Presentation is loading. Please wait.

Presentation is loading. Please wait.

The Sarbanes-Oxley Act of 2002 1 PricewaterhouseCoopers Introduction of Panel Members The Sarbanes-Oxley Act of 2002 Sample testing of controls Marcus.

Published byJanel Lucas Modified over 9 years ago

Similar presentations

Presentation on theme: "The Sarbanes-Oxley Act of 2002 1 PricewaterhouseCoopers Introduction of Panel Members The Sarbanes-Oxley Act of 2002 Sample testing of controls Marcus."— Presentation transcript:

1 The Sarbanes-Oxley Act of 2002 1 PricewaterhouseCoopers Introduction of Panel Members The Sarbanes-Oxley Act of 2002 Sample testing of controls Marcus Wagner, Senior Manager Insert Worlds Image / Client Specific Image Here 

2 The Sarbanes-Oxley Act of 2002 2 PricewaterhouseCoopers Overview  Nature and extent of controls testing  Determining the number of items for controls testing  Manually applied controls  Automated controls  Evaluating the results of controls tests  Determining the acceptable exception rate  Dealing with exceptions

3 The Sarbanes-Oxley Act of 2002 3 PricewaterhouseCoopers Extent of controls testing When testing controls, decide the extent of testing by considering:  The significance of the risk addressed by the control  Our assessment of the control environment  The importance of the control to addressing the risk  The degree to which the control is cumulative  The risk that observation of controls and answers to inquiries may not accurately represent the proper and continued operation of the controls

4 The Sarbanes-Oxley Act of 2002 4 PricewaterhouseCoopers Extent of controls testing  The extent of validation of the controls we seek to rely on varies depending on the type of control we plan to validate.  Generally, more testing will be required for manual controls than automated controls.  Manually applied controls are more prone to mistakes and random failures  Automated controls previously validated should continue to be reliable, as long as the general computer controls around the computer systems are working effectively.

5 The Sarbanes-Oxley Act of 2002 5 PricewaterhouseCoopers Determining the number of items for controls testing In determining the number of items for controls testing, we consider the overall factors listed above as well as:  When manual oversight or involvement is a necessary part of a control we plan to test (e.g., exception reports, analysis, evaluation, data input, information matching), we generally test more items than when a control is an automated system control.  The more frequently the manual control procedure is performed (e.g., daily as opposed to monthly), generally the more items we test.  The more we plan to rely on a control, the more items we test.

6 The Sarbanes-Oxley Act of 2002 6 PricewaterhouseCoopers Determining the number of items for controls testing (cont)  The more assurance we expect to receive from other audit procedures related to the risk that the control addresses, the fewer items we need to test.  The longer the relevant time period (e.g., year or quarter), generally the more items we test because we want evidence that the control was properly functioning throughout the period.  Generally when control procedures are more complex we test more items.

7 The Sarbanes-Oxley Act of 2002 7 PricewaterhouseCoopers Manually applied controls When testing manual controls, we generally examine at least:  2 items for controls performed quarterly  3 items for controls performed monthly  10 items for controls performed weekly  20 items for controls performed daily  30 items for controls performed multiple times per day Testing more items may be necessary as we consider the factors previously mentioned. For example, if we expect a significant amount of controls comfort from a manual control performed multiple times per day, we may test 5-10 items per month throughout the year.

8 The Sarbanes-Oxley Act of 2002 8 PricewaterhouseCoopers Automated controls  For an automated control, the number of items required to be tested is generally minimal.  This is because, where we are relying on any automated controls, we will normally test general computer controls to be satisfied that the automated control continues to function properly.  As a general guideline, selecting one item for testing may be sufficient. For example, the system automatically tests the completeness of sales transactions by checking the sequence of serially numbered shipping documents and reporting missing or duplicate numbers for manual investigation.  If the general computer controls are effective, we might need to test the system only once to verify that it, indeed, performs this check. Testing of the manual investigation of the exceptions, however, would be more extensive, as discussed above.

9 The Sarbanes-Oxley Act of 2002 9 PricewaterhouseCoopers Evaluating the results of controls tests  We evaluate the results of testing to determine if it has provided sufficient evidence that a control is achieving its objectives.  We accept that a control is achieving its objectives when we find no or negligible exceptions.  The definition of negligible exceptions is a matter of professional judgment and depends largely on:  The nature and importance of the control, and  The degree of audit comfort we are seeking from the control.  The more exceptions we find, the more limited our audit comfort. As general rules of thumb, to obtain a significant amount of comfort from controls, we generally accept no exceptions when we test fewer than 10 items and no more than 10% exceptions when we test more than 10 items.

10 The Sarbanes-Oxley Act of 2002 10 PricewaterhouseCoopers Determining the acceptable exception rate Questions to consider in determining the acceptable exception rate for manual controls include:  How much comfort is desired?  What is the purpose of the control?  How important is the control to the reliability of the data?  How important is the related financial statement assertion being tested?  Is the control preventative or detective?

11 The Sarbanes-Oxley Act of 2002 11 PricewaterhouseCoopers Determining the acceptable exception rate (cont)  Is there an industry or regulated level of expected performance?  Are there other controls or processes that also address the same risk or assertion?  Who completes the control procedure?  How effective is the control if it is performed less than 100% of the time?

