audit engagement developments - coursewebs
TRANSCRIPT
Audit Engagement Developments
Author: Steven Fustolo, CPA
Audit Engagement Developments
1
This publication is designed to provide accurate and authoritative information in regard to the
subject matter covered. It is sold with the understanding that the author and sponsor are not
engaged in rendering legal, accounting, or other professional service. If legal advice or other
expert assistance is required, the services of a competent professional person should be sought-
- From a Declaration of Principles jointly adopted by a Committee of the American Bar
Association and a Committee of Publishers and Associations.
© Copyright 2012: Steven C. Fustolo, All rights reserved.
© Copyright 2012: AICPA Audit Risk Alerts: 2011, 2010, 2009, 2008, 2007, 2006, and 2005. All
rights reserved.
Copies of this document may not be made without expressed written permission from the author.
Audit Engagement Developments
2
ABOUT THE AUTHOR
STEVEN C. FUSTOLO, CPA
Mr. Fustolo is a partner with the Boston CPA firm of James J. Fox & Company. He is a frequent
lecturer and author of numerous tax and accounting issues affecting closely held businesses. An
AICPA author, Mr. Fustolo’s articles are regularly featured in The Practical Accountant and other
publications. He is the author of Practice Issues: Compilation and Review, Accounting and Auditing
Reference Guide, Everything You Never Wanted to Know About GAAP, Enron: Fraud, Deception and
the Aftermath, FASB Review for Industry, Current Developments: Accounting and Financial
Reporting, Making Money with Special Engagements, Understanding the Variable Interest Entity
Rules, and FASB, SSARS and SAS Update and Review and numerous other books and manuals that
have been published by Practitioners Publishing Company (PPC) and Commerce Clearing House
(CCH). He is the recipient of several Outstanding Discussion Leader awards from many professional
organizations including the New York and Florida Societies of CPAs. Mr. Fustolo’s course entitled
FASB, SSARS and SAS Update and Review continues to receive accolades and is regarded as one of the
top live CPE programs in the country today with ratings that average 4.91 on a scale of 5.0. He speaks
regularly for professional groups including being a guest lecturer at the AICPA Advanced Accounting
and Auditing Technical Symposium. Mr. Fustolo is the recipient of the Elijah Watts Sells Award
(AICPA) and Silver Medal (Massachusetts) for scores received on the CPA Examination.
Audit Engagement Developments
3
Audit Engagement Developments
The latest developments affecting audit engagements are addressed in this course. Part of
planning an audit involves consideration of the business and economic environment in which
the client operates. Thus, auditors need to be aware of the various types of fraud that clients
and employees may be committing, especially in light of myriad lawsuits against auditors and
accountants. In addition to applying techniques to limit their liability to their clients and third
parties, auditors are confronting other major problems facing the accounting field, including
compliance with the Sarbanes-Oxley Act. The peer review comments and new auditing
statements provide further guidance on current issues. To deal with the volatility in the
business climate, auditors should focus their efforts in key areas and should take lessons from
litigation. Additionally, in this course, auditors will learn how to perform more efficient
engagements, assess going concerns, advise clients on insurance, audit lease agreements, and
lastly, a section on the issuance of SAS Nos. 122-125 as part of the ASB’s Clarity Project, and
much more.
Section 1:
After reading the Section 1 course material, you will be able to:
Identify the factors that an auditor may consider in assessing overall business risks
Explain specific risks that are important to the auditor
Explain the types of fraud and the three conditions in the fraud triangle
Discuss the primary types of fraudulent cash receipts and cash disbursements
List the symptoms of a high- and low-fraud environment and the specific signs of fraud
Understand the specific audit requirements that deal with fraud that are found in SAS No.
99
Section 2:
After reading the Section 2 course material, you will be able to:
Discuss the specific recommendations made by the Chamber of Commerce to save the
audit profession
Explain the recommendations made by the Big Four report on how to change to global
financial reporting and public company audit procedures
List the AICPA’s top 10 technology issues affecting auditors
Identify the problems growing with Sarbanes including the significant costs, proposed
changes, and its specific impact on small businesses
Discuss the impact changes made by Dodd-Frank will have on auditors
Understand how new laws are driving a new profession of whistleblowers
List the key deficiencies found in peer review
Audit Engagement Developments
4
Section 3:
After reading the Section 3 course material, you will be able to:
Identify key areas in which an auditor should focus to deal with volatility in the business
climate
Compute the four working capital ratios on which an auditor should focus
List the common pitfalls that continue to expose accountants to loss in litigation
Identify the top ten actions to minimize the risk of being sued
Apply suggestions on how a firm can reduce time and increase audit efficiency in an audit
engagement
Identify factors that might raise doubt about an entity’s ability to continue as a going
concern
Understand provisions in a commercial lease that should be eliminated from the tenant’s
perspective
Discuss the auditors’ responsibility for subsequent events
List the requirements that should be followed in a reaudit engagement
Apply to requirements of SAS No. 84 in changing auditors
Understand the public’s perception of accountants and auditors.
Discuss the changes to auditors of service organizations made by SSAE No. 16
Section 4:
After reading the Section 4 course material, you will be able to:
Review the major changes made to auditing standards by the issuance of SAS Nos. 122-
125.
Understand the new audit opinion
Learn about the new modified opinion rules
Identify special purpose financial statements
Use the new engagement letter and management representation letter
Understand the new rules for group audit engagements
Audit Engagement Developments
5
Category: Auditing
Recommended CPE Hours: 16
Level of knowledge: Overview
Prerequisite: None
Advanced Preparation: None
Publication Date: March 31, 2012
Audit Engagement Developments
6
How to use the Materials
You can review these materials on line and then use the Next and Previous buttons or you can print
the materials and read it in that format if you prefer.
There is also a Review/Feedback section(s) in the EBook that reviews the materials at the end of each
significant chapter. The Review/Feedback questions are not graded. They are simply included to assist
you in understanding the material better. The answers to the Review/Feedback sections are located in
the EBook- immediately following the questions. A copy of the exam is at the end of the EBook.
You may find it helpful to print out the paper exam which is located in the back of the EBook and
review it as you go through the course materials. The paper exam and the on-line exam have the
same questions. The advantage of using the online courseware is that your exam is graded instantly.
If you wish to go to the on-line exam go to http://takeexams.cpaselfstudy.com and login using the student id and password you created at your time of purchase. An alternative way to get to the exam is to go to cpaselfstudy.com and simply click on the Student Login icon located towards the top of the webpage and then login
Audit Engagement Developments
7
Audit Engagement Developments
Table of Contents
Description Page
SECTION 1: Auditing Developments (Including the Audit Risk Alerts)
9
General Developments 9
Introduction 9
Implications of the Current Economic Environment 9
Status of the U.S. Economy in 2012 and Its Impact on Auditors 11
Review Questions and Suggested Solutions 32
Client and Employee Fraud 36
General 36
2010 Report to the Nations on Occupational Fraud and Abuse 37
Review Questions and Suggested Solutions 51
Types of Fraud 53
Small Business Fraud 63
Evaluating an Entity’s Fraud Environment 69
Review Questions and Suggested Solutions 75
Time Theft 79
Employee Background Checks and Credit Reports 80
The Auditor’s Role in Dealing with Fraud 81
Specific Fraud Issues 91
Anti-Fraud Measures 105
A Fraud Scorecard 109
Computer Crime and Theft 112
Integrity Survey 113
Correlation Between Bankruptcy and Fraud 115
The CFO Perspective on Their Outside Auditors and Fraud 116
Madoff and the Single Auditor Issue 116
Review Questions and Suggested Solutions 126
SECTION 2: Auditing Developments (Including the Audit Risk Alerts)
130
Attempting to Limit Auditor’s Liability 130
The Viability of the Big Four 146
PCAOB Audit Rotation Proposal 151
Review Questions and Suggested Solutions 155
Retaliation Against Auditors Who Issue Adverse Opinions 158
AICPA’s Top 10 Technology Issues-2011 158
Anti-Sarbanes-Oxley Continues After Ten Years 159
The Impact of Dodd-Frank on Auditors 183
Whistleblowing- The New Profession Acts Like to Oldest Profession 187
Review Questions and Suggested Solutions 192
Peer Review 197
Review Questions and Suggested Solutions 213
SSAE No. 16: Report on Controls at a Service Organization 218
Review Questions and Suggested Solutions 229
Audit Engagement Developments
8
SECTION 3: Accounting and Auditing in Volatile Times
231
Key Focus Areas for the Auditor 231
Review Questions and Suggested Solutions 245
Lessons from Litigation 249
Review Questions and Suggested Solutions 269
Efficient Engagements-Reduce Time, Make More Money Without Increasing Risk 273
Assessing Going Concern 281
The Risk of Vicarious Liability Among CPA Firm Alliance 283
Advising Clients on Insurance-Auditor’s Responsibility 288
Auditing Lease Agreements 290
Practice Issues Relating to Auditing 294
Reaudit Engagements 300
Effectively Using Dual Dating of Reports 301
Changing Auditors 302
Study on Public Perception of Accountants in Jury Trials 303
Review Questions and Suggested Solutions 309
SECTION 4: The ASB’s Clarity Project
314
SAS Nos. 122-125 314
Introduction 314
New SASs With Substantive Changes 317
AU-C 250- Consideration of Laws and Regulations in an Audit of Financial
Statements
318
Review Questions and Suggested Solutions 323
AU-C 265- Communicating Internal Control Related to Matters Identified in an Audit 325
Review Questions and Suggested Solutions 329
AU-C-700- Forming an Opinion and Reporting on Financial Statements 331
AU-C 705- Modifications to the Opinion in the Independent Auditor’s Report 336
Review Questions and Suggested Solutions 342
AU-C- 706- Emphasis-of-Matter Paragraphs and Other-Matter Paragraphs in the
Independent Auditor’s Report
344
Review Questions and Suggested Solutions 352
AU-C 600- Special Considerations- Audits of Group Financial Statements (Including
the Work of Component Auditors)
354
AU-C-800- Special Considerations- Audits of Financial Statements Prepared in
Accordance With Special Purpose Frameworks
363
AU-C 210- Terms of Engagement 380
AU-C 580- Written Representations 383
Review Questions and Suggested Solutions 387
Other SASs Issued in the Clarity Project as Part of SAS Nos. 122-125 392
Glossary
394
Index 397
Exam 398
Audit Engagement Developments
9
Auditing Developments (Including the Audit Risk Alerts)
SECTION 1:
General Developments
I. Introduction:
Throughout the audit process, auditors should consider overall engagement risk.
The three components of engagement risk are as follows:
Client business risk: The risk associated with the entity's survival and profitability.
Auditor’s audit risk: The risk that the auditor may unknowingly fail to appropriately modify
his or her opinion on financial statements that are materially misstated.
Auditor’s business risk: The risk of potential litigation costs from an alleged audit failure
and the risk of other costs such as fee realization and reputational effects from association
with the client.
II. Implications of the Current Economic Environment- Economic
Issues Peculiar to Auditors
In planning an audit, the auditor is required to comply with SAS No. 108, Planning and
Supervision.1 SAS No. 108 requires that the auditor establish an overall audit strategy and
develop an audit plan.
As part of its planning, an auditor must follow SAS No. 109, Understanding the Entity and Its
Environment and Assessing the Risks of Material Misstatement.2 SAS No. 109 requires an
auditor to perform risk assessment procedures to gather information and gain an understanding
of the entity and its environment, including its internal control.
Each industry is subject to specific business risks arising from the nature of the business.
Business risks arise from certain conditions, events and circumstances.
Factors that an auditor may consider in understanding the entity and its environment include:
1 Effective December 31, 2012, SAS No. 108 is replaced by AU-C 300, Planning an Audit.
2 Effective December 31, 2012, SAS No. 109 is replaced by AU-C 315, Understanding the Entity and Its Environment and
Assessing the Risks of Material Missatement.
Audit Engagement Developments
10
1. Industry, regulatory, and other external factors, such as:
The market and competition
Cyclical or seasonal activity
Product technology
Supply availability and cost
Accounting principles and industry-specific practices
Legislation and regulation affecting the entity’s operations
General economic level
Interest rates, financial, inflation and currency revaluation issues
Relevant accounting pronouncements
The legal and political environment
General economic conditions
Competitive and technical conditions
Social conditions
2. Nature of the entity including:
Ownership
Entity’s operations
Governance
Financing sources and structure
Related party transactions
3. Objectives and strategies and related business risks
4. Measurement and review of the entity’s financial performance
5. Internal control, including the selection and application of accounting principles
Any of the above factors can affect several aspects of the audit including going concern, fraud,
internal control, use of accounting estimates, and analytical procedures, to name a few.
Although most risks eventually affect the financial statements, not all such risks result in
material misstatements to the financial statements. Consequently, the auditor is not responsible
for identifying or assessing all business risks.
The seeds are sewn during the good times!
The seeds of accounting and business problems that sprout during an economic downturn are
often planted during stronger economic times. Then, they are reversed during a downturn.
Given the flat economic climate, it is likely that clients laid the groundwork for accounting
issues five years ago during the last boon.
Audit Engagement Developments
11
More specifically, during stronger times:
There is continued pressure on management to generate stronger financial results
commensurate with the stronger economy and stock market.
Management may enter into riskier business ventures during stronger economic times to
fuel continued expectations to improve performance.
Auditors may “let their guard down” during times of economic growth as there is
evidence that a company is doing well and the purported risk of business failure is
relatively low.
Businesses are more likely to set up “rainy day” funds such as inflating liabilities,
allowances and reserves beyond the amounts that are needed, with the plan to reverse
the excess amounts during a downturn.
In the following section, the author discusses several key business and economic conditions
that exist and are expected to exist through 2012 and into 2013.
1. Status of the U. S. economy in 2012 and its impact on auditors:
In general the U. S. economy is still flat, with some limited signs of recovery. Although there
is relatively low inflation and real interest rates, unemployment is still relatively high, hovering
around 8 to 8.5 percent. The real estate market is still in shambles and the capital markets have
not recovered. Consumer confidence is modest as Congress has passed trillions of dollars of
recovery funding over the past few years with little benefit to show for it.
Economic trends that auditors should be aware of include the following:
The real estate market, particularly in the residential housing sector, has not yet
bottomed out as foreclosures continue at a brisk pace.
The delinquency rate of subprime mortgages is still high, driving values in other real
estate downward.
Americans are carrying record levels of personal debt.
The reported unemployment rate continues at around 8 to 8.5 percent.
Although interest rates are still low, credit is difficult to obtain as banks are out of
balance on their capital structures, and underwriting is extensive.
There are a few positive signs that suggest certain segments of the economy are experiencing a
recovery despite the laggard overall economy:
Audit Engagement Developments
12
The stock market has rebounded from a its low level in early 2009, and
There are signs that factory orders have increased in some industries.
Despite the fact that certain segments have rebounded, the inconsistency and volatility of the
overall economy continues to drive concern as investors are unwilling to make significant
investments in capital formation.
2. Specific accounting risks:
In this section, the author identifies certain accounting risks that are a byproduct of the existing
economy, some of which are noted in the previously issued AICPA’s Audit Risk Alert, as
modified by the author.
Risks of inadequate liquidity:
Some entities are more sensitive than others to negative changes in economic conditions,
which can lead to the risk of a going concern issue. In particular, companies that have
significant concentrations in major customers and suppliers are at the greatest risk. Although a
company may have experienced strong growth over the past few years, its major customers and
suppliers may not. The loss of a major customer or supplier could disrupt an otherwise
financially healthy client and, in some cases, result in its demise.
SAS No. 59, The Auditor's Consideration of an Entity's Ability to Continue as a Going
Concern3 provides guidance on evaluating the adequacy of going concern disclosure in
audited financial statements.
As a general rule, auditors should always be mindful about going concern. Factors they should
consider in every audit include:
Negative trends and recurring operating losses or working capital deficiencies
Financial difficulties such as loan defaults or denial of trade credit from suppliers
Concentrations such as reliance on one product line
Legal proceedings or loss of a principal supplier
Ability to obtain external financing, and
Reliance on external financing, rather than internally generated income, as a source of
cash.
Auditors may have to consider whether there is substantial doubt of an entity's ability to
continue as a going-concern for one year from the balance sheet date and whether the auditor
must seek factors that mitigate this fact.
3 Under the Auditing Standards Board’s Clarity Project, SAS No. 59 is expected to be replaced with a new standard
sometime in 2012.
Audit Engagement Developments
13
Ratios to consider in evaluating liquidity
In assessing going concern, an auditor may wish to perform certain cash flow analyses to
assess an entity’s liquidity. Typically, assessing cash flow is more important than evaluating an
entity’s financial position or statement of income.
In particular, two cash flow ratios are effective in assessing liquidity:
Funds Flow Coverage (FFC) Ratio
EBITDA
= Funds Flow Coverage (FFC) Ratio Interest paid + tax-adjusted debt
repayments + tax-adjusted preferred
dividends
Cash Interest Coverage Ratio
Cash from operations + interest paid
= Cash Interest Coverage Ratio Interest paid
The cash interest coverage ratio should always be at least 1.0 resulting in the company having
enough cash to fund its interest.
Risks of collectibility of accounts receivable:
Currently, both consumers and businesses are carrying very high levels of debt that have
resulted in significant increases in business and personal bankruptcies. Receivables could
quickly deteriorate if the economic climate declines.
The quality of accounts receivable due from both domestic and foreign customers, including
the collectibility of amounts due and the adequacy of the allowance for doubtful accounts and
possible loan impairment should be reviewed. Even customers who are showing signs of
recovery may still have severe cash flow problems that may result in the inability to fund
payment of obligations due to their vendors.
Audit procedures with respect to receivables and, in particular, the adequacy of the allowance
for doubtful accounts, include the following:
1. Test the aging, including the reliability of the aging report, review past due accounts,
the client’s history of collecting past due balances, and customer files and credit reports.
2. Obtain publicly available information on major customers to determine their ability to
honor outstanding obligations of the company.
Audit Engagement Developments
14
3. Investigate unusual credit limits or nonstandard payment terms given to customers.
4. Test the realization of receivables (e.g., subsequent collections).
5. Test to ensure that the cash payments credited to an accounts receivable account
actually came from that customer.
6. Perform analytical procedures such as:
Receivables turnover
Bad debts as a percentage of net credit sales
Allowance balance to accounts receivable
Number of days sales in receivables
7. Review revenue and receivables transactions and fluctuations after the balance sheet
date for sales returns and unusual items.
8. Review the collectibility of vendor financing given to customers.
9. Evaluate the reasonableness of the allowance for doubtful accounts by following the
guidance in SAS No. 57, Auditing Accounting Estimates.4
Review and test the process used by management to develop the estimate
Develop an independent expectation of the estimate to corroborate the
reasonableness of the estimate
Review subsequent events or transactions occurring before the completion of field
work, including returns, chargebacks, and payments by customers, and
Perform a retrospective review (as required by SAS No. 99) of the allowance
balance last year by comparing that allowance balance estimate to the actual bad
debt writeoffs after year-end.
Note: SAS No. 99 requires an auditor to perform a retrospective review of significant
estimates to determine whether there was management bias in establishing those
estimates. In performing the retrospective review, the auditor compares the prior
year’s estimate to the actual outcome related to that estimate. For example, in
performing a retrospective review of an allowance for doubtful accounts, the auditor
would compare the prior year’s allowance balance (the estimate) to the actual bad debt
writeoffs recorded after year end. In doing so, the auditor can determine the degree of
4 Effective December 31, 2012, SAS No. 57 is replaced by AU-C 540, Auditing Accounting Estimates, Including Fair
Value Accounting Estimates and Related Disclosures.
Audit Engagement Developments
15
accuracy used in establishing the prior year’s estimate and whether there was
management bias in establishing that prior year’s estimate. Information about the
results of the prior year will assist the auditor in assessing the current year’s estimate.
Risks of inventory writedowns and obsolescence:
In recent years as a whole, companies have efficiently lowered their inventory levels as
demand for their products decreased. Some still have excess inventories that have been held for
a long period of time leading to the question of whether such inventories are salable or
obsolete, requiring a writedown to lower of cost or market value. In addition, if the economy
does slow down, even typically high turnover items may become slow moving.
In auditing companies with significant inventories, auditors should consider the following:
1. An unusual increase in inventory balances, reduced turnover, increased backlog and a
deterioration in the aging of inventories may be signs that there is excess inventory on
hand.
2. Reduced prices and profit margins may cause inventories to be valued over market
value.
3. Idle capacity at a manufacturing facility may result in an overcapitalization of overhead
and a valuation in excess of market value.
4. Certain factors may lead to obsolescence of existing inventory such as:
There may be changes in the product design.
A competitor may introduce a newer, more advanced version of a product.
New products promoted by the industry may have features that are superior to those
of the company’s existing products.
Lower-priced imports may affect the value of existing inventories.
Specific auditing procedures should be performed to determine if inventories are properly
valued and to identify slow moving, excess or obsolete inventories. Suggestions of effective
audit procedures are noted below.
1. Specific auditing procedures to determine if inventories are properly valued include
reviewing:
Product sales trends and expected future demand
Sales forecasts for products in comparison to industry demand
Anticipated technological changes that could affect the value of inventories
New product lines planned by management and the effect of those lines on
existing inventories
Audit Engagement Developments
16
New product announcements by competitors
Economic conditions in markets in which the products are sold
The impact of changes in the regulatory environment on demand for the products
Changes in raw materials prime costs that might affect the pricing of the finished
goods inventories
Pricing trends of products
Changes in the standards used by the industry to value inventories
2. Specific auditing procedures that can be performed to identify slow-moving, excess,
or obsolete inventories include:
Examine and test the inventory turnover, by product, by comparing sales volume
with inventory balances
Review industry trends
Tour the facility to inspect inventories that appear to be obsolete or damaged
Ask personnel about items that may be obsolete
Review sales cancellations and returns after year end
If significant obsolete inventories exist, it may be appropriate to include the matter in the
management representation letter.
Note: ASC 330, Inventory (formerly FASB No. 151), amended guidance for inventory cost
capitalization found in ARB No. 43, Chapter 4, Inventory Pricing. ASC 330 made two changes
to ARB No. 43. First, it requires that abnormal amounts of idle facility expense, freight,
handling costs, and wasted materials (spoilage) be recognized as current period charges and not
capitalized as part of production overhead. Normal amounts of idle facility expense, freight,
handling costs, and wasted materials (spoilage) continue to be capitalized as part of overhead.
The second change is that fixed production overhead should be allocated to inventories based
on normal capacity of the production facilities. Normal capacity is the production expected to
be achieved over a number of periods or seasons under normal circumstances, taking into
account the loss of capacity resulting from planned maintenance. Variable production
overheads continue to be allocated to each unit of production based on actual use of the
production facilities (e.g., actual production volume).
A key change made by ASC 330 is that it requires companies to capitalize fixed overhead
using the greater of normal capacity or actual production in the denominator. In making this
change, the FASB eliminates the risk during an economic downturn, that a company could
overcapitalize fixed overhead by allocating overhead using a lower actual production level.
Risk of impairment of assets:
ASC 360, Property, Plant and Equipment (formerly included FASB No. 144), and ASC 350,
Intangibles-Goodwill and Other (formerly FASB No. 142), encompass the impairment rules
Audit Engagement Developments
17
for long-lived assets. Specifically, ASC 360 applies to fixed assets, real estate, and intangible
assets with finite lives, and requires a company to test such assets for impairment if factors
indicate an impairment may exist. On the other hand, ASC 350 applies to the impairment of
goodwill and intangible assets with indefinite lives, and requires that an annual test for
impairment be performed regardless of the conditions that exist.
Regardless of the trend in the economic cycle, there is the risk that long-lived assets can be
impaired. For example, regardless of whether demand expands or contracts, there is still the
concern that long-lived assets such as equipment may become impaired due to technological
obsolescence.
In addition to equipment, an auditor should focus on the risk that real estate values have
declined due to numerous factors including an overall building glut (supply exceeds demand)
and a slight uptick in interest rates. The result is that companies may have real estate that is
impaired and needs to be tested for that impairment.
Specifically, ASC 360 states that an impairment loss exists when the carrying amount of real
estate or other long-lived assets exceeds its fair value.
Real estate is tested whenever events or changes in circumstances indicate that its carrying
amount may not be recoverable. Examples of events and changes in circumstances that might
warrant a test include:
Significant decline in the market price of the real estate or similar real estate
Continued decline in rental rates and increased vacancies
Failure to meet debt service on a regular basis
Change in the use of the property
Known environmental contamination
Legal changes such as rent control or use restrictions
Auditors should consider whether ASC 360 applies if any of the above factors are present.
Risk of investment writedowns:
ASC 320, Debt and Equity Securities (formerly FASB No. 115) deals with the accounting for
securities. ASC 320 places securities into three categories as follows:
1. Debt securities held-to-maturity: Debt securities that management plans to hold until
maturity.
2. Trading securities: Both debt and equity securities that are bought and held for the
purpose of selling them in the near term (generally within one year).
Audit Engagement Developments
18
3. Available-for-sale securities: Both debt and equity securities that are not categorized as
either held-to-maturity or trading securities, are automatically categorized as available-
for-sale. In this category, management has essentially not decided what it plans to do
with the securities.
The following table summarizes the accounting treatment for investments.
--------------------------Securities------------------------ Non-securities
Debt securities
held to maturity
Trading
securities
Available for
sale securities
All non-security
investments
Type Debt Debt and
equity
Debt and equity Debt and equity
Intent Hold to maturity Sell in the near
term
Undecided Not applicable
Record at Cost Fair value Fair value Cost
Unrealized
gains or losses
Not applicable Presented on
income
statement
Presented in
stockholders’
equity, net of tax
Not applicable
Balance sheet
classification
(current vs.
long-term)
Based on maturity
date
Current even if
sale is expected
beyond one
year
Based on
management’s
intent at year end
Current or non-
current based on
management’s
intent
Other than
temporary
losses
Investment written down and unrealized loss is recognized
An auditor should be aware of several important accounting issues related to the accounting for
investments:
1. Unrealized losses on equity securities: There is the risk that equity security values may
decline in value, resulting in unrealized losses having to be recorded in accordance with
ASC 320 (formerly FASB No. 115). Management may attempt to classify such investments
as available for sale, so that unrealized losses will be presented as part of stockholders’
equity. ASC 320 has strict rules precluding management from shifting between investment
categories except in rare instances.
2. Accounting for held-to-maturity investments: In accordance with ASC 320, an entity must
classify securities into one of three categories: a) held-to-maturity, b) trading, and c)
available for sale. Held-to-maturity securities are recorded at amortized cost, and include
those debt securities that management has the positive intent and ability to hold to maturity.
a. When debt securities decline in value, management may take steps to avoid having to
record the unrealized losses on the income statement. One way is to classify debt
securities as held to maturity so that the investment is recorded at carrying value and the
loss is not recorded. Such an investment may have previously been recorded as
Audit Engagement Developments
19
available for sale thereby requiring management to change the classification of the
investment.
ASC 320 provides a list of changes in circumstances that shall not be considered to be
inconsistent with the original intent of holding the security to maturity. That is, an entity
may change the classification to held-to-maturity.
3. Other than temporary losses: Companies may be holding equity or debt investments
(publicly or non-publicly held), that have significant unrealized losses. Some of the losses
have recovered, while others have not. The accounting for these investments depends on
numerous factors including whether the investments are securities (publicly held), and the
intent of management.
Existing GAAP generally assumes that investments will fluctuate over time and, therefore,
unrealized gains and losses may reverse. However, there are instances in which an
investment has an unrealized loss that management believes will not reverse. That is, the
loss is other-than-temporary and is not likely to recover over time. In such instances,
GAAP provides an overall rule requiring the unrealized loss to become realized and
recognized on the income statement.
Risk of manipulation of estimates and accruals:
It is common for management to use estimates as a means to manage earnings. So called
“rainy-day” or “cookie-jar” funds are used to set aside extra reserves to be reversed to income
when needed in future periods.
Auditors should be aware of the risks associated with management’s use of overly aggressive
estimates; that is, those estimates that may either under- or over-state earnings. Because
estimates are subjective and may be correct within a range, auditors should be able to ascertain
as to whether management’s estimates are reasonable within an acceptable range. Of particular
concern should be changes in estimates that are not supported by reasonable assumptions.
In auditing estimates, an auditor should do the following:
1. Follow the guidance of SAS No. 57, Auditing Accounting Estimates, which provides that in
auditing estimates, the auditor should:
Identify the circumstances that require the estimate
Consider internal control related to developing the estimate
Evaluate the reasonableness of the estimate by reviewing and testing the process
used and the assumptions made, and
Audit Engagement Developments
20
Perform an independent expectation of the estimate.
2. There should be a preponderance of information to support each significant assumption.
The weight of available evidence supports the assumption. In evaluating the assumptions,
an auditor’s consideration should be given as to whether:
The sufficiency of the sources of information about the assumptions has been
considered
The assumptions are consistent with the sources from which they were obtained
The assumptions are consistent with each other and with management’s plans
The information used to develop the assumptions is reliable, and
The logical arguments or theory considered as a whole, are reasonable.
3. Changes in estimates may be acceptable if such a change is supported by real economic
facts. Changes that are not supported by the underlying economics of the business are
inappropriate.
4. Unrealistic pension and other postretirement and postemployment plan assumptions:
Assumptions used to measure pension, postretirement and post-employment liabilities
must be evaluated including discount rates, participation rates, and other factors that
affect the liabilities.
5. Auditors should consider the effects of post-balance-sheet events on the estimation process.
Such events may require adjustment or disclosure in the financial statements.
6. Auditor should comply with the requirements of SAS No. 99, Consideration of Fraud in a
Financial Statement Audit,5 by performing a review of significant estimates for
management bias:
a. The auditor should consider whether there are differences between the best
supported estimates and the estimates included by management in the financial
statements that suggest a possible bias.
b. The auditor also should perform a retrospective review of significant accounting
estimates reflected in the financial statements of the prior year to determine whether
5 Effective December 31, 2012, SAS No. 99 is replaced by AU-C 240, Consideration of Fraud in a Financial Statement
Audit.
Audit Engagement Developments
21
management judgments and assumptions relating to the estimates indicate a possible
bias on the part of management.
Certain estimates likely will be subject to performance of a retrospective review,
including:
Allowance for uncollectible accounts
Reserve for obsolete inventory
Accruals for post-employment and post-retirement benefit obligations
Contingency liabilities and those related to environmental remediation
obligations
Risk of improper revenue recognition:
Revenue recognition continues to head the list of areas subject to fraudulent financial
reporting. In particular, many frauds have focused on the premature recognition of revenue,
such as in the case of several software vendors who have prematurely recognized revenue to
satisfy revenue targets. Common approaches used to prematurely recognize revenue range
from recognizing revenue before it is earned, to actually falsifying sales that do not exist.
According to various sources, revenue recognition issues account for approximately 50 percent
of all financial statement frauds. Some of the more important revenue issues include the
following:
1. Recognition of revenue prematurely such as:
“Channel stuffing” (shipping inventory in excess of orders, or giving customers incen-
tives to purchase more goods than they need in exchange for future discounts or other
benefits)
Reporting revenue after goods are ordered but before they are shipped
Reporting revenue when significant services have not been performed
Improper use of the percentage-of-completion method, and
Improper year-end cutoff procedures.
2. Recognition of revenue that has not been earned including:
Recognizing revenue on bill and hold transactions, consignment sales, sales subject to
contingencies, and those with the right to return goods, sales coupled with purchase
discounts or credits, and other side agreements.
Audit Engagement Developments
22
3. Reporting sales to fictitious or nonexistent customers
4. Sales to related parties in excess of market value
5. Recognizing transactions at fair value that relate to exchanges of non-monetary assets that
should be accounted for at carrying value
6. Reporting peripheral or incidental transactions, such as nonrecurring gains6
In addition to traditional revenue manipulation strategies, there are numerous methods that a
company can use to recognize revenue, subject to certain limitations, including:
Traditional sales method
Percentage completion method
Completed contract method
Installment sales method
Thus, it is clear that there are simply too many variations in both methods and applications
related to such a key financial statement item such as revenue.
Multiple-element arrangements
Many sales transactions have multiple elements or deliverables, each with its own delivery date
and performance requirements. For example, the sale of an appliance may include three
deliverables bundled under one contract: the sale of the appliance itself, installation, and a
warranty contract. Because most multiple element sales arrangements are bundled together
under one contract with one aggregated price for all deliverables, there are challenges as to
how to allocate the sales price among the deliverables and when to recognize each portion of
revenue related to a particular deliverable.
ASC 605-25, Revenue Recognition-Multiple Element Arrangements (formerly EITF 08-1),
provides guidance on how to account for such multiple deliverable arrangements.
Because multiple deliverable arrangements are complex and subject to manipulation, auditors
must be familiar with the ASC requirements. In particular, auditors must be able to test such
arrangements to make sure:
Revenue is not misallocated to those deliverables that are performed first, thereby
resulting in the premature recognition of revenue, and
Revenue allocated to a particular deliverable is not recognized prior to performance of
all activities required to earn that revenue.
6 Financial Statement Fraud, Integrity of Financial Information Continue to Be Burner Issues (AICPA)
Audit Engagement Developments
23
Note: The FASB currently has a revenue recognition project that will address multiple element
arrangements.
Risk of having underfunded pension plans:
Many companies with defined benefit pension plans are experiencing a major challenge in that
they have significant underfunded pension plans. These plans have actuarial liabilities that
exceed the fair value of the assets in the plans. Under the ERISA rules, these companies must
continue to fund these plans, thereby requiring sizeable amounts of cash paid now to fund
future retirees. More specifically, the Pension Benefit Guaranty Corporation (PBGC) is facing
growing deficits due to the continued failings of pension plans.
Reasons for the current pension plan deficiencies include:
Stock market values have declined over the past few years even though there was a
recovery in 2011 into 2012.
Interest rates have declined resulting in companies having to calculate higher pension
liabilities as pension liabilities are discounted at lower interest rates.
Higher pension obligations and lower fair value of assets together have created the
current pension deficiencies.
Companies with unfunded pension liabilities face certain repercussions from such deficiencies
in that:
Companies can have a cash flow crunch from having to fund the unfunded liabilities to
satisfy legal ERISA requirements.
Under ASC 715, Defined Benefit Plans (formerly FASB No. 158), an entity that
sponsors one or more defined benefit plans is required to record the funded status of a
benefit plan, measured as the difference between the fair value of plan assets and the
benefit obligation, in its balance sheet.
If the fair value of the plan assets is less than the benefit obligation, the company must
record an additional liability with the debit offset to accumulated other comprehensive
income (part of stockholders’ equity). The combination debit to stockholders’ equity
and credit to a liability account may result in violations of loan covenants, including
debt-equity ratios being out of formula.
Management must continue to monitor and change the key assumptions used to measure
pension benefit obligations, returns on assets, and periodic pension cost, to reflect changes in
the economy. The primary actuarial assumptions used include:
Audit Engagement Developments
24
Discount rates
Participation rates
Factors affecting the amount and timing of future benefit payments
In addition, if activity within the existing plan has a material effect on the company’s liquidity,
capital resources, or results of operations, the activity must be discussed in the MD&A for SEC
companies.
The impact of the PPA of 2006:
Congress passed the Pension Protection Act of 2006 (PPA or Act) which expanded and
improved defined benefit plans such as 401(k) plans, and strengthens the federal pension
insurance program.
Management and its auditors should understand its general provisions that include:
An increase in premiums for underfunded plans and for termination of plans
A requirement for accurate measurement and reporting of benefit obligation liabilities
A prohibition against employers promising additional benefits to employees until they
are actually funded, and
A prohibition against deferral of contributions to under-funded plans.
Auditor concerns:
Auditors of companies with defined benefit plans must consider the following auditing
procedures in connection with the plan:
When auditing estimates, the auditor should give close attention to the underlying
assumptions used by management and the risk that aggressive assumptions may
understate the pension liability.
When there are significant underfunded pension plans, the auditor should consider
whether the company has a going concern problem.
Risk of understated expenses:
Management may be motivated to understate expenses to hide losses or sub-par profits.
Methods that can be used to understate expenses include:
Audit Engagement Developments
25
Capitalizing expenses that provide no future benefit, and
Understating accounts payable at year end.
History has shown that management can beat the auditors by understating or hiding expenses a
little at a time over several periods.
Audit procedures that should be employed to test for under-recorded expenses include:
Search for unrecorded liabilities through examination of post-balance sheet transactions
Confirm payable balances with major vendors, and
Examine transactions involving the capitalization of assets to ensure that those assets
provide future benefits.
Risk of internal control issues and the impact of staffing shortages:
Typically one of the first departments to be trimmed is the accounting workforce, resulting in
companies running their operations at less than optimal staffing levels. Sizeable layoffs can
adversely affect the effectiveness of an entity’s internal control for several reasons:
Employees who are overloaded with work may not have the time to properly complete
the necessary tasks, resulting in errors being performed.
With less staff, there is the greater likelihood that there is a weakness in the segregation
of duties.
The overworking of employees can result in lower employee morale.
Layoffs of MIS personnel may have an adverse effect on the entity’s ability to initiate,
process, or record its transactions, or maintain the integrity of the information system.
Changes to the control environment may alter the control effectiveness and possibly
result in a material control weakness.
With weakened internal control, poor segregation of duties, and lower employee morale
due to layoffs and staff reductions, there is greater opportunity for fraud to be
committed.
In performing its review of internal control, an auditor must assess the likelihood that a
purported internal control system is defective and breached due to a lack of adequate staffing.
In particular, emphasis should be placed on weaknesses in key financial and accounting
positions and the lack of an appropriate separation of duties.
Audit Engagement Developments
26
Risk of outsourcing of certain functions:
U.S. businesses continue to outsource segments of their operations as a means to reduce costs
and improve the quality of their business processes. Markets receiving the most U.S.
outsourcing include China, Thailand, India, Vietnam, and Mexico, although China has been
losing business to the less expensive Cambodia and Laos.
With increasing employee benefit costs, many companies have no choice but to outsource to
remain competitive within the U. S. market. In fact, one survey suggests that the decision to
outsource is being driven more by significant increases in benefit costs and not labor costs.
All segments of U.S. businesses are susceptible to outsourcing with predominate areas most
prone including accounting, human resources, procurement, claims processing, customer
service, R&D, manufacturing and other functions. In fact, if you call the customer support
department for a software company, odds are that you will be speaking with a person in India
rather than the United States.
If a client uses a service organization, transactions that affect the user organization’s financial
statements are subject to controls that are both physically and operationally apart from the user
organization. With the expansion of outsourcing comes certain risks that the auditor should
consider including:
There is less control of business functions, resulting in weaker internal control and
security over the system.
Training at the entity handling the outsourced work may be inadequate.
Privacy of customer financial information and other data may be compromised thereby
exposing the user organization to liability.
Management’s and auditors’ understanding and assessment of internal control may need
to reflect controls located at the service organization’s location at which it does the
work.
As a result, the user organization may not be able to administer the internal controls of the
service organization. Consequently, in planning the audit of the service organization, the
auditor may be required to gain an understanding of the internal control at the service
organization that may affect the user organization’s financial statements. Part of that
understanding is to assess the significance of the service organization’s controls to the user
organization’s internal control. If the user auditor determines that the service organization’s
controls are significant as compared with the user organization’s internal control, the user
auditor should gain a sufficient understanding of the service organization’s controls to plan the
audit.
Factors that may affect the significance of the service organization’s controls include:
Audit Engagement Developments
27
The nature and materiality of the transactions or accounts affected by the service
organization, and
The degree of interaction between internal control at the user organization and the
service organization’s controls.
If a user organization outsources a significant process to a service organization, and the user
organization is unable to, or elects not to, implement effective internal control over the
processes performed by the service organization (e.g., there is a low degree of interaction), the
auditor will need to obtain an understanding of the internal controls of the service organization
that affect those transactions. That understanding can be obtained in one of two ways:
1. The service auditor can document its understanding of the internal control of the service
organization as it relates to the outsourced transactions, or
2. The user auditor can obtain a service auditor’s report, which documents the service
organization’s internal controls.
If, instead, the process outsourced is insignificant or the user organization has implemented an
effective internal control over the service organization’s processes related to the outsourced
transactions, the user auditor is not required to obtain an understanding of the service
organization’s internal controls. Instead, the user auditor’s responsibility is limited to
understanding the user organization’s internal controls over the processes performed by the
service organization.
SAS No. 70, Service Organizations, as amended by SAS No. 88, addresses the auditing issues
related to the audits of financial statements of an entity (the user organization) that obtains
services from another organization (the service organization). The ASB has finalized a
statement that replaces SAS No. 70 under its clarification project. The replacement statement,
AU-C 402, entitled, Audit Considerations Relating to an Entity Using a Service Organization,
expands how a user auditor audits the financial statements of a user entity, The new statement
is effective for audits of financial statements for periods ending on or after December 15,
2012.
Further, in 2011, the ASB issued SSAE No. 16, Reporting on Controls at a Service
Organization, which provides guidance to service auditors who audit service organizations.
SSAE No. 16 removes the requirements found in SAS No. 70 that relate to a service auditor’s
audit of a service organization, and places them in the attestation standards as SSAE No. 16.
SSAE No. 16 is addressed further on in this course.
Risk of misapplication of accounting issues related to mergers and acquisitions:
Auditors should become familiar with some of the accounting and auditing issues related to
mergers and acquisitions (business combinations).
Audit Engagement Developments
28
GAAP for M&A: ASC 805: Business Combinations (ASC 805) (formerly FASB No. 141R)
replaced previously issued FASB No. 141 with respect to business combinations. ASC 805
requires use of the acquisition method of accounting for dealing with business combinations.
The pooling method was eliminated under the previously issued FASB No. 141. Goodwill and
other intangible assets should be recognized in a business combination. Once recorded,
intangible assets are accounted for under ASC 350, Intangibles- Goodwill and Other (formerly
FASB No. 142).
The key change in ASC 805 that auditors need to be familiar with is that ASC 805 changes
from a cost approach to measure a business combination to a fair value of assets and liabilities
approach. Under this approach, the assets and liabilities of a business combination are recorded
at fair value even if it differs from the cost of the transaction. If the collective net fair value of
assets and liabilities exceeds their cost, a gain is recorded on the income statement for the
bargain purchase discount. This means there is greater risk that companies will attempt to
inflate the fair value of net assets so that they create an income statement gain at the time of
recording a business combination.
Target entity weaknesses in internal control: Just prior to being acquired, a target entity may
trim administrative expenses by eliminating positions and functions. In doing so, there may be
greater risk of deficiencies in internal control at the date the acquisition is consummated.
Auditors should consider such deficiencies when evaluating internal control and assessing
control risk.
Greater risk of fraud during a merger: There is a heightened risk that employees will commit
fraud when entities merge for several reasons, such as:
There are typically breakdowns in internal control, a lack of segregation of duties, and
reduction in supervision, that provide an opportunity for employees to commit fraud.
Certain employees may be bitter after the merger, providing the rationalization to
commit fraud.
Distorting financial performance during the pre-merger period: Sometimes the entity
acquiring another entity may try to manipulate the financial performance of the target entity
during the pre-acquisition period. If a target shows a poor financial performance prior to the
acquisition, management will find it easier to report improved performance after the
acquisition with the resulting spike in reported earnings and stock price. The practice is
commonly referred to as “spring-loading.”
Auditors should be aware of ways in which entities may attempt to apply spring-loading tactics
such as:
1. Writing down investments and fixed assets
Audit Engagement Developments
29
2. Accelerating the purchased company’s payment of payables
3. Inflating reserves and allowances including:
Reserves for merger costs
Reserves for inventory obsolescence
Pension allowances
Restructuring reserves
Reserves for workers’ compensation and medical insurance
Reserves for plant closings and employee terminations
Allowance for doubtful accounts on receivables
Some of the above tactics may not necessarily violate GAAP, while others do involve the
deliberate inflation of reserves and allowances in direct violation of GAAP.
Concern over compliance with Sarbanes-Oxley Act: A public company may encounter a
challenge from the SEC if it acquires a non-public entity that has not complied with Sarbanes-
Oxley. For example, the non-public entity may not have the necessary internal controls in place
at the time of acquisition.
Risk of information system attacks and internal control:
Corporations are experiencing rising attacks on corporate information technology systems
consisting of viruses, Distributed Denial of Service (DDoS), worms, zombie spam, and other
attacks. There is no indication that these attacks are likely to decline in the future. An auditor
should focus on a client’s internal control over its IT systems in assessing internal control. In
many cases, management needs to improve its IT security system.
In performing his or her audit, an auditor should consider performing the following procedures:
1. An auditor should assess whether the company has taken steps to protect against:
Inadvertent disclosure of sensitive information to unauthorized parties
Computer or transmission disruption
Hackers and viruses
Electronic frauds
2. An auditor should consider using Computer-Assisted Audit Techniques (CAATs).
3. The auditor may want to test control features that deny unauthorized individuals from
being able to authorize or initiate a transaction or to change information already in the
system.
Risk of improper recording of restructuring charges:
Audit Engagement Developments
30
Entities are constantly undergoing restructurings and some may be inclined to increase their
liabilities to establish a “rainy day fund” for future periods. Restructuring costs may be
incurred in connection with a consolidation, move, relocation, business combination or change
in a strategic plan.
Authority for accounting for certain costs associated with exiting an activity, including
termination costs, is found in ASC 420, Exit of Disposal Cost Obligations (formerly FASB No.
146).
Under ASC 420, costs associated with an exit activity include, but are not limited to:
Termination benefits
Costs to terminate a lease
Costs to consolidate facilities or relocate employees
The general rules of ASC 420 state that a liability for a cost associated with an exit or disposal
activity shall be recognized and measured initially at its fair value in the period in which the
liability is incurred. Fair value is the amount at which the liability could be settled in a current
transaction between willing parties other than in a forced liquidation. If the fair value cannot
be reasonably estimated, the liability is recognized when it can be reasonably estimated.
ASC 420 defines termination benefits as one-time termination benefits and occurs when all of
the following criteria have been met:
Management, having the authority to approve the action, commits to a plan of
termination.
The plan identifies the number of employees to be terminated, their job classifications or
functions and their locations, and expected completion date.
The plan establishes the terms of the benefit arrangement, including the benefits that
employees will receive upon termination (including cash payments) in sufficient detail to
enable employees to determine the type and amount of benefits they will receive if they
are involuntarily terminated.
Actions required to complete the plan indicate that it is unlikely that significant changes
to the plan will be made or that the plan will be withdrawn.
If employees are not required to render service until they are terminated in order to receive
termination benefits, or if employees will not be retained to render service beyond the
minimum retention period, a liability for the termination benefits shall be recognized and
measured at its fair value at the communication date.
Audit Engagement Developments
31
If employees are required to render service until they are terminated in order to receive the
termination benefits and will be retained to render service beyond the minimum retention
period, a liability for the termination benefits shall be measured initially at the communication
date based on the fair value of the liability as of the termination date.
The liability is recognized ratably over the future service period.
Any change from a revision to either the timing or amount of estimated cash flows over
the future service period shall be measured using the credit-adjusted risk-free rate that
was used to measure the liability initially. The cumulative effect of the change shall be
recognized as an adjustment to the liability in the period of change.
Present value is appropriate to determine fair value.
Example 1: A company plans to cease operations in a particular location and determines that it
no longer needs the 100 employees that currently work in that location. The entity notifies the
employees that they will be terminated immediately. Each employee will receive as a
termination benefit a cash payment of $6,000.
Conclusion: Because the employees are not required to render service beyond their
termination date in order to receive their termination benefits, a liability shall be recognized
and measured at the fair value at the communication date. In this case, the amount is $600,000
($6,000 x 100 employees).
Auditors should be aware of how to account for restructuring charges and the risks associated
with over- and under-valuing the liabilities associated with those charges.
Audit Engagement Developments
32
REVIEW QUESTIONS
Under the NASBA-AICPA self-study standards, self-study sponsors are required to present
review questions intermittently throughout each self-study course. Additionally, feedback must
be given to the course participant in the form of answers to the review questions and the reason
why answers are correct or incorrect.
To obtain the maximum benefit from this course, we recommend that you complete each of the
following questions, and then compare your answers with the solutions that immediately
follow. These questions and related suggested solutions are not part of the final examination
and will not be graded by the sponsor.
1. What component of engagement risk is associated with the entity’s survival and
profitability?
a. Auditor’s audit risk
b. Auditor’s business risk
c. Client audit risk
d. Client business risk
2. Which of the following actions is required by SAS No. 99:
a. Establish an independent expectation of an estimate
b. Complete a retrospective review of significant estimates
c. Review and test management’s process used to develop an estimate
d. Review subsequent events and transactions
3. What factor may lead to obsolescence of existing inventory:
a. Changes in product design
b. Idle capacity
c. Reduced prices and profit margins
d. Reduced turnover
4. ASC 330, Inventory, (formerly FASB No. 151), made what change to ARB No. 43, Chapter
4:
a. Abnormal amounts of idle facility expense, freight, handling costs, and waste materials
(spoilage) are recognized as current period charges
b. Normal amounts of idle facility expense, freight, handling costs, and waste materials
(spoilage) are recognized as current period charges
c. Fixed production overhead is allocated to each unit of production based on actual
facility usage
d. Companies must capitalize fixed overhead using the greater of actual production or
normal capacity in the numerator
Audit Engagement Developments
33
5. The Pension Protection Act of 2006:
a. Expands and improves defined benefit plans
b. Prohibits contributions to under-funded plans from being deferred
c. Requires an entity that sponsors one or more defined benefit plans to record the funded
status of a benefit plan in its balance sheet
d. Requires employers to promise additional benefits to employees regardless of whether
they are actually funded
6 Which of the following is a method that can be used to understate expenses?
a. channel stuffing
b. report peripheral or incidental transactions
c. set aside extra reserves to be reversed to income in future periods
d. understate accounts payable at the end of the year
7. How can sizeable layoffs adversely influence the effectiveness of an entity’s internal
control?
a. customers’ financial information may be compromised
b. there is less opportunity for fraud to be committed
c. training becomes inadequate
d. an expanded work overload may result in more errors
Audit Engagement Developments
34
SUGGESTED SOLUTIONS
1. What component of engagement risk is associated with the entity’s survival and
profitability:
a. Incorrect. Auditor’s audit risk is the risk that the auditor may unknowingly fail to
appropriately modify his or her opinion on financial statements that are materially
misstated.
b. Incorrect. Auditor’s business risk is the risk of potential litigation costs from an alleged
audit failure and the risk of other costs such as fee realization and reputational effects
from association with the client.
c. Incorrect. Engagement risk consists of client business risk, auditor’s audit risk, and
auditor’s business risk. Client audit risk is not part of engagement risk.
d. Correct. Client business risk is the risk associated with the entity’s survival and
profitability.
2. Which of the following actions is required by SAS No. 99:
a. Incorrect. The requirement to establish an independent expectation of an estimate is
found in SAS No. 57, Auditing Accounting Estimates. SAS No. 57 requires that audit
procedures include developing an independent expectation of an estimate to corroborate
the reasonableness of the estimate.
b. Correct. SAS No. 99 requires an auditor to perform a retrospective review of
significant estimates to determine whether there was management bias in
establishing those estimates. In performing the retrospective review, the auditor
compares the prior year’s estimate to the actual outcome related to that estimate.
c. Incorrect. SAS No. 57, Auditing Accounting Estimates, not SAS No. 99, requires that an
auditor review and test the process used by management to develop the estimate.
d. Incorrect. SAS No. 57, Auditing Accounting Estimates, states that audit procedures must
include reviewing subsequent events or transactions occurring before the completion of
field work. This requirement is not found in SAS No. 99 which deals with certain
procedures related to fraud.
3. What factor may lead to obsolescence of existing inventory:
a. Correct. A factor that may lead to obsolescence of existing inventory is change in
the product design that may lead to a revised product that has limited demand in
the marketplace.
b. Incorrect. Idle capacity at a manufacturing facility may result in an overcapitalization of
overhead and a valuation in excess of market value, but does not result in obsolescence.
c. Incorrect. Reduced prices and profit margins may cause inventories to be valued over
market value, but does not lead to obsolescence.
d. Incorrect. An unusual increase in inventory balances, reduced turnover, increased
backlog and a deterioration in the aging of inventories may be signs that there is excess
inventory on hand but not that it is necessarily obsolete.
Audit Engagement Developments
35
4. ASC 330, Inventory, (formerly FASB No. 151), made what change to ARB No. 43,
Chapter 4:
a. Correct. ASC 330 requires that abnormal amounts of idle facility expense, freight,
handling costs, and waste materials (spoilage) be recognized as current period
charges and not capitalized as part of production overhead.
b. Incorrect. Capitalizing normal amounts of idle facility expense, freight, handling costs,
and waste materials (spoilage) is not a new change under ASC 330.
c. Incorrect. A change made by ASC 330 is that fixed production overhead is allocated to
inventories based on the production facilities’ normal capacity.
d. Incorrect. A key change made by ASC 330 is that it requires companies to capitalize
fixed overhead using the greater of normal capacity or actual production in the
denominator, not the numerator.
5. The Pension Protection Act of 2006:
a. Incorrect. In 2006, Congress passed the Pension Protection Act of 2006 which expands
and improves defined contribution plans (such as 401(k) plans) and not defined benefit
plans, and strengthens the federal pension insurance program.
b. Correct. A key provision of the Act is that it includes the prohibition against
contributions to under-funded plans from being deferred.
c. Incorrect. ASC 715, Defined Benefit Plans (formerly FASB No. 158), not the PPA
2006, requires an entity that sponsors one or more defined benefit plans to record the
funded status of a benefit plan, measured as the difference between the fair value of plan
assets and the benefit obligation, in its balance sheet.
d. Incorrect. PPA 2006 prohibits employers from promising additional benefits to
employees until they are actually funded.
6. Which of the following is a method that can be used to understate expenses?
a. Incorrect. Channel stuffing is a method to recognize revenue prematurely, not
understate expenses.
b. Incorrect. Reporting peripheral or incidental transactions, such as nonrecurring gains, is
one way that companies may recognize revenue that has not been earned.
c. Incorrect. Extra reserves overstate expenses in year one. Ultimately expenses are
understate if an when the reserves are reversed in subsequent years.
d. Correct. Understating accounts payable results in understated expenses.
7. How can sizeable layoffs adversely affect the effectiveness of an entity’s internal control?
a. Incorrect. Outsourcing could affect privacy of customer financial information and other
data, but not layoffs.
b. Incorrect. There is greater opportunity for fraud, not less, due to weakened internal
control, poor segregation of duties, and lower employee morale from layoffs and staff
reductions.
c. Incorrect. There is no correlation between training and layoffs.
d. Correct. Employees who are overloaded with work may not have the time to
properly complete the necessary tasks, resulting in errors being performed.
Audit Engagement Developments
36
III. Client and Employee Fraud
1. General
Regardless of whether the U. S. economy is in a growth phase or a recession, there continues to
be a record number of frauds being committed either in the form of fraudulent financial
reporting cases involving management, or misappropriation of assets (theft) involving
employees. As management continues to have pressure to produce earnings to satisfy its
shareholders and other third parties, fraudulent financial reporting has flourished. Similarly,
employee fraud continues to victimize all industries and companies, regardless of whether in
the public or nonpublic sectors. Employees use fraud as a means to solve their personal
financial pressures from being strapped with record amounts of personal debt and to reimburse
themselves for allegedly being overworked in understaffed businesses.
Although the recent cases of fraudulent financial reporting are not as public as Enron, they are
just as pervasive. Examples where management has committed fraud include erroneous
adjustments made to financial statements, overstated sales and accounts receivable, fabricated
inventories and misapplication of generally accepted accounting principles. There have also
been cases of side agreements made in which management modified the terms and conditions
of billings as a means to conceal overstated sales. Then, of course, there are the high profile
cases of Enron, WorldCom and others, that involved use of off-balance sheet entities and
overly aggressive capitalization policies.
The reality is that fraud occurs all of the time, regardless of the economy's cycle, and is
committed for many different reasons. For example, because of strong economic times, a
company may be more inclined to be overly optimistic in connection with earnings estimates.
When those estimates do not materialize, management may attempt to artificially inflate
earnings.
What we also know is that there is a direct correlation between the tone that management sets
at the top of the organization, and the degree of fraud that is committed. Consider the
conclusion of the Report of the National Commission on Fraudulent Financial Reporting:
"The tone set by top management- the corporate environment or culture within
which financial reporting occurs, is the most important factor contributing to
the integrity of the financial reporting process......if the tone set by
management is lax, fraudulent financial reporting is more likely to occur."
With respect to SEC companies, companies continue to employ several practices to manage
earnings.
Here are the ways in which managed earnings occur:
Audit Engagement Developments
37
Restructuring charges are accelerated or overstated to understate net income.
Major components of acquisition costs are expensed such as research and development.
Reserves and allowances are established for a rainy day in years where earnings exceed
expectations.
There are misapplications of accounting principles.
There is early recognition of revenue.
2. 2010 Report to the Nations on Occupational Fraud and Abuse
In 2010, the Association of Certified Fraud Examiners, issued it bi-annual report entitled 2010
Report to the Nations on Occupational Fraud and Abuse. This report follows similar reports
issued by the Association in 1996, 2002, 2004, 2006 and 2008. Although the previous reports
focused on fraud within the United States, the 2010 Report represents the first global fraud
survey.
Although numerous other reports on fraud have been issued in recent years, this 2010 Report is
particularly important for two reasons. First, it represents the first global fraud survey while the
previous reports focused on United States fraud only. Further, the 2010 report represents the
fourth report issued since the passage of Sarbanes-Oxley, thereby offering a series of reports
that can follow trends in the post-Sarbanes environment.
The study was based on 1,843 cases of occupational fraud Occurring in more than 100
countries, with more than 43 percent took place in the United States.
Once key observation noted within the 2010 Report was that the patterns of fraud seemed to operate
similarly whether it occurs in Europe, Asia, South America or the United States.
