Presentation is loading. Please wait.

Presentation is loading. Please wait.

NO FRAUD LEFT BEHIND The Effect of New Risk Assessment Auditing Standards on Schools Runyon Kersteen Ouellette.

Published byMarcus Stevenson Modified over 9 years ago

Similar presentations

Presentation on theme: "NO FRAUD LEFT BEHIND The Effect of New Risk Assessment Auditing Standards on Schools Runyon Kersteen Ouellette."— Presentation transcript:

1 NO FRAUD LEFT BEHIND The Effect of New Risk Assessment Auditing Standards on Schools Runyon Kersteen Ouellette

2 Risk Assessment Standards Statements on Auditing Standards Statements on Auditing Standards SAS 104 – 111 (risk assessment) SAS 104 – 111 (risk assessment) Other recently issued standards Other recently issued standards SAS 112 – 115 SAS 112 – 115 How will these new audit standards affect school audits? How will these new audit standards affect school audits?

3 SAS 104 Due professional care in the performance of work Due professional care in the performance of work Clarified the definition of reasonable assurance Clarified the definition of reasonable assurance Emphasized that reasonable assurance is a high level of assurance, but not absolute assurance Emphasized that reasonable assurance is a high level of assurance, but not absolute assurance

4 SAS 105 Amendment to SAS 95, Generally Accepted Auditing Standards Amendment to SAS 95, Generally Accepted Auditing Standards Expands the scope of the understanding that the auditor is required to obtain from “internal control” to “the entity and its environment, including its internal control” Expands the scope of the understanding that the auditor is required to obtain from “internal control” to “the entity and its environment, including its internal control”

5 SAS 105 Emphasizes that the understanding is obtained to “assess the risk of material misstatement of the financial statements” Emphasizes that the understanding is obtained to “assess the risk of material misstatement of the financial statements” The understanding of the entity and its internal control is part of the audit evidence that supports the opinion The understanding of the entity and its internal control is part of the audit evidence that supports the opinion Used to be only part of the audit planning Used to be only part of the audit planning

6 SAS 106 Audit evidence Audit evidence Identifies “risk assessment procedures” as procedures performed to obtain an understanding of the entity in order to assess the risk of material misstatement Identifies “risk assessment procedures” as procedures performed to obtain an understanding of the entity in order to assess the risk of material misstatement

7 SAS 106 Evidence obtained from performing risk assessment procedures, including gaining an understanding of the entity and its environment, including its internal controls as well as tests of controls and substantive procedures is part of the evidence obtained to support the audit opinion (not just to plan the audit) Evidence obtained from performing risk assessment procedures, including gaining an understanding of the entity and its environment, including its internal controls as well as tests of controls and substantive procedures is part of the evidence obtained to support the audit opinion (not just to plan the audit)

8 SAS 106 Risk assessment procedures include: Risk assessment procedures include: Inquiries of management and others Inquiries of management and others Analytical procedures Analytical procedures Observation and inspection Observation and inspection Inquiry alone is no longer sufficient to evaluate controls and whether they have been implemented Inquiry alone is no longer sufficient to evaluate controls and whether they have been implemented

9 SAS 107 Audit risk and materiality in conducting an audit Audit risk and materiality in conducting an audit Auditors can no longer default to maximum risk (instead of testing controls) Auditors can no longer default to maximum risk (instead of testing controls) Materiality should take qualitative considerations into account as well as quantitative Materiality should take qualitative considerations into account as well as quantitative

10 SAS 108 Planning and supervision Planning and supervision New guidance on development of overall audit strategy and audit plan New guidance on development of overall audit strategy and audit plan Establish an understanding with the client Establish an understanding with the client What is management’s responsibility compared to the auditor’s responsibility What is management’s responsibility compared to the auditor’s responsibility

11 SAS 109 Understanding the entity and its environment and assessing the risks of material misstatements Understanding the entity and its environment and assessing the risks of material misstatements Understanding the entity: Understanding the entity: Industry, regulatory, and other external factors Industry, regulatory, and other external factors Nature of the entity Nature of the entity Objectives and strategies and the related risks Objectives and strategies and the related risks Measurement and review of financial performance Measurement and review of financial performance Internal control, which includes accounting policies Internal control, which includes accounting policies

