engagement and for each engagement to review interim financial information • The objective of the engagement quality reviewer is to perform an evaluation of the significant judgments made by the engagement team and the related conclusions reached in forming the overall conclusion on the engagement in order to determine whether to provide concurring approval of issuance • An engagement quality reviewer must have competence, independence, integrity, and objectivity US classes
Auditing Standard # 8: Audit Risk • This standard discusses the auditor's consideration of audit risk • Risk of material misstatement at the assertion level consists of the following components: Inherent risk and Control risk • The auditor uses the assessed risk of material misstatement to determine the appropriate level of Detection risk for a financial statement assertion. US classes
Auditing Standard # 9: Audit Planning • Establishes requirements regarding planning an audit. • The engagement partner is responsible for planning the audit • Planning the audit includes establishing the overall audit strategy for the engagement and developing an audit plan, which includes, in particular, planned risk assessment procedures and planned responses to the risks of material misstatement. US classes
Auditing Standard # 10: Supervision of the Audit Engagement • This standard establishes requirements regarding supervision of the audit engagement, including supervising the work of engagement team members. • The engagement partner is responsible for the engagement and its performance including PCAOB standards and the work of engagement personnel, specialists, other auditors, internal auditors, and others who are involved in testing controls US classes
Auditing Standard # 11: Consideration of Materiality in Planning and Performing an Audit • establishes requirements regarding the auditor's consideration of materiality in planning and performing an audit. • the Supreme Court of the United States - a fact is material if there is "a substantial likelihood that the …fact would have been viewed by the reasonable investor as having significantly altered the 'total mix' of information made available.“ US classes
AS #11 (cont) • To obtain reasonable assurance about whether the financial statements are free of material misstatement, the auditor should plan and perform audit procedures to detect misstatements that, individually or in combination with other misstatements, would result in material misstatement of the financial statements. US classes
Auditing Standard No. 12: : Identifying and Assessing Risks of Material Misstatement • Establishes requirements regarding the process of identifying and assessing risks of material misstatement of the financial statements. • The auditor should perform risk assessment procedures that are sufficient to provide a reasonable basis for identifying and assessing the risks of material misstatement, whether due to error or fraud. US classes
AS #12 Continued • This standard discusses the following risk assessment procedures: • Obtaining an understanding of the company and its environment (paragraphs 7-17); • Obtaining an understanding of internal control over financial reporting (paragraphs 18-40); • Considering information from the client acceptance and retention evaluation, audit planning activities, past audits, and other engagements performed for the company (paragraphs 41-45); • Performing analytical procedures (paragraphs 46-48); • Conducting a discussion among engagement team members regarding the risks of material misstatement (paragraphs 49-53); • Inquiring of the audit committee, management, and others within the company about the risks of material misstatement (paragraphs 54-58) US classes
Auditing Standard No. 13: The Auditor's Responses to the Risks of Material Misstatement Establishes requirements regarding designing and implementing appropriate responses to the risks of material misstatement. • Responses that have an overall effect on how the audit is conducted ("overall responses"), (paragraphs 5-7) - e.g., appropriate staff assignment, supervision, unpredictable audit procedures • Responses involving the nature, timing, and extent of the audit procedures to be performed, (paragraphs 8-46). US classes
Auditing Standard No. 14: Evaluating Audit Results • Establishes requirements regarding the auditor's evaluation of audit results and determination of whether he or she has obtained sufficient appropriate audit evidence which should include evaluation of the following: • The results of analytical procedures performed in the overall review of the financial statements ("overall review"); • Misstatements accumulated during the audit, including, in particular, uncorrected misstatements; • The qualitative aspects of the company's accounting practices; • Conditions identified during the audit that relate to the assessment of the risk of material misstatement due to fraud ("fraud risk"); • The presentation of the financial statements, including the disclosures; • The sufficiency and appropriateness of the audit evidence obtained. US classes
Auditing Standard No. 15: Audit Evidence • Explains what constitutes audit evidence and establishes requirements regarding designing and performing audit procedures to obtain sufficient appropriate audit evidence. • Audit evidence is all the information, whether obtained from audit procedures or other sources, that is used by the auditor in arriving at the conclusions on which the auditor's opinion is based. US classes
AS #15 Sufficient Appropriate Audit Evidence • Sufficiency is the measure of the quantity of audit evidence affected by the following: • Risk of material misstatement or the risk associated with the control (risk increase amount of evidence increases) • Quality of the audit evidence obtained. • Appropriateness is the measure of the quality of audit evidence, i.e., its relevance and reliability. US classes
List of PCAOB Temporary Standards • AU Section 100 - Statements on Auditing Standards -- Introduction • AU Section 200 - The General Standards • AU Section 300 - The Standards of Field Work • AU Section 400 - The First, Second, and Third Standards of Reporting • AU Section 500 - The Fourth Standard of Reporting • AU Section 600 - Other Types of Reports • AU Section 700 - Special TopicsAU Section 800 - Compliance Auditing • AU Section 900 - Special Reports of the Committee on Auditing Procedures US classes
Big Four Firms & Non-Big Four • Deloitte, Ernst & Young, KPMG, PricewaterhouseCoopers • Second Tier – Grant Thornton; BDO Seidman; McGladrey & Pullen; Moss Adams; Myer, Hoffman & McCann; Crowe Group, American Express, BKD
Legal liability of the auditor • varies from country to country, district to district. • based on one or more of the following: • common law, • civil liability under statutory law, • criminal liability under statutory law, and • liability for members of professional accounting organizations.