Before looking at the Report, the author asks that the reader take a quick fraud quizzer by
answering the following questions:
FRAUD QUIZ: (answers are at the end of the quiz)
1. Which of the following is the most frequent way in which fraud is detected?
a. Tip hotline
b. External audit
c. Internal audit
d. By chance
Audit Engagement Developments
38
2. Most fraudsters ___________________.
a. Have a criminal record
b. Have no criminal record
c. Have bad credit and behavioral problems
d. Have both criminal records and bad credit
3. Which of the following is a key behavioral characteristic of a fraudster?
a. Living beyond one’s means
b. Instability
c. Complaining about lack of authority
d. Past legal problems
4. Which of the following is the most common type of asset misappropriation (theft) in a
company?
a. Billing schemes
b. Expense reimbursements
c. Skimming
d. Payroll schemes
5. Who commits more frauds?
a. Male
b. Female
c. Either male or female as the percentages are the same
d. Male or female dog
6. Which of the following is the profile of the typical fraudster?
a. Lower paid male or female employee
b. Male, age 20-25, uneducated, with a short-term tenure at the company
c. Male, age 41-50, college-educated, with a tenure of one to five years or more.
d. Female, age 30-35, uneducated, divorced, with a tenure of more than 10 years.
ANSWERS:
1. a
2. b
3. a
4. a
5. a
6. c
Audit Engagement Developments
39
Now let’s look at the report entitled 2010 Report to the Nations on Occupational Fraud and
Abuse.
Details published in the 2010 Report follow:7
a. The term occupational fraud encompasses three categories of fraud:
Misappropriation of assets (theft): Involving the theft or misuse of an organization’s
assets, such as skimming revenues, stealing inventory, or payroll fraud.
Fraudulent financial reporting: Falsifying an entity’s financial statements, such as
overstating revenues and understating expenses and liabilities.
Corruption: Wrongfully using influence in a business transaction to procure some
benefit for the fraudster or others, contrary to their duties to their employer or the rights
of another. Example: Kickbacks, and engaging in conflicts of interest.
Note: SAS No. 99 has only two categories of fraud, consisting of misappropriation of
assets and fraudulent financial reporting. Corruption falls into either category depending on
whether the corruption leads to theft of assets or fraudulent financial reporting.
b. The typical Global organization loses 5 percent of its annual revenues to fraud which
translates into approximately $2.9 trillion in total losses for the entire global economy.
1) Total losses for U. S. organizations were estimated at $994 billion.8
c. There continues to be the fact that occupational frauds were much more likely to be
detected by a confidential reporting mechanism being in place (tip or employee hotline)
than from other sources such as internal or external auditors, internal controls, etc:
1) More than 50 percent of frauds committed by owners and executives were detected by
a confidential reporting mechanism (e.g., hotline, tip, etc.).
2) Fraud detection increases significantly if hotlines are made available to both third
parties and employees.
3) All companies are encouraged to include third-parties in confidential reporting (tip)
mechanisms, along with employees.
7 Certain statistics are based on the 2008 ACFE Report as this information was not published in the 2010 Report.
8 The U. S. losses are based on the 2008 ACFE Report as this information was not published in the 2010 Report.
Audit Engagement Developments
40
d. Small businesses suffer disproportionately large losses from occupational fraud:
1) Median cost of losses by small businesses (fewer than 100 employees) was $150,000,
which was much higher than the median loss by all but the very largest entities
($84,000).
2) Small businesses generally do a poor job of proactively detecting fraud.
e. The amount of fraud loss incurred is directly related to the position of the fraud perpetrator.
1) The median loss of frauds committed by owners and executives was $723,000, which
was more than three times the losses from managers, and 9 times greater than those
committed by employees.
f. Companies were less likely to take legal action against owners and executives who
perpetrate fraud, than they were against managers and employees.
g. Criminal and employment background checks may be helpful in making informed hiring
decisions but generally will not detect fraud perpetrators:
1) Most frauds are committed by otherwise apparently honest employees.
2) Most fraud perpetrators were first-time criminal offenders and had never been
terminated from previous employment.
h. The most effective type of background check on employees is a credit check:
1) There is a direct correlation between employee behavior and the commitment of fraud,
with a high correlation between personal financial difficulties and perpetrating fraud.
2) 45% of the fraud cases involved an employee who was either living beyond his or her
means or having other financial difficulties.
3) Only 23% of the companies who were victims of fraud conducted credit checks of their
employees.
i. The most effective way to deal with fraud is to take actions to prevent it:
1) Few organizations fully recover their losses from fraud.
2) The median loss recovery was only 20 percent of the original loss.
3) Almost 40 percent of victim organizations recovered nothing from the loss.
Audit Engagement Developments
41
j. A large percentage of fraud schemes involving misappropriation of assets (theft) were
committed by someone either in the accounting department or upper management:
22% of the cases were committed by employees in the accounting department.
14% were committed by upper management or executive-level employees.
14% were committed by the sales department.
k. More than 88% of the frauds were committed by individuals in one of six departments:
Accounting
Operations
Sales
Executive/upper management
Customer service
l. More than 85% of fraudsters had never been previously charged or convicted of a fraud-
related offense.
Following are details from the 2010 ACFE Report:
Fraudulent by Type of Organization
2010
Company type
% cases
Median
loss
Private companies 42% $231,000
Public companies 32% 200,000
Government 16% 100,000
Not-for-profits 10% 90,000
Fraudulent by Type of Organization
2010
Number of employees
% cases
Median
loss
<100 (small cap) 31% $150,000
100- 999 22% 150,000
1,000- 9,999 26% 60,000
10,000 plus 21% 84,000
Smaller companies continue to be the largest group of victims of fraud
and incur the highest median loss.
Audit Engagement Developments
42
Median Duration of Time of Fraud Until Detected
# months
Employee 13
Manager 18
Owner 24
Frauds by Method
2010
%
cases
Median loss
Asset misappropriation (theft) 90% $100,000
Corruption schemes 22% 175,000
Fraudulent financial statements 5% 1,730,000
Categories of fraudulent cash disbursements noted in the Report include:
1. Billing schemes: Employee submits invoices for payment by the organization that is for
fictitious goods or services, inflated amounts, or for personal purchases.
2. Check tampering: Employee or other perpetrator converts an organization’s funds by
forging or altering a check on one of the organization’s bank accounts, or steals a check
that was issued to another payee.
3. Expense reimbursement schemes: Employee makes a false claim for reimbursement of
fictitious or inflated business expenses.
4. Payroll schemes: Employee has the victim organization issue payment for false
compensation or to a fictitious employee.
5. Register disbursement schemes: Employee makes false entries on a cash register to
conceal the fraudulent removal of currency.
6. Cash on hand misappropriations: Employee fraudulently voids a sale on the cash
register and steals cash.
Audit Engagement Developments
43
Methods of Fraud: Small Businesses vs. All Business Cases
(Small Business = < 100 Employees)
% of small
business
% of
all cases
Corruption
26% 22%
Asset misappropriations
Skimming 22% 16%
Cash larceny 12% 10%
Billing schemes 29% 27%
Check tampering 26% 17%
Expense reimbursements 17% 15%
Payroll schemes 13% 11%
Cash register disbursement schemes 2% 3%
Cash on hand misappropriations 15% 12%
Non-cash misappropriations including
inventory theft
15% 16%
Fraudulent financial statements 6% 4%
Asset Misappropriations - By Type
% of all
cases
Median
loss
Involving Cash Receipts
Skimming 15% $60,000
Cash larceny 10% 100,000
Involving Fraudulent cash disbursements
Billing schemes 26% 129,000
Check tampering 13% 131,000
Expense reimbursements 15% 33,000
Payroll schemes 9% 72,000
Cash register disbursement schemes 3% 23,000
Cash on hand misappropriations 13% 23,000
Involving non-cash assets:
Non-cash misappropriations including
inventory theft
16% 90,000
Audit Engagement Developments
44
Type of Fraud by Department
Accounting
department
Operations
department
Sales
department
Executives/
Upper
mgmt
Customer
service
department
Corruption
10% 31% 34% 49% 22%
Asset misappropriations
Skimming 18% 15% 16% 14% 19%
Cash larceny 16% 9% 9% 12% 9%
Billing schemes 31% 22% 14% 41% 8%
Check tampering 33% 11% 4% 14% 8%
Expense
reimbursements
11% 16% 16% 30% 3%
Payroll schemes 16% 9% 2% 16% 1%
Cash register
disbursement schemes
2% 9% 8% 1% 8%
Cash on hand
misappropriations
13% 13% 9% 13% 18%
Non-cash
misappropriations
including inventory
theft
6% 15% 24% 18% 18%
Fraudulent financial
statements
4% 3% 4% 14% 2%
Ranking of Controls Most Effective in Detecting or Limiting Financial
Statement Fraud Schemes
Action
Ranking in
effectiveness
Reward whistleblowers 1
Internal audit/fraud dept 2
Fraud hotline 3
Surprise audit 4
Mandatory job rotation/vacations 5
Audit of FS 6
Management review of IC 7
Audit of internal control 8
Audit Engagement Developments
45
Primary Weakness that Existed During the Fraud % cases
Lack of internal controls 38%
Override of existing controls 19%
Lack of management review 18%
Poor tone at the top 8%
Lack of competent personnel in oversight role 7%
Lack of independent audit/ checks 5%
Initial Method of Fraud Detection
% cases
Tips (whistleblowing) from all sources 38%
Management review 17%
Internal audit 14%
By accident 9%
Account reconciliation 6%
Document examination 6%
External audit 4%
Internal controls 1%
Observation: The number of fraud cases detected by an external audit was only 4% in the
2010 Report while it was 9% in 2008. This fact supports the conclusion that it is difficult for
an external auditor to detect fraud based solely on the audit procedures performed. In countries
other than the United States, the primary method of detection was tips, which represented close
to 50% of those cases, as compared with only about 38% of the U. S. cases.
Source of Tips
% cases
Tip from employees 49%
Tip from customer 18%
Anonymous tip 13%
Tip from vendor 12%
Other 8%
Internal Controls Modified After the Fraud
% cases
Increased segregation of duties 61%
Enhanced management review 51%
Surprise audits 23%
Fraud training 16%
Job/rotation/ mandatory vacations 14%
Internal audit 12%
Anti-fraud policy 12%
Had external audits 9%
Audit Engagement Developments
46
Anti-Fraud Measures in Place at the
Time Fraud was Committed
< 100
employees
100 +
employees
External audit 52% 88%
Code of conduct 41% 83%
Internal audit 30% 83%
External audit of internal control (Section 404) 29% 73%
Management certification of financial statements 32% 71%
Independent audit committee 23% 67%
Management review 31% 64%
Anonymous hotline- whistleblowing 15% 64%
Fraud training for managers/executives 16% 53%
Fraud training for employees 13% 51%
Surprise audits 11% 36%
Job rotation 6% 18%
Note: A key distinction in the types of anti-fraud measures found in larger versus
smaller companies is the use of an employee hotline. 64 percent of larger companies
had employee hotlines to report fraud, while only 15 percent of smaller companies had
a hotline.
Initial Method of Detection of Fraud-
Private Companies
< 100
employees
100 +
employees
Tips (whistleblowing) from all sources 33% 43%
Management review 15% 16%
Internal audit 8% 16%
By accident 12% 6%
Account reconciliation 9% 5%
Document examination 8% 4%
External audit 7% 3%
Note: Tips have less of an effect on detecting fraud in private companies. Further, a
higher percentage of frauds in private companies are detected by accident. Lastly, it is
obvious that the external audit provides little assistance in detecting fraud as
evidenced by such a low percentage (3% and 7%, respectively) of detecting for all
companies.
Audit Engagement Developments
47
Median Loss Reduction Based on Existence of Anti-Fraud Controls
Control in effect
% cases
implemented
control
Median
fraud loss
with control
in effect
Median
fraud loss
without
control in
effect
%
reduction
Tip hotline/whistleblowing 49% $100,000 $245,000 59%
Employee support programs 45% 100,000 244,000 59%
Surprise audits 29% $97,000 $200,000 52%
Fraud training for
managers/executives
42% 100,000 200,000 50%
Fraud training for employees 40% 100,000 200,000 50%
Job rotation/mandatory vacation 15% 100,000 188,000 47%
Code of Conduct 70% 140,000 262,000 47%
Management review of IC 53% 120,000 200,000 40%
Anti-fraud policy 39% 120,000 200,000 40%
External audit of ICOFR 59% 140,000 215,000 35%
Internal Audit 66% 145,000 209,000 31%
Independent audit committee 53% 140,000 200,000 30%
External audit of FS 76% 150,000 200,000 25%
Management certification of FS 59% 150,000 200,000 25%
Rewards to whistleblowers 7% 119,000 155,000 23%
The most effective anti-fraud controls include surprise audits, job rotation/mandatory vacations,
employee support programs, and use of a tip hotline, all four of which resulted in a reduction in the
median loss of 60% or more.
Position of Fraud Perpetrator
Position
2010
% cases Median loss
Owner/executive 16% $723,000
Manager 42% 200,000
Employee 42% 80,000
Audit Engagement Developments
48
Correlation Between Perpetrator’s Tenure,
Frequency, and Median Fraud Loss
Tenure
%
cases
Median
fraud loss
Less than one year 6% $47,000
1-5 years 46% 114,000
6-10 years 23% 231,000
> 10 years 25% 289,000
Note: There is a direct correlation between the tenure of the perpetrator and
the amount of fraud loss. The correlation is likely to be the result of 1) the
perpetrator being in a higher level of authority and 2) the employee having a
greater degree of trust with his/her superiors and co-workers.
Frequency and Median Loss of Fraud Based on Gender of Perpetrator
Gender
2010
% of
cases
Median
loss
Male 67% $232,000
Female 33% 100,000
Note: One would think that there would be a shift in the number of fraud cases
from the male to the female gender as more women rise to higher positions of
authority. In fact, the opposite result occurred from 2008 to 2010. In 2008, 59%
of fraud cases involved men with a median loss of $250,000, while 41% of the
cases involved women with a median loss of $110,000. In 2010, the percentage
of men increased to 67% while the percentage of women declined to 33%. The
median loss was about the same for each sex.
Frequency and Median Loss of Fraud Based on Age of Perpetrator
Age
2010
% of
cases
Median
loss
> 60 2% $974,000
51-60 15% 375,000
41-50 33% 268,000
36-40 19% 127,000
31-35 16% 120,000
26-30 10% 60,000
<26 5% 15,000
Audit Engagement Developments
49
Effect of Education on Frequency and Median Loss
Education
2010
% of
cases
Median
Loss
Postgraduate 14% $300,000
Bachelor degree/ some college 56% 203,000
High school or less 30% 100,000
Note: The previous charts, collectively suggest that the factors of a perpetrator most highly
correlated with committing fraud are income, tenure, gender and age. The profile of a person
most likely to perpetrate fraud is this: a male, age 41-50, college-educated, with a company
tenure of one to five years or more.
Perpetrator’s Department
% cases
Median
loss
Accounting 22% $190,000
Executive/upper management 14% 829,000
Operations 18% 105,000
Sales 14% 95,000
Customer service 7% 46,000
Finance 4% 450,000
Purchasing 6% 500,000
Marketing/PR 2% 248,000
Board of directors 1% 800,000
Perpetrators’ Criminal Histories % cases
Had never been charged or convicted of a crime 86%
Had prior convictions 7%
Charged but not convicted 7%
Perpetrators’ Employment Histories % cases
Had never been punished or terminated 82%
Had previously been punished 10%
Previously terminated 8%
Audit Engagement Developments
50
Behavioral Red Flags Present During Fraud Scheme- United States
Behavioral red flag: % cases
Living beyond means 45%
Financial difficulties 44%
“Wheeler-dealer” attitude 20%
Control issues, unwillingness to share duties 23%
Divorce/family problems 23%
Unusual close association with vendor/customer 16%
Irritability, suspiciousness, defensiveness 15%
Addiction problems 14%
Past legal problems 9%
Past employment related problems 10%
Complaining about inadequate pay 7%
Refusal to take vacations 8%
Excessive pressure from within organization 6%
Instability 6%
Excessive family/peer pressure for success 5%
Complaining about lack of authority 4%
Note: Signs of a fraud perpetrator include an employee who is under financial
pressure by living beyond his/her means or having other financial difficulties,
among other signs.
Types of Background Checks % cases
Employment history check 51%
Criminal check 39%
Credit check 23%
Note: Companies continue to perform the wrong kind of checks consisting of
employment and criminal checks. The Study shows that most perpetrators had
not been terminated previously nor did they have a criminal record. Instead, the
greatest correlation of behavior and committing fraud is that many of the
fraudsters were under personal financial stress which may be uncovered by
doing a credit check. Conducting a credit check is the least common check that is
done by companies of their employees, but perhaps, the most effective.
Audit Engagement Developments
51
REVIEW QUESTIONS
Under the NASBA-AICPA self-study standards, self-study sponsors are required to present
review questions intermittently throughout each self-study course. Additionally, feedback must
be given to the course participant in the form of answers to the review questions and the reason
why answers are correct or incorrect.
To obtain the maximum benefit from this course, we recommend that you complete each of the
following questions, and then compare your answers with the solutions that immediately
follow. These questions and related suggested solutions are not part of the final examination
and will not be graded by the sponsor.
1. What category of fraud consists of wrongfully using influence in a business transaction to
procure some benefit for the fraudster or others, contrary to their duties to their employer or
the rights of another?
a. corruption
b. fraudulent financial reporting
c. misappropriation of assets
d. payroll schemes
2. According to the 2010 Report to the Nation on Occupational Fraud and Abuse, what
category of fraudulent cash disbursements involves the employee submitting invoices for
payment by the organization that are for fictitious goods or services, inflated amounts, or
for personal purchases:
a. billing schemes
b. check tampering
c. expense reimbursement schemes
d. register disbursement schemes
3. In the 2010 Report to the Nation on Occupational Fraud and Abuse, it was reported that
the external auditor initially detected fraud in ______ of the cases.
a. 14%
b. 4%
c. 17%
d. 38%
Audit Engagement Developments
52
SUGGESTED SOLUTIONS
1. What category of fraud consists of wrongfully using influence in a business transaction to
procure some benefit for the fraudster or others, contrary to their duties to their employer or
the rights of another?
a. Correct. Corruption is defined as the wrongful use of influence in a business
transaction to procure a benefit for the fraudster or others, contrary to their duties
to their employer or the rights of another.
b. Incorrect. Fraudulent financial reporting is falsifying an entity’s financial statements,
such as overstating revenues and understating expenses and liabilities.
c. Incorrect. Misappropriation of assets (theft) involves the theft or misuse of an
organization’s assets, such as skimming revenues, stealing inventory, or payroll fraud.
d. Incorrect. Payroll schemes is a category of fraudulent cash disbursements, which falls
under the category of cash misappropriation.
2. According to the 2010 Report to the Nation on Occupational Fraud and Abuse, what
category of fraudulent cash disbursements involves the employee submitting invoices for
payment by the organization that are for fictitious goods or services, inflated amounts, or
for personal purchases:
a. Correct. Billing schemes involve the employee submitting invoices for payment by
the organization that is for fictitious goods or services, inflated amounts, or for
personal purchases.
b. Incorrect. Check tampering involves an employee or other perpetrator converting an
organization’s funds by forging or altering a check on one of the organization’s bank
accounts or by stealing a check that was issued to another payee.
c. Incorrect. Expense reimbursement schemes involve an employee making a false claim
for reimbursement of fictitious or inflated business expenses.
d. Incorrect. Register disbursement schemes involve an employee making false entries on
a cash register to conceal the fraudulent removal of currency.
3. In the 2010 Report to the Nation on Occupational Fraud and Abuse, it was reported that the
external auditor initially detected fraud in ______ of the cases.
a. Incorrect. In 14% of the cases, the fraud was detected through internal audit, not
external audit, making the answer incorrect.
b. Correct. Only in 4% of the cases did the external auditor initially detect the fraud.
This fact supports the conclusion that it is difficult for an external auditor to detect
fraud based solely on the audit procedures performed.
c. Incorrect. In 17% of the cases, the fraud was detected by management review, and not
the external audit, making the answer incorrect.
d. Incorrect. In 38% of the cases, fraud was detected by a tip, and not by external audit,
making the answer incorrect.
Audit Engagement Developments
53
3. Types of Fraud
Fraud is a legal concept that expands well beyond the responsibilities of auditors. An auditor
is only responsible for material misstatements to the financial statements, whether caused by
error or fraud. Thus, an auditor is not responsible for immaterial fraud, that is, fraud that has
no material impact on the financial statements.
What differentiates fraud from an error is intent. Fraud is an intentional misstatement, while an
error is unintentional.
Fraud = Intentional Misstatement
Error = Unintentional Misstatement
SAS No. 99 defines “fraud” as:
“An intentional act that results in a material misstatement in financial statements
that are the subject to an audit.”
Effective December 21, 2012, AU-C 240, Consideration of Fraud in a Financial Statement
Audit, replaces SAS No. 99 and changes the definition of fraud to the following:
“An intentional act by one or more individuals among management, those
charged with governance, employees, or third parties, involving the use of
deception that results in a misstatement in financial statements that are the
subject of an audit.”
Other than change the definition of fraud, AU-C 240 does not make any substantive changes to
SAS No. 99.
Observation: Intent may be difficult to determine, particularly in situations involving
accounting estimates or use of accounting principles. For example, is the use of an
unreasonable estimate or aggressive accounting principle intentional or simply poor judgment?
Technically, the auditor is not concerned about intent. The key in the end is whether there is a
material misstatement in the financial statements, regardless of whether it was done
intentionally (fraud) or unintentionally (an error). Yet, if a material misstatement is deemed to
be intentional, instead of an isolated unintentional error, this information should enhance the
auditor’s professional skepticism to the fact that other intentional misstatements might exist.
There are two types of misstatements due to fraud:
Fraudulent financial reporting (“cooking the books”)
Misappropriation of assets (theft or defalcation)
Audit Engagement Developments
54
Note: In recent years, there have been a significant number of highly publicized cases of
alleged or actual management fraud. Reasons for fraud depend on the type of fraud involved.
Fraudulent financial reporting is likely to be performed by higher-level management who has a
stake in altering the financial statement results. Alternatively, misappropriation of assets (e.g.,
theft) can be performed at all levels from the lowest employment position to the highest.
Statistically, 80% of all fraud involves the misappropriation of assets, while only 20% consists
of fraudulent financial reporting. Regarding employee theft, reasons for committing the crime
vary from employee revenge for corporate restructurings, to changes in technology making it
easier to conceal fraud.
Conditions needed for fraud - the fraud triangle:
Three conditions usually are present when a fraud occurs. These three conditions are
commonly referred to by fraud examiners as the fraud triangle.
1. Incentive or Pressure: Management or other employees have an incentive or are under
pressure (financial or otherwise), which provides a reason to commit fraud.
2. Opportunity: Circumstances exist, such as the absence of controls, ineffective controls,
or the ability of management to override controls, that provide an opportunity for a
fraud to be perpetrated.
3. Rationalization or attitude: Individuals involved in the fraud are able to rationalize
committing the fraud. Some individuals possess an attitude, character, or set of ethical
values that allow them to knowingly and intentionally commit a dishonest act.
Fraud Triangle
Incentive or
Pressure
Opportunity
(poor
internal
controls)
Rationalization
or Attitude
FRAUD
Audit Engagement Developments
55
Although the three conditions of the fraud triangle are typically present in a perpetration of a
fraud, there are circumstances when only one, or even two of the conditions may be present.
Examples:
1. An employee who is under personal financial pressure and is able to rationalize
committing a fraud, is able to perpetrate a fraud even though there is a strong system of
internal control. The employee used a narrow breach in the system of internal control.
2. A company that has a poor system of internal control is victimized by an employee
fraud. The employee, who has no incentive/pressure to commit the fraud and appears
not to possess a rationalization/attitude to commit a fraud, perpetrates a fraud because
he or she is tempted by his or her ability to commit the fraud within a poor system of
internal control.
3. A manager/owner has an incentive/pressure to achieve a certain income level to avoid
triggering a loan default, where there is no indication of the presence of the other two
conditions.
The three conditions of fraud need to be considered in light of the size, complexity and
ownership attributes of the entity.
For example a larger entity might have controls that constrain improper conduct by
management including:
Existence of an audit committee
Use of an internal audit function
Existence and enforcement of a formal code of conduct
Conversely, a smaller, usually closely held entity will not have any of the same constraints
placed on the management of a larger entity, as noted above. Rarely is an audit committee or
internal audit function in use. Moreover, a formal code of conduct is not only non-existent, but
also may be discouraged for stifling the entrepreneurial environment. Instead of having formal
controls, a smaller entity might have other attributes such as developing a culture that
emphasizes integrity and ethical behavior.
In such situations, the auditor should be careful not to be fooled into a sense of security.
Notes: An otherwise honest individual can still commit fraud in an environment that imposes
sufficient pressure on him or her. The greater the incentive or pressure, the more likely an
individual will be able to rationalize the acceptability of committing fraud.
Although all three conditions of the fraud triangle may help contribute to the perpetration of
fraud, the most important condition is opportunity. Where there is incentive and rationalization
to commit a fraud, such a fraud cannot occur unless the system of internal control allows it to
Audit Engagement Developments
56
happen. The number one reason why fraud occurs is due to poor internal controls9, thus
creating the opportunity for it to occur.
The fraud triangle in the 2012 economic climate:
The 2012 economic climate is ripe for fraud in that the three conditions of the fraud triangle
exist in many organizations.
Incentive or pressure: Today there is tremendous incentive and pressure to commit fraud. In
particular, high layoffs coupled with the pressure for organizations to achieve more output with
fewer staff, creates pressure on employees. Along with the incentive and pressure on the job,
those same employees may feel personal pressure from high levels of personal debt and
defaulted mortgages.
Opportunity: With smaller accounting and other staffs, clearly internal business environments
may provide the opportunity for employees and management to commit fraud.
Rationalization or attitude: It is easier for an employee to rationalize the perpetration of a
fraud when he or she is being squeezed inside as well as outside the organization. Pressure to
increase earnings means the employee is performing extraordinary efforts for the benefit of the
shareholders with little to trickle down to the employees. Moreover, with the elimination of
bonuses and contributions to retirement plans within some organizations, employees feel
betrayed and can more easily justify committing a fraud.
a. Fraudulent financial reporting:
Fraudulent financial reporting involves the intentional misstatements or omissions of amounts
or disclosures in financial statements designed to deceive financial statement users where the
effect causes the financial statements not to be presented in accordance with GAAP (or an
other comprehensive basis of accounting, if used).
Fraudulent financial reporting is accomplished in several ways:
Manipulation, falsification, or alteration of accounting records or supporting documents
from which financial statements are prepared
Misrepresentation in or intentional omission from the financial statements of events,
transactions, or other significant information, and
Intentional misapplication of accounting principles relating to amounts, classification,
manner of presentation, or disclosure.
9 According to the Report to the Nation, Occupational Fraud and Abuse (Association of Certified Fraud Examiners), in
57% of the frauds examined, either poor internal controls or controls that were in place but were overridden, were cited as
the primary reason why the fraud occurred.
Audit Engagement Developments
57
Fraudulent financial reporting need not occur as some sort of grand scheme or conspiracy.
Instead, it may be the result of management rationalizing the appropriateness of a material
misstatement as merely an aggressive, rather than an indefensible, interpretation of complex
accounting rules. Or, management might argue that a misstatement is temporary and will
reverse or correct itself in future reporting periods.
Example: Company X is having a terrible year and expects to incur a sizeable loss.
Management believes the loss is temporary due to the economic downturn. X has already
discussed the expected loss with the bank who accepts it as an aberration for one year only.
The bank expects a Company turnaround next year.
Historically, in computing its allowance for bad debts for its trade receivables, the Company
has computed the allowance balance based on 100% of receivables over 90 days old. This year,
management wished to place a “cushion” in the allowance by including not only 100% of over-
90-day balances, but another 20% of over-60-day balances.
When the auditor asks management why they are computing the allowance to include a portion
of the over-60-day receivables, management states that it wants to “clean up” its balance sheet
by being conservative in the event some of the over-60-day balances are uncollectible. At the
balance sheet date, there is no indication that any of the over-60-days receivables are
uncollectible even though a large percentage has not been collected under dated payment
terms.
The auditor likes the fact that management is being prudent by including a higher-than-needed
balance in the allowance account.
Does the above scenario include a misstatement due to fraudulent financial reporting?
Response: Yes. This is a subtle example of fraudulent financial reporting involving managed
earnings. Yet, on the surface, one might argue that it is merely an aggressive use of an
estimate.
The easiest way for management to manipulate earnings is by over-inflating reserves and
allowance accounts, such as the allowance for bad debts and reserves for obsolete inventory.
By being “conservative” with an inflated allowance account with full knowledge of the fact
that the balance is excessive, management is doing nothing more than setting up a “rainy day
fund.” That is, management has in its allowance account excess that can be reversed in future
years to augment earnings. The most likely time for managed earnings to occur is in a loss year
in which management chooses not to reduce the loss incurred and, instead, to shift income to
future years in which it might need it.
The signs of possible fraudulent financial reporting
Audit Engagement Developments
58
Even in a growing economy, there is pressure on management to achieve and maintain
financial results to appease analysts, banks, investors and other third parties. As a result, there
may be heightened risk that fraudulent financial reporting might exist and not be detected by
the auditors.
Auditors have the responsibility to obtain reasonable evidence that the financial statements are
free from material misstatements, including those resulting from fraud. SAS No. 99,
Consideration of Fraud in a Financial Statement Audit, provides a list of risk factors that an
auditor should consider in assessing fraud risk. The list includes:
A highly leveraged entity is in violation of loan covenants
An entity is dependent on an IPO to obtain funding
An entity is unable to obtain and maintain financing
There is evidence of liquidity problems
There are changes in accounting policies and assumptions to less conservative ones
There are profits but no cash flow
A high percentage of management’s compensation is linked to earnings and stock
appreciation
There has been a significant change in members of senior management or the board of
directors
Auditors should have heightened skepticism that fraud might exist in situations in which some
of the previous factors are present.
In the AICPA Audit Risk Alert, reference is made to some of the more common types of
financial statement fraud schemes encountered by the FBI in recent cases which include:
Common Types of Financial Statement Fraud Noted by the FBI
Type of Fraud Description
Phony Sales Creating invoices for products that were never sold, often
made to foreign companies so that auditors have difficulty
verifying the legitimacy of the sale.
Parked Inventory Sales Loading trucks full of inventory on the last day of the year
and “parking” the inventory in a nearby parking lot.
Because the goods have been “shipped” away from the
building, the company fraudulently records a sale. In
reality, the customer has merely ordered the product for
shipment at a later date.
Channel Stuffing Shipping products that are not needed by customers. Later
on, when the customer complains that the goods were not
ordered, the customer is given deep discounts or returns are
authorized. The returns or rebates are recorded in the
future period while revenue is overstated in the current
period. The transactions are repeated in the next period to
offset the reversal of the returns and rebates given from the
previous period.
Audit Engagement Developments
59
Swap Transactions Two companies exchange their products and payments for
the sole purpose of increasing each other’s revenues.
Side Letter Agreements A sales transaction in which a company issues a right of
return or contingency letter to a customer as a condition of
sale. The letters usually give the customer the right to
return any products it cannot sell. A fraud exists because
the sale must be reversed and the auditor has not been
informed about the side letter.
Accelerated Revenue Recording sales in the current period even though they
relate to future periods. In some cases, the scheme is
consummated by backdating sales contracts or other
agreements.
Source: AICPA Audit Risk Alert, as modified by the Author.
When it comes to fraudulent financial reporting, in many instances companies “cook the
books” with more finesse than simply altering financial statements. In fact, manipulating
financial statements can be done with such subtlety that the auditor may not even know it is
being done.
Let’s look at three ways in which management can “cook the books.”
Most extreme way: Actually commit fraudulent financial reporting such as overstating
inventories or revenues- illegal.
Moderate way: Stretch accounting rules to the limit- may or may not be illegal.
Very modest way: Follow the accounting rules, but seek ambiguous loopholes in the
GAAP rules- legal but may not be ethical.
Many auditors may look for the obvious most extreme means by which management commits
fraudulent financial reporting, such as by overstating revenue and/or inventories. Yet, the
more subtle ways of simply stretching accounting rules or finding GAAP loopholes can have
just as great an impact on distorting financial statements. There is also a greater incentive for
management to simply stretch the accounting rules in that they are unlikely to be charged with
fraud either civilly or criminally.
By way of example, following are some of the balance sheet accounts that management can
manipulate by over- or understanding them, without committing fraud:
Allowance accounts and liabilities that can be easily overstated:
Allowance for doubtful accounts
Allowance for obsolete inventory
Liability for uncertain tax positions (FIN 48)
Deferred income tax asset valuation account
Audit Engagement Developments
60
Asset valuations that can easily be manipulated:
Goodwill- impairment writedowns
Intangible assets with indefinite lives- impairment writedowns
Observation: The FASB continues to move GAAP toward a principles-based system under
which GAAP will be determined based on broader principles and fewer rules. It will be
interesting to see how auditors are able to function in such an environment. Without the current
rules-based GAAP, management will be able to stretch the rules or find numerous GAAP
loopholes to justify their interpretation of GAAP. In such an environment, auditors will be
placed in the difficult position of not having the authoritative tools (e.g., specific GAAP rules)
to challenge management’s position.
The Crazy Eddie Ripoff
In the 1980s, Eddie Antar, better known as Crazy Eddie was a consumer electronics retailer in
New York, New Jersey and Connecticut who engineered a $120 million theft with his family
members. Eddie fooled the auditors and was ultimately caught, spending time behind bars.
In his article, So That's Why It's Called a Pyramid Scheme, author Joseph T. Wells uses the
Crazy Eddie case to illustrate the different types of fraud commonly committed. He breaks
them down into five categories:
Most common fraud
method
What Crazy Eddie did How the auditor could have
caught it
1. Fictitious revenues: Companies create
fictitious revenues for
sales that did not occur.
Eddie created fictitious invoices
showing merchandise sales to three
major suppliers who colluded in the
transaction. When the auditors
confirmed the receivables, the
suppliers confirmed that the
balances were accurate.
Analytical procedures might
have caught this fraud including
an analysis of sales at the end of
the year and shipping
documents.
2. Fraudulent
inventory valuations: Inflating inventories that
do not exist or
overvaluing inventories
that do exist are two of
the most common
methods of committing
inventory fraud.
Eddie overvalued his inventory by
$80 million by borrowing
merchandise from suppliers to
increase the year-end inventory.
The suppliers were the same ones
who confirmed the phony
receivables. The goods were shipped
to the stores and billing was held
back until after the auditors left the
premises. Goods were also shipped
from one store to another and double
counted. Finally, management got
hold of the auditors' inventory test
A comparison of year-end
receiving documents to
accounts payable. If goods were
received prior to year-end, it is
unlikely that this test would
have been performed and the
fraud would have gone
undetected.
Gross profit test would have
resulted in too high a
percentage.
Audit Engagement Developments
61
count sheets and changed them to
increase the numbers.
Number of days in inventory
would have been high.
3. Timing differences: Using the accounting
cutoff period to increase
sales and/or reduce
liabilities and expenses.
Eddie instructed his stores to hold
the books open past the end of the
year to increase sales.
Liabilities were not recorded until
the next period.
Sales cutoff test.
Analytical procedures on end of
year sales, by day.
4. Conceal liabilities
and expenses: Not
recording liabilities that
exist at year end.
Eddie instructed his nephew to
remove unpaid invoices from the
files until the auditors left the
premises.
Analytical procedures such as
gross profit test and comparison
of operating expenses from year
to year might have caught the
fraud.
Comparison of accounts
payable from year to year and
number of days purchases in
accounts payable might have
shown unusually low accounts
payable level relative to
purchases.
5. Improper
disclosures:
Changing accounting
principles or omitting
other key disclosures.
Eddie changed the footnotes with
respect to revenue and the auditors
did not notice it.
A comparison of the footnotes
from year to year would have
caught this intentional error.
b. Misappropriation of assets (theft):
Misappropriation of assets involves the theft of an entity’s assets where the effect of the theft
causes the financial statements not to be presented in conformity with GAAP.
Misappropriation of assets is usually accomplished by false or misleading records or
documents, possibly created by circumventing controls.
Misappropriation of assets is accomplished in several ways, including:
Embezzling receipts
Stealing assets, and
Causing the entity to pay for goods or services not received.
Note: An auditor is only concerned with a misappropriation of assets (theft or defalcation) that
results in a material financial statement misstatement. Immaterial theft, for example, is not
important to the auditor, per se. However, if an immaterial theft has occurred, the auditor
should be concerned about the bigger picture and whether the occurrence of the theft suggests
a deficiency in internal control.
Why do employees commit fraud for their own benefit?
Audit Engagement Developments
62
Studies have profiled why employees commit fraud for their own benefit; that is,
misappropriation of assets. An article by Joseph T. Wells, entitled Why Employees Commit
Fraud, gives some insight into the lessons learned about employees who have committed
fraud.
In the article, the author references a 20-year-old study by Hollinger and Clark in which
12,000 employees where profiled. The results are startling:
90% of the employees committed "workplace deviance" such as workplace slowdowns,
sick time abuses, and pilferage.
33% of the employees actually stole money or merchandise.
There is a direct correlation between employee dissatisfaction and fraud: employees
who commit fraud do so by justifying it as “wages in kind."
Example: A loyal bookkeeper was denied a $100 monthly raise and stole for the next
20 years. The amount stolen was exactly $100 per month.
Lessons from research disclose the following:
1. Employee and executive profiles are important to consider:
a. Employees and executives who feel unfairly treated believe they are justified in
committing occupational fraud.
b. Employees and executives facing embarrassing financial difficulties are more
likely to commit fraud.
2. Auditors should discuss with management the importance of improving internal
controls even if the auditor does not rely on internal controls in performing the audit.
3. Auditors should ask individual employees whether they suspect fraud. The studies
reveal that auditors rarely ask the employees whether they believe any fraud is being
committed.
Another study analyzed frauds by the three conditions of the fraud triangle: Incentive/pressure,
opportunity, and rationalization.
The Study concluded that all three conditions drive an employee to commit fraud as noted in
the following chart:
Audit Engagement Developments
63
% of frauds
committed
INCENTIVE/PRESSURE:
Expensive lifestyle to maintain 43%
Dissatisfaction with the company 8%
Career disappointment 10%
Layoff/redundancy 4%
OPPORTUNITY:
Insufficient internal control 28%
External collaboration/collusion 24%
Management over ride 26%
Internal collaboration/collusion 18%
Anonymity with the company 16%
Foreign business customers 2%
RATIONALIZATION:
Lacked awareness of wrongdoing 40%
Low temptation threshold 36%
Self-denial of consequences to company 23%
Source: Crisis Management- Economic Crime, PWC.
From the Survey chart, it is obvious that the maintenance of an expensive lifestyle has been the
greatest subcondition that drives incentive/pressure with it existing in 43% of the frauds
committed.
Also, rationalization is a critical condition driving fraud with the primary subcondition of
rationalization being a lack of awareness of wrongdoing (40% of frauds surveyed), and a low
temptation threshold (36% of the cases).
4. Small Business Fraud
Based on the report published by the Association of Certified Fraud Examiners entitled, Report
to the Nation on Occupational Fraud and Abuse, smaller privately held businesses are the
greatest victims of occupational fraud. Specifically:
42% of all frauds occur in private companies, resulting in median losses of $231,000
31% of frauds occur in companies with fewer than 100 employees.
From the Report, the frequency and median loss of cash frauds is broken down in the following
table:
Audit Engagement Developments
64
Asset Misappropriations- By Type % of all
cases
Median
loss
Involving Cash Receipts
Skimming 15% $60,000
Cash larceny 10% 100,000
Involving Fraudulent cash disbursements
Billing schemes 26% 129,000
Check tampering 13% 131,000
Expense reimbursements 15% 33,000
Payroll schemes 9% 72,000
Cash register disbursement schemes 3% 23,000
Cash on hand misappropriations 13% 23,000
Involving non-cash assets:
Non-cash misappropriations including
inventory theft
16% 90,000
a. Fraudulent disbursements:10
The greatest percentage of cash frauds involves some form of fraudulent disbursement.
Following is a table that summarizes the common types of fraudulent disbursements and
examples of each.
10
Excerpts from this segment were extracted from: How to Prevent Small Business Fraud, Association of Certified Fraud
Examiners.
Audit Engagement Developments
65
Examples of fraudulent disbursements
Type of fraudulent disbursements Example
Phony vendor: Invoices are paid
for fictitious goods or services,
inflated invoices or goods or
services related to the perpetrator.
A secretary sets up a phony vendor and submits faxed
copies of invoices to the accounts payable department for
payment. The fraud was discovered four years later when
a manager identified a large variation in the budget.
Phony employee: Payment is
made to a phony employee.
A controller who believes she should be earning more
compensation adds a phony employee to the payroll
records. Because she manages both the bank accounts
and general ledger, she wrote a check to the phony
employee and direct deposited the funds into her
personal account.
After three years, the fraud was detected during a
surprise payroll audit.
Expense reimbursements: An
employee submits a claim for
reimbursement of fictitious or
inflated business expenses.
John, a sales employee, submits on his expense report
phony invoices for meals and entertainment.
Check tampering: A perpetrator
forges, alters or steals a check.
The administrative assistant, who is also the company’s
bookkeeper, prepares and delivers checks to the CEO for
payment on a weekly basis. The CEO quickly signs the
checks. The assistant prepares the checks with erasable
ink and changes the payee on the checks after they are
signed, and posts the checks to various general ledger
accounts. When the checks are returned the assistant
changed the payee back to the original payee. She is
caught when, in haste, she altered checks related to the
CEO’s personal expenses. Total cost to the company
was more than $500,000.
Register disbursement: An
employee makes false entries on a
cash register to conceal the
removal of cash.
A service station attendant learns that a cash sale can
disappear altogether if he presses the “hold” button on
the register for a few seconds. When a customer pays
cash, the attendant pockets the cash and does not record
the sale. The fraud was discovered when there was a
significant difference between the fuel level and sales.
Total cost to the company was $132,000.
Source: Small Business, Big Losses, Joseph T. Wells, Journal of Accountancy, AICPA
Audit Engagement Developments
66
Fraud involving cash receipts:
Fraud involving cash receipts can be segregated into two categories:
Cash larceny
Skimming
Cash larceny and skimming collectively represent 25% of all misappropriations of assets.11
Cash larceny:
Cash larceny occurs when an employee steals cash from a daily cash deposit.
Typical forms of cash larceny are summarized in the following table:
Ways to conceal cash larceny
Internal controls to mitigate the concealment
Deposit lapping: An employee steals
a deposit from one day and replaces it
with a deposit from the next day. The
second day’s deposit is replaced with
the third day’s deposit, etc. The
deposits are always one day behind.
Insist that deposits be made on a daily basis with
an independent person verifying the dates and
amounts of each deposit from the deposit slip and
bank statement.
Deposits in transit: An employee
steals a deposit and carries the
missing deposit as a deposit in transit
on the bank reconciliation.
Make sure there is a separation of duties between
those that make the deposit and the one that
reconciles the bank statement.
Source: How to Prevent Small Business Fraud, Association of Certified Fraud Examiners.
Skimming:
Skimming involves removing cash from an entity before the cash is recorded. It is commonly
known as “off-the-books” fraud because there is no direct audit trail to detect the fraud.
Typically, skimming involves an employee receiving a payment from a customer, pocketing
that deposit and not recording the receipt of that payment.
Following is a chart that summarizes the common types of skimming schemes:
11
Cash larceny (10%) and skimming (15%).
Audit Engagement Developments
67
Common Types of Skimming Schemes
Skimming Scheme Comments
Skimming sales: Theft of incoming
sales.
Easier to conceal than theft
of receivables as payment
for the sale is not expected
while the receivable is.
On-site employees: Most skimming occurs at the cash
register by low-paid employees subject to a high-degree
of temptation.
Typically involves ringing in “no sale” or another non-
cash transaction in the register.
Remote salespeople: Unsupervised off-site employees
sell goods, retain the cash, and do not record the sale.
Off-hours sales: Employees conduct sales during off-
hours without the knowledge of the owners.
Mailroom theft: Employees who open the mail steal
incoming checks.
Check-for-cash substitutions: An employee receives
unexpected revenue such as a rebate or refund. The
employee sets aside the check. When an equal amount of
currency is received, the employee takes the currency
and replaces it with the check.
Example: An unexpected rebate check is received for
$1,000. An employee steals $1,000 of cash and replaces
it with the rebate check.
Skimming receivables: Theft of
income receivable payments.
Experienced fraudsters avoid
skimming receivables in lieu of
skimming sales. Receivable
payments represent a payment
from a customer expected to be
received resulting in it much more
likely that the fraudster will get
caught. Unpaid receivables show
up on the past due listing.
The fraudster uses several concealment
techniques:
Forced account balances: Employee posts the payments
to the customer receivable accounts even though they
have not been received. The difference is posted as a
plug to cash.
Fraudulent write offs: Fraudster authorizes bad debt
writeoff for an account skimmed.
Debits to aging or fictitious accounts: Improperly
debiting the accounts of other customers (or fictitious
customers) to account for the false credit to the skimmed
customer account.
Lapping: Applying the payments of one account to
another to conceal a skimming.
Example: Check for Customer A is stolen.
Check for Customer B is posted to account of Customer
A to conceal theft, and so on.
Audit Engagement Developments
68
Stolen statements: The fraudster intercepts the
customer’s account statement and late notices or changes
the customer’s address to ensure the customer does not
receive a statement from the victim organization.
Destroying records: The fraudster destroys all records
that can implicate him/her in the skimming.
Source: How to Prevent Small Business Fraud, Association of Certified Fraud Examiners.
Note: With respect to sales skimming, one way to detect such skimming is through inventory
shortages. An employee who skims a cash sale still must accommodate the customer who
placed the sale. The employee will have to ship the customer goods for which sales have not
been recorded, resulting in an inventory shortfall. Now the employee must conceal the
inventory shortfall to cover up the sales skimming. Ways to conceal the inventory shortfall
include writing off inventory as obsolete and adjust the perpetual inventory to reflect the
removal of the goods.
In reality, it is usually easier for a perpetrator to hide the inventory shortfall than the skimmed
sales. If the sales skimming is relatively small, the inventory shortfall is not likely to be
discovered and will wash through as normal shrinkage. Conversely, a large sales skimming
could yield a significant inventory shortage.
Which is the best type of fraud to commit if you are a fraudster?
Let’s look at fraud from the perspective of the fraudster. In performing any fraud, the fraudster
must take action on two fronts:
1. Conceal the fact that the crime has been committed, and
2. Conceal the identity of the fraudster.
For some frauds, concealing the fact that the crime has been committed may be easy, but
concealing the identity of the fraudster may be difficult. Conversely, others may be difficult to
conceal but easy to hide the identity of the fraudster.
Audit Engagement Developments
69
Comparison of Types of Frauds: Ease of Concealing
Crime and Identity of Fraudster
Ease of
concealing crime
Ease of concealing
identity of fraudster
Fraud involving cash receipts:
Cash larceny Low High
Skimming sales High High
Skimming receivables Low Low
Fraud involving cash disbursement:
Phony vendors Moderate Low
Phony payroll Moderate Low
Expense reimbursement Moderate Low
Check tampering Moderate Low
Register disbursement Moderate High
From the chart, one can see that there is a wide difference between the risks of concealment
and being caught based on types of frauds. In general, skimming of sales still continues to be
the most attractive type of fraud to commit in that it is usually difficult to detect and, if
detected, there is a lower probability that the perpetrator will get caught. Conversely, most
fraud involving cash disbursements have the risk that, if the fraud is discovered, the perpetrator
will be caught.
5. Evaluating an Entity’s Fraud Environment
No organizations are exempt from their exposure to fraud. Consequently, it is important that
they evaluate their risk and exposure to fraud by considering the entity’s culture and fraud risk
factors.
Following is a chart that looks at variables (fraud risk factors) that might exist in high- and
low-fraud risk environments.
Environmental and Cultural Comparison of Organizations
with High Fraud and Low Fraud Potential
Variable High-Fraud Potential Low-Fraud Potential
Management style Autocratic Participative
Management orientation Low trust
Power-driven
High trust
Achievement-driven
Distribution of authority Centralized, reserved by top
management
Decentralized, dispersed to all
levels, delegated
Planning Centralized and short range Decentralized and long range
Performance Measured quantitatively and
on a short-term basis
Measured both quantitatively and
qualitatively and on a long-term
basis
Business focus Profit-focused Customer-focused
Management strategy Management by crisis Management by objectives
Audit Engagement Developments
70
Reporting Reporting by routine Reporting by exception
Policies and rules Rigid and inflexible, strongly
policed
Reasonable, fairly enforced
Primary management
concern
Capital assets Human, then capital and
technological assets
Reward system Punitive and penurious Generous, reinforcing, and fairly
administered
Feedback on performance Critical and negative Positive and stroking
Interaction mode Issues and personal
differences are skirted or
repressed
Issues and personal differences are
confronted and addressed openly
Payoffs for good behavior Mainly monetary Recognition, promotion, added
responsibility, choice assignments,
plus money
Business ethics Ambivalent, rides the tide Clearly defined and regularly
followed
Internal relationships Highly competitive, hostile Friendly, competitive, supportive
Values and beliefs Economic, political, self-
centered
Social, spiritual, group-centered
Success formula Works harder Works smarter
Human resources Burnout, high turnover,
grievances
Not enough promotional
opportunities for all the talent
Low turnover
High job satisfaction
Company loyalty Low High
Major financial concern Cash flow shortage Opportunities for new investment
Growth pattern Sporadic Consistent
Relationship with
competitors
Hostile Professional
Innovativeness Copy cat, reactive Leader, proactive
CEO characteristics Swinger, braggart, self-
interested, driver, insensitive
to people, feared, insecure,
gambler, impulsive, tight-
fisted, numbers- and things-
oriented, profit-seeker, vain,
bombastic, highly emotional,
partial, pretend to be more
than they are.
Professional, decisive, fast-paced,
respected by peers, secure risk-
taker, thoughtful, generous with
personal time and money, people-
products- and market-oriented,
builder, helper, self-confident,
composed, calm, deliberate, even
disposition, fair, know who they
are, what they are and where they
are going.
Management structure,
systems and controls
Bureaucratic, regimented,
inflexible, and imposed
controls
Collegial, systematic, open to
change, self-controlled
Source: The CPA’s Handbook of Fraud and Commercial Crime Prevention, AICPA.
Audit Engagement Developments
71
Signs that Fraud May be Present
If you are looking for the signs of fraud in a small business environment, consider whether any
of the following factors are present:
Signs of Potential Fraud
Symptom in the Books Possible Sign of Fraud
An increase in overall sales returns
Removes customer accounts receivable to conceal
skimmed accounts receivable payment
Unusual bad debt write offs Removes customer accounts receivable to conceal
skimmed accounts receivable payment
Slow collections Skimmed accounts receivable
Decline or unusually small increase in cash
or credit sales
Sales are not being recorded
Inventory shortage Sign of fictitious purchases, unrecorded sales, and
employee theft
Source: Small Business Administration’s Crime Prevention Series
Not only should a company look at the technical signs of fraud noted in the previous table,
companies should look at the psychological aspects of fraud and the symptoms that exist in
changes in employee behavior. Examples of suspicious employee behavior include:
Symptoms of Employee Fraud
Behavior Explanation
A suddenly enriched, extravagant lifestyle
that is unsubstantiated by normal wages
Embezzlers need to demonstrate they can buy items
with the money to improve their lifestyle.
Frequent requests for cash advances or
delayed repayment of prior loans
Requests are indicators of expenses exceeding
income, which may indicate an employee theft
exists.
Telephone calls at work from creditors Calls from a collection agency are typically the
agency’s last resort to collect, noting a severe
personal cash flow problem.
Wage garnishment Wage garnishment is typically a sign that
embezzlement may already be in place.
Significant change in behavior, attitude, or
performance
Embezzlement becomes a full-time, all
encompassing job the deeper the employee gets
involved. Irritability, drastic mood swings and
frequent mistakes all can be evidence of a larger
problem.
Refusing to take time off Embezzlers must hide their tracks and cannot give
anyone else the chance to discover their fraud.
Gambling Employees with a gambling, alcohol, or drug
addiction find ways to finance their habit.
Source: Dana Turner, Security Education Systems, San Antonio, Texas
Audit Engagement Developments
72
Employee background checks- do they work?
There are mixed opinions as to whether background checks on employees really work in
predicting whether a prospective employee will be a fraudster. Fraud surveys indicate that most
fraudsters are first-time offenders.
However, the background check that may be the most effective, is not one limited to contacting
the previous employer since that employer would be reluctant to disclose a fraud anyway.
Instead, a more expansive background check is most effective and costs about $1,500 and
should include:12
Do a database check to:
1. Verify address and previous employment
2. Look for civil claims related to:
a. Liens and judgments against the potential employee
b. Bankruptcy filings and litigation records
3. Hand search at local county courthouses in the counties where the person has held
previous positions.
Note: Searching criminal records is useful but may not be effective for first-time offenders. In
many states, a guilty plea for a first-time offender may be expunged from his or her record
after one year.
In addition, all businesses should:
1. Prosecute even the smallest of frauds to set the tone for the company and to stop the
embezzler of the next employer, and
2. Nurture an environment where employees can share information about potential frauds.
12
Forensic Investigative Associates, NY, NY.
Audit Engagement Developments
73
50 Honest Truths About Employee Dishonesty
The Employee and Your Company
Employers can create an atmosphere that fosters honesty, or dishonesty by the way they conduct
business.
If you ask an employee to steal for you, don’t be surprised when he steals from you.
Theft is the ultimate sign of employee disrespect toward you and your company. That disrespect
is usually predictable, based on prior behavior.
Employees involved in theft have usually been involved in other prior misconduct at the company.
Employee theft is far more costly to your business than just the value of the goods stolen.
The employee who steals is more insidious than the outsider because that employee violated your
trust.
No employee who steals is a “good employee” no matter how hard they otherwise work.
Psychology of Employee Theft
Need and opportunity are critical elements for theft to occur.
Need can be very superficial and at times difficult to understand.
An employee’s ethical make up will temper the temptation to steal.
Virtually every employee who steals has rationalized his or her dishonesty.
Most employees would not steal if they couldn’t rationalize it.
Employees who steal believe that everyone steals and that most steal more than they do, no matter
how much they have actually stolen.
A thief learns to lie before he learns to steal.
Tolerance of Theft
No theft, no matter how minor, should be tolerated or ignored.
Employees who know of unreported theft are as bad as the thief.
Theft is like a cancer- if left untreated it will continue to grow and spread.
In regard to your attitude towards dishonesty, most employees mistake kindness for weakness.
Most employees appreciate a second chance- to steal from you again.
Detection and Prevention
No one ever gets caught the first time.
The employee who is closest to the loss is usually the one who did it.
Be careful of the employee who discovered the loss.
When the person’s explanation sounds suspicious, be suspicious.
Your so-called sixth sense is usually pretty accurate- it’s actually a consolidation of your senses.
Employees who deny guilt, but are willing to perform restitution, are guilty.
When a number of employees suspect one person there’s usually a pretty good reason.
Controls Over Theft
Virtually every theft situation could have been prevented by better management.
Nothing you own is immune from theft, and no business is theft proof.
Most businesses are loath to put controls over theft for a variety of reasons, which are invalid.
For some reason, companies are more eager to detect theft after the fact, than prevent it from
happening, even though it is much cheaper to prevent it in the first place.
Audit Engagement Developments
74
The best way to avoid employee theft is to not hire a thief.
The best way to not hire a thief is to investigate a potential employee’s background.
If a person has stolen from a previous employer, why do you think he or she won’t steal from you?
Constant and eclectic vigilance is required to prevent theft- there is no magic.
Isolating the responsibility is a critical theft prevention topic.
Never let the employee be his or her own check and balance.
Asset protection is in everyone’s job description.
Effective security measures are not oppressive or burdensome.
Asset protection is an insurance. The cost should be weighed against the risk.
Crime and Punishment
There is no perfect resolution. Each case must be considered independently, the most just and
intelligent disposition.
You cannot rely on the criminal justice system to protect your assets, investigate theft, or bring the
culprit to justice.
If you want to understand the physics of a black hole, bring your employee fraud case to the
typical big city court.
The employee who says he is sorry usually is- sorry to have been caught.
The employee who is remorseful today will be spiteful tomorrow.
If the only punishment the employee receives is termination, the proceeds of theft are his golden
parachute.
If the dishonest employee offers to resign, accept it and avoid the urge to be vindictive.
Of the three “shuns” (termination, prosecution, restitution) restitution while the most difficult,
does the victim the most good.
Source: Honest Truths About Employee Dishonesty, Steven Kirby, DFE
Associate Editor, Fraud Section, PI Magazine.
Audit Engagement Developments
75
REVIEW QUESTIONS
Under the NASBA-AICPA self-study standards, self-study sponsors are required to present
review questions intermittently throughout each self-study course. Additionally, feedback must
be given to the course participant in the form of answers to the review questions and the reason
why answers are correct or incorrect.
To obtain the maximum benefit from this course, we recommend that you complete each of the
following questions, and then compare your answers with the solutions that immediately
follow. These questions and related suggested solutions are not part of the final examination
and will not be graded by the sponsor.
1. As noted by the FBI, what type of financial statement fraud involves a sales transaction in
which a company issues a right of return or contingency letter to a customer as a condition
of sale:
a. Accelerated revenue
b. Phony sales
c. Side letter agreements
d. Swap transactions
2. In the Crazy Eddie Rip-Off, how could the auditor have caught the fraudulent inventory
valuations?
a. Compare accounts payable from year to year and number of days purchases in accounts
payable
b. Compare the footnotes from year to year
c. Perform gross profit test and number of days in inventory
d. Perform sales cutoff test
3. Which type of fraud involves an employee stealing cash from a daily cash deposit?
a. Cash larceny
b. Phony vendor
c. Register disbursement
d. Skimming
4. What is a common concealment technique used by a fraudster who is skimming
receivables:
a. Check-for-cash substitutions
b. Fraudulent writeoffs
c. Mailroom theft
d. Off-hours sales
Audit Engagement Developments
76
5. Which organization has the highest fraud potential?
a. A customer-focused organization
b. An organization that has decentralized authority, dispersed to all levels
c. An organization that measures performance quantitatively, on a short-term basis
d. An organization with a collegial, systematic, self-controlled management structure
Audit Engagement Developments
77
SUGGESTED SOLUTIONS
1. As noted by the FBI, what type of financial statement fraud involves a sales transaction in
which a company issues a right of return or contingency letter to a customer as a condition
of sale:
a. Incorrect. Accelerated revenue is the recording of sales in the current period even
though they relate to future periods. In some cases, the scheme is consummated by
backdating sales contracts or other agreements.
b. Incorrect. Using phony sales involves creating invoices for products that were never
sold, often made to foreign companies so that auditors have difficulty verifying the
legitimacy of the sale.
c. Correct. Side letter agreements involve a sales transaction in which a company
issues a right of return or contingency letter to a customer as a condition of sale.