12 SAS 109 Understanding of internal control Understanding of internal control Evaluating design of a control Evaluating design of a control Determining whether it has been implemented Determining whether it has been implemented Evaluating the design of control involves considering whether the control, individually or in combination with other controls, is capable of effectively preventing or detecting and correcting material misstatements Evaluating the design of control involves considering whether the control, individually or in combination with other controls, is capable of effectively preventing or detecting and correcting material misstatements

13 SAS 109 Components of internal control: Components of internal control: Control environment – tone of organization Control environment – tone of organization Risk assessment – identification and analysis of relevant risks Risk assessment – identification and analysis of relevant risks Information and communication systems – identification, capture and communication of information Information and communication systems – identification, capture and communication of information Control activities – policies and procedures Control activities – policies and procedures Monitoring – assessment of the quality of internal control performance Monitoring – assessment of the quality of internal control performance

14 Control Environment Primary responsibility for the prevention and detection of fraud and errors rests with those charged with governance and management Primary responsibility for the prevention and detection of fraud and errors rests with those charged with governance and management The absence or inadequacy of such programs and controls may constitute a significant deficiency or material weakness The absence or inadequacy of such programs and controls may constitute a significant deficiency or material weakness

15 Control Environment Communication and enforcement of integrity and ethical values Communication and enforcement of integrity and ethical values Commitment to competence Commitment to competence Participation of those charged with governance Participation of those charged with governance Management’s philosophy and operating style Management’s philosophy and operating style Organizational structure Organizational structure Assignment of authority and responsibility Assignment of authority and responsibility Human resource policies and practices Human resource policies and practices

16 Risk Assessment Risk assessment process for financial reporting purposes is its identification, analysis, and management of risks relevant to the preparation of financial statements that are presented fairly in conformity with GAAP Risk assessment process for financial reporting purposes is its identification, analysis, and management of risks relevant to the preparation of financial statements that are presented fairly in conformity with GAAP

17 Risk Assessment Risks relevant to financial reporting: Risks relevant to financial reporting: Changes in operating environment Changes in operating environment New personnel New personnel New or revamped information systems New or revamped information systems Rapid growth Rapid growth New accounting pronouncements New accounting pronouncements

18 Information and Communication Systems Information systems consist of procedures, whether automated or manual, and records established to initiate, authorize, record, process, and report entity transactions and to maintain accountability for the related assets, liabilities and equity Information systems consist of procedures, whether automated or manual, and records established to initiate, authorize, record, process, and report entity transactions and to maintain accountability for the related assets, liabilities and equity

19 Information and Communication Systems Communication involves providing an understanding of individual roles and responsibilities pertaining to internal control over financial reporting Communication involves providing an understanding of individual roles and responsibilities pertaining to internal control over financial reporting

20 Control Activities Authorization Authorization Segregation of duties Segregation of duties Safeguarding Safeguarding Asset accountability Asset accountability

21 Monitoring Management is responsible for establishing and maintaining internal controls on an ongoing basis Management is responsible for establishing and maintaining internal controls on an ongoing basis Monitoring controls includes determining whether internal controls are operating as intended and modifying as appropriate for changes in conditions Monitoring controls includes determining whether internal controls are operating as intended and modifying as appropriate for changes in conditions Monitoring is done to ensure that controls continue to operate effectively Monitoring is done to ensure that controls continue to operate effectively

22 SAS 110 Performing audit procedures in response to assessed risks and evaluating the audit evidence obtained Performing audit procedures in response to assessed risks and evaluating the audit evidence obtained Requires tests of controls to obtain audit evidence about their operating effectiveness when assessment of risks is based on the expectation that controls are operating effectively Requires tests of controls to obtain audit evidence about their operating effectiveness when assessment of risks is based on the expectation that controls are operating effectively

23 SAS 112 Communicating internal control related matters identified in an audit Communicating internal control related matters identified in an audit Defines the terms significant deficiency and material weakness (revised by SAS 115) Defines the terms significant deficiency and material weakness (revised by SAS 115) Provides guidance on the severity of control deficiencies Provides guidance on the severity of control deficiencies Requires communication in writing to management and those changed with governance Requires communication in writing to management and those changed with governance

24 Control Deficiency Exists when the design or operation of a control does not allow management or employees, in the normal course of performing their assigned functions, to prevent or detect misstatements on a timely basis Exists when the design or operation of a control does not allow management or employees, in the normal course of performing their assigned functions, to prevent or detect misstatements on a timely basis

