Upload
milton-harper
View
217
Download
0
Tags:
Embed Size (px)
Citation preview
Auditing: Complying with the 11 Most Dangerous Standards
Gary Zeune, CPAThe Pros & The Cons
10356 Wellington Blvd, Suite DPowell, OH 43065
Phone 614-761-8911Fax 206-202-0880
v3
Auditing: 11 Dangerous Standards
2
Required Legal StuffThese materials were developed by Gary D. Zeune.
The following policies govern their use:1. These materials are intended for use in group study situations and
were not developed for self study or reference uses. These materials are copyrighted. Reproduction of the manual or any portion of it is prohibited unless written permission has been obtained from Gary D. Zeune.
2. These materials were prepared solely for the purpose of continuing professional education. They are distributed with the understanding that Gary Zeune is not engaged in rendering legal, accounting, or other professional services. If legal advice or other expert assistance is required, the services of a competent professional should be sought.
3. Participants are advised that the Statement on Standards for Formal Continuing Education (CPE) Programs places responsibility on both the individual participant and the program sponsor to maintain a record of attendance at a CPE program.
4. The information the participant should keep on each program is (a) sponsor's name, (b) title and/or description of content, (c) date(s) of the program, (d) location, (e) number of CPE contact hours. This information is found in the printed program for most courses or conferences and/or in a CPE attendance record form. Either or both of these documents should be kept for an appropriate period to enable regular periodic reporting to jurisdictional board(s) and to professional organizations requiring such reports.
Auditing: 11 Dangerous Standards
3
Manual Posted Online
This manual is posted at www.TheProsAndTheCons.com/manuals.It can be viewed and printed but not downloaded, edited or saved on your computer.
Auditing: 11 Dangerous Standards
4
Stay up to date with Mr. Zeune's free electronic newsletter.
Send an email [email protected] with SUBSCRIBE FRAUD in the subject line and include your email address in the body.
There is no cost and you can unsubscribe at any time.
Free: Leading Edge Information Every Week
“Just wanted to let you know that I appreciate being on your distribution list. I have found that there are many items that you refer to me that are helpful.”. . .Mike McGlynn
Auditing: 11 Dangerous Standards
5
11 Dangerous Auditing Standards
OverviewSAS 102 Defining Professional Requirements SAS 1 Training, Proficiency, and Independence SAS 45 Related PartiesSAS 54 Illegal Acts by ClientsSAS 56 Analytical ProceduresSAS 57 Auditing Accounting EstimatesSAS 59 Consideration of Going ConcernSAS 67 The Confirmation ProcessSAS 85 Management RepresentationsSAS 99 Consideration of Fraud in a Financial
Statement AuditSAS 103 Audit Documentation
Auditing: 11 Dangerous Standards
6
Bank President
Auditing: 11 Dangerous Standards
7
Where Danger Comes From…….
“The vast majority [at 90% where the potential damages exceed $10 million] of serious cases brought against accounting firms allege failures to comply with generally accepted auditing standards,” Accountants’ Liability, Practising Law Institute, Goldwasser, Arnold & Eickemeyer. Dan is past chair of the firm's Professional Liability Litigation Practice Group and has defended professionals in 200 liability cases.
Dan Goldwasser212-407-7710
Auditing: 11 Dangerous Standards
8
Are You Protected?
Question: If you miss a material fraud, get sued, and can show with a parade of experts that you performed a GAAS audit, that you put all the check marks in all the right boxes, is the jury bound to find you not liable?
Yes No
Why? GAAP and GAAS do NOT have the weight of law.
Auditing: 11 Dangerous Standards
9
Expectation Gap Danger
Auditors
Judges, juries, SEC MIN
MAX
Auditing: 11 Dangerous Standards
10
GAAP + GAAS Not Good Enough
1. Liability requires scienter 2. Scienter = intentional or reckless conduct
evincing a deliberate disregard for the consequences
3. “Good soldier” defense doesn’t work4. Failure to follow firm’s _____________________
often evidence of scienter
professional standards
Auditing: 11 Dangerous Standards
11
GAAP + GAAS Not Good Enough
1. SEC v. Arthur Young…..Court of Appeals held for the firm since it fulfilled its professional obligations by complying with GAAS. BUT, the court noted that compliance with GAAP would not immunize an accountant who consciously does not disclose a known material fact.
Auditing: 11 Dangerous Standards
12
Looking the Other Way
Willful blindness
A person tries to avoid knowing something that will incriminate him. Defendant “knows” anyway because of the high probability of its existence.
Deliberate ignorance
People who, recognizing the likelihood of wrongdoing, consciously refuse to take basic steps to discern the truth.
Conscience avoidance
If a defendant claims a lack of knowledge, and the facts suggest a conscious course to avoid learning the truth, then the defendant may be charged with knowledge.
“Good soldier”
“I was just _________________,” doesn’t _________. WHY ________________.
following orderswork You’re a CPA
Auditing: 11 Dangerous Standards
13
“I Didn’t Know” Doesn’t Work
Bernie Ebbers CEO Bernie Ebbers CEO Supreme Court refused to Supreme Court refused to hear appeal of 25 year hear appeal of 25 year sentence, 3/5/07sentence, 3/5/07
Scott Sullivan CFO 5 years
Andersen conviction is Andersen conviction is overturned but settles overturned but settles for $65 millionfor $65 million
Buford Yates, Dir Gen Acctg1 year + a day
David MyersController 1 yearBetty Vinson 5 months
Troy Norman 3 yrs probation
Auditing: 11 Dangerous Standards
14
Average Size of Claims by Engagement Type
0 50 100 150 200 250 300 350 400
Other
Consulting
Executor Trustee
Invest/PFP
Write up/Bookkeeping
Compilation
Review
Audit
Tax
Camico Insurance
Auditing: 11 Dangerous Standards
15
Frequency & Severity of Audit Claims by Loss
0 10 20 30 40 50
Other
Tax
Adverse Financial: Business Failure
Adverse Financial: Sale/Purchase
Adverse Financial: Business
Adverse Financial: Personal
Creditor
Fraud/Defalcation
Severity Frequency
Auditing: 11 Dangerous Standards
16
Significant Claims (over $100,000)
0 5 10 15 20 25 30 35
Other
Adverse Financial: Business
Adverse Financial: Personal
Creditor Decisions
Fee Disputes
Tax Loss
Fraud
Severity Frequency
Auditing: 11 Dangerous Standards
17
Non-public Audit Claims by Cause of Loss
A Perspective on Audit Malpractice Claims, J of A, Sept 2002www.aicpa.org/pubs/jofa/sep2002/anderson.htm
Auditing: 11 Dangerous Standards
18
Non-public Audit Claims by Client Industry
A Perspective on Audit Malpractice Claims, J of A, Sept 2002www.aicpa.org/pubs/jofa/sep2002/anderson.htm
Auditing: 11 Dangerous Standards
19
Newspaper Materiality
A little number is material when it gets you or your company or firm on the front page of the paper.
Auditing: 11 Dangerous Standards
20
Little Numbers That Are Material
Bank loan covenant requires minimum income $1,000,000
1st pass at income $980,000
Reduced bad debt expense +$31,000
Income $1,011,000
Companygets clean
opinion
Goesbankrupt
Bank suesFirm
‘conspired’ with
borrower
Little numbers are material if they accomplish a _________________________SIGNIFICANT EVENT
Auditing: 11 Dangerous Standards
21
Zero Tolerance CPAs
What used to be OK isn’t any longer….
Example:_____________________________________________________________________________
Is it ethical to allow clients or your
company to take immaterial but
illegal tax deductions?