The letters usually give the customer the right to return any products it cannot sell.
d. Incorrect. Swap transactions involve two companies exchanging their products and
payments for the sole purpose of increasing each other’s revenues.
2. In the Crazy Eddie Rip-Off, how could the auditor have caught the fraudulent inventory
valuations?
a. Incorrect. A comparison of accounts payable from year to year and determined number
of days purchases in accounts payable would have caught the concealment of liabilities
and expenses, but not the fraudulent inventory valuations.
b. Incorrect. If the auditor had compared the footnotes from year to year, Crazy Eddie’s
intentional changes to the disclosure footnotes would have been detected, but not the
fraudulent inventory valuations.
c. Correct. If the auditor had performed a gross profit test, it would have resulted in
too high a percentage. In addition, the number of days in inventory would have
been high. Both tests might have uncovered the fraudulent inventory valuations.
d. Incorrect. The sales cutoff test might have detected timing differences in recording
sales, but was unlikely to uncover the fraudulent inventory valuations.
3. Which type of fraud involves an employee stealing cash from a daily cash deposit?
a. Correct. Stealing from a daily cash deposit is referred to as cash larceny.
b. Incorrect. The creation of phony vendors is a type of fraudulent disbursement. In this
type of fraud, invoices are paid for fictitious goods or services, inflated invoices or
goods or services related to the perpetrator.
c. Incorrect. Register disbursements is a type of fraudulent disbursement that has nothing
to do with stealing daily cash deposits. In this type of fraud, an employee makes false
entries on a cash register to conceal the removal of cash.
d. Incorrect. Skimming is one of the two categories of fraud involving cash receipts, but
does not involve stealing cash from the daily cash deposit (cash larceny). Unlike cash
larceny, skimming involves removing cash from an entity before the cash is recorded. It
Audit Engagement Developments
78
is commonly known as “off-the-books” fraud because there is no direct audit trail to
detect the fraud.
4. What is a common concealment technique used by a fraudster who is skimming
receivables:
a. Incorrect. Substituting checks for cash might be an effective technique when skimming
sales, but not skimming receivables. Using this technique, the employee receives
unexpected revenue such as a rebate or refund, which is set aside. When an equal
amount of currency is received, the employee takes the currency and replaces it with the
check.
b. Correct. Fraudulent writeoffs is an effective concealment technique with fraud
involving receivables. The fraudster skims receivable collections and then
authorizes a bad debt writeoff for an account skimmed.
c. Incorrect. A fraudster who is skimming sales might open the mail in the mailroom and
steal incoming checks. However, this technique does not work well for skimming
receivables because ultimately the customer who sent in the check will question why he
or she has not been credited for the payment sent.
d. Incorrect. A fraudster who is skimming sales might conduct sales during off-hours
without the knowledge of the owners. This approach does not involve skimming
receivables.
5. Which organization has the highest fraud potential?
a. Incorrect. In general, a customer-focused organization has low-fraud potential, whereas
a profit-focused organization has high-fraud potential.
b. Incorrect. An organization that has decentralized authority, dispersed to all levels, has
low-fraud potential, whereas an organization that has centralized authority, reserved by
top management, has high-fraud potential.
c. Correct. An organization that measures performance quantitatively and on a
short-term basis has higher fraud potential. On the other hand, an organization
that measures performance both quantitatively and qualitatively and on a long-
term basis has lower fraud potential. Incorrect. An organization with a collegial, systematic, self-controlled management
structure that is open to change has low-fraud potential, not high-fraud potential.
Audit Engagement Developments
79
6. Time Theft
There are indirect ways in which employees can steal from their employer. One such way is
time theft. Companies are coming to the realization that time theft can be just as severe as
embezzlement and no one goes to jail.
One study13
concludes that the average employee steals approximately 54 minutes per day (4.5
hours per week), from his or her employee, for a total of six full work weeks per year- more
than 10 percent of total payroll.
1. Examples of time theft forms include:
Late arrival or early departure
Requesting paid sick days for inappropriate reasons
Excessive socializing and personal telephone calls
Using company time and facilities to operate another business
Taking long lunch breaks
Slowing down the workload
Handling personal business during work hours.
2. Time theft applies to all business whether white or blue collar based.
3. Permanent employees steal more time than temporary employees.
4. The greater the seniority, the greater the chance they will steal time from their employer.
5. Office personnel steal more time than manufacturing personnel.
6. Employees under age 30 steal more time than employees age 30 or older.
The following chart quantifies the impact of time theft on a typical business:
Assumptions:
20 minutes per day time theft as follows:
Arrival at work 5 minutes late, leave 5 minutes early (10 minutes lost per day)
5 minutes early for lunch, and 5 minutes late for lunch (10 minutes lost per day)
250 working days per year
13
Acroprint- Is Time Theft Robbing You Blind?
Audit Engagement Developments
80
Computation of Time Theft
Hourly
rate
Hourly
including
fringes
30%
Lost profit
# employees
10 25
$7.25 $9.50 $(7,916) $(19,790)
9.00 12.00 (9,996) (24,990)
11.00 14.30 (11,912) (29.780)
15.00 19.50 (16,245) (40.610)
18.00 23.40 (19,500) (48,750)
Source: Carpoint as modified by the Author.
How to reduce time theft?
Employee time and attendance systems can be used to significantly reduce time theft by
eliminating the ability to come in early and leave early, as well as taking additional time at
lunch.
Time and attendance systems can be used to reward or penalize employees during the
employment reviews.
7. Employee background checks and credit reports
Should an employer do a background check (including an employee’s credit report) in
deciding whether to hire that employee?
More companies are performing detailed background checks, including obtaining a credit
report, on prospective hires and using that information as part of the decision to hire.
Typically, such checks are useful in uncovering information on an employee that might not
otherwise be extracted toward the performance of other traditional efforts. According to one
report, 40 percent of employers now run credit reports.14
It is estimated that 40 percent of resumes, contain false or inaccurate information.15
So, why perform a detailed background check including a credit report?
There are several reasons for performing a detailed background check, including obtaining a
credit report:
a. It could protect the employer from a future negligence claim based on the actions of
that employee while employed.
14
U. S. News & World Report 15
InfoLink Screening Services, Inc.
Audit Engagement Developments
81
b. It may uncover a criminal record.
c. It may help evaluate the employee’s ability to manage financial affairs. “If he or she
cannot mange his or her own financial affairs, why could he or she do so for our
organizations?”
d. Hiring the right employees may avoid high turnover costs which can run as high as
$10,000 per employee position.16
Not only is the background check useful in assessing the way in which an employee manages
his or her financial affairs, but also may be necessary to protect the company from a future
liability claim due to the actions of that employee. Not only can an employee be negligent
during his or her employment, but there is also risk that an employee has an undisclosed
criminal record. One study noted that employers lost 79 percent of all negligent hiring suits
with the average jury plaintiff award that exceeds $1.6 million. In some cases, damages are
assessed against an employer because an employer fails to perform a background check on an
employee prior to hiring.
If an employer does obtain a credit report, there are certain requirements that must be met
under the Fair Credit Reporting Act (FCRA) including disclosure to the employee of his or her
rights under that Act.
8. The Auditor's Role in Dealing with Fraud
a. General:
In reviewing the incidents of fraudulent financial reporting found in the COSO Report, there
are some facts that the auditor should consider. Among these is the fact that even the strongest
of internal control systems can be circumvented by collusion or management override.
Moreover, a weak internal control system tempts not only dishonest employees but also those
who are on the fringe--the person who does not plan to steal but does so when tempted.
Test the one-dollar bill rule to see if someone is honest:
Drop a dollar bill and see if the person walking directly behind you gives it back. Do
the same for $5, $10, $50, and finally $100, if you dare.
What does this test tell you about human nature?
In this hypothetical situation, some individuals would give the money back and some,
unfortunately, would not. In most instances, the person who keeps the bill would otherwise be
an honest person and certainly not one scheming to steal from another. In fact, the person did
not reach into your pocket or grab your wallet or pocketbook. But when the temptation was
16
William M. Mercer, Inc.
Audit Engagement Developments
82
presented (e.g., a bill lying on the ground), he or she committed the theft. A parallel exists with
an employee who commits fraud (theft). Most employees who steal from their employer do not
scheme to commit the fraud. Similarly, management generally does not plan to commit
fraudulent financial reporting. But when the temptation presents itself through a weak internal
control system coupled with other factors (such as financial pressures), the employee that is on
the fringe might steal and management may possibly commit financial statement fraud.
The moral of the story is for companies to strengthen their internal control. Take the
temptation away from the weak and weary!
b. The auditor's role in dealing with fraud- SAS No. 99 requirements:
SAS No. 99, Consideration of Fraud in a Financial Statement Audit, establishes expanded
requirements for auditors to consider fraud in a financial statement audit. It applies to audits of
both public and non-public entities.
The primary actions auditors must take in complying with SAS No. 99 are as follows:
Emphasizes that an auditor must:
1. Exercise professional skepticism during the audit including:
Having a questioning mind and performing a critical assessment of all audit evidence
received
Possessing a “show me” mindset that recognizes the distinct possibility that a material
misstatement due to fraud could be present
Evaluating information received by management without any bias to past experience
with the entity and regardless of the auditor’s belief about management’s honesty and
integrity
Conducting ongoing questioning of whether the information and evidence obtained
suggests that a material misstatement due to fraud has occurred, and
Probing evidence more thoroughly and critically.
Note: Professional skepticism does not assume that management or employees are guilty
or innocent of committing fraud. Instead, it is based on a degree of neutrality.
2. Conduct a brainstorming session with audit engagement personnel to discuss the risks of
material misstatement due to fraud and set the tone of the audit.
Audit Engagement Developments
83
3. Make greater inquiries of management and other personnel within the entity about the risks
of fraud.
Inquiries include those of management, internal auditors, audit committee chairman,
and others (such as sales and marketing, and receiving personnel)
4. Perform analytical procedures including specific procedures on revenue.
Examples of analytical procedures related to revenue follow:
Comparison of recorded sales volume with production capacity - an excess of sales
volume over production capacity may indicate the recording of fictitious sales.
Trend analysis of revenues by month and sales return by month during and shortly after
the reporting period. Variations may indicate the existence of undisclosed side
agreements with customers to return goods that would preclude revenue recognition.
Compare revenue to variable expenses (cost of sales, commissions, etc.) for significant
fluctuations.
Review bad debt writeoffs in relation to sales.
5. Consider an expanded list of fraud risk factors: SAS No. 99 expands the list of fraud risk
factors that need to be considered in planning the audit. The list is not included in this
section but is part of the appendix to SAS No. 99.
6. Perform three additional procedures to deal with the risk of management override of
internal controls:
a. Examine journal entries and other adjustments for evidence of possible material
misstatement due to fraud.
b. Review accounting estimates for biases that could result in material misstatement due
to fraud.
The auditor also should perform a retrospective review of significant accounting
estimates reflected in the financial statements of the prior year to determine
whether management judgments and assumptions relating to the estimates indicate
a possible bias on the part of management.
c. Evaluate the business rationale for significant unusual transactions.
7. Change the language in the management representation letter.
Audit Engagement Developments
84
The following language must be included in the management representation letter for an audit:
We acknowledge our responsibility for the design and implementation of
programs and controls to prevent and detect fraud.
We have no knowledge of any fraud or suspected fraud affecting the entity
involving:
a. Management
b. Employees who have significant roles in internal control, or
c. Others where the fraud could have a material effect on the
financial statements.
We have no knowledge of any allegations of fraud or suspected fraud affecting
the entity received in communications from employees, former employees,
analysts, regulators, short sellers, or others.
c. Look for the warning signs of fraud before and during the audit:
One of the key elements emphasized in SAS No. 99 is for an auditor to have heightened
professional skepticism in conducting his or her audit. The AICPA’s Audit Risk Alert
identifies a list of “circumstances and observations” that should catch the attention of the
auditor.
1. A company that has a culture of arrogance: The “tone at the top” sets a company’s culture
and values. A culture of arrogance provides an atmosphere in which bad behavior can
flourish. Management that engages in fraudulent financial reporting often demonstrates:
A high degree of arrogance, pride, greed, and hubris
A reputation for being extremely aggressive in taking excessively high risks, and
living “on the edge”
2. Accounting policies that appear to be too aggressive or rely heavily on management’s
judgment: The method by which accounting principles are selected affects the manner in
which the financial statements are presented to third-party users and the accuracy,
transparency, and understandability of those statements. Management has the ability and
temptation to manipulate financial reporting in instances where GAAP permits different
alternatives of principles that can be used to account for a transaction, where there is a high
degree of subjectivity in using estimates or judgment, or if GAAP is unclear in an existing
or evolving area. By abusing the selection and use of accounting principles, management
Audit Engagement Developments
85
can alter earnings and manipulate various accounts and transactions to report distorted
financial statements and conceal certain important information.
3. An ineffective audit committee and board governance: An ineffective audit committee and
board of directors result in a lack of monitoring of the financial reporting process.
a. An ineffective audit committee is one that:
Lacks independence
Fails to meet regularly
Lacks members who have financial expertise
Does not interface directly with the internal or external auditors
Does not monitor important company programs
Note: The Sarbanes-Oxley Act of 2002 increased the responsibilities of audit committees
and limits the conflicts of interest that have existed on such boards for years. Although the
requirements of Sarbanes-Oxley apply only to public companies and their auditors, the
restrictions that it places on audit committees can be followed by non-public entities.
4. An overly centralized control over the financial reporting process: Internal control is
compromised when one member of senior management or a small group of management
retains control over the financial reporting process.
a. The opportunity and likelihood for fraudulent financial reporting exists in situations in
which management controls the reporting process and takes steps to restrict access to
important information required by third party users and auditors.
5. Ratios and benchmarks that significantly vary from industry averages: A company that has
ratios and benchmarks that differ from other companies within the industry may be a sign
of financial statement fraud. Benchmarking research and analysis may be useful in
pinpointing possible business problems including signs that the company could be in
financial difficulty or that there is a manipulating of the financial reporting process.
6. A cash flow from operations that has little relationship to GAAP earnings: A sign of
possible financial statement fraud is where reported GAAP earnings do not correspond with
the actual cash flows of the company.
a. If management is manipulating earnings, there may be a sign of such actions in a
disparity between cash from operations and GAAP earnings.
b. An entity with negative cash flows may be a sign of a going concern problem.
7. Compensation plans that reward management for achieving aggressive financial goals or
are geared toward enriching executives rather than generating profits:
Audit Engagement Developments
86
a. In situations in which management’s compensation is linked to certain operating or
financial targets, management may put pressure on employees to meet overly aggres-
sive goals.
b. A high-pressure environment can provide the need to establish overly aggressive
practices and the motivation to operate beyond acceptable practices.
c. Auditors should be aware of the power of greed in motivating management and other
employees to take actions they might not otherwise take.
8. The existence of significant insider trading: When senior management has a sizeable sell-
off of their company stock, such an action may be a sign that they believe the stock value is
overstated and that the financial reporting does not purport the real economic value of the
company.
9. There is confusion and difficulty in understanding how a company actually makes its
money: A sign of fraud may be that an entity is involved in many businesses and complex
transactions coupled with a difficulty by third-parties in understanding how a company
actually makes its money and generates cash.
10. Forecasts and predictions by management that are inconsistent with industry trends:
Management may develop accounting estimates, make business decisions, or make
predictions and forecasts that contradict with actual industry trends and other evidence
about what other companies within the industry are doing or forecasting.
11. Unchecked acquisition growth: Management may acquire businesses for the sake of
accumulating assets rather than for the good of the company. Overly aggressive growth by
acquisitions can create havoc in a company in ways such as:
Creating difficulties in merging different operations and internal control processes
Stressing the abilities of the existing internal control system to accommodate the
additional operations and transactions, and
Limiting the entity’s liquidity and access to additional capital.
12. Turnover of key management personnel: The resignation or termination of key personnel
may be a sign that there are future troubles at the entity and that they knew something about
the company’s financial future that outsiders are unaware of.
13. Declining relationships and credibility with customers, creditors, and other third parties:
The deterioration of company third-party relationships may be a sign of financial
difficulties or inappropriate activities by the company.
Audit Engagement Developments
87
14. Continued periods in which the company experiences success: Entities that have had a
prolonged period of financial success may have difficulty envisioning a financial downturn.
Management may not have a clear perspective about the condition of the economy,
company and industry in which the company operates. As a result, management may
inappropriately make decisions without taking into account the typical peaks and troughs in
the business cycle.
15. Management that does not listen to the comments of key employees: Key management may
be so focused on achieving a self-serving purpose, such as an increase in stock price, that
it may fail to listen to the suggestions of employees and notice the warning signs that the
company is in trouble.
16. Receivables that are growing faster than sales: If sales are declining, management may
attempt to inflate receivables to improve its financial position. Also, growing receivable
balances relative to sales may indicate that the quality of receivables has deteriorated and
that sales are being made to higher-risk customers thereby increasing the risk that
receivables may not be collectible.
17. Unusual changes in gross profit: Changes in gross profit may suggest a mismatch between
sales and cost of sales including cutoff problems or over and under-stated sales.
18. Sizeable decline in stock price: A decline in stock price may be indicative that the
investment community knows something about the financial deterioration of the company.
19. Failure to satisfy past-due obligations: The inability to pay past-due obligations is a sure
sign of liquidity problems.
20. Inability to obtain financing: A sure sign of a deteriorating financial position is when
lenders are reluctant to provide financing to a client or the company is required to pay a
higher interest rate to reflect the lender’s perception of higher risk from lending to the
company.
21. Evidence that management has previously committed dishonest or illegal acts: If a client
has been dishonest in the past, he or she is more inclined to conduct similar acts in the
future.
22. Net income that is growing disproportionate to revenue growth: A red flag exists when net
income grows at a faster or slower pace than revenue. In doing so, there is the possibility
that some aspect of the income statement is distorted.
23. The company engages in transactions that lack economic substance: A transaction that
lacks economic substance may suggest that fraud is involved, particularly where there are
complex, one-time transactions including those that occur near year end.
Audit Engagement Developments
88
24. The company is obsessed with meeting earnings targets: Management that is under
pressure to meet earnings targets is more likely to commit fraud.
25. A large company that continues to have a small business mentality: A large company’s
management may still retain control of the internal control environment even as the
company continues to grow. The centralized control of operations creates a greater risk
that management might override internal controls.
d. Remember that analytical procedures are the key:
The auditor is only concerned about material fraud, that is, fraud that results in a material
misstatement to the financial statements. Although finding fraud may be synonymous with
finding a needle in a haystack, numerous cases against auditors points to one conclusion--
fraud was right under the auditor's nose and he or she didn't even see it. The reason why it was
not discovered was because the auditor forgot to perform certain analytical procedures that
would have pointed to an obvious problem.
Also, if there is litigation against the auditor, the plaintiff will no doubt point to SAS No. 56,
Analytical Procedures and the fact that the auditor did not perform adequate analytical
procedures that might have uncovered fraud.
e. Auditors need to corroborate evidence:
Weak audit procedures increase the risk that deficiencies in internal control and poor
accounting practices will not be noticed. Examples of audit procedures that enhance the risk
that fraud might not be detected include:
Accepting verbal or written representations by company management and personnel
without obtaining independent corroborating evidence of such representations.
Accepting confirmations sent directly to the company being audited instead of the
auditor.
Failure to confirm unusual transactions with third parties.
Has SAS No. 99 worked in reducing fraud?
Unequivocally, no. One of the greatest disappointments and wasted efforts of the Auditing
Standards Board (ASB) has been the requirement for auditors of non-public entities to spend
additional time and effort complying with the requirements of SAS No. 99.
Consider a few facts:
Audit Engagement Developments
89
SAS No. 99 was effective for audits of financial statements for periods beginning on or after
December 15, 2002.
According to the Reports to the Nation, published by the Association of Certified Fraud
Examiners (ACFE), the percentage of frauds discovered by external audits was as follows for
each of the ACFE’s bi-annual reports:
Report to the Nation
Before/after SAS No. 99
% of frauds
initially
detected by
the external
audit
By accident
1996 study Before SAS No. 99 NA NA
2002 study Before SAS No. 99 11% 19%
2004 study After SAS No. 99 11% 21%
2006 study After SAS No. 99 12% 21%
2008 study After SAS No. 99 9% 25%
2010 study After SAS No. 99 4% 9%
Source: Report to the Nation, Association of Certified Fraud Examiners.
By some estimates, auditors have had to expend 5-10 percent additional time to comply with
SAS No. 99’s requirements. What is most troubling is that the additional effort has resulted in
little benefit in uncovering material misstatements in financial statements.
In looking at the chart consider the following conclusions:
a. There has been no increase in the percentage of frauds detected due to the external audit.
In 2002, the percentage of frauds detected due to the external audit was approximately 11
percent prior to the implementation of SAS No. 99. Since that time, in the post-SAS No.
99 environment, the percentage has actually declined to a low of 4 percent in the 2010
study.
b. More than double the percentage of frauds were detected “by accident” as compared with
through the external audit. In fact, the 2008 study revealed that 25 percentage of frauds
were detected “by accident” as compared with 9 percent detected through the external
audit. A similar relationship applies to the other reports.
What this suggests is that the overall goal of SAS No. 99, which was to provide the auditor
with the tools to detect material misstatements to the financial statements due to fraud, has
failed. Instead, it has resulted in wasted auditor time-some of which cannot be passed on to
the client in terms of higher audit fees. After all, few non-public clients see any benefit in an
auditor performing an extra 5-10 percent audit time to perform certain procedures under SAS
No. 99, when those procedures do not translate into uncovering fraud. Will that client agree to
pay an audit fee that is 5-10 percent higher when there is no measureable benefit?
Audit Engagement Developments
90
Why did the auditing standards board issue SAS No. 99 in the first place?
A primary reason for the ASB’s issuance of SAS No. 99 was political. Previously, the ASB
had issued SAS No. 82 to address the auditor’s responsibility for detecting fraud. SAS No. 82,
which was issued in 1997, was complex, and not very functional. SAS No. 99 was issued to
replace SAS No. 82, and to provide clearer and more comprehensive requirements.
Another point relates to the timing at which SAS No. 99 was issued and its effective date of
2002 year-end audits. Prior to 2003, the ASB was responsible for issuing auditing standards
that pertained to all audits; public and nonpublic companies, alike.
In 2002 and 2003, events changed.
During 2002, in light of the Enron and WorldCom frauds, among others, the ASB was under
significant criticism by Congress and pressure to clean up auditing standards. In particular,
Congress criticized the accounting profession for performing non-attest services for its audit
clients and for the profession’s overall failure to detect the Enron and WorldCom frauds,
among others. The issuance of SAS No. 99 was one of several efforts by the ASB to
demonstrate that the auditing profession could continue to self-regulate and was serious about
fraud.
Ultimately, Congress took the responsibility for issuing auditing standards for public
companies away from the ASB, giving that responsibility to the then newly created Public
Company Accounting Oversight Board (PCAOB), effective in 2003. The result at that time
was that the ASB had issued a voluminous SAS No. 99 for all auditors in hope of appeasing
the SEC community. When the responsibility for issuing auditing standards for SEC
companies was taken away from the ASB in 2003, only auditors of nonpublic companies were
left having to deal with the aftermath of SAS No. 99. It is fair to say that ten years later, SAS
No. 99 has been a flop, and the burden of having to comply with this standard has fallen on the
shoulders of auditors of nonpublic companies, who continue to have difficulty having to pass
on the cost of implementing SAS No. 99 onto smaller nonpublic companies, with little benefit
in terms of detecting more fraud.
The issuance of SAS No. 99 is nothing more than an example of a long string of poorly
drafted, arduous auditing standards issued by the ASB.
The reality is that the percentage of material frauds affecting non-public companies is de
minimis according, the several major malpractice carriers. In general, financial statement
fraud was not a major problem with nonpublic companies before the issuance of SAS No. 99,
and continues not to be a problem.
Audit Engagement Developments
91
9. Specific Fraud Issues
The types of assets and transactions subject to fraud vary depending on whether the fraud
involves fraudulent financial reporting (cooking the books) or misappropriation of assets
(theft).
It also depends on whether the company is large or small, and closely held versus publicly
held.
The following table compares the two types of frauds:
Description Fraudulent Financial
Reporting
Misappropriation of Assets
(Theft)
Types of assets or transactions
Inventories, receivables and
revenue
Cash –90% 17
Inventories and other assets –
10%
Typical perpetrator Management All levels of employees and
management
Primary reason for actions
Incentive/pressure
Opportunity
Rationalization/attitude
Incentive/pressure
Opportunity and
rationalization/attitude
Size of transaction Usually material to the
financial statements
Usually immaterial to the
financial statements
Type of entity more likely
to be victimized
Larger entity with
sophisticated financial
management
Closely held businesses with
poor internal controls
a. Inventory fraud issues:
Inventory typically represents a major asset of many companies and one that can be easily
manipulated. For example, a company with high sales can overstate inventory by a sizeable
amount and the difference may not appear as a material difference in the gross profit
percentage.
Consider the following example:
Facts: Sales $50,000,000
Gross profit 10,000,000 20%
Net income (loss) before taxes (100,000)
Assume that management fraudulently increases ending inventory by $500,000, the impact on
the gross profit would be as follows:
17
Report to the Nation, Occupational Fraud and Abuse (the Report), Association of Certified Fraud Examiners.
Audit Engagement Developments
92
Actual Fraudulent
Gross profit 20% 21%
NIBT (loss) $(100,000) $400,000
If management can devise a method to conceal the $500,000 inventory overstatement from the
auditor, the 1 percent increase in gross profit would most likely be accepted by the auditors as
a reasonable change. Yet, the change converts a $(100,000) loss to $400,000 profit, making its
effect dramatic in the eyes of the financial statement users. This example represents a
challenge to auditors whereby a standard analytical procedure, such as a gross profit
percentage test, does not uncover a material fraud.
Unfortunately, in many cases of inventory fraud, client personnel at various levels knowingly
participate and assist in the scheme. The following are examples of inventory frauds that have
occurred in recent years. The source is from individual members of the AICPA task force and
matters obtained from litigation and peer review.
Types of inventory fraud:
1. Nonexistent items recorded as inventory:
Empty boxes or "hollow squares" in stacked goods
Mislabeled boxes containing scrap, obsolete items or lower value materials
Consigned inventory, inventory that is rented, or traded-in items for which credits
have not been issued, and
Diluted inventory so that it is less valuable (e.g., adding water to liquid substances).
2. Management increased or otherwise altered the inventory counts for those items the auditor
did not test count or client obtained auditor's test counts and changed counts on items that
were not tested.
3. Management programmed the computer to produce fraudulent physical quantity
tabulations or priced inventory listings.
4. Management manipulated the inventory counts/compilations for locations not visited by the
auditor.
5. There was double-counting inventory in transit between locations.
6. Inventory was physically moved and counted in two locations.
7. Inventory included merchandise recorded as sold, but not yet shipped to a customer ("bill-
and-hold sales").
8. Management arranged for false confirmations of inventory held by others.
Audit Engagement Developments
93
9. There was a mismatch between inventory being recorded without the corresponding
payables.
10. The stage of completion of work-in-process was overstated.
11. Management reconciling physical inventory amounts to falsified amounts in the general
ledger.
12. Management manipulated the "roll forward" of an inventory taken before the financial
statement date.
13. There were inadequate reserves for slow-moving and obsolete inventory.
Audit considerations- inventory fraud:
Even though there are numerous ways inventory frauds can be orchestrated, a well-planned
audit can mitigate many inventory fraud schemes.
1. At the planning stage:
Use analytical procedures such as:
- Comparison of high to low inventory value listings or year to year quantities
- Identify material items that represent high dollar value as a percentage of
estimated inventory
Understand the client's business, its products, computer processing applications and
relevant controls and cutoff procedures before physical counts are taken.
Multi-location observations: Observe inventories simultaneously, if possible, to
ensure that goods are not double counted.
Interim date observations: When a client plans an observation at a date other than
year end, the auditor must consider the effectiveness of internal controls, cutoff
procedures and other issues that may impact the auditor’s ability to audit the “roll
forward” of the inventory value to year end.
2. During the physical count:
Test some counts at all locations to ensure items are not double counted.
Apply analytical procedures to the final priced-out inventory.
Make test counts in areas in which the auditor has not historically focused.
Audit Engagement Developments
94
Record counts of some items that the auditor did not actually count for comparison
with final inventory listing.
Open containers checking for "hollow squares" or empty containers.
For WIP inventories, consider the reasonableness of the stage of completion.
When incorrect counts are observed, the auditor needs to consider whether to increase
test counts or expand other procedures.
Scan inventory tags or count sheets for unusual or unreasonable quantities and
descriptions.
Monitor the client's control procedures over physical count tags or sheets.
3. Inventory at multiple locations:
Take the physical inventory at all significant locations at the same time.
When the physical count at a significant location will not be observed, notify
management that observations will be performed at some locations without advance
notice, to discourage management's manipulation of the inventory.
Note: Where multiple locations, each geographically apart, make it difficult for a
small firm to audit all of them, the firm may consider hiring a local CPA firm at each
remote location to perform the inventory observation.
4. Inventories held for or by others:
Review client procedures to segregate consigned goods from the inventory.
Outside warehouses: If material, the auditor should consider observing the goods
held in an outside warehouse or, obtain written confirmation from the warehouse
in accordance with Inventories (AU 331).18
5. Use of specialists in inventory valuation:
In certain situations, an auditor may not possess the expertise with respect to properly
assess the client's inventories. In these cases, an auditor may need the work of a
specialist and should follow SAS No. 73, Use of a Specialist19
guidance.
6. Post-observation matters:
The extent of audit procedures required normally increases when the inventory
observation is performed at a date other than the balance sheet date.
An auditor should assess audit risk and key controls to ensure that the inventory can be
properly valued at the balance sheet date.
18
Effective December 31, 2012, AU 331 is replaced by AU-C 501, Audit Evidence- Specific Considerations for
Selected Items. 19
Effective December 31, 2012, SAS No. 73 is replaced by AU-C 620, Using the Work of an Auditor’s Specialist.
Audit Engagement Developments
95
b. Revenue fraud issues:
In the recent years, there have been several high-profile cases involving improper revenue
recognition that should wake up auditors to the risks associated with this area. Of particular
concern is the accounting for high-risk transactions such as those that are unusual and complex
in nature and significant year-end transactions. Even if transactions are not unusual and
complex in nature, auditors should consider the risk that revenues may be misstated whether
intentional or unintentional.
The general rule for revenue recognition is found in FASB Concept Statement No. 6, Elements
of Financial Statements. Statement 6 defines revenues as “inflows or other enhancements of
assets of an entity or settlements of its liabilities from delivering or producing goods, render-
ing services….”
SAB No. 101, Revenue Recognition in Financial Statements, offers four criteria that need to
be met in order to recognize revenue:
1. There is persuasive evidence that an arrangement exists.
2. A delivery of goods has occurred or services have been rendered.
3. The seller’s price to the buyer is fixed and determinable.
4. Collectibility of the sale or service is reasonably assured.
Although the above four criteria appear easy to understand, their application can be difficult.
Many sales transactions may satisfy some, but not all, of the four criteria. Others, in form, may
appear to satisfy the criteria, but in substance, do not.
Types of revenue fraud:
The following are examples of revenue-related areas that pose a high risk:
A dramatic increase in sales, receivables and gross profit margins totally inconsistent with
past experience or industry averages
Certain sales of merchandise that are billed to customers prior to delivery and held by the
seller (bill-and-hold transactions)
Significant transactions with one or a few transactions near year end:
a. Unusually large increases in year-end sales to a single or a few customers,
particularly to new customers
b. Significant returns from a single or a few customers after year end
Sales in which the customer has the right to return the goods
Partial shipments in which the portion not shipped is a key component of the product,
(e.g., shipping of computer peripherals without the CPU)
Shipments to and held by a freight forwarder pending return to the company for required
customer modifications
Audit Engagement Developments
96
Sales of merchandise shipped in advance of the scheduled shipment date without the
customer’s agreement or assent
Pre-invoicing of goods in process of being assembled or invoicing prior to, or in the
absence of, actual shipment
Shipments made after the end of the period (e.g., the books are kept open to record
revenue for products shipped after period end)
Transactions involving the application of the percentage-of-completion method of
accounting in which overly optimistic estimates are used
Sales not based on actual firm orders to buy
Transactions involving related parties
Sales involving dated payment terms or installment receivables
Sales with terms outside the normal credit policies of the entity
Contingent sales in which payment depends on:
- Buyer receiving financing from another party
- Buyer reselling the product to another party
- Fulfillment by the seller of certain terms and conditions
- Acceptance of the product by the buyer after a certain evaluation period
Sales that require continued seller involvement after the sale such as installation, or other
significant support (e.g., software sales requiring installation, debugging, extensive modi-
fications, or other significant support commitments, etc.)
Sales that are shipped to customers without customer authorization
Shipments of goods to company-owned warehouses
Sales to fictitious customers
Sales based on shipments made on canceled or duplicated orders
Invoicing goods in advance of being assembled
Invoicing goods prior to shipment (bill-and-hold goods)
Complex and unusual sales transactions in which the accounting or finance department
has no involvement
Sales in which substantial uncertainty exists about either collectibility or the seller’s
ability to comply with performance guarantees
Barter transactions
Sales booked on cost overruns before the customer agrees to pay for them
Auditors may want to approach the following two areas with skepticism:
a) Last minute sales
b) Sudden changes in the way the business is conducted
Audit considerations- revenue fraud:
Consider the effect of revenue side agreements:
Audit Engagement Developments
97
Improper revenue recognition continues to be a major cause of financial statement
misstatements, whether intentional or unintentional. Of particular focus is the presence of side
agreements in which hidden agreements are used to alter the terms and conditions of recorded
sales transactions to entice customers to accept delivery of goods or services. The result is that
certain obligations and contingencies may be created such as financing arrangements or
product installation or customization that may relieve the customer of the typical risks and
rewards of ownership. In such situations, the transaction is not complete and the sale should
not be recorded.
Examples of arrangements that may result in the improper recognition of revenue include:
Shipping goods to customers without customer authorization
Shipping goods to company-owned warehouses and billing fictitious customers, and
Making sales arrangements that obligate the customer to pay only if the goods are
resold or dating payment terms well into the future.
In these cases, traditional audit tests make it difficult to uncover special customer arrangements
consisting of aggressive payment and shipping terms. Consequently, the auditor is most
vulnerable in those cases because:
Receivables are not collected prior to the end of the audit, or
Goods are returned after the auditor completes his or her field work.
Given the creative deal-making between sellers and their aggressive buyers, the auditor should
be aware of transactions where the sale, in essence, is not deemed complete and should not be
recorded. In these situations, the auditor must be familiar with the accounting treatment
covered in ASC 605-15-25, Revenue Recognition-Products- Recognition (formerly FASB No.
48).
ASC 605-15-25 (formerly FASB No. 48), states that if an entity sells its product but gives the
buyer the right to return the product, the revenue shall be recorded only if all of the following
conditions have been met:
a. The seller's price to the buyer is substantially fixed or determinable at the date of sale.
b. The buyer has paid the seller, or the buyer is obligated to pay the seller, and the
obligation is not contingent on resale of the product.
c. The buyer's obligation would not change in the event of theft or physical destruction or
damage of the product.
d. The buyer has economic substance apart from the seller.
e. The seller does not have any significant obligations for future performance to
directly bring about resale of the product by the buyer.
Audit Engagement Developments
98
f. The amount of future returns can be reasonably estimated.
Observation: Most sellers give their buyers the right to return the product for reasonable
cause. In these traditional cases, the sale is recorded in the year of sale, and the sales returns
are recorded in the period in which the goods are returned. If returns are material, a more
appropriate method is to record an annual allowance for returns in order to properly match the
returns with the revenue in the same period in accordance with ASC 450, Contingencies
(formerly FASB No. 5). However, ASC 605-15-25 (formerly FASB No. 48) goes well beyond
the traditional situations. This Statement essentially refers to transactions that are conditional
in nature, and, thus, not really complete. For example, if the seller must perform future services
after the sale has been made, then, in substance, has a sale really occurred? If the criteria of
ASC 605-15-25 have not been met, the sale is not deemed complete and the sales and related
cost of sales should be deferred until the transaction becomes complete.
If side agreements or special customer arrangements do exist, usually few individuals within
the entity will be aware of them. Consequently, it may be difficult for the auditor to uncover
their existence. Use of standard management representations and other audit procedures
relating to the revenue and accounts receivable areas usually will not be adequate audit
procedures. In this case, the auditor should consider the use of additional audit procedures that
may include:
1) Obtain a sufficient understanding of the client’s industry and business: including its
products, its internal control structure over revenue, and its accounting policies and
procedures.
2) Assign experienced personnel: who can effectively deal with unusual and complex
sales contracts and transactions.
3) Expand confirmation procedures: In addition to confirming account balances and
material revenue transactions, the auditor should confirm relevant terms with custom-
ers to obtain assurance that side agreements do not exist. Confirmations should be ad-
dressed to a person or persons who would be familiar with the terms of any side
agreements such as a person who may be a contract signer and not in the accounts
payable department.
The auditor should consider designing confirmations to identify:
Sales terms and the sales contracts
Side agreements
Liberal rights of return
Note: The standard confirmation request (confirming only the outstanding balance)
alone does not always provide sufficient audit evidence to determine that only ap-
propriate revenue transactions have been recorded.
Audit Engagement Developments
99
4) Withhold issuance of the audit report until receivables are realized: The auditor may
wish to withhold issuing his or her report until a majority of receivables have been
realized or a reasonable period of time has lapsed (60-90 days) after year end during
which no significant sales have been returned.
5) Include a representation in the management’s representation letter: Although not
providing a great degree of comfort, management’s representation letter should inc-
lude a representation that either identifies known side arrangements or, indicates that
there are no known side arrangements.
6) Make inquiries of relevant personnel: The auditor may wish to make inquiries of
marketing, inventory control, legal and other personnel who would be familiar with
side agreements.
7) Analytical procedures: Effective analytical procedures can be used to identify
situations that warrant additional audit procedures. Examples include sales volume
analyses by the week and month from year to year.
8) Read and understand contracts: The auditor should not only understand the entity’s
normal terms and conditions of sales, but should also read and understand contracts
related to those significant transactions that are unusual and complex.
Applying analytical procedures to revenue:
SAS No. 99 requires that an auditor perform analytical procedures on revenue. The AICPA’s
Audit Issues in Revenue Recognition, a non-authoritative paper, provides assistance in auditing
revenue. In this Paper, the AICPA emphasizes the need to apply analytical procedures to
revenue as part of the audit. The degree to which analytical procedures are used depends on the
amount of fraud risk factors identified in the fraud assessment planning stage. SAS No. 56,
Analytical Procedures,20
requires that the auditor evaluate significant unexpected differences
that are identified by analytical procedures. The following is a list of those analytical
procedures that are suggested in the Paper:
Compare monthly and quarterly sales by location and by product line with sales of the
preceding comparable periods.
Analyze the ratio of sales in the last month or week to total sales for the quarter or year.
Compare revenue recorded daily for periods shortly before and after the end of the audit
period for unusual fluctuations.
Compare the gross profit ratio, overall and by product line, to previous years and to
budget and consider it in the context of industry trends.
20
Effective December 31, 2012, SAS No. 56 is replaced by AU-C 520, Analytical Procedures.
Audit Engagement Developments
100
Compare details of units shipped with revenues and production records and consider
whether revenues are reasonable compared to levels of production and average sales
price.
Compare the number of weeks of inventory in distribution channels with prior periods
for unusual increases that may involve channel stuffing.
Compare percentages and trends of sales into the distributor channel with industry and
competitors' sales trends, if known.
Compare revenue deductions, such as discounts and returns and allowances, as a
percentage of revenues with budgeted and prior period percentages for reasonableness
in light of other revenue information and trends in the business and industry.
Compare sales credits for returns subsequent to year end with monthly sales credits
during the period under audit to determine whether there are unusual increases that may
indicate contingent sales or special concessions to customers.
Analyze the ratio of returns and allowances to sales.
Compare the aging of accounts receivable in the current and prior periods for buildup of
accounts receivable.
Compare monthly cash receipts for the period under audit to cash receipts subsequent to
year end to determine whether receipts subsequent to year end are unusually low
compared to the collection history during the months under audit.
SAS No. 99’s requirement for special analytical procedures on revenue:
SAS No. 99 requires that an auditor must perform analytical procedures related to revenue.
The objective of these procedures is to identify unusual or unexpected relationships involving
revenue accounts that may indicate a material misstatement due to fraudulent financial
reporting.
Examples of analytical procedures related to revenue follow:
Comparison of recorded sales volume with production capacity-an excess of sales
volume over production capacity may indicate the recording of fictitious sales.
Trend analysis of revenues by month and sales return by month during and shortly after
the reporting period - Variations may indicate the existence of undisclosed side
agreements with customers to return goods that would preclude revenue recognition.
Compare revenue to variable expenses (cost of sales, commissions, etc.) for significant
fluctuations.
Review bad debt writeoffs in relation to sales.
Typically, auditors perform tests to consider whether revenue is overstated when the opposite
understatement of revenue is just as important. In some instances, management or owners
might be motivated to understate revenue because management seeks to reduce taxable income
Audit Engagement Developments
101
or to shift income to the next period. Auditors should consider management’s or owner’s
motivation in planning the audit in the area of revenue.
Revenue cutoff tests and other procedures:
If sales transactions involve the shipment of a product, revenue cutoff tests are used to test the
revenue recognition. To be effective, revenue cutoff tests should be performed in connection
with inventory cutoff tests. Examples of effective cutoff tests are as follows:
Large quantities of merchandise awaiting shipment should be noted during the year-
end inventory observation. Example: The auditor should inspect the shipping dock and
document large orders that await shipment.
Significant in-transit inventory at year end and/or significant changes from the prior
year.
An unusual increase in sales in the last few days of the audit period followed by an
unusual decrease in the first few days after the audit period.
Numerous shipping locations.
Scan the general ledger, sales journal, and accounts receivable for unusual activity.
Compare operating cash flows to sales by sales person, location, or product.
c. Overstated expenses and liabilities:
Another common financial statement misstatement is to understate expenses and liabilities.
Examples include:
Improperly deferring expenses and recording them in later periods.
Failing to record liabilities related to prepaid dues and repayment obligations.
Audit considerations- understated expenses and liabilities:
An auditor might consider performing the following audit procedures to deal with the
possibilities that expenses and liabilities could be understated:
Search for unrecorded liabilities and expenses by examining unrecorded invoices and
unmatched receiving reports for a period after the end of the period audited.
Correlate recorded expenses with the corresponding balance sheet amounts.
Read minutes of board of directors, shareholders and committee meetings to identify
contracts and commitments that may exist.
Examine contracts, leases, and other agreements and documents for unrecorded
liabilities.
Audit Engagement Developments
102
Examine unusual and unexplained trends in accounts payable and accrual balances.
d. Overstated assets:
Another way by which management can commit financial statement fraud is to overstate
assets. Examples include:
Recording non-existent assets, such as cash or receivables
Overstating oil and gas reserves and intangible assets.
Audit considerations- overstated assets:
Auditors should consider performing some or all of the following procedures to deal with the
risk that assets could be overstated:
To the extent possible, confirm cash balances directly with banks and financial
institutions, or use alternative procedures to confirm the cash balance.
Perform a detailed review of management’s bank reconciliations.
If needed, use the work of a specialist to deal with certain assets such as oil and gas
reserves, and intangible assets.
e. Auditing undisclosed related-party transactions:
There are indicators of undisclosed related-party transactions that may be symptoms of
fraudulent financial reporting. Examples of indicators of potential related-party transactions
include:
Highly complex business practices that may disguise the true economic substance of the
transactions
The existence of unusual, highly complex, and material transactions that may lack a
valid business purpose
Entities that conduct material intercompany transactions with each other and are audited
by different CPA firms
A complex and secretive corporate structure that restricts disclosure of the identity of
the shareholders
Significant and unusual transactions occurring at or near year end that result in
significant income recognized
Audit Engagement Developments
103
Significant purchases from new suppliers or sale to new customers during the year that
seem peculiar as to their location, quantity, price or terms
Specific borrowings at below-market terms from unusual sources including unknown
private parties
Guarantees of indebtedness
Loans made without repayments terms
Related vendors and customers
Real estate transactions for amounts different from the appraised value
Sales or nonmonetary exchanges of recently purchased noncurrent assets at significant
gains such as works of art, wine, or other similar artwork.
f. Money laundering:
The AICPA's Audit Risk Alert (the Alert) makes reference to the auditor's role in dealing with
fraud through money laundering.
Money laundering is defined as: the funneling of cash or other funds generated from illegal
means through legitimate businesses to legitimize the cash or funds. The Alert notes that the
gross money laundering product is between $500 billion and $1 trillion annually. Businesses
that are vulnerable to money laundering include banks and non-banking entities such as
gaming and import-export businesses.
Laundering involves three stages explained as follows:
1. Placement: The process of transferring the actual criminal proceeds into the financial
system in such a manner as to avoid detection by financial institutions and government
authorities.
Examples include:
a. Structuring cash deposits into legitimate bank accounts, converting cash into
monetary instruments, and then using the instruments to make investments.
b. Customers making large deposits and investments with laundered proceeds in the
form of monetary instruments, bearer securities, or third-party checks.
2. Layering: The process of generating a series of layers of transactions to distance the
proceeds from their illegal source and to blur the audit trail. Examples include:
Audit Engagement Developments
104
a. Electronic funds transfers through a bank secrecy haven.
b. Withdrawals of already-placed deposits in the form of highly liquid investments.
c. Account transfers or checks payable to third parties with whom the holder appears to
have no obvious relationship.
3. Integration: In this stage, the funds are reinserted into the economy through spending,
investing, lending and cross-border, legitimate-appearing transactions.
Audit considerations for money laundering include:
a. Money laundering is less likely to be detected in a financial statement audit than other
types of fraud.
b. Assets are more likely to be overstated than understated.
c. There is likely to be short-term fluctuations in account balances rather than cumulative
changes.
d. Money laundering is considered an illegal act with an indirect effect on the financial
statements.
Audit requirements- money laundering:
If an auditor becomes aware of the possibility of illegal acts that could have a material indirect
effect on the financial statements, the auditor should apply audit procedures specifically aimed
at determining whether an illegal act has occurred. Laundered funds and their proceeds are
subject to asset seizure and forfeiture by law enforcement agencies that could result in material
contingent liabilities during prosecution and adjudication cases.
Periodically, the OECD's Financial Action Task Force (FATF) and the U.S. Treasury
Department issue blacklists of governments that are non-cooperative in combating money
laundering.
Possible factors of money laundering include transactions that appear inconsistent with a
customer’s known legitimate business or personal activities or means, and unusual deviations
from normal account and transaction patterns.
Examples of suspicious transactions that may indicate that money laundering is occurring
include:
Unauthorized or improperly recorded transactions with inadequate audit trails
Audit Engagement Developments
105
Large currency transactions made in exchange for negotiable instruments or for the
direct purchase of funds transfer services
Structuring currency transactions to avoid the $10,000 reporting requirement
Businesses that seek investment services when the source of funds is not available or
difficult to determine
Premature redemption of investment vehicles with requests to remit proceeds to
unrelated third parties
The purchase of large cash value investments followed by heavy borrowing against
them
Large payments received from foreign locations
Purchases of goods, services and currency at below-market prices
Using multiple-auditors and advisors for related entities and businesses
Using companies, trusts and LLCs/partnerships that have no apparent business purpose
10. Anti-Fraud Measures
According to the Report to the Nation on Occupational Fraud and Abuse, published by the
Association of Certified Fraud Examiners, only 23 percent of frauds are initially detected
through effective internal controls. Yet, strong internal control measures continue to be an
entity’s first line of defense against fraud. What is apparent is that there is a significant gap
between companies’ need for effective internal controls and their actual use in preventing
fraud.
In its report entitled Fraud Risk in Emerging Markets21
, the authors note the following based
on a survey conducted of their clients:
a. Respondents rated strong internal controls as the number one factor in preventing fraud.
b. Since the last survey was first conducted, the prevalence of anti-fraud policies has not
significantly increased:
c. 58% of surveyed companies have a formal anti-fraud policy.
21
Fraud Risk in Emerging Markets, Ernst & Young.
Audit Engagement Developments
106
d. Companies that have anti-fraud policies communicate them to their employees but fail to
communicate them to their suppliers and customers, agents, intermediaries and joint
venture partners.
e. Training is key to the success of an anti-fraud policy yet companies are not devoting
enough fraud training for their employees.
Note: 72% of those surveyed do not provide their employees with training to implement
their entity’s anti-fraud policy.
f. Fraud is more prevalent in emerging markets with corruption and bribery being
disproportionately higher in those markets that all other markets.
Frauds that pose the greatest risk
Type of fraud
% of respondents
Emerging
markets
All
markets
Corruption and bribery 48% 20%
Fraud due to collusion with third parties 20% 31%
Financial statement fraud 10% 20%
Theft 14% 18%
Note: The survey states that emerging markets are far more susceptible to fraud due to
several factors including a) the rapid growth, b) the immature fraud prevention and
detection systems, and c) the limited understanding of fraud risks that typically exist in
those markets.
The survey also notes that many companies do not include the greater risk of fraud in their
list of risk factors used to evaluate their investment decision in emerging markets.
Moreover, 20 percent of entities that consider investments in emerging markets choose not
to make such an investment based primarily on their fraud risk assessment.
Conclusions reached by the survey:
The authors of the survey reach the following conclusions:
Building around a focus of internal controls, companies need to develop anti-fraud
controls into a formal, documented anti-fraud program.
Compliance and enforcement are key elements of an effective anti-fraud program, while
paper programs that exist only for documents are of no use.
An effective anti-fraud program must align closely with the most significant fraud risk
factors facing an entity.
Audit Engagement Developments
107
Companies must move from a mere notification and education of policies and standards
approach to fraud prevention, toward a corporate culture that lives its ethical values
worldwide.
The tone at the top is critical to the success of any anti-fraud program.
Companies need to quickly implement anti-fraud controls in all new operations in
emerging markets in order to offset the effect of different local business practices.
Companies must establish criteria to govern the escalation of allegations of fraud to help
assure the appropriate oversight and composition of investigative teams.
What about employee hotlines?
It is quite clear that the most effective method by which to catch employee fraud is through a
fraud hotline. Anonymous tips given through fraud hotlines accessible by employees,
customers and suppliers are very effective in reducing fraud.
In fact, despite the legal protection given to whistleblowers, their use and effectiveness is
minute as compared with an anonymous tip hotline. One reason is that employees do not want
the disruption and risk associated with being a known whistleblower. The threat of retaliation
from management makes whistle-blowing a risky and least attractive option.
Here are some suggestions on how to set up a hotline:22
Demonstrate and communicate support for the hotline from the top of management.
Link the recovery from fraud to a reward system under which recovered losses will be
distributed or donated to a charity.
If applicable, involve trade union representatives with the hotline.
Advertise the hotline through company intranets, posters, training programs.
Make sure all hotline reports are handled sensitively and anonymously.
Train specialists in both audit and security to handle the reports or even outsource it.
Make sure that immediate and strict disciplinary action is taken against those found to
abuse the system.
22
Making Employee Hotlines Work, Charles Carr, Kroll Global Fraud Report.
Audit Engagement Developments
108
What is the appropriate sentence for fraud- 6 months, 24 years or death?
With all the frauds that have been prosecuted in the past few years, there is a debate going on
as to what is the appropriate punishment for one who commits fraud. The range of sentences
worldwide is expansive.
On one end of the spectrum is Michael Resnick, CFO of Royal Ahold NV’s U. S. Foodservice
Inc. He pleaded guilty to playing a key role in the huge fraud committed, but was sentenced
only to six months of home detention and three years of probation.
On the other end is Jeffrey Skilling, former Enron CFO who was sentenced to 24 years in
federal prison even though he has appealed to have certain portions of his case thrown out in
light of the U. S. Supreme Court’s recent ruling on “honest services.”
So, what is the “right” sentence?
The Chinese may be taking fraud more seriously than their U. S. counterparts, particularly in
the case of a fraud committed at the China Construction bank. In this case, Zhou Limin, the
former head of the Bank and its accountant, Lui Yibing stole approximately $30 million from
30 organizations and 400 individuals, of which only $900,000 has been recovered. A Chinese
court sentenced both of them to the death penalty. They lost their appeal.
U. S. sentences for fraud are getting longer:
Although the U.S. courts have yet to elevate fraud cases sentences to death, the tide is certainly
turning as courts look at white-collar fraud crime far more seriously than they used to. The
days of spending five years in a “country-club” prison for committing fraud, apparently are
gone.
In the past few years, in some cases, the courts have issued sentences for fraud that exceed
those for first-degree murder. (On average, murders serve seven years of their sentences.)
We all know that Bernie Madoff got 150 years for his massive $60 billion fraud. But 150 years
is certainly not the longest issued in the past few years. In one 2008 case, the federal court
handed out a sentence to 72-year old Norman Schmidt for 330 years for an investment scheme.
330 years was the longest sentence issued in a federal white-collar case in Colorado, and most
likely anywhere else.
In another case, Virginia authorities sought a 400-year sentence against Edward Hugh Okun in
a $126 million fraud case. Okun used more than $40 million of escrow funds held for clients
involved in a Section 1031 (like-kind exchange) transactions. Although the authorities wanted
400 years, in the end, the 58-year old Okun received a sentence of 100 years. Why such a long
sentence? A key factor that that influenced the long sentence was the fact that Okun stole risk-
free escrowed funds as compared with Madoff investors who were fully aware that their funds
were invested.
Audit Engagement Developments
109
In another high profile case, New York attorney Marc Dreier received only a 20-year sentence
for his $400 million Ponzi scheme, even though prosecutors sought 145 years.
Even though the sentencing guidelines for fraud are between 5-15 years, the courts appear
willing to punish fraudsters with much longer sentences as a deterrent against future frauds
being perpetrated.
11. A Fraud Scorecard
What if a company could be rated for its susceptibility to fraud; that is, get a fraud scorecard?
Would it help predict future frauds?
A research report was published entitled Predicting Material Accounting Manipulations23
addresses how one can calculate a “fraud score” for public companies. The study and its
conclusions were based on a sample of 680 companies with alleged financial statement fraud.
Specifics from the Report follows:
1. General characteristics of firms committing financial statement fraud (financial statement
manipulation):
a. Most companies manipulate more than one income statement line item with revenue
being the most common as follows:
Revenue: 55% of the cases
Inventory and cost of goods sold: 25% of the cases
Allowances: 10% of the cases
b. Most common industries for manipulations are:
Computers and computer services
Retail
Telecom and healthcare
c. 15% of the manipulations occur in the largest companies.
2. Elements found in financial statements of manipulating firms:
a. Companies have shown strong performance prior to the manipulation.
The manipulations appear to have been motivated by managements’ desire to
disguise a moderating financial performance.
23
Predicting Material Accounting Manipulations, Patricia M. Dechow, et al.
Audit Engagement Developments
110
In years leading up to a manipulation:
Stock returns outperformed the overall market
In the year of the manipulation:
Stock returns underperform the overall market
Rates of return were declining
There are unusually high PE ratios and market to book ratios
with investors having high expectations for returns.
High issuance of debt and equity
Cash profit margins decline
Earnings growth declines
Accruals increase
Sales order backlog declines
Employee headcount declines
Demand for product declines
Abnormal increases in leasing activity to provide financing flexibility
Example: In 20X1, 20X2 and 20X3, Company X has excellent performance and
its stock price outperforms the market. In 20X4, the performance and stock price
appear to sliding downward.
Conclusion: In 20X4, Company X manipulates its financial statements to disguise
the downward trend from excellent years in 20X1, 20X2 and 20X3.
3. The fraud (manipulation) prediction model- the F Score:
The manipulation prediction model is based on the characteristics of companies along five
dimensions that are used to develop the “F Score.”
The F Score is a predictor of financial statement manipulation. The higher the score, the higher
the likelihood that a company will manipulate its financial statements. An F Score of 1.00 or
higher represents a candidate with a high probability to manipulate its financial statements
while less than 1.00 is a lower probability. According to the Study, 50 percent of manipulating
companies have F-Scores in the top 20 percent of all companies. In creating an F Score, the
model uses five factors.
a. Accrual quality:
Combination of several formulas (see discussion below)
b. Financial performance:
Audit Engagement Developments
111
Rates of return decline
Earnings growth rates decline
c. Non-financial measures:
Sales backlog decline indicating a weaker product demand
Abnormal reduction in number of employees24
d. Off-balance sheet activities:
Use of operating leases to eliminate debt and improve cash flow
Higher than usual returns on pension plans to reduce pension expense
e. Market-based measures:
PE ratios and market-to-book ratios decline
Observation: The accrual quality measurement is a function of several formulas including:
Sloan accruals: Change in current assets (excluding cash) less changes in current liabilities
(excluding short-term debt), less depreciation.
RSST accruals: Changes in long-term operating assets and long-term operating liabilities.
Change in receivables: Manipulation of receivables improves sales growth which is an
important metric looked at by investors.
Changes in inventories: Manipulation of inventory levels improves gross margin.
Observation: The study performed a retrospective look at Enron in year 2000 and found that
Enron would have had an F Score of 1.85 which is almost twice the probability of being a
fraud firm.
Conclusion of the Study: The Study correctly identified 60% of manipulating firms in
advance. In the year a company is performing financial statement manipulation, certain key
factors are typically present in order to hide a slowdown in financial performance and maintain
high stock price:
Accrual quality is low
Financial and non-financial measures of performance are deteriorating
24
An abnormal decline in the number of employees occurs when the % reduction in employees exceeds the % reduction in
total assets.
Audit Engagement Developments
112
Financing activities and off-balance sheet transactions are more active
Because the Study correctly predicted 60% of manipulation cases, the F-Score can be used as
an effective measurement and predictor of fraud in an audit.
12. Computer crime and theft
Many companies focus on safeguarding their tangible assets such as inventory and fixed assets.
Yet, perhaps right in front of them is their most critical asset; their computer data and other
proprietary information.
