By Katie Martin,2014-05-15 15:29
7 views 0



Brief History of Auditing Standards

    American Institute of Certified Public Accountants (AICPA)

    ? The AICPA is the national professional organization for certified public accountants. The AICPA and its

    related organizations are organized as non-profit organizations under the applicable sections of the

    Internal Revenue Code.

    ? The Auditing Standards Board (ASB) is the senior technical committee of the AICPA designated to issue

    auditing, attestation, and quality control standards and guidance to certified public accountants for non-

    public company audits.

    ? The AICPA Code of Professional Conduct requires members to comply with standards issued by the ASB.

    Statement on Auditing Standards (SAS) No. 95, Generally Accepted Auditing Standards, states that

    auditors should be prepared to justify any departures from the SASs issued by the ASB.

Internal Control Reporting

    The Committee of Sponsoring Organizations of the Treadway Commission (COSO)

    ? COSO is a voluntary private-sector organization dedicated to improving the quality of financial reporting

    through business ethics, effective internal controls, and corporate governance.

    ? COSO is jointly sponsored by five major professional associations: the American Accounting Association

    (AAA), the AICPA, Financial Executives International (FEI), The Institute of Internal Auditors (IIA), and the

    Institute of Management Accountants (IMA). COSO is wholly independent of each of the sponsoring

    organizations; contains representatives from industry, public accounting, investment firms, and stock

    markets; and has observers from the Securities Exchange Commission (SEC), the Public Company

    Accounting Oversight Board (PCAOB), and the Government Accountability Office (GAO), the audit,

    evaluation, and investigative arm of the United States Congress.

    ? SAS No. 109, Understanding the Entity and Its Environment and Assessing the Risks of Material

    Misstatement, requires auditors to obtain an understanding of the entity and its environment, including its

    internal control. SAS No. 109 requires an understanding of five interrelated components of internal control

    defined and described in COSO's Internal ControlIntegrated Framework. Those components are as


    ? Control environment ? Monitoring

    ? Risk assessment ? Control activities

    ? Information and communication

Statement on Auditing Standards No. 112

    ? In 2006, the ASB issued SAS No. 112, Communicating Internal Control Related Matters Identified in an

    Audit. The primary reasons for issuing SAS No. 112 were to incorporate certain internal control related

    definitions used in PCAOB Auditing Standard (AS) No. 2, An Audit of Internal Control Over Financial

    Reporting Performed in Conjunction With an Audit of Financial Statements, and to require certain

    communications to be in writing.

    ? Under SAS No. 112's reporting criteria, there are three categories for severity of deficiencies of controls

    (listed in order from least severe to most severe):

    ? Control deficiencyA control deficiency exists when the design or operation of a control does not

    allow management or employees, in the normal course of performing their assigned functions, to

    prevent or detect misstatements on a timely basis.

    ? Significant deficiencyA control deficiency, or combination of control deficiencies, that adversely

    affects the entity’s ability to initiate, authorize, record, process, or report financial data reliably in

    accordance with generally accepted accounting principles such that there is more than a remote

    likelihood that a misstatement of the entity’s financial statements that is more than inconsequential will

    not be prevented or detected.

    ? Material weaknessA significant deficiency, or combination of significant deficiencies, that results in

    more than a remote likelihood that a material misstatement of the financial statements will not be

    prevented or detected.

SAS No. 112 requires auditors to communicate in writing all significant deficiencies or material weaknesses

    that they identify. This requirement also includes any significant deficiencies or material weaknesses that were

    identified in previous audits that have not yet been corrected. Control deficiencies that the auditor identifies but

    does not consider to be significant deficiencies or material weaknesses may be communicated orally or in

    writing. Additionally, other suggestions on how to improve administrative or other functions may be

    communicated in the same manner.

Financial Reporting Process

    ? The overall purpose of the accounting function is to accurately process, record, summarize, and report

    transactions of the organization. The following exhibit illustrates how source documents and other financial

    records are processed through the accounting system to produce the organization’s financial statements.

    Flow of Accounting Records

    SourceSummary Financial

    documentsjournalsstatementsGeneral ledger(vendor invoices, (cash receipts, cash (generally accepted checks, time card, disbursements, general accounting principles journal entries, etc.)journal, etc.)or OCBOA)

    Other financial

    reports(management-use financial statements, reports to funding sources, etc.)

? Preparing financial statements is the culminating step in the accounting process. Once all other processing

    steps have been completed for the period, financial statements may then be prepared. As the end product

    of the accounting function, both financial statement content and form are important. An organization’s

    financial statements are often used to communicate the organization’s activities, operations, and programs

    to funding sources and others outside the organization.