Common Law Ultramares - Touche case (Ultramares Corporation v Touche et al.) • the accountants were negligent for not finding that a material amount of accounts receivable had been falsified when careful investigation would have shown it to be fraudulent, • not liable to a third party bank because the creditors were not a primary beneficiary, or known party, • called the Ultramares doctrine, that ordinary negligence is not sufficient for a liability to a third party because of lack of privity of contract between the third party and the auditor.
Caparo Industries, PLC v Dickman • The question in Caparo was the scope of the assumption of responsibility of the auditor if a clean opinion was given for negligent accounts, and what the limits of liability ought to be. • The House of Lords of the UK, following the Court of Appeal, set out a "three-fold test“ for an obligation (duty of care) to arise from negligence • harm must be reasonably foreseeable • the parties must be in a relationship of proximity and • it must be fair, just and reasonable to impose liability.
Civil Liability Under Statutory Law • The Securities Act of 1933 established the first U.S. statutory civil recovery rules for third parties against auditors. • Original purchasers have recourse against the auditor for up to the original purchase price if the financial statements are false or misleading. • The auditor has the burden of demonstrating that reasonable investigation was conducted or that all the loss of the purchaser of securities (plaintiff) was caused by factors other than the misleading financial statements.
Sarbanes OxleyAct of 2002 Civil Penalties forCEOs and CFOs • If there is a material restatement of a company’s reported financial results due to the material noncompliance of the company, as a result of misconduct, the CEO and CFO shall reimburse the company for any bonus or incentive or equity-based compensation received within the 12 months following the filing with the financial statements subsequently required to be restated (Section 304) • Financial statements filed with the SEC by any public company must be certified by CEOs and CFOs. If all financials do not fairly present the true condition of the company CEOs and CFOs may receive fines of up to $1 million. If certifications are made knowing the statements are incorrect, the fine can be up to $5 million.
Criminal Liability Under Statutory Law • The Securities Exchange Act of 1934 in the United States sets out (Rule 10b-5) criminal liability for the auditor to employ any device, scheme or artifice to defraud or intentionally or recklessly misrepresent information for third party use. • Not In Text Cases: In United States v. Natelli (1975)*United States v. Weiner (1975) * ESM Government Securities v. Alexander Grant & Co. (1986).
Sarbanes OxleyAct of 2002 Criminal Penalties forCEOs, CFOs and Auditors • To knowingly destroy, create, manipulate documents and/or impede or obstruct federal investigations is considered felony, and violators will be subject to fines or up to 20 years imprisonment, or both • All audit reports or related workpapers must be kept by the auditor for 7 years. Failure to do this may result in 10 years imprisonment. • CFOs and CEOs who falsely certify financial statements or internal controls are subject to 10 years imprisonment. Willful false certification may result ina maximum of 20 years imprisonment
Liabilities as Members of Professional Organizations Nearly all national audit professions have some sort of disciplinary court. The disciplinary court makes its judgment and determines the sanction. It may be: • a fine; • a reprimand (either oral or written); • a suspension for a limited period of time (e.g. 6 months); or • a lifetime ban from the profession.
In order to hold the auditor successfully legally liable in a civil suit, the following conditions have to be met: - US Classes An audit failure/neglect has to be proven (negligence issue). The auditor should owe a duty of care to the plaintiff (due professional care). The plaintiff has to prove a causal relationship between her losses and the alleged audit failure (causation issue) The plaintiff must quantify her losses (quantum issue).
financial risks resulting from litigation for audit firms European Union Commissioner Charlie McCreevy has said: “We have concluded that unlimited liability combined with insufficient insurance cover is no longer tenable. It is a potentially huge problem for our capital markets and for auditors working on an international scale. The current conditions are not only preventing the entry of new players in the international audit market, but are also threatening existing firms.”
Suggested Solutions to Auditor Liability • Some countries (e.g. Germany) have put a legally determined cap on the liability of auditors (to the client in the case of Germany) • A system of proportionate liability - an audit firm is not liable for the entire loss incurred by plaintiffs but only to the extent to which the loss is attributable to the auditor. • In order to protect the personal wealth of audit partners, some audit firms are structured as a limited liability partnership (e.g. in the UK).
Suggested Solutions to Auditor Liability (cont) • To make insurance of all liability risks compulsory using new legislation was one of the recommendations of a EU commission. • Exclude certain activities with a higher risk profile from the auditors' liability. A mechanism to achieve this outcome would be to introduce so-called safe harbour provisions by legislation.
Audit Expectations with regard to the following duties of auditors: giving an opinion on • the fairness of financial statements; • the company's ability to continue as a going concern; • the company's internal control system; • the occurrence of fraud; and • the occurrence of illegal acts.