The Sarbanes-Oxley Act of 2002 1 PricewaterhouseCoopers Introduction of Panel Members The Sarbanes-Oxley Act of 2002 Sample testing of controls Marcus.

Slides:

Advertisements

Similar presentations

G L O B A L S E R V I C E / I N D U S T R Y A U D I T / T A X / A D V I S O R Y / L I N E O F B U S I N E S S SAS 112 Presentation California State University.

Advertisements

Overview of IS Controls, Auditing, and Security Fall 2005.

Chapter 1 An Introduction to Assurance and Financial Statement Auditing McGraw-Hill/Irwin Copyright © 2012 by The McGraw-Hill Companies, Inc. All rights.

Learning Objectives LO1 Describe the current audit environment, including developments in regulatory oversight and provincial regulation of public accountants.

Discussion on SA-500 – AUDIT EVIDENCE

An Introduction to Assurance and Financial Statement Auditing

[Hayes, Dassen, Schilder and Wallage, Principles of Auditing An Introduction to ISAs, edition 2.1] © Pearson Education Limited 2007 Slide 10A.1 Audit Sampling.

Planning the Audit/Assessing Risks and Response to Risks 2222 Presented by s Mrs Marie Louise Teng Hing Voon, FCA Partner BDO Mauritius Member of Audit.

Chapter 13: Audit Sampling Spring Overview of Sampling.

18- 1 © 2006 The McGraw-Hill Companies, Inc., All Rights Reserved. Chapter 18 Integrated Audits of Internal Control (For Public Companies Under Sarbanes-Oxley.

Audit Sampling: An Overview and Application to Tests of Controls

BA 427 – Assurance and Attestation Services

Nature of an Integrated Audit

Lecture 8 Understanding entity and its environment

Financial Audit Autonomous Bodies Internal Control and Risk Assessment Session Internal Control and Risk Assessment.

AUDIT PROCEDURES. Commonly used Audit Procedures Analytical Procedures Analytical Procedures Basic Audit Approaches - Basic Audit Approaches - System.

Auditing & Assurance Services, 6e

Learning Objectives LO1 Distinguish between management and auditor’s responsibilities regarding an auditee organization’s internal controls. LO2 Explain.

Audit Evidence Advanced Auditing Lecture 3 Dr. Mohamed A. Hamada.

Auditing Internal Control over Financial Reporting

Auditing Internal Control over Financial Reporting

New Auditing Standards Laurie Ball, CPA Swenson Advisors, LLP (Murrieta) Audit Director Accounting Day May 12, 2008.

Audit Evidence 1 Presented by Mr John Chung, FCA Partner KPMG Member of Audit Practice Review Panel at the Financial Reporting Council 12 September 2012.

NO FRAUD LEFT BEHIND The Effect of New Risk Assessment Auditing Standards on Schools Runyon Kersteen Ouellette.

Audit Risk. "Audit risk" means the risk that the auditor gives an inappropriate audit opinion when the financial statements are materially misstated Audit.

[Hayes, Dassen, Schilder and Wallage, Principles of Auditing An Introduction to ISAs, edition 2.1] © Pearson Education Limited 2007 Slide 8.1 Control Risk,

Chapter 3 Audit Planning, Types of Audit Tests, and Materiality McGraw-Hill/IrwinCopyright © 2012 by The McGraw-Hill Companies, Inc. All rights reserved.

Copyright © 2007 Pearson Education Canada 1 Chapter 13: Audit of the Sales and Collection Cycle: Tests of Controls.

Evaluation of Internal Control System

Chapter 8 Audit Sampling: An Overview and Application to Tests of Controls McGraw-Hill/IrwinCopyright © 2012 by The McGraw-Hill Companies, Inc. All rights.

S14: Analytical Review and Audit Approaches. Session Objectives To define analytical review To define analytical review To explain commonly used analytical.

Copyright © 2007 Pearson Education Canada 1 Chapter 14: Completing the Tests in the Sales and Collection Cycle: Accounts Receivable.

Evaluation of Internal Control System. Learning Objective 1 Contrast management’s need for internal control with the auditor’s need to consider internal.

Audit Sampling: An Overview and Application to Tests of Controls

Audit Sampling: An Overview and Application to Tests of Controls

McGraw-Hill/Irwin © The McGraw-Hill Companies 2010 Audit Planning and Types of Audit Tests Chapter Five.