Auditing: 11 Dangerous Standards
22
How Can This Happen
Suppose it’s June 2001. . . .
Question: Can a handful of people in a Big-5 firm take the entire firm down over 1 audit client?
Answer: __________________ABSOLUTELY NOT
Auditing: 11 Dangerous Standards
23
Andersen Fatal Flaw
1. Professional Standards Group
2. Engagement partners could override PSG
Auditing: 11 Dangerous Standards
24
Accountants Under Fire
For decades the accounting profession basked in the highest kind of public confidence. Now all at once there are more than 50 major lawsuits pending against the big public accounting firms, charging irregularities and negligence in preparing earnings reports and other financial statements. With equal suddenness a barrage of public criticism has landed on the profession for its highly flexible "generally accepted accounting principles." Perhaps most worrisome of all to the CPAs and to the management that employ them, the Securities & Exchange Commission has been issuing thinly disguised threats to take unilateral action if the accountants themselves do not quickly tighten up their rules.
Under the present accounting rules, there is a very fine line between "maximizing" and plain, old-fashioned, manipulation.
FORBES, May 15, 19_____
Auditing: 11 Dangerous Standards
25
The “Enron” Effect
1. Pre-Enron – It doesn’t say I can’t do this.
2. Post-Enron – Show me where it says it’s ___ to do this.OK
Auditing: 11 Dangerous Standards
26
Right vs. Right
Auditing: 11 Dangerous Standards
27
Auditing Standards Overview
1. Two broad categories1. Practice standards2. Ethical standards
2. Violations of practice standards are ethical violations
3. AICPA and societies Codes of Conduct are broad 1. Delineated by rules
1. Explained by interpretations1. Supported by various committees
Auditing: 11 Dangerous Standards
28
10 Auditing Standards
10 auditing standards, all other pronouncements are SASs
3 “General” Standards 1. Training and proficiency2. Independence 3. Due professional care
3 Standards of Field Work 4. Planning and supervision5. Internal controls6. Competent evidential matter
Auditing: 11 Dangerous Standards
29
10 Auditing Standards
4 Standards of Reporting 1. Compliance with GAAP2. GAAP consistency 3. Disclosures4. Opinion or not
Auditing: 11 Dangerous Standards
30
How We Got Here
1. Auditing procedures were ‘unofficial’ through 1930’s2. 1930’s Statement on Auditing Procedures (SAPs)3. 1963 SAPs codified into SAP 334. 1972 Auditing Standards Executive Committee SAS 15. AudSec replaced by Auditing Standards Board (ASB)6. 1972 - 1995 ASB only authoritative statement issuer7. Broad pronouncements, not detailed procedures
Auditing: 11 Dangerous Standards
31
How We Got Here
What do all these laws have in common………..1. Private Securities Litigation Act of 1995 2. FDIC Improvement Act of 19913. Sarbanes-Oxley 20024. They permit SEC, FDIC, PCAOB to ______________5. Enron, WorldCom, etc., exposed weaknesses in
self-regulation resulted in PCAOB setting audit standards
6. 1997 SEC + ASB = Independence Standards Board7. Broad pronouncements gave way to specific
guidance (SAS 99)
set auditing standards
Auditing: 11 Dangerous Standards
32
At the END of EVERY Auditing Standard
Note: Statements on Auditing Standards are issued by the Auditing Standards Board, the senior technical body of the Institute designated to issue pronouncements on auditing matters. Rule 202, Compliance With Standards, of the Institute’s Code of Professional Conduct requires compliance with these standards in an audit of a non-issuer.
This requirement to comply may be the most important paragraph in an auditing standard. If so, where else could it be located _________________.
AT THE BEGINNING
Auditing: 11 Dangerous Standards
33
SAS 102: Defining Professional Requirements In Statements On Auditing Standards
1. MUST = Unconditional requirements – The auditor or practitioner is required to comply with an unconditional requirement in all cases in which the circumstances exist to which the unconditional requirement applies.
2. SHOULD =Presumptively mandatory requirements – The auditor or practitioner is also required to comply with a presumptively mandatory requirement in all cases in which the circumstances exist to which the presumptively mandatory requirement applies; however, in rare circumstances the auditor or practitioner may depart from a presumptively mandatory requirement provided he or she documents the justification for departure and how alternative procedures performed in the circumstances were sufficient to achieve the objectives of the presumptively mandatory requirement.
3. Effective upon issuance December 2005
Tip _____________________________________________Review EVERY audit
program for compliance.
Auditing: 11 Dangerous Standards
34
SAS 1 Training and Proficiency
The first general standard is:
The audit is to be performed by a person or persons having adequate technical training and proficiency as an auditor.
Auditing: 11 Dangerous Standards
35
SAS 1 Training and Proficiency
Danger How do you comply???
Cannot meet the requirements without proper education and experience.
MUST undergo training adequate to meet the requirements of a professional.
MUST study, understand and apply new pronouncements.
Ability to consider objectively and exercise independent judgment.
Auditing: 11 Dangerous Standards
36
SAS 1 Independence
The second general standard is:
In all matters relating to the assignment, an independence in mental attitude is to be maintained by the auditor or auditors. _________
wrongdoing.
Auditing: 11 Dangerous Standards
37
SAS 1 Independence
Danger How do you comply???
MUST be without bias…for dependability of his findings… not a prosecutor but judicial impartiality and an obligation for fairness on those who rely.
To be independent, MUST be intellectually honest.
To be recognized as independent MUST be free from any obligation to or interest in client, management or owners.
Auditing: 11 Dangerous Standards
38
SAS 1 Independence
Danger How do you comply???
Should avoid situations that may lead outsiders to doubt their independence.
Code of Conduct has precepts to guard against presumption of loss of independence.
Should administer practice within the spirit of the precepts.
Auditing: 11 Dangerous Standards
39
Conflicts in Audits
Want to trust MUST be skeptical
Keep happy client
Be persistent
It’s an error It’s fraudMake a profit More evidenceWho pays ?????
Auditing: 11 Dangerous Standards
40
SAS 1 Independence Lawsuit
Facts Construction company. President resigned. Cash flow. Auditor gave OK for very low bids and to overestimate % of completion because mgt wanted to improve FS. Issued clean opinion.
Issues Client bankrupt. 2 banks and 2 bonding companies sued claiming firm not independent thus motivated to allow client to manipulate the FS.
Resolution
Settled for more $2 million.
Thoughts Extreme but clients go ‘opinion shopping’. Subordinate your judgment and your future is tied to the client’s. Such a client will sacrifice the firm. Resolve and document all independence issues BEFORE starting.
Auditing: 11 Dangerous Standards
41
2006 Pulitzer Prizes in Journalism
WSJ Stock-option scandals
Birmingham News
Exposed cronyism and corruption in Alabama’s two-year college system.
Miami Herald
Waste, favoritism and lack of oversight at Miami housing agency
WSJ Adverse impact of China’s booming capitalism on conditions ranging from inequality and pollution.
NY Daily News
Editorials on behalf of ailing ground zero workers.
Compliance Tip: Would the media uncover/write these stories if they were paid by the subject entity? Y N
Auditing: 11 Dangerous Standards
42
SAS 1 Independence Case
Mr. XXXXX, CPA, caused his firm not to be independent in an audit of a client in that he obtained a home equity loan from a subsidiary of this audit client while he was participating on the audit engagement of another subsidiary of the audit client.
AgreementWilliam XXXXX agrees as follows:• To waive his rights to a hearing.• To neither admit nor deny the above specified
charges. • To comply immediately with professional
standards. • To a six month suspension from the AICPA and
MNCPA.• To complete “Professional Ethics: The AICPA’s
Comprehensive Course” with a grade of 90% or more.
