Presentation is loading. Please wait.

Presentation is loading. Please wait.

Section 404 Audits Sarbanes-Oxley Act section 404

Published byGeraldine Holmes Modified over 9 years ago

Similar presentations

Presentation on theme: "Section 404 Audits Sarbanes-Oxley Act section 404"— Presentation transcript:

1 Section 404 Audits Sarbanes-Oxley Act section 404
chapter 10 Section 404 Audits Sarbanes-Oxley Act section 404

2 Societe Generale junior trader gambled more than the entire net worth of the bank

3 JP Morgan Chase

4 Committee of Sponsoring Organizations
National Commission on Fraudulent Financial Reporting the “Treadway Commission” Committee of Sponsoring Organizations “COSO”

5 organizations that sponsored the Treadway Commission
COSO Committee of Sponsoring Organizations organizations that sponsored the Treadway Commission American Institute of Certified Public Accountants American Accounting Association Institute of Internal Auditors Institute of Management Accountants Financial Executives Institute

6 Mandeep how does COSO define internal controls ?

7 COSO internal controls day 1 handout
Internal control is a process, effected by those charged with governance, management, and other personnel that is designed to provide reasonable assurance about the achievement of the entity’s objectives with regard to the reliability of financial reporting effectiveness and efficiency of operations compliance with applicable laws and regulations

8 Foreign Corrupt Practices Act 1977
any corporation that has a class of securities registered, or that is required to file reports under the Securities and Exchange Act of 1934

9 U.S. Code TITLE 15--COMMERCE AND TRADE CHAPTER 2B SECURITIES EXCHANGES

10 (ii) transactions are recorded as necessary
(2) Every issuer pursuant to section 78l or … shall– make and keep books, records, and accounts, which, in reasonable detail, accurately and fairly reflect the transactions and dispositions of the assets of the issuer; (B) devise and maintain a system of internal accounting controls sufficient to provide reasonable assurances that– (i) transactions are executed in accordance with management's general or specific authorization; (ii) transactions are recorded as necessary to prepare financial statements in conformity with GAAP, to maintain accountability for assets; (iii) access to assets is permitted only in accordance with management's general or specific authorization; and (iv) the recorded accountability for assets is compared with the existing assets at reasonable intervals and appropriate action is taken with respect to any differences; and

11 Sarbanes-Oxley Act 2002 § 7262. Management assessment of internal controls (a) Rules required The Commission shall prescribe rules requiring …. an internal control report, which shall— (1) state the responsibility of management for establishing and maintaining an adequate internal control structure and procedures for financial reporting; and (2) contain an assessment, as of the end of the most recent fiscal year of the issuer, of the effectiveness of the internal control structure ... (b) Internal control evaluation and reporting …, each registered public accounting firm that …issues the audit report for the issuer shall attest to, and report on, the assessment made by the management of the issuer.

12 PCAOB auditor’s report on internal control
We have audited internal control over financial reporting as of Dec. 31, 2013, based criteria established in Internal Control - Integrated Framework issued by the Committee of Sponsoring Organizations of the Treadway Commission (COSO). MMC’s management is responsible for maintaining effective internal control over financial reporting, and for its assessment of the effectiveness of internal control over financial reporting, included in the accompanying Management Report on Internal Control Over Financial Reporting. Our responsibility is to express an opinion on the company's internal control over financial reporting based on our audits. We conducted our audits in accordance with the standards of the Public Company Accounting Oversight Board. Those standards require that we plan and perform the audits to obtain reasonable assurance about whether effective internal control over financial reporting was maintained in all material respects. Our audits of internal control over financial reporting included obtaining an understanding of internal control over financial reporting, assessing the risk that a material weakness exists, and testing and evaluating the design and operating effectiveness of internal control based on the assessed risk. Our audits also included performing such other procedures as we considered necessary in the circumstances. We believe that our audits provide a reasonable basis for our opinion. A company's internal control over financial reporting is a process designed to provide reasonable assurance regarding the reliability of financial reporting and the preparation of financial statements for external purposes in accordance with generally accepted accounting principles. A company's internal control over financial reporting includes those policies and procedures that (1) pertain to the maintenance of records that, in reasonable detail, accurately and fairly reflect the transactions and dispositions of the assets of the company; (2) provide reasonable assurance that transactions are recorded as necessary to permit preparation of financial statements in accordance with generally accepted accounting principles, and that receipts and expenditures of the company are being made only in accordance with authorizations of management and directors of the company; and (3) provide reasonable assurance regarding prevention or timely detection of unauthorized acquisition, use, or disposition of the company's assets that could have a material effect on the financial statements. Because of its inherent limitations, internal control over financial reporting may not prevent or detect misstatements. Also, projections of any evaluation of effectiveness to future periods are subject to the risk that controls may become inadequate because of changes in conditions, or that the degree of compliance with the policies or procedures may deteriorate. In our opinion, MMC maintained, in all material respects, effective internal control over financial reporting as of December 31, 2013, based on COSO criteria.