According to the CSI/FBI Computer Crime and Security Survey, the four most expensive
computer crimes that account for 74% of all losses were:
Viruses
Unauthorized access
Laptop and mobile hardware theft, and
Theft of proprietary information.
Who is most likely to commit computer crime?25
Company employees are most likely to engage in computer theft than external parties. The
primary reason is access. Employees already have access inside firewalls, intrusion detection
devices, and other detection systems.
The concern is not only with existing employees, but also previous ones. In one report,
consider the fact that 33% of computer fraud was committed by existing internal employees
while 28% was committed by former employees and their partners who still had access to
information.26
Moreover, often disgruntled employees are the perpetrators of computer and information fraud
and typically use of the following techniques:
Email: 80% of employees admit to sharing confidential information with outsiders
through email.
Instant messaging: Employees use IM tools to transfer files and send small amounts of
text.
CDs or DVDs: Significant volumes of data can be transferred via disks in a short period
of time.
25
From Protecting Data Sources From Internal Theft, Alan Brill. 26
The Global State of Information Security, PWC.
Audit Engagement Developments
113
Digital cameras: Employees can take pictures of sensitive information and documents.
Other small data storage devices: Other devices such as Palm Pilots and BlackBerries
can be used to carry data outside the organization.
Radio-based gadgets: Wireless routers and networks and Bluetooth dongles allow an
employee to connect a cell phone or PDA to a computer and transfer date.
The lesson is that an effective information fraud program must deal with everyone who has
access to sensitive information including current and past employees, part-timers and
temporary employees, and outsourcing companies that deal with confidential data.
13. Integrity Survey
Corporate integrity has become more important as companies, regulators, and investors look
for a better understanding of factors that may have contributed to the various economic issues
that existed in the marketplace along with corporate fraud and misconduct.
In 2009, KPMG issued its 2008-2009 Integrity Survey based on a population of 5,000
employees nationwide. The Survey has not been updated since its issuance in 2009, but its
results appear to be relevant almost three years later.
According to the Survey, employees are facing greater pressure to meet revenue and cost
targets that may drive them to using improper means to do so, particularly if they believe their
jobs would be in jeopardy.
Based on the survey:
1. Misconduct in corporate America remains high with 74 percent of the employees surveyed
reporting that they have personally observed or have firsthand knowledge of wrongdoing
within their organizations during the past year.
2. 46% reported that if the misconduct were to be discovered, it would cause a significant loss
of public trust in the organization. 60% of employees from the banking and finance
industry noted a significant misconduct.
3. Major drivers of fraud and misconduct were:
a. 59% feel pressure to do whatever it takes to meet business targets.
b. 52% believe they will be rewarded for results regardless of the means to achieve them.
c. 50% lack resources to get their jobs done without cutting corners.
d. 49% fear losing their jobs if they do not meet their targets.
4. Although whistleblowing actions have increased, it remains a risk that boards and
management may not hear from employees until it is too late.
Audit Engagement Developments
114
a. 57% stated they would feel comfortable using a hotline to report misconduct, which is
an increase from the previous survey which had only 40% of the respondents.
b. 53% believed they would be protected from retaliation.
c. 39% believed they would be satisfied with the outcome if they reported misconduct to
management.
5. Types of misconducts included:
From the survey, respondents identified the following misconducts as those they had either
engaged in or witnessed being committed within their organizations.
Types of Misconducts Perpetrated or Witnessed
Type of misconduct committed % of respondents
Violating workplace health and safety rules 47%
Discriminating against employees 47%
Wasting, mismanaging, or abusing organization resources 44%
Engaging in sexual harassment 38%
Violating employee wage, overtime, and benefit rules 28%
Breaching employee privacy 28%
Engaging in false or deceptive sales practices 27%
Entering into supplier contracts that lack proper terms,
conditions and approvals
26%
Abusing drugs and/or alcohol at work 26%
Mishandling confidential or proprietary information 24%
Violating or circumventing supplier selection rules 24%
Fabricating product quality or safety test results 23%
Violating environmental standards 23%
Breaching computer, network, or database controls 22%
Falsifying time and expense reports 21%
Engaging in activities that pose a conflict of interest 20%
2008-2009 Integrity Survey, KPMG, 2009
The respondents suggested that the following actions could be taken to mitigate the effects of
misconduct and provide an environment of a high-integrity organization.
a. Have a tone at the top with local managers and supervisors, and CEOs and other senior
executives that are positive role models.
b. Create a team culture and work units that are motivated and empowered to do the right
thing.
Audit Engagement Developments
115
c. Have channels within which employees can feel comfortable to report misconduct
without retaliation.
Observation: In today’s litigious environment, it is important the companies and their boards
establish an ethics and compliance program and that they exercise regular oversight of that
process. There have been several recent cases where shareholders have sued their companies
and their boards for damages resulting from employee misconduct. The fact that a company
has an ethics compliance program and that the board exercises reasonable oversight over that
program generally have shielded the board from personal liability in recent cases.27
14. Correlation Between Bankruptcy and Fraud
Is there a high correlation between a company that goes bankrupt and one that commits fraud?
Is an entity that has fraud perpetrated more likely to file bankruptcy?
A study published by Deloitte Touche addresses these issues.
The Study28
is based on a review of the bankruptcy filings of more than 1,000 publicly traded
companies over a six-year period, and approximately 400 companies that had been issued SEC
Accounting and Auditing Enforcement Releases (AAERs) over an eight-year period.
The results concluded:
1. Bankrupt companies were three times more likely to be issued financial statement fraud
AAERs by the SEC subsequent to the bankruptcy filing.
a. The fact that a large publicly traded company files for bankruptcy is an event that
attracts the SEC’s attention.
b. 69% of the SEC’s AAERs were issued within three years after the entity filed
bankruptcy.
c. Bankrupt companies were twice as likely to have more than 10 fraud schemes in their
history.
2. Companies issued financial-statement-fraud AAERs were more than twice as likely to file
bankruptcy as those not issued one.
a. One in seven AAERs was issued against companies prior to those companies filing for
bankruptcy, suggesting that AAERs may be a warning sign for filing a future
bankruptcy.
27
See Stone v. Ritter, C. A. (Delaware, November 6, 2006) as noted in the KPMG report. 28
Ten Things About Bankruptcy and Fraud, Deloitte Forensic Center.
Audit Engagement Developments
116
b. Company morale at troubled companies along with pressure to reach lofty budgets can
create an environment to perpetrate fraud.
c. The most common types of financial statement fraud for bankruptcy companies were
revenue recognition, manipulation of expenses, and improper disclosures.
15. The CFO Perspective on Their Outside Auditors and Fraud
One recent survey of CFOs demonstrates the challenges auditors have in discovering fraud. In
the survey, the majority of CFOs stated that they believe it would be possible to intentionally
misstate their financial statements with their auditor not discovering the misstatement.
62% believe it would be possible to intentionally misstate their company’s financial
statements.
Only 17% believe it is possible for auditors to detect any and all corporate fraud.29
The results of the CFO survey are somewhat disturbing in light of the psychology of fraud. In
general, the fraud triangle provides that typically, three elements exist in a fraud:
incentive/pressure, opportunity, and rationalization/attitude. If a CFO believes he or she can
commit a financial statement fraud that is not likely to be detected by the outside auditor, that
assumption creates a heightened environment with respect to the existence of one of the three
elements: the CFO perceiving that he or she has an opportunity to commit fraud.
16. Madoff and the single auditor issue
Four years after Bernie Madoff turned himself in to the Authorities, the cases involving
Madoff, his family, and the hundreds of victims and perpetrators, are still in their infancy.
In hindsight, commentators assert that there were numerous “red flags” that supported a
conclusion that Madoff was perpetrating a massive fraud and that various parties should have
read those signals to avoid the fraud from occurring in the first place.
Some of the signs identifying that fraud existed include:30
All key players in the Madoff organization were family members.
The Madoff funds allegedly earned returns significantly higher than the market for
similarly risked investments.
The investment returns were too consistent for an otherwise volatile equity market.
Madoff’s investment funds had poor transparency.
Madoff used a sole auditor.
29
Survey by Grant Thornton, LLP 30
Bernard Madoff and the Sole Auditor Red Flag, Fuerman, Journal of Forensic & Investigative Accounting.
Audit Engagement Developments
117
Of particular focus in recent articles and studies is the fact that Madoff’s auditor, Friehling &
Horowitz (F&H), had a very small operation when compared with the scope of Madoff’s
operations. In essence, the F&H operation was a sole practitionership with a second partner
retired in Florida.
Since the Madoff scandal broke, numerous CPA firms that represented “feeder funds” have
been sued. Although these feed funds had reputable CPA firms and investment advisors, the
underlying investment assets were held by Madoff. Consequently, there are two questions that
are now at the forefront of the Madoff audit controversy:
1. Are the auditors of a capital-management (feeder fund) firm required to audit the
underlying investments of the funds (Madoff, for example) that it invests in?
2. Is the use of a sole practitioner who audits a disproportionately larger company
(Madoff) a red flag that would require the auditors of the capital-management
company to perform additional procedures?
Before addressing the two previous questions, the author presents a general outline of the
current rules found in SAS No. 1, AU Section 543, Part of Audit Performed by Other
Independent Auditors below:
AU Section 54331
applies to a principal auditor who uses the work and reports of other
independent auditors who have audited the financial statements of one or more subsidiaries,
divisions, branches, components, or investments included in the financial statements presented.
The Standard also provides the form and content of the principal auditor's report in these
circumstances.
AU Section 543 allows a principal auditor (of a feeder fund) to issue an auditor’s report that
either:
a) references the other auditor, or
b) does not reference the other auditor.
If the other auditor is not referenced in the principal auditor’s report (option (a)), the principal
auditor is required to perform additional audit procedures.
Decision not to reference the other auditor in the principal auditor’s report:
1. If the principal auditor is able to satisfy himself (or herself) as to the independence and
professional reputation of the other auditor, and takes steps he considers appropriate to
satisfy himself (herself) as to the audit performed by the other auditor, he or she may be
31
AU Section 543 is superseded by AU-C 600, Special Considerations Audits of Group Financial Statements (Including
the Work of Component Auditors), started for calendar year 2012 audits.
Audit Engagement Developments
118
able to express an opinion on the financial statements taken as a whole, without making
reference in his or her report to the audit of the other auditor.
2. If the principal auditor decides not to reference the other auditor in his or her report, he or
she should not state in his report that part of the audit was made by another auditor because
to do so may cause a reader to misinterpret the degree of responsibility being assumed.
3. Ordinarily, the principal auditor would be able to make the decision not to reference the
other auditor in his or her report when any one of the following occurs:
a. Part of the audit is performed by another independent auditor which is an associated or
correspondent firm and whose work is acceptable to the principal auditor based on his
knowledge of the professional standards and competence of that firm.
b. The other auditor was retained by the principal auditor and the work was performed
under the principal auditor's guidance and control.
c. The principal auditor, whether or not he selected the other auditor, nevertheless takes
steps he considers necessary to satisfy himself as to the audit performed by the other
auditor and accordingly is satisfied as to the reasonableness of the accounts for the
purpose of inclusion in the financial statements on which he is expressing his opinion,
or
d. The portion of the financial statements audited by the other auditor is not material to the
financial statements covered by the principal auditor's opinion.
Decision to make reference to the other auditor in the principal auditor’s report:
1. Alternatively, the principal auditor may decide to make reference to the audit of the other
auditor when he expresses his opinion on the financial statements.
Note: In some situations, it may be impracticable for the principal auditor to review the
other auditor's work or to use other procedures which in the judgment of the principal
auditor would be necessary for him to satisfy himself as to the audit performed by the other
auditor.
Also, if the financial statements of a component audited by another auditor are material in
relation to the total, the principal auditor may decide, regardless of any other
considerations, to make reference in his report to the audit of the other auditor.
2. When the principal auditor decides that he will make reference to the audit of the other
auditor, his report should indicate clearly the following:
Audit Engagement Developments
119
a. In both the introductory, scope and opinion paragraphs, the division of responsibility
should be identified as between that portion of the financial statements covered by his
own audit and that covered by the audit of the other auditor.
b. The report should disclose the magnitude of the portion of the financial statements
audited by the other auditor. This may be done by stating the dollar amounts or
percentages of one or more of the following: total assets, total revenues, or other
appropriate criteria, whichever most clearly reveals the portion of the financial
statements audited by the other auditor.
c. The other auditor may be named but only with his express permission and provided his
report is presented together with that of the principal auditor.
Note: Reference in the report of the principal auditor to the fact that part of the audit
was made by another auditor is not to be construed as a qualification of the opinion, but
rather as an indication of the divided responsibility between the auditors who conducted
the audits of various components of the overall financial statements.
Procedures that must be performed under both methods of reporting:
1. Whether or not the principal auditor decides to make reference to the other auditor in the
principal auditor’s report, he of she should make inquiries concerning the professional
reputation and independence of the other auditor.
2. The principal auditor also should adopt appropriate measures to assure the coordination of
his activities with those of the other auditor in order to achieve a proper review of matters
affecting the consolidating or combining of accounts in the financial statements.
3. Inquiries and other measures made by the principal auditor may include procedures such as
the following:
a. Make inquiries as to the professional reputation and standing of the other auditor to one
or more of the following:
The American Institute of Certified Public Accountants
The applicable state society of certified public accountants and/or the local chapter,
or in the case of a foreign auditor, his corresponding professional organization
Other practitioners
Bankers and other credit grantors, and
Other appropriate sources.
b. Obtain a representation from the other auditor that he or she is independent under the
requirements of the American Institute of Certified Public Accountants and, if approp-
riate, the requirements of the Securities and Exchange Commission (SEC).
Audit Engagement Developments
120
c. Ascertain through communication with the other auditor:
(i) That he or she is aware that the financial statements of the component which he is
to audit are to be included in the financial statements on which the principal
auditor will report and that the other auditor's report thereon will be relied upon
(and, where applicable, referred to) by the principal auditor.
(ii) That he or she is familiar with accounting principles generally accepted in the
United States of America and with the generally accepted auditing standards
promulgated by the American Institute of Certified Public Accountants and will
conduct his or her audit and will report in accordance therewith.
(iii) That he or she has knowledge of the relevant financial reporting requirements for
statements and schedules to be filed with regulatory agencies such as the Securities
and Exchange Commission, if appropriate.
(iv) That a review will be made of matters affecting elimination of intercompany
transactions and accounts and, if appropriate in the circumstances, the uniformity
of accounting practices among the components included in the financial
statements.
Note: Inquiries as to matters under a, and c (ii) and (iii) ordinarily would be
unnecessary if the principal auditor already knows the professional reputation and
standing of the other auditor and if the other auditor's primary place of practice is in the
United States.
If the results of inquiries and procedures by the principal auditor lead him or her to the
conclusion that he or she can neither assume responsibility for the work of the other
auditor insofar as that work relates to the principal auditor's expression of an opinion on
the financial statements taken as a whole, nor report with reference to the other auditor,
he or she should appropriately qualify his opinion or disclaim an opinion on the
financial statements taken as a whole. The reasons for the qualification or disclaimer
should be stated, and the magnitude of the portion of the financial statements to which
his qualification extends should be disclosed.
Additional procedures under decision not to reference to the other auditor in the principal
auditor’s report:
1. When the principal auditor decides not to make reference to the audit of the other
auditor, in addition to being satisfied as to the matters “procedures that must be
performed under both methods of reporting,” the principal auditor should also consider
whether to perform one or more of the following procedures:
a. Visit the other auditor and discuss the audit procedures followed and results thereof.
Audit Engagement Developments
121
b. Review the audit programs of the other auditor. In some cases, it may be appropriate to
issue instructions to the other auditor as to the scope of his audit work, and
c. Review the working papers of the other auditor, including the understanding of internal
control and the assessment of control risk.
Note: In some circumstances, the principal auditor may consider it appropriate to
participate in discussions regarding the accounts with management personnel of the
component whose financial statements are being audited by other auditors and/or to make
supplemental tests of such accounts. The determination of the extent of additional
procedures, if any, to be applied rests with the principal auditor alone in the exercise of his
professional judgment and in no way constitutes a reflection on the adequacy of the other
auditor's work. Because the principal auditor in this case assumes responsibility for his
opinion on the financial statements on which he is reporting without making reference to
the audit performed by the other auditor, his judgment must govern as to the extent of
procedures to be undertaken.
Should the auditors of the feeder funders have audited the work of the Madoff auditor under
AU 543?
Now that the reader has reviewed the general requirements of AU 543, what responsibility did
the feeder fund auditors have to audit or review the work of Madoff’s auditor, F&H?
Regardless of whether reference is made to the Madoff auditor in the feeder fund auditor’s
reports, at a minimum, AU Section 543 requires the feeder-fund auditors to perform certain
procedures that include:
1. Make inquiries concerning the professional reputation and independence of the Madoff
auditor
2. Obtain a representation letter from the Madoff auditor that he is independent under the
requirements of the AICPA and, if appropriate, the requirements of the Securities and
Exchange Commission (SEC), and
3. Ascertain through communication with the other auditor:
(a) That the Madoff auditor is aware that the financial statements of the component
which he is to audit are to be included in the financial statements on which the
principal auditor will report and that the other auditor's report thereon will be
relied upon by the principal auditor.
(b) That the Madoff auditor is familiar with GAAP and will conduct his or her audit
and will report in accordance therewith.
Audit Engagement Developments
122
(c) That the Madoff auditor has knowledge of the relevant financial reporting
requirements for statements and schedules to be filed with regulatory agencies
such as the Securities and Exchange Commission, if appropriate.
(d) That a review will be made of matters affecting elimination of intercompany
transactions and accounts and, if appropriate in the circumstances, the uniformity
of accounting practices among the components included in the financial
statements.
Once the above work is done by the feeder-fund auditor, that auditor must decide whether or
not to refer to the Madoff auditor in his or her report. According to one report, all of the
feeder-fund auditors did not reference to the work of the Madoff auditor and, consequently,
relied on the Madoff auditor’s audit and report thereon.
AU Section 543 states that if the feeder-fund auditor does not make reference to the audit of
the Madoff auditor, he or she should consider whether to perform additional procedures
including:
a. Visit the Madoff auditor and discuss the audit procedures followed and results thereof
b. Review the audit programs of the Madoff auditor and, possibly issue instructions to the
Madoff auditor as to the scope of his audit work, and
c. Review the working papers of the Madoff auditor, including the understanding of
internal control and the assessment of control risk.
If the feeder fund auditor did not perform some or all of the above procedures, they may not
have followed GAAS. Time will tell whether some or all of the feeder fund auditors complied
with GAAS under AU Section 543.
Another issue has to do with the “red flag” of the reputation and experience of the Madoff
auditor. Although some commentators states that the fact that the Madoff auditor was a sole
practitioner was, in and of itself, a red flag, nothing in GAAS states that the size of a CPA
firm has anything to do with the quality of the audit work and the experience of the auditor.
There were, however, several key signs that should have been observed in assessing the
Madoff auditor that included:
He was not registered with the Public Company Accounting Oversight Board (PCAOB),
which was required by the SEC in connection with the Madoff investment funds.
He had not been subject to New York state peer review.
Regardless of whether it is valid, the Madoff fraud has brought to the forefront a debate as to
whether sole practitioners have the ability to perform a quality audit for larger organizations.
Audit Engagement Developments
123
In a report entitled, Bernard Madoff and the Sole Auditor Red Flag,32
the author of the Report
performed an investigation as to whether a company’s use of a “solo auditor” is a red flag. The
Report was based on a study of 396 non-Big 4 litigations occurring during the period 1996 to
2008. The data was separated by size of CPA firm based on Medium (six largest non-Big 4
CPA firms), small CPA firms, very small CPA firms (2-9 accountants), and solo practitioners.
From the sample, the author of the Report evaluated the percentage of lawsuits against audit
clients, in which the CPA-auditor was also named as a defendant. The assumption was that if
an audit client is sued but the CPA–auditor is not sued, the audit quality must be high.
Conversely, if the CPA-auditor is also sued along with the audit client, the audit quality must
be low.
Conclusions reached by the Report and other studies include:
a. Audit quality is positively associated with CPA firm size. The larger the CPA firm, the
more it will invest in monitoring its partners because the firm’s reputation capital is so
valuable.
b. A solo auditor raises a red flag, although like any red flag, it proves nothing, and
requires further investigation.
Where a principal auditor is required to make inquiries concerning the professional
reputation and independence of the other auditor, such inquiries have heightened
important whenever the other auditor is a solo auditor.
Observation: Although the previous Report suggests that audit quality is lower in smaller
firms, in particular sole practitioners, one cannot apply this conclusion across the entire
population of sole practitioners. The reality is that most sole practitioners do an excellent job
in performing their engagements, including audits. Like all professionals, there are always
examples of professionals that miss the mark and perform sub-par engagements. Certainly,
the failure of the Madoff audit should not be construed as a reliable example of how other sole
practitioners perform their engagements. Instead, the Madoff auditor had other signs of
deficiency including his failure to register under the PCAOB and not going through peer
review.
What were the warning signs that Madoff was a fraudster?
The smartest people in the room can identify a list of early warning signs that suggested that
Madoff was engaged in a fraud. Using hindsight to identify fraud warning signs is like looking
at Nostradamus’s predictions after the events occur. After the fact, it is easy to see the obvious.
32
Bernard Madoff and the Solo Auditor Red Flag, Ross D. Fuerman.
Audit Engagement Developments
124
There are extensive studies, reports, and analyses that have been published since the Madoff
fraud was uncovered, each with its own twist as to how obvious the fraud signs were. Yet,
those same authors were nowhere to be found during the twenty years in which Madoff
perpetrated his fraud. The SEC, analysts, family members, accountants (most), lawyers, and
others were all conned over an extensive span of twenty years. Only one analyst, Harry
Markopolos, CPA, had the analysis and conviction to determine that Madoff could not be
legitimately generating the above-market returns over an extended period of time. When
Markopolos contacted the SEC about his fraud theory, the SEC ignored him. Exclusive of
Markopolos, other professionals were fooled by Madoff in a scam that seems obvious in
hindsight, but was not identified during the period in which the fraud was committed.
One particular analysis looks into the psychological profile of Madoff as a predator, who fed
off the people around him.
According to this one study, Madoff had the profile of a predator, based on the following
attributes:33
It is likely that Madoff’s family (wife and two sons) were kept in the dark about the
fraud.
Madoff had the need to look successful, with expensive suits, private jets, yachts, etc.
Madoff had a lack of trust and engaged in secrecy with cameras in his office, lack of
access to his 17th
floor.
People around Madoff feared him and his temper.
Madoff lied on a regular basis to the SEC, bankers and analysts.
Madoff was dishonest, including having several affairs for which he had to pay out
“hush money.”
Madoff had several obsessions including obsessive compulsive disorder (OCD) such as
obsessive cleanliness and orderliness.
Madoff had odd, eccentric behaviors including extensive blinking, elimination of email
access, dropping his pants in public, etc.
Madoff was unwilling to apologize for his fraud.
There were stress cracks in Madoff’s mask of appearance including temper tantrums.
33
Bernie Madoff: Predator of His Own Kind, Terry A. Sheridan, Ph.D. , 2010.
Audit Engagement Developments
125
Madoff continued with the facade even after he was caught.
Madoff had a superiority complex.
Madoff was a sociopath in that he was capable of lying, manipulation, the ability to
deceive, feelings of grandiosity and callousness toward his victims.
Observation: As previously discussed in this course, the fraud triangle includes three
elements: incentive or pressure, opportunity, and rationalization or attitude. Madoff’s profile
as a predator is an example of how a fraudster can rationalize his fraud. Studies have
confirmed that many fraudsters rationalize their fraud as representing compensation that is
owed to them. In general, they do not see themselves as committing a fraud. Madoff was able
to rationalize his fraud and certainly demonstrated no remorse with his failure to apologize to
his victims. In fact, in prison, Madoff was quoted as stating that he carried his investors for 20
years and he was now doing 150 years in prison.
Audit Engagement Developments
126
REVIEW QUESTIONS
Under the NASBA-AICPA self-study standards, self-study sponsors are required to present
review questions intermittently throughout each self-study course. Additionally, feedback must
be given to the course participant in the form of answers to the review questions and the reason
why answers are correct or incorrect.
To obtain the maximum benefit from this course, we recommend that you complete each of the
following questions, and then compare your answers with the solutions that immediately
follow. These questions and related suggested solutions are not part of the final examination
and will not be graded by the sponsor.
1. According to the recent study, Is Time Theft Robbing You Blind, who is more likely to
steal time from their employer?
a. employees age 30 and older
b. employees in high-ranking positions
c. manufacturing personnel
d. temporary employees
2. According to the AICPA’s Audit Risk Alert, what “circumstance and observation” might
serve as a warning sign of fraud:
a. a small company that has a large company mentality
b. compensation plans that are established to help generate profits
c. the company experiences success over continued periods
d. sales are growing faster than receivables
3. To help mitigate inventory fraud schemes, at the planning stage the auditor should
perform certain procedures. Which of the following are examples of such procedures?
a. make test counts in areas in which the auditor has traditionally focused in past audits
b. review client procedures to integrate consigned goods from the inventory
c. take the physical inventory at all significant locations at the same time
d. become familiar with the client’s business and its products or services
4. Which of the following is an indicator of potential related-party transactions?
a. a single CPA firm audits entities that conduct material intercompany transactions with
each other
b. the appraised value of real estate is different from the real estate transaction
c. significant transactions occurring throughout the year that result in significant income
recognized
d. specific borrowings at market terms
Audit Engagement Developments
127
5. In what stage of money laundering are the funds reinserted into the economy through
spending, investing, lending and cross-border, legitimate-appearing transactions:
a. funneling
b. integration
c. layering
d. placement
Audit Engagement Developments
128
SUGGESTED SOLUTIONS
1. According to the recent study, Is Time Theft Robbing You Blind, who is more likely to
steal time from their employer?
a. Incorrect. The study found that employees under age 30 steal more time than employees
age 30 and older.
b. Correct. The study found that employees in a greater position of seniority have a
greater chance of stealing time from their employer.
c. Incorrect. Manufacturing personnel do not steal as much time as other types of
personnel. For example, the study found that office personnel steal more time than
manufacturing personnel.
d. Incorrect. The study found temporary employees do not steal significant time.
Permanent employees steal more time than temporary employees.
2. According to the AICPA’s Audit Risk Alert, what “circumstance and observation” might
serve as a warning sign of fraud:
a. Incorrect. A “circumstance and observation” that might serve as a warning sign of fraud
is a large company that continues to have a small business mentality. A large company’s
management may still retain control of the internal control environment even as the
company continues to grow. The centralized control of operations creates a greater risk
that management might override internal controls.
b. Incorrect. A “circumstance and observation” that might serve as a warning sign of fraud
is compensation plans that reward management for achieving aggressive financial goals
or are geared toward enriching executives rather than generating profits. Auditors
should be aware of the power of greed in motivating management and other employees
to take actions they might not otherwise take.
c. Correct. A “circumstance and observation” that might serve as a warning sign of
fraud is continued periods in which the company experiences success. Management
may inappropriately make decisions without taking into account the typical peaks
and troughs in the business cycle.
d. Incorrect. A “circumstance and observation” that might serve as a warning sign of fraud
is when receivables grow faster than sales, not the other way around. If sales are
declining, management may attempt to inflate receivables to improve its financial
position.
3. To help mitigate inventory fraud schemes, at the planning stage the auditor should:
perform certain procedures. Which of the following are examples of such procedures?
a. Incorrect. During the physical count, the auditor should make test counts in areas in
which the auditor has not historically focused to surprise the client. Taking physical
accounts in areas historically focused on by the auditor allows the client to predict
where and when the auditor will perform audit procedures.
b. Incorrect. When inventories are held for or by others, the auditor should review client
procedures to segregate, not integrate, consigned goods from the inventory.
Audit Engagement Developments
129
c. Incorrect. When inventory is at multiple locations, the auditor should take the physical
inventory at all significant locations at the same time to avoid the risk of double
counting the same inventory.
d. Correct. An important part of planning for inventory observation is for the
auditor to understand the client’s business, its products, computer processing
applications and relevant controls, and cutoff procedures before physical counts
are taken.
4. Which of the following is an indicator of potential related-party transactions?
a. Incorrect. An indicator of potential related-party transactions is entities that conduct
material intercompany transactions with each other and are audited by different CPA
firms.
b. Correct. An indicator of potential related-party transactions is real estate
transactions for amounts different from the appraised value, suggesting there is
related-party bias in the valuation.
c. Incorrect. An indicator of potential related-party transactions is significant and unusual
transactions occurring at or near year end that result in significant income recognized.
Significant transactions occurring throughout the year by themselves are not an
indication of related-party transactions.
d. Incorrect. An indicator of potential related-party transactions is specific borrowings at
below-market terms from unusual sources including unknown private parties. Market
value borrowings do not indicate the existence of related party transactions.
5. In what stage of money laundering are the funds reinserted into the economy through
spending, investing, lending and cross-border, legitimate-appearing transactions:
a. Incorrect. The term “funneling” is part of the definition of money laundering and is not
a stage. Money laundering is defined as the funneling of cash or other funds generated
from illegal means through legitimate businesses to legitimize the cash or funds.
b. Correct. In integration, the third stage of laundering, the funds are reinserted into
the economy through spending, investing, lending and cross-border, legitimate-
appearing transactions. c. Incorrect. Layering, the second stage of laundering, is the process of generating a series
of layers of transactions to distance the proceeds from their illegal source and to blur the
audit trail.
d. Incorrect. Placement, the first stage of laundering, is the process of transferring the
actual criminal proceeds into the financial system in such a manner as to avoid detection
by financial institutions and government authorities.
Audit Engagement Developments
130
SECTION 2: Auditing Developments (Including the Audit Risk Alerts)
IV. Attempting to Limit Auditor’s Liability
Auditors on both sides of the Atlantic are trying techniques to limit their liability to their
clients and third parties.
Europe is moving ahead with liability limits:
In Europe, auditors have had much greater success with limiting liability than those in the
United States. In particular, the Big Four have won several battles to limit their liability, with
the most recent victories occurring in the U.K. and Belgium. The goal appears to be to win
Europe-wide limits on liability and then attempt a similar cap in the United States. With the
demise of Andersen in Enron and WorldCom, any one of the Big Four is one major claim away
from going out of business.
The U.K. government has passed legislation that allows auditors to negotiate with companies
for liability caps and provide for proportionate responsibility for losses incurred. The result is
that damages against auditors are limited to only a portion of the total amount of loss deemed a
direct result of the audit, with management and others absorbing the remainder. Presently,
auditors can be liable for all damages if other defendants are insolvent.
In the United States, auditors have been unable to push legislation that would limit liability. As
a result, auditors are limiting liability contractually by placing liability caps in their
engagements letters. Although the liability cap approach may protect auditors against their
clients who are a party to the engagement letter contract, it does not help such U.S. auditors
shield themselves against third-party liability.
Why use liability caps in the first place?
Placing liability caps and indemnification clauses in engagement letters is nothing new. Firms
in all industries, from architects to CPAs have used them to limit liability. In the wave of a
series of sizeable liability claims against the Big 4, liability caps provisions have given the Big
4 and other firms partial liability protection by limiting the claim settlement due to the client in
the event of a lawsuit. Because all of the Big 4 use liability cap provisions to some extent,
management and audit committees have little choice but to accept them. This is the risk that
exists when there are only four major national accounting firms to perform the majority of SEC
audits.
Liability caps are an effective and secretive way for auditors to limit liability since engagement
letters are generally not published in proxy reports. Thus, any liability limits inside the
engagement letter may go unnoticed by shareholders and third parties.
Audit Engagement Developments
131
Critics of liability limitations claim that auditors should be required to disclose the liability
caps and indemnifications in their proxy statements. Recently, the SEC has challenged use of
certain types of liability caps used by the Big 4, asserting they taint independence.
To date, the AICPA and SEC have different opinions as to whether an auditor taints his or her
independence if he or she enters into an agreement with a client that indemnifies the
accountant against losses due to the accountant’s or client’s negligence. The following table
compares each organization’s current position on the matter:
Type of Indemnification Clause Independence Impaired?
SEC (1) AICPA (2)
Indemnity against accountant’s negligence Yes Yes
Indemnity against client making false misrepresentations Yes No
(1) Application of the Commissioner’s Rules on Auditor Independence Frequently Asked
Questions, Other Matters, Question 4 (SEC, Office of the Chief Accountant)
(2) AICPA Ethics Ruling No. 94.
Previously, the SEC ruled that an accountant’s independence would be impaired if he or she
enters into an agreement with an SEC client that indemnifies the accountant for either the
accountant’s or client’s negligence. The SEC’s reasoning is based on the argument that the
existence of an indemnity agreement may “easily lead to the use of less extensive or thorough
procedures that would otherwise be followed.”34
The AICPA has taken a different tact as noted in Ethics Ruling No. 94, Indemnification Clause
Engagement Letters. Specifically, in Ethics Ruling 94, the AICPA has concluded that a clause
in which the client indemnifies the auditor from any liability and costs resulting from knowing
misrepresentations by management does not impair auditor independence. However, an
indemnification of the auditor for client negligence or auditor negligence would impair
independence.
Current status
With myriad law suits against auditors and accountants, firms are becoming quite aggressive in
insisting on indemnification clauses in their engagement letters as a condition of performing
the engagement. In particular, with only four major accounting firms to perform the majority of
SEC audits, the Big 4 are forcing the indemnification issue. Their actions have trickled down
to regional and local firms that perform work primarily for non-SEC companies.
In response to the more active use of indemnification clauses, the Federal Financial Institutions
Examination Council (FFIEC) published a document entitled, Interagency Advisory on the
Unsafe and Unsound Use of Limitation of Liability Provisions and Certain Alternative Dispute
Resolution Provisions in External Audit Engagement Letter.
34
Application of the Commission’s Rules on Auditor Independence- Frequently Asked Questions, Other Matters
Audit Engagement Developments
132
The FFIEC advisory was published in response to the use of indemnification clauses in
agreements with various financial institutions. In the Advisory, the FFIEC challenged the use
of such clauses stating that such clauses are unsafe and unsound. Further,
1. Agreements by financial institutions to limit external auditor liability may weaken the
external auditors’ objectivity, impartiality, and performance, thereby reducing the
ability to rely on external audits.
2. Entering into such indemnity agreements, in connection with either auditor or client
negligence, is an unsafe and unsound practice.
3. Financial institutions should be aware that their insurance policies may not cover them
if such clauses are included.
4. Financial institutions should be careful not to enter into agreements that mandate
Alternative Dispute Resolution (ADR) or waive jury trials.
In response to recent concerns that liability cap and indemnification clauses may impair
independence, the AICPA ethics division included in its Omnibus Proposal of Professional
Ethics Division Interpretations and Rulings, rules that would have defined those liability cap
provisions that would and would not impair independence. Subsequently, the AICPA withdrew
its Omnibus Proposal as it relates to indemnification clauses.
AICPA Ethics Interpretation No. 501-8, Failure to Follow Requirements of Governmental
Bodies, Commissions, Or Other Regulatory Agencies on Indemnification and Limitation of
Liability Provisions in Connection With Audit and Other Attest Services, further deals with this
issue.
Following is Ethics Interpretation 501-8:
Ethics Interpretation 501-8:
Certain governmental bodies, commissions, or other regulatory agencies (collectively, regulators)
have established requirements through laws, regulations, or published interpretations that prohibit
entities subject to their regulation (regulated entity) from including certain types of indemnification
and limitation of liability provisions in agreements for the performance of audit or other attest
services that are required by such regulators or that provide that the existence of such provisions
causes a member to be disqualified from providing such services to these entities. For example,
federal banking regulators, state insurance commissions, and the Securities and Exchange
Commission have established such requirements.
If a member enters into, or directs or knowingly permits another individual to enter into, a contract
for the performance of audit or other attest services that are subject to the requirements of these
regulators, the member should not include, or knowingly permit or direct another individual to
include, an indemnification or limitation of liability provision that would cause the regulated entity
Audit Engagement Developments
133
or a member to be in violation of such requirements or that would cause a member to be disqualified
from providing such services to the regulated entity. A member who enters into, or directs or
knowingly permits another individual to enter into, such an agreement for the performance of audit
or other attest services that would cause the regulated entity or a member to be in violation of such
requirements, or that would cause a member to be disqualified from providing such services to the
regulated entity, would be considered to have committed an act discreditable to the profession.
Members should also consult Ethics Ruling No. 94, "Indemnification Clause in Engagement
Letters," of ET section 191, Ethics Rulings on Independence, Integrity, and Objectivity (AICPA,
Professional Standards, vol. 2, ET sec. 191 par. .188–.189) under Rule 101, Independence and
Ethics Ruling No. 102, "Indemnification of a Client," of ET section 191, Ethics Rulings on
Independence, Integrity, and Objectivity (AICPA, Professional Standards, vol. 2, ET sec. 191 par.
.204–.205) under Rule 101, Independence, for guidance related to use of indemnification clauses in
engagement letters and the impact on a member's independence.
What impact does Ethics Interpretation 501-8 have on the auditor?
Ethics Interpretation 501-8 states that an indemnification and/or limited liability clause may
not be used if it is prohibited by applicable law or regulation, or violates ethics rulings. Thus,
if use of such a clause violates the rules of a regulated entity that would result in the auditor
being disqualified from providing the services to that regulated entity, the indemnification
clause would be prohibited.
This result does not impact the use of certain indemnification clauses for a non-regulated entity
such as a traditional manufacturing or distribution entity. In such a case, use of the
indemnification clause would be subject to AICPA Ethics Ruling 94 which is addressed above.
If an entity is non-public, and not subject to SEC or any other regulatory rulings, an indemnity
clause that protects the auditor against known misrepresentations by management does not
impair independence.
Examples of clauses and comments: Assume the client is a nonpublic, non-
regulated entity.
1. Auditor Indemnified Against Claims Based on Knowing Misrepresentations by
Audit Client’s Management:
Company X hereby indemnifies Joe Auditor, his partners, principals and employees
and holds them harmless from all claims, liabilities, losses and costs arising in
circumstances where there was a misrepresentation by the audit client’s
management, regardless of whether such person was acting in Company X’s
interests.
Conclusion: Would not impair independence as it indemnifies auditor against all claims due to
client’s knowing misrepresentation.
Audit Engagement Developments
134
What if the clause indemnifies the auditor for claims based on the auditor’s negligence?
Example:
Company X hereby indemnifies Joe Auditor, his partners, principals, and employees,
and holds them harmless from all claims, whether a claim be in tort, contract, or
otherwise, from any damages relating to services provided under this engagement
letter, or
Company X hereby indemnifies Joe Auditor, his partners, principals, and employees,
and holds them harmless from all claims, whether a claim be in tort, contract, or
otherwise, for any damages relating to services provided under this engagement
letter, except to the extent finally determined to have resulted from the gross
negligence, willful misconduct or fraudulent behavior of Joe Auditor related to such
service.
Conclusion: The above clause would impair independence because it indemnifies the auditor
against all claims based on auditor’s negligence.
Observation: By indemnifying the auditor for client misrepresentations, there is a significant
deterrent to management committing fraud as it shifts to the client the responsibility for
making proper representations to the auditor. This type of clause encourages management to
completely and accurately disclose and communicate all pertinent matters to the auditor.
The SEC has been quite clear that when an accountant who enters into “an agreement of
indemnity which seeks to provide the accountant immunity from liability for his or her own
negligent acts… the accountant is not independent.”35
If ethics permitted such an
indemnification clause, an auditor would be encouraged to perform sub-par work knowing he
or she had an insurance policy in the indemnification clause.
Will limited liability be successful in the United States?
With the current movement in the United States to limit liability claims against the medical
field, caps on claims against auditors could be coming, particularly in light of the significant
claims that are likely to be brought against auditors in the next few years after the financial
markets meltdown.
35
SEC, Office of the Chief Accountant, Application of the Commission’s Rules on Auditor Independence Frequently
Asked Questions, Other Matters- Question 4.
Audit Engagement Developments
135
U. S. Chamber of Commerce Proposal- Auditor Liability Limitations
“None of us regulators has a clue what to do if one of the Big Four
failed…. If one of the Big Four were to collapse, the best accountants
could choose to quit the profession.”
William McDonough, former chair of PCAOB
The U. S. Chamber of Commerce came to the rescue of auditors by publishing a report that
proposed limiting auditor liability. In its policy paper entitled, Auditing: A Profession at Risk,
the Chamber developed a framework to ensure long-term viability of the auditing profession,
outlined in a three-point plan that:
1. Assists the profession in becoming insurable
2. Clarifies PCAOB standards, including those related to internal control audits, and
3. Supports expansion and competition of the Big 4 firms.
Conclusions published in the Report follow:
a. Sarbanes-Oxley has greatly increased the role of auditing in public companies.
b. The pressure for auditors to do more when conducting audits means that the auditor-client
relationship is becoming more involved and continuous, with much more frequent
interactions, rather than simply holding periodic discussions.
c. The auditing profession faces a number of significant legal challenges:
1. Auditors continue to be the target of a difficult litigation and regulatory enforcement
environment.
Business losses by a client can result in lawsuits.
A single indictment, even without a conviction, can result in the destruction of
thousands of jobs, such as in the case with Arthur Andersen.
Over-litigation and unfair enforcement are so dire that the profession is essentially
uninsurable.
Because of the personal financial risk of being an auditor, it is becoming
increasingly difficult to attract and retain high-quality personnel to the profession.
Audit firms feel they are caught in the middle between the demands of regulators,
law enforcement, the plaintiff’s bar, and their clients.
Audit Engagement Developments
136
2. The process of developing and interpreting accounting principles remains in flux as
business transactions become more complex.
There remains significant misunderstanding about the meaning and nature of
accounting principles which can translate into significant litigation risk.
Changes of one or two cents per share may drive a litigation claim even though such
changes indicate nothing about the financial health of the company’s underlying
business.
3. The Profession is severely contracted, with only four major accounting firms serving a
large majority of the listed and actively traded public companies in the United States.
Any further contraction in the accounting industry would present a major challenge
to the viability of the profession.
Recommendations made by the Chamber of Commerce:
In its Report, the Chamber of Commerce recommended that the following actions be taken to
save the audit profession.
1. Help the profession become insurable
a. Better define auditor procedures and responsibility for fraud detection and limit the
auditor’s responsibility to it.
Develop a safe harbor standard for fraud detection that clearly defines the nature
and extent of procedures an auditing firm must perform to detect fraud.
The safe harbor would be developed and approved by both the PCAOB (for public
companies) and the ASB for nonpublic entities.
Firms that performed under the safe harbor would be protected against legal liability.
b. Create an Alternative Dispute Resolution (ADR) system for dispute about audits.
Juries and non-expert judges cannot properly evaluate arcane accounting judgments
and auditing methodologies.
A specialized accounting court could also be considered as part of the ADR system.
c. Permit parties to agree to ADR and reasonable limits on litigation.
The SEC and banking regulators need to accept the ability of auditors and their
clients to agree to limitations on damages and indemnification provisions.
Audit Engagement Developments
137
d. Regulate threats of indictment against audit firms.
The inappropriate indictment of Andersen led directly to the loss of 28,000 jobs in
the United States and more than 80,000 worldwide, even though the indictment was
subsequently withdrawn.
Criminal indictments should be made against the individuals involved in the
purported crime and not the firm as a whole.
Individuals within the firm who had no knowledge of the criminal activity should
not be punished.
Congress needs to reign in the Justice Department and other regulatory authorities
and establish clear rules under which firms may be criminally indicted.
Firms need a chance to be heard before indictments are issued.
2. Clarify PCAOB standards
a. The PCAOB has created the environment for overauditing and has the responsibility to
clarify its standards and provide safe harbors for auditors allowing them some measure
of predictability and freedom from being second guessed.
Example: Previously, the PCAOB issues PCAOB Standard No. 2 (as superseded by
PCAOB Standard No. 5), as the primary implementation standard for Section 404 of
Sarbanes. PCAOB Standard No. 2 was considered too broad, and principles-based.
PCAOB Standard No. 2 also used broad terms as “significant” and “relevant” which
needed more explanation. Consequently, auditors were “overauditing” their clients.
Ultimately, the PCAOB issued PCAOB Standard No. 5, which superseded PCAOB No.
2 and simplified and clarified the requirements for auditors to deal with Section 404 of
Sarbanes Oxley.
3. Support expansion and competition among top-tier firms
a. The SEC should reexamine regulations that prohibit the Big Four firms from competing
for audit assignments when they have performed disqualifying services in prior years.
b. Remove nonmarket barriers that impede competition with the Big Four.
The SEC and PCAOB, among others, should support policies that help the entire
profession become insurable since risk management is a huge barrier to growth for
any firm seeking to audit public company clients.
Audit Engagement Developments
138
Clarify and streamline the accounting standards to make it less expensive for firms
to stay current with the latest pronouncements.
The FASB needs to address the problem of infinite complication in accounting rules,
which makes it almost impossible for even the most knowledgeable and well-
intentioned accountants to keep up.
SEC needs to include non-Big Four firms in the GAAP debate.
All parties should encourage public companies to consider high-quality firms outside
the Big Four by encouraging Wall Street underwriters and the investing public to
accept other choices such as those in the second-tier of national or regional firms.
Can there ever be a Big Five accounting firm?
Although the Chamber of Commerce report has merit, the third recommendation, of creating
competition to expand the Big Four, is least likely to happen. Two reports reach the same
conclusion; that is, it is virtually impossible to create a fifth national firm the size of the Big
Four.
In a GAO report published entitled, Continued Concentration in Audit Market for Large Public
Companies Does Not Call for Immediate Action (the Report).
The Report reached several conclusions as to the concentration of the Big Four firms and
whether action should be taken to increase concentration among them.
1. The Big Four audit more than 98 percent of all U. S. public companies with more than
$1 billion of sales.
Midsize and smaller firms audit approximately 80 percent of the smallest public
companies with sales of less than $100 million.
2. Internationally, the Big 4 dominate the market for audit services.
3. Only 40 percent of large companies noted that the number of accounting firms from
which they could choose was adequate.
In contrast, 75 percent of the smallest public companies stated their number of audit
choices was sufficient.
4. 90 percent of large public companies would not use a non Big Four firm. Reasons
noted included:
There is lack of capacity for non Big-Four firms to perform the audit.
Audit Engagement Developments
139
Selecting a Big Four auditor is a prudent and safe move.
There is a reputational requirement of using the Big Four by shareholders, banks,
lenders, and underwriters
5. More than 70 percent of midsize and smaller accounting firms have no interest in
obtaining large public company audits.
6. There is no evidence that the market concentration among the Big Four has any
bearing on the significant increase in audit fees in the post-Sarbanes era: Other factors
were noted as causing the increase in fees including:
Increased complexity of accounting and financial reporting standards that has driven
a greater need for technical expertise.
Additional auditing standards that have increased the amount of work required
Additional work required to prepare for PCAOB inspections.
Additional work to comply with Sarbanes-Oxley and Section 404 requirements.
7. Because of the barriers to entry, market forces are not likely to result in the expansion of
the current Big 4. Smaller accounting firms face significant barriers to entry into the
audit market for large multinational public companies for several reasons including:
Smaller firms generally lack the staff, technical expertise, and global reach to audit
large and complex national and multinational public companies.
The Big 4 had more than five times as many partners and over seven times as many
staff as the average for the next four largest firms.
Big Four
Next four
largest firms (1)
Partners 8,487 1,588
Professional staff 79,607 11,403
Offices 354 227
Public company clients 5677 919
(1): McGladrey and Pullen, Grant Thornton, BDO Seidman, and Crowe Chizek.
Source: GAO Report
8. The results of a further concentration in the Big Four (down to Big Three) would
significantly increase the concentration in the audit market. The Report cited several
risks that could result in a loss of a Big Four firm including:
Audit Engagement Developments
140
A sizeable civil litigation claim in excess of insurance coverage
Criminal prosecution, such as in the case of Arthur Andersen
A merger of two of the Big Four firms
What would happen if a Big Four firm goes under?
In the report entitled The Future of the Accounting Profession: Auditor Concentration,
participants were asked to assess the risks of reducing the Big Four to the Big Three due to the
potential loss of one of the Big Four firms.
1. There was significant concern about the potential loss of another Big Four Firm.
The current degree of concentration raises the specter that the collapse of the Big
Four firm would be a threat to the continued existence of the profession.
An environment with only three firms would be too small to maintain audit quality
and independence, and would call into question the viability of the survivors.
2. The consequences of losing another member of the Big Four to civil or criminal
litigation could potentially include the end of the public company audit profession and
the takeover of that function by the Government.
Government taking over the audit process would lead to qualified professionals
leaving the profession.
3. The greatest risk to the Big Four is the omnipresent threat of litigation and regulators
must take immediate steps to address it:
Because the current pattern of litigation involves huge claims (e.g., one Big Four
that faced a damages claim of $12.4 billion), firms cannot take the risk of bringing
the case to trial.
The real problem with litigation is that it increases transaction costs and results in
difficult and complex accounting issues being presented to unsophisticated juries.
The tempo of litigation against accountants has picked up substantially with each of
the Big Four having significant claims in excess of capital.
There is widespread agreement that the profession in the United States needs to
move away from what is called a rules-based system to a principles-based one,
which will lead to greater litigation against auditors.
Audit Engagement Developments
141
Investors today are suing companies and their auditors for earnings downturns on a
regular basis.
Audit partners are leaving the profession in fear of losing their personal assets.
4. There is a profound disconnect between investors’ expectations and what an audit can
actually accomplish, and the profession must reconcile the disconnect.
It is impossible for auditors to identify all problems, fraud, or account for all
contingencies in the audited financial statements.
Although auditors convey their limitations to audit committees and boards, they fail
to communicate to the public thereby resulting in the expectation gap.
5. The Big Four are unable to obtain a comprehensive catastrophic risk insurance policy,
thereby requiring them to self insure.
Because of the limitations on obtaining comprehensive insurance, the current LLP
legal structure may not provide the Big Four with enough legal protection.
How bad are the litigation claims?
In 1995, Congress passed the Private Securities Litigation Reform Act of 1995 (the Act). The
Act was designed to curb previous abusive securities litigation, and provides requirements for
companies and their auditors involved in securities including rules for:
1. Dealing with forward-looking statements including a safe harbor provision
2. Filing complaints for securities fraud including class action claims
3. An approach for quantifying damages under a litigation claim, including determining
proportionate liability
4. Mandatory sanction provision, and
5. Specific requirements for outside auditors including procedures designed to provide
reasonable assurance of detecting illegal acts that would have a material effect on the
financial statements, identify related party transactions, and evaluating going concern.
In March 2012, a report published by Cornerstone Research noted the dollar level of securities
class action settlements (exclusive of Enron and WorldCom settlements) reached a record level
of $18.2 billion in 2006, then leveled off with steady declines in 2007 and 2008. In 2009
through 2011, settlements fell sharply to 2011’s level which was the lowest number of
settlements in ten years.
Audit Engagement Developments
142
On average, GAAP violations were alleged in 45% of the settled cases in 2011 as compared
with approximately 70% of the settled cases in 2010 and prior years.
A summary of claims noted in the report are follows:
Year
Total
settlements
(millions)
Number
of cases
Average
settlement
(millions)
Average
estimated
damages
claimed
(millions)
# cases
settled
in excess of
$1 Billion
Settlements
as % of
estimated
damages
2011 $1,362 65 $21.0 $2,033 0% 1.0%
2010 $3,116 86 36.3 2.731 0% 1.3%
2009 3,793 101 37.2 2,270 0% 1.6%
2008 $2,798 97 $31.2 2,062 20% 1.5%
2007 7,600 (3) 108 62.7 3,064 25% 2.5%
2006 18,603 (2) 90 105.0 8,382 35% 1.3%
2005 10,182 (1) 119 28.5 2,783 31% 1.0%
2004 3,626 110 21.1 2,843 28% .07%
2003 2.,693 94 22.2 2,271 18% 1.0%
2002 3,008 111 24.7 1,266 17% 2.0%
(1) Includes $12.7 million of claims from WorldCom and Enron.
(2) Includes a $7.1 million settlement from Enron in 2006.
(3) Includes Tyco settlement.
Source: Securities Class Action Settlements: 2011 Review and Analysis, (Cornerstone
Research, March 2012)
A summary of the conclusions reached from the Report follow:
1. Claims against auditors were included in 10% of all securities action cases in 2011, as
compared with approximately 30% of cases in 2010 and earlier years. Cases where the
accountant was named as a defendant continue to settle for the highest percentage of
estimated damages where there were accounting allegations.
a. The median settlement as a percentage of estimated damages increased from 3.1% of
the original claim amount (without an auditor being named), to 4.3% when the auditor
was named as a co-defendant because accountants settle their cases for risk that a loss
of one sizeable case could result in the demise of the accounting firm.
2. The average settlement has declined to $21 million in 2011 from an average high of $105
million in 2006.
a. The inventory of cases waiting to be settled has depleted and awaits the next batch of
suits to come from the Wall Street meltdown.
b. Four significant settlements in excess of $1 billion distorted the average in 2006.
Without those four settlements, the 2006 average was $45 million.
Audit Engagement Developments
143
3. Although there was a decline in 2008, plaintiffs continue to make high damages claims
against companies and their auditors with the average estimated damages claim being
$2.033 billion in 2011.
4. Although the ultimate settlement is only 1% to 3% of the total estimated damages claims
(1.0% in 2011), the estimated damages are so high that companies and their auditors are
coerced to settle or risk a sizeable loss putting them out of business.
5. The number of large settlements at more than $1 billion declined to zero in 2009 through
2011, down from 20% in 2008 and 35% in 2006.
6. Settlements are higher when the following factors exist:
High estimated damages
Higher defendant asset size
There has been a restatement or corresponding SEC action
An accountant is named as a co-defendant
An underwriter is named as co-defendant
There is a corresponding derivative action
An institution is a lead plaintiff
There is a restatement of financial statements
There is a derivative involved in the claim
Amount of reported assets of defendant
There is also an SEC action against the defendant
A public pension fund is the plaintiff
7. Restatement of financial statements significantly increases the settlement amount as a
percentage of the damages claim. In 2011, the settled claim as a percentage of the actual
claim increased to 3.9% from 3.0% without a restatement.
8. Top cited accounting issues in lawsuits include:
Estimates
Overstated assets
Understated liabilities and expenses
Revenue recognition
Lawsuits in 2012 and beyond
In 2012, a report was published that compared the number of securities class action filings (not
settlements) in 2011 versus prior years.36
Interestingly, the number of federal securities fraud
36
Securities Class Action Filings, 2011: A Year in Review (Cornerstone Research, 2012).
Audit Engagement Developments
144
class action suits filed declined to 169 in 2009, 176 in 2010, and 188 in 2011, as compared
with 223 in 2008. Understand that the number of cases filed does not necessarily line up with
the number of cases settled in a given year because of the many years required to litigate and
settle such cases. Nevertheless, the fact that the number of cases filed in 2009 through 2011
declined means there are fewer cases in the pipeline that will ultimately lead to few settlements
being made.
On average, 3.2 percent of S&P 500 companies were defenders in class action cases in 2011,
representing 5.1 percent of the total market capitalization of the S&P 500.
The decline in the number of filings in 2009 through 2011 was based on a parallel decline in
the market volatility for stock prices during both years. Moreover, the relatively low number
of 2009 through 2011 filings was further evidence by the fact that some of the 2009 filings
were due to non-traditional stock volatility claims such as those related to Ponzi schemes and
mortgage-backed securities frauds. Those same non-traditional stock volatility claims that
existed in 2009 were not as evidence in 2010 and 2011.
Another issue that is on the horizon involves TARP-funded companies and the impact on
lawsuits against these companies. Because the taxpayer is an owner of certain TARP-funded
companies, some of the settlements from future lawsuits against such TARP-funded companies
may drive an interesting public policy issue; that is, what happens to the securities litigation
claim amounts when the taxpayers are required to fund huge settlements against TARP
companies?
Because many of the upcoming lawsuits will include the auditors as defendants, the amount of
damages claimed and settlements are likely to be enormous in cases such as AIG, Lehman
Brothers and Bear Stearns, to name a few. Query whether any of the Big Four firms can
absorb one gargantuan claim against them and still survive as a going concern.
The unknown impact of the Lehman Brothers bankruptcy
In March 2010, an exhaustive, nine-volume report37
was issued in connection with the U.S.
bankruptcy case involving Lehman Brothers Holdings, LLC (Lehman).
In this report, the examiner reached conclusions as to the culpability of Ernst & Young in
committing malpractice in the Lehman case. The report was a prelude to sizeable litigation and
fraud claims against E&Y.
Specifically, the examiner concluded there is sufficient evidence to support colorable claims
against Ernst & Young, LLC for professional malpractice arising from E&Y’s failure to follow
professional standards of care with respect to communications with Lehman’s Audit
Committee, investigation of a whistleblower claim, and audits and reviews of Lehman’s public
37
Report of Anton R. Valukas, Jenner & Block, LLP, Examiner, United States Bankruptcy Court Southern District of
New York (Lehman Brothers Holdings, LLC, et al, Debtors) Chapter 11 Case No. 08-13555.
Audit Engagement Developments
145
filings. The communications involved Lehman’s use of the so-called “Repo 105” approach to
value securities inventory on its balance sheet.
In December 2010, New York State filed a lawsuit against Ernst & Young, alleging the firm
assisted Lehman Brothers in a “massive accounting fraud.”
The complaint against E&Y includes fraud charges, based on allegations that E&Y approved
Lehman’s use of Repo 105 to value its securities, and that E&Y ignored whistleblowers who
voiced concern over use of Repo 105.
This case will take years to sort out and billions of dollars of litigation claims to come.
Limited liability in the U.K.
To date, attempts by auditors to limit liability or to assert shared liability with the client have
not been successful.
The U.K. has dealt with the auditor liability issue under the Companies Act of 2006 which
provides that companies can agree to limit auditor liability through an agreement that is
authorized by the shareholders and that waives liability only for any claim amount that is in
excess of what is “fair and reasonable.”
For U.K. companies that are also registered in the U.S. stock exchange, such limited liability
agreements require approval from the SEC, which has not been granted. Auditors of U.S.
companies have had no success getting any limited liability agreements accepted by the SEC.
Interestingly, another issue in the U.K. has been getting directors and their shareholders to sign
a limited liability agreement with the auditors. Directors have been reluctant to sign such an
agreement in fear that they will commit negligence and getting shareholders to sign such an
agreement has proven to be difficult. To date, not one major public company in the U.K. has
signed a limited liability agreement.