Auditing: 11 Dangerous Standards
43
SAS 1 Independence Compliance Tips
1. It’s nearly impossible to be truly objective/unbiased when you have a vested interest in the outcome
2. Examples……Kids…….Driving3. What vested interest do auditors have
___________4. List a control you have to assure
independence _______________________________
GETTING PAID
Do you have a disclosure statement?
Auditing: 11 Dangerous Standards
44
SAS 45 Related Parties
Procedures that should be considered……to identify related party relationships and transactions and to satisfy himself concerning the required financial statement accounting and disclosure. The procedures set forth should not be considered all-inclusive. Also, not all of them may be required in every audit.
Accounting usually same as for non-RPTs but be aware substance may be substantially different than the legal form so focus is on disclosure.
Auditing: 11 Dangerous Standards
45
RPT Examples in SAS 45
1. Borrowing or lending on terms significantly different than market conditions warrant.
2. Selling real estate at a price significantly different than it’s appraised value.
3. Exchanging property for similar property in a non-monetary transaction.
4. Making loans with no scheduled terms for when or how the funds will be repaid.
Auditing: 11 Dangerous Standards
46
SAS 45 Audit Procedures
1. SHOULD be aware of the possible existence of RPT
2. If relationship is material, requires disclosure even if _______ transactions (FASB 57)
3. SHOULD understand Management responsibilities Relationship of each entity component Controls and business purpose Business style and structure are
deliberately used to obscure RPTs
no
SAS 45 .04 - .05
Auditing: 11 Dangerous Standards
47
SAS 45 Audit Procedures
Danger How do you comply???
Lack of working capital or credit
Need for favorable earnings
Overly optimistic earnings forecast
Single or few products, customers, etc.
Declining industry
Excess capacity
Significant litigation (esp. owner/mgt)
Significant obsolescence danger
Auditing: 11 Dangerous Standards
48
SAS 45 Determining Existence
1. SHOULD place emphasis on testing material transactions with known RPTs
2. Common RPTs….1. Parent-subsidiary 2. Investor-investee
SAS 45 .07
Auditing: 11 Dangerous Standards
49
SAS 45 Look for Unknown RPs
Danger How do you comply???
Company procedures to ID/acct for
Request names and transactions
SEC and other filings
Pension and other trusts
Review stockholder lists
Review prior year’s work papers
Predecessor, principal or other auditors
Review material investmentsSAS 45 .07
Auditing: 11 Dangerous Standards
50
SAS 45 Identify RP Transactions
Danger How do you comply???
Provide staff known RPs so they can??
Board/committee minutes
Conflict-of-interest statements
Extent/nature of transactions with customers/suppliers/borrowers/lenders
SAS 45 .08
Auditing: 11 Dangerous Standards
51
SAS 45 Identify RP Transactions
Danger How do you comply???
Transactions not properly accounted
Large/unusual/nonrecurring transactions or balances near _______
Law firm invoices
Loans receivable and payable
EORP
SAS 45 .08
Auditing: 11 Dangerous Standards
52
SAS 45 Examining RP Transactions
Danger How do you comply???
Obtain and evaluate sufficient competent evidential matter and should extend beyond inquiry of management.
Confirm with and inspect evidence held by _____________________
Intermediaries
Public information
Collectibility of balances
other parties
SAS 45 .09
Auditing: 11 Dangerous Standards
53
Related Party Audit Failure
Facts Audits of 3 years of rapidly growing construction company, cash flow, bankruptcy, collected on completion bonds. Controller took undisclosed loans. Firm didn’t train staff to search for RPTs.
Issues Sued for $2 million. Bank and bond companyextended credit and bond in reliance on AFS.
Resolution
$ ____________
Thoughts 3 critical failures caused firm to settle1. Recognize high-risk client with potent
plaintiffs2. Design audit program to detect undisclosed
loans3. Supervise inexperienced staff
1 million
Auditing: 11 Dangerous Standards
54
SAS 45 Related Party Thoughts
1. Written representations before beginning field work
2. WHY _____________________________________3. If undisclosed material RPTs are discovered ask
What else hasn’t been ______________ What are the odds this/these is/are __________
Higher risk for management RPT assertions Extreme risk should you audit the entity on
the ___________________
Test management integrity
disclosedonly one(s)
other side of RPT
Auditing: 11 Dangerous Standards
55
SAS 54
Illegal Acts by Clients
Auditing: 11 Dangerous Standards
56
SAS 54 Where It Came From
1. Watergate investigations illegal ___________2. Which uncovered illegal payments to ____________3. Commission on Auditor’s Responsibilities (Cohen
Commission) resulted in SAS 17 in ______4. SAS 17 introduced……..
Auditors experts on some illegal acts _______ In planning/conducting engagement, auditors
consider illegal acts that have a direct and material effect on the financial statements
Did not require affirmative detection procedures
political contributionsgovernment officials
1977
tax evasion
Auditing: 11 Dangerous Standards
57
SAS 54 Definitions
1. Violations of laws or governmental regulations2. Two types for audits
Direct and material effect on financial statements
Other illegal acts that are indirect/operational3. By the entity/management/employees for the
entity4. Does NOT include personal misconduct unrelated
to their business activitiesIf someone will cheat on his/her spouse, what makes you think they won’t _______________
COOK THE BOOKS
Auditing: 11 Dangerous Standards
58
SAS 54 Judgment and AFS
1. Normally beyond auditor’s expertise but may recognize acts that may be illegal but ask an ______
2. More remote act is from AFS less likely auditor will become aware or recognize
3. Act’s legality relative to the audit, not legality per se4. OTHER illegal acts have indirect effect: securities,
OSHA, FDA, EPA, EEOC, price-fixing, antitrust5. Indirect effect usually disclose contingent liability6. Usually unaware unless informed or see evidence
expert
Auditing: 11 Dangerous Standards
59
SAS 54 OTHER Illegal Acts
1. SHOULD be aware of the possibility that such OTHER illegal acts may have occurred
2. Auditor is responsible when Aware of specific information Material indirect effect SHOULD determine if illegal act has
occurred 3. GAAS audit provides no assurance other
illegal acts will be detected or contingent liability disclosed
SAS 54 .07
Auditing: 11 Dangerous Standards
60
SAS 54 Where to Look
1. GAAS procedures that might indicate illegal acts…. reading minutes, ask management and legal counsel, claims and assessments, testing transactions and balances, and get rep letter.No further work unless have specific information.
Ignoring an act or letting client convince you that an act isn’t _________.
illegal
SAS 54 .08
Auditing: 11 Dangerous Standards
61
SAS 54 Specific Information
1. Unauthorized or improperly recorded transactions or not timely recorded
2. Investigation, enforcement, or unusual payments3. Violations in regulatory reports made available 4. Large or multiple small payments for unspecified
work, usually consultants/affiliates/employees5. Excessive commissions or fees6. Large cash payments or cashiers checks to bearer7. Payments to gov’t or regulatory employees 8. Fail to pay or file tax returns or regulatory reports
SAS 54 .09
Auditing: 11 Dangerous Standards
62
SAS 54 Response
1. Inquire at a level ________ those involved2. Not satisfied SHOULD
Consult client’s legal counsel (arranged by client) or other specialists
3. Additional procedures Are supporting docs ___________ with acct
records Properly authorized Confirm with other partyWhat are the odds that this illegal
transaction/event is the ___________________________?
