PCAOB Audit Alert #11: New Internal Control Testing Standards & Excel

Compliance Made Simple

PCAOB AuditAlert #11 & Excel Tango

Updating your internal controls to the new standards

Sept. 24, 2014

Presented by:

Sonia Luna &

Rohn Martino

2Compliance Made Simple ™

Agenda

• Part II Reports Exposed– Lessons Learned– How Excel Impacts

failed areas

PCAOB Alert #11: Excel Tango

• PCAOB –Alert#11– Common Audit Failures– Level Of Precision– Old Vs. New– Key Report Testing

• Resources– COSO Implementation

LinkedIN Group– CCA & Excel Diagnostic

• Questions

Polling Question 1

Have you started to update your controls using the new PCAOB

Audit Alert #11 Standards?

Where am I? %age

A Running to Finish Line 75%

B Getting There 50%

C Formulating a Plan 25%

D Not Started 0%

• Caused audit procedure layering

• More in-depth written description of estimates and use of judgment, especially review controls

• Detailed documentation and testing of system reports utilized in performance of controls.

New PCAOB Auditing BAR!

External Audit Firm: Closing The Books (Findings)

Closing The Books [Contd.]

Source: PCAOB Audit Alert #11 (Oct. 2013)

Level of precision in Plain English?

• How detailed is management’s review of journal entries?

• Document your thought process– Dollar Threshold– Percentage of Revenue– Geographic Location– Lines of Business– Other Risk Factors– Timing

Good isn’t good enoughgood v. NEW PCAOB control Language

Older Language (“OK”)

Quarterly, Controller reviews the AR allowance for adequacy and reasonableness of reserve amounts by initialing and dating the “AR reserve” analysis.

Good isn’t good enoughgood v. NEW PCAOB control Language

Audit Controller initials & Match Total $ = DONE!

NEW PCAOB control Language“new standards for control language”

Updated Control (“Better”)

Quarterly, Controller reviews AR balances of significant customers with o/s balances greater than $10K and 5% of AR balance and those under that threshold by customer type (e.g. geographical location, types of orders, etc.), to review the AR allowance for accuracy and completeness. Adjustments, if needed, are sent via email to the AR manager, final review of the AR reserve analysis is initialed and dated by the Controller which agrees to the final g/l balance for the period.

Documentation in Excel

• Notate use of a threshold for review– What is sufficient?

• What other considerations are key?

• How to document Management’s review?

• Every reviewer is different – Depth of review Manager vs. Controller

Excel Risk Assessments

Key Steps:Step 1: Inventory your spreadsheetsStep 2: In-scope worksheets, rate them (see below)

Evaluate & Testing Strategies (High/Mod/Low)

Testing Sample – lead sheet

Automate Internal Controls for Excel

CIMCON Software provides a complete set of tools to automate your internal controls: • XLRisk for Discovery,

Risk Assessment and Link Mapping

• XLAudit for remediation of High Risk Files

• SOX-XL for Change Management, reviews and approvals

Automated Spreadsheet Inventory

• Scan network locations, SharePoint, workstations

• Create Inventory by Department

• File Details Scanned– # of Formulas– # of Links– # of Macros– Invisible Cells– Keywords– Hidden Rows– Over 30 more

Spreadsheet Risk Assessment

Identify the High, Medium and Low Risk spreadsheets in each department based on their Complexity, Materiality, and Criticality.

Spreadsheet Risk Assessment

For each High Risk spreadsheet, analyze its Risk Scorecard and the factors that make it high risk.

Data Lineage

• All Links Captured to Illustrate How Data Flows Within a Model

• Link Status is Checked and Displayed. Broken Links are highlighted.

• All File Types Shown

Formula and Cell Analysis

• Highlight Issues Directly Within the Spreadsheet

• Analyze Formulas for Errors, Best Practice, Logical Issues.– Formulas With Constants– Inconsistent Formulas– Invisible Cells– Numbers Formatted as Text– Over 50 Analyses

Reporting and Documentation

• Workbook Analysis ReportGenerate reports that documents all the attributes of the spreadsheet.

• Heat Map ReportHighlights possible issues or errors within the spreadsheet that may require remediation. – Broken Links– Invisible Cells– Formulas with Constants – Formulas with Absolute Cell

References– Cells with Errors– Numbers stored as text

Change Control

• Track all significant changes to the spreadsheet including changes to calculations, links, macros and queries.

• Set up email alerts, .exceptions or reporting on critical changes

Version Control

• Create snapshots of spreadsheets at key points in time (e.g. after Financial Close). • Compare any 2 snapshots (e.g. compare today’s version with last month’s approved version) to speed up reviews and approvals.

Management Review

Implement a structured, secure and fully documented review process, with management dashboards that speed reviews and financial close.