Is Congress adding to auditor’s risk?
It appears to be an uphill battle for auditors of public companies. Although the number of
class-action claims made in 2009 through 2011, declined by approximately 24 percent from the
2008 level, current regulatory and legislative reform may drive securities class-action claims
upward again, and with that move will be more lawsuits filed against auditors.
One bill introduced by the Senate Banking Committee would have expanded liability beyond
the company to the company’s auditors, suppliers, and banks, among others.
Specifically, the proposed bill entitled, Investors Rights and Corporate Accountability Act of
2009 (S 2813), would have amended the Securities Exchange Act of 1934 and the Investment
Advisers Act of 1940 to expand liability to any person involved in aiding and abetting in
Audit Engagement Developments
146
providing substantial assistance to another person with reckless disregard for whether the
substantial assistance is in violation of either Act. Recently, the bill was removed from the
docket and will not be passed by Congress. Nevertheless, one has to question whether
additional bills will be proposed that have as their core, expanded liability for accountants and
auditors.
Observation: Questions continue to rise as to whether an audit report is meaningful in today’s
financial environment. After all, most investors have looked at audited financial statements as
nothing more than an insurance policy under which they would have a deep-pocketed
international accounting firm to sue in the event of stock loss. Given the size of today’s
litigation claims as compared with the net worth of any one of the Big Four, is that insurance
policy really sufficient to fund one sizeable litigation claim? Although any one of the Big Four
should be able to fund a $500 million claim, there is a question as to whether any firm could
absorb a claim beyond that amount and still remain viable. If there are multiple lawsuits, that
maximum amount has to be shared among plaintiffs.
V. The Viability of the Big Four
Since the demise of Arthur Andersen, there have been numerous reports and recommendations
issued to address the Big Four and what many consider to be a risky and unhealthy
concentration among these four accounting firms.
The Big Four, along with two second-tier firms issued a report entitled, Serving Global Capital
Markets and the Global Economy.
The Report is written with a focus on changes to global financial reporting and public company
audit procedures that need to adapt to those changes.
Recommendations made by the Report include:
a. The world’s accounting and auditing standards must be harmonized and based on a
principles-based system rather than a rules-based one.
The World’s financial transactions are far too complex to account for under a rules-
based system.
If there is a convergence toward one set of Global standards, that set should be very
close to those principles-based standards dictated by the International Financial
Reporting Standards (IFRS).
b. Auditing standards should be established at the international level in lieu of the PCAOB.
Audit Engagement Developments
147
One set of global auditing standards would provide global markets and other
stakeholders the same quality of audits regardless of where they are conducted.
c. There should be one set of global enforcement and governing rules for auditors including
those related to independence.
d. Address the expectation gap regarding fraud detection.
There are inherent limits as to what fraud auditors can reasonably uncover in and audit
yet many investors, policy makers and the media believe that the auditor’s main
function is to detect all fraud. When fraud materializes and the auditor did not find it,
the auditors are presumed to be at fault.
There needs to be a constructive dialogue among investors, other stakeholders, policy
makers and auditors as to what can be done to both narrow the expectation gap and
enhance fraud detection. Ideas for fraud detection include:
1) Subject all public companies to a forensic audit on a regular basis (e.g., every three
or five years) and/or on a random basis.
2) Let shareholders decide the intensity of the fraud detection effort they want their
auditors to perform.
e. Enable networks to integrate further to strengthen audit quality.
The quality of the audit may be enhanced if the Big Four were able to be structured as
one single global operation instead of a network of segments of the firm.
The current environment limits an audit firm ownership in some countries which require all
owners or partners of the firm conducting audits in a jurisdiction to be licensed to practice in
that jurisdiction.
Some countries, including the United States, discourage national firms and their
partners or members from being part of a single legal enterprise.
f. Address the concentration in the audit profession.
The global enforcement markets recognize that the loss of another major audit firm
would have a significant impact on the capital markets.
In order for there to be alternatives to the Big Four, the market must lower the risks
within the profession so that networks will make the investment needed to serve the
very largest of companies.
Audit Engagement Developments
148
Enforcement authorities must focus penalties for any auditor wrongdoing or negligence
on those directly implicated in such activities, rather than on the entire firm that
employs them.
There needs to be liability reform that limits audit firms’ exposure to liability so that all
firms, even smaller ones, would be willing to take on larger company audit assignments.
The national governments need to relax the non-attest services performance restrictions
for auditors so that there is a greater choice of auditors.
g. Change the financial reporting model.
A new financial reporting model should be driven by the wants of investors and other
users of the financial information.
Securities regulations should be changed so that financial and non-financial information
is reported in real-time over the Internet.
Information should be forward-looking even though it may be historical in fact.
Non-financial drivers should include disclosure of measures that include customer
satisfaction, product or service defects and awards, and employee satisfaction.
h. The audit industry should be permitted to offer consulting and tax advice to their audit
clients so that those firms can attract and retain individuals with the necessary skills and
talent to service the profession.
Observation: The markets have looked upon the Big Four report with mixed views. Some
commentators consider the suggestions to be self-serving that will result in expanded future
business for the national firms. Others consider the report to be forward looking and an
essential basis for reinventing the accounting profession.
Report of the Advisory Committee on the Auditing Profession to the U. S. Department
of the Treasury
In 2008, the U. S. Department of Treasury established an Advisory Committee on the Auditing
Profession to deal with the various issues facing firms that audit public companies including
the condition, sustainability and future of the auditing profession in light of the fact that the
Big Four audit 98 percent of all public companies.
In September 2008, a report entitled Report of the Advisory Committee on the Auditing
Profession to the U. S. Department of the Treasury, was issued by an Advisory Committee, the
purpose of which is to provide recommendations to enhance the sustainability of a strong
public company auditing profession.
Audit Engagement Developments
149
The Report makes the following observations:
a. Litigation-related expenses are a significant component of auditing firms’ cost structures
but are not at a level that significantly affects their ability to recruit talent or grow their
practices.
b. Audits of large public companies are concentrated among a limited number of auditing
firms and the largest of these firms are not able to use third-party insurance in a cost-
effective manner to manage their litigation costs.
c. The largest U. S. public companies have enormous market capitalization so that if a large
cap company were to become insolvent or suffer a significant decline in value, such a
market loss would often exceed the total capital of the auditing firm.
d. Auditing firms often feel pressure to settle mega or catastrophic claims even if they believe
they have meritorious defenses due to the risk that a loss could threaten the firm’s survival.
e. Auditing firms are also at risk for other claims against them including criminal indictment
that could threaten survival.
The Report recommends the following changes be made, among many others noted with the
Report:
1. Large auditing firms should issue audited financial statements to the PCAOB and should
have audit committees.
2. There should be a move toward a national professional liability regime for public
company auditing firms.
Auditing firms that are faced with litigation claims that threaten their survival should
have reasonable opportunity to litigate and appeal such matters.
3. Congress should consider the creation of a federally chartered audit firm structure that
would include limits on liability for audits of public companies, mandatory public reporting
of audited financial statements, and required capitalization levels, among other
requirements.
4. Because of the risk of loss of any of the Big Four firms, the PCAOB should monitor auditor
conduct that might present a risk to sustainability of any of the Big Four auditing firms.
Observation: From the tone of the Report, it appears that in order for the Big Four to get
some form of limited liability protection from claims; those firms will have to provide greater
transparency in terms of the firms’ operations and profitability. Query whether that is an
acceptable tradeoff.
Audit Engagement Developments
150
The current risky environment for the Big Four
One report indicates that the six largest auditing firms (the Big 4 plus Grant Thornton and
BDO Seidman) are defendants in ninety private actions related to audits of both public and
private companies (either shareholder class actions or actions brought by companies or
bankruptcy trustees) with damage claims against the auditors in each case in excess of $100
million.38
Forty-one of the ninety cases seek damages in excess of $500 million.
Twenty-seven cases seek damages in excess of $1 billion, and
Seven cases seek damages over $10 billion.
In looking at the high percentage of claims that exceed $1 billion, the Big Four are one large
lawsuit away from becoming the Big Three, or Big Two. The highly aggressive litigious
environment coupled with a lack of liability caps on lawsuits, exposes any one of the Big Four
to the risk that a huge litigation claim puts them out of business.
In a January 2010 letter to the International Organization of Securities Commissions, Grant
Thornton stated that the current audit market is unsustainable and that new rules must be
created to develop greater competition. In its letter, Grant Thornton noted that in the event of
the demise of any one of the Big Four, 20 percent of the 7,200 largest businesses in the G20
would be left without an auditor.39
In general, it is unlikely that any one of the Big Four could sustain a litigation claim in the $1-2
billion range.
The latest example of a single lawsuit that can bring down one of the Big Four is the series of
lawsuits that have been filed against several of the Big Four and other CPA firms involved in
the Madoff scandal. Previously in this course, the auditor discussed the litigation that continues
against many of the auditors of the feeder funds that invested in Madoff’s funds.
In general, each of these lawsuits was filed by feeder funds that were audited by the Big Four
and that had money invested with Madoff.
For example:
KPMG was sued for $3.3 billion by Tremont Group, a feeder fund invested with
Madoff.
PWC’s United States, Bermuda, and U.K. arms are being sued by parties in connection
with Fairfield Sentry, a feeder fund that had $7.2 billion of assets invested with Madoff.
38
Treasury Advisory Committee on the Auditing Profession, Final Report 39
January 2010 letter: Grant Thornton as published in accountancyage.com.
Audit Engagement Developments
151
Ernst & Young is being sued in Luxembourg by a group of investors involved in the
LuxAlpha Fund that once had $1.4 billion invested with Madoff.
At the heart of most of these lawsuits is whether the auditor for the feeder fund had a
responsibility to audit and verify the existence of the fund’s assets invested with Madoff. None
of the Big Four were Madoff’s auditors.
In the PWC case, the plaintiffs alleged that PWC did meet with Madoff and accepted his
assertions about the existence of funds without verifying the existence of the funds. PWC
alleges that it had no responsibility to audit the underlying fund assets held by Madoff given
the fact that PWC was not Madoff’s auditor.
The plaintiffs also observed that PWC did nothing to investigate the credentials of the small
audit firm, Friehling & Horowitz, that audited the Madoff funds.
Given the size of the lawsuits against the Big Four in the Madoff scandal, most, if not all of
them will be settled as the Big Four cannot take the risk of losing any one of these multi-billion
dollar claims.
The allegations made that the feeder fund auditor must look through and audit the underlying
assets of the core fund (Madoff in this case) could have chilling effects on how investment
funds get audited. Many auditors of feeder funds may be reluctant to audit the feeder fund
unless they are also auditing the core investment fund.
VI. PCAOB’s Auditor Rotation Proposal
Should auditors of SEC companies be required to rotate?
This issue has been discussed for years leading to the Public Company Oversight Board
(PCAOB) using a concept release on August 16, 2011 that seeks public comment on
mandatory audit firm rotation and other ways in which auditor independence, objectivity, and
professional skepticism could be improved.
The Release noted the following observations by the PCAOB:
1. In response to the financial scandals at Enron, WorldCom and others, the Sarbanes-Oxley
Act (the "Act") included a number of significant provisions designed to bolster the auditor's
independence from the company under audit.
a. Congress established independent oversight of the auditing profession by the PCAOB
for audits of issuers.
Audit Engagement Developments
152
b. Sarbanes puts the audit committee, rather than management, in charge of hiring the
auditor and overseeing the engagement.
c. Sarbanes prohibits auditors from providing certain nonaudit services to clients and
imposes mandatory audit partner rotation.
2. Since its creation, the PCAOB has conducted hundreds of inspections of registered public
accounting firms each year. Based on this insight, the Board believes that the reforms in
Sarbanes have made a significant, positive difference in the quality of public company
auditing.
3. The PCAOB continues to find instances in which it appears that auditors did not approach
some aspect of the audit with the required independence, objectivity and professional
skepticism. The Board addresses audit failures on a case-by-case basis through its
inspection and enforcement programs.
4. The PCAOB is considering whether other approaches could foster a more fundamental shift
in the way the auditor views its relationship with its audit client. One possible approach
that might promote such a shift is mandatory audit firm rotation, which has been
considered at various times since the 1970s.
The Concept Release asks a series of questions regarding mandatory auditor rotation including:
a. Would audit firm rotation enhance auditor independence, objectivity and professional
skepticism?
b. What are the advantages and disadvantages of mandatory audit firm rotation?
c. Because there appears to be little or no relevant empirical data directly on mandatory
rotation available, should the Board conduct a pilot program?
d. What effect would a rotation requirement have on audit costs?
Note: According to a previously issued GAO Report, large firms estimated that a rotation
requirement would increase initial year audit costs by more than 20 percent.
e. Are there alternatives to mandatory rotation that the Board should consider that would
meaningfully enhance auditor independence, objectivity and professional skepticism?
f. If the Board determined to move forward with development of a rotation proposal, what
would be an appropriate term length?
g. Should different term lengths for different kinds of engagements be considered? If so, what
characteristics, such as client size or industry, should this differentiation be based on?
Audit Engagement Developments
153
h. To what extent would a rotation requirement limit a company's choice of an auditor?
In response to a requirement of Sarbanes Oxley, the GAO did a study and issued a report,
Mandatory Audit Firm Rotation Study, based on a survey of larger auditing firms and Fortune
1000 companies.
In the Study, respondents made the following comments and suggestions regarding mandatory
auditor rotation.
54% stated that initially, a new auditor would have less knowledge of a client’s
operations and financial reporting practices.
93% stated that initially, the new auditor is likely to have greater risk of there being a
material misstatement.
Estimated initial-year audit costs would increase by more than 20%.
The PCAOB will be holding public roundtables on the concept release in 2012.
Europe takes action in auditor rotation
While the PCAOB considered auditor rotation in the U.S., Europe is following a similar path.
In particular, the European Commission has proposed regulations that would, if approved,
trigger major changes in the relationships between European public companies and their
auditors.
Currently, the Big Four audit approximately 85% of the top European public companies.
The changes would do the following:
Limit to six years the period that an outside auditing firm can perform audits for a
company. A cooling-off period of four years would be imposed before a firm could
audit again for the same client. Companies that opt for a voluntary joint audit would be
allowed a nine-year window.
Prohibit audit firms from providing nonaudit consultancy services to their audit clients,
and require large audit firms to separate audit activities from nonaudit activities.
Create a single market for statutory audits by introducing a European passport for the
audit profession, allowing firms to provide services across the European Union.
Require public-interest entities (public companies) to have an “open and transparent
tender procedure” when picking a new auditor.
Audit Engagement Developments
154
One key difference between the present rules for U.S. and European companies is that auditors
of European companies are allowed to provide consulting services (nonattest services) to a
public company that they also audit, while the U.S. prohibits that action under Sarbanes-Oxley
Act of 2002.
The European proposal would dramatically change the mixing of nonattest and attest services
by auditors by requiring European auditors to separate their audit and nonaudit activities.
Moreover, just like the proposal in the U.S., the European proposal has received claims that it
will increase audit fees and enhance risk of material misstatement in the early years of a new
auditor.
Audit Engagement Developments
155
REVIEW QUESTIONS
Under the NASBA-AICPA self-study standards, self-study sponsors are required to present
review questions intermittently throughout each self-study course. Additionally, feedback must
be given to the course participant in the form of answers to the review questions and the reason
why answers are correct or incorrect.
To obtain the maximum benefit from this course, we recommend that you complete each of the
following questions, and then compare your answers with the solutions that immediately
follow. These questions and related suggested solutions are not part of the final examination
and will not be graded by the sponsor.
1. In “Auditing: A Profession at Risk,” which of the following recommendations was not
made by Chamber of Commerce to save the audit profession:
a. Expand accounting rules and move toward a principles-based system
b. Better define auditor procedures and responsibility for fraud detection
c. Create an alternative dispute resolution system
d. Explain Section 404 of Sarbanes-Oxley
2. According to the report, The Future of the Accounting Profession: Auditor Concentration,
which of the following is not a factor contributing to the threat of litigation against Big
Four auditors:
a. Firms cannot take the risk of bringing a case to trial
b. The increase in transaction costs with litigation
c. Audit fees are not commensurate with the risk
d. Investors are suing companies and their auditors for earnings downturns
3. Cornerstone Research reported that settlements are higher when which factor exists:
a. Lower defendant asset size
b. There has been no restatement
c. A corresponding derivative action has been taken
d. There is no co-defendant
4. Which recommendation was made in the Big Four report, Serving Global Capital Markets
and the Global Economy:
a. The PCAOB should establish auditing standards
b. International standards should determine the effort level that auditors should expend in
detecting fraud
c. The Big Four should be able to work together further to strengthen audit quality
d. The world’s accounting and auditing standards should be rules-based
Audit Engagement Developments
156
SUGGESTED SOLUTIONS
1. In “Auditing: A Profession at Risk,” which of the following recommendations was not
made by Chamber of Commerce to save the audit profession:
a. Correct. The Chamber of Commerce made a recommendation that the FASB
needs to address the problem of infinite complication in accounting rules, which
makes it almost impossible for even the most knowledgeable and well-intentioned
accountants to keep up. Nothing was mentioned about a principles-based system.
b. Incorrect. The Chamber of Commerce did recommend that, to help the profession
become insurable, auditor procedures and responsibility for fraud detection should be
better defined and the auditor’s responsibility to it should be limited.
c. Incorrect. The Chamber of Commerce did recommend that an alternative dispute
resolution system should be created for dispute about audits to avoid litigation.
d. Incorrect. The Chamber of Commerce did recommend that PCAOB standards be
clarified. Section 404 of Sarbanes-Oxley needed better explanation to save auditors
from “overauditing” due to vague, nebulous guidance.
2. According to the report, The Future of the Accounting Profession: Auditor Concentration,
which of the following is not a factor contributing to the threat of litigation against Big
Four auditors:
a. Incorrect. One major problem with the Big Four going to trial is that they cannot take
the risk that they lose, resulting in the demise of the firm. Thus the answer is correct.
b. Incorrect. Because of the complexity of audit evidence, the costs of defending a lawsuit
are significant, forcing auditors to settle, making the answer correct.
c. Correct. There is no reference in the report to audit fees not being commensurate
with the risk. Thus, the answer is not a factor.
d. Incorrect. The report notes that investors are suing companies and their auditors for
earnings downturns on a regular basis, thereby exposing auditors to extensive litigation
risk. This answer represents one of the identified factors.
3. Cornerstone Research reported that settlements are higher when which factor exists:
a. Incorrect. The report concluded that settlements are higher when the defendant asset
size is higher.
b. Incorrect. The report concluded that settlements are higher when there has been a
restatement, and a corresponding SEC action.
c. Correct. The report concluded that settlements are higher when there is a
corresponding derivative action, which yields a higher overall risk.
d. Incorrect. The report concluded that settlements are higher when there is either an
accountant or an underwriter named as a co-defendant. The reason is because
accountants and underwriters are more likely to quickly settle the case due to the risk of
losing in court.
Audit Engagement Developments
157
4. Which recommendation was made in the Big Four report, Serving Global Capital Markets
and the Global Economy?
a. Incorrect. One of the Big Four’s recommendations was that auditing standards should
be established at the international level in lieu of the PCAOB.
b. Incorrect. One of the Big Four’s ideas for fraud detection was to let shareholders decide
the intensity of the fraud detection effort they want their auditors to perform.
c. Correct. One of the Big Four’s recommendations was that networks should be
enabled to integrate further to strengthen audit quality. The report suggests that
the current environment limits an audit firm’s ownership in some countries which
requires all owners or partners of the firm conducting audits in a jurisdiction to be
licensed to practice in that jurisdiction.
d. Incorrect. One of the Big Four’s recommendations was that the world’s accounting and
auditing standards must be harmonized and based on a principles-based system rather
than a rules-based one.
Audit Engagement Developments
158
VII. Retaliation Against Auditors Who Issue Adverse Opinions
Few audits result in the auditor issuing an adverse opinion. But when it happens, the question
is whether the client retaliates by replacing the auditor in the next year.
Although there is no study involving adverse opinions on financial statements, there is a study
that looks at the correlation between adverse auditors’ opinions on a client’s internal control
over financial reporting (ICFR) as required by Section 404 of Sarbanes-Oxley.
Conclusions reached by the Study include:40
a. Companies receiving adverse opinions on their ICFR are consistently more likely to
dismiss their auditor in the following year.
An adverse ICFR opinion is the most consistently significant variable associated
with dismissals in a four year post-Sarbanes period.
b. Companies that dismiss their auditor after receiving an adverse ICFR opinion are more
likely to hire a larger firm and industry specialist auditors than companies dismissing
after receiving an unqualified opinion.
c. Companies that receive an adverse ICFR opinion switch auditors as part of an effort to
improve their overall financial reporting quality, or as a signal of such activities.
Observation: The results of this study are no surprise. A company’s management and board of
directors/audit committee are in a difficult position when an adverse opinion is issued on ICFR
or, for that matter, on its financial statements. In such a situation, the company has to take
action to remedy the situation. One way is to change auditors and get a fresh perspective on the
audit, suggesting that the previous auditor was somehow responsible for the deficiencies that
lead to the adverse opinion in the first place.
VIII. AICPA's Top 10 Technology Issues-2011
In 2011, based on the results of a survey of more than 2,000 AICPA members from a list of
various technologies, the AICPA announced its list of 2011 AICPA Top Technology Initiatives
Survey Results, which includes several new items that were not on the 2010 list. To no
surprise, information security continued to be at the top of the list, along with data retention
policies and structure.
40
Auditor Realignments Accompanying Implementation of SOX 404 ICFR Reporting Requirements, Michael Ettredge et al,
September 2010
Audit Engagement Developments
159
1. Control and Use of Mobile Devices
2. Information Security
3. Data Retention Policies and Structure
4. Remote access
5. Staff and Management Training
6. Process Documentation and Improvements
7. Saving and Making Money With Technology
8. Technology Cost Controls
9. Budget Processes
10. Project Management & Deployment of New Implementations
XIX. Anti Sarbanes-Oxley Continues After Ten Years
More than ten years after the passage of Sarbanes-Oxley, third parties continue to evaluate
whether Sarbanes has been effective in restoring public confidence in the financial results
reported by public companies.
Companies within and outside the United States complain about Sarbanes-Oxley. Although the
merits of Sarbanes may have been positive in terms of cleaning up some of the abuses within
public companies, the results have, in some cases, been extreme for several reasons. In
particular, Section 404 internal control compliance requirements have been burdensome for all
companies.
In one particular survey, one third of 186 executives of Fortune 1,000 companies surveyed
favor repeal of Sarbanes, while 94 percent of CEOs surveyed stated that the cost of Section
404 compliance exceeds its benefits.41
Additionally, one survey states that Sarbanes-Oxley has resulted in a $1.4 trillion (that’s
trillion) loss in stock-market value due to the demands of implementing and maintaining the
Act’s requirements.42
1. The cost of compliance is exceeding estimates, particularly the cost of the
Section 404 certification of internal controls:43
Perhaps more has been written and promulgated about the Section 404 internal control
reporting certifications than any other section of the Sarbanes-Oxley Act.
Section 404 of the Act requires the following:
41
FEI Survey. 42
Economic Consequences of the Sarbanes-Oxley Act of 2002, Xiying Zhang, University of Rochester. 43
Surveys published by FEI and AMR.
Audit Engagement Developments
160
a. Section 404(a) of Sarbanes: Management of a public company must assess the
effectiveness of the company’s internal control over financial reporting as of the end of the
company’s most recent fiscal year.
1) Management must include in the company’s annual report to shareholders,
management’s conclusion, as a result of its assessment, about whether the company’s
internal control is effective.
b. Section 404(b) of Sarbanes: The company’s auditor must evaluate management’s assess-
ment of internal control by taking certain steps that include:
1) Perform a walkthrough of the company’s significant processes.
2) Obtain evidence about the operating effectiveness of internal control for all relevant
assertions and significant accounts or disclosures.
3) Test and evaluate the effectiveness of the design and operating effectiveness of
internal controls.
4) Identify control deficiencies and categorize them into two categories:
Significant deficiency: A deficiency that, by itself or in combination with other control
deficiencies results in more than a remote likelihood that a misstatement of a
company’s financial statements that is more than inconsequential, will not be
prevented or detected.
Material weakness: A deficiency that, by itself or in combination with other control
deficiencies, results in more than a remote likelihood that a material misstatement of a
company’s financial statements will not be prevented or detected.
c. The auditor must issue an opinion on the effectiveness of internal control over financial
reporting, that is included in the company’s published financial statements along with the
audit report on those statements:
1) An auditor may express an unqualified opinion if the auditor has identified no material
weaknesses in internal control.
An auditor is permitted to issue a qualified or disclaimer opinion if all the
procedures considered necessary are not performed. If the overall opinion cannot be
expressed, the reasons why should be disclosed.
2) The report may disclose only material weaknesses and not significant deficiencies.
An adverse opinion is required if one or more material weaknesses in internal
control exists. The adverse opinion would apply to both management’s assertion
and the effectiveness of internal control over financial reporting.
Audit Engagement Developments
161
What are the costs of Sarbanes-Oxley?
There have been numerous surveys conducted to determine the true cost of complying with
Sarbanes-Oxley. In general, most studies evaluate the total cost as consisting of three
components: a) audit fee, b) Section 404 compliance costs, and c) other internal/external costs
of compliance.
Although external fees to outside auditors and consultants can be quantified, determining the
internal costs can be difficult and distortive depending on what assumptions are made.
Here is what appears to be the best information on costs:
Estimated Cost of Sarbanes-Oxley Compliance
Market capitalization Estimated total costs*
Less than $75 million $850,000
$75 million to $699 million 2.5 million
$700 million or greater 5.5 million
* Consists of external audit costs, Section 404 costs, and other internal/external costs.
Source: FEI Audit Fee Survey.
Further statistics:44
1. Audit fees for 2010 increased by only 2% from 2009, further indicating that audit fees are
flat since 2007. Information on 2011 audit fees was not available at time of publication
but was expected to be similar to 2010 levels.
2. Average audit fee for all public companies in 2010 was $3.3 million and took 12,540 man
hours, for an average fee per man hour of $264.
3. The average relationship of a public company and its auditor was 21 years.
The cost of complying with Sarbanes has stabilized. This leveling off of costs suggests that the
implementation issues of Sarbanes and Section 404 compliance have been worked through by
the companies and their auditors. In general, audit fees have been very cyclical over the past
decade. During the period 2003-2006, audit fees soared in the wake of Sarbanes Oxley and
Section 404 compliance. Since 2007, audit fees have declined each year and leveled off with a
slight increase of 2% in 2010, and a small increase for 2011.
44
FEI Audit Fee Survey: Companies Report Modest Changes in Audit Fees in 2010 (June 2011)
Audit Engagement Developments
162
Observation: Although overall Section 404 costs may have leveled off, total annual costs far
exceed the amount that was estimated by the SEC at the inception of Sarbanes to be $91,000
per year for each public company. If one uses a rough average estimated cost of $3.0 million
per public company and there are 18,000 public companies, the total annual cost of Sarbanes is
approximately $54 billion. Now, assuming Sarbanes has been in effect for nine years (2003-
2011), the estimated total cost of compliance, since inception, has been $486 billion ($54
billion x 9 years). Of course, a portion of the Sarbanes costs consist of audit fees that the
companies would incur anyway. Nevertheless, query whether the public receives anything
close to $432 billion of benefit from companies having to comply with Sarbanes-Oxley. Did
Sarbanes protect the public from the Madoff scandal or the financial crisis with Lehman
Brothers and AIG?
In September 2009, the SEC completed a study of the costs of Sarbanes-Oxley entitled, Study
of the Sarbanes-Oxley Act of 2002 Section 404 Internal Control over Financial Reporting
Requirements.
The Study is based on a six-month survey conducted by the SEC of SEC company respondents
and noted the following results in assessing the cost of Section 404 compliance, only:
Estimated Cost of Section 404 Compliance
Market capitalization Estimated total costs*
Less than $75 million $581,000
$75 million to $699 million 935,000
$700 million or greater 3.6 million
Overall average $1,783,000
* Consists of external and internal costs of compliance.
Source: Study of the Sarbanes-Oxley Act of 2002 Section 404 Internal Control over
Financial Reporting Requirements, SEC, September 2009.
Although the SEC study was issued in September 2009, there is little evidence that the results
have changed significantly from 2009 to 2012. In particular, by 2009, most companies had
already complied with Section 404 for several years and had resolved and corrected any
significant internal control issues.
On average, estimated costs of Section 404 compliance were $1,783,000 of which $1.2
million consisted of internal control costs and the remainder $583,000 were audit costs.
Even though the cost of complying with Section 404 is high, respondents to the SEC report
had mixed views as to whether Sarbanes is worthwhile:
72 percent that Section 404 improved their companies’ internal control structure.
Audit Engagement Developments
163
Only 38 percent of respondents though that Sarbanes boosted their confidence in other
companies’ financial reports.
Only 22 percent stated that Section 404 raised investor confidence.
In summary, companies recognize that Section 404 compliance may improve the quality of
their companies’ internal control. However, they do not see that benefit translating into a
benefit to the investors in terms of increasing confidence in the quality of financial reports.
Dodd-Frank exempts smaller SEC companies from compliance with Section 404
Since the adoption of Sarbanes-Oxley in 2002, there has been criticism of the requirement for
small issuers (market capitalization of $75 million or less (non-accelerated filers) to comply
with Section 404 of Sarbanes.
To address some concerns, in October 2009, the SEC announced what it calls its last extension
of Section 404(b) auditor compliance certification for smaller public companies. The six-
month extension requires small public companies with a market capitalization of $75 million
or less (non-accelerated filers) to start complying with Section 404(b) auditor’s certification
report when it filed its annual report for the fiscal year ending on or after June 15, 2010.
Previously, the implementation date was December 15, 2009.
In 2010, the Dodd-Frank Wall Street Reform and Consumer Protection Act (Dodd-Frank) was
passed. Section 989G of Dodd-Frank includes an exemption for nonaccelerated filers.
Specifically, Dodd-Frank exempts non-accelerated filers (public companies with a market
capitalization of $75 million or less) from having to comply with Section 404(b) (the auditor
certification) of the Sarbanes-Oxley Act. Section 989G also requires the SEC to conduct a
study to determine how to reduce the burden of compliance with Section 404 for companies
with capitalizations of between $75 million and $250 million. On September 15, 2010 the SEC
issued final rule 33-9142 that permanently exempts public companies with less than $75
million market capitalization from Section 404(b) internal control audit requirement.
Although smaller public companies are now exempt from the auditor certification under
Section 404(b) of Sarbanes (the auditor certification), small public companies ($75 million or
less) would still have to comply with Section 404(a) which consists of the requirement that
management assess the effectiveness of internal controls over financial reporting and include
that assessment in the company’s annual report.
2. Has the issuance of PCAOB AS No. 5 alleviated some of the concerns about
overauditing?
Prior to the issuance of AS No. 5, Section 404 of Sarbanes requires companies and their
auditors to report on internal control, and to disclose material weaknesses in internal control.
Audit Engagement Developments
164
At that time, companies were complaining that their auditors were taking a literal view of
Sarbanes compliance, particularly as it relates to the Section 404 certification. This fact
resulted in disclosures of a record number of material weaknesses in internal control in years
through 2006. Prior to the issuance of PCAOB Auditing Standard No. 5, auditors had noted
that they were simply following the requirements of PCAOB Auditing Standard No. 2, An
Audit of Internal Control Over Financial Reporting Performed in Conjunction with an Audit of
Financial Statements.
It appears that relief has come in the form of a replacement standard with the issuance of
Auditing Standard 5, which superseded AS 2. Further discussion of AS 5 is noted below.
In the PCAOB’s Policy Statement Regarding implementation of Auditing Standard No. 2, the
PCAOB and others noted a list of criticisms against auditors in applying Standard No. 2:
1. Auditors were focusing too much on documentation and paperwork flow even if the
internal control was functioning.
2. There was redundancy in performing an audit for Section 404 compliance and for
reporting on the financial statements.
a. Auditors did not have a single integrated audit approach under which evidence was
gathered and tests performed that satisfied both audit objectives.
3. Auditors were using one-size-fits-all audit programs with standardized checklists that
had little to do with the unique issues and risks associated with a particular client’s
financial reporting process.
4. Auditors were not applying a risk-based approach to test for compliance with Section
404.
a. Auditors were performing too much work in low-risk areas
5. Auditors were taking too literal of a stance in not offering advice to clients in terms of
Section 404 compliance.
Note: The PCAOB notes that auditors were taking extreme positions on not giving any
advice to clients. In some instances, auditors were unwilling to give technical advice on
GAAP, and would not accept draft financial statements for review. In its Policy
Statement, the PCAOB stated that auditors were permitted to give advice on the
application of GAAP and could look at draft financial statements.
6. Auditors were applying arbitrary standards to determine when a company had reached
the threshold of having “material weaknesses” in internal control.
Audit Engagement Developments
165
PCAOB Auditing Standard No. 5, An Audit of Internal Control Over Financial Reporting
That Is Integrated with An Audit of Financial Statements
Under PCAOB Standard 2 (AS2), an auditor of a public company was required to issue two
opinions on a company’s financing statements: Opinion 1 was on management’s assessment of
internal control, while Opinion 2 was on the effectiveness of internal control.
Since AS2’s issuance, there had been two fundamental criticisms of the Statement’s
application:
1. Although there have been significant benefits to the Statement, they have come at a far
greater cost than anticipated.
2. There has been considerable confusion as to how to apply AS2 so that auditors have
sided on overauditing.
In response to criticisms about AS2, the PCAOB issued Auditing Standard No. 5, (AS5), An
Audit of Internal Control Over Financial Reporting That Is Integrated with an Audit of
Financial Statements. AS5 superseded AS2.
AS5 is a principles-based standard designed to focus the auditor on the most important matters,
increasing the likelihood that material weaknesses will be found before they cause material
misstatement of the financial statements. The standard also eliminates audit requirements that
are unnecessary to achieve the intended benefits, provides direction on how to scale the audit
for a smaller and less complex company, and simplifies and significantly shortens the text of
the standard.
Specific requirements of the statement include the following:
a. Auditors focus on those areas that present the greatest risk that a company’s internal control
will fail to prevent or detect a material misstatement in the financial statements.
b. Auditors no longer have to opine on whether management’s assessment of its internal
controls is fairly stated (Opinion 1). Auditors issue an opinion on whether the internal
controls are effective.
AS5 eliminated AS2’s detailed requirements to evaluate management’s own evaluation
process and clarifies that an internal control audit does not require an opinion on the
adequacy of management’s process.
c. Auditors now have flexibility to make their audits more scalable for smaller companies so
that the cost of the internal-control audit is more proportionate to the size and complexity of
the company. Materiality is factored into the auditor’s audit to eliminate the current too
detailed focus on internal control.
Audit Engagement Developments
166
d. Auditors apply a top-down approach to the audit of internal control under which the auditor
identifies the controls to test by starting at the top at the financial statements and company-
level controls.
e. The standard requires risk assessment at each of the decision points in the top-down
approach and requires a risk-based approach to multi-location testings.
f. Auditors are no longer precluded from referencing the work of the internal auditor in the
internal control opinion.
g. The standard makes clear that the auditor should use the same consideration of account-
level materiality in determining the nature, timing, and extent of his or her procedures in
the audit of internal control as used in the financial statement audit.
h. The standard eliminates procedures that the Board believes are unnecessary to an effective
audit of internal control including allowing the auditor to reduce procedures in areas of
lower risk.
i. The standard allows the auditor to utilize the direct assistance of others when performing
walkthroughs of all major classes of transactions.
AS5 was effective for all audits of internal control for fiscal years ending on or after November
15, 2007.
Observation: The SEC asserts that AS5 has made dramatic improvement in simplifying the
application of Section 404. In its report, the SEC noted that estimated total costs of compliance
for those companies that had already been complying with Section 404(b) dropped 19 percent
from $2.8 million before AS5 to $2.3 million after AS5 had been implemented.45
Does the market still punish companies that have restatements?
In the early 2000s, after Enron and other financial frauds, investors appeared less forgiving
about earnings restatements. At that time, a restatement was considered a red flag for financial
statement fraud, regardless of whether the restatement was a result of an intentional or an
unintentional (voluntary) misstatement. There was evidence that suggested that the market had
no tolerance for restatements and actually punished companies on both a short- and long-term
basis, if they did issue restatements.
In a one study, published by Min Wu of the New York University Stern School of Business,46
the Study reached conclusions such as:
45
Study of the Sarbanes-Oxley Act of 2002 Section 404 Internal Control over Financial Reporting Requirements, SEC,
September 2009. 46
A Review of Earnings Restatements (Min Wu- New York University Stern School of Business).
Audit Engagement Developments
167
A restatement is generally considered bad news by the market.
The market reacts quite negatively to a restatement by penalizing the stock price for the
three-day period after the restatement announcement.
Restated companies lose credibility in the marketplace as investors rate their earnings as
being a lower quality after the announcement is made.
Since the Min Wu Report was published, the market has become used to restatements with
several years of significant restatements. The question is whether the market still punishes
those companies that restatement their financial statements or has the market become exposed
to “restatement fatigue.”
Another study was published that suggests that the public has not changed its reaction to
restatements as follows:47
The magnitude of the market reaction to restatement filings has not diminished with the
increased frequency of restatements.
How an entity discloses its restatement (with or without filing an 8K) suggests how the
market will react to a restatement. Change in stock price and trading volume was
significant if an entity filed an 8K versus if it did not.
Evidence also exists that the markets look upon material weaknesses unfavorably and can
severely punish a company with a drop in its stock price for a 60-day period after the
deficiency is announced. Consider the following chart that illustrates this point:
Impact of Reported Weaknesses on Stock Price
Type of deficiency
% Decline in Stock Price
Days after restatement filing
One day 7 days 30 days 60 days
All deficiencies (.72%) (.71%) (1.35%) (3.75%)
Material weakness:
Financial systems/procedures (.34%) (.71%) (1.35%) (3.75%)
Insufficient accounting staffing (.92%) (1.19%) (2.31%) (4.80%)
Documentation (.14%) (.12%) (.41%) (5.29%)
Revenue recognition (1.04%) (.12%) (.41%) (5.29%)
Lease accounting (1.39%) (.71%) (.13%) (.86%)
Tax accounting (.27%) (1.20%) (4.22%) (5.77%)
Other (2.59%) (2.15%) (.06%) (3.31%)
All material weaknesses (.67%) (.90%) (1.96%) (4.06%)
Qualified opinion (.23%) (.66%) (2.30%) (3.56%)
Source: Glass Lewis & Co., FactSet
47
Restatements: Investor Response and Firm Reporting Choices, Plumlee and Lonbardi Yohn.
Audit Engagement Developments
168
Observation: The table data illustrates that the market is particularly sensitive to material
weaknesses by punishing companies with a drop in market value of approximately 3 to 5% by
60 days after the deficiency announcement. Material weaknesses due to personnel issues,
documentation, revenue recognition, and tax accounting have the most significant effect on
stock price, all driving stock price down by approximately 5% by 60 days after the restatement
announcement.
Based on the Glass Lewis study previously noted, material weaknesses in internal control due
to tax-related issues have yielded a 5.77% decline in the company’s stock value 60 days later.
Clearly, that fact is an incentive to tighten up a tax department’s internal control.
Companies have lost important advisors
One criticism of Sarbanes is that auditors are reluctant to give advice in fear that they may taint
their independence. This cautious approach is resulting in criticism of the Big 4 by their
clients. Specifically,
a. Companies are concerned that they no longer share strategies, ideas and proposals with
their auditors, particularly those related to tax issues.
b. Companies can no longer consider the Big 4 as trusted advisors and are reluctant to ask
them for advice.
c. There is more of an adversarial relationship between the auditors and their clients.
3. Some European companies are delisting from the U. S. exchanges:
There are 470 non-U. S. companies listed on the NY Stock Exchange, with a combined market
capitalization of $3.8 trillion, or 30% of the total exchange’s capitalization. Many are ques-
tioning whether it makes sense to stay listed in the United States.
4. Smaller companies are fed up and going private:
The significant cost of complying with Sarbanes has resulted in many small companies going
private and has held off several public offerings of small businesses.
According to a Wall Street Journal report,48
400 U.S. public companies have “deregistered”
their stock and gone private since Sarbanes. A survey of some of those companies suggested
that many of the advantages of staying public no longer exist including:
1. Access to public market capital is no longer important: Private capital is abundant from
sources including venture capital companies due to the availability of real time information;
48
As published in So, Why Be Public? (CFO)
Audit Engagement Developments
169
investors can provide private capital to companies without the need of the public markets to
monitor those companies.
2. Smaller public companies do not benefit from the public markets like the larger companies
do: Larger companies such as General Electric and Microsoft benefit from the public
markets through liquidity and coverage from analysts. Smaller to mid-sized companies do
not receive the needed liquidity from the public markets as institutional investors ignore
them, and analysts and banks do not give them adequate coverage due to lack of significant
investment banking fees.
3. Private companies can now attract top executive talent as many CEOs and CFOs would
prefer to work for a private company in the wake of the Sarbanes requirements: Many
CEOs and CFOs are concerned about the personal legal liability and risks to personal
reputation associated with working for a public company.
4. The direct and indirect costs of staying public exceed the benefits: Both the financial and
regulatory costs of staying public continue to increase with Sarbanes. Because most public
investors do not understand the financial information they receive from public companies,
they are more inclined to sue the companies upon being injured.
According to Grant Thornton, the number of U. S. public companies announcing privatization
plans increased 30 percent since Sarbanes-Oxley Act became effective.49
The typical successful going private transaction that has occurred involves:
a. A relatively small company with revenues around $80 million and a market
capitalization of $40 million
b. Fairly inexpensive price per earnings ratio (5.5 times EBITDA)
c. A company in the consumer, information technology, or industrials sectors
d. An acquisition by management using private capital
In the SEC’s recent report50
, respondents were asked a serious of questions related to Section
404 compliance. 69.7 percent stated that they somewhat or very seriously considered going
private and 77 percent stated they considered delisting, due to Section 404.
These results are consistent with other surveys which demonstrate that smaller SEC companies
are disenchanted with the additional compliance required by Sarbanes with particular
frustration with Section 404 requirements.
49
More Small to Mid-Size Public Companies Contemplating Going Private (Grant Thorton) 50
Study of the Sarbanes-Oxley Act of 2002 Section 404 Internal Control over Financial Reporting Requirements, SEC,
September 2009.
Audit Engagement Developments
170
What is the cost to stay public?
According to one study, the estimated total costs of a company with less than $1 billion of total
sales staying public was $2.8 million and more than $11 million for a company with more than
$1 billion of sales.
Key elements of total costs were audit fees and lost productivity from Sarbanes as summarized
in the following chart:
Cost of Staying Public Annual sales level
Under $1
billion
$1 billion
or more
D&O insurance $356,000 $1,820,000
Audit fee 1,184,000 5,800,000
Legal fees 200,000 226,000
Board fees 371,000 743,000
Lost productivity compensation 290,000 2,460,000
Other Sarbanes costs 177,000 222,000
Corporate governance set up costs 241,000 226,000
Estimated total costs $2,819,000 $11,497,000
Source: The Cost of Being Public in the Era of Sarbanes-Oxley, Foley and Lardner, LLP
Observation: The table illustrates the significant cost of being public in the Sarbanes
environment. Although overall Sarbanes-Oxley costs have leveled off, the total cost calls into
question whether it is worth it to remain or become a public company.
For the smallest of public companies, those with annual sales of less than $250 million, the
burden of staying public is most great and disproportionate to sales. In particular, one study
showed that the cost of complying with Section 404 costs a company with sales of less than
$250 million is disproportionately high at $1.56 million, while that cost increases to only $2.4
million for companies with sales in the $1 to 2 billion range.51
5. Board members are concerned about Sarbanes and now Dodd-Frank
If you were asked to become a member of the Board of Directors of an SEC company, would
you? Would you accept a position on that company’s audit committee?
Many existing board and audit committee members are asking this question in light of the
recent changes made by the Sarbanes-Oxley Act. In the post-Act environment, serving as a
board member or on a company’s audit committee may not be worth it for several reasons:
51
A.R. C. Morgan study
Audit Engagement Developments
171
1. Under the Act, in the wake of the recent scandals, board and audit committee
members are required to spend much more time in their capacity focusing on the new
corporate governance rules and examining more data. Board members are finding it
difficult to find adequate time to serve on multiple boards at the same time.
2. The Act precludes board and audit committee members from receiving any personal
benefit from the company that it serves. The days of receiving consulting fees or
contracts from the company that is served are gone.
3. Liability claims against board and audit committee members have risen.
4. Additional travel requirements are playing a toll on board and committee members.
5. Directors and Officers (D&O) insurance coverage is lacking.
For some board and audit committee members, the additional effort and risk relative to the
compensation is simply not worth it. Consequently, many companies are having trouble
attracting the best and brightest to serve on their boards. In a recent Wall Street Journal article,
one board member noted that he would spend an additional 100 to 200 hours per year (total of
300 hours) serving as a board member as compared with prior years.52
What is the basis for lawsuits against board members?
Under Sarbanes, lawsuits have focused on three sections of the Act, including:
1. Section 404: Directors’ and officer’s assessment of internal controls
2. Section 204: Auditor’s reports to audit committees
3. Section 302: Corporate responsibility for financial reports
Observation: One particularly disturbing case related to Cray, Inc. Management notified the
SEC that it uncovered material deficiencies in eight of its internal controls. Deloitte & Touche
noted the material weaknesses in its Section 404 report. The shareholders filed a class-action
lawsuit alleging that the audit committee violated sections of Sarbanes and that they knew
about the problem and did not take action. The company’s management denied wrongdoing in
response to the suit.
What about D&O insurance?
“I lie awake sleepless at night worried that I might lose my house due to some stupid
class-action suit and there’s not enough insurance to cover claims against the Board.
Frankly, I would rather resign and play golf!”
Worried Board Member of SEC Company
52
Meetings, Meetings, Meetings (Wall Street Journal)
Audit Engagement Developments
172
In recent years, the scope of D&O insurance coverage has shrunk while its cost has risen. The
greatest risk for board members is that a claim will not be covered by the D&O policy thereby
exposing members to personal liability. This risk is real and has resulted in many qualified
persons choosing not to accept positions on boards of public companies. One recruitment firm
noted that close to 30 percent of 1,000 respondents to an annual directors’ survey had turned
down board member invitations as compared with only 13 percent in the pre-Sarbanes years.53
One example was the settlement of WorldCom in which $55 million of claims were funded by
only $35 million of D&O insurance coverage, leaving board members with $20 million of
personal liability.
The result is that board members are paying more attention to the coverage found in the
company’s D&O policy.
Those looking into their D&O insurance coverage are startled by what they find:
1. No major insurance carrier offers compliance-specific insurance products such as those
required by Sarbanes-Oxley’s section 404.
2. Some policies exclude coverage for negligent acts under Sarbanes while others include
such coverage if there is a compliance-related claims coverage provision.
3. Some policies pay for compliance-related claims, such as those from section 404, but do
not include the SEC and other penalties and fines that relate from such claims.
4. Some policies cover claims initiated based on acts occurring during the covered period.
Example: An act that occurs in 2011 and brought in 2013 might not be covered by a
policy in effect for 2011.
5. Some policies include a “defense allocation” provision that allows the insurance
company to pay only a portion of legal defense costs when a litigant alleges both
covered and non-covered claims.
In some cases, directors are required to spend their own money to pay for a portion
of the legal bills in court cases.
In the post-Sarbanes era, the cost of D&O insurance has actually increased right after
Sarbanes-Oxley in 2002 and 2003, and then has decreased each year through 2011: 54
In
particular:
53
Survey conducted by Korn/Ferry, a recruitment firm. 54
Directors and Officers Liability: Survey, Tillinghast/Towers Perrin, and Quarter D&O Insurance Pricing Index, Aon
Insurance Company.
Audit Engagement Developments
173
D&O insurance premiums rose by approximately 33 percent from 2002 to 2003.
Premiums dropped by 46 percent from 2004 to 2006 and dropped another 5 to 7 percent
in 2007 and 2008.
Premiums declined slightly in 2009 and 2010 as the number of lawsuits filed declined.
In 2011, premiums continued to decline by approximately 2 percent55
.
The risk of shortfall in D&O insurance
There are two types of D&O insurance: Side A which covers the directors and Side B which
covers the company. Many companies increase Side A coverage because the company may not
be able to indemnify the directors itself due to a lack of net assets or due to state law
precluding companies from doing so. Additionally, if shareholders bring a suit against directors
and officers on behalf of the company, the company is precluded from indemnifying the
directors and officers for legal-defense costs. Thus, the directors get their own Side A
insurance and the company pays the premium. According to one insurance company, only 9
percent of directors and officers received partial or no indemnification from their companies
when charged in securities-litigation cases.56
Few directors and officers have had to fund claims personally. Perhaps the most shocking
exception is WorldCom where eleven former board members settled a claim against them that
resulted in their paying $20.2 million out of their own pockets. The D&O insurance paid the
remainder of the claim in the amount of $35 million. Other third parties, including more than a
dozen banks have already agreed to settlements aggregating $6 billion in total. There may also
be additional claims against directors and officers at Enron.
What every director needs to know about the post-Sarbanes environment
The landscape for directors has changed in the post-Sarbanes environment. Not only are
directors having to invest more time into their duties, but they also face the unknown of having
to be responsible for a set of rules under Sarbanes-Oxley, that have not been clarified by the
SEC, PCAOB and the courts.
In one article entitled, What Every Director Should Know About the New Environment, the
author makes the following observations about directors operating in today’s business climate.
1. The Board’s role in setting the tone for an organization’s culture and its ethics has
become increasingly more important.
55
Advisen, Ltd. 56
Tillinghast Co.
Audit Engagement Developments
174
2. With greater emphasis being placed on Sarbanes compliance, board members need to be
concerned about applying a “check the box” approach and reading the rules too
narrowly.
3. The courts, in particular those in Delaware, are now shaping a new set of rules defining
the “good-faith obligation” of directors.
4. There are generally two parts to the good-faith obligation:
a): Duty of loyalty and care.
5. Courts are looking at directors’ behavior more closely than ever.
a) Board members need to:
Come to board meetings prepared
Have thorough discussions in the boardroom
Ask hard questions of management
Apply sound judgment to make the right decisions.
6. Board members must be actively engaged to search for outside information about their
company.
Note: The courts are holding that simply relying on company-generated information is
insufficient.
7. Board members need to be educated on important “hot” topics such as executive
compensation, etc.
8. There is greater pressure being placed on ensuring there is a separation between the
CEO and chairman of the board.
9. There is greater importance on boards establishing a strong succession plan for its CEO
and other executives.
What do the directors think about the new environment?
PWC published a study entitled, What Directors Think. The study was based on interviews of
more than 1,200 corporate directors about how they are coping with the new demands on their
time and talent.
Excerpts from the study follow:
a. Director compensation has increased for 60% of the respondents over the past 12
months.
Audit Engagement Developments
175
b. 92% believe the audit committee chairman should receive additional compensation.
c. 77% believe that Congress should revisit Sarbanes-Oxley Act and correct some of the
unintended consequences.
d. 82% believe their companies are ready for Section 404 of Sarbanes-Oxley.
e. 75% state their former CEO should not sit on the board.
f. 68% state that they believe their risk as a director has increased over the past 12 months.
In an article entitled “Things to Do When Asked to Serve as a Director/Audit Committee
Member (Besides Saying “No”), the author provides some valuable insights into the future
roles of audit committee and board members:
1. Audit committees bear increasingly greater responsibilities and public exposure these
days, and committee members’ duties are becoming more complex.
2. Audit committee members have greater exposure to litigation than Board members, yet
do not get paid as much or not at all.
3. Audit committees should take several actions to protect themselves:
a. Always meet prior to each quarterly release to oversee the process.
b. Make sure the audit committee and board are involved in reviewing the MD&A.
c. Meet with the auditors.
4. Indemnification, exculpation and D&O insurance:
a. Make sure that the company has adequate insurance and that the duties and functions
are limited.
The challenges of the audit committee
A role of greater risk than serving on the company’s board is serving on its audit committee.
In fact, the role of the audit committee chairman is by far, the riskiest of all board members.
Historically, in the pre-Sarbanes environment, the audit committee, in particular its chairman,
is responsible for safeguarding the integrity of the company’s financial controls and
disclosures. Now, under the Act, that responsibility has been enhanced with new corporate
governance rules. In particular, audit committees must do the following:
a. Select and hire the external auditors
Audit Engagement Developments
176
b. Review internal controls
c. Resolve accounting disputes and monitor disclosures
d. Select one audit committee member to be a designated “financial expert” who is
familiar with GAAP.
Another study asked board members to identify those areas of concern. The respondents listed
the following risks (other than financial risks) as being most important.
Type of risk
%
Respondents
Regulatory compliance risk 68%
Reputational risk 54%
IT risk 33%
Product risk 32%
Fraud risk 27%
Concerns About Risks Confronting Boards, Eisner, LLP
6. CEOs and CFOs beware- the “deer in headlights” defense does not work
In a criminal case, is an effective defense strategy for the CEO or CFO to claim he or she did
not know what was going on inside the company? Apparently this approach is not work as
evidenced by recent cases.
First there was Bernie Ebberts, former WorldCom CEO. Ebberts was found guilty of securities
fraud, conspiracy, and seven counts of filing false statements with the SEC and received a life
sentence.
What is most important about this case is not the verdict but rather the fact that the jury
repudiated the “aw shucks” defense made by Ebbers. Others may call it the “deer in
headlights” defense.
Specifically, Ebbers asserted that he was not aware of the billions of dollars of improper
accounting adjustments being made and that as the CEO of a sizeable company, he was not
responsible for the details that occurred below his position. 57
The fact that Ebbers was such a
detail-oriented executive that kept track of the cost of office coffee filters did not help his
defense.
CEOs are on notice that basing a defense on the fact that the CEO did not know the details
might not be sufficient to persuade a jury of the CEO’s innocence.
57
AccountingWeb.Com.
Audit Engagement Developments
177
A second involved the high-profile Kenneth Lay, former CEO of Enron. Lay took a similar
defense during his trial during which he claimed not to know what was going on inside his own
company. He also was found guilt of various securities laws. Lay died before being sentenced.
What is the moral of the story? It appears that juries want executives to be responsible for
what goes on in their companies. Claiming that a company is too large and that other
executives and employees are responsible for the details is not a sufficient defense in the event
of a criminal securities law violation.
7. The continued trickle down effect of Sarbanes on nonpublic entities
When Sarbanes was adopted in 2002, the Congressional record stated that it was not intended
to be applied to any organization other than public companies. Yet, the opposite effect is
occurring.
As expected, Sarbanes has indirectly impacted accountants and auditors at all levels for several
reasons:
a. There has been and continues to be a major increase in the number of new GAAP and
GAAS statements being issued that apply to all entities, public and nonpublic, alike. For
example, FIN 46R dealing with consolidation of variable interest entities is a direct result
of requirements under Sarbanes Oxley focused on public companies.
b. Many states have adopted portions of the Sarbanes-Oxley Act in their accountancy acts
with those provisions applying to all auditors, including those that audit nonpublic entities.
1) At least 25 states have passed some legislation that applies some portions of Sarbanes to
nonpublic entities and their auditors.
2) New York, California, Connecticut and New Jersey have been the most active in
proposing or passing portions of Sarbanes for their states.
c. With the increase in audit and accounting rules, auditors continue to be required to perform
more audit work the cost for which may be difficult to pass on to clients in fixed-fee
engagements.
d. 87% of respondents to a survey felt that Sarbanes had impacted their organization. (97%
of non-profits were impacted).
Audit Engagement Developments
178
The Trickle Down Effect of Sarbanes-Oxley to Auditors of Non-Public Companies
At the state level, several states have introduced legislation that adopts portions of the
Sarbanes-Oxley Act into their state accountancy acts. Although the Sarbanes-Oxley Act affects
SEC auditors only, many states are applying its provisions across the board to all auditors,
including those who audit nonpublic entities.
Many states have adopted several elements of Sarbanes applicable to all accountants and
auditors, including those for private companies. Some of the more common changes either
passed or pending include:
Requiring a mandatory workpaper retention policy of seven years
Changing financial statement fraud from a misdemeanor to a felony
Changing the accountancy board makeup so that CPAs make up a minority of the board
members
Restricting accountants and auditors from performing certain nonattest work for their
attest clients
In addition, the changes made by the PCAOB to auditing standards at the public company
level, has resulted in a more aggressive Auditing Standards Board issuing numerous new
auditing standards affecting only nonpublic company auditors.
Some private companies have voluntarily adopted some Sarbanes provisions
Sarbanes-Oxley Act of 2002
More GAAP and GAAS
pronouncements issued
by the FASB and ASB
State Accountancy
Acts being changed to
include certain
Sarbanes-Oxley
provisions for ALL
auditors
More audit work in a
fixed-fee environment
Audit Engagement Developments
179
One survey suggested that some private companies have chosen to adopt certain segments of
Sarbanes for various reasons. Some outside auditors, board members and third parties have put
pressure on companies to adopt portions of Sarbanes.
Following is a summary of one survey noting the source of pressure on private companies to
adopt certain provisions of Sarbanes:
Observation: The results of the survey illustrate that in approximately one third of the cases,
outside auditors were the source of pressure on private companies to adopt portions of
Sarbanes.
Another point made by the survey and not included on the above-noted table is that non-profits
are more likely to voluntarily implement portions of Sarbanes (80%) as compared with private
for-profit organizations (64%).
Which Sarbanes provisions have been adopted by private companies?
In general, private companies have adopted the least expensive provisions of Sarbanes which
were estimated to be approximately $159,000 for for-profits and $104,000 for non-profit
organizations. Few, however, have adopted the stringent Section 404 compliance requirements.
The most popular Sarbanes provisions adopted include:
Private Companies Adopting Provisions of Sarbanes:
Source of Pressure
Party % of cases
Customers 14%
Lenders 13%
Insurance companies 5%
Investors 4%
Outside auditors 36%
Board members 46%
Self-imposed 70%
Source: The Impact of Sarbanes-Oxley on Private &
Nonprofit Companies, Foley & Lardner LLP
Audit Engagement Developments
180
Sarbanes Provisions Adopted by Private Companies
%
respondents
Implement
Audited financial statements 93%
Establish a corporate ethical code 88%
Disclosure of critical accounting policies and estimates 73%
Disclosures of off-balance sheet and contingent liabilities 81%
Establish independent directors 82%
Establish an audit committee 84%
Board approval of non-audit services 71%
Establish whistle-blower procedures 70%
CFO/CEO financial statement certification 59%
Note: The above percentages represent an entire pool of private companies surveyed. A closer
look suggests that Sarbanes is more important to larger private companies ($300 million and
more of sales) than smaller ones (less than $300 million). For example, 94 percent of larger
private companies either have or plan to establish an independent board of directors while only
72 percent of smaller companies do.