25 Control Deficiency Deficiency in design exists when: Deficiency in design exists when: a control necessary to meet the control objective is missing or a control necessary to meet the control objective is missing or an existing control is not properly designed so that even if the control operates as designed, the control objective is not always met an existing control is not properly designed so that even if the control operates as designed, the control objective is not always met

26 Control Deficiency Deficiency in operation exists when: Deficiency in operation exists when: a properly designed control does not operate as designed or a properly designed control does not operate as designed or when the person performing the control does not possess the necessary authority or qualifications to perform the control effectively when the person performing the control does not possess the necessary authority or qualifications to perform the control effectively

27 SIGNIFICANT DEFICIENCY (SAS 112) A control deficiency, or combination of control deficiencies, that adversely affects the entity’s ability to initiate, authorize, record, process, or report financial data reliably in accordance with generally accepted accounting principles such that there is more than a remote likelihood that a misstatement of the entity’s financial statements that is more than inconsequential will not be prevented or detected A control deficiency, or combination of control deficiencies, that adversely affects the entity’s ability to initiate, authorize, record, process, or report financial data reliably in accordance with generally accepted accounting principles such that there is more than a remote likelihood that a misstatement of the entity’s financial statements that is more than inconsequential will not be prevented or detected

28 SIGNIFICANT DEFICIENCY (SAS 115) A deficiency, or a combination of deficiencies, in internal control that is less severe than a material weakness, yet important enough to merit attention by those charged with governance A deficiency, or a combination of deficiencies, in internal control that is less severe than a material weakness, yet important enough to merit attention by those charged with governance

29 Material Weakness (SAS 112) A significant deficiency, or a combination of significant deficiencies, that results in more than a remote likelihood that a material misstatement of the financial statements will not be prevented or detected A significant deficiency, or a combination of significant deficiencies, that results in more than a remote likelihood that a material misstatement of the financial statements will not be prevented or detected

30 Material Weakness (SAS 115) A deficiency, or combination of deficiencies, in internal control, such that there is a reasonable possibility that a material misstatement of the entity’s financial statements will not be prevented, or detected and corrected on a timely basis A deficiency, or combination of deficiencies, in internal control, such that there is a reasonable possibility that a material misstatement of the entity’s financial statements will not be prevented, or detected and corrected on a timely basis

31 Material Weakness (SAS 115) Identification of fraud, whether or not material, on the part of senior management Identification of fraud, whether or not material, on the part of senior management Restatement of previously issued financial statements to reflect the correction of a material misstatement due to error or fraud Restatement of previously issued financial statements to reflect the correction of a material misstatement due to error or fraud

32 Material Weakness (SAS 115) Identification by the auditor of a material misstatement of the financial statements under the audit in circumstances that indicate that the misstatement would not have been detected by the entity’s internal control Identification by the auditor of a material misstatement of the financial statements under the audit in circumstances that indicate that the misstatement would not have been detected by the entity’s internal control Ineffective oversight of the entity’s financial reporting and internal control by those charged with governance Ineffective oversight of the entity’s financial reporting and internal control by those charged with governance

33 SAS 114 Auditor’s communication with those charged with governance Auditor’s communication with those charged with governance Supersedes SAS 61 Supersedes SAS 61 Requires communication before and after the audit Requires communication before and after the audit

34 SAS 114 Planned scope and timing of audit Planned scope and timing of audit Assist those charged with governance in understanding the consequences of the auditor’s work Assist those charged with governance in understanding the consequences of the auditor’s work Discussing issues of risk and materiality Discussing issues of risk and materiality Identifying any areas that those charged with governance request the auditor to undertake additional procedures Identifying any areas that those charged with governance request the auditor to undertake additional procedures Assist auditor to understand the entity and its environment Assist auditor to understand the entity and its environment

35 SAS 114 Auditor’s responsibilities under GAAS Auditor’s responsibilities under GAAS Significant findings from audit Significant findings from audit Qualitative aspects of the entity’s significant accounting practices, including policies, estimates, and disclosures Qualitative aspects of the entity’s significant accounting practices, including policies, estimates, and disclosures Significant difficulties or disagreements Significant difficulties or disagreements Uncorrected misstatements, unless trivial Uncorrected misstatements, unless trivial Other findings or issues Other findings or issues

36 ANY QUESTIONS????

Download ppt "NO FRAUD LEFT BEHIND The Effect of New Risk Assessment Auditing Standards on Schools Runyon Kersteen Ouellette."