13 Rachel Which section of the auditing standards most directly discusses internal controls?

14 Johanna Why are auditors required to understand the client’s internal controls?

15 AU-C 315 Understanding the Entity & Its Environment & Assessing RoMM
.03 The objective of the auditor is to identify and assess the risks of material misstatement, whether due to fraud or error, at the financial statement and relevant assertion levels through understanding the entity and its environment, including the entity's internal control, thereby providing a basis for designing and implementing responses to the assessed risks of material misstatement.

16 Brianna what is the definition of control risk?

17 Control Risk The risk that a misstatement that could occur in an assertion about a class of transaction, account balance, or disclosure and that could be material, either individually or when aggregated with other misstatements, will not be prevented, or detected and corrected, on a timely basis by the entity's internal control.

18 Denise Discuss reasonable assurance.

19 Reasonable Assurance Reasonable assurance. In the context of an audit of financial statements, a high, but not absolute, level of assurance.

20 Clint Under Sarbanes-Oxley management must report on the effectiveness of the company’s internal controls. With Regard to Internal Controls, what STATEMENTS must MANAGEMENT include in their annual report ?

21 Section 404 of Sarbanes-Oxley
management must make the following statements page 159 1 management is responsible for effective internal controls over financial reporting 2 management’s assessment of the effectiveness of the internal controls 3 the framework used to evaluate the effectiveness of the internal controls

22 Evaluate the Effectiveness
management must evaluate the design of internal controls management must test the operating effectiveness of those controls

23 Erin what framework will management use to evaluate the effectiveness of internal controls?

24 Joseba In the standard unmodified audit report
What is management’s responsibility with regard to the financial statements?

25 Management’s Responsibilty
Management is responsible for the preparation and fair presentation of these financial statements in accordance with accounting principles generally accepted in the United States of America; this includes the design, implementation, and maintenance of internal control relevant to the preparation and fair presentation of financial statements that are free from material misstatement, whether due to fraud or error.

26 Controls over Sig Classes of Transactions

27 AU-C 315 The objective of the auditor is to identify and assess the risks of material misstatement, whether due to fraud or error, at the financial statement and relevant assertion levels through understanding the entity and its environment, including the entity's internal control,

28 Page 160 (Design of Internal Control)
Risks related to all relevant assertions Evaluating Significant classes of transactions Identify points in the transactions where material misstatements could occur Identify how each significant class of transactions Initiated Authorized Recorded Processed through the accounting system Reported in the financial statements and disclosures

29 AU-c 315.84 the accounting system
Procedures and records designed to Initiate, authorize, record, process, and report entity transactions Maintain accountability for the assets, liabilities & equity Transfer information to the general ledger Capture information other than transactions that is relevant to the financial statements. e.g. depreciation and amortization of assets, changes in the recoverability of receivables. Ensure information that is required to be disclosed is accumulated, recorded, processed, summarized, and appropriately reported in the financial statements. transactions adjusting journal entries disclosures

30 Makinzie In the standard unmodified audit report
What is the auditor’s responsibility?

31 Auditor’s Responsibilty
Our responsibility is to express an opinion on these financial statements based on our audit. We conducted our audit in accordance with auditing standards generally accepted in the United States of America. Those standards require that we plan and perform the audit to obtain reasonable assurance about whether the financial statements are free from material misstatement. An audit involves performing procedures to obtain audit evidence about the amounts and disclosures in the financial statements. The procedures selected depend on the auditor's judgment, including the assessment of the risks of material misstatement of the financial statements, whether due to fraud or error. In making those risk assessments, the auditor considers internal control relevant to the entity's preparation and fair presentation of the financial statements in order to design audit procedures that are appropriate in the circumstances, but not for the purpose of expressing an opinion on the effectiveness of the entity's internal control. Accordingly, we express no such opinion. An audit also includes evaluating the appropriateness of accounting policies used and the reasonableness of significant accounting estimates made by management, as well as evaluating the overall presentation of the financial statements. We believe that the audit evidence we have obtained is sufficient and appropriate to provide a basis for our audit opinion.