above
consistent
only one SAS 54 .10
Auditing: 11 Dangerous Standards
63
SAS 54 AFS Effect
1. Illegal act has or is likely to have occurred2. SHOULD consider quantitative and ________ effect3. “an illegal payment of an otherwise immaterial
amount could be material if there is a reasonable possibility that it could lead to a material contingent liability or material loss of revenue” SAS 47
4. SHOULD consider effect on amounts in AFS5. SHOULD evaluate adequacy of disclosure
Material revenue or relationship from illegal acts
qualitative
SAS 54 .13 - .15
Auditing: 11 Dangerous Standards
64
SAS 54 Communication
1. SHOULD consider reliability of mgt representations
2. Communications with audit committee SHOULD determine AC or equivalent is
informed Not clearly inconsequential acts If senior mgt is involved go directly to AC
SHOULD document oral presentation
SAS 54 .17
Auditing: 11 Dangerous Standards
65
SAS 54 Effect on Opinion
1. Material and not properly accounted for or disclosed SHOULD issue __________ or ___________
2. If client prevents obtaining sufficient competent evidence SHOULD issue __________
3. If client refuses to accept the opinion, auditor SHOULD __________
4. What are some of the pressures that make the above responses difficult _________________?
qualified adverse
disclaimer
withdraw
Getting paid, friends, long-time clientSAS 54 .18 - .21
Auditing: 11 Dangerous Standards
66
SAS 54 Other Issues….
1. May conclude withdrawal is necessary… even when the illegal act is not material Won’t fix the problem Management integrity Continuing association
2. Disclosure to outside parties prohibited except… Form 8-K Successor auditor Subpoena Government funding requirement
Talk to YOUR__________attorney
Auditing: 11 Dangerous Standards
67
SAS 54 Common Illegal Act
1. NY state employers cheat workers’ compensation estimated $500 million to $1 billion per _________
2. 15 to 20% of premiums, Fiscal Policy Institute 3. 20% estimated by NY State Assn of Ins Agents4. Accepted practice due to lack of _______________5. Underreport number of _______________________6. $389 billion reported to pay unemployment taxes
but only $311 billion reported for workers’ comp7. Do you have an audit procedure to determine if
client’s are cheating workers’ comp system? Y N
enforcement
Auditing: 11 Dangerous Standards
68
SAS 56
Analytical ProceduresJanuary 1, 1989
Auditing: 11 Dangerous Standards
69
SAS 56 BIG Picture
1. Requires analytical procedures in planning and overall review stages of all audits
2. Study plausible relationships among both financial and nonfinancial data
3. Relationships are expected to exist and continue unless conditions change
4. Requires knowledge of client and industry
SAS 56 .01 - .03
Auditing: 11 Dangerous Standards
70
SAS 56 Understanding the Client
What business is Xerox in ______________ 1970 The COPIER Company is ______________ 1995 The DOCUMENT Company is ______________ Early 2000s Xerox nearly went bankrupt WHY ________ which is a __________________ What business is Xerox in ______________________
Auditing Tip: Simply adding up the numbers does NOT mean you _______________ the business.
COPIER BUSINESSINTERNAL
EXTERNAL
INFORMATION DISTRIBUTION
Disruptive Technology
Internet
UNDERSTAND
Auditing: 11 Dangerous Standards
71
Do You Understand Your Client’s Business?
Do you know what business your client is in?Yes No
What business is your favorite client in___________? What are the 3 major reasons your client’s
customers do business with your client instead of a competitor?1._____________________________2. _____________________________3. _____________________________
Auditing: 11 Dangerous Standards
72
SAS 56 Analytic Procedures Are Used For
a) Planning the nature, timing and extent of other audit procedures
b) Substitutive test to obtain evidential matter about assertions for account balances or classes of transactions
c) Overall review in the final review stage SHOULD be applied to some extent in a) and c)
for ALL audits
SAS 56 .04
Auditing: 11 Dangerous Standards
73
SAS 56 Analytic Procedures
1. Compare recorded amounts, or ratios therefrom, to expectations developed by identifying and using plausible relationships, for example
Prior periods Anticipated results Intraperiod relationships Industry information, such as gross margin Nonfinancial information
SAS 56 .05
Auditing: 11 Dangerous Standards
74
SAS 56 Anticipated Results The Hockey StickLumber Yard3-year average sales$22 million
Sales at 12/15$18 million
Jan Dec
Auditing: 11 Dangerous Standards
75
SAS 56 Gross Margin
1. Mark Morze, CFO, ZZZZ Best Carpet Cleaning2. Pepperdine University3. Toastmaster Speaking Champion4. Fraud: Ex-Con Tells All Part II5. 10,000 phony documents6. $50 million revenue, 86% was _________ 7. “If you were my auditor, ____________________.”8. Reported 50 to 60% gross margins, but the
industry average was _____%.
fake
8½
what’s wrong with this document???”
Auditing: 11 Dangerous Standards
76
SAS 56 Industry Knowledge
Capitol Bank Bldg
Auditing: 11 Dangerous Standards
77
SAS 56 Gross Margin
1. Fraud 5+ years2. Sole practitioner, local firm, Big-83. E&W WHY ___________________________4. E&W would be ________________________5. Failure to understand cost E&W __________
6. Next time you are asked to propose on a client that you know little or nothing about the industry, ask ________________________________________
the easiest to foolknew the least about the industry
WHY are they asking us?
$3 million
Auditing: 11 Dangerous Standards
78
SAS 56 Failure
Facts Small toy mfgr. Clean opinion. Next firm found accts payable understated $400k. Sued for $200k, amount of tax overpaid.
Issues Client claimed GAAS failure.
Resolution
Settled for _________________
Thoughts Firm didn’t compare accts payable _______________, which should have been done during __________
$125,000year-to-year
planning
Auditing: 11 Dangerous Standards
79
SAS 56 Trouble
If a misstatement is suspected, the failure to apply analytical procedures and subsequent nondisclosure may be so damaging the client made allege gross negligence and intentional misconduct resulting in ____________________________.
Accounting, Auditing and Financial Malpractice, Section 17.41
treble punitive damages.
Auditing: 11 Dangerous Standards
80
SAS 56 Success
Facts New large privately-owned bank client. Loan portfolio doubled but income __________________________. Senior loan officer approved and __________ money.Expanded procedures. Discovered he approved loans to friends, which were in default and _____________.
Issues Client alleged negligence, gross negligence, intentional misconduct, and fraud suing for $1.5MM.
Resolution
Jury found _______________________.
Thoughts Analytic procedures during _____________ violated expectations. Additional procedures uncovered the fraud. What was the expectation ________________.
stayed about the samedisbursed
uncollectible
no liability
Change in loan portfolio = change in portfolio income.
planning
Auditing: 11 Dangerous Standards
81
SAS 57
Auditing AccountingEstimates
Auditing: 11 Dangerous Standards
82
SAS 57
1. Estimate is an approximation of a financial statement element, item, or account
2. Management is responsible for making the estimate
3. Auditor is responsible for the reasonableness
4. Even competent management using relevant and reliable data will be biased because they have a vested interest in the _____________________. When planning and performing procedures, auditor SHOULD apply professional ________________.
outcome
skepticism
Auditing: 11 Dangerous Standards
83
SAS 57
1. Risk of material misstatement usually varies according to complexity and subjectivity of the process, availability and reliability of the data, number and significance of the assumptions and degree of uncertainty of the assumptions.
Compliance Tip: Determine if estimate is consistent with operational plans by looking at client’s _______ and compare prior estimates to ________.
budgetresults
SAS 57 .05 last para, .06 e + f
Auditing: 11 Dangerous Standards
84
SAS 57 Circumstances
1. Are all material estimates in the AFS…….. Method of conducting business New accounting pronouncements Circumstances of the industry Other external factors
2. How do you stay informed about the client’s industry and external factors so you have a reasonable chance of knowing when a change should take place? _________________________Read at least one industry trade publication.