Copyright © 2007 Pearson Education Canada 1 Chapter 24: Assurance Services: Internal Auditing and Government Auditing.

Auditing: The Art and Science of Assurance Engagements Chapter 7: Materiality and Risk Copyright © 2011 Pearson Canada Inc.

McGraw-Hill/Irwin © 2003 The McGraw-Hill Companies, Inc., All Rights Reserved. 6-1 Chapter 6 CHAPTER 6 INTERNAL CONTROL IN A FINANCIAL STATEMENT AUDIT.

Copyright © 2006 by The McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill/Irwin 8-1 Chapter Eight Audit Sampling: An Overview and Application.

Copyright © 2006 by The McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill/Irwin 7-1 Chapter Seven Auditing Internal Control over Financial Reporting.

Analytical Review and Audit Approaches

9-1 Copyright © 2016 McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written consent of McGraw-Hill Education.

Copyright © 2007 Pearson Education Canada 1 Chapter 11: Overall Audit Plan and Audit Program.

Chapter 9 Audit Sampling – Part a.

OVERALL AUDIT PLAN AND AUDIT PROGRAM

18-1 Copyright © 2016 McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written consent of McGraw-Hill Education.

AUDIT QUALITY AND ASSURANCE 2 ND AND 3 RD OCTOBER 2014 HILTON HOTEL MATERIALITY IN PLANNING AND PERFORMING THE AUDIT (ISA 320) 1.

AUDIT STAFF TRAINING WORKSHOP 13 TH – 14 TH NOVEMBER 2014, HILTON HOTEL NAIROBI AUDIT PLANNING 1.

 Planning an audit of cost statements, records and other related documents is considered necessary to ensure achievement of audit objectives with available.

©2005 Prentice Hall Business Publishing, Auditing and Assurance Services 10/e, Arens/Elder/Beasley Internal Control and Control Risk Chapter 10.

AUDIT EVIDENCE AND FINANCIAL STATEMENT ASSERTIONS 1.

DEVRY ACCT 555 E NTIRE C OURSE Check this A+ tutorial guideline at For more classes visit.

Auditing Concepts.

Audit Sampling: An Overview and Application

Audit Sampling: An Overview and Application to Tests of Controls

Internal Control Evaluation: Assessing Control Risk

Types of tests Risk Assessment Procedures – Auditors use the results of risk assessment procedures to determine the type and amount of further audit.

Question 4-1 Which of the following statements concerning noncompliance by clients is correct? A. An auditor's responsibility to detect noncompliance.

PLANNING, MATERIALITY AND ASSESSING THE RISK OF MISSTATEMENT

planning AICPA auditing standards state:

Chapter 1 An Introduction to Assurance and Financial Statement Auditing.

Audit Planning, Types of Audit Tests and Materiality

Developing the Overall Audit Plan and Audit Program

The ISSAIs for Financial Audit ISSAIs

LATIHAN MID SEMINAR AUDIT hiday.

Audit Planning, Types of Audit Tests, and Materiality

Internal Control Internal control is the process designed and affected by owners, management, and other personnel. It is implemented to address business.

Presentation transcript:

The Sarbanes-Oxley Act of PricewaterhouseCoopers Introduction of Panel Members The Sarbanes-Oxley Act of 2002 Sample testing of controls Marcus Wagner, Senior Manager Insert Worlds Image / Client Specific Image Here 

The Sarbanes-Oxley Act of PricewaterhouseCoopers Overview  Nature and extent of controls testing  Determining the number of items for controls testing  Manually applied controls  Automated controls  Evaluating the results of controls tests  Determining the acceptable exception rate  Dealing with exceptions

The Sarbanes-Oxley Act of PricewaterhouseCoopers Extent of controls testing When testing controls, decide the extent of testing by considering:  The significance of the risk addressed by the control  Our assessment of the control environment  The importance of the control to addressing the risk  The degree to which the control is cumulative  The risk that observation of controls and answers to inquiries may not accurately represent the proper and continued operation of the controls

The Sarbanes-Oxley Act of PricewaterhouseCoopers Extent of controls testing  The extent of validation of the controls we seek to rely on varies depending on the type of control we plan to validate.  Generally, more testing will be required for manual controls than automated controls.  Manually applied controls are more prone to mistakes and random failures  Automated controls previously validated should continue to be reliable, as long as the general computer controls around the computer systems are working effectively.

