1. Slide 1 CAQ WEBCAST AS 5: Preparing for Integrated Audits of Non-Accelerated Filers September 25, 2008 The views expressed by the presenters do not necessarily represent the views, positions, or opinions of the Center for Audit Quality or the presenters’ respective organizations. These materials, and the oral presentation accompanying them, are for educational purposes only and do not constitute accounting or legal advice or create an accountant-client or attorney-client relationship.

2. Slide 2 CAQ Task Force BDO Seidman LLP Crowe Horwath LLP Deloitte LLP Ernst & Young LLP Grant Thornton LLP KPMG LLP McGladrey & Pullen LLP PricewaterhouseCoopers LLP

3. Slide 3 Today’s Objectives Today’s program is designed to help you better understand:  How to effectively plan an integrated audit to gain efficiency and eliminate redundancy  How to use a top-down risk-based approach to focus on areas of greatest risk  How to communicate with management to obtain effectiveness and efficiency for all parties

4. Slide 4 Today’s Panelists Wendy Campbell, CPA Executive Crowe Horwath LLP Trent Gazzaway, CPA Managing Partner of Corporate Governance Grant Thornton LLP Gregory S. Wilson, CPA Deputy Director - Inspections Public Company Accounting Oversight Board ********** Cynthia M. Fornelli Moderator & Executive Director Center for Audit Quality

5. Slide 5 Caveat The views expressed are my own views and do not necessarily reflect the views of the Board, individual Board members, or the staff of the PCAOB.

6. Slide 6 PCAOB Inspections Overview Audits of Internal Control Over Financial Reporting (ICFR) – “The Journey” 2005 inspection year (“Year of Chaos”) –First year of inspections of audits of ICFR under AS No. 2 2006 inspection Year (“Year of Efficiency”) –Focus on May 16, 2005 PCAOB Q&A –PCAOB announces intent to amend AS No. 2 on May 17, 2005

7. Slide 7 PCAOB Inspections Overview Audits of Internal Control Over Financial Reporting (ICFR) – “The Journey” 2007 inspection year (“Year of Transition”) –Proposed ICFR audit standard issued December 19, 2006 to supersede AS No. 2 –Reinforce concepts embraced in proposal –Avoid concepts dropped in proposal

8. Slide 8 PCAOB Inspections Overview Audits of Internal Control Over Financial Reporting (ICFR) – “The Journey” 2008 inspection Year (“Year of Learning”) –AS No. 5 issued June 12, 2007 Board “got the words right” Board Objectives –Focus the audit on matters most important to internal control –Eliminate unnecessary procedures –Scale the audit for smaller companies –Simplify the requirements

9. Slide 9 PCAOB Inspections Overview Audits of Internal Control Over Financial Reporting (ICFR) – “The Journey” 2008 inspection Year (“Year of Learning”) –SEC management guidance issued June 27, 2007 –Inspections approach Sensitivity to timing Integrated audit Focus on most important matters in audit of ICFR Eliminate unnecessary procedures Sensitivity to auditor judgment

10. Slide 10 PCAOB Inspections Overview Audits of Internal Control Over Financial Reporting (ICFR) – “The Journey” Auditors and issuers becoming more comfortable with ICFR audits Continuous improvement noted with focus on higher risk areas Some hard lessons learned early on “Lessons learned” to be discussed today are consistent with several year’s inspection findings

11. Slide 11 Topics Understand and Use Management’s Assessment and Documentation as a Starting Point Integrate the Audits Establish the Right Team Identify Material Risks to Reliable Financial Reporting Identify Controls Necessary to Sufficiently Address Identified Risks Take a Risk-Based Approach to Testing Identified Controls

12. Slide 12 Understand and Use Management’s Assessment and Documentation as a Starting Point #1: Take advantage of company’s ICFR evaluation testing and documentation in year before first integrated audit –Knowledge share –Foundation for future audits –Established approach –Effect on substantive testing

13. Slide 13 Understand and Use Management’s Assessment and Documentation as Starting Point #2: Early and frequent communication/coordination with management yields more effective/efficient audit process Support audit efficiency through existing evaluation process Provide suggestions and considerations for effective and efficient assessment

14. Slide 14 Understand and Use Management’s Assessment and Documentation as a Starting Point #3: Coordinate timing of management's work to enable use by the auditor Establish timelines with management Hold periodic status meetings Update the audit committee on progress

15. Slide 15 Understand and Use Management’s Assessment and Documentation as a Starting Point #4: Identify/assess risks and controls that may have pervasive effects on the assessment and effectiveness of ICFR Early identification of pervasive deficiencies can eliminate unnecessary testing Early identification of effective entity-level controls may eliminate the need to test lower level controls

16. Slide 16 Understand and Use Management’s Assessment and Documentation as a Starting Point #5: Consider implications of any unremediated deficiencies Discuss management's plans to remediate, if any Consider effect on the ICFR audit Consider effect on the financial statement audit (i.e. planned control reliance strategy)

17. Slide 17 Integrate the Audits #6: Plan audit of ICFR and audit of financial statements as a single integrated audit Conduct a single risk assessment Where a controls reliance approach is not used, consider the results of substantive tests for risk implications for the audit of ICFR Increased efficiency through reduced effort related to substantive testing in the financial statement audit

18. Slide 18 Integrate the Audits #7: Consider employing controls reliance approach in first year of required Section 404(b) audit of ICFR Assess the effectiveness of controls that affect the controls reliance approach early Early coordination and testing provide for effective and efficient implementation of this approach