Benefits

For Excel Owners and Approvers: Implements a structured process to manage Excel to reduce errors, identify high risk files, and speed approvals at the time of financial close, using automated tools for file compare, audit trails and reports. Automated system for logic inspection, detection and removal of errors, and spreadsheet documentation eases compliance with policies and procedures.

For Auditors: Reduces cost from tedious and time-consuming audits of manual processes.

For Management: Reduce risk from spreadsheet errors that can cause huge losses, loss of reputation and stock price, using Management Information dashboards where risky activity is immediately highlighted.

Conclusion

The CIMCON Suite of tools implements a SpreadsheetManagement Process that is:

Traceable

Repeatable

Accountable

Auditable

Consistent

COSO Implementation Group

Join Our LinkedIn GroupCOSO Framework Discussion & Webinars

http://www.linkedin.com/groups/2013-COSO-Implementation-4888186/about

Technical Community sharing Ideas ,Templates, WEBINARS, Advise and Learn from others implementing new framework.

JOIN Today!

Control Compliance Analysis (“CCA”)

Email us for 5 SPOTS ONLY: Info@avivaspectrum.com

Subject: CCA

CCAReport

BenchmarkIn-take

Free Excel Toolkit ($400 Value)

• Visual logic inspection• Highlight errors in seconds • Documentation and Map Links• Over 50 Different Analyses

First 5 people to email us will win a free copy of XLAudit (limit 1 license per company): Info@avivaspectrum.com

Subject: XLAUDIT

Send Questions

Sonia Luna- President, CEOAviva Spectrumwww.linkedin.com/in/sonialuna www.slideshare.net/soxppt www.avivaspectrum.com/podcasts

Connect with Rohn

Rohn Martino Sr. Manager, Sales and MarketingCIMCON Softwarermartino@cimcon.comwww.linkedin.com/in/rohnmartinowww.sarbox-solutions.com(978) 692-9868 Ext. 222

PCAOB Audit Alert #11: New Internal Control Testing Standards & Excel

Business

REPORT ON OBSERVATIONS OF PCAOB …pcaobus.org/inspections/documents/4010_report_economic_crisis.pdf · REPORT ON OBSERVATIONS OF PCAOB ... audit procedures performed related to

20006-2803 - PCAOB · USG Corporation 550 W. Adams Street Chicago, IL 60661 (312) 436-4000 Office of the Secretary, PCAOB 1666 K Street, N.W. Washington, D.C. 20006-2803 Re: PCAOB

PCAOB Release No. 2013-006 -Second Report on the ......PCAOB Release No. 2013-006 August 19, 2013 Executive Summary The Public Company Accounting Oversight Board (the "PCAOB" or the

PCAOB Report Economic Crisis

PCAOB Ernst Young

PCAOB Auditing Standard no.4

LWLJDWLRQDQG,VVXHVLQWKH)LQDQFLDO&ULVLV ...11:15 a.m. The PCAOB s Concerns Messrs. Goelzer and Modesti A member of the PCAOB and its director of enforceme nt address the PCAOB s concerns,

PCAOB Inspection FindingsPCAOB Audit Committee … · PPT file · Web view2015-09-11 · PCAOB Inspection FindingsPCAOB Audit Committee DialogueAuditor Assessment Toolkit . Doug

PCAOB 2010 Deloitte Touche LLP

MOHSAN TANVEER PCAOB

PCAOB Enforcement: The Nuclear Option for Small & Mid ... · •PCAOB only has administrative proceedings. •PCAOB enforces laws and rules within the Board’s jurisdiction –PCAOB

PCAOB 1666 K Street N. W. - pcaobus.orgprovided to PCAOB Release No. 2016-003, the discussion in PCAOB Release No. 2017-001 and ... Please feel free to contact Professor Miguel Minutti-Meza

Everything You Always Wanted to Ask the PCAOB · 14/05/2019 · The PCAOB and the Big Four •How does the PCAOB interact with the Big Four? PCAOB board and staff Firm leadership

peADB - PCAOB

PCAOB Registered Firms

Guide to Pcaob Inspections - The Center for Audit … • GUIDE TO PCAOB INSPECTIONS How Are Audit Committees Involved in PCAOB Inspections? An inspection of an audit includes a review

STAFF AUDIT PRACTICE ALERT NO. 9 - PCAOB · STAFF AUDIT PRACTICE ALERT NO. 9 . ... as auditing fair value measurements, ... The purpose of this staff audit practice alert is to assist

PCAOB - Sarbanes Oxley Act of 2002

PCAOB Release 2013-008pcaobus.org/Rulemaking/Docket036/PCAOB_Release_2013_008.pdf · PCAOB Release No. 2013-008 October 10, 2013 PCAOB Rulemaking ... However, by its terms, Auditing

Staff Audit Practice Alert No. 3 - PCAOB · 1666 K Street, NW Washington, D.C. 20006 Telephone: (202) 207-9100 Facsimile: (202)862-8430 STAFF AUDIT PRACTICE ALERT NO. 3