Additionally, there is more action to implement segments of Sarbanes among non-profits
where there are a greater number of stakeholders.
8. CFOs want to change Sarbanes
CFOs and other financial executives were asked to respond to the following questions in a
recent survey.
Which of the following statements about Sarbanes-Oxley are true for you?
Complying with Sarbanes has made my job less satisfying 49%
Sarbanes has significantly increased my workload 75%
Sarbanes has made me consider a career outside of finance 16%
Sarbanes has elevated the stature of my job within the company 26%
Sarbanes will be good for my career 29%
None of the above 8%
If Congress were to revisit Sarbanes-Oxley, what three provisions would you like to see
substantially revised or repeated?
Section 404 internal control assessment 74%
Section 409 real-time issuer disclosures 43%
Section 201 limits on services audit partner can provide 41%
Section 203 audit-partner rotation 28%
Section 302 executive certification of financial reports 24%
Section 406 senior executive code of ethics 10%
Section 806 whistle-blower protection 10%
None 19%
Audit Engagement Developments
181
How would you revise Section 201 limits on services audit partner can provide?
Allow audit partners to provide a client with unlimited services 8%
Allow audit partners to provide some additional consulting services, but
not tax
33%
Drop it 7%
Leave as is 48%
How would you revise Section 203 audit partner rotation every 5 or 7 years?
Require audit-partner rotation later (such as every 10 years) 18%
Require audit partner rotation every 3 years 9%
Drop it 18%
Leave as is 57%
How would you revise Section 302 executive certification of Financial report?
Lessen penalties for violations 8%
Require board members to also certify financial reports 15%
Allow executives to certify to best of knowledge and belief 55%
Have quarterly certifications apply only to charges in disclosure controls
and procedures
26%
Drop it 2%
Leave as is 29%
How would you revise Section 404 and its related Auditing Standard No. 2?
Require attestation/remediation of internal controls less often, such as
every 3-5 years
46%
Allow for greater input from independent auditor before attestation
phase
48%
Drop requirements that auditors review management’s assessment of
internal control
22%
Allow auditors to rely more on work of internal auditors 60%
Raise threshold of what constitutes a significant deficiency 70%
All costs of Section 404 to be capitalized 11%
Drop it 12%
Leave as is 5%
Would you favor or oppose a proposal to require the rotation of audit firms?
Favor 20%
Oppose 64%
Not sure 15%
What one provision of Sarbanes has been the most beneficial to your company/
shareholders?
Section 404 internal-control assessment 35%
Section 302 executive certification of financial reports 20%
Section 406 senior executive code of ethics 8%
Section 806 whistle blower protection 7%
Audit Engagement Developments
182
Section 201 limits on services audit partner can provide 3%
Section 409 real-time issuer disclosures 3%
Section 203 audit-partner rotation 0%
None 23%
What one provision of Sarbanes has been the least beneficial to your company/
shareholders?
Section 404 internal-control assessment 24%
Section 203 audit-partner rotation 22%
Section 201 limits on services audit partner can provide 12%
Section 409 real-time issuer disclosures 11%
None 11%
Section 806 whistle blower protection 8%
Section 302 executive certification of financial reports 6%
Section 406 senior executive code of ethics 5%
Do you think having to comply with Sarbanes has affected your company’s
earnings performance?
Yes 67%
No 33%
If yes, by what percentage?
All companies (2.9%)
Companies under $500 million in revenue (4.5%)
Companies with $500 million or more in revenues (2.1%)
CFO Magazine survey of 237 financial executives
9. The move to dump the PCAOB fails
Sarbanes-Oxley established the Public Company Accounting Oversight Board (PCAOB)
which acts as overseer of public company audits. Since its inception in 2003, much of the
criticism of Sarbanes has rested with the PCAOB and the issuance of its strict overreaching
auditing standards For auditors of SEC companies.
Until recently, it appeared payback was in the works with a court case that could have
eliminated the PCAOB, altogether.
In December 2009, the United States Supreme Court heard a critical case involving an attempt
to dissolve the PCAOB on the grounds that it is unconstitutional.
The case started in 2006 with The Free Enterprise Fund and a Nevada CPA firm, Beckstead
and Watts, LLP, filing a lawsuit that challenged the legal authority of the PCAOB. Although
several legal arguments were made, the crux of the case was that the PCAOB violates Article
II of the U. S. Constitution, referred to as the appointments clause. The plaintiff asserted that
the PCAOB comes under Article II and therefore must be appointed by the President of the
Audit Engagement Developments
183
United States with the consent of the U. S. Senate, and not the SEC. Under the current system,
the PCOAB is a non-governmental body that is appointed by and reports to the SEC, with the
President having no direct control over the PCAOB. The only way that the President can
assert control over the PCAOB is the threaten to fire the SEC Chairman if he or she does not
exert pressure over the PCAOB.
What initiated the litigation was criticism by the PCAOB of a CPA firm’s inspection report.
The firm alleged that the PCAOB was not a legal body and had no right to perform any
inspections of public company auditors.
A second underlying issue that drove the lawsuit was the claim that the costs for small public
companies to operate under Sarbanes and the PCAOB are unreasonably high and force such
small companies out of business, delist, or move to a foreign country exchange.
The plaintiffs lost the case as well as the appeal in the U. S. Court of Appeals (in D. C.),
leading to the ultimate showdown in the United States Supreme Court.
Finally, in 2010, the Supreme Court ruled 5 to 4 retained the legitimacy of the PCAOB by
confirming that the President has “adequate control” over board-member appointments at the
PCAOB. The Court ruling also confirmed that the SEC’s commissioners can remove PCAOB
board members.
XX. The Impact of Dodd-Frank on Auditors
In 2010, the President signed into law the Dodd-Frank Wall Street Reform and Consumer
Protection Act. The two primary goals of Dodd-Frank are to lower the systemic risks to the
financial system and enhance consumer protections.
Dodd-Frank makes monumental changes to many aspects of the financial services industry.
Embedded in Dodd-Frank is a series of disclosures that public companies will be required to
disclose in many of their public reports including those issues quarterly, annually and proxy
statements. Obviously, auditors and board members must be aware of the disclosures:
1. Section 951: Shareholder vote of executive compensation: Not less frequently than once
every three years, there shall be a shareholder vote to approve the compensation of
executives
2. Section 952:
a. Independence of compensation committee members: Each member of the
compensation committee of the board of directors of an issuer must be a member of
the board of directors and be independent.
Audit Engagement Developments
184
b. Independence of compensation committee advisers: The compensation committee of
an issuer (public company) may only select a compensation consultant, legal
counsel, or other adviser to the compensation committee who is independent.
3. Section 982: Makes auditors of broker-dealers subject to Public Company Accounting
Oversight Board (PCAOB) oversight.
In addition, Dodd-Frank provides a series of required disclosures that auditors and board
members should understand. Following is a chart that summarizes those disclosures.
New Disclosures Under Dodd-Frank Act
Section and required disclosure When required Section 942: Requires issuers of asset-backed securities, at a
minimum, to disclose asset-level or loan-level data, including:
data having unique identifiers relating to loan brokers
or originators
the nature and extent of the compensation of the broker
or originator of the assets backing the security, and
the amount of risk retention by the originator and the
securitizer of such assets.’’
Registration statements
Section 951: Requires disclosure of:
any agreements that a company has with its executive
officers concerning any compensation that a company
will pay out to its executive officers that is based on
the acquisition, merger, consolidation, sale, or
disposition of substantially all of the assets, and
the total compensation that may be paid and the
conditions upon which it will be paid
Proxy or consent material
Section 952: Requires disclosure of whether:
a company’s compensation committee retained or
obtained the advice of a compensation consultant, and
the work of the compensation consultant has raised any
conflict of interest and, if so, the nature of the conflict
and how the conflict is being addressed.
Proxy or consent material
Section 953: Require disclosure of:
the median of the annual total compensation of all
employees of the issuer, except the chief executive
officer (a)
the annual total compensation of the chief executive
officer (or any equivalent position) of the issuer (b),
and
the ratio of (a) to (b).
Proxy or consent material
Audit Engagement Developments
185
Section 955: Requires disclosure as to whether any employee
or member of the board of directors is permitted to purchase
financial instruments that are designed to hedge or offset any
decrease in the market value of equity securities:
granted to the employee or member of the board of
directors as part of the company compensation, or
held, directly or indirectly, by the employee or member
of the board of directors.
Proxy or consent material
Section 1502: Requires disclosure when a company uses
“conflict minerals” (gold, wolframite, columbite-tantalite, etc.)
that are necessary to the functionality or production of its
product (such as jewelry manufacturing, etc.):
whether conflict minerals originated in the Democratic
Republic of the Congo (DRC) or an adjoining country.
Note: If “conflict minerals” did originate in the DRC,
the company must submit an audited report to the SEC
that includes a description of the measures taken to
exercise due diligence on the source and chain of
custody of such minerals.
a description of the products manufactured that are not
DRC conflict free, the entity that conducted the
independent private sector audit, the facilities used to
process the conflict minerals, the country of origin of
the conflict minerals, and the efforts to determine the
mine or location of origin with the greatest possible
specificity.
Note: “DRC conflict free” means products that do not
contain minerals that directly or indirectly finance or
benefit armed groups in the Democratic Republic of the
Congo or an adjoining country).
Annual reports and filings
Section 1503: If a company or its subsidiary is an operator of
a coal or other mine, the company must disclose the
following:
1. For each coal or other mine:
the total number of violations of mandatory health or
safety standards that could significantly and
substantially contribute to the cause and effect of a coal
or other mine safety or health hazard for which the
operator received a citation from the Mine Safety and
Health Administration
the total number of orders
Quarterly and 8K reports
Audit Engagement Developments
186
the total number of citations and orders for
unwarrantable failure of the mine operator to comply
with mandatory health or safety standards
the total number of flagrant violations
the total number of imminent danger orders issued
the total dollar value of proposed assessments from the
Mine Safety and Health Administration
the total number of mining-related fatalities
the receipt of an imminent danger order issued by the
Federal Mine Safety and Health Act, and
the receipt of written notice from the Mine Safety
and Health Administration that the coal or other mine
has a pattern of violations of mandatory health or
safety standards that are of such nature as could have
significantly and substantially contributed to the cause
and effect of coal or other mine health or safety
hazards, or the potential to have such a pattern.
2. A list of such coal or other mines, of which the company or
its subsidiary is an operator, that receive written notice
from the Mine Safety and Health Administration of:
a pattern of violations of mandatory health or safety
standards that are of such nature as could have
significantly and substantially contributed to the cause
and effect of coal or other mine health or safety
hazards, or
the potential to have such a pattern.
3. Any pending legal action before the Federal Mine Safety
and Health Review Commission involving such coal or
other mine.
Section 1504: Requires each resource extraction company (oil,
natural gas, or minerals) to disclose any payment made by the
company (directly or indirectly) to a foreign government or the
Federal Government for the purpose of the commercial
development of oil, natural gas, or minerals, including:
the type and total amount of such payments made for
each project of the resource extraction issuer relating to
the commercial development of oil, natural gas, or
minerals, and
the type and total amount of such payments made to
each government.
Annual reports and filings
Source: Dodd-Frank Wall Street Reform and Consumer Protection Act (2010)
Audit Engagement Developments
187
There are other bills pending that would require companies to disclose information ranging
from political contributions to details about business dealings with Iran.
Observation: As you look at the list of disclosures required in Dodd-Frank, few of them have
anything to do with providing meaningful information to investors. Instead, information such
as the purchase of conflict minerals in the Democratic Republic of Congo, or the safety record
of coal mine operators, are politically charged and most likely forced into the Dodd-Frank law
by constituents with an agenda. Because Congress funds the SEC, it can use the SEC to force
public companies to adopt certain actions to avoid being “shamed” through public disclosure.
For example, shareholders of a diamond company may not care whether the company
purchases diamonds from the Congo as long as the company is profitable and stock price
remains high. Now change that fact as the company is required to disclosure that it purchases
certain materials from the Congo. Once that disclosure becomes public, stakeholders may
place pressure on the company to change its policy to avoid the publicity that may result from
the disclosure. Similarly, it should be irrelevant how much a company pays its executives in
relation to its employees as executive compensation is generally the responsibility of a
company’s board of directors who, in turn, represent the shareholders. Section 953 of Dodd-
Frank adds a new disclosure in which a company is required to disclosure the ratio of
compensation made to its employees as a multiple of executive compensation. Why is this
information relevant if the company has a board of directors? The answer is that it is not
relevant and is required solely to appease certain groups that believe executives are overpaid.
In light of the recent expansion of company disclosures lead by Dodd-Frank, one has to ask
where disclosures are headed and whether Congress, through the SEC, will continue with its
effort to expand company disclosures as a means to promote a political agenda instead of doing
its job, which is to protect investors within the marketplace.
XXI. Whistleblowing- The New Profession Acts Like the Oldest
Profession
As the author discussed earlier in this course, one of the most effective ways in which a
company can prevent fraud is to have a tip hotline of whistleblowing mechanism within the
organization.
In the 2010 Report to the Nation, by the Association of Certified Fraud Examiners supports the
effectiveness of a company having an employee hotline and/or whistleblowing mechanism:
1. In 38% of the cases reported, the initial method of fraud detection was tips or
whistleblowing from various sources.
Audit Engagement Developments
188
2. In those cases where companies had implemented a tip hotline and whistleblowing
mechanism, the median fraud loss declined from $245,000 to $100,000, or a 59%
reduction.
3. Granting rewards for whistleblowing is ranked as the number one most effective control
in detecting and limiting financial statement fraud schemes, while having a fraud hotline
is ranked number three.
There is heightened pressure on public companies to establish effective anonymous hotlines
and whistleblowing systems, including compensation for coming forward as a whistleblower.
1. Section 806 of Sarbanes-Oxley provides whistleblowing protection for employees of
public companies in that it:
a. Prevents a company from discharging, demoting, suspending, threatening, harassing,
or discriminating an employee for providing information or assisting in an
investigation that the employee reasonably believes constitutes fraud, and
b. Requires a company to rehire an employee with back pay (and interest) if an
employee is violated for whistleblowing
c. Requires company boards to establish procedures for hearing whistleblowing
complaints.
2. Section 922 of Dodd-Frank expands the protections and offers financial incentives for
whistleblowers58
by:
a. Establishing a whistleblower rewards fund to pay awards to whistleblowers equal to
between 10-30 percent of the total collected when monetary sanctions exceeding $1
million are imposed on a public company for securities law violations that exceed
$1 million, based on information that is:
Derived from the whistleblowers original knowledge
Not known by the SEC from any other source, and
Not exclusively derived from any judicial or administrative hearing, or other
report or news media.
b. Providing legal remedies for an individual who alleges discharge or other
discrimination due to whistleblowing with such relief consisting of:
Reinstatement with the same seniority status that the individual would have
had, but for the discrimination;
58
Dodd-Frank defines a whistleblower as any individual (or individuals) who provide information to the SEC about a
company’s securities law violation. The definition expands well beyond an employee to any third party, investor, etc.
Audit Engagement Developments
189
Two times the amount of back pay otherwise owed to the individual, with
interest; and
Compensation for litigation costs, expert witness fees, and reasonable
attorneys’ fees.
Although whistleblowing can be useful, the legal remedies and rewards included in Sarbanes
coupled with those in the recently passed Dodd-Frank Act, provide employees with the means
by which to leverage certain proprietary corporation information for financial gain. In fact,
recent cases such that some employees are using the whistleblowing protections to retaliate
against management or to extract concessions in a contract negotiation or severance pay
package.
Two recent cases suggest that auditors or boards that ignore whistleblowers, do so at their own
peril.
In the first case, the State of New York v. Ernst & Young, the State of New York alleges that
Ernst & Young failed to disclose whistleblower allegations in connection with Lehman’s use
of Repo 105, among other matters.
Secondly, under obvious pressure from regulators, Renault inadvertently terminated several
employees based on information obtained from a whistleblower.
In the Ernst & Young case, the auditors received a letter from a whistleblower, sent to
Lehman’s audit committee. The auditors interviewed the whistleblower and dismissed the
allegations. Subsequently, in the State of New York, complaint, the plaintiff alleged that that
the auditor failed to disclose the results of the whistleblower’s interview to the Lehman audit
committee.
In the Renault case, a whistleblower claimed that a Renault executive was engaged in a bribe.
After an intensive investigation, Renault terminated three employees and announced publicly
it had evidence against them, even though there was no such evidence of any bribes or
improprieties. Subsequently, Renault admitted it had committed an error and has exonerated
the three employees.
It is obvious that the Ernst & Young, and Renault cases are examples at opposite ends of the
spectrum, with Ernst & Young being accused of not taking enough action in a whistleblower
case while Renault being criticized for being overly aggressive in handing its case.
With the financial incentives of Dodd-Frank, there is a new whistleblowing industry that has
cropped up including web sites, blogs, and law firms that advertise the represent
whistleblowers.
Is there an incentive for a whistleblower to overreact and report to the SEC prematurely?
Audit Engagement Developments
190
There is an obvious incentive for a whistleblower to be the first one to notify the SEC. Dodd-
Frank provides that in order for a whistleblower to collect his or her reward, the information
provided to the SEC must be fresh, meaning it must be a) derived from the whistleblowers
original knowledge, b) not known by the SEC from any other source, and c) not exclusively
derived from any judicial or administrative hearing, or other report or news media. Once
information is already divulged, the whistleblower’s information is stale and there is no
reward. Also, there is no real penalty for a whistleblower to exaggerate or to be wrong about
his or her allegation. Section 806 of Sarbanes-Oxley provides that an employee has to
“reasonably believe” there is a fraud in order to be protected from company retaliation.
How good is the financial incentive to whistleblow?
Dodd-Frank has certainly enhanced the financial incentive to whistleblow against a company
and to do it early. Dodd-Frank allows an employee-whistleblower who a company retaliates
against to receive two times the amount of back pay (including interest), and reimbursement of
compensation for litigation costs, expert witness fees, and reasonable attorneys’ fees.
The reward, itself, is 10-30 percent of the money that the SEC receives for a company’s
securities law violations that include fraudulent financial reporting, Foreign Corrupt Practices
Act (FCPA) violations, and insider trading, among others. Some violations, such as violation
of the FCPA can result in fines that are millions of dollars.
Is there an incentive for a company to offer a mechanism for employees to report a violation
to the company first, before going to the SEC?
The SEC is considering regulations that would allow an employee to whistleblow to a
company before going to the SEC and still collect the SEC reward. In providing this structure,
companies would be more likely to establish a corporate culture that promotes employees to
come forward with SEC violations, and allow companies to correct the actions internally.
However, such a structure would have to include a company-level financial incentive for
whistleblowers.
SEC’s Report on the Dodd-Frank Whistleblower Program
In August 2011, the SEC whistleblower rules found in the Dodd-Frank Act, were finalized
and became effective.
In November 2011, the SEC published its annual report on the Dodd-Frank Whistleblower
Program.59
The Report indicated that since August 2011, the SEC had received 334 tips
spanning 37 states and 11 foreign countries. Approximately 9.6 percent of the tips received
related to tips involving foreign companies.
59
Annual Report on the Dodd-Frank Whistleblower Program, Fiscal Year 2011 (November 2011)
Audit Engagement Developments
191
1. In the first seven weeks of available whistleblower data, 334 whistleblower tips were
received through September 30, 2011. The SEC fielded more than 900 whistleblower
calls from May 2011 through September 2011.
2. Forty seven (47) percent of the complaints received related to:
Market manipulation (16.2%)
Corporate disclosures and financial statements (15.3%), and
Fraud (15.6%).
3. California was the most active state, followed by New York, Florida and Texas.
4. At September 30, 2011, there was approximately $452 million in the whistleblower
fund available to pay out to whistleblowers.
Observation: Can one imagine the extent to which whistleblowers will be providing tips under
the SEC’s whistleblower program? In the first seven weeks of operation, there were 334 tips
submitted to the SEC. On an annualized basis, the amount would be approximately 2,500 tips
in its first year alone. With a fund balance of $452 million and presumably unlimited funds, the
SEC’s whistleblower program may become a full-time business for many disgruntled
employees seeking a sizeable payday at the expense of their employer. Another key point is
that there is no recourse against an employee or other party making a false claim under the
whistleblower program. Consequently, employees and others are incentivized to file tips with
the SEC even if those tips may not be valid.
Audit Engagement Developments
192
REVIEW QUESTIONS
Under the NASBA-AICPA self-study standards, self-study sponsors are required to present
review questions intermittently throughout each self-study course. Additionally, feedback must
be given to the course participant in the form of answers to the review questions and the reason
why answers are correct or incorrect.
To obtain the maximum benefit from this course, we recommend that you complete each of the
following questions, and then compare your answers with the solutions that immediately
follow. These questions and related suggested solutions are not part of the final examination
and will not be graded by the sponsor.
1. What does Section 404 of the Sarbanes-Oxley Act require:
a. In the company’s annual report to shareholders, management must state whether the
company’s internal controls are effective
b. Management of private companies must assess the effectiveness of the company’s
internal control over financial reporting
c. Audit reports must disclose both material weaknesses and significant deficiencies
d. The auditor must include in the company’s financial statements two opinions
2. In replacing Auditing Standard No. 2, which of the following was a criticism against
auditors in applying Standard No. 2 that the PCAOB and others note in the PCAOB’s
Policy Statement regarding implementation of Auditing Standard No. 2:
a. They were not applying a principles-based approach to test for compliance
b. They would not offer advice to clients
c. They were using individualized audit programs for each client
d. They were using uniform standards to determine “material weakness” thresholds
3. Based on historical data, the typical successful going private transaction involves:
a. A large company with revenues in the trillions
b. A company in the financial sector
c. Management using private capital for an acquisition
d. Fairly expensive price per earning ratio
4. Which of the following are correct facts related to D&O insurance:
a. Some policies include a defense allocation provision
b. In the post-Sarbanes era, the cost of D&O insurance has consistently decreased
c. All major insurance carriers offer compliance-specific insurance products such as those
required by Sarbanes section 404
d. All policies cover negligent acts under Sarbanes
Audit Engagement Developments
193
5. According to “What Every Director Should Know About the New Environment,” what are
the trends with respect to directors operating in today’s business climate:
a. Board members’ behavior is independent of a company’s actions
b. It is insufficient for board members to rely on company-generated information
c. The former rules defining directors’ “good-faith obligation” are sufficient
d. There should be a greater connection between the CEO and the chairman of the board
6. How does the Sarbanes-Oxley Act continue to affect accountants and auditors of nonpublic
entities:
a. All states are adopting the Act in their accountancy acts
b. For fixed-fee arrangements, auditors must perform more audit work
c. Fewer GAAP and GAAS statements are being issued for nonpublic entities
d. More companies are going public because of the Act
7. According to a recent survey, which Sarbanes provision are private companies
implementing at the greatest percentage:
a. Audited financial statements
b. CFO/CEO financial statement certification
c. Disclosure of off-balance sheet and contingent liabilities
d. Section 404 compliance requirements
8. Dodd-Frank makes several changes that affect both auditors and board members. Which of
the following is one of those changes:
a. No less frequently than once every three years, there shall be a shareholder vote to
approve executive compensation
b. No less frequently than once every five years, there shall be a board of directors vote to
approve dividends to be paid
c. Once every year, there shall be a shareholder vote to select the auditor
d. Once every two years, there shall be a vote of senior management to approve dividends
9. Which of the following is a change made by Dodd-Frank that affects whistleblowers:
a. Provides companies with a legal remedy if an employee makes a false claim as a
whistleblower
b. Allows for the reinstatement of an employment who whistle blows
c. Provides for five times the amount of any back pay
d. Allows an attorney to collect legal fees from a whistleblower
Audit Engagement Developments
194
SUGGESTED SOLUTIONS
1. What does Section 404 of the Sarbanes-Oxley Act require:
a. Correct. Section 404 of the Sarbanes-Oxley Act requires that management include
in the management’s conclusion of the company’s annual report to shareholders
whether, as a result of its assessment, the company’s internal controls are effective.
b. Incorrect. Section 404 of the Sarbanes-Oxley Act requires that management of a public
company (not a private company) assess the effectiveness of the company’s internal
control over financial reporting as of the end of the company’s most recent fiscal year.
c. Incorrect. Section 404 of the Sarbanes-Oxley Act requires that the audit report disclose
only material weaknesses and not significant deficiencies.
d. Incorrect. Section 404 of the Sarbanes-Oxley Act, as amended by AS5, requires that the
auditor issue one opinion on the effectiveness of internal control over financial reporting
that are included in the company’s published financial statements along with the audit
report on those statements.
2. In replacing Auditing Standard No. 2, which of the following was a criticism against
auditors in applying Standard No. 2 that the PCAOB and others note in the PCAOB’s
Policy Statement regarding implementation of Auditing Standard No. 2:
a. Incorrect. A criticism against auditors in applying Standard No. 2 was that auditors were
not applying a risk-based approach to test for compliance with Section 404.
b. Correct. A criticism against auditors in applying Standard No. 2 was that auditors
were taking too literal of a stance in not offering advice to clients in terms of
Section 404 compliance.
c. Incorrect. A criticism was that auditors were using one-size-fits-all audit programs with
standardized checklists that had little to do with the unique issues and risks associated
with a particular client’s financial reporting process.
d. Incorrect. A criticism was that auditors were using arbitrary, rather than uniform,
standards to determine when a company had reached the threshold of having “material
weaknesses” in internal control.
3. Based on the historical data, the typical successful going private transaction involves:
a. Incorrect. The typical successful going private transaction involves a relatively small
company with revenues around $80 million and a market capitalization of $40 million.
b. Incorrect. The typical successful going private transaction that has occurred involves a
company in the consumer, information technology, or industrials sectors.
c. Correct. The typical successful going private transaction that has occurred
involves an acquisition by management using private capital.
d. Incorrect. The typical successful going private transaction that has occurred involves
fairly inexpensive price per earning ratio (5.5 times EBITDA).
Audit Engagement Developments
195
4. Which of the following are correct facts related to D&O insurance:
a. Correct. Some policies include a defense allocation provision that allows the
insurance company to pay only a portion of legal defense costs when some of the
claims are covered and others are not under the policy.
b. Incorrect. In the post-Sarbanes era, insurance costs increased from 2002 to 2003, then
dropped from 2004 to 2011. Thus, the answer is incorrect.
c. Incorrect. Some, but not all, major insurance carriers offer compliance-specific
insurance products such as those required by Sarbanes section 404.
d. Incorrect. Some policies exclude negligent acts under Sarbanes, while others include it
in certain instances.
5. According to “What Every Director Should Know About the New Environment,” what are
the trends with respect to directors operating in today’s business climate:
a. Incorrect. Board members’ behavior has been looked at more closely than ever thereby
linking it to a company’s actions.
b. Correct. The courts have maintained that it is insufficient to rely on company-
generated information. Board members must search for information outside the
company to assist them in making decisions.
c. Incorrect. A new set of rules defining directors’ “good-faith obligation” is being shaped
by the courts that increases the responsibility to directors.
d. Incorrect. There should be a greater separation between the CEO and the chairman of
the board to ensure that the board is independent of management.
6. How does the Sarbanes-Oxley Act continue to affect accountants and auditors of nonpublic
entities:
a. Incorrect. Many, but not all, states are adopting the Act in their accountancy acts and are
requiring that the provisions apply to all auditors of nonpublic entities.
b. Correct. Due to the increase in audit and accounting work that has trickled down
from Sarbanes, accountants and auditors must perform more audit work. In fix-
fee engagements, they may have difficulty passing the additional cost onto their
clients.
c. Incorrect. More GAAP and GAAS statements are being issued that apply to both public
and nonpublic entities.
d. Incorrect. The Act has made going public less appealing for many companies.
7. According to a recent survey, which Sarbanes provision are private companies
implementing at the greatest percentage:
a. Correct. According to a recent survey, 93% of the respondents of private
companies are implementing audited financial statements.
b. Incorrect. Only 59% of the respondents of private companies are implementing
CFO/CEO financial statement certification.
c. Incorrect. Only 81% of the respondents of private companies are implementing
disclosure of off-balance sheet and contingent liabilities.
d. Incorrect. Due to the stringent Section 404 compliance requirements, few private
companies have adopted section 404.
Audit Engagement Developments
196
8. Dodd-Frank makes several changes that affect both auditors and board members. Which of
the following is one of those changes:
a. Correct. Dodd-Frank requires that not less frequently than once every three
years, there shall be a shareholder vote to approve executive compensation.
b. Incorrect. There is no provision dealing with five years, and no requirement for the
board to approve dividends to be paid at each five-year interval.
c. Incorrect. First, in general the board selects the auditor, and second there is no annual
requirement in Dodd-Frank.
d. Incorrect. The board of directors approves dividends and not senior management.
9. Which of the following is a change made by Dodd-Frank that affects whistleblowers:
a. Incorrect. Dodd-Frank provides whistleblowers, not companies, with a legal remedy if
an employee makes a false claim as a whistleblower.
b. Correct. Dodd-Frank allows for the reinstatement of an employment who
whisteblows in certain instances.
c. Incorrect. It provides for three times, not five times, the amount of any back pay.
d. Incorrect. It allows for a whistleblower to collect legal fees from a company who
violates Dodd-Frank.
Audit Engagement Developments
197
XXII. Peer Review
Recurring peer review comments
The following information was obtained from the Auditing Standards Board along with data
compiled by the AICPA Peer Review Program. Many of the following items were covered in
Risk Alerts, and continue to recur in practice year after year.
Significant engagement deficiencies
Failure to:
Appropriately qualify an auditor’s
report for a scope limitation or
departure from the basis of accounting
used for the financial statements.
Issue a report on compliance and
internal controls for audits subject to
Government Auditing Standards.
Disclose the lack of independence in a
compilation report.
Disclose the omission of substantially
all disclosures in a compilation that
omits disclosures.
Disclose the omission of the statement
of cash flows in financial statements
prepared in accordance with GAAP.
Disclose an other comprehensive basis
of accounting (OCBOA) for financial
statements compiled without
disclosures, where the basis of
accounting is not readily determinable
from reading the report.
Disclose, in the accountant’s or
auditor’s report, a material departure
from professional standards such as
the omission of significant income tax
provision on interim financial
statements, significant disclosures
related to defined employee benefit
plans, etc.
Departures from standard wording where the
report does not contain the critical elements of
applicable standards.
Issuance of an audit or review report when the
accountant is not independent.
Inclusion of material balances that are not
appropriate for the basis of accounting used.
Significant departures from the financial
statement formats prescribed by industry
accounting and auditing guides.
Omission of the disclosures related to
significant accounting policies applied (GAAP
or OCBOA).
Omission of significant matters related to the
understanding of the financial statements, such
as the cumulative material effect of a number
of deficiencies.
Improper accounting for a material transaction
such as recording a capital lease as an
operating lease.
Misclassification of a material transaction or
balance.
Failure to include a summary of significant
assumptions in a forecast or projection.
Failure to segregate the statement of cash
Audit Engagement Developments
198
Include a material amount or balance
necessary for the basis of accounting
used (examples include omission of
material accruals, failure to amortize a
significant intangible asset, provide for
material losses or doubtful accounts,
or to provide for material deferred
income taxes.)
flows into the categories of investing,
operating and financing.
Omission of significant required disclosures
related to material financial statement balances
or transactions.
Failure to disclose the cumulative effect of a
change in accounting principle.
Omission of the statement of income and
retained earnings when referred to in the
report.
Minor engagement deficiencies
Supplementary information:
Failure to report on supplementary
information.
Supplementary information was not
clearly segregated or marked.
Titles of supplementary information
did not coincide with the descriptions
and titles presented in the financial
statements.
Reports:
Minor departures from standard report
language.
Report did not cover all periods
presented.
Minor report dating departures.
Other:
Failure to accrue income taxes where
the accrual is not material.
Inclusion of the reference about the
omission of the statement of cash
flows for financial statements prepared
under OCBOA.
Failure to reference the accountant’s
report on each page of the financial
statements.
Disclosures:
Omitted or inadequate disclosures related to
minor account balances or transactions such as
inventory, valuation allowances, long-term
debt, related-party transactions, and
concentrations of credit risk.
Financial statement display:
Minor departures from the financial statement
formats recommended by industry accounting
guides.
Use of financial statement titles that are not
appropriate for the basis of accounting used.
Failure to include the title “Selected
Information- Substantially All Disclosures
Required by GAAP Are Omitted.” As
appropriate for the presentation of certain
selected disclosures.
Presentation of treasury stock in the financial
statements of a company that is incorporated
in a state that does not recognize treasury
stock.
Audit Engagement Developments
199
Failure to identify within the audit
report the country of origin.
Audit procedures and documentation:
Failure to:
Use a written audit program.
Tailor audit programs for specialized
industries or for a specific type of
engagement, such as significant areas
of inventory and receivable balances.
Request a legal representation letter, if
an attorney was consulted.
Obtain a client management
representation letter.
Include several components of a client
management representation letter
within the letter.
Document the auditor’s consideration
of the internal control structure.
Document key audit areas.
Document tests of controls and
compliance for engagements subject to
OMB Circular A-133.
Assess or document fraud risk.
Failure to:
Perform essential audit procedures required
by an industry audit guide.
Perform adequate tests in key audit areas.
Confirm significant receivables or document
appropriateness and utilization of other audit
techniques.
Assess the level of materiality and control
risk.
Document the nature and extent of analytical
procedures.
Review loan covenants.
Perform audit cut-off procedures.
Document communications between
predecessor and successor auditors.
Perform a review of subsequent events.
Test for unrecorded liabilities.
Observe inventory when the amount is
material to the balance sheet.
Audit Engagement Developments
200
Compilation and Review (SSARS) Procedures and Documentation:
Failure to:
Perform analytical and inquiry procedures
for a review engagement.
Document the matters covered in the
accountant’s inquiry and analytical
procedures on a review engagement.
Obtain a client management
representation letter for a review
engagement.
Include the required language in an
engagement letter on a management-use
only compilation engagement for
communicating the understanding of the
engagement for financial statements that
are prepared for management use only,
except for the failure to refer to the level
of responsibility on supplementary
information, which is not a significant
deficiency.
Attestation Procedures and Documentation:
Failure to:
Obtain a client management
representation letter for an examination
of internal control or regarding
managements’ assumptions for a pro
forma financial statement.
Appropriately label pro forma financial
information to distinguish it from
historical financial information.
Specific Common Financial Statement Deficiencies:
Assets:
Improper classifications between current
and long-term assets.
Investments in majority owned or
controlled subsidiary not consolidated.
Cash overdrafts shown as a negative
balance in the current asset section.
Accounts receivable shown on cash basis
financial statements.
Investments in debt and equity securities
not classified or measured correctly.
Statement of Income:
Income tax provisions not recorded on
interim financial statements.
Liabilities:
Improper classifications between current
and long-term debt.
Demand liabilities classified as long-
term.
Non-recognition of liability for
compensated balances (e.g., vacation
pay).
Non-recognition of capital leases.
Improper recognition of deferred
revenue.
Improper classification of deferred
income taxes.
Audit Engagement Developments
201
Reporting period not clearly identified.
Significant components of income tax
expense not disclosed.
Statement of Cash Flows:
Cash flow statement not categorized by
operating, investing and financing
activities.
Misclassification of activities, especially
between investing and financing
activities.
No disclosure of non-cash investing and
financing activities.
No disclosure of interest and taxes paid
for indirect method.
No reconciliation between net income
and net cash flow from operations.
Certain amounts in the statement of cash
flows did not agree with amounts
calculated from the comparative balance
sheets.
Cash flow statement not presented for
each period that statement of income is
presented.
Audit Engagement Developments
202
Incomplete and Missing Disclosures:
Significant accounting policies, such as
revenue recognition.
Basis of accounting other than GAAP.
Concentrations of credit risk.
Disclosures about fair value of financial
instruments.
Disclosures about risks and
uncertainties.
Components of receivables.
Components of inventory.
Disclosure of five-year debt maturities.
Related party transactions.
Leases.
Inadequate employee benefit plan
disclosures.
Inadequate disclosure about deferred
taxes.
Missing caption “Selected Information-
Substantially All Disclosures Omitted,”
where applicable.
Modifications to cash basis of
accounting.
Use of estimates.
Accounting policy on bad debts.
Nature of operations.
Information about concentrations of
products, services, customers, and suppliers.
Inadequate subsequent event disclosure of
significant unrealized stock market losses.
Interest expense.
Rent expense.
Investments.
Intangible assets.
Details related to long-term debt.
Preferred stock redemption requirements.
Details related to the components of capital
stock.
Details related to components of retained
earnings.
Restricted loan covenants.
Depreciation and amortization.
Cash equivalents.
Accrued compensation expense.
Advertising expense.
Income tax expense.
Terms and conditions of a commitment.
Details relating to pension plans.
Audit Engagement Developments
203
Common Functional Area Deficiencies- Engagement
Engagement performance:
Failure to:
Perform an adequate review of
working papers and/or the
accountant’s/auditor’s report and
accompanying financial statements
by the practitioner-in-charge of the
engagement prior to the issuance of
the auditor’s/accountant’s report.
Perform pre-issuance review of
engagement working papers and/or
reports and accompanying financial
statements by an independent party
not associated with the engagement
as required by firm policy.
Utilize a disclosure and reporting
checklist as required by firm policy.
Consult professional literature or with a
source outside the firm on reporting for a
specialized industry, which resulted in the
issuance of an incorrect audit report,
and/or financial statement disclosure or
presentation.
Use accounting/auditing practice aids
developed by third party providers as
required by firm policy, which resulted in
engagement deficiencies.
Use engagement letters for
accounting/auditing engagements as
required by firm policy.
Personnel management:
Failure of professional staff to take
adequate CPE in accounting and
auditing related subjects or specialized
industries, which resulted in disclosure,
reporting, and documentation
deficiencies on engagements selected
for review.
Monitoring:
Failure to:
Adequately implement the firm’s
monitoring policies and procedures.
Document the firm’s compliance with
policies and procedures for its system of
quality control as required by AICPA
Quality Control Standards.
Perform an annual inspection, including
the functional elements of quality control,
as required by firm policy.
Extend monitoring policies and
procedures to non-audit services such as
compilation and/or review engagements.
Audit Engagement Developments
204
Common Deficiencies Unique to Specialized Industries
Engagements subject to government auditing standards
Missing reports for internal control or
compliance.
Missing proper A-133 reports.
Required compliance testing not
performed.
Compliance and control tests not
adequately designed.
Inadequate or outdated reference
materials used.
Report on financial statements does not
refer to reports on controls and
compliance.
Yellow Book CPE requirements not met.
Improper accounting for a certain fund.
Failure to restrict the use of the
accountant’s report to the proper
governmental agency.
Not-for-profit organizations
Failure to:
Identify a voluntary health and
welfare organization.
Present a statement of cash flows.
Inadequate format, titles and
presentation of financial statements.
Incorrect classification of contributions
as unrestricted, temporarily restricted, or
permanently restricted.
Inadequate audit procedures to support
the statement of functional expenses.
Improper accounting for restricted funds.
Employee benefit plans
Inadequate testing of participant data
and investments.
Inadequate or missing disclosures
related to participant directed
investment programs, investments
and participant data.
Failure to understand testing
requirements on a limited-scope
engagement.
Inadequate consideration of
prohibited transactions.
Incomplete description of the plan and its
provisions.
Failure to properly report on a DOL
limited-scope audit.
Improper use of the limited scope
exemption because the financial
institution did not qualify for the
exemption.
Failure to properly report on the
supplementary schedules for ERISA and
the DOL.
Audit Engagement Developments
205
OCBOA financial statements
Failure to state the basis of
accounting and that the basis is other
than GAAP.
Failure to appropriately modify the
accountant’s report to reflect financial
statement titles that are appropriate
for OCBOA.
Inadequate description of the basis of
accounting and how it differs from
GAAP.
Peer review changes
Effective January 1, 2009, significant changes were made to the AICPA Peer Review program
with the issuance of AICPA Standards for Performing and Reporting on Peer Reviews (PRP
Section 100).
The peer review model has as key objectives the promotion of consistency and efficiency, and
improved transparency.
Key changes in the model are noted below. The model:
1. Reduces in the current model of three types of peer reviews down to two.
The system, engagement and report reviews have been reduced to only two types of
reviews: system and engagement reviews.
The report review has been folded into the engagement review.
2. Eliminates certain terms used in the old peer review program such as the Letter of
Comment (LOC) and use of the term “substandard.”
3. Introduces terms to measure the quality of the peer review engagement:
Matter
Finding
Deficiency, and
Significant deficiency.
4. Establishes a grading system that includes:
Pass
Pass with deficiency, and
Fail
Audit Engagement Developments
206
5. Changes the timing of initial selection of engagements provided to the reviewed firm to no
earlier than three weeks.
6. Creates of a more understandable, shorter and easier to use peer review report written in
“plain English.”
The two types of peer reviews:
The program has reduced the previous three-types of peer reviews to two: a system review and
engagement review as noted in the following chart:
Types of Peer Reviews
Old Program
New Program
System review
System review
Engagement review
Engagement review*
Report review
* Report review has been folded into the engagement review.
System Review – This type of review is for firms that perform engagements under the
SASs (audits) and/or examinations of prospective financial information under the SSAEs
(attestation standards).
A system review focuses on a firm’s accounting and auditing practice system of quality
control design, policies and procedures in accordance with the quality control standards
established by SQCS No. 8.
Engagement Review – This type of review is for firms that are not required to have a
system review (e.g., do not perform any audits (governmental or otherwise), engagements
under the SSAEs).
The objective of an engagement review is to evaluate whether engagements submitted for
review are performed and reported on in conformity with professional standards including
whether the reviewed firm's working paper documentation conforms with the requirements
of SSARS applicable to those engagements in all material respects. There is no opinion on
the reviewed firm's system of quality control and, therefore, the reviewer is not opining on
the firm’s compliance with its own quality control policies and procedures or with quality
control standards, just conformity with SSARS and the SSAEs. Some examples of the
documentation referred to above on a review engagement include the management
Audit Engagement Developments
207
representation letter, the documentation of the matters covered in the CPA's inquiry and
analytical procedures, etc.
Engagement reviews now include compilations that omit substantially all disclosures as
well as management-use only compilations in which no compilation report is issued
The following table summarizes the current peer review structure:
Highest Level of Service Conducted
by Firm
Type of Peer Review Required
Audits and/or examinations of
prospective information (attestation
engagements).
System review--An opinion given
on the firm's system of quality control.
Firms that are not required to have a
system review.
Example:
Reviews
Compilations including
management-use only
compilation engagements.
Engagement review-- Similar to the
old off-site review with some changes:
Separate report, letter of comments,
technical review actions apply.
Committee acceptance and
monitoring.
Additional requirements:
workpaper documentation is in
conformity with the SSARSs and/or
SSAEs. Examples include
management representation letter,
documentation of matters covered
in the CPA's inquiry and analytical
procedures, etc.
Change in measurement standards:
The peer review program drastically changes both the terminology and means by which a
reviewed firm is evaluated.
In particular, the previously used letter of comment (LOC) has been eliminated along with the
term “substandard.”
The revised peer review program introduces terms to measure the quality of the peer review
engagement:
Matter
Finding
Deficiency, and
Significant deficiency.
Audit Engagement Developments
208
A peer reviewer identifies a matter as a result of his or her evaluation of the firm’s system of
quality control. A matter warrants further consideration by the reviewer and is documented
on a Matter for Further Consideration (MFC) form.
System review:
A finding is one or more related matters that result from a condition in the firm’s system of
quality control or compliance with that system that provides more than a remote possibility
that the firm would not perform and/or report in conformity with professional standards.
If there is one or more findings, the peer reviewer concludes whether individually or
combined, the findings rise to the level of either a deficiency or significant deficiency.
A finding that does not rise to the level of deficiency or significant deficiency is documented
on a Finding for Further Consideration (FFC) form and is not included in the final peer review
report.
A deficiency is one or more findings that the peer reviewer concludes that taken as whole,
could create a situation in which the firm would not have reasonable assurance of performing
and/or reporting in conformity with professional standards on one or more important respects.
A significant deficiency is one or more deficiencies that the peer reviewer concludes results
from a condition in the reviewed firm’s system of quality control or compliance such that as a
whole does not provide the firm with reasonable assurance of performing and/or reporting in
conformity with professional standards in all material respects.
Engagement review:
A finding is one or more related matters that the reviewer concludes result in financial
statements or information, accountant’s report, or procedures performed, not being performed
and/or reported on in conformity with the professional standards.
If there is one or more findings, the peer reviewer concludes whether individually or
combined, the findings rise to the level of either a deficiency or significant deficiency.
A deficiency is one or more findings that the peer reviewer concludes that taken as whole, are
material to the understanding of the financial statements or information and/or related
accountant’s reports or that represent omission of a critical procedure, including
documentation, required by professional standards.
A significant deficiency exists when the peer reviewer concludes results that deficiencies are
evident on all of the engagements submitted for review. The exception is when more than one
engagement has been submitted for review, the same deficiency occurs on each of those
engagements, and there are no other deficiencies, which ordinarily would result in a report
with a peer review rating of “pass with deficiencies.”
Audit Engagement Developments
209
There are three (3) types of final reviewer reports that can be issued:
Pass: There are no deficiencies or significant deficiencies.
Pass with deficiency: There was one or more deficiencies but no significant deficiencies.
Fail: There was one or more significant deficiencies.
Other changes:
There are several other important changes made by the new peer review program.
a. The initial selection of engagements to be reviewed should be provided by the peer
reviewer to the reviewed firm no earlier than three weeks prior to the commencement of the
peer review procedures.
At least one engagement from the initial selection should be provided to the firm once
the peer review begins and not provided in advance. The selection should be an audit
or the next highest level of service.
b. The reviewed firm must provide a representation letter to the peer reviewer.
The representation regarding compliance is stipulated as negative assurance
A firm’s refusal to furnish the written representation letter to the reviewer constitutes a
limitation of the peer review.
The letter must state that the accountant has submitted all engagements to the reviewer.
c. A firm’s due date for its initial peer review is 18 months from the date it enrolled in the
program. Subsequent peer reviews have a due date of three years and six months from the
year end of the previous peer review.
Audit Engagement Developments
210
Illustrative Report: System Review with Pass Rating
To the Partners of XYZ CPA Firm
and the Peer Review Committee of the [name of applicable administering entity]
We have reviewed the system of quality control for the accounting and auditing practice of XYZ CPA
Firm (the Firm) in effect for the year ended June 30, 20XX. Our peer review was conducted in
accordance with the Standards for Performing and Reporting on Peer Review established by the Peer
Review Board of the American Institute of Certified Public Accountants. The firm is responsible for
designing a system of quality control and complying with it to provide the firm with reasonable
assurance of performing and reporting in conformity with applicable professional standards in all
material respects. Our responsibility is to express an opinion on the design of the system of quality
control and the firm’s compliance therewith based on our review. The nature, objectives, scope,
limitations of, and the procedures performed in a System Review are described in the standards at
www.aicpa.org/prsummary.
As required by the standards, engagements selected for review included (engagements performed
under the Government Auditing Standards, audits of employee benefit plans, and audits performed
under FDICIA).
In our opinion, the system of quality control for the accounting and auditing practice of XYZ CPA
Firm in effect for the year ended June 30, 20XX, has been suitably designed and complied with to
provide the firm with reasonable assurance of performing and reporting in conformity with applicable
professional standards in all material respects. Firms can receive a rating of pass, pass with deficiency
(ies) or fail. XYZ CPA Firm has received a peer review rating of pass.
Smith, Jones and Associates
[Name of team captain’s firm]
Date:
Audit Engagement Developments
211
Illustrative Report: Engagement Review with Pass Rating
To the Partners of XYZ CPA Firm
and the Peer Review Committee of the [name of applicable administering entity]
We have reviewed selected accounting engagements of XYZ CPA Firm (the Firm) in effect for the
year ended June 30, 20XX. Our peer review was conducted in accordance with the Standards for
Performing and Reporting on Peer Review established by the Peer Review Board of the American
Institute of Certified Public Accountants. The firm is responsible for designing a system of quality
control and complying with it to provide the firm with reasonable assurance of performing and
reporting in conformity with applicable professional standards in all material respects. Our
responsibility is to evaluate whether the engagements submitted for review were performed and
reported on in conformity with applicable professional standards in all material respects. An
Engagement Review does not include reviewing the firm’s system of quality control and compliance
therewith and, accordingly, we express no opinion or any form of assurance on that system. The
nature, objectives, scope, limitations of, and the procedures performed in an Engagement Review are
described in the standards at www.aicpa.org/prsummary.
Based on our review, nothing came to our attention that caused us to believe that the engagements
submitted for review by XYZ CPA Firm for the year ended June 30, 20XX, were not performed and
reported on in conformity with applicable professional standards in all material respects. Firms can
receive a rating of pass, pass with deficiency(ies) or fail. XYZ CPA Firm has received a peer review
rating of pass.
Smith, Jones and Associates
[Name of review captain’s firm on firm-on-firm review or association formed review team]
or
John Brown, Review Captain
[Committee-appointed review team review]
Date:
Audit Engagement Developments
212
Firm Representation Letter
As part of the peer review standards, a reviewed firm must provide the reviewer with a
representation letter. Following is the new representation letter that is included in the new
standards.
Illustrative Representation Letter: No significant Matters to
Report to the Team Captain or Review Capital
December 3, 20XX
To the Team Captain/ Reviewer
We are providing this letter in conjunction with the peer review of [firm name here] as
of the date of this letter and for the year ended June 30, 20XX.
We understand that we are responsible for complying with the rules and regulations of state
boards of accountancy and other regulators. We confirm, to the best of our knowledge and
belief, that there are no known situations in which [firm name here] or its personnel have not
complied with the rules and regulations of state board(s) of accountancy or other regulatory
bodies rules and regulations, including applicable firm and individual licensing requirements
in each state in which it practices for the year under review. For attestation engagements,
including financial forecasts or projections, the list included those engagements with report
dates during the year under review.
We have also provided [team captain or review captain] with any other information requested,
including communications by regulatory, monitoring, or enforcement bodies relating to
allegations or investigations in the conduct of its accounting, audit, or attestation engagements
performed and reported on by the firm, whether the matter relates to the firm or its personnel,
within three years preceding the current peer review year-end. In addition, there are no
known restrictions or limitations on the firm’s or its personnel’s ability to practice public
accounting by regulatory, monitoring, or enforcement bodies within three years preceding the
current peer review year-end. We have also discussed the content of our PCAOB inspection
report with the [team captain or review captain] (if applicable).
Sincerely
Name of reviewed firm
Audit Engagement Developments
213
REVIEW QUESTIONS
Under the NASBA-AICPA self-study standards, self-study sponsors are required to present
review questions intermittently throughout each self-study course. Additionally, feedback must
be given to the course participant in the form of answers to the review questions and the reason
why answers are correct or incorrect.
To obtain the maximum benefit from this course, we recommend that you complete each of the
following questions, and then compare your answers with the solutions that immediately
follow. These questions and related suggested solutions are not part of the final examination
and will not be graded by the sponsor.
1. Engagement deficiencies where the engagement is considered to be substandard include all
of the following except:
a. Departure from standard wording where the report does not contain the critical
elements of applicable standards
b. Issuance of an audit or review report when the accountant is not independent
c. Failure to indicate in the audit report the country of origin
d. Omission of the disclosures related to significant accounting policies applied
2. Specific financial statement deficiencies noted in peer reviews related to the Statement of
Income include all of the following except:
a. Income tax provisions not recorded on interim financial statements
b. Reporting period not clearly identified
c. Significant components of income tax expense not disclosed
d. Errors in calculations of totals
3. Which of the following is not a deficiency listed for engagements subject to government
auditing standards:
a. Missing reports for internal control or compliance
b. Required compliance testing not performed
c. Inadequate titles used on reports
d. Inadequate or outdated reference materials used
4. Which of the following is one of the two types of peer reviews under the AICPA peer
review program?
a. System review
b. Document review
c. Findings review
d. Report review
Audit Engagement Developments
214
5. A system review focuses on which of the following:
a. Working paper documentation
b. Management representation letter
c.. The accountant’s inquiry and analytical procedures
d. The accounting firm’s system of quality control
6. Firms that only perform compilations that omit substantially all disclosures:
a. Require a system review
b. Require an engagement review
c. Require a report review
d. Are not required to participate in the peer review program
7. Under the current AICPA peer review program, which of the following engagements would
require an engagement review to be performed assuming no other engagement is performed
by the firm:
a. Review
b. Governmental audit
c. Financial forecast
d. Audit
8. If there is one or more findings, a peer reviewer may conclude that the finding(s) rises to
the level of which of the following:
a. Matter
b. Deficiency
c. Violation
d. Fraud
9. With respect to the AICPA peer review program, which of the following is true regarding
the firm’s representation letter?
a. There is no requirement for the firm to provide a representation letter
b. A signed representation letter must include positive assurance that the firm is in
compliance with state board or other regulatory requirements
c. A firm’s refusal to furnish a written representation letter to the reviewer does not
constitute a limitation of the peer review
d. A representation must be made that all client engagements with periods ending during
the year under review, and attestation engagements with report dates during the year
under review, were provided to the reviewer
Audit Engagement Developments
215
SUGGESTED SOLUTIONS
1. Engagement deficiencies where the engagement is considered to be substandard include all
of the following except:
a. Incorrect. This is listed as a significant engagement deficiency in which the engagement
is considered substandard.
b. Incorrect. This is listed as a significant engagement deficiency in which the engagement
is considered substandard.
c. Correct. This deficiency is considered minor, and does not make the engagement
substandard.
d. Incorrect. This is listed as a significant engagement deficiency in which the engagement
is considered substandard.
2. Specific financial statement deficiencies noted in peer reviews related to the Statement of
Income include all of the following except:
a. Incorrect. This is one of the deficiencies noted regarding the Statement of Income.
b. Incorrect. This is one of the deficiencies noted regarding the Statement of Income.
c. Incorrect. This is one of the deficiencies noted regarding the Statement of Income.
d. Correct. This is not a significant deficiency noted by peer reviewers regarding the
Statement of Income.
3. Which of the following is not a deficiency listed for engagements subject to government
auditing standards:
a. Incorrect. This is one of the deficiencies noted regarding engagements subject to
government auditing standards.
b. Incorrect. This is one of the deficiencies noted regarding engagements subject to
government auditing standards.
c. Correct. This is not a listed deficiency regarding engagements subject to
government auditing standards.
d. Incorrect. This is one of the deficiencies noted regarding engagements subject to
government auditing standards.
4. Which of the following is one of the two types of peer reviews under the AICPA peer
review program?
a. Correct. The two types are system and engagement reviews.
b. Incorrect. The two types are system and engagement reviews. Document review is not
one of the two.
c. Incorrect. A findings review is not one of the two types of peer reviews.
d. Incorrect. Under the peer review program, a report review is not one of the two types of
reviews. A report review was a type of review under the previous AICPA peer review
program but is not under the current program.
5. A system review focuses on which of the following:
Audit Engagement Developments
216
a. Incorrect. Working paper documentation is the focus of an engagement review, not a
system review.
b. Incorrect. Obtaining a management representation letter is an effort that a peer
reviewer would consider in an engagement review and not a system review.
c. Incorrect. The accountant’s effective use of inquiry and analytical procedures is an
integral part of an engagement review and not a system review.
d. Correct. A system review encompasses opining of whether a firm is in compliance
with its own quality control policies and procedures.
6. Firms that only perform compilations that omit substantially all disclosures:
a. Incorrect. This type of review is for firms that perform engagements under the SASs
and/or examinations of prospective financial information under the SSAEs.
b. Correct. Under the current AICPA peer review program, a compilation with no
disclosures falls under an engagement review.
c. Incorrect. A report review is no longer one of the types of reviews provided by the
current AICPA peer review program.
d. Incorrect. Firms that perform any compilation engagements must participate in the peer
review program.
7. Under the current AICPA peer review program, which of the following engagements would
require an engagement review to be performed assuming no other engagement is performed
by the firm:
a. Correct. A review engagement would require a firm to be subject to an
engagement review.
b. Incorrect. A governmental audit elevates the firm to the requirement that it be subject to
a system review and not an engagement review.
c. Incorrect. A financial forecast, which is performed under the SSAEs, elevates the firm
to the requirement that it be subject to a system review and not an engagement review.
d. Incorrect. An audit, which is performed under the SASs, elevates the firm to the
requirement that it be subject to a system review and not an engagement review.
8. If there is one or more findings, a peer reviewer may conclude that the finding(s) rises to
the level of which of the following:
a. Incorrect. A matter is an item that warrants further consideration and is not a
finding. b. Correct. A finding(s) may result in either a deficiency or a significant deficiency.
c. Incorrect. The peer review program does not use the term “violation.”
d. Incorrect. Fraud is used as a term in an audit but is not referenced in the AICPA peer
review program.
Audit Engagement Developments
217
9. With respect to the AICPA peer review program, which of the following is true regarding
the firm’s representation letter?
a. Incorrect. The reviewed firm must provide a signed representation letter to the reviewer
that includes certain representations.
b. Incorrect. The representation regarding compliance is stipulated as negative assurance
rather than positive assurance.
c. Incorrect. A firm’s refusal to furnish the written representation letter to the reviewer
constitutes a limitation of the peer review.
d. Correct. This is a listed required representation.
Audit Engagement Developments
218
XXIII. SSAE No. 16: Report on Controls at a Service Organization
Issue Date: April 2010
Effective date: SSAE No. 16 is effective for service auditors’ reports for periods ending on or
after June 15, 2011. Earlier implementation is permitted.
Objective:
In April 2010, the Auditing Standards Board issued SSAE No. 16, Reporting on Controls at a
Service Organization, which supersedes SAS No. 70, Service Organizations.
SSAE No. 16 addresses examination engagements undertaken by a service auditor to report on
controls at organizations that provide services to user entities that need to rely on those internal
controls.