SAS 57 .08
Auditing: 11 Dangerous Standards
85
SAS 57 Reasonableness
1. SHOULD consider client’s past estimates and auditor’s experience in the industry
2. SHOULD use one or more of…… Review and test management’s process Develop an independent expectation Review subsequent events or transactions
If you can’t develop an independent estimate, then on what basis do you know enough to judge the reasonableness of _________________________?
management’s estimateSAS 57 .09
Auditing: 11 Dangerous Standards
86
SAS 59
The Auditor’s Consideration of an Entity’s Ability to Continue as a Going Concern
Auditing: 11 Dangerous Standards
87
SAS 59 Responsibility
1. Continuation is assumed in the absence of significant information to the contrary
2. Responsibility to evaluate whether there is substantial doubt as to a going concern for a reasonable period, not to exceed ____________
3. Evaluation of relevant conditions and events existing at or prior to completion of the field work
4. Based on standard audit procedures
one year
SAS 59 .01 - .02
Auditing: 11 Dangerous Standards
88
SAS 59 Responsibility
1. SHOULD evaluate in the following manner… Did procedures identify a substantial doubt
Additional information If substantial doubt SHOULD
Obtain management plans to mitigate the event or condition and
Assess if plans will work If still substantial doubt SHOULD
Evaluate disclosure Include explanatory paragraph
SAS 59 .03
Auditing: 11 Dangerous Standards
89
SAS 59 Responsibility
1. Not responsible for predicting future conditions or events
2. Ceasing to exist after receiving a clean opinion does not indicate inadequate performance
3. Absence of going concern does not provide assurance that entity is a going concern
SAS 59 .04
Auditing: 11 Dangerous Standards
90
SAS 59 Conditions and Events
Danger How do you comply???
Negative trends: operating losses, WC shortage, adverse key ratios
Financial difficulties: defaults, trade credit, statutory capital shortage, seeking financing
Internal matters: labor, one or few projects, uneconomic long-term commitments, revise operations
External matters: lawsuits, regulations, franchise, license, patent, customer, supplier, insurance
SAS 59 .06
Auditing: 11 Dangerous Standards
91
SAS 59 Management Plans
1. If doubtful about going concern, evaluate management plans and determine if they will mitigate adverse effects and whether the plans can be effectively implemented, including Dispose of assets Borrow or restructure debt Reduce or delay expenditures Increase equity
SAS 59 .07
Auditing: 11 Dangerous Standards
92
SAS 59 Management Plans
2. Obtain evidence for particularly significant elements Financing or asset disposal
3. Is there support for the critical elements of the plan or is it just __________________________ giving attention to assumptions that are…. Material to financial information Especially sensitive or subject to change Inconsistent with historical trends
management talk
SAS 59 .08 - .09
Auditing: 11 Dangerous Standards
93
SAS 59 Effects on Opinion
1. If still doubtful about going concern must include explanatory paragraph such as “substantial doubt about its ability to continue as a going concern” or similar wording that includes “substantial doubt” and “going concern” such as……..
2. The accompanying financial statements have been prepared assuming that the Company will continue as a going concern. As discussed in Note X to the financial statements, the Company has suffered recurring losses from operations and has a net capital deficiency that raise substantial doubt about its ability to continue as a going concern. Management's plans in regard to these matters are also described in Note X. The financial statements do not include any adjustments that might result from the outcome of this uncertainty.
SAS 59 .12 - .13
Auditing: 11 Dangerous Standards
94
SAS 59 Effects on Opinion
1. If disclosures are inadequate disclaim or qualified
2. Current period going concern does not mean existed in prior period and should not affect that opinion
3. If prior period going concern doubt has been removed, the paragraph should not repeated
SAS 59 .14 - .16
Auditing: 11 Dangerous Standards
95
SAS 59 Documentation
Auditor SHOULD document all of the following…….
a. Conditions or events that caused the doubtb. Elements of plan to rectify the adverse effectsc. Audit procedures performed and evidence
obtained
SAS 59 .17
Auditing: 11 Dangerous Standards
96
SAS 59 Documentation
Auditor SHOULD document all of the following…….d. Conclusion whether doubt is alleviated
If doubt remains document effects on AFS and disclosure
If alleviated document need for disclosure of the conditions and events that caused the doubt
e. Conclusion whether to include explanatory paragraph and if client disclosure is inadequate conclusion to issue a qualified or adverse opinionSAS 59 .17
Auditing: 11 Dangerous Standards
97
Practical Going-Concern
1. Clean opinion covers not just the pastbut __________________
2. Says ‘everything will be fine’ for next __________3. How many of you look at next year’s __________
4. Going concern situations are very risky. If you are dealing with management plans, seriously consider engaging _______________________________.
12 monthsfuture
budget
turnaround and operational experts
Auditing: 11 Dangerous Standards
98
MiniScribe Corporation
Auditing: 11 Dangerous Standards
99
MiniScribe Corporation
1. Business2. Market share3. Fortune 5004. IPO5. IBM
Stock Price 1983 - 1990
Source: Accounting Shenanigans at MiniScribe1983 1984 1985 1986 1987 1988 1989 1990
0
5
10
15
20
25High
Low
Auditing: 11 Dangerous Standards
100
MiniScribe Corporation
1. Hambrecht & Quist2. Reorganization3. Incentives and bonuses4. New products5. Employees
Auditing: 11 Dangerous Standards
101
MiniScribe Corporation
1. Plants2. Capacity exceeds demand3. Cost per megabyte4. Market growth5. New market entrants
Auditing: 11 Dangerous Standards
102
Mini-Scribe Financial Ratios
1986 1985%
Change
Sales $184.8 $113.9Gross profit $46.9 $2.5
25.4% 2.2%
Sales $184.8 $113.9 62.2%Inventory $45.1 $22.5 100.4%
FGI $8.0 $3.5 128.6%
Sales $184.8 $113.9 62.2%A/R $39.77 $16.04 147.9%
Allowance .73% .75% -2.7%
Auditing: 11 Dangerous Standards
103
MiniScribe - Creating Inventory
1. Inventory workpapers2. Fictitious inventory in transit3. Receiving raw materials4. Fictitious shipping program __________________5. Scrap inventory6. Inventory tickets7. Ship ahead
CookBook
Auditing: 11 Dangerous Standards
104
MiniScribe Risks
1. Loan covenant violation2. Related party transactions3. Dash meetings4. Common knowledge5. Debt reserves
Auditing: 11 Dangerous Standards
105
MiniScribe Opinions
1. Overstated net income1. 1986 $4.5 million (37%)2. 1987 $22 million (244.5%)3. 1988 2nd+3rd quarters $31.6 million
2. What kind of opinions did MiniScribe get _________
3. What kind should it have gotten __________________________________________________________
adverse, something other than unqualified going concern,
clean
Auditing: 11 Dangerous Standards
106
SAS 67
The Confirmation Process
Auditing: 11 Dangerous Standards
107
SAS 67 The Confirmation Process
“When evidential matter can be obtained from independent sources outside an entity, it provides greater assurance of reliability for the purposes of an independent audit than that secured solely within the entity.“ SAS 67, ¶ .06
Make sure you’re really confirming with an independent source.
SAS 67
Auditing: 11 Dangerous Standards
108
SAS 67 Audit Risk
Obtaining and evaluating a direct communication from a third party to test management assertions about an item in the AFS
1. Select items2. Design the request3. Send the request to proper third party4. Obtain a response5. Evaluate the information, including reliability
SAS 67 .04
Auditing: 11 Dangerous Standards
109
SAS 67 Risk v. Confirmations
Danger How do you comply???