32 Auditors must document their understanding

33 The classes of transactions that are significant
page 160/169 The classes of transactions that are significant Procedures by which those transactions are: Initiated, authorized & recorded what accounting records exist, Processed through the accounting system into the GL, and reported in the financial statements. How the info system captures other events that are significant to the financial statements Reporting process used to prepare the financial statements, including significant estimates and disclosures.

34 COSO – 5 components of internal control
Naomi COSO – 5 components of internal control what are the five components of the internal control framework ?

35 COSO components of internal controls
Control environment Risk assessment Control procedures Information and communication Monitoring

36 COSO components of internal controls
Control environment Risk assessment Control procedures Info & Comm --- Accounting System is part of Monitoring

37 1. Control environment management’s integrity and ethical values
commitment to competence board of directors and audit committee management’s philosophy & operating style organizational structure human resource policies and practices page 163

38 1. Control environment – Audit Committee
Bd of Directors - Audit Committee – Outside Directors Appointment of auditors Resolve differences between management and auditors Oversight of internal audit Approval of non-audit services by auditor page 163

39 COSO components of internal controls
Control environment Risk Assessment (p 165) Control procedures Information and communication Monitoring

40 2. Risk assessment How does the audit client manage risk?
Internal control is a process, effected by those charged with governance, management and other personnel that is designed to provide reasonable assurance about the achievement of the entity’s objectives in the following three categories: Focus on risk oversight page 89

41 Saul what can you assume when the Expected Rate of Return for an investment or project exceeds the interest rate on gov’t insured savings accounts ?

42 business is about managing risk
otherwise companies should invest their money in gov’t insured savings accounts companies invest in risky assets and the auditors must understand how the company manages risks to convert those assets into cash receipts

43 COSO Enterprise Risk Management
Internal environment Objective Setting Event identification Risk assessment Risk response Control activities procedures Information and communication Monitoring

44 COSO components of internal controls
Control environment Risk assessment Control procedures Information and communication Monitoring

45 3. Control Procedures Adequate segregation of duties
Proper authorization of transactions & activities Adequate documents & records Physical controls over assets & records Independent checks on performance

46 The classes of transactions that are significant
page 160/169 The classes of transactions that are significant Procedures by which those transactions are: Initiated, authorized & recorded what accounting records exist, Processed through the accounting system into the GL, and reported in the financial statements. How the info system captures other events that are significant to the financial statements Reporting process used to prepare the financial statements, including significant estimates and disclosures.

47 3. Control Procedures Must separate p. 166
Custody of Assets from Accounting (Record-Keeping) Authorization of Trx from Custody of Related Assets Operational Responsibility from Record-Keeping IT Duties from User Departments

48 3. Control Procedures Must separate Custody of Assets
Authorization of Transactions involving those assets Record-Keeping

49 3. Control Procedures Adequate documents and records
Pre-numbered documents Checks Purchase orders Shipping documents

50

51

52 Stephanie if you discover a check that was not recorded
to which financial statement assertion does an unrecorded check relate ?

53 COSO components of internal controls
Control environment Risk assessment Control procedures Information and communication Monitoring

54 4. Information & Communication / Monitoring
Account balances are used to prepare external financial statements Internal reports are part of management’s feedback for Monitoring operations

55 COSO components of internal controls
Control environment Risk assessment Control procedures Information and communication Monitoring

56 5. Monitoring Internal audit Compare reports with your knowledge of the business Customer complaints Vendor complaints Regulators’ reports Periodic reconciliations

57 Understanding Internal Controls
Obtain an understanding of internal controls The design of internal controls Document understanding Assess Control Risk (preliminary) Test Operating Effectiveness of controls Assess Control Risk (after ToC’s)

58 The classes of transactions that are significant
page 160/169 The classes of transactions that are significant Procedures by which those transactions are: Initiated, authorized & recorded what accounting records exist, Processed through the accounting system into the GL, and reported in the financial statements. How the info system captures other events that are significant to the financial statements Reporting process used to prepare the financial statements, including significant estimates and disclosures.