19. Slide 19 Integrate the Audits #8: Perform control tests in conjunction with substantive tests where audit procedures meet objectives of both A single test may achieve more than one objective Identify areas for dual purpose/concurrent testing: –Management estimates –Account reconciliations –Roll-forward procedures –Sampling

20. Slide 20 Integrate the Audits #9: The results of substantive testing should inform the ICFR risk assessment and control effectiveness conclusions Evaluate results of substantive tests and their implication on the effectiveness of internal control Design the integrated approach to include consideration of substantive testing results Results of substantive tests do not, on their own, provide sufficient evidence to conclude that internal control is effective

21. Slide 21 Integrate the Audits #10: Coordinate ICFR and substantive tests among those performing the work Integrated teams: –Reduce duplicative efforts –Facilitate testing to achieve objectives of the internal control audit and the financial statement audit

22. Slide 22 Establish the Right Team #11: Planning and execution of an integrated audit requires early, close and continuous involvement by experienced engagement team members Plan for more partner, manager, and specialist involvement Timely review and supervision…in every phase

23. Slide 23 Establish the Right Team #12: Involve auditors with ICFR auditing experience or integrated audit training Take advantage of the learning curve Provide training, including COSO and AS5 Recognize importance of on-the-job training

24. Slide 24 Identify Material Risks to Reliable Financial Reporting #13: Apply a top-down, risk-based approach to identify significant accounts and disclosures and their relevant assertions Begin at the financial statement level, not process or control level, then consider disaggregating line items Use professional judgment to identify material risks

25. Slide 25 Identify Material Risks to Reliable Financial Reporting #14: Tailor the audit approach based on a refined risk assessment Carefully design the risk assessment process –Consider “what could go wrong” (in a material sense) –Focus at the assertion level

26. Slide 26 Identify Material Risks to Reliable Financial Reporting #15: Achieve AS5 paragraph 34 objectives by performing different combinations of procedures, including walkthroughs Walkthroughs are not required by AS5; however they are frequently the most effective method –Confirm understanding through planning, risk assessment and other activities performed –Consider prior year results and changes –Develop and ask probing questions

27. Slide 27 Identify Material Risks to Reliable Financial Reporting #16: IT applications and their control environment influence the identification of financial reporting risks Consider IT-related risks as part of the overall risk assessment Gain efficiency through automated controls When general IT controls are deemed ineffective, consider whether automated controls can be tested directly

28. Slide 28 Identify Controls Necessary to Sufficiently Address Identified Risks #17: Apply a top-down approach to identify controls that sufficiently address identified risks Consider: –Entity level controls that are direct and precise and may eliminate other control testing –Entity level controls that may reduce but not eliminate other control testing –Automated controls –Manual transaction-level controls –Preventive and detective controls

29. Slide 29 Take a Risk-Based Approach to Testing Identified Controls #18: Maximize opportunities for using the work of others Assess the competence and objectivity of the persons performing the work –Individuals may include internal audit, 3 rd parties, and/or other company employees –Competence should relate to the control being tested Consider risk associated with the control Discuss nature, timing and extent of testing with management

30. Slide 30 Take a Risk-Based Approach to Testing Identified Controls #19: Vary the nature, timing, and extent of controls testing based on risk associated with each control Make use of existing knowledge (every control does not need to be tested to the same extent each year) Flexibility exists in varying timing of control testing Statistical sampling not required for all testing Benchmarking strategies

31. Slide 31 Take a Risk-Based Approach to Testing Identified Controls #20: Testing controls at an interim date may improve effectiveness and efficiency of integrated audit Supports planned control reliance Perform substantive testing procedures at an interim date concurrent with control testing Consider relevant risks and other factors to determine whether, and to what extent, roll-forward or update testing is necessary

32. Slide 32 Take a Risk-Based Approach to Testing Identified Controls #21: An ineffectively designed control need not be tested for operating effectiveness Testing may cease when sufficient evidence indicates a control is not designed effectively or does not operate effectively May need to test remediated controls

33. Slide 33 Available Resources PCAOB Auditing Standard No. 5: An Audit of Internal Control Over Financial Reporting That is Integrated with an Audit of Financial Statements http://www.pcaobus.org/Standards/Standards_and_Related_Rules/Auditing_Standard_No.5.aspx PCAOB Staff Guidance for Auditors of Smaller Public Companies - AN AUDIT OF INTERNAL CONTROL THAT IS INTEGRATED WITH AN AUDIT OF FINANCIAL STATEMENTS (Pending) http://www.pcaobus.org/Standards/Standards_and_Related_Rules/AS5/Guidance.pdf SEC Guidance Regarding Management’s Report on Internal Control Over Financial Reporting Under Section 13(a) or 15(d) of the Securities Exchange Act of 1934 http://www.sec.gov/rules/interp/2007/33- 8810.pdfhttp://www.sec.gov/rules/interp/2007/33- 8810.pdf COSO Internal Control – Integrated Framework - http://www.coso.org/IC-IntegratedFramework- summary.htmhttp://www.coso.org/IC-IntegratedFramework- summary.htm COSO Guidance on Monitoring Internal Control Systems (Exposure Draft) http://www.coso.org/guidance.htm http://www.coso.org/guidance.htm COSO Internal Control Over Financial Reporting – Guidance for Smaller Public Companies http://www.coso.org/ICFR-GuidanceforSPCs.htm

34. Slide 34 Questions & Summary

35. Slide 35 Join the CAQ today! Visit www.theCAQ.org/members or call 1-888-817-3277

36. Slide 36 Thank you for participating! Please visit us at www.theCAQ.org or call 1-888-817-3277