12 The Sarbanes-Oxley Act of 2002 12 PricewaterhouseCoopers Dealing with exceptions When exceptions are found, we should consider their qualitative aspects, including the:  Nature and cause of the deviations  Possible relationship of the deviations to other areas of the audit When we find an unacceptably high rate of exceptions, after inquiring into the reasons, we may:  Place no reliance on the control  Find out that we did not understand the control and begin the process again

13 The Sarbanes-Oxley Act of 2002 13 PricewaterhouseCoopers Dealing with exceptions (cont)  Determine, based on professional judgment and the engagement facts and circumstances, that the control provides a limited degree of controls comfort  Test more items because we believe more testing might provide evidence that the control is functioning properly at an acceptably high level. We should first understand the nature of the exceptions detected and believe additional testing would be beneficial. If we decide to conduct additional testing, a rule of thumb is to examine at least as many additional items as we examined initially or 10 additional items, whichever is less. Professional judgment is required to determine if the aggregate results provide sufficient evidence that the control is functioning effectively.

14 The Sarbanes-Oxley Act of 2002 14 PricewaterhouseCoopers Questions

Download ppt "The Sarbanes-Oxley Act of 2002 1 PricewaterhouseCoopers Introduction of Panel Members The Sarbanes-Oxley Act of 2002 Sample testing of controls Marcus."

Similar presentations

G L O B A L S E R V I C E / I N D U S T R Y A U D I T / T A X / A D V I S O R Y / L I N E O F B U S I N E S S SAS 112 Presentation California State University.

G L O B A L S E R V I C E / I N D U S T R Y A U D I T / T A X / A D V I S O R Y / L I N E O F B U S I N E S S SAS 112 Presentation California State University.
Overview of IS Controls, Auditing, and Security Fall 2005.

Overview of IS Controls, Auditing, and Security Fall 2005.
Chapter 1 An Introduction to Assurance and Financial Statement Auditing McGraw-Hill/Irwin Copyright © 2012 by The McGraw-Hill Companies, Inc. All rights.

Chapter 1 An Introduction to Assurance and Financial Statement Auditing McGraw-Hill/Irwin Copyright © 2012 by The McGraw-Hill Companies, Inc. All rights.
Learning Objectives LO1 Describe the current audit environment, including developments in regulatory oversight and provincial regulation of public accountants.

Learning Objectives LO1 Describe the current audit environment, including developments in regulatory oversight and provincial regulation of public accountants.
Discussion on SA-500 – AUDIT EVIDENCE

Discussion on SA-500 – AUDIT EVIDENCE
An Introduction to Assurance and Financial Statement Auditing

An Introduction to Assurance and Financial Statement Auditing
[Hayes, Dassen, Schilder and Wallage, Principles of Auditing An Introduction to ISAs, edition 2.1] © Pearson Education Limited 2007 Slide 10A.1 Audit Sampling.

[Hayes, Dassen, Schilder and Wallage, Principles of Auditing An Introduction to ISAs, edition 2.1] © Pearson Education Limited 2007 Slide 10A.1 Audit Sampling.
Planning the Audit/Assessing Risks and Response to Risks 2222 Presented by s Mrs Marie Louise Teng Hing Voon, FCA Partner BDO Mauritius Member of Audit.

Planning the Audit/Assessing Risks and Response to Risks 2222 Presented by s Mrs Marie Louise Teng Hing Voon, FCA Partner BDO Mauritius Member of Audit.
Chapter 13: Audit Sampling Spring 2007. Overview of Sampling.

Chapter 13: Audit Sampling Spring Overview of Sampling.
18- 1 © 2006 The McGraw-Hill Companies, Inc., All Rights Reserved. Chapter 18 Integrated Audits of Internal Control (For Public Companies Under Sarbanes-Oxley.

18- 1 © 2006 The McGraw-Hill Companies, Inc., All Rights Reserved. Chapter 18 Integrated Audits of Internal Control (For Public Companies Under Sarbanes-Oxley.
Audit Sampling: An Overview and Application to Tests of Controls

Audit Sampling: An Overview and Application to Tests of Controls
BA 427 – Assurance and Attestation Services

BA 427 – Assurance and Attestation Services
Nature of an Integrated Audit

Nature of an Integrated Audit
Lecture 8 Understanding entity and its environment

Lecture 8 Understanding entity and its environment
Financial Audit Autonomous Bodies Internal Control and Risk Assessment Session 1.8 1 Internal Control and Risk Assessment.

Financial Audit Autonomous Bodies Internal Control and Risk Assessment Session Internal Control and Risk Assessment.
AUDIT PROCEDURES. Commonly used Audit Procedures Analytical Procedures Analytical Procedures Basic Audit Approaches - Basic Audit Approaches - System.

AUDIT PROCEDURES. Commonly used Audit Procedures Analytical Procedures Analytical Procedures Basic Audit Approaches - Basic Audit Approaches - System.
Auditing & Assurance Services, 6e

Auditing & Assurance Services, 6e
Learning Objectives LO1 Distinguish between management and auditor’s responsibilities regarding an auditee organization’s internal controls. LO2 Explain.

Learning Objectives LO1 Distinguish between management and auditor’s responsibilities regarding an auditee organization’s internal controls. LO2 Explain.
Audit Evidence Advanced Auditing Lecture 3 Dr. Mohamed A. Hamada.

Audit Evidence Advanced Auditing Lecture 3 Dr. Mohamed A. Hamada.
Auditing Internal Control over Financial Reporting

Auditing Internal Control over Financial Reporting

Similar presentations

Ads by Google