59 How –gain an understanding Internal Controls
Internal Control Questionnaire p. 172 Prior year’s work papers p. 174 Inquiries of client Examine documents Observe activities – Perform Walkthroughs

60 Internal Controls Questionnaire p. 173
Recorded sales are for shipments actually made to existing customers Existing sales transactions are recorded Recorded sales are for the amount of goods shipped and are correctly billed and recorded Sales transactions are properly included in master files and correctly summarized Recorded sales transactions are properly classified Sales are recorded on the correct dates

61 Internal Controls Questionnaire p. 173 (62-161)-176-207-252
Recorded sales are for shipments actually made to existing customers Existing sales transactions are recorded Recorded sales are for the amount of goods shipped and are correctly billed and recorded Sales transactions are properly included in master files and correctly summarized Recorded sales transactions are properly classified Sales are recorded on the correct dates Occurrence Completeness Accuracy Classification Cutoff

62 Page 59

63 Document- our understanding of Internal Controls
Internal Control Questionnaire p. 173 Narative Flowchart

64 Must assess Control Risk
for each fin statement assertion for each sig class of transaction

65 Control Risk Matrix p. 176 Look at the headings of the columns Audit Objectives / Assertions Must have a control(s) in place for each assertion / objective

66

67 see p. 176 Control Risk Matrix p. 252

68 Tests of Controls if a control is well designed
test if control is operating effectively

69 Internal Control Communications

70 Adrian what is a Control Deficiency? page 176 ---
look at the last 2 lines in Figure 5

71

72 Control deficiency (day one handout)
when the design or operation of a control does not allow management or employees, in the normal course of performing their assigned functions, to prevent, or detect and correct misstatements on a timely basis

73 Control deficiency if a control is not properly designed
Or well designed control may not operate as designed or the person performing the control is not sufficiently qualified

74 Alyxandria what is a Material Weakness in internal control?

75 Material weakness A deficiency, or a combination of deficiencies, in internal control, such that there is a reasonable possibility that a material misstatement of the entity's financial statements will not be prevented, or detected and corrected, on a timely basis.

76 David what is a Significant Deficiency in internal control ?

77 Significant deficiency
A deficiency, or a combination of deficiencies, in internal control that is less severe than a material weakness yet important enough to merit attention by those charged with governance.

78 Material weakness

79 Communications regarding Internal Control
Reportable Conditions significant deficiencies material weaknesses Those charged with governance of the company audit committee board of directors senior management

80 Effectiveness of Internal Controls and Audit Approaches

81

82 for private companies non-SEC companies not covered by Sarbanes-Oxley

83 Emmanuel After evaluating the design of the controls you do not believe the client’s controls would prevent, or detect and correct misstatements even if properly implemented You believe the controls are INeffective How will you preliminarily assess CR ?

84 Kyle After evaluating the design of the controls you do not believe the client’s controls would prevent, or detect and correct misstatements even if properly implemented You believe the controls are INeffective You preliminarily assess CR = High Which audit approach will you take?

85 Laura You believe it would cost less to perform
Tests of Contols than $ubstantive Test$ which audit approach will you take ?

86 Lauren Which types of audit tests will you perform Tests of Controls
evaluate design of controls Tests of Controls test operating effectiveness none some extensive Substantive Tests analytical procedures test of details of account balances none limited extensive

87 Raquel After evaluating the design of the controls you believe the client’s controls would prevent, or detect and correct misstatements if properly implemented You believe they would be Effective if implemented How will you preliminarily assess CR ?

88 Sumner After evaluating the design of the controls you believe the client’s controls would prevent, or detect and correct misstatements if properly implemented You believe they would be Effective if implemented You preliminarily assess CR = Low Which audit approach will you take?

89 Ariana You believe it would cost less to perform
Tests of Contols than $ubstantive Test$ which audit approach will you take ?