In comparing SSAE No. 16 with its predecessor SAS No. 70, SSAE No. 16 does the following:
Provides for more detailed requirements for the description of the service organization’s
system of controls
Requires management to provide a written assertion
Requires a risk analysis be performed
Expands the reporting requirements for the use of subservice organizations
Modifies the auditor’s opinion to cover a period of time instead of a specific date.
Background
It is common for entities to outsource certain business tasks or functions to other entities. For
example, an entity may outsource a reservations system, payroll processing, and other
important business functions.
Examples of a service organizations include:
An investment adviser invests assets for user entities, including maintains the
accountability for those assets, and provides statements to user entities that contain
information that is incorporated in the user entities’ financial statements, for example,
the fair value of exchange traded securities, or dividend and interest income.
Audit Engagement Developments
219
A data center provides applications and technology to user entities to process
financial transactions.
A company processes claims for a health insurance company.
The entity that outsources a task or function is known as a user entity, while the entity that
performs a service for user entities is known as a service organization. Similarly, the auditor
who audits the financial statements for the user is referred to as the “user auditor” while the
auditor for the service organization is called the “service auditor.”
In auditing the financial statements of a user entity, the user auditor needs to obtain evidence to
support assertions in the user entity’s financial statements that are affected by information
provided by the service organization. In some cases, the user entity is able to implement
controls at the user entity over the service performed by the service organization. In other
cases, the user entity relies on the service organization to initiate, execute, and record the
transactions in which case it may be necessary for a user auditor to obtain information about
the effectiveness of controls at the service organization that affect the quality of the
information provided to user entities.
To obtain information about the effectiveness of controls at a service organization, a user
auditor has two options:
a. With option one, the user auditor could visit the service organization and test the service
organization’s controls that are relevant to the user entity’s internal control over
financial reporting, or
b. With option two, the service organization can engage a service auditor to report on the
fairness of the presentation of the description, the suitability of the design of the
controls, and in certain engagements, the operating effectiveness of the controls, which
is a service auditor’s report.
The service auditor’s report, including the description of the system, can be used by all the user
auditors to obtain information about the controls at the service organization that are relevant to
the user entities’ internal control over financial reporting.
Prior to the issuance of SSAE No. 16, the requirements and guidance for service auditors and
user auditors was included in SAS No. 70, Service Organizations. The AICPA’s Auditing
Standards Board, as part of its project to converge audit, attest, and quality control standards
with those of the International Auditing and Assurance Standards Board (IAASB), decided that
the guidance for service auditors in SAS No. 70 should be moved to SSAE No. 16, and the
guidance for user auditors should be retained in SAS No. 70.
As a result, SAS No. 70 has been divided and replaced by two standards as follows:
a. SSAE No. 16: Deals with service auditors reporting on controls at a service organization
relevant to user entities internal control over financial reporting,
Audit Engagement Developments
220
b. SAS No. 70: Retains the audit requirements for a user auditor that audits the financial
statements of a user organization.
The ASB has finalized but not issued a new statement that will replace SAS No. 70 as part of
the clarification project.
SSAE No. 16 is based on the IAASB’s International Standard on Assurance Engagements No.
3402, Assurance Reports on Controls at a Service Organization.
1. SSAE No. 16 applies to a service auditor who is hired to perform an examination and report
on controls of a service organization.
2. SSAE No. 16 permits a service auditor to perform two types of engagements on the service
organization.
Type 1 engagement in which the service auditor reports only on the fairness of the
presentation of management’s description of the service organization’s system and the
suitability of the design of the controls to achieve the related control objectives included
in the description as of a specified date.
Type 2 engagement is an expansive engagement in which the service auditor reports on
a) the fairness of the presentation of management’s description of the service
organization’s system and the suitability of the design and b) the operating effectiveness
of the controls to achieve the related control objectives included in the description
throughout a specified period.
Note: In both a Type 1 and 2 engagement, the auditor reports on whether management’s
description of the service organization’s system fairly presents the system that was
designed and implemented, and that the controls were suitably designed. The key difference
is that a Type 2 engagement goes one step further by also opining as to whether the
controls operated effectively. Thus, in a Type 2 engagement, the auditor must test the
controls to make sure they are working effectively.
3. The service auditor is now required to obtain a written assertion from management of the
service organization about the subject matter of the engagement.
a. The Type 1 engagement requires management to make two written assertions while
there are three written assertions in a Type 2 engagement as shown in chart presented
below.
4. Suitability criteria are used to measure, present, and evaluate the subject matter. The service
auditor may not use evidence obtained in prior engagements about the satisfactory
operation of controls in prior periods to provide a basis for a reduction in testing even if it is
supplemented with evidence obtained during the current period.
Audit Engagement Developments
221
Management Written Assertions Required
Type 1 Engagement Type 2 Engagement
Management’s written assertions
A written assertion by management of the
service organization about whether, in all
material respects, and based on suitable criteria:
A written assertion by management of the
service organization about whether, in all
material respects, and based on suitable criteria:
1. Management’s description of the service
organization’s system fairly presents the
service organization’s system that was
designed and implemented as of a
specified date.
1. Management’s description of the service
organization’s system fairly presents the
service organization’s system that was
designed and implemented throughout the
specified period.
2. The controls related to the control
objectives stated in management’s
description of the service organization’s
system were suitably designed to achieve
those control objectives as of the specified
date.
2. The controls related to the control
objectives stated in management’s
description of the service organization’s
system were suitably designed throughout
the specified period to achieve those
control objectives.
none
3. The controls related to the control
objectives stated in management’s
description of the service organization’s
system operated effectively throughout the
specified period to achieve those control
objectives.
Observation: Notice that Type 2 report includes a third assertion which is that “the
controls related to the control objectives stated in management’s description of the service
organization’s system operated effectively throughout the specified period to achieve those
control objectives.”
5. The service auditor should request that management provide written representations that:
a. Reaffirm management’s assertion included in or attached to the description of the
service organization’s system.
b. States that management has provided the service auditor with all relevant information
and access agreed to, and
c. States that management has disclosed to the service auditor any of the following of
which it is aware:
Instances of noncompliance with laws and regulations or uncorrected errors
attributable to the service organization that may affect one or more user entities.
Audit Engagement Developments
222
Knowledge of any actual, suspected, or alleged intentional acts by management or
the service organization’s employees, that could adversely affect the fairness of the
presentation of management’s description of the service organization’s system or the
completeness or achievement of the control objectives stated in the description.
Design deficiencies in controls
Instances when controls have not operated, as described, and
Any events subsequent to the period covered by management’s description of the
service organization’s system up to the date of the service auditor’s report that could
have a significant effect on management’s assertion.
Note: If a service organization uses a subservice organization and management’s
description of the service organization’s system uses the inclusive method, the service
auditor also should obtain the written representations identified above from
management of the subservice organization. A subservice organization is a service
organization used by another service organization to perform some of the services
provided to user entities that are likely to be relevant to those user entities’ internal
control over financial reporting.
6. Sample Reports
The following illustrative reports are for guidance only and are not intended to be exhaustive
or applicable to all situations.
Audit Engagement Developments
223
Report Differences
Type 1 Report Type 2 Report
Opinion paragraph:
In our opinion, in all material respects, based
on the criteria described in XYZ Service
Organization’s assertion:
Opinion paragraph:
In our opinion, in all material respects, based on
the criteria described in XYZ Service
Organization’s assertion on page xx.
a. The description fairly presents the service
organization’s system that was designed
and implemented as of date.
a. The description fairly presents the service
organization’s system that was designed and
implemented throughout the period ____ to
_____.
b. The controls related to the control objectives
stated in the description were suitably
designed to provide reasonable assurance
that the control objectives would be
achieved if the controls operated effectively
as of ___________ date.
b. The controls related to the control objectives
stated in the description were suitably
designed to provide reasonable assurance that
the control objectives would be achieved if
the controls operated effectively throughout
the period ____ to _____.
none
c. The controls tested, which were those
necessary to provide reasonable assurance
that the control objectives stated in the
description were achieved, operated
effectively throughout the period ____ to
_____.
none
Description of tests of controls:
The specific controls tested and the nature,
timing, and results of those tests are listed on
pages xx- xx.
Audit Engagement Developments
224
Type 1 Service Auditor’s Report
Independent Service Auditor’s Report on a Description of a Service Organization’s
System and the Suitability of the Design of Controls
XYZ Service Organization
[Scope]
We have examined XYZ Service Organization’s description of its [type or name of] system for processing
user entities’ transactions [or identification of the function performed by the system] as of [date], and the
suitability of the design of controls to achieve the related control objectives stated in the description.
[Service organization’s responsibilities]
On page XX of the description, XYZ Service Organization has provided an assertion about the fairness of the
presentation of the description and suitability of the design of the controls to achieve the related controls
objectives stated in the description. XYZ Service Organization is responsible for preparing the description and
for its assertion, including the completeness, accuracy, and method of presentation of the description and the
assertion, providing the services covered by the description, specifying the control objectives and stating them
in the description, identifying the risks that threaten the achievement of the control objectives, selecting the
criteria, and designing, implementing, and documenting controls to achieve the related control objectives stated
in the description.
[Service auditor’s responsibilities]
Our responsibility is to express an opinion on the fairness of the presentation of the description and on the
suitability of the design of the controls to achieve the related control objectives stated in the description, based
on our examination. We conducted our examination in accordance with attestation standards established by the
American Institute of Certified Public Accountants. Those standards require that we plan and perform our
examination to obtain reasonable assurance, in all material respects, about whether the description is fairly
presented and the controls were suitably designed to achieve the related control objectives stated in the
description as of [date].
An examination of a description of a service organization’s system and the suitability of the design of the
service organization’s controls to achieve the related control objectives stated in the description involves
performing procedures to obtain evidence about the fairness of the presentation of the description of the system
and the suitability of the design of the controls to achieve the related control objectives stated in the
description. Our procedures included assessing the risks that the description is not fairly presented and that the
controls were not suitably designed to achieve the related control objectives stated in the description. An
examination engagement of this type also includes evaluating the overall presentation of the description and
the suitability of the control objectives stated therein, and the suitability of the criteria specified by the service
organization and described at page [aa].
We did not perform any procedures regarding the operating effectiveness of the controls stated in the
description and, accordingly, do not express an opinion thereon.
We believe that the evidence we obtained is sufficient and appropriate to provide a reasonable basis for our
opinion.
Audit Engagement Developments
225
Page 2
[Inherent limitations]
Because of their nature, controls at a service organization may not prevent, or detect and correct, all errors or
omissions in processing or reporting transactions [or identification of the function performed by the system].
The projection to the future of any evaluation of the fairness of the presentation of the description, or any
conclusions about the suitability of the design of the controls to achieve the related control objectives is subject
to the risk that controls at a service organization may become ineffective or fail.
[Opinion]
In our opinion, in all material respects, based on the criteria described in XYZ Service Organization’s
assertion.
a. the description fairly presents the [type or name of] system that was designed and implemented as of
[date], and
b. the controls related to the control objectives stated in the description were suitably designed to provide
reasonable assurance that the control objectives would be achieved if the controls operated effectively
as of [date].
[Restricted use]
This report is intended solely for the information and use of XYZ, Service Organization, user entities of XYZ
Service Organization’s [type or name of] system as of [date], and the independent auditors of such user
entities, who have a sufficient understanding to consider it, along with other information including information
about controls implemented by user entities themselves, when obtaining an understanding of user entities
information and communication systems relevant to financial reporting. This report is not intended to be and
should not be used by anyone other than these specified parties.
______________________________
Service auditor’s signature
Date of the service auditor’s report
Service auditor’s city and state
Audit Engagement Developments
226
Type 2 Service Auditor’s Report
Independent Service Auditor’s Report on a Description of a Service Organization’s System and the
Suitability of the Design and Operating Effectiveness of Controls
XYZ Service Organization
[Scope]
We have examined XYS Service Organization’s description of its [type or name of] system for processing user
entities’ transactions [or identification of the function performed by the system] throughout the period [date] to
[date] (description) and the suitability of the design and operating effectiveness of controls to achieve the
related control objectives stated in the description.
[Service organization’s responsibilities]
On page XX of the description, XYZ Service Organization has provided an assertion about the fairness of the
presentation of the description and suitability of the design and operating effectiveness of the controls to
achieve the related control objectives stated in the description. XYZ Service Organization is responsible for
preparing the description and for the assertion, including the completeness, accuracy, and method of
presentation of the description and the assertion, providing the services covered by the description, specifying
the control objectives and stating them in the description, identifying the risks that threaten the achievement of
the control objectives, selecting the criteria, and designing, implementing, and documenting controls to achieve
the related control objectives stated in the description.
[Service auditor’s responsibilities]
Our responsibility is to express an opinion on the fairness of the presentation of the description and on the
suitability of the design and operating effectiveness of the controls to achieve the related control objectives
stated in the description, based on our examination. We conducted our examination in accordance with
attestation standards established by the American Institute of Certified Public Accountants. Those standards
require that we plan and perform our examination to obtain reasonable assurance about whether, in all material
respects, the description is fairly presented and the controls were suitably designed and operating effectively to
achieve the related control objectives stated in the description throughout the period [date] to [date].
An examination of a description of a service organization’s system and the suitability of the design and
operating effectiveness of the service organization’s controls to achieve the related control objectives stated in
the description involves performing procedures to obtain evidence about the fairness of the presentation of the
description and the suitability of the design and operating effectiveness of those controls to achieve the related
control objectives stated in the description. Our procedures included assessing the risks that the description is
not fairly presented and that the controls were not suitably designed or operating effectively to achieve the
related control objectives stated in the description were achieved. An examination engagement of this type
also includes evaluating the overall presentation of the description and the suitability of the control
objectives stated therein, and the suitability of the criteria specified by the service organization and
described at page xx.
We believe that the evidence we obtained is sufficient and appropriate to provide a reasonable basis for our
opinion.
Audit Engagement Developments
227
Page 2
[Inherent limitations]
Because of their nature, controls at a service organization may not prevent, or detect and correct, all errors or
omissions in processing or reporting transactions [or identification of the function performed by the system].
Also, the projection to the future of any evaluation of the fairness of the presentation of the description, or
conclusions about the suitability of the design or operating effectiveness of the controls to achieve the related
control objectives is subject to the risk that controls at a service organization may become inadequate or fail.
[Opinion]
In our opinion, in all material respects, based on the criteria described in XYZ Service Organization’s assertion
on page xx.
a. the description fairly presents the [type or name of] system that was designed and implemented
throughout the period [date] to [date].
b. the controls related to the control objectives stated in the description were suitably designed to provide
reasonable assurance that the control objectives would be achieved if the controls operated effectively
throughout the period [date] to [date].
c. the controls tested, which were those necessary to provide reasonable assurance that the control
objectives stated in the description were achieved, operated effectively throughout the period
[date] to [date].
[Description of tests of controls]
The specific controls tested and the nature, timing, and results of those tests are listed on pages [yy-zz].
[Restricted use]
This report, including the description of tests of controls and results thereof on pages [yy-zz], is intended solely
for the information and use of XYZ Service Organization, user entities of XYZ Service Organization’s [type or
name of] system during some or all of the period [date] to [date], and the independent auditors of such user
entities, who have a sufficient understanding to consider it, implemented by user entities themselves, when
assessing the risks of material misstatements of user entities’ financial statements. This report is not intended
to be and should not be used by anyone other than these specified parties.
_______________________________
Service auditor’s signature
Date of the service auditor’s report
Service auditor’s city and state
Observation: In reviewing the samples of Type 1 and 2 reports above, there are several
obvious differences.
First, the Type 1 report is as of a specific date while a Type 2 report opines on controls in
effect during a period of time.
Second, in a Type 1 engagement, the auditor opines on two elements: a) the description fairly
presents the system that was designed and implemented, and b) the controls were suitably
designed to provide reasonable assurance that the control objectives would be achieved if the
Audit Engagement Developments
228
controls operated effectively. In a Type 2 engagement, the auditor opines on a third element,
which is whether “the controls tested operated effectively throughout the period [date] to
[date].”
Additionally, in a Type 2 report, the auditor must include a description of tests of controls.
Effective date: SSAE No. 16 is effective for service auditors’ reports for periods ending on or
after June 15, 2011. Earlier implementation is permitted.
Audit Engagement Developments
229
REVIEW QUESTIONS
Under the NASBA-AICPA self-study standards, self-study sponsors are required to present
review questions intermittently throughout each self-study course. Additionally, feedback must
be given to the course participant in the form of answers to the review questions and the reason
why answers are correct or incorrect.
To obtain the maximum benefit from this course, we recommend that you complete each of the
following questions, and then compare your answers with the solutions that immediately
follow. These questions and related suggested solutions are not part of the final examination
and will not be graded by the sponsor.
1. Which of the following is a change made by SSAE No. 16:
a. It moves the guidance for user auditors from SAS No. 70 to SSAE No. 16
b. It moves the guidance for service and user auditors from SAS No. 70 to SSAE No. 16
c. It replicates the guidance for both service and user auditors that was not in SAS No.
70
d. It moves the guidance for service auditors from SAS No. 70 to SSAE No. 16
2. One key difference between a Type 1 and Type 2 Service Auditor’s Report under SSAE
No. 16 is __________________:
a. In a Type 1 report, the auditor opines as to whether the description fairly presents the
system that was designed and implemented, while Type 2 does not
b. In a Type 2 report, the auditor opines as to whether the controls stated in the description
were suitably designed, while a Type 1 report does not
c. In a Type 2 report, the auditor opines that the controls tested were achieved and
operated effectively, while no such opinion is given in a Type 1 report
d. In a Type 1 report, the auditor provides a description of tests of controls while such a
description is not given in a Type 2 report
Audit Engagement Developments
230
SUGGESTED SOLUTIONS
1. Which of the following is a change made by SSAE No. 16:
a. Incorrect. It makes no change to the guidance for user auditors found in SAS No. 70.
b. Incorrect. It does move the guidance for service auditors, but does not change the
guidance for user auditors from SAS No. 70 to SSAE No. 16.
c. Incorrect. It does not replicate the guidance for both service and user auditors that was
not in SAS No. 70.
d. Correct. SSAE No. 16 moves the guidance for service auditors from SAS No. 70
to SSAE No. 16, but has no effect on existing guidance for user auditors which is
retained in SAS No. 70.
2. One key difference between a Type 1 and Type 2 Service Auditor’s Report under
SSAE No. 16 is __________________:
a. Incorrect. In both a Type 1 and Type 2 report, the auditor opines as to whether the
description fairly presents the system that was designed and implemented.
b. Incorrect. In both a Type 1 and Type 2 report, the auditor opines as to whether the
controls stated in the description were suitably designed.
c. Correct. One significant difference between the two types of report is that in a
Type 2 report, the auditor opines that the controls tested were achieved and
operated effectively, while no such opinion is given in a Type 1 report.
d. Incorrect. In a Type 2 report (and not a Type 1 report) the auditor provides a description
of tests of controls.
Audit Engagement Developments
231
SECTION 3: Accounting and Auditing in Volatile Times
XXIV. Key Focus Areas for the Auditor
In conducting attest services, auditors should be aware of some of the key areas in which they
should focus their efforts to deal with the volatility in the business climate.
1. Inquire as to the status of concentrations of customers and suppliers:
Auditors should consider the risk associated with maintaining a concentration of business with
a handful of customers or a single supplier of an important material. Although ASC 275, Risks
and Uncertainties (formerly SOP 94-6), requires disclosure of concentration of major
customers and suppliers when it is reasonably possible that the concentration could result in a
near-term (within one year) severe impact on a company, it is important that the auditor
consider the solvency of the customer and supplier and whether that company might be in
financial trouble.
2. Pay attention to key financial ratios and analytical procedures:
If a company is in financial trouble, the signs will be there for the auditor to observe.
Analytical procedures present critical signs of trouble well before the company is in severe
financial decline.
What ratios and analytical procedures are important?
There are many ratios that are important. The auditor should focus on liquidity and coverage
ratios since they display the short-term (within one year) trend of a company.
a. Working capital ratios:
Four key ratios provide a thorough analysis of working capital. They are:
Days Sales in Accounts
Receivable =
Trade receivables
X 365
Net sales
Days Supply in Inventory =
Inventory X 365
Net sales
Days Payables Outstanding = Accounts payable X 365
Net sales
Days in Working Capital =
AR + Inventory – AP X 365
Net sales
Audit Engagement Developments
232
Observation: The first sign that a company is headed toward cash flow problems is usually
found in a spike in the number of days in receivables. Typically, the number of days increases
by 2 to 7 days driven by an increase in that portion of receivables that exceed 60 days old.
For example, a company that typically has a number of days of 42 will start to see that
number increase to 45 or 46 days.
b. Other coverage ratios:
Times debt service is earned:
Net income before interest
depreciation and amortization .
Current annual principal and interest
payments
Interest coverage ratio: Cash flow from operations + interest
Interest expense
Note: Both of the above ratios should exceed 1.0. In instances where the ratio is below 1.0,
there is the risk that the company may not be able to fund debt service and could become in
default of its loan agreements.
c. Altman Z Score- Consists of a weighted average of four separate ratios as follows:
Ratio 1: Working Capital
Total assets
Ratio 2: Retained earnings
Total assets
Ratio 3: Net earnings before interest and income taxes
Total assets
Ratio 4: Net worth
Total debt
All four ratios are weighted to compute an overall Z score as follows:
6.56 (ratio 1) + 3.26 (ratio 2) + 6.72 (ratio 3) + 1.05 (ratio 4) = Z score
Audit Engagement Developments
233
Results:
1.00 or less: Headed toward bankruptcy
1.00 to 2.50: Could have financial problems
2.50 or greater: Strong financially, unlikely risk of bankruptcy.
Observation: The Altman Z Score is generally accepted as a ratio that is highly correlated
with bankruptcy. It works on companies within most traditional industries such as retailers,
wholesalers and manufacturers. For others, such as real estate developers and certain highly
leveraged industries, the Altman Z Score may show a distorted result due to the
disproportionate amount of debt that may be outstanding at a particular point in time.
In most engagements involving strong, solvent companies, the Altman Z ratio usually
generates a score in the 5.00 to 9.00 range. Many leading accounting software packages
include the Altman Z score as part of the analytical procedures (ratios). The author
recommends that practitioners compute the Altman Z Score for all engagements including
audits, reviews and compilations as the accountant/auditor has a responsibility for going
concern in each of those types of engagements.
3. Check for going concern:
SAS No. 59, The Auditor's Consideration of an Entity's Ability to Continue as a Going
Concern provides guidance on evaluating the adequacy of going-concern disclosure in audited
financial statements. SAS No. 59 is the only authoritative auditing literature for going concern
disclosure. Continuation of an entity as a going concern is assumed in financial reporting in the
absence of information to the contrary.
Factors that may indicate a potential going concern problem
Determining whether there is a going concern problem is based on the facts and circumstances
of the case. Factors to consider include:
Unusually liberal credit terms to customers including dating of receivable
Continued operating losses
Negative cash from operations in statement of cash flows
Company is running tight on its working capital line of credit formula
Weak financial ratios such as the Altman Z Score.
Rule under SAS No. 59:
In an audit engagement, if there is substantial doubt of an entity's ability to
continue as a going-concern for one year from the balance sheet date, the
CPA must seek factors that mitigate this fact such as alternative sources of
financing, management's plan of action, etc.
Audit Engagement Developments
234
If, after seeking mitigating factors, the auditor still believes there is still
substantial doubt, SAS No. 59 requires a disclosure and an audit report
modification as follows:
Separate paragraph in the audit report:
As discussed in Note A, the Company has suffered continued losses from operations
and, at December 31, 20X1, has a deficiency in stockholders' equity. These factors
raise substantial doubt about the Company's ability to continue as a going concern.
Management has a plan of action that is described in Note A. The financial statements
do not reflect any adjustments that might result from the outcome of this uncertainty.
4. Check loan covenants and restrictions:
Due to the status of the credit markets in 2012, lenders have continued to tighten up lending
criteria. As loans come up for renewal, lenders may try to renegotiate credit terms. The result
is that auditors should be aware of the risks associated with obtaining and retaining financing,
particularly with respect to marginally profitable companies.
a. Companies with existing financing that is up for renewal may find greater restrictions
placed on them by their bankers including the requirement for additional collateral and
more stringent performance ratios and covenants
b. Commercial real estate loans may require an infusion of cash by the owner because of
declines in real estate values.
Auditors need to consider the impact of lower cash flow on loans in terms of how they will
impact loan covenants, and whether the entity can fund cash flow.
5. Be aware of client pressures to reverse allowance and reserve accounts:
Some companies treat their allowance accounts and reserve for inventory obsolescence to be
"rainy day funds." Throughout the past decade, many auditors have left excess amounts in
selected reserve and allowance accounts based on the argument that higher allowance or
reserve account balance reflected a lower, more conservative net income. If a company is
experiencing a decline in profitability, there may be an attempt by management to reduce those
accounts to their lower, actual estimated balances with a corresponding credit to an expense or
cost of sales. Such an entry results in a credit to net income, most of which relates to prior
years. Auditors should consider whether such entries, if any, are material.
6. Inventory lower of cost or market value:
As previously discussed in this course, many companies have gradually cleaned up their excess
inventory levels, leading to a demand for additional orders which may be the continued
catalyst for economic growth. However, many companies are still holding onto older slower-
Audit Engagement Developments
235
moving, obsolete items. Auditors should consider the possibility that a reserve for
obsolescence might have to be set up or increased to accommodate the obsolete goods.
7. Impairment issues- real estate:
Commercial real estate vacancies are still high and rental rates per square foot are relatively
low as compared with five years ago. Also, real estate has been valued at record high levels
due to low capitalization rates fueled by low interest rates. Auditors should be aware of the
risks that real estate might be impaired, requiring a write down in accordance with ASC 360,
Property, Plant and Equipment (includes former FASB No. 144.) The writedown may be the
result of two causes. First, commercial real estate may be overpriced due to high vacancies.
Second, as interest rates climb capitalization rates used to value real estate will increase,
resulting in lower real estate values.
Note further that many bank loans have “call” provisions under which the banker may take
action if the value of the real estate declines. Action may include either requiring the borrower
to infuse additional cash to keep the loan in equilibrium with the original loan-to-value, or may
allow the borrower to call the loan.
8. Writedowns of investment values:
Companies that have investments in securities may have experienced declining stock values.
Additionally, companies may be holding investments in nonsecurities, such as a closely held
stock or partnership investment.
In such instances, the auditor should consider the accounting for any potential declines in
values.
ASC 320, Investments in Debt and Equity Securities (formerly FASB No. 115), addresses the
accounting for securities by categorizing securities into three categories.
The three (3) categories are as follows:
Debt securities held-to-maturity- Debt securities that management plans to hold until
maturity.
Trading securities- Both debt and equity securities that are bought and held for the
purpose of selling them in the near term (generally within one year).
Available-for-sale- Both debt and equity securities that are not categorized as either held-
to-maturity or trading securities, are automatically categorized as available for sale. In
this category, management has essentially not decided what it plans to do with the
securities.
Audit Engagement Developments
236
The category in which a security is placed is determined at the time of purchase based on
management's positive intent and ability. Once a security is placed in a particular category, it
generally can be changed only where there are significant unforeseeable circumstances.
ASC 325, Investment- Other (formerly part of ARB No. 43), addresses the accounting for
investments not covered by FASB No. 115, namely non-security investments, including
investments in closely held businesses. ASC 325 states that such non-security investments
should be recorded at amortized cost.
Decline in the investment value that is other-than-temporary:
Regardless of whether there is an investment in securities (publicly traded bonds or stocks) or
non-securities (closely held investments), there is an overriding rule found in ASC 320, Debt
and Equity Securities (formerly FASB No. 115) and ASC 325 (formerly ARB No. 43), that
deals with a decline in the value of an investment that is other than temporary.
Specifically, if there is a decline in value that is other than temporary, the amortized cost
should be written down to fair value and a realized loss should be recorded on the income
statement. The fair value becomes the new cost basis going forward to the next year. Once
written down to fair value, in future years, the value may not be written back up to the original
cost.
What does other-than-temporary mean?
ASC 320 (formerly FASB No. 115) gives an example of where the “other-than-temporary”
threshold might be met with respect to a debt security:
“If it is probable that the investor will be unable to collect all amounts due
according to the contractual terms of a debt security not impaired at acquisition,
an other-than-temporary impairment shall be considered to have occurred.”60
Examples of factors that might suggest an other-than-temporary impairment has occurred are
as follows:
1. Fair value is significantly below amortized cost.
2. There has been a decline and it is attributable to adverse conditions specific to the
security or the industry or its geographic area, and the decline has existed for an
extended period of time.
60
ASC 320 (formerly FASB No. 115). The FASB statement also references that the “other-than-temporary” definition is
found in AICPA Auditing Interpretation of SAS No. 1, Evidential Matter for the Carrying Amount of Marketable
Securities, and SEC Staff Accounting Bulletin No. 59, Accounting for Noncurrent Marketable Equity Securities.
Audit Engagement Developments
237
3. A decline exists and management does not have the intent and ability to hold the
security for a period of time sufficient to allow the security to recover its value. If it is
a debt security, management does not plan to hold the security until maturity.
4. A security has been downgraded by a rating agency or the financial condition of the
security issuer is known to have deteriorated.
5. The issuer has reduced or eliminated dividend payments, or has not made required
interest payments.
6. The issuer has recorded losses from the security after year end.
What is the value of a security or non-security investment?
Determining the value of a security is much easier than that of a non-security investment.
Securities (debt or equity) typically have a readily determinable market value that is published.
Nevertheless, regardless of the type of investment, the fair value is a compilation of various
factors including:
The issuer’s financial condition and performance including the quality of assets,
earnings trends, and other financial factors
The prospects within the industry and region
Management’s intent with respect to the investment.
With respect to investments in closely held entities, determining the fair value is more difficult
because published information on the investee may not be available.
Auditing the investment writedown
SAS No. 92, Auditing Derivative Instruments, Hedging Activities, and Investments in
Securities, provides authoritative guidance on how to audit investments in securities. Similar
guidance should be followed for auditing investments in non-securities. Specific requirements
in SAS No. 92 include:
a. If a writedown has been made, make sure it is recorded as a realized loss on the income
statement
b. Test the loss computation
c. Ensure that previously written-down losses have not subsequently been written back up
d. Make sure that the summary of written down investments is complete and accurate
Audit Engagement Developments
238
e. Consider the credit rating of the counterparty, and
f. Conclude on the adequacy of the impairment writedown and adjustment.
9. Watch out for round-trip transactions:
The use of round-trip or “wash” transactions can artificially inflate revenues and profits by
creating a flow of funds that circulates back to the company in a different form from when it
was initially disbursed by the company.
The AICPA’s Audit Risk Alert gives an example of how round-trip transactions occur to inflate
an entity’s revenue.
Step 1: Company A pays an inflated amount to a vendor for services or products.
Step 2: The vendor buys products or services from Company B.
Step 3: Company B buys products or services from Company A.
Step 4: Company A records the sale to B as revenue.
The result is that Company A has inflated revenue from the transaction even though the
transaction might be a profit wash in that Company A has additional revenue and additional
cost from the payment to its vendor. However, by inflating revenue, Company A may be able
to make the case to a third-party investor or financer that the Company’s revenue base is
growing.
Auditors and accountants should be aware of the above transactions that lack economic
substance.
10. Look for games being played with expenses:
If management is not playing games with revenue, it might attempt to manipulate expenses as
a means to augment an entity’s profitability. Here are a few ways in which management might
attempt to manipulate expenses:
Expenses are capitalized despite no evidence of future benefit beyond the current
reporting period
Increasing salvage values and useful lives of depreciable assets
Not accruing expenses that should be accrued
Not writing off costs capitalized on aborted projects
Recording liabilities and related expenses in the wrong period
Audit Engagement Developments
239
Under or overstating asset allowance accounts including allowance for bad debts and
obsolete inventories
Netting expenses and revenue where there is no legal right of offset, and
Misclassifying expenses on the income statement above or below the line.
11. Check for “slush-fund” reserves and “rainy day” funds and distorted estimates:
During difficult financial times, management may take a posture to manipulate financial
statements from one end or the other:
a. Management may feel pressure to meet projections, thereby understating allowances
and reserves to achieve financial goals.
b. Management may also decide that it has sufficient income for the current year and
might “save” extra income for the next year by understating income using excess
reserves, accruals and allowance balances.
Similarly, in a year of a significant loss, management might decide to increase the loss by
increasing allowances and reserves, thereby saving income for future years.
Example: Company X has a large loss in the current year. X decides that there
would be no impact if the loss was even larger. Thus, X increases its loss by
increasing both the allowance for bad debts and allowance for obsolete inventory.
In the next year, X reverses the overstated amount in the allowance accounts and
credits them to expense and cost of sales.
Conclusion: X has played the game of using slush funds to manipulate income
from year to year.
Auditors and accountants can sometimes focus on the wrong end of management’s objectives.
Because the concept of conservatism is embedded in the accounting psyche, auditors and
accountants may permit management to overbook reserves and allowances based on the
concept that “a more conservative net income is better.” However, by doing so, the auditor or
accountant is being set up for a potential problem in future years in which management decides
to reverse the accruals, allowances and reserves, thereby artificially inflating future years’
income.
The concept of using “rainy day” funds has been around for quite a while, yet the focus on
them in recent years is relatively new for auditors and accountants.
Auditors and accountants need to understand the underlying assumptions used in
management’s estimates for accruals, allowances and reserve accounts and must review any
Audit Engagement Developments
240
changes in estimates to determine that they are reasonable, and that they are supported with
sufficient evidential matter.
In assessing the assumptions used by management to develop estimates, auditors and
accountants should consider whether:
The assumptions used are consistent with the sources from which they were derived
The assumptions are consistent with management’s plans
The information used is reliable
There was sufficient sources of information used to develop the estimate
12. Look at underfunded pensions and post-retirement benefit obligations:
Many pension funds are now underfunded even though many defined benefit and post-
retirement benefit obligations were overfunded less than a decade ago.
The results can be significant:
Newly required funding may deplete future cash flows and affect profitability.
The required funding may affect loan covenants.
Additionally, management might alter actuarial assumptions in order to minimize the
obligation to be recorded.
1. With the drop in interest rates, management might attempt to discount the obligation
using a higher-than-market interest rate. A higher rate will yield a lower present value
of benefits obligation.
2. Management may change employee retention and participation rates as well as the
amount and timing of the future benefit payments.
13. Auditors may wish to assist clients in tightening up operations:
In all business cycles, accountants and auditors can assist clients in tightening up operations by
performing two services:
a. Expense reduction review and performance review
b. Profitability analysis on customers and product lines
Audit Engagement Developments
241
Expense reduction involves performing an analysis of the efficiency of operations including
labor and operating expenses. The objective is to identify where a company can reduce costs
that may have bloated gradually over a long period of time.
Profitability analysis entails performing a vertical analysis of each major customer or product
line to ascertain whether certain customers or lines should be eliminated altogether.
The 80-20 rule is an important one. That is, 80% of a company's profitability comes from 20%
of its customers or products. The remaining 80% of the customers or products generate only
20% of the company's profitability. Some of the 80% can be eliminated altogether from the
client's business.
Consider the following example of a client of the author who asked for assistance in evaluating
the profitability of its major customers.
Facts: The client asks the author to assist in an analysis of certain larger customers. The client
is concerned that the larger customers are "squeezing" the client on sales prices to the extent
that the business may no longer be profitable.
------Customer X------
Company
Total
Sales $8,000,000 100% 100%
Direct costs: direct labor, materials and
variable overhead, and variable selling
costs
(5,800,000)
(72%)
(48%)
Contribution margin 2,200,000 28% 52%
Fixed overhead (2,360,000) (30%) (30%)
Net income- absorption cost $(160,000) (2%) 22%
Should the client stop doing business with the customer with whom he is losing $(160,000)?
Conclusion: The above analysis is a traditional direct-cost analysis whereby a contribution
margin (sales less variable costs) is calculated to determine the amount being contributed to
fixed overhead.
Other types of analyses can be performed such as activity-based accounting.
Using the above analysis, assuming that no other factors are significant, Company X is actually
profitable since there is a contribution to fixed overhead in the amount of $2.2 million. If the
client stops doing business with Customer X, other business must be developed to pay for the
$2,200,000 of fixed overhead that it absorbs. The exception is where there is a limit in the
amount of business it can accommodate, and the company has other, more profitable business
that can replace Customer X's business.
Audit Engagement Developments
242
The above analysis can be done on all significant customers or product lines to eliminate
marginally profitable business.
14. Watch out for related party transactions:
If a company is experiencing a downturn in its business, there may be an incentive to use
related-party transactions to disguise the true financial situation. Here are a few:
a. Specific abuses in related party transactions:
The auditor or accountant may encounter transactions with related parties that either lack
economic substance or are not disclosed. Examples include:
Sales and expenses:
Sales without economic substance, such as round-about transactions in which the entity
loans money to an affiliate who, in turn, remits it in a sales transaction.
Sales that do not result in the risks and rewards of ownership passing to the related party
purchaser (e.g., right to return the goods, a commitment by the seller to repurchase the
goods, etc.).
Sales or purchases among related parties at little or no cost.
Sales recorded from a related party for services never rendered.
Sales to a related party middleman at a below-market price. The middleman then sells
to the ultimate customer at a higher price while the related party retains the difference.
Having one party pay the expenses and costs for another related party.
Large, unusual transactions with related parties near or at year end.
Loans:
Loans between entities on an interest-free basis or at an other-than market rate, or that
have no scheduled terms of repayment.
Loans that have an unusually high interest rate and the resultant higher interest income.
Loans to entities that do not have the ability to repay them.
Advances of company funds to a related party who, in turn, uses the funds to repay an
otherwise uncollectible loan or receivable.
Audit Engagement Developments
243
Loans made to a related party and subsequently written off.
Forgiveness of a loan so that the debtor can recognize extinguishment of debt income.
Note: A comment made by peer reviewers is that auditors and accountants do not consider the
collectibility of intercompany receivables. The auditor should consider the viability of the
affiliate and whether the loan is collectible. If not, an allowance may have to be established.
Moreover, in certain situations involving related party debt, ASC 470, Debt (formerly found
in APB No. 26), clearly states that "the extinguishment transactions between related parties
may be, in essence capital transactions." Thus, depending on the extent to which there are
related parties, any forgiveness should be credited to equity as additional paid in capital.
Recording the transaction as forgiveness of debt income on the income statement would not be
appropriate given the related party nature of the loan.
Asset transactions:
Purchasing assets from a related party at above-market prices
Selling real estate at an amount that is significantly different than the appraisal or
market value
Exchanging similar property in a nonmonetary transaction
Sale of land with arranged financing
Sale of marketable securities at a discount from quoted market prices.
b. What an auditor should do about related party transactions:
The AICPA’s Audit Risk Alert makes some recommendations about how an auditor can deal
with related party transactions.
Searching for related party transactions:
Review material cash disbursements and other transactions
Discuss with tax and consulting personnel who have provided services to the client
whether they are aware of any related party transactions
Discuss with other professionals (lawyers, predecessor auditors) about related parties
Audit Engagement Developments
244
Use the Internet to search records for the names of principals of the audit client to find
other affiliated entities
Auditing known related party transactions:
Once the auditor has discovered a related party transaction, he or she might wish to perform
some or all of the following procedures.
Develop an understanding of the business purpose of the transaction(s)
Examine evidence related to the transaction(s) including invoices, copies of
agreements, contracts, and other documents (receiving and shipping reports, etc.)
Obtain evidence that the transaction(s) was approved by the board of directors or other
management
Test the adequacy and accuracy of the related party disclosure
Make sure that there are concurrent audits of intercompany balances and that
information is obtained for such balances at the same time
Examine or confirm evidence about the transferability and value of collateral
Confirm transaction terms and amounts such as guarantees and other information, with
the other party to the transaction
Examine or inspect evidence in the hands of the other party to the transaction
Discuss significant information with other third parties including banks, attorneys,
agents, etc.
Review financial publications, trade journals, credit agencies, etc. and other sources
when there is concern that related party transactions lack economic substance
Examine the financial statements, tax returns, and other information of related parties, if
such information is available.
Observation: The auditor should be careful that related party disclosures are not misleading.
In general, a related party disclosure should not express or imply that the transactions were
arms-length unless such a claim can be substantiated.
Audit Engagement Developments
245
REVIEW QUESTIONS
Under the NASBA-AICPA self-study standards, self-study sponsors are required to present
review questions intermittently throughout each self-study course. Additionally, feedback must
be given to the course participant in the form of answers to the review questions and the reason
why answers are correct or incorrect.
To obtain the maximum benefit from this course, we recommend that you complete each of the
following questions, and then compare your answers with the solutions that immediately
follow. These questions and related suggested solutions are not part of the final examination
and will not be graded by the sponsor.
1. Which of the following is the formula for the Days Sales in Accounts Receivable ratio:
a. 365SalesNet
PayableAccounts
b. 365Re
SalesNet
PayableAccountsInventoryceivableAccounts
c. 365SalesNet
Inventory
d. 365Re
SalesNet
ceivablesTrade
2. If a company has an Altman Z Score of 2.50 or greater, that company:
a. Could be in default of its loan agreements
b. Could have financial problems
c. Is headed toward bankruptcy
d. Is strong, with an unlikely risk of bankruptcy
3. Which of the following factors might suggest that an other-than-temporary impairment has
occurred in a security investment:
a. A rating agency has upgraded a security
b. Amortized cost is significantly below fair value
c. Losses are recorded from the security after year end
d. Management intends to hold the security to allow a value recovery
4. Auditors should be aware of _______________ that circulate a flow of funds back to the
company in a different form than the company initially disbursed.
a. Investment writedowns
b. Manipulation of expenses
c. Round-trip transactions
d. Slush-fund reserves
Audit Engagement Developments
246
5. In what way can accountants and auditors help clients tighten up operations:
a. Use the 50-50 rule with respect to evaluating a company’s profitability
b. Horizontal analysis of major customers
c. Analysis of product lines’ profitability
d. Absorption cost review
Audit Engagement Developments
247
SUGGESTED SOLUTIONS
1. Which of the following is the formula for the Days Sales in Accounts Receivable ratio:
a. Incorrect. The formula for Days Payables Outstanding is 365SalesNet
PayableAccounts
b. Incorrect. The formula for Days in Working Capital is
365Re
SalesNet
PayableAccountsInventoryceivableAccounts
c. Incorrect. The formula for Days Supply in Inventory is 365SalesNet
Inventory
d. Correct. The formula for Days Sales in Accounts Receivable is:
365Re
SalesNet
ceivablesTrade
2. If a company has an Altman Z Score of 2.50 or greater, that company:
a. Incorrect. Where the ratios for Times Debt Service is earned and Interest Coverage are
below 1.0, there is a risk that the company may not be able to fund debt service and
could default on its loan agreements. An Altman Z score of 2.50 or greater has nothing
to do with whether an entity is in default on a loan.
b. Incorrect. If a company has an Altman Z Score of 1.00 to 2.50, that company could have
financial problems, but generally not so if the ratio is 2.50 or greater.
c. Incorrect. If a company has an Altman Z Score of 1.00 or less, that company is headed
toward bankruptcy.
d. Correct. If a company has an Altman Z Score of 2.50 or greater, that company is
strong financially, with an unlikely risk of bankruptcy.
3. Which of the following factors might suggest that an other-than-temporary impairment has
occurred in a security investment?
a. Incorrect. The fact that a rating agency has downgraded, not upgraded, a security rating
may suggest there is an impairment.
b. Incorrect. If fair value is significantly below cost, there could be an impairment, not the
other way around.
c. Correct. If losses are recorded after year end, an other-than-temporary
impairment might have occurred and been in place at year end.
d. Incorrect. If management has both the intent and ability to hold the security for enough
time for its value to recover, it is not likely that there is an impairment. Instead, if
management does not have the intent or ability to hold the security for a period of time
sufficient to allow the security to recover its value, an other-than-temporary impairment
might have occurred.
Audit Engagement Developments
248
4. Auditors should be aware of _______________ that circulates a flow of funds back to the
company in a different form than the company initially disbursed.
a. Incorrect. Investment writedowns have no flow of funds back to the company.
b. Incorrect. Manipulation of expenses may impact the income statement but has no direct
effect on the circulation of flow of funds back to the company.
c. Correct. Auditors should be aware of round-trip transactions that create a flow of
funds that circulate back to the company in a different form from when it was
initially disbursed by the company.
d. Incorrect. Slush fund reserves result in the manipulation of income from period to
period but do not affect funds flow.
5. In what way can accountants and auditors help clients tighten up operations:
a. Incorrect. Typically, an 80-20 rule is used, not 50-50. The 80-20 rule is important to
consider when performing a profitability analysis: 80% of a company’s profitability
comes from 20 % of its customers or products.
b. Incorrect. A vertical analysis is used, not a horizontal one. Profitability analysis entails
performing a vertical analysis of each major customer or product line to ascertain
whether certain customers or lines should be eliminated altogether.
c. Correct. One of the two ways that accountants and auditors can help clients
tighten up operations is through profitability analysis of customers and product
lines.
d. Incorrect. Generally, an absorption cost review is not one of ways identified to tighten
up operations.
Audit Engagement Developments
249
XXV. Lessons From Litigation
A. Introduction:
In recent years, we have seen tremendous growth in litigation claims that has expanded
throughout all segments of society. In particular, the professions have seen increases in claims
at an exponential level. Doctors, lawyers, architects and accountants have all experienced the
threat of a lawsuit from a client or third party, whether frivolous or not. The result has been
skyrocketing malpractice insurance premiums.
With accountants, the highly publicized cases against the national CPA firms represent a small
percentage of the overall claims against accountants. More and more claims are being initiated
by smaller, closely held business owners, along with a significant increase in the number of
claims made by third parties. The average claim against accounting firms is settled in the range
of $100,000- $250,000.
Given the weakening of the third-party privity defense in most states, accountants continue to
be exposed to third-party lawsuits, despite the fact that there is no contract between the
accountant and the third party.
Most malpractice insurance companies concede that lawsuits against accountants now come
from sources once thought to be unlikely.
Consider the following summary compiled by the author through interviews with several top
malpractice insurance companies:
1. There is a significant increase in lawsuits initiated by third parties such as bankers and
trustees:
15% of lawsuits are initiated by third parties
85% of lawsuits are initiated by clients
2. A significant portion of lawsuits relate to non-traditional tax and audit services such as:
Compilations and review engagements
Writeup engagements
Management advisory services
3. Most lawsuits occur within the first five years of the auditor's relationship, with most of the
litigation revolving around the first year.
Audit Engagement Developments
250
4. Approximately 20-25% of all claims against accountants relate to compilation and review
engagements.
5. The courts tend to hold accountants responsible well beyond the standards applicable to the
engagement:
The complexity of facts in lawsuits has increased, making it difficult to defend in front
of a jury.
Juries do not understand the issues at hand in lawsuits- thereby pooling audit, review
and compilation engagements under one level of responsibility.
Juries tend to hold accountants to the level of guarantors.
Many jury rulings imply that the accountant must go so far as to protect clients from
themselves.
Jury awards clearly demonstrate that there is a perception gap between what the public
believes the accountant delivers and the actual service delivered.
Accountants tend to be poor witnesses-- too precise and accurate to persuade a jury of
the facts.
6. Competitive pressures have moved accountants into areas of greater risk whereby
accountants are:
Keeping or accepting higher risk clients
Accepting engagements outside their areas of expertise
Overselling their abilities to gain new clients
Criticizing the predecessor firm after obtaining a client from that firm.
Using a standard (canned) audit program instead of customizing program design for
particular risk areas.
B. Common Pitfalls For Accountants
The following is a list of common pitfalls that continue to expose accountants to loss in
litigation.
1. Failure to maintain professional skills:
Not keeping up with CPE, professional journals and society programs, particularly
in the area of accounting and auditing.
Not using up-to-date manuals and checklists.
Audit Engagement Developments
251
2. Working in areas and industries outside of expertise:
Lack of familiarity with GAAP and GAAS.
Not consulting with outside experts such as professional societies, AICPA, FASB
and insurance-carrier hotlines.
Not familiar with industry norms such as accounting methods, relationships, and
credit policies.
3. Unprofessional working habits:
Failure to document work including:
- Insufficient workpapers
- Using canned programs rather than customized programs
- Insufficient financial statement disclosures
- Not documenting recommendations made to clients
Failure to notice the obvious-too much time looking at the trees and not the forest
4. Failure to maintain a good relationship with clients:
Not communicating a clear understanding of responsibilities to the client
Having a poorly drafted engagement letter
Overselling the firm’s abilities and expertise: Using high-priced employees to sell
the firm without introducing the junior staff who will actually work on the job.
Failure to communicate effectively:
a. Omitting information up front
b. Not being straight forward about areas of risk
c. Using too much jargon with terms such as GAAP, GAAS, etc.
Not being available to clients
a. Not returning telephone calls promptly or at all
Agreeing to an unrealistic schedule by not saying “no” to a client
Maintaining a improper distance from your client
a. Being too close may compromise independence
b. Being too far may result in lack of regular contact, failure to return calls, etc.
5. Failure to properly hire and supervise staff:
Not recognizing employee financial problems
Audit Engagement Developments
252
a. Staff may be vulnerable to client bribes or may steal from a client
Not recognizing employee personal problems such as alcohol and substance abuse,
gambling and other addictions
Note: Abusive personalities gravitate toward abuse during times of stress (e.g., audit
and tax season)
Not checking employee references
Not emphasizing quality over quantity
a. A deterioration of quality in exchange for speed exposes the firm to the risk of
errors.
Not prohibiting employee moonlighting
a. Employees who moonlight may have poorer job performance during the day.
b. Employees who moonlight usually do not carry personal liability insurance.
c. The firm may be named as a co-defendant if the employee is sued, using the
argument that the employee was working on behalf of the firm under apparent
authority.
Risks of using per diem employees
a. Not checking to ensure that per diem employees have adequate CPE in the area
of the engagement.
b. Not properly overseeing the work of the per diem employees.
c. Being complacent that the per diem employees are “seasoned veterans” not
requiring the same degree of supervision as the firm’s other staff.
d. Accepting the “bad workpaper habits” of per diem employees.
6. Conflicts of interest/independence issues:
Bringing parties together of mutual interest
a. The accountant may be held liable for damages due to recommending one party
to another.
Accepting referral fees and commissions
a If commissions are received, independence may be impaired.
b. Not disclosing that a commission or referral fee will be received.
Audit Engagement Developments
253
Getting in the middle of clients’ disputes
a. There is a risk that one or both parties may sue the accountant for having a
conflict of interest such as in the case of a divorce.
7. Lowballing fees:
Cutting corners on the engagement to accommodate the low fee.
8. Suing clients for fees:
More than 50% of all clients that are sued will file a counterclaim for malpractice.
Alleging negligence usually forces the accountant to drop the suit for fees.
9. Failure to discover fraud and defalcations:
Juries believe the auditor is responsible for finding fraud in audit, review and
compilation engagements as well as write-up engagements.
More pronounced in small companies with weaker segregation of duties.
A single defalcation can be devastating to a smaller company as compared with a
larger company. Damages against the accountant can be more significant if a smaller
company is involved.
Accountants do not recognize the fraud risk factors such as:
- Lack of management integrity
- Weak competitive position, tempting management to commit fraud
- Lack of operational capabilities, including not enough personnel, machines, and
resources
- High turnover of accounting personnel
- Firing of the previous accounting firm or a series of firms within several years
- Board or key executive resignations
- Changes in the way business is conducted including deep price discounts
- Pressure to increase earnings particularly with start-ups and companies for sale
- Pressure to satisfy loan covenants
- Significant year-end transactions that favorably impact earnings
- Related-party transactions
- Lack of documentation for transactions
- Weak internal controls
- Using offsetting transactions that zero out
- Loss of a major customer
Audit Engagement Developments
254
Employee defalcation factors: Employees who:
- Live beyond their means
- Never take a vacation
- Are the first in and last out each day
- Never share tasks
- Never ask for a raise
- Resist changes to existing bookkeeping methods
- Offer superiors frequent examples of their loyalty and productivity
C. Top Ten Actions to Minimize the Risk of Being Sued
The following is a list of the top ten actions to minimize the risk of being sued. This list was
compiled by the author as a result of various discussions with top malpractice insurance
companies.
1. Tighten Up Engagement Letters
2. Watch Out for Bad Clients
3. Take Precautions for Fraud and Defalcation
4. Protect the Privity Defense Against Third Parties
5. Supervise and Manage Personnel
6. Have a Workpaper Retention Policy
7. Improve Billing Procedures
8. Never Sue to Collect Unpaid Fees
9. Tighten Up Workpapers
10. Improve Client Relations
Here is a discussion of just a few of the above ten recommendations
Recommendation: Tightening Up Engagement Letters-Litigation-Friendly Clauses
To mitigate the effects of litigation against auditors, more accounting firms are including
protective language in their engagement letters. The engagement letter is the contract between
the client and the auditor and should clearly reflect the understanding and responsibilities of
both parties. SAS No. 108, Planning and Supervision61
, provides a list of required and
recommended language that should be included in an engagement letter. Excerpts from this
statement are included below.
Examples of provisions to include in the engagement letter that might assist the auditor in
litigation include:
1. Responsibilities for fraud- SAS No. 99 requirements- required
61
Effective December 31, 2012, SAS No. 108 is replaced by AU-C 210, Terms of Engagement.
Audit Engagement Developments
255
2. Limitations on use or reproduction of the audit report for unknown third parties -
recommended
3. Indemnification to the auditor from liability arising from management misrepresentations
that result in legal fees incurred by the auditor- recommended
4. Ownership of workpapers- recommended
5. Mediation clause, but never an arbitration clause
Based on previous decisions, reference to some or all of these items has been helpful in
minimizing the damages against the auditor. Of course, the auditor must balance the need to
include some or all of these provisions in his or her engagement letter, without alienating his or
her client who may be reluctant to include them.
Sample Language To Be Included In The Engagement Letter:
Fraud: We will plan and perform the audit to obtain reasonable, but not absolute,
assurance about whether the financial statements are free from material mis-
statement due to error or fraud. Because of the concept of reasonable assurance and
because we will not perform a detailed examination of all transactions, there is a risk
that material errors, fraud, or other illegal acts, may exist and not be detected by us.
Further, we have no responsibility to search for fraud and, our audit is not designed
to detect an error or fraud that is immaterial to the financial statements.
Use of Report by Third Parties: We understand that you have a loan outstanding
with NoLoan Bank and Trust and that the purpose of our report on your financial
statements is to enable you to present the audited financial statements to NoLoan
Bank and Trust. We are not aware of any other persons, entities, or limited groups
of persons or entities for whose use or benefit this report is intended or
contemplated. In the event that, during the term of this engagement, you decide to
provide a copy of the audited financial statements to a particular person or entity in
connection with a contemplated transaction, you have agreed to notify us in writing
prior to the issuance of the report of the identity of such person or entity and the size
and nature of the contemplated transaction.
Indemnification: If we incur legal fees as a result of our reliance on any false
representation made by you, you agree to reimburse us for all of our legal fees and
related costs of defense.
Note: There are several cases cited by malpractice insurance carriers where a CPA
firm was sued by a former client who went bankrupt and sued the CPA firm for the
audit failure. This occurred even though management lied to the firm about certain
issues. By including the above indemnification language in the engagement letter,
Audit Engagement Developments
256
the firm was able to favorably settle the case and received reimbursement of its legal
fees for its defense.
Ownership of Records: Our working papers of our engagement remain the
property of James J. Fox & Company and constitute confidential information.
Except as discussed below, any requests for access to our working papers will be
discussed with you before making them available to requesting parties.
a) Our firm, as well as other accounting firms, participates in a peer review
program covering our audit and accounting practices. This program requires that
once every three years we subject our system of quality control to an
examination by another accounting firm. As part of this process, the other firm
will review a sample of our work. It is possible that the work we perform for
you may be selected for review. If it is, the other firm is bound by professional
standards to keep all information confidential.
b) We may be required to make certain workpapers available to Joe Regulator
pursuant to authority given to it by law or regulation. If requested, access to such
workpapers will be provided under the supervision of our firm personnel. Further,
upon request, we may provide copies of selected workpapers to Joe Regulator and
such copies may be distributed by Joe Regulator to other third parties including
government agencies.
Mediation: In the event of a dispute over our engagement, we mutually agree that
any dispute that may arise in connection with our engagement will be submitted to
mediation by selecting a third party to help us reach an agreement. We acknowledge
that the results of this mediation will not be binding upon either of us. The costs of
the mediation will be shared equally by both of us.
What about an arbitration clause?
Generally, arbitration clauses are dangerous with respect to a professional engagement.
Arbitration is legally binding and the process can restrict the accountant from proving his or
her case. Arbitrators are known for “splitting the difference” and there are limitations on the
extent of discovery that can be presented in the hearing. In a malpractice case, an accountant
that has excellent workpapers may be precluded from presenting those papers as evidence.
Most insurance carriers state that an arbitration clause should be avoided and can be included
only with respect to fee disputes, and not malpractice cases.
Recommendation: Watch Out For Bad Clients
An auditor should be watchful of clients and related engagements that may have a high risk of
lawsuit. In particular, certain clients have attributes that, in the event of loss, could lead to
litigation.
Audit Engagement Developments
257
In particular, there has been recent discussion of the importance of assessing clients. An in-
depth discussion of this issue was presented in an article published in The Practicing CPA,
entitled, Do You See Trouble When It Walks in the Door? (Mary C. Eklund, Esq.).
In her article, Ms. Eklund makes reference to the idea of "bad clients" and that CPAs continue
to expose themselves to litigation when they fail to consider whether a particular client
represents a litigation risk. Many times, the CPA recognizes that there could be a risk, yet
takes no action because "it couldn't happen to us."