Greater risk means greater need for substantive tests (eg, confirmations)
Unusual or complex transactions Confirm with ____________
Confirmation isn’t sufficient (eg, AR)
Perform sales ___________
Low existence risk of cash in bank and bank usually doesn’t reply
Look at bank statements provided by ____________
3rd party
cutoff
client
Because the confirmation process is consistent from year to year, it’s easy to _________________.
manipulateSAS 67 .08
Auditing: 11 Dangerous Standards
110
Sahlen & Associates
1. Harold Sahlen starts company in 19802. Rent-a-guard3. Small IPO in 19844. Moves company5. Competition6. Undercover investigations7. A/R confirmations8. Public debt offering9. SEC review10. Business trips
Advice ________________________________NEVER Underestimate
Your Opponent
Auditing: 11 Dangerous Standards
111
CF Foods
Sales in Millions
020406080
100120140160
94 95 96 97 98
Auditing: 11 Dangerous Standards
112
CF Foods
1. David Burry GP managed the private wholesale candy distribution company
2. Promised investors 18-30% returns using his candy buying expertise attracting $25 million
3. 2 types of sales: Sales One and Sales Two4. Sales One completely managed by Burry
himself5. Sales Two was real sales, employees, and
inventory
Auditing: 11 Dangerous Standards
113
CF Foods
1. Recorded hundreds of fake transactions in computer
2. Created fake supporting documents using Sales Two making copies for auditors
3. Gave substantial amounts to churches WHY ______4. CF lenders sued churches which had to __________5. Auditors sent confirmations6. What % of 1998 sales were real _________7. Burry got the confirmations back signed and
returned them to auditors HOW ___________
give money back
3
credibility
Auditing: 11 Dangerous Standards
114
Parmalat Finanziaria
1. Largest corporate fraud in history __________2. Nov 2003 private offering to repay $187 million
bonds coming due, D&T lead and GT subsidiaries3. Dec 2003 Parmalat had $4.9 Billion cash balance
(40% of total assets) B of A account 4. Grant Thornton SpA sent confirmation5. March 2003 GT got a reply6. Parmalat sued D&T and GT for _______________7. D&T settled for _____________ but GT has not
Fraud lesson: No one asked, if it had $4 Billion in a checking account, why the company ____________. needed $187 million
$10 Billion$149 Million
$18 Billion
Auditing: 11 Dangerous Standards
115
SAS 67
ManagementRepresentations
Auditing: 11 Dangerous Standards
116
SAS 67 Overview
1. Required to obtain WRITTEN representations2. Representations are audit evidence but are
NOT substitute for other procedures3. Confirm continuing appropriateness and reduce
misunderstandings4. Procedures + written representations, eg, even
if other procedures indicate all related party issues are properly disclosed SHOULD obtain written representations mgt knows of no others
5. Representations that contradict other evidence
SAS 67 .01 - .04
Auditing: 11 Dangerous Standards
117
SAS 67 Reps SHOULD Include
Financial Statementsa. AFS are management’s responsibilityb. Management believes AFS are fairly presented
Completeness of Informationc. All financial records and data are availabled. All minutes of meetingse. Regulatory agency communicationsf. Absence of unrecorded transactions
SAS 67 .06
Auditing: 11 Dangerous Standards
118
SAS 67 Reps SHOULD Include
Recognition, Measurement, and Disclosureg. Passed adjustments are immaterial and a list is to
be included or attachedh. Responsibility for preventing and detecting fraudi. Actual or suspected fraud involving management,
employees or othersj. Allegations or suspected fraud in communicationsk. Carrying value or classification of assets or
liabilitiesl. Transactions and amounts from or to RPTs
SAS 67 .06
Auditing: 11 Dangerous Standards
119
SAS 67 Reps SHOULD Include
1. Written or oral guarantees2. Significant estimates and material concentrations3. Actual or possible violations of laws or
regulations4. Probable unasserted claims or assessments per
client’s attorney5. Other liabilities and gain or loss contingencies6. Title to assets, liens or encumbrances7. Compliance with contracts affecting the AFS 8. Subsequent eventsSAS 67 .06
Auditing: 11 Dangerous Standards
120
SAS 67 Reps SHOULD Be Tailored
To include business or industry information1. Interim information2. New accounting principle3. Change in principles4. Going concern conditions and management’s
plans5. Specific significant impaired assets6. Variable interest in another entity7. Work of a specialistSAS 67 .07
Auditing: 11 Dangerous Standards
121
SAS 99
Consideration
of Fraud in a Financial Statement Audit
Auditing: 11 Dangerous Standards
122
Fraud Auditing Standards
1973 1977 1989 1997 2002
SAS 1NO
RESPONSIBILITY
SAS 16NO
ASSURANCE
SAS 53 SAS 82 SAS 99
REASONABLE ASSURANCE
Number of Pages 18 45 75
Increasing details on how toachieve “reasonable assurance.”
ZZZZ Best 1987
Auditing: 11 Dangerous Standards
123
SAS 99 Made Simple
SAS 99 requires you to audit the
BUSINESS
Not justthe books
Auditing: 11 Dangerous Standards
124
The Triangle of Fraud
NeedTriggerTwo kinds of need:1. Direct2. Indirect
OpportunityLow probabilityof getting caught
RationalizationAction fits inside code ofconduct
Auditing: 11 Dangerous Standards
125
Situational Fraud
5-10%
Never
5-10%
Always
80-90%
SituationalFraud or
Embezzlement
Auditing: 11 Dangerous Standards
126
SAS 99: Aligns Opinion and GAAS
“the financial statements
fairly present”
The auditor has a responsibility to plan and perform the audit to
obtain reasonable assurance about whether the financial statements are
free of material misstatement, whether caused by error or fraud.”
POSITIVE, AFFIRMATIVE, DUTY TO DETECT FRAUD
+
=
Auditing: 11 Dangerous Standards
127
Engagement Letters
WRONG: “An audit is not designed and cannot be relied upon to detect defalcations and similar irregularities.”
SUGGESTED: “The objective of our audit will be to express an opinion on the company’s financial statements that provides reasonable assurance that those statements are free of material misstatement, whether caused by error or fraud. However, an audit cannot provide absolute assurance and a material misstatement may remain undetected. Also, an audit is not designed and cannot be relied upon to detect error or fraud that is immaterial to the financial statements.”
The Annual Audit Tune-Up, The CPA Journal, December 1997, p. 24
Auditing: 11 Dangerous Standards
128
sitll raed it wouthit porbelm. Tihs is bcuseae the huamn mnid deos not raed ervey lteter by istlef, but the wrod as a wlohe.
LESSON: _________________________
Your Brain Adjusts
Aoccdrnig to a rscheearch at Cmabrigde Uinervtisy, it deosn't mttaer in waht oredr the ltteers in a wrod are, the olny iprmoetnt tihng is taht the frist and lsat ltteer be at the rghit pclae.
The rset can be a total mses and you can
We See What We Expect to See
Auditing: 11 Dangerous Standards
129
Management IS Responsible
Paragraph 4……………"Management is responsible for adopting sound accounting policies and for establishing and maintaining internal control that will, among other things, initiate, record, process, and report transactions (as well as events and conditions) consistent with management's assertions embodied in the financial statements."
Show this to your client and banker and anyone else who will
use the financial statements.