Similar presentations

Internal Control and Control Risk

Internal Control and Control Risk
Presented by YOUR NAME THE DATE

Presented by YOUR NAME THE DATE
G L O B A L S E R V I C E / I N D U S T R Y A U D I T / T A X / A D V I S O R Y / L I N E O F B U S I N E S S SAS 112 Presentation California State University.

G L O B A L S E R V I C E / I N D U S T R Y A U D I T / T A X / A D V I S O R Y / L I N E O F B U S I N E S S SAS 112 Presentation California State University.
Internal Control.

Internal Control.
Internal Control Chapter 7 covers two distinct, but related topics:

Internal Control Chapter 7 covers two distinct, but related topics:
Learning Objectives LO1 Describe the current audit environment, including developments in regulatory oversight and provincial regulation of public accountants.

Learning Objectives LO1 Describe the current audit environment, including developments in regulatory oversight and provincial regulation of public accountants.
Review of Introduction to Auditing

Review of Introduction to Auditing
INTERNAL CONTROL. INTERNAL CONTROL DEFINED  INTERNAL CONTROL IS A PROCESS - EFFECTED BY AN ENTITY'S BOARD OF DIRECTORS, MANAGEMENT, AND OTHER PERSONNEL.

INTERNAL CONTROL. INTERNAL CONTROL DEFINED  INTERNAL CONTROL IS A PROCESS - EFFECTED BY AN ENTITY'S BOARD OF DIRECTORS, MANAGEMENT, AND OTHER PERSONNEL.
Standar Pekerjaan Lapangan: Pemahaman Memadai atas Pengendalian Intern Pertemuan 5.

Standar Pekerjaan Lapangan: Pemahaman Memadai atas Pengendalian Intern Pertemuan 5.
SAS 112 Update Chapter 9 Presented by Chris Ray, Partner KPMG LLP KPMG LLP.

SAS 112 Update Chapter 9 Presented by Chris Ray, Partner KPMG LLP KPMG LLP.
6-1 McGraw-Hill/Irwin ©2002 by The McGraw-Hill Companies, Inc. All rights reserved. Chapter 6 Internal Control Evaluation: Assessing Control Risk.

6-1 McGraw-Hill/Irwin ©2002 by The McGraw-Hill Companies, Inc. All rights reserved. Chapter 6 Internal Control Evaluation: Assessing Control Risk.
Auditing A Risk-Based Approach To Conducting A Quality Audit

Auditing A Risk-Based Approach To Conducting A Quality Audit
18- 1 © 2006 The McGraw-Hill Companies, Inc., All Rights Reserved. Chapter 18 Integrated Audits of Internal Control (For Public Companies Under Sarbanes-Oxley.

18- 1 © 2006 The McGraw-Hill Companies, Inc., All Rights Reserved. Chapter 18 Integrated Audits of Internal Control (For Public Companies Under Sarbanes-Oxley.
Internal Control in a Financial Statement Audit

Internal Control in a Financial Statement Audit
CHAPTER 2 FINANCIAL STATEMENT AUDITS AND AUDITORS’ RESPONSIBILITIES Fall 2007 u G enerally Accepted Auditing Standards u Assurance Provided by an Audit.

CHAPTER 2 FINANCIAL STATEMENT AUDITS AND AUDITORS’ RESPONSIBILITIES Fall 2007 u G enerally Accepted Auditing Standards u Assurance Provided by an Audit.
Section 404 Audits of Internal Control and Control Risk

Section 404 Audits of Internal Control and Control Risk
Nature of an Integrated Audit

Nature of an Integrated Audit
Sarbanes-Oxley Project Summary of COSO Framework Presented by Larry Dillehay & Scott Reitan Parkfield Group LLC.

Sarbanes-Oxley Project Summary of COSO Framework Presented by Larry Dillehay & Scott Reitan Parkfield Group LLC.
Statement on Auditing Standards (SAS) 112 Communicating Internal Control Related Matters Identified in an Audit.

Statement on Auditing Standards (SAS) 112 Communicating Internal Control Related Matters Identified in an Audit.
Learning Objectives LO1 Describe the association framework. LO2 Determine whether a PA is associated with financial statements. LO3 Describe the three.

Learning Objectives LO1 Describe the association framework. LO2 Determine whether a PA is associated with financial statements. LO3 Describe the three.

Similar presentations

Ads by Google