    ? To best achieve the objectives of financial reporting and to inform financial statement users, the

    organization’s financial statements should be prepared in accordance with generally accepted accounting

    principles (GAAP).

    ? SAS No. 69 (as amended), The Meaning of Present Fairly in Conformity with Generally Accepted

    Accounting Principles, describes GAAP in general terms as "…a technical accounting term that

    encompasses the conventions, rules, and procedures necessary to define accepted accounting practice at

    a particular time. It includes not only broad guidelines of general application, but also detailed practices and procedures. Those conventions, rules, and procedures provide a standard by which to measure financial presentations." GAAP includes pronouncements of authoritative bodies designated by the AICPA to establish accounting principles, such as Statements of Financial Accounting Standards (SFAS) issued by the Financial Accounting Standards Board (FASB), FASB Interpretations, AICPA Statements of Position, and AICPA Industry Audit and Accounting Guides.

    ? In many audit engagements involving small businesses and non-profit organizations, the auditor drafts or assists with drafting the financial statements, which may include assistance with:

    ? Overall preparation of the financial statements and related notes in accordance with GAAP ? Calculating depreciation on property and equipment

    ? Classifying expenses by functional category

    ? Calculating unrelated business income taxes, excise taxes, etc.

    ? Preparing the statement of cash flows

    ? It is important that the organization’s management and the governing board understand that the auditor’s involvement in preparation of the financial statements does not change the fact that management is responsible for them. The organization's management is expected to acknowledge this responsibility in the management representation letter obtained by the auditor at the conclusion of the audit engagement.

    ? SAS No. 112 provides guidance about control deficiencies that usually are considered to be at least significant deficiencies, and deficiencies that are considered to be at least significant deficiencies and strongly indicate material weaknesses. Included in the former category are deficiencies in controls over the selection and application of accounting principles that are in conformity with GAAP, which includes having sufficient expertise in selecting and applying accounting principles, and deficiencies in controls over the period-end financial reporting process, including controls over procedures used to record recurring and non-recurring adjustments to the financial statements.

    ? Thus, the auditor’s involvement in preparation of the financial statements often represents a significant deficiency or material weakness in internal control that must be communicated, in writing, to management and those charged with governance.

    ? Management's options for addressing significant deficiencies or material weaknesses will depend upon the significant deficiencies or material weaknesses that are communicated. Using the example of lack of controls over the preparation of the financial statements, management's options could include: ? Doing nothing and choosing to continue to have the auditor prepare the financial statements and

    receive the written communication at the end of the audit identifying a material weakness. This option

    is a viable option given that the communication is a restricted use communication intended for use by

    only management and those charged with governance. It is not uncommon for small businesses and

    non-profit organizations to use the same public accounting firm for both the preparation of the financial

    statements and the audit.

    ? Train an employee to have the appropriate skills to prepare the financial statements or hire another

    public accounting firm to prepare them.

    Management ultimately needs to determine the value of incurring the additional expense of training an employee or hiring another public accounting firm to prepare the financial statements. If management determines that the value or additional benefit does not justify the cost, it can continue to have the same public accounting firm it uses for the audit to prepare its financial statements.

    Risk Assessment Standards

    ? In March 2006, the ASB issued eight new SASs, collectively referred to as the risk assessment standards, which bring sweeping changes and provide definitive guidance for the conduct of audits of non-public companies. The primary objective of these standards is to enhance auditors’ application of the audit risk model by requiring auditors to obtain a more in-depth understanding of an entity in order to better identify risks of material misstatement of financial statements.

    ? Before the issuance of the risk assessment standards, generally accepted auditing standards required

    auditors to consider and limit audit risk in all audits; so in a sense, auditors were required to assess risks.

    However, before the risk assessment standards, the auditor may not have always leveraged his or her

    knowledge of the entity's operations and experience in prior audits to determine the level of assurance

    needed in significant audit areas. An audit approach based on risk assessment provides a method to

    identify higher-risk areas so that audit effort can be focused on those areas. By focusing efforts in higher-

    risk areas and limiting procedures in lower-risk areas, the auditor performs a more effective and focused


    ? Some of the key provisions and changes in the audit process through the application of the risk

    assessment standards include:

    ? Improvements in the quality and depth of the required understanding of the entity and its

    environmentIn addition to the components of internal control, the guidance specifies aspects of the

    entity and its environment about which the auditor should obtain an understanding to identify and

    assess where material misstatements could occur.