__________________________________________________________________________________________
Auditing: 11 Dangerous Standards
130
Management IS Responsible
Auditor says:Improve controlsSegregate dutiesCode of conductAssure compliance
Client says:Cost too muchWe’ll do it laterI trust my peopleNever had a problem
Auditing: 11 Dangerous Standards
131
‘Trusted’ worker stole $1 million
Auditing: 11 Dangerous Standards
132
Professional Skepticism
1. MUST be unbiased2. Requires a questioning mind and a
critical assessment of audit evidence3. Possibility of material fraud is ALWAYS
present4. Can NOT be satisfied with less than
persuasive evidence5. Can NOT rely on client’s past honesty,
integrity, experience6. As a practical matter, what
management tells you is NOT audit evidence
Auditing: 11 Dangerous Standards
133
Revenue and Management Override
41 Revenue recognition is ALWAYS a fraud risk
42 Management override is ALWAYS a fraud risk Adjusting journal entries from unusual sources
Accounting estimatesUnusual significant transactions
51 “it is unlikely that audit risk can be reduced to an appropriately low level by performing only tests of controls”
Auditing: 11 Dangerous Standards
134
1 2 3 4 5
U. Penn Doctors
1. Teaching physicians required to be present during a procedure
2. Records did not justify medical necessity3. Evaluation and management codes all
upgraded to levels 4 and 5
Auditing: 11 Dangerous Standards
135
13th S&L
1. First audit step
2. The embezzlement
3. The trial
4. Advice Consistency makes fraud easyDo something DIFFERENT
Auditing: 11 Dangerous Standards
136
PCAOB Inspection FindingsRelease 2007-001
OBSERVATIONS ON AUDITORS'IMPLEMENTATION OF PCAOB STANDARDSRELATING TO AUDITORS' RESPONSIBILITIESWITH RESPECT TO FRAUD
Auditing: 11 Dangerous Standards
137
PCAOB Inspection Findings
1. Auditor's Overall Approach to the Detection of Financial Fraud
2. Brainstorming Sessions and Fraud-Related Inquiries
3. Auditor's Response to Fraud Risk Factors4. Financial Statement Misstatements5. Risk of Management Override of Controls6. Other Areas to Improve Fraud Detection
Release 2007-001
Auditing: 11 Dangerous Standards
138
Auditor's Overall Approach to the Detection of Financial Fraud
1. Check off standard audit program2. Senior auditors cannot properly review 3. No documentation procedures performed4. Failure to expand procedures5. Mechanical auditing
Release 2007-001
Auditing: 11 Dangerous Standards
139
Brainstorming Sessions and Response to Risk Factors
Auditor SHOULD set "aside any prior beliefs the audit team members may have that management is honest and has integrity.“
1. No brainstorming sessions 2. Brainstorming sessions after planning and
substantive _______________________3. Key members of team did not ___________4. Not making required _______________5. Failure to respond to identified fraud risk
factors
Release 2007-001
attend
inquiries
Auditing: 11 Dangerous Standards
140
Financial Statement Misstatements
Indications of fraud my mean that small amounts are material
1. Failure to calculate planning materiality and/or adjustment thresholds
2. Did not post proposed adjustments 3. Did not scrutinize significant last minute
adjustments that offset adjustments by auditors
Release 2007-001
Auditing: 11 Dangerous Standards
141
Risk of Management Override
1. Journal entries override Did not assure completeness of all JEs Excluded low amount entries
2. Accounting estimates override Failed to test or document tests of
assumptions Didn’t recognize all differences increased
______
Release 2007-001
income
Auditing: 11 Dangerous Standards
142
Other Areas to Improve Fraud Detection
1. Numerous deficiencies in analytic procedures Failure to test underlying data Failure to disaggregate data When used as substantive test failure to
establish expectations or investigate differences
Failed to corroborate management’s explanation
2. Confirmation procedures Failure to obtain alternative evidence when
positive responses were not received
Release 2007-001
Auditing: 11 Dangerous Standards
143
SAS 103: Audit Documentation
Issued Dec 2005 Effective for periods ending on or after Dec 15,
2006 Supersedes SAS 96 Prepare audit documentation in sufficient details to
provide an experienced auditor with NO previous connection to the audit a clear understanding of the work performed, the evidence obtained and its source, and the conclusions reached
Guidance on matter to document and document retention
Auditing: 11 Dangerous Standards
144
SAS 103: Audit Documentation
Oral explanations on their own do NOT represent sufficient support for the work the auditor performed or conclusions reached May be used to clarify or explain
documentation Document audit evidence that is contradictory
or inconsistent with the final conclusions and how the auditor addressed the contradiction or inconsistency
Auditing: 11 Dangerous Standards
145
SAS 103: Audit Documentation
Assemble the final audit engagement file within 60 (calendar) days following the report release date
After 60 days No deletion or discard of existing
documentation Appropriately document subsequent
additions Minimum file retention of five years from
report release date
Auditing: 11 Dangerous Standards
146
SAS 104 – 111: Risk Assessment Standards
104 Amendment to SAS 1, Due Professional Care in the Performance of Work
105 Amendment to SAS 95, GAAS
106 Audit Evidence
107 Audit Risk and Materiality in Conducting an Audit
108 Planning and Supervision
109 Understanding the Entity and Its Environment and Assessing the Risks of Material Misstatement
110 Performing Audit Procedures in Response to Assessed Risks and Evaluating the Audit Evidence Obtained
111 Amendment to SAS 39, Audit Sampling
Auditing: 11 Dangerous Standards
147
Risk Assessment Standards Objectives
Effective for periods beginning December 15, 2006 More in-depth understanding of the entity and its
environment, including its internal control, to identify the risks of material misstatement in the financial statements and what the entity is doing to mitigate them
More rigorous assessment of the risks of material misstatement of the financial statements
Improved linkage between the assessed risks and the nature, timing, and extent of audit procedures performed in response to those risks
Auditing: 11 Dangerous Standards
148
False Sign-Off
WHY COMMIT ______________________________ WHAT TO SIGN OFF _________________________ PAY AND PROMOTION _______________________ WHY NOT DETECTED ________________________ WHY _____________________________________ HOW TO MINIMIZE __________________________
Come in under budget
Something not expected to changeKeep client and boss happy
Assume the work was done
TRUST
Audit the auditors
Auditing: 11 Dangerous Standards
149
False Sign-Off Survey Results
Signing off on work when in fact __________________
Sample slice %
% of CPAs who observed False Sign-off 25
Auditing experience last 10 years 27
Auditors with some Big 4 experience 26
Auditors with only Big 4 experience 25
Auditors with only Big 4 in last 10 years 28
it wasn’t done
Auditing: 11 Dangerous Standards
150
False Sign-Off Survey Results
Sample slice %
What % do you THINK commit false sign off 26
If HAVE detected false sign-off 17
If HAVE NOT detected false sign-off 32
What happened to the person
Personally spoke to person 58
Person was terminated 9
Auditing: 11 Dangerous Standards
152
What Auditors Do Wrong
10. Don’t “listen” for red flags11. Don’t read industry trade publications12. Haven’t talked to client about fraud13. Don’t graph information14. Audit only what’s there15. No leading or predictive indicators16. Think Accuracy = Truth17. Never get actual bank deposit items
Auditing: 11 Dangerous Standards
153
Be Careful . . . Be Clear Other than tax compliance claims, a
communications breakdown between CPA and client is at the heart of a significant majority of claims…at least 70 percent.” Ron Klein, JD, CFE, Camico vice-president of claims.
1. Clarify, don’t obscure2. Be a linguistic “straight shooter”3. Counsel clients effectively with language they
understand4. Reader-friendly structure5. Use charts and graphsHow to Be Careful and Still Be Clear, J of A, Jan 2001
Auditing: 11 Dangerous Standards
154
Malpractice WordingProblem Solution
The effect comes before the cause.
Transpose the cause and effect.