The Sarbanes-Oxley Act of PricewaterhouseCoopers Determining the number of items for controls testing In determining the number of items for controls testing, we consider the overall factors listed above as well as:  When manual oversight or involvement is a necessary part of a control we plan to test (e.g., exception reports, analysis, evaluation, data input, information matching), we generally test more items than when a control is an automated system control.  The more frequently the manual control procedure is performed (e.g., daily as opposed to monthly), generally the more items we test.  The more we plan to rely on a control, the more items we test.

The Sarbanes-Oxley Act of PricewaterhouseCoopers Determining the number of items for controls testing (cont)  The more assurance we expect to receive from other audit procedures related to the risk that the control addresses, the fewer items we need to test.  The longer the relevant time period (e.g., year or quarter), generally the more items we test because we want evidence that the control was properly functioning throughout the period.  Generally when control procedures are more complex we test more items.

The Sarbanes-Oxley Act of PricewaterhouseCoopers Manually applied controls When testing manual controls, we generally examine at least:  2 items for controls performed quarterly  3 items for controls performed monthly  10 items for controls performed weekly  20 items for controls performed daily  30 items for controls performed multiple times per day Testing more items may be necessary as we consider the factors previously mentioned. For example, if we expect a significant amount of controls comfort from a manual control performed multiple times per day, we may test 5-10 items per month throughout the year.

The Sarbanes-Oxley Act of PricewaterhouseCoopers Automated controls  For an automated control, the number of items required to be tested is generally minimal.  This is because, where we are relying on any automated controls, we will normally test general computer controls to be satisfied that the automated control continues to function properly.  As a general guideline, selecting one item for testing may be sufficient. For example, the system automatically tests the completeness of sales transactions by checking the sequence of serially numbered shipping documents and reporting missing or duplicate numbers for manual investigation.  If the general computer controls are effective, we might need to test the system only once to verify that it, indeed, performs this check. Testing of the manual investigation of the exceptions, however, would be more extensive, as discussed above.

The Sarbanes-Oxley Act of PricewaterhouseCoopers Evaluating the results of controls tests  We evaluate the results of testing to determine if it has provided sufficient evidence that a control is achieving its objectives.  We accept that a control is achieving its objectives when we find no or negligible exceptions.  The definition of negligible exceptions is a matter of professional judgment and depends largely on:  The nature and importance of the control, and  The degree of audit comfort we are seeking from the control.  The more exceptions we find, the more limited our audit comfort. As general rules of thumb, to obtain a significant amount of comfort from controls, we generally accept no exceptions when we test fewer than 10 items and no more than 10% exceptions when we test more than 10 items.

The Sarbanes-Oxley Act of PricewaterhouseCoopers Determining the acceptable exception rate Questions to consider in determining the acceptable exception rate for manual controls include:  How much comfort is desired?  What is the purpose of the control?  How important is the control to the reliability of the data?  How important is the related financial statement assertion being tested?  Is the control preventative or detective?

The Sarbanes-Oxley Act of PricewaterhouseCoopers Determining the acceptable exception rate (cont)  Is there an industry or regulated level of expected performance?  Are there other controls or processes that also address the same risk or assertion?  Who completes the control procedure?  How effective is the control if it is performed less than 100% of the time?

The Sarbanes-Oxley Act of PricewaterhouseCoopers Dealing with exceptions When exceptions are found, we should consider their qualitative aspects, including the:  Nature and cause of the deviations  Possible relationship of the deviations to other areas of the audit When we find an unacceptably high rate of exceptions, after inquiring into the reasons, we may:  Place no reliance on the control  Find out that we did not understand the control and begin the process again

The Sarbanes-Oxley Act of PricewaterhouseCoopers Dealing with exceptions (cont)  Determine, based on professional judgment and the engagement facts and circumstances, that the control provides a limited degree of controls comfort  Test more items because we believe more testing might provide evidence that the control is functioning properly at an acceptably high level. We should first understand the nature of the exceptions detected and believe additional testing would be beneficial. If we decide to conduct additional testing, a rule of thumb is to examine at least as many additional items as we examined initially or 10 additional items, whichever is less. Professional judgment is required to determine if the aggregate results provide sufficient evidence that the control is functioning effectively.

The Sarbanes-Oxley Act of PricewaterhouseCoopers Questions