    ? Expansion of the risk assessment processThe risk assessment standards eliminate the concept of

    assessing control risk at the maximum by default. Risk assessment, at whatever level, should be

    supported by the auditor’s understanding of the entity and its environment and internal controls.

    Auditors are also required to identify significant risks that need special audit consideration, along with

    other risks where the application of substantive procedures alone will not sufficiently reduce audit risk. ? Additional emphasis on evaluating and testing controls—SAS No. 109 notes that “obtaining an

    understanding of internal control involves evaluating the design of a control and determining whether it

    has been implemented.” Since control risk can no longer be at a default maximum level without

    documenting the basis for that conclusion, testing of controls may increase in some situations.

    However, similar to existing guidance, testing of controls is not required unless the auditor intends to

    rely on the operating effectiveness of controls to alter the nature, timing, or extent of substantive

    procedures, or the auditor concludes that substantive procedures alone will not sufficiently reduce

    detection risk.

    ? Improvements in the linkage between assessed risks and resulting audit proceduresAuditors are

    required to develop overall responses that address risks of material misstatement at the financial

    statement level along with additional procedures that are clearly linked to assessed risks of material

    misstatement at the relevant assertion level. The risk assessment standards stress the importance of

    the nature of audit procedures in responding to assessed risks.

    ? Enhanced guidance on substantive proceduresThe risk assessment standards indicate that

    substantive procedures should be applied to all relevant assertions related to each material class of

    transactions, account balance, and disclosure to detect material misstatements at the assertion level,

    regardless of the assessed risk of material misstatement. The standards also require the auditor to

    reconcile financial statements (and the accompanying notes) with supporting records, and to examine

    material journal entries and other adjustments that were made when preparing financial statements. ? Additional emphasis on testing of disclosuresAssertions about presentation and disclosure have

    been expanded to include completeness and understandability to users. The risk assessment

    standards emphasize that risks of material misstatement should be considered for disclosures. ? New documentation requirementsAuditors are required to document their overall response to

    address the assessed risk of misstatement at the financial statement level; risk assessment at the

    relevant assertion level; the nature, timing, and extent of the further audit procedures; the linkage of

    audit procedures to assessed risks; and the nature, timing, and extent of audit procedures performed

    and the results obtained.

    ? The risk assessment standards expand the scope of the understanding that the auditor must obtain and

    require the auditor to document and evaluate the design of internal controls over financial reporting. Thus,

    the risk assessment process will most likely result in an increased number of control deficiencies,

    significant deficiencies, and material weaknesses being reported under SAS No. 112 than were reported

    under previous standards.

? The risk assessment standards are effective for audits of financial statements for periods beginning on or

    after December 15, 2006 (generally calendar year 2007). For school districts these standards are

    effective for audits of beginning fiscal year 2007-2008.

    Auditor’s Communication With Those Charged With Governance ? SAS No. 114, The Auditor’s Communication with Those Charged With Governance, establishes

    requirements and provides guidance on the auditor’s communication with the individuals responsible for

    an entity’s governance. The communication requirements of SAS No. 114 apply to all entities regardless of

    their governance structure or size.

    ? The SAS defines those charged with governance as the persons “with responsibility for overseeing the

    strategic direction of the entity and its obligations related to the accountability of the entity. This includes

    overseeing the financial reporting process.” The SAS further states that those charged with governance

    encompasses a board of directors or audit committee referred to in other auditing standards.

    ? Under previous standards, certain communications were applicable only to entities that either had an audit

    committee or that had otherwise formally designated oversight of the financial reporting process to a group

    equivalent to an audit committee (such as a finance committee or budget committee).

    ? The auditor must clearly communicate matters that are, in the auditor’s professional judgment, significant

    and relevant to the responsibilities of those charged with governance in overseeing the financial reporting

    process. The matters required to be communicated under SAS No. 114 include:

    ? The auditor’s responsibilities under generally accepted auditing standards.

    ? An overview of the planned scope and timing of the audit that is not so detailed as to compromise

    audit effectiveness.

    ? The auditor’s views about findings or issues that the auditor considers to be significant and relevant to

    those charged with governance regarding their oversight of the financial reporting process, including

    the auditor’s views about qualitative aspects of the entity’s significant accounting practices, significant

    difficulties encountered during the audit, uncorrected misstatements, and disagreements with

    management about matters that could individually or in the aggregate be significant to the financial

    statements or auditor’s report.

    ? SAS No. 114 requires written communication of significant findings when, in the auditor’s professional

    judgment, oral communication would not be adequate.

Report this document

For any questions or suggestions please email