B is due to A. A led to B.
B is caused by A. A caused B.
B was the result of A. A caused B or A led to B.
B can be attributed to A. A led to B.
Use of nouns. Use verb form.
X stated that payment would not be made.
X stated they would not pay.
The inclusion of the reserve, [etc.]… Including the reserve, [etc.]…
Using the passive voice. Use the active voice
The amounts expected to be collected are…
The company expects to collect the amounts of…
http://www.aicpa.org/pubs/jofa/jan2001/danziger.htm
Auditing: 11 Dangerous Standards
155
Selecting and Retaining Clients
Audit failures are your greatest risk
1. Law firms specialize2. Deep pockets3. Settle if damages > insurance4. Third party suits5. Just complying with GAAP+GAAS not
enough
Client acceptance
1. Screen clients2. Understand the client3. Identify high-risk clients4. Are you qualified
I had a _____ feeling about that client.
Auditing: 11 Dangerous Standards
156
Selecting and Retaining Clients
Interview client
1. Why client needs an service and for whom2. Deadlines and other services3. Does client understand engagement4. Do you understand client + industry trends5. Why client needs new firm6. Conflicts of interest
Interview 3rd parties
1. Other professionals, attorney and credit sources
2. Business assn, vendors, customers, Google
Contact predecessor accountant
1. Management integrity and disagreements2. Why fired3. RPTs
Public Perceptions in a “Post Enron” World
Results of Jury Research Conducted by CAMICO Mutual Insurance Co.
www.camico.com
Auditing: 11 Dangerous Standards
1581062tas 08/03
Confidential/Proprietary Information
How closely, if at all, have you followed the news about corporate scandals or wrongdoing?
35%
28%
24%
7%
6%
I followed it very closely
I followed it,but not closely
I sometimes followed it
I rarely followed it
I did not follow it at all
Auditing: 11 Dangerous Standards
1591062tas 08/03
Confidential/Proprietary Information
Have you ever felt that you were misled about the financial health of a company?
Yes 37%
No63%
Auditing: 11 Dangerous Standards
1601062tas 08/03
Confidential/Proprietary Information
Which type of crime poses a greater threat to society,street crime or white collar crime?
Street crime49%
White collar crime51%
161Auditing: 11 Dangerous Standards
Do you tend to believe the things you hear in the news about corporate wrongdoing?
Pre Enron
Yes 46%No
54%
Post Enron
Yes 78%
No 22%
Auditing: 11 Dangerous Standards
1621062tas 08/03
Confidential/Proprietary Information
Who, if anyone, do you blame for the legal and/or ethical problems facing Corporate America today?
70%
68%
62%
58%
55%
53%
42%
40%
34%
CEO
Corporations' senior executives
CFO
Inside lawyers
Board of directors
Inside accountants
External accountants
External lawyers
External consultants
0% 20% 40% 60% 80% 100%
Auditing: 11 Dangerous Standards
163
Feb. 2001Database February 2001
Confidential/Proprietary Information
Accountants should know laws that relate tofinancial matters.
0%4% 7%
67%
22%
Strongly disagree Somewhat disagree Neither Somewhat agree Strongly agree0%
10%
20%
30%
40%
50%
60%
70%
80%
90%
100%
Auditing: 11 Dangerous Standards
1641062tas 08/03
Confidential/Proprietary Information
Over the last few years, has your opinion of accounting firmsthat audit corporations changed?
Yes52%
No48%
Auditing: 11 Dangerous Standards
1651062tas 08/03
Confidential/Proprietary Information
Do you think that accountants have become less ethical, more ethical, or stayed the same in the past five years?
Less ethical38%
Stayed the same49%
More ethical13%
Auditing: 11 Dangerous Standards
1661062tas 08/03
Confidential/Proprietary Information
I do not trust accountants.
33%
24% 22%
13%8%
Strongly disagree Somewhat disagree Neutral Somewhat agree Strongly agree0%
10%
20%
30%
40%
50%
60%
70%
80%
90%
100%
Auditing: 11 Dangerous Standards
1671062tas 08/03
Confidential/Proprietary Information
Do you think that a professional accounting firm would look the other way if a client violated the law in order to maintain its
relationship with the client?
Yes62%
No38%
Auditing: 11 Dangerous Standards
1681062tas 08/03
Confidential/Proprietary Information
Compared to accountants who work for large national accounting firms, do you think that accountants in small firms are less honest,
more honest or about the same in terms of honesty?
Less honest6%
About the same55%
More honest39%
169Auditing: 11 Dangerous Standards
Pre Enron
Post Enron
Pre Enron
Post Enron
Pre Enron
Post Enron
0%
10%
20%
30%
40%
50%
60%
Higher Same Lower
Quality of work of large firms vs. small firms - Pre vs. Post Enron
Auditing: 11 Dangerous Standards
1701062tas 08/03
Confidential/Proprietary Information
A company is ultimately responsible for its financial statement, not the accountant who audits the company.
6% 6% 9%
20%
59%
Strongly disagree Somewhat disagree Neutral Somewhat agree Strongly agree0%
10%
20%
30%
40%
50%
60%
70%
80%
90%
100%
171Auditing: 11 Dangerous Standards
Accountants are responsible for making sure that companies stay honest….
Pre Enron
Post EnronPre Enron
Post Enron
Pre Enron
Post Enron
0%
10%
20%
30%
40%
50%
60%
70%
Disagree Neither Agree
172Auditing: 11 Dangerous Standards
If an Accountant is hired by a company to review financial statements, but not retained to do an audit, would you expect the accountant to uncover fraud?
Pre Enron
Yes 40%
No 60%
Post Enron
Yes 71%
No 29%
Auditing: 11 Dangerous Standards
1731062tas 08/03
Confidential/Proprietary Information
An auditor who works closely with a company's financial statements should easily detect any fraud.
4%12% 10%
29%
45%
Strongly disagree Somewhat disagree Neutral Somewhat agree Strongly agree0%
10%
20%
30%
40%
50%
60%
70%
80%
90%
100%
Auditing: 11 Dangerous Standards
1741062tas 08/03
Confidential/Proprietary Information
A professional accounting firm that does not catch a company's fraud should pay a severe penalty.
9% 12% 12%
25%
42%
Strongly disagree Somewhat disagree Neutral Somewhat agree Strongly agree0%
10%
20%
30%
40%
50%
60%
70%
80%
90%
100%
Auditing: 11 Dangerous Standards
1751062tas 08/03
Confidential/Proprietary Information
Do you feel that damage awards in lawsuits are too low, about right, or too high?
11%14%
17% 18% 19%15%
20%
31% 30%
25%21%
23%
69%
55%53%
57%60%
62%
Los Angeles Miami Atlanta New York City New Orleans Seattle0%
10%
20%
30%
40%
50%
60%
70%
80%
90%
100%
Too low About right Too high
Auditing: 11 Dangerous Standards
1761062tas 08/03
Confidential/Proprietary Information
While some accountants have done bad things, the entire accounting profession should
not be condemned.
6% 4% 5%
20%
65%
Strongly disagree Somewhat disagree Neutral Somewhat agree Strongly agree0%
10%
20%
30%
40%
50%
60%
70%
80%
90%
100%
177Auditing: 11 Dangerous Standards
Observations
Recent corporate and accounting scandals have hurt the image of CPAsParticipants feel even stronger that CPAs should:
> Police their clients, especially publicly traded companies
> Discover fraud (even without an audit)Significant minority of participants distinguish between smaller and larger CPA firms > Smaller firms seen as more trustworthy and equally or more skilled than large national firms There is a strong sentiment that the entire profession should not be condemned based on the bad acts of a few