90 Haley Which types of audit tests will you perform Tests of Controls
evaluate design of controls Tests of Controls test operating effectiveness none some extensive Substantive Tests analytical procedures test of details of account balances none limited extensive

91 After evaluating the design of the controls you believe the client’s controls would prevent, or detect and correct misstatements if properly implemented You believe they would be Effective if implemented

92 Iris You believe it would cost less to perform
$ubstantive Test$ than Tests of Contols which audit approach will you take ?

93 Jake Which types of audit tests will you perform Tests of Controls
evaluate design of controls Tests of Controls test operating effectiveness none some extensive Substantive Tests analytical procedures test of details of account balances none limited extensive

94 for private companies non-SEC companies not covered by Sarbanes-Oxley

95 Must do extensive Subst Tests
preliminarily assess Subst Tests Less costly than ToC controls effective (CR =Low) extensive limit subst tests => analytical procedures ineffective (CR = MAX) Must do extensive Subst Tests

96 Understand internal controls
Document understanding Evaluate the design of the controls Preliminarily assess control risk Document prelim CR assessment If CR < Low & $ToC < $Sub$t Tests Design and perform ToC Document results of ToC and CR assessment Design and perform limited Subst Tests Document results of Subst Tests If CR = Max or $Sub$t < $ToC Design and perform extensive Subst Tests

97 for public companies SEC companies covered by Sarbanes-Oxley

98

99 Joyce After evaluating the design of the controls you believe the client’s controls would prevent, or detect and correct misstatements if properly implemented You believe they would be Effective if implemented How will you preliminarily assess CR

100 Maria After evaluating the design of the controls you believe the client’s controls would prevent, or detect and correct misstatements if properly implemented You believe they would be Effective if implemented You preliminarily assess CR = Low Which audit approach will you take?

101 Mitch You believe it would cost less to perform
Tests of Contols than $ubstantive Test$ which audit approach will you take ?

102 Abhinav Which types of procedures will you perform Tests of Controls
evaluate design effectiveness Tests of Controls test operating effectiveness none some extensive Substantive Tests analytical procedures test of details of account balances none limited extensive

103 Albert You believe it would cost less to perform
$ubstantive Test$ than Tests of Contols which audit approach will you take ?

104 Emily Which types of procedures will you perform Tests of Controls
evaluate design effectiveness Tests of Controls test operating effectiveness none some extensive Substantive Tests analytical procedures test of details of account balances none limited extensive

105 Hailey After evaluating the design of the controls you do not believe the client’s controls would prevent, or detect and correct misstatements even if properly implemented You believe the controls are INeffective How will you preliminarily assess CR ?

106 Jesse After evaluating the design of the controls you do not believe the client’s controls would prevent, or detect and correct misstatements even if properly implemented You believe the controls are INeffective You preliminarily assess CR = High Which audit approach will you take?

107 Jordan You believe it would cost less to perform
Does it matter which types of tests are least expensive? which audit approach will you take ?

108 Phil Which types of audit tests will you perform Tests of Controls
evaluate design effectiveness Tests of Controls test operating effectiveness none some extensive Substantive Tests analytical procedures test of details of account balance none limited extensive

109 analytical procedures
preliminarily assess Subst Tests Less costly than ToC controls effective (CR < Low) can limit subst tests analytical procedures ineffective (CR = MAX) must do some ToC Extensive Subst Tests Tests of Details

110 Understand internal control structure
Document understanding Evaluate the Design Effectiveness of ICS Design and perform ToC to assess CR Document results of ToC and CR assessment If CR > Low Design and perform extensive Subst Tests Document results of Subst Tests

111 Audit Documentation Workpapers
Must document Record of compliance with GAAS

112

113

114

115

116 109 AICPA Statement on Auditing Standards Understanding the
December 2006 Statement on Auditing Standards 109 AICPA Understanding the Entity and its Environment and Assessing the Risks of Material Misstatement

117

118 Assessing CR < Max

119

120 Assessing control risk
Identify: specific control objectives (assertions) points in the flow of transactions where specific types of misstatements could occur specific controls procedures designed to prevent or detect these misstatements Evaluate the design of control procedures perform tests of the operating effectiveness of controls

121 For each significant class of transactions
For each Management Assertion we will need to assess CR If we assess CR < Max for an Assertion must identify a Control Procedure (strength) Then design & perform a Test of Controls to see if that Procedure is effective

122 credit sales

123

124 Accounts receivable Sales occurrence

125

126

127 Accounts receivable Sales completeness

128

129 Accounts receivable Sales accuracy

130

131 Assess control risk Identify: significant classes of transactions
objectives assertions points where errors or fraud could occur specific controls that would prevent or detect these errors Link specific controls with the assertions to which they relate Evaluate the design of the control Test the operating effectiveness of the control

Download ppt "Section 404 Audits Sarbanes-Oxley Act section 404"

Similar presentations

Internal Control.

Internal Control.
Learning Objectives LO1 Describe the current audit environment, including developments in regulatory oversight and provincial regulation of public accountants.

Learning Objectives LO1 Describe the current audit environment, including developments in regulatory oversight and provincial regulation of public accountants.
The Islamic University of Gaza

The Islamic University of Gaza
Audit of the Sales and Collection Cycle

Audit of the Sales and Collection Cycle
Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1.

Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1.
Assurance and Attestation Services BA 427 Winter 2007 Substantive Procedures Glenn Lovett, Shareholder.

Assurance and Attestation Services BA 427 Winter 2007 Substantive Procedures Glenn Lovett, Shareholder.
Review of Introduction to Auditing

Review of Introduction to Auditing
Chapter 2 Professional Standards “All my growth and development led me to believe that if you really do the right thing, and if you play by the rules,

Chapter 2 Professional Standards “All my growth and development led me to believe that if you really do the right thing, and if you play by the rules,
Standar Pekerjaan Lapangan: Pemahaman Memadai atas Pengendalian Intern Pertemuan 5.

Standar Pekerjaan Lapangan: Pemahaman Memadai atas Pengendalian Intern Pertemuan 5.
Chapter 5 Risk Assessment: Internal Control Evaluation

Chapter 5 Risk Assessment: Internal Control Evaluation
6-1 McGraw-Hill/Irwin ©2002 by The McGraw-Hill Companies, Inc. All rights reserved. Chapter 6 Internal Control Evaluation: Assessing Control Risk.

6-1 McGraw-Hill/Irwin ©2002 by The McGraw-Hill Companies, Inc. All rights reserved. Chapter 6 Internal Control Evaluation: Assessing Control Risk.
Introduction to Financial Statements and Other Financial Reporting Topics COPYRIGHT ©2007 Thomson South-Western, a part of the Thomson Corporation. Thomson,

Introduction to Financial Statements and Other Financial Reporting Topics COPYRIGHT ©2007 Thomson South-Western, a part of the Thomson Corporation. Thomson,
Internal Control. COSO’s Framework Committee of Sponsoring Organizations 1992 issued a white paper on internal control Since this time, this framework.

Internal Control. COSO’s Framework Committee of Sponsoring Organizations 1992 issued a white paper on internal control Since this time, this framework.
Auditing April 1, 2015 1 Chapter Two The CPA Profession just skim the section on Generally Accepted Auditing Standards Page 32-36.

Auditing April 1, Chapter Two The CPA Profession just skim the section on Generally Accepted Auditing Standards Page
Auditing A Risk-Based Approach To Conducting A Quality Audit

Auditing A Risk-Based Approach To Conducting A Quality Audit
18- 1 © 2006 The McGraw-Hill Companies, Inc., All Rights Reserved. Chapter 18 Integrated Audits of Internal Control (For Public Companies Under Sarbanes-Oxley.

18- 1 © 2006 The McGraw-Hill Companies, Inc., All Rights Reserved. Chapter 18 Integrated Audits of Internal Control (For Public Companies Under Sarbanes-Oxley.
Internal Control in a Financial Statement Audit

Internal Control in a Financial Statement Audit
Internal Control. COSO’s Framework Committee of Sponsoring Organizations 1992 issued a white paper on internal control Since this time, this framework.

Internal Control. COSO’s Framework Committee of Sponsoring Organizations 1992 issued a white paper on internal control Since this time, this framework.
Section 404 Audits of Internal Control and Control Risk

Section 404 Audits of Internal Control and Control Risk
Nature of an Integrated Audit

Nature of an Integrated Audit

Similar presentations

Ads by Google