Ms. Eklund identifies several early hints of trouble that the CPA should be aware of such as:
1. Symptoms of a Problem Client:
a. High business risk:
In a start-up mode
Poor record keeping
Operates in litigious or declining industry
Has a history of litigation
Has poor internal control
High employee turnover, such as the accounting department
Director resignation
Slow payment to suppliers and service providers
Has poor credit or inadequate working capital
Large or unusual year-end transactions
Unusual sources of loans or high rates on loans
Material transactions not recorded in the usual manner
Suspicious confirmation responses
Owner acts dishonestly
b. Deterioration in the client’s relationship with the firm:
A client who:
Does not deliver information on a timely basis
Fails to pay the firm on time
Has unrealistic schedules, deadlines and demands by the client
Fails to return the firm’s telephone calls
Is unreasonable or consistently ignores the accountant's advice, is disreputable and a
bully
Demands an unusually low fee or unrealistically fast service
Refuses to sign engagement or representation letters
Audit Engagement Developments
258
Gives evasive answers or makes it difficult for auditors/accountants to get
information or documents
Has significant weaknesses in accounting and administration controls
Whose personality and attitude changes
Has personal financial pressures
Has a history of changing accounting firms
Who creates emotional turmoil
c. Change in client’s business:
Company plans to go public
Business is for sale
Client ownership and management transition is in process that may expose the firm’s
work to heightened scrutiny
There is a change in the client’s type of business that places the firm into unknown,
unfamiliar areas outside of its expertise.
d. Conflict of interest issue emerges: Intra-family disputes, including potential divorce or
sibling fighting may place the auditor in the middle of a battle that could lead to
ultimately being sued by all sides involved.
e. Management’s disregard for internal controls and record keeping: Management sets the
tone for the organization. If management has a low regard for internal controls and
recordkeeping, that attitude will permeate throughout the organization.
f. Management refuses to sign engagement or representation letters: Management’s
unwillingness to sign an engagement letter is a red flag that management cannot be
trusted. Management’s refusal to sign a representation letter is a scope limitation.
Observation: There are two important changes that can significantly expose the auditor to
risk: a sale of the business and a change in management. If a sale of business is anticipated, the
client may attempt to inflate earnings and equity to increase the sales price. Because the sales
price is a multiple of earnings (e.g., multiple times EBITDA), the impact of a small increase in
net income may be significant. For example, if a client intentionally inflates income by
$100,000, it could impact the sales price by $500,000, based on a five-times EBITDA
multiple. In addition, the purchaser may have a third-party claim against the auditor because
the purchaser will be a known third party to the auditor, most likely relying on his or her audit
report and related financial statements to formulate the purchase price.
The second situation in which an auditor is most vulnerable to being sued is where a client
hires new management. When a new manager arrives, he or she may uncover a fraud,
defalcation, or error relating to the previous manager. The manager may hire his or her own
auditor, who further scrutinizes the work of the predecessor auditor. This scenario could result
in a claim against the auditor.
Audit Engagement Developments
259
If the auditor sees some of the symptoms of a bad client, he or she should reconsider whether
the risk is too significant to continue with the engagement. Ways to evaluate whether to
continue with the engagement include the following:
a. Evaluate the client's real needs and demands: Consider the services needed in
addition to those requested. Ask the question: Can we do what is needed for the amount
being paid?
b. Evaluate the firm's (individual's) ability to handle the client's needs and demands:
Does the firm have the expertise and staffing necessary to do the job?
c. Interview the predecessor accountant, if this is a new client:
Ask the following questions:
Has the client ever lied to you?
Has the client ever unreasonably delayed payment or refused to pay you?
Did the client ever refuse to sign an engagement or representation letter?
Has the client ever threatened to sue you?
Have you ever had a disagreement with the client on accounting principles or tax
matters?
d. Perform an industry check: Ask the prospective client for a list of customers and
suppliers and permission to talk with them.
Does the client pay his/her bills on time, have respect, and maintain good
relationships with peers?
Find out whether the industry is subject to frequent or sudden business failures.
The AICPA’s Practice Aid Acceptance and Continuance of Audit Clients highlights matters
that auditors may wish to consider in connection with establishing policies and procedures for
client acceptance and continuance.
Problem clients have proven to be one of the principal factors giving rise to liability claims
against auditors. Auditors should consider establishing a general firm philosophy specific to
client acceptance.
Audit Engagement Developments
260
Example: Firm only accepts clients who are engaged in legitimate pursuits and should not
present undue business risks to the firm or adversely affect the firm’s reputation.
and should not
Recommended procedures:
Obtain an understanding of the client's business.
Inquire as to the client's reputation and that of high-ranking employees and owners.
Consider management's response to observations about or suggestions for improve-
ments in internal controls made by the predecessor auditor.
Consider the composition and autonomy of the board of directors.
Communicate with the predecessor auditor and inquire as to the reasons for the change
in auditor and to the integrity of management.
Consider the firm's independence with respect to the client.
Consider whether the firm is qualified to handle the audit.
Auditors should devise a formal client acceptance/retention policy based on a client’s
undesirable qualities:
a) Management lacks integrity
b) Weak financial condition
c) Unwillingness to pay professional service fees
d) Management that chronically enters into material high-risk transactions
e) Disregard for internal controls and record keeping
f) Management refuses to sign engagement or representation letters.
Observation: In the post-Andersen era, with the introduction of the Sarbanes-Oxley Act,
many national firms have purged their client list of clients in high risk industries or that,
individually, represent an unacceptable risk to the firm. Other firms are following the same
tact in that they are simply not willing to take the risk of being sued when compared to the
amount of the audit fee derived from the engagement.
Audit Engagement Developments
261
How to get rid of bad clients!
Eliminating a bad client from the firm’s client list can create a greater risk than keeping the
client, if the action is not handled properly. In many instances, notifying the client that the firm
will no longer service his or her account can cause resentment which, in turn, can translate to
blame. Also, there is the issue of how to handle outstanding fees. Should the firm demand
payment or forgive the balance? There are also successor accountant/auditor matters where the
firm must be careful not to provide information to the successor without obtaining permission
from the client. Let’s not forget that approximately 85% of all lawsuits against accountants are
initiated by the client, not third parties.
Evaluating New Clients
In connection with a prospective client, the firm should set up a new client acceptance policy
that includes evaluating the prospect in more depth before being accepted as a new client.
Recommendation: Protect the Privity Defense Against Third Parties
Lawsuits initiated by clients against the auditor may take a different form than those from third
parties, such as banks, investors, etc. Most frequently, the client sues for breach of contract
using the notion that the auditor failed to render the agreed-upon services in the manner
contracted in the engagement letter. Generally, an auditor may be sued under any one of the
following five causes of action:
1. Breach of contract: The auditor failed to perform the agreed-upon services in the
manner contracted in the engagement letter (or verbally, if no engagement letter was
signed).
2. Negligence: The auditor failed to meet professional accounting and auditing standards.
3. Negligent misrepresentation: The auditor provided erroneous information to the client
through failure to exercise due care.
4. Fraud: The auditor knowingly or recklessly made a material false statement of fact or
omitted a material fact.
5. Breach of fiduciary duty: The auditor failed to uphold the responsibility associated
with professionalism and accountability. Examples include unauthorized disclosure of
confidential client information.
Any one or all of the above five causes of action can be brought by a client against an auditor.
However, what about damages claimed by a third party such as a bank, investor or bonding
company? Since the third party usually is not a party to the contract (e.g., engagement letter),
what causes of action can it bring?
Audit Engagement Developments
262
For years, the answer was found in the so-called privity standard, developed after a 1931 court
case, Ultramares Corp. v. Touche, Niven & Co. (New York, 1931).
The privity (contract) standard states:
“Accountants’ liability is limited to those third parties with
whom the accountant has a contractual relationship.”
Under a strict interpretation of this standard, the accountant is exempt from responsibility to a
third party unless the accountant has a contract with that third party. And, usually, the third
party is not a party to the contract (e.g., engagement letter), giving the accountant a shield
against third party lawsuits.
Unfortunately for accountants, since the inception of the privity standard in 1931, case law and
most state statutes have watered down the privity standard to the extent that it applies only in a
few states. The result is that, depending on the state of jurisdiction, responsibility to third
parties can be categorized into four different levels as follows:
1. Privity (discussed above)
2. Near-privity
3. Restatement approach
4. Foreseeability approach
Near-privity: Under the near-privity (near-contract) standard, a third-party that does not have
a contractual relationship with the accountant can still bring suit against an accountant for
negligence if all three of the following conditions apply:
1. The accountant is aware that his or her financial report is to be used for a particular
purpose.
2. A specific, known third party, intends to rely on the financial report, and
3. The accountant’s conduct clearly demonstrates that the accountant is aware the third
party will rely on the financial report.
Note: The near-privity standard is based on the case of Credit Alliance Corporation v. Arthur
Andersen & Co. (1985) in which an auditor was sued by a lender in connection with a client
that filed bankruptcy. Under the near-privity standard, the accountant must know who the third
party is and the fact that the specific third party will rely on the accountant’s report. The task
of documenting that an accountant was aware of third party’s reliance on the report has not
been clearly decided by the courts since the Credit Alliance case. For example, is a telephone
call initiated by a third party to an accountant adequate to confirm that the accountant knew the
third party and that the party would rely on his or her report? It is not clear. What is clear is
that knowing that some unidentified third party will receive the report is usually not enough.
Audit Engagement Developments
263
The identity of the third party must be known for the near-privity defense to be challenged by a
third party.
Restatement approach: In those states that follow the restatement approach, accountants are
responsible to third parties who fall into either one of two categories:
1. Third parties the accountant expressly knows will be provided with the financial report,
and
2. Third parties who are members of a limited class of persons to whom the accountant
knows the financial report will be given.
Note: The restatement approach requires that the accountant know the class of third party
(e.g., bankers, insurance companies, etc.), but not necessarily the name of the party. This
is different from the requirement of the near-privity defense where the name of the third
party must be identified.
Example 1: Fred, an accountant audits a client’s financial statements and issues an
unqualified report. Fred gives the client several copies of the financial statements without
knowing specifically to whom the statements will be provided. The client gives a copy of
the statements to a vendor who grants credit to the client. Subsequently, the client’s
business fails and the vendor sues Fred for negligence. The state of jurisdiction follows
the restatement approach for responsibility to third parties.
Conclusion: Fred is not liable to the vendor because he did not have notice that the
financial statements would be given to the creditor or to a class of third parties (e.g.
vendors).
Example 2: Same facts as Example 1, except that during the audit, the client informs Fred
that the statements will be issued to the vendor, names the vendor, and states that the
vendor will be using the statements to grant credit to the client.
Conclusion: Under the restatement approach, Fred would be responsible to the vendor
because he expressly knew the financial statements would be given to the vendor.
Example 3: Same facts as Example 2, except that during the audit, the client informs Fred
that the statements will be issued to one or more vendors without disclosing names.
Conclusion: Under the restatement approach, Fred would be responsible to any vendor to
whom the statements were given because Fred was aware the statements would be given to
a particular class of third parties (vendors).
Note: In the above series of examples, if the state of jurisdiction followed the near-privity
standard, Fred would have been liable to the third party in Example 2 only, where Fred
Audit Engagement Developments
264
was informed that a known, third party would rely on the report for a particular purpose, to
issue credit.
Foreseeability approach: The accountant is liable to any “reasonably foreseeable” third-
party recipient of the accountant’s financial report provided the third party relies on the report
for its proper business purpose. Further, the accountant is not required to know the specific
third party or how the report will be used.
Example: An insurance company obtains a copy of a client’s financial statements used to
issue an employee fraud policy. Subsequently, employee fraud is found and a claim is
made against the policy. The insurance company sues the auditor, claiming that the auditor
did not disclose certain known information that would have resulted in rejection of the
insurance application. The state of jurisdiction follows the foreseeability approach for
third-party liability.
Conclusion: Assuming there is negligence, the auditor is liable to the insurance company
under the foreseeability approach. It was “reasonably foreseeable” for the insurance
company to be the recipient of the accountant’s financial report. This is the case even
though the auditor did not know about the insurance company or the purpose for which the
insurance company would use the report.
Observation: The foreseeability approach is a very dangerous standard for accountants. The
good news is that, presently, only two states, Wisconsin and Mississippi, follow the
foreseeability approach to third-party liability.
The following chart, published by the AICPA, illustrates the third-party liability laws, by state.
The categorization of each state is always changing based on that state’s recent laws and court
decisions.
Audit Engagement Developments
265
Summary of Third-Party Liability By State
Privity States Near Privity States
Pennsylvania Arkansas Montana
Virginia Idaho Nebraska
Illinois New Jersey
Kansas New York
Louisiana Utah
Michigan Wyoming
Restatement States Foreseeability States
Alabama Minnesota Mississippi
Alaska Missouri Wisconsin
Arizona New
Hampshire
North Carolina
California
Colorado States Not Categorized
Colorado Ohio Delaware North Dakota
Connecticut South Carolina Indiana Oklahoma
Florida Tennessee Kentucky Oregon
Georgia Texas Maine Rhode Island
Hawaii Washington Maryland South Dakota
Iowa West Virginia Nevada Vermont
Massachusetts New Mexico
Source: AICPA Compilation and Review Alert, as modified by the author.
Recommendation: Make Sure You Have a Workpaper Retention Policy:
Auditors should formulate a workpaper retention policy that includes the following:
1. The document retention period should be sufficiently long enough to:
Negate an inference that it was designed to destroy information that could injure
the firm, and
Satisfy the auditor's reasonable needs to obtain information regarding the entity's
prior financial activities.
2. The retention period should be rational in the sense that a longer retention period
should be maintained for documents which are likely to be called upon at a later date.
3. The retention policy should be scrupulously adhered to so as to avoid an inference that
documents were destroyed because they were the subject of litigation.
Audit Engagement Developments
266
Note: SAS No. 103, Audit Documentation62
, requires an auditor to retain audit
documentation for a sufficient period of time with a minimum workpaper retention
period of five years from the report release date, or longer if required by statutes,
regulations, or the firm’s internal quality control policies.
Observation: Historically, in lawsuits against accounting firms, a key factor supporting the
firm’s discarding of its workpapers has been whether the firm did so during a timeframe that
was consistent with the firm’s retention policy.
During the Enron scandal, the auditor, Arthur Andersen, was accused of shredding working
papers. The firm was indicted because the shredding occurred after the firm received a
subpoena for its workpapers. If, instead, the firm had not received the subpoena, presumably,
the firm would have had the right to shred its workpapers provided that shredding was
consistent with the firm’s workpaper retention policy.
The moral of the story is that if a firm has a retention policy, it is imperative that it follow it
consistently so that a third party cannot accuse the firm of discarding workpapers as a means to
remove damaging evidence in a lawsuit.
Sarbanes-Oxley requires auditors of SEC companies to maintain a seven-year workpaper
retention policy. Since the adoption of Sarbanes, several state licensing boards have adopted
portions of Sarbanes, one of which is the requirement of a seven-year retention policy for all
auditors, including those of non-public entities.
Recommendation: Tighten Up Workpapers
Perhaps the most important litigation-proofing a firm can implement is to tighten up its
workpapers. In litigation, a firm’s workpapers are its evidence that it performed the
engagement with due care in accordance with GAAP, GAAS or the SSARSs. In front of a jury,
a talented plaintiff’s attorney can translate a series of minor workpaper flaws into a negligently
performed engagement. The following analysis identifies certain chronic workpaper
deficiencies that have been recurring in litigation.
1. Complete the audit program:
a. Never leave a procedure incomplete (blank) in the program.
b. Do not place “not applicable” next to a procedure that could be performed, but the
accountant/auditor elects not to do it.
c. If the procedure is not needed, it should be eliminated from the program altogether.
62
Effective December 31, 2012, SAS No. 103 is replaced by AU-C 230, Audit Documentation.
Audit Engagement Developments
267
Note: All major publishers offer the audit program in electronic format. This allows the firm
to customize the program and remove any standard procedures that are not going to be
performed during the engagement. From a liability standpoint, it is better for an audit program
to be brief and for all procedures in the program to be completed, than for a larger, canned
program to be used that has a series of incomplete procedures.
2. Remove all “to do” lists or other comments or scribbles from the workpapers that suggest
that the engagement was not completed.
3. Never place jokes in the workpapers or comments about the client.
4. Make sure there is a partner review and sign off on workpapers.
5. Perform analytical procedures:
Analytical procedures that demonstrate no unusual fluctuations are a strong defense in a
fraud claim.
Comparison of data from year to year is the best means to detect going concern and cash
flow problems.
6. Label preliminary financial statements with “draft” or “draft-for internal use only.”
7. Document, document, document:
Show support for positions taken such as AICPA, Hotlines, etc.
Never speculate, only state facts.
Conclude on procedures performed.
Document all communications with client noting the date and what was discussed.
Note: An auditor must document the work he or she does in conducting his or her audit.
Specifically, the auditor must obtain abstracts or copies of significant contracts or
agreements that were examined to evaluate the accounting for significant transactions.
Example: Joe Auditor is auditing X’s accounts receivable. X has a contract with one large
customer that allows for the customer to delay payment (dated terms) for a period of time.
Joe inspects the contract in determining whether accounts receivable is collectible.
Conclusion: Joe should document the contract inspected including retaining a copy of the
contract in his working papers.
Audit documentation should include identification of the items tested.
Audit Engagement Developments
268
When a random sample is selected, the documentation should include identifying
characteristics, such as specific invoice numbers of the items selected, and the
listing.
When a scope of items is selected (e.g., all items over a certain amount) the
documentation needs to describe the scope and the listing.
When a systematic sample is selected from a population of documents, the
documentation need only provide an identification of the source documents, the
starting point, and the sampling interval.
Example 2: Mary Auditor is auditing Company X and selecting customer receivables
for confirmation. Mary uses random sampling by selecting 100 random customers from
the accounts receivable aging.
Conclusion: Because Mary is using random sampling, in her working papers, she
should document specific customers and amounts selected for the confirmation, and the
listing from which the customers were selected.
Acceptable documentation would consist of:
“Randomly selected the following 100 customers from the client’s
accounts receivable aging as of December 31, 20XX”
Customer Customer # Balance
Smith 56346 $xx
Johns 34356 xx
Johnson 67894 xx
Etc…….
Total selected for confirmation
$xx
Unacceptable documentation:
“Randomly selected 100 customers off the client’s aging with a total
balance of $xxx.”
The previous example is unacceptable because the sample does not provide a means by which
another party could reconstruct the sample (e.g., selected every fifth customer off the aging,
etc.).
Audit Engagement Developments
269
REVIEW QUESTIONS
Under the NASBA-AICPA self-study standards, self-study sponsors are required to present
review questions intermittently throughout each self-study course. Additionally, feedback must
be given to the course participant in the form of answers to the review questions and the reason
why answers are correct or incorrect.
To obtain the maximum benefit from this course, we recommend that you complete each of the
following questions, and then compare your answers with the solutions that immediately
follow. These questions and related suggested solutions are not part of the final examination
and will not be graded by the sponsor.
1. With regard to hiring and supervising staff, accountants should:
a. Check employee references
b. Emphasize quantity over quality
c. Allow employees to moonlighting
d. Use per-diem employees
2. Which provision, that might assist the auditor in litigation, is required to be included in the
engagement letter:
a. Arbitration clause
b. Limitations for unknown third parties on use or reproduction of the audit report
c. Ownership of workpapers
d. Responsibilities for fraud
3. Which of the following would not generally expose an auditor to a risk from having a
problem client?
a. A planned purchase of long-term assets
b. A change in the client’s management
c. A deterioration in the client’s relationship with the firm
d. The client’s sale of a subsidiary
4. Which of the following liability standards states that only third parties with contractual
relationships with the accountant may bring suit against an accountant for negligence?
a. The foreseeability approach
b. The near-privity standard
c. The privity standard
d. The restatement approach
Audit Engagement Developments
270
5. Under what level of responsibility to third parties can both the third party and the use of the
financial report be unknown to the accountant and that he or she is still responsible to the
unknown party:
a. The foreseeability approach
b. The near-privity standard
c. The privity standard
d. The restatement approach
Audit Engagement Developments
271
SUGGESTED SOLUTIONS
1. With regard to hiring and supervising staff, accountants should:
a. Correct. A common pitfall that continues to expose accountants to loss in litigation
is failure to properly hire and supervise staff. To avoid exposure to loss in
litigation, accountants in hiring and supervising positions should check employee
references.
b. Incorrect. To avoid exposure to loss in litigation, accountants in hiring and supervising
positions should emphasize quality over quantity. A deterioration of quality in exchange
for speed exposes the firm to the risk of errors.
c. Incorrect. Accountants in hiring and supervising positions should prohibit employee
moonlighting. Employees who moonlight may have poorer job performance during the
day and usually do not carry personal liability insurance.
d. Incorrect. Accountants should be aware of the risks of using per-diem employees. Not
checking to ensure that per-diem employees have adequate CPE in the area of the
engagement; not properly overseeing their work; not giving them the same degree of
supervision as other staff; and accepting their bad workpaper habits, are some common
oversights.
2. Which provision, that might assist the auditor in litigation, is required to be included in the
engagement letter:
a. Incorrect. An arbitration clause is not required to be in an engagement letter under
auditing standards. As a matter of good practice, a mediation clause is recommended,
but not an arbitration clause.
b. Incorrect. A provision stating limitations on use or reproduction of the audit report for
unknown third parties is recommended, but not required.
c. Incorrect. A provision stating the ownership of workpapers is recommended, but not
required.
d. Correct. A provision required by SAS No. 99, which might assist the auditor in
litigation, is to state the responsibilities for fraud in the engagement letter.
3. Which of the following would not generally expose an auditor to a risk from having a
problem client?
a. Correct. A planned purchase of long-term assets does not, in and of itself, expose
an auditor to risk of having a problem client.
b. Incorrect. Hiring new management generally does expose the auditor to risk from
having a problem client. An auditor is most vulnerable to being sued when a client hires
new management. When a new manager arrives, he or she may uncover a fraud,
defalcation, or error relating to the previous manager and may hire his or her own
auditor. The result could be a claim against the predecessor auditor.
c. Incorrect. A deterioration in the client’s relationship with the firm is a symptom of a
problem client. In particular a client who does not deliver information timely, fails to
pay the firm on time, and has personal financial pressures, is one that should be
categorized as high risk.
Audit Engagement Developments
272
d. Incorrect. The sale of a business can significantly expose the auditor to risk because the
company may attempt to inflate earnings and equity to increase the sales price.
4. Which of the following liability standards states that only third parties with contractual
relationships with the accountant may bring suit against an accountant for negligence?
a. Incorrect. The foreseeability approach states that the accountant is liable to any
“reasonably foreseeable” third-party recipient of the accountant’s financial report
provided the third party relies on the report for its proper business purpose.
b. Incorrect. The near-privity standard states that three conditions must be met for a third
party with no contractual relationship with the accountant to bring suit against an
accountant for negligence.
c. Correct. The privity (contract) standard states that only third parties with
contractual relationships with the accountant may bring suit against an accountant
for negligence.
d. Incorrect. The restatement approach states that accountants are responsible to third
parties who the accountant expressly knows will be provided with the financial report
and third parties who are members of a limited class of persons to whom the accountant
knows the financial report will be given.
5. Under what level of responsibility to third parties can both the third party and the use of the
financial report be unknown to the accountant and yet he or she is still responsible to the
unknown party:
a. Correct. Under the foreseeability approach, both the third party and the use of the
financial report can be unknown to the accountant.
b. Incorrect. Under the near-privity standard, the accountant must be aware that the
financial report is to be used for a particular purpose and must know who the third party
is and the fact that the specific third party will rely on the accountant’s report.
c. Incorrect. Under the privity standard, to be held responsible, the accountant must have a
contractual relationship with the third party.
d. Incorrect. Under the restatement approach, accountants are required to know the class of
third party, but not necessarily the name of the party.
Audit Engagement Developments
273
XXVI. Efficient Engagements- Reduce Time, Make More Money
Without Increasing Risk
A. Staffing Problems
The AICPA's Private Companies Practice Section (PCPS) published the results of its annual
poll of the Top Ten CPA Firm Issues, which is listed below based on firm size of 6 to 10
professionals.
Top Ten CPA Firm Issues
1. Client retention
2. Retaining qualified staff at all levels
3. Tax complexity and changes
4. The effect of new regulations and standards on small firms
5. Marketing/practice growth
6. Finding qualified staff
7. Client collections
8. Keeping up with standards
9. Keeping up with technology
10. Working/life balance initiatives
Source: AICPA
Items 2 and 6, retaining and finding staff, have been at the top of the list for the past five years
and staffing issues continue to be the number one challenge facing the profession. The staffing
issue, coupled with the pressure to keep up with regulations and standards, make the
engagement efficiency a vital element of any CPA firm's quality control practice.
Another observation made by CPA firms is that the quality of staff is not as extensive as prior
generations thereby making it more difficult to drive performance. Consider some of the
common comments about staff:
Today’s accounting graduate lacks:
Basic writing and math skills
Work ethic needed for many firms to drive through the cyclical seasons of the typical
CPA firm.
What this means is that many firms are unable to generate high production out of staff
members thereby putting pressure on the firm to ensure that engagements are performed
efficiently.
Efficiency Auditing Takes the Pressure Off Staffing Issues
Audit Engagement Developments
274
In general, firms are over auditing, over reviewing and over compiling, resulting in wasted
time that could be used to drive other business or, the ability to perform the same volume of
work with fewer staff. With the expansion of regulations and standards, firms may find their
profit margins being squeezed if they do not make their engagements more efficient.
Dealing with the Challenges of Profit Squeeze
SOLUTIONS
B. Efficiency Auditing
The PCPS Section of the AICPA published a handbook entitled Smarter Audits, which
provides CPAs with ideas on ways to make audits more efficient. Although the majority of the
following suggestions and comments have been developed by the author, several important
ideas were extracted from the PCPS document.
The following are suggestions on how a firm can reduce time and increase audit efficiency:
Manage and train the client and its staff
Weed out unprofitable clients and increase fees
Retain and effectively use staff
Spend more time planning the engagement
Staffing
Shortages
Staffing
salary
increases
PROFIT
SQEEZE
Reduce
Time-
Increase
efficiency
Increase
Fees
80/20
RULE
Audit Engagement Developments
275
Recommend that the client convert to income-tax-basis accrual financial statements,
where appropriate
Recommend that the client switch to a review from an audit, and
Look at specific audit areas for time savings.
1. Managing and training the client
a. Ask the client to perform more PBC (prepared by client) schedules to eliminate
wasted audit time reconstructing transactions.
The client should have a clear due date for the PBCs and a format example.
Do not start the audit until all PBCs are completed.
Note: Some firms charge a separate billing for the accounting work so that the client can see
the impact of having the accountant perform many wasted tasks that could be performed by the
client. Some firms are willing to discount the bill if the client prepares PBCs and reduces the
engagement time.
2. Weed out unprofitable clients and increase fees
Because of staffing shortages, it may make sense to reduce the client base and operate on a
more solid, profitable one.
Statistics show that there is tremendous time savings from performing engagements on repeat
clients where work papers have already been set up and the staff is already familiar with the
industry and client. However, unprofitable clients, particularly those that have year ends
during busy times of the year, may not be worth keeping.
a. Get rid of unprofitable clients:
1) The 80-20 rule applies: 80% of a firm’s business comes from 20% of its clients.
2) Clients that are high-risk, slow paying, high-maintenance, and low-profitability may not
be worth keeping.
3) It may be too time consuming to retain one client who is in an industry within which no
other clients exist.
4) The first clients to go should be those who have year ends at busy times of the year
such as calendar year ends. Firms can generally replace unprofitable year end business
with other more profitable clients.
b. Increase fees: One way to weed out clients is to increase fees, particularly within areas of
recognized expertise. Clearly, the timing of the economy may be a factor in deciding when
you increase fees and weed out clients.
3. Retain and effectively use staff
Audit Engagement Developments
276
The most efficient audits are performed by staff that is already familiar with the client from
performing the engagement in prior years.
a. Firms should retain staff as a means of enhancing client relations and providing significant
audit efficiencies.
b. Clients like to work with the same staff from year to year.
4. Spend more time planning the engagement
Auditors are required to plan the audit. However, in this case, the term “planning” refers to the
process of making sure the pieces work together including staffing, timing, and extent of work
to be done.
a. Successful firms plan the engagement in the following areas:
Plan the audit based on risk and materiality
Allocate hours to spend on each area
Attempt to eliminate duplicate tests, where possible
Develop PBC lists and due dates
Prepare the engagement letter
Prepare a budget
b. Specific planning opportunities:
Focus audit on high risk areas
Complete your work paper review and exit interview prior to leaving the client’s office
Move certain audit work to interim such as receivable confirmations and inventory
observations.
5. Recommend that the client convert to income-tax-basis accrual financial statements
Most closely held businesses focus on tax reduction planning and less on issuing GAAP
financial statements. Consequently, for them, income-tax-basis, accrual financial statements
may be more meaningful.
What is just as important is the significant savings to you, as an auditor. Because OCBOA
statements are not GAAP, the rules of GAAP do not apply. Instead, if income tax basis
statements are prepared, the authority for when to record income and expense is determined by
the Internal Revenue Code, not GAAP. The most common basis to use is income-tax-basis
accrual financial statements since usually the results of operations do not significantly deviate
from operations reported under GAAP.
Audit Engagement Developments
277
Traditional GAAP items you can forget about when using income tax basis statements include:
Deferred income taxes Allowance for bad debts
Accrued vacation pay Different depreciation methods
Investments at market value UNICAP- section 263A adjustment
Impairment of long-lived assets Goodwill amortization
Consolidation of variable
interest entities (VIEs)
The time savings can be significant!
6. Recommend that your client switch from an audit to a review
In limited cases, a review may be more appropriate for a client than an audit, and more
profitable to the CPA firm. Although the billing amount may be lower, the profit on a review
can be much greater than an audit. It is better that an auditor, rather than a competitor,
promotes savings to his or her client.
7. Look at specific audit areas for time savings
The author suggests that firms consider some of the following areas for significant time
savings:
a. Reassess the materiality threshold established for the audit:
Many firms set materiality too low and do too much work based on the assessment.
The rule of thumb threshold is 5-10% of net income or 2-5% of total assets.
b. Streamline the audit program:
Never have any procedure in the audit program that will not be performed.
Do not used "canned" programs which include too many procedures.
c. Replace tests of account balances with analytical procedures in low risk audit areas:
Examples of areas in which analytical procedures can replace typical tests of account
balances include any variable operating expense and those balance sheet accounts that
have low inherent risk (e.g., prepaid and accrued items) such as:
Interest expense as % of average debt
Payroll tax expense as % of gross payroll
Repairs and maintenance as % of fixed assets
Sales returns and allowances as % of sales
Other operating expenses from year to year
Audit Engagement Developments
278
Recurring prepaid expenses and accruals
Observation: Auditors should seriously consider increasing the use of analytical procedures as
effective substantive tests in lieu of tests of account balances. By doing so, audit time can be
significantly decreased without sacrificing the quality of the audit. More importantly,
analytical procedures are extremely effective in uncovering material misstatements.
d. Increase audit work in high-risk areas such as inventories and receivables.
e. Eliminate wasted audit procedures: The following chart presents some of the areas in
which audits waste time.
Audit area Recommended procedure to save time
Cash Eliminate request for cut-off statements. For the first month after the
client’s year end, use the client's bank statement when received and
instruct client to deliver the statement to the auditor unopened, or
inspect the bank statement electronically through the client’s on-line
banking.
Don't confirm bank accounts. Obtain client's bank statement unopened
for the month following the year end and trace the balance into the
bank statement or review the client’s bank account on line in the
presence of the client.
Accounts
receivable Confirm receivables at interim, within one or two months of year end.
Stratify the confirmation population: Send positive confirmations to the
largest customers, negative confirmations to the next largest customers
and eliminate confirmations to the lowest 20% of the balances.
Eliminate confirmations of receivables altogether where, based on
history, results have not been successful and perform alternative
procedures.
Inventories Perform physical observation at interim and roll forward the balance to
year end.
Test a percentage of the valuation using the largest items within the
population and perform analytical procedures such as gross profit test,
number of days, and inventory turnover.
Perform lower of cost of market on the entire inventory and not
individual inventory items
Accounts
payable Generally, do not confirm trade payables. Confirmation usually does
not test for the highest risk which is having unrecorded liabilities.
Search for unrecorded liabilities by examining subsequent cash
disbursements and invoices
Contingencies
and lawyers’
letters.
Do not send lawyers letters for unasserted claims.
Lawyers’ letters should only be sent to confirm the facts of a
contingency that is asserted by management.
Audit Engagement Developments
279
Prepaid expenses
and accruals Test prepaid expenses and accruals analytically instead of testing
account balances.
Do not test details of account balances unless the analytical procedures
result in a significant variance from year to year or from the current
year in comparison with expected amounts.
Expenses Test analytically and avoid an analysis of the account balance unless
analytical procedures indicate a significant fluctuation.
Initially test repairs and maintenance analytically from year to year and,
if possible, avoid examining individual repairs and maintenance items.
Are receivable confirmations required?
SAS No. 67, The Confirmation Process,63
was issued in response to the concerns that the
profession was over-utilizing confirmations as an effective substantive test. Almost a decade
later, it appears that CPA firms continue to misuse and overuse confirmations.
Understanding SAS No. 67 can be an effective tool to reduce audit time.
SAS No. 67 states that confirmations should be used with respect to accounts receivable
unless:
The balance is immaterial.
Audit risk is assessed very low and alternative substantive tests would be adequate to
reduce audit risk.
Use of confirmations would be an ineffective audit procedure.
Example: Based on history, the auditor can expect that response rates will be low.
SAS No. 67 states that there is a presumption that an auditor will request confirmations for
receivables. If he or she does not request confirmations, he or she must document how this
presumption was overcome.
SAS No. 67 stipulates that negative confirmations may not be used unless:
Control risk is set at below the maximum level,
There are a large number of small account balances, and
The auditor believes that the recipients will reply.
63
Effective for years ending on December 31, 2012 and later, SAS No. 67 is replaced with AU-C 505, External
Confirmations.
Audit Engagement Developments
280
Therefore, positive confirmations should be used instead of negative ones for the majority of
the population tested.
With respect to accounts receivable, there is the presumption that the auditor will request
accounts receivable confirmations unless the use of confirmations would be an ineffective
audit procedure. In those cases, accounts receivable confirmations can be replaced with
alternative substantive tests such as:
1. Sales cutoff
2. Examination of certain invoices included in the balances of significant receivables
3. Analytical procedures such as number of days sales and receivable turnover
4. Realization of receivable balances
Avoiding the time trap of prepaid and accrued expenses
Do you want to reduce your audit time but not increase audit risk?
One easy way to do so is to make sure you do not get locked into the time trap of spending too
much time performing detailed analyses of prepaid expenses and accruals. Instead, the auditor
should initially test these accounts analytically from year to year. Only if there is a significant
fluctuation in the prepaid or accrued expense balance from year to year (adjusted for any
expected change), should an auditor spend time with detailed analyses of the prepaid or
accrued account.
Example: Joe Auditor is auditing Company X. X has a prepaid insurance asset on the balance
sheet as follows:
20X2 20X1
Prepaid insurance $20,000 $23,000
Insurance expense 40,000 38,000
Joe’s expectation is that 20X2 insurance expense and prepaid insurance should be similar to
20X1 because there is no indication that there has been a significant change in insurance cost
or coverage from year to year.
Conclusion: Joe can easily test the prepaid insurance and related insurance expense for 20X2
by comparing both the prepaid balance and insurance expense from year to year. Given the
fact that both the 20X2 asset and expense are not materially different from 20X1, there is no
need for the auditor to perform additional procedures, such as tests of the account balances.
Change the facts: Prepaid insurance and related expense are as follows:
20X2 20X1
Audit Engagement Developments
281
Prepaid insurance $5,000 $23,000
Insurance expense 55,000 38,000
Conclusion: In performing an analytical procedure on prepaid insurance and insurance
expense, there is a difference between the accounts from year to year. In fact, it looks like both
the asset might be understated by $18,000 and the expense might be overstated by a similar
amount.
Should Joe perform additional work on the prepaid insurance and expense?
Whether Joe expands his work to perform tests of the account balances is based on whether
any difference (in this case $18,000) might be material to the financial statements. If not, Joe
should pass on further work. If it is potentially material, Joe would perform additional audit
procedures which might include: a) inquiry as to why the accounts have changed, and b) a test
of the account balances such as a calculation of the prepaid insurance and expense.
Observation: The previous example illustrates a typical situation in practice involving a
recurring prepaid asset or accrual. An effective way for an auditor to test all prepaid expenses
and accruals that are recurring (such as prepaid insurance, accruals for payroll taxes,
commissions, interest, etc.) is to test them analytically without engaging in a test of the detail
of the account balance. In performing the analytical procedure, the auditor should test
analytically the balance sheet balance (prepaid or accrual balance) and the related expense
account. If the prepaid or accrual balance, and the related expense account are reasonably
consistent from year to year, the auditor should refrain from performing additional audit
procedures.
Auditing recurring prepaid and accrual accounts, and the related expenses, by testing the detail
of those accounts should be avoided and performed as a last resort only when the results of the
analytical procedures indicate that there might be a material variance.
Having the discipline to avoid detailed audit work in recurring prepaid and accruals items will
save the auditor significant time without increasing audit risk.
XXVII. Assessing Going Concern
The Auditing Standards Board continues to emphasize the importance of assessing going
concern issues in audits. Regardless of the strength or weakness of the economy, companies
go out of business For various reasons many of which are simply self-imposed strategic errors
or business cycles that have matured to extinction.
SAS No. 59, The Auditor's Consideration of an Entity's Ability to Continue as a Going
Concern, provides guidance on evaluating the adequacy of going-concern disclosure in
Audit Engagement Developments
282
audited financial statements. SAS No. 59 is the only authoritative literature for going concern
disclosure.
Continuation of an entity as a going concern is assumed in financial reporting in the absence of
information to the contrary. In an audit engagement, an auditor should assess whether the
entity has the ability to continue as a going concern for one year from the balance sheet date.
Factors that might raise doubts about the ability to continue as a going concern include:
Negative cash flow from current operations or forecasted for the next year
Declining revenues coupled with continued operating losses
Adverse financial ratios such as negative net worth or working capital deficiencies
Loss of major sources of sales such as lost customers, product lines, etc.
Noncompliance with statutory capital requirements
Loan defaults
Preferred dividend arrearages
Lawsuits or loss contingencies such as environmental or uninsured catastrophic events
Loss of key personnel
Unusually liberal credit terms to customers including significant dating of receivables
Company runs tight on its working capital line of credit formulas (e.g., maximum
available line is based on a percentage of eligible inventory and trade receivable.)
If, based on this assessment, there is substantial doubt of an entity's ability to continue as a
going-concern for one year from the balance sheet date, the accountant must seek factors that
mitigate this fact.
Examples of mitigating factors include:
Alternative sources of financing
Management's plan of action, including its forecast for the coming year
Disposition of assets
If management’s plans are based on the success of future normal operations for the coming
year, the auditor should review management’s assumptions used in its forecast and become
satisfied that the forecast results are achievable based on past experience with differences
properly substantiated.
If management plans to dispose of certain assets or consummate a single event (e.g., sign up a
major customer or develop a new product line), the auditor must consider whether there is
adequate evidence that currently exists to support the claim that it is more likely than not that
management will be successful. The concept of more likely than not means that there is more
than a 50% likelihood of success.
If, after seeking mitigating factors, the auditor still believes there is still substantial doubt,
SAS No. 59 requires a disclosure and an audit report modification as follows:
Audit Engagement Developments
283
Separate paragraph in the audit report:
As discussed in Note A, the Company has suffered continued losses from operations
and, at December 31, 20XX, has a deficiency in stockholders' equity. These factors
raise substantial doubt about the Company's ability to continue as a going concern.
Management has a plan of action that is described in Note A. The financial
statements do not reflect any adjustments that might result from the outcome of this
uncertainty.
Note: SAS No. 77 amends SAS No. 59 to preclude the auditor from using conditional
language in the report when identifying a going concern issue.
SAS No. 77 and 59 will be replaced with a new auditing standard, scheduled to be issued as
AU-C 570, Going Concern, as part of the Clarity Project.
XXVIII. The Risk of Vicarious Liability Among CPA Firm Alliance
Its is quite common for CPA firms to join affiliated groups of firms otherwise called alliances.
In doing so, smaller or regional firms can reap the benefits and economies that inure from
having an alliance umbrella under which to operate.
Typically such alliances share common benefits that include:
Maintenance of a uniform quality control system including monitoring and peer review
Discounts on purchases of insurance and other services
Ability to receive higher-level technical and managerial expertise
Use of a common trade name or logo
Ability to maintain a collective marketing and public relations campaign
Access to international business and expertise, and
Fee-sharing arrangements, including referral and other fees.
Court decisions have called into question whether such firm alliances are actually operating as
one firm for liability purposes. If so, there is the risk that the liability of one affiliated firm that
is sued may become the liability of all firms in the alliance under the concept of vicarious
liability.
Two cases have brought the concept of vicarious liability among CPA firms to the forefront:
Nuevo Mundo Holdings v. PricewaterhouseCoopers, and the Parmalat Securities Litigation
Case.
The doctrine of vicarious liability involves assigning one party’s liability to another party.
Audit Engagement Developments
284
The Mundo case
The Mundo case involved shareholders and directors of Banco Nuevo Mundo S. A, a Peruvian
bank, who brought suit against the New York City offices of Pricewaterhouse Coopers (PWC)
and Arthur Andersen, LLP (Andersen)(prior to its demise). The claim was that two Peruvian
accounting firms issued an audit report on fraudulent financial statements.
PWC and Andersen were sued under the theory of vicarious liability with the claim that the
two Peruvian accounting firms operated under the control of PWC and Andersen by using the
same brand name.
The Court held that PWC and Andersen had no vicarious liability simply by using the same
brand name. Factors the Court noted that must be present to have vicarious liability include:
a. A principal/agency relationship including control
b. An alter-ego relationship, including piercing the corporate veil, or
c. A partnership or joint venture
The Court concluded that none of the three criteria were present and that PWC and Andersen
had no vicarious liability with respect to the actions of the two Peruvian firms.
An important point is that the fact that a joint logo was used by the firms was not enough to
assign vicarious liability to PWC and Andersen.
The Parmalat case
Although the Mundo case was important, it pales in comparison to the Parmalat case.
Background:
Parmalat SpA was one of Italy’s largest dairy conglomerates, known for long shelf-life milk.
Details related to Parmalat follow:64
In the 1990s, Parmalat expanded its operations financed largely by debt.
Its expansion into South America was problematic and resulted in significant
losses and negative cash flow.
Parmalat’s CEO and his family diverted funds from the company.
64
Court Filing dated June 28, 2005, Master Docket 04MD 1653 (LAK)
Audit Engagement Developments
285
Parmalat used off-shore entities to hide its losses and create an appearance of financial
health and stability. One such transaction involved a fictitious sale of powdered milk to
Cuba for $620 million. In another transaction, inter-company debt was transferred to
Parmalat’s Brazilian affiliate.
Parmalat continued to borrow funds to service its losses and debt service.
Grant Thornton- Italy (GT-Italy) was Parmalat’s auditor through 1999.
Starting in 2000, as required by Italian law, Parmalat was required to change auditors
and hired Deloitte & Touche, S.p.A. (Deloitte Italy) to perform the audit.
In late 2003, Parmalat defaults on its debt and files for bankruptcy.
Italian authorities indicted Parmalat executives, Deloitte Italy and certain partners of
GT-Italy.
It was later discovered that Parmalat had committed a massive fraud that involved the
understatement of $10 billion of debt and an overstatement of its net assets by $16.4
billion.
Subsequent to Parmalat’s demise, investors in Parmalat filed a class action suit against
Deloitte Italy, GT-Italy, as well as Deloitte & Touche USA and Grant Thornton, LLP
(GT-USA).
The vicarious liability claim again Deloitte & Touche USA and Grant Thornton USA:
The investors in Parmalat brought claims against the United States arms of Deloitte & Touche
and Grant Thornton under the theory of vicarious liability. That is, the investors claimed that
the relationship between Deloitte & Touche USA (DT USA) and Grand Thornton USA (GT
USA) with their respective Italian affiliates was such that the U. S. arms should be liable for
the actions of their Italian counterparts.
DT USA and GT USA disagreed based on the argument that they were separate from their
Italian affiliates and could not be responsible for their actions.
Factors considered in deciding whether DT USA and GT USA had vicarious liability in this
case included:
a. Agency relationship: Whether the Italian affiliate was acting as an agent for the U. S.
principal firm which actually had control over the Italian affiliate.
b. Alter ego: Whether the Italian firms were essentially the same as the U. S. affiliates
and an instrument of the U. S. affiliates, or
Audit Engagement Developments
286
c. Partnership or joint venture: Whether both firms were acting like a partnership or joint
venture in terms of profit sharing, mutual control, and holding themselves out as a
partnership.
Agency relationship:
In general, in order for there to be a principal-agent relationship, there must be several
elements that include:
a. An understanding that the agent acts on behalf of the principal.
b. The agent’s acceptance of the undertaking, and,
c. An understanding that the principal is in control of the undertaking.
The key factor is control and whether the principal has control over the actions of the agent.
The court held that there was an agency relationship between DT USA and DT Italy, and
between GT USA and GT Italy. Evidence supporting the court’s finding included that DT
USA demonstrated that it controlled DT Italy in several instances:
a. When it removed an auditor from the Parmalat audit in Brazil when there was a
disagreement between that auditor and an DT Italy auditor over the transfer of inter-
entity debt.
b. There was managerial overlap with several top executives of DT Italy also executives of
DT USA.
GT USA demonstrated control over GT Italy when it had disciplined partners at GT Italy and
ultimately expelled GT Italy from the GT alliance.
Alter-ego:
The concept of alter-ego is that one entity is operating as an extension of the other and that the
form (two legal entities) is really that of one firm. It implies that one entity has been so
dominated by the other that the second entity should be disregarded altogether as it is
transacting business on behalf of the dominator’s business and not its own.
The criteria for “piercing the corporate veil” are consistent with those used to support that an
alter-ego exists. Factors used to argue that one entity is merely the alter ego of the other
include:
Failure to adhere to corporation or other formalities
Intermingling of funds
Overlap of ownership, staff and directorship
Common use of office space
Audit Engagement Developments
287
Whether the dealings between the entities were arms length
Whether the entities are treated as separate profit centers
The Court held that DT Italy and GT Italy were not alter egos of DT USA and GT USA as the
factors did not support such a conclusion. In general, the Italian affiliates did operate
independently from the U.S. affiliates in terms of having their own staffing and office space.
Moreover, each of the Italian affiliates was appropriately capitalized and followed formalities
of independence.
The Court also noted that the relative size of GT USA versus GT Italy should not be a factor in
determining whether GT Italy was the alter ego of GT USA.
Partnership-joint venture:
Typically, in order for there to be a claim that a partnership or joint venture exists among
entities, several factors must be present:
a. There must be a sharing of profits and losses
b. Joint control and/or management of the business
c. Contributions of property, knowledge or other resources by each party
d. The intention to be partners.
Emphasis is placed on the first two factors:
the sharing of profits and losses, and
some sort of control by the parties.
The definition of control is “the power to direct or cause the direction of the management and
policies of a person, whether through the ownership of voting securities, by contract, or
otherwise.”65
The court held that DT USA and GT USA did not have a joint venture or partnership with DT
Italy and GT Italy, respectively. Although there was some sharing of profits and losses
between DT USA and DT Italy, there was no mutual control.
What conclusions can be reached about vicarious liability among alliance firms?
Firms need to be very careful how they conduct business among themselves to ensure they
operate separate of each other.
Key points to remember in a firm alliance:
65
As cited in the Parmalat case: First Jersey Sec. Inc. 101 F. 3d at 1472-73.
Audit Engagement Developments
288
1. Firms should be careful not to exert control over each other. A member of an alliance that
dominates others may be liable for liabilities of the other firms in that alliance.
2. Firms that share profits within an alliance risk being considered a joint-venture or
partnership under which all members are jointly and severely liable.
3. Appearance is everything. Firms should consider how they hold themselves out to third
parties.
4. Firms within an alliance should minimize overlapping management.
Does the mere use of a common trade name or logo or joint marketing program expose
firms within an alliance to vicarious liability?
No. In the Parmalat case, the court was quite clear that the mere use of a joint-logo was not, in
and of itself, sufficient to assign vicarious liability. Common marketing campaigns will not
result in liability. Although in the Parmalat case, there was no suggestion that appearance of
how the firms conducted themselves to the public was an important factor. The fact that the
firms used the terms “global” and “worldwide” was no more relative to the outcome of the
case, than the appearance of disclaimers placed on web sites and other marketing literature
stating that there was no affiliation. Nevertheless, it would seem prudent for firms to avoid
using any language that would suggest that the firm members are partners.
XXIX. Advising Clients on Insurance- Auditor’s Responsibility
After several years of continued increase in insurance rates, rates in 2011 into 2012 have been
stable due to the fact that these years were relatively quiet years for natural disasters.
Nevertheless, insurance costs are not coming down and represent a significant cost to all
businesses. One major hurricane or terrorist attack will turn rates upward making it difficult for
companies to manage the cost of insurance and its related risk.
Here are the facts that have been published in the financial press and in insurance industry
studies:
1. Ten years later, insurers and reinsurers continue to amortize the losses related to the
September 11 terrorist acts, as well as losses from Hurricane Katrina and other natural
disasters.
2. Insurers are still experiencing losses due to a decline in investment income from the stock
market.
Audit Engagement Developments
289
3. Insurance companies are still experiencing the results of a decade of pricing wars during
which the average insurer was paying out more than 100 percent of premiums received.
4. Insurance carriers exclude terrorism coverage from their base coverage.
a. A poll conducted by Lloyd’s of London shows:
66% of CFOs in the United States believe their companies’ domestic assets are
more of a target than their assets overseas.
64% of CFOs have little or no confidence in the insurance industry’s ability to
offer a comprehensive package to protect against future terrorist attacks.
Having adequate business interruption insurance appears to be the primary focus
among companies in dealing with future terrorist acts.
Why should the auditor care about increasing insurance costs?
Because of the sizeable increases in insurance rates, some companies are either cutting
insurance coverage or self-insuring for certain aspects of insurance coverage. These changes
place companies at greater risk that a calamity could adversely affect their business and, in
some cases, result in their demise.
But, is an auditor responsible for the adequacy of a client’s insurance coverage?
The answer is no. An auditor has no responsibility to assess the adequacy of a company’s
insurance coverage unless substandard coverage is a symptom of a reportable condition in
internal control. That is, a company has a weakness in its internal control by not properly
assessing the adequacy of its insurance coverage.
Does the auditor have any responsibility to review a client’s insurance coverage?
There is no formal requirement that an auditor or accountant assess the adequacy of insurance
of a company. In fact, there is no disclosure required for companies that self-insure.
ASC 450, Contingencies (formerly FASB No. 5), references this issue:
“The absence of insurance does not mean that an asset has been impaired or a
liability has been incurred at the date of the enterprise’s financial statements. Fires,
explosions, and other similar events that may cause loss or damage of an
enterprise’s property are random in their occurrence… An enterprise may choose
not to purchase insurance against risk of loss that may result from injury to others,
damage to the property of others, or interruption of its business operations.
Exposure to risks of those types constitutes an existing condition involving
uncertainty about the amount and timing of any losses that may occur, in which case
Audit Engagement Developments
290
a contingency exists. Mere exposure to risks … does not mean that an asset has been
impaired or a liability has been incurred.”
ASC 450 indicates that un-insured or under-insured property represents a contingency. Under
ASC 450, a loss contingency is accrued only when it is probable that the loss will be incurred
and the amount of loss can be reasonably estimated. A loss contingency is disclosed, but not
accrued, if it is reasonably possible that the loss will be incurred. Where it is remote that the
loss will be incurred, no loss is disclosed or accrued except for a few exceptions, none of
which includes insurance contingencies.
The fact that a company is underinsured or uninsured represents a contingency that is remote in
likelihood of occurrence and not required to be disclosed.
Thus, an auditor has no responsibility to consider the adequacy of the insurance because there
is no GAAP-related disclosure of liability applicable to the under or un-insurance. However,
an auditor can review the insurance outside the scope of the audit as part of a consulting
engagement.
XXX. Auditing Lease Agreements
Over the past few years, tenants started to evaluate the costs of their real estate leases. That
trend has continued as a growing number of tenants are hiring firms to conduct lease audits.
The focus of such audits is to compute the accuracy of common area maintenance (CAM)
charges allocated to tenants. More tenants are including a provision in their leases that gives
them the right to conduct such audits. In high demand markets, such as Boston and New York
where lease prices are high even in a soft economic climate, unreasonable CAM charges can
drive the effective rent cost to unreasonable levels. One particular problem is where there are
fewer tenants and landlords attempt to allocate fixed CAM charges over the remainder tenants,
resulting in higher CAM charges per tenant.
According to one article,66
Real Estate Resource Group LLC in Washington DC has about
2,260 lease audits nationwide, which is nearly double what it had a few years earlier. Equis
Corp., a Chicago real-estate services firm has done about 40% more audits now than it did a
few years ago. The Big Four also are conducting these audits. Yet, most smaller and middle-
sized CPA firms are not aggressively performing these audits.
Some key observations about these audits include the following:
1. For most companies, rent expense is the second largest expense after payroll.
66
Wall Street Journal: Office Tenants Are Auditing Books of Landlords to Find Overcharges
Audit Engagement Developments
291
2. Common problems found in such leases include:
Landlords with significant vacancies are trying to pass on the entire CAM charges to a
smaller number of tenants occupying the building.
Landlords who charge tenants an estimate of CAM charges are sending improper actual
settlements after year end.
Landlords are passing along the entire cost of new equipment in one year.
Landlords are charging tenants for capital improvements that should not be charged at
all such as elevators and energy-efficient systems.
CAM charges are increasing because of security costs required for the building.
Landlords with multiple properties are erroneously allocating insurance costs (including
umbrella policy costs) among properties.
Landlords are charging arbitrarily high management fees to manage the building.
Landlords are not passing along the credit from real estate tax abatements to tenants.
Landlords are misallocating CAM charges among tenants and, in some cases, are
charging total CAM charges aggregating more than 100 percent.
What’s wrong with the following language found in a commercial triple-net lease?
Audit Engagement Developments
292
Commercial Lease Excerpt
Extended Term Common Area Maintenance Charges. Throughout the Lease Term, Tenant shall pay to
Landlord, as Additional Rent, Tenant’s pro rata share of the Common Area Maintenance Charges (hereafter,
“CAM Charges”) (as hereafter defined). CAM Charges shall be paid in equal monthly installments in the
same manner as Base Rent within seven (7) days after receipt of Landlord’s bill thereof.
Notwithstanding the preceding sentence, if requested by Landlord, Tenant shall make estimated payments of
CAM Charges as hereinafter provided. If Landlord is to require estimated payments of CAM Charges during
any year of the Extended Term, Landlord shall provide Tenant with a good faith estimate of Tenant’s pro-
rata share of total annual CAM Charges for each calendar year and/or fiscal year during the Extended Term.
After receipt of such estimate, commencing with the next date upon which the payment of Base Rent is due
under this Lease, Tenant shall pay to Landlord a monthly installment equal to one-twelfth (1/12) of Tenant’s
pro-rata share of total annual CAM Charges as estimated by Landlord. Landlord may reasonably adjust the
amount of such installments from time to time by written notice to Tenant.
If Landlord requires estimated payments of CAM Charges as provided herein, after year end Landlord shall
furnish Tenant with a statement of the actual amount of Tenant’s pro rata share of CAM Charges for the
Building for the prior calendar year. (1) If the estimated amount of Tenant’s CAM Charges for the prior
calendar year is more than the actual amount of Tenant’s CAM Charges for the prior calendar year, Landlord
shall refund any overpayment to Tenant. If the estimated amount of Tenant’s CAM Charges for the prior
calendar year is less than the actual amount of CAM Charges for such prior calendar year, Tenant shall pay
Landlord, within thirty (30) days after its receipt of the statement, any underpayment for the prior calendar
year.
For the purposes hereof, Tenant’s pro rata share of CAM charges shall be equal to greater of a) 11.42%, or b)
the ratio of 8,550 square feet to the total amount of interior space actually leased (based on Exhibit A),
calculated on a weighted-average basis on an annual basis. (2)
The terms “Common Area Maintenance Charges” and “CAM Charges” as used in this Lease shall mean all
costs incurred by Landlord in the operation, repair, replacement, maintenance, management, and monitoring
of the Building, including, but not limited to the following: (a) the cost of all utilities, including, but not
limited to, electricity, heat, gas, water, and sewerage; (b) the cost of the Landlord's insurance applicable to
the Building, and its occupancy or operations, including a pro-rata share of the cost of an umbrella liability
policy (3) (c) the percentage of those wages and salaries of all persons directly or indirectly engaged in the
operation, repair, replacement, maintenance and monitoring of the Building, including, if applicable, social
security taxes, unemployment taxes, hospitalization insurance and other normal employee benefits relating
thereto as are paid to or on behalf of such persons for their work applicable to the operation, repair,
replacement, maintenance, management, administration and/or monitoring of the Building; (4) (d) the cost of
all supplies and materials used in the operation, maintenance, repair, administration and monitoring of the
Building; (e) the cost of all contract labor, maintenance and service agreements relating to the operation,
maintenance, repair and monitoring of the Building; (f) management fees and the cost of management
contracts relating to the Building (5) (g) real estate taxes and any other charges assessed against the Building
or the land on which it is situated (6) (h) personal property taxes, if any, assessed with respect to equipment
and other property used solely in connection with the operation, repair, replacement, maintenance,
management, and monitoring of the Building; (i) capital expenditures (7) and (j) license, permit, and
inspection fees applicable to the Building in general.
Audit Engagement Developments
293
Comments on the above language:
An accountant or auditor can assist a client with reviewing the above lease and possibly
auditing it.
Provisions in the above lease that should not have been included, from the tenant’s
perspective, are numbered as follows:
1. There should be a provision giving the tenant the right to audit the CAM charges.
2. The ratio of CAM charges should be based on the ratio of 8,550 square feet (leased
space) to the total available interior square feet regardless of whether it is rented. By
including language “total amount of interior space actually leased,” the tenant pays for
a pro rata share of CAM charges for space that is vacant.
3. The insurance should not include a pro rata share of umbrella policy insurance as this is
an indirect cost.
4. The labor portion of CAM charges should be limited to only those persons “directly”
involved in the management and maintenance of the property, and should exclude
indirect persons and persons involved in administration. Otherwise, this provision
permits the landlord to charge a portion of indirect G&A costs related to accounting and
bookkeeping functions to the tenants. Similarly, supplies should be limited to direct
supplies, and should not include supplies related to administration.
5. The management fees clause is open-ended and permits the landlord to charge itself
higher management fees than are reimbursed through CAM charges. The lease should
state that management fees are either fixed or based on a measurable amount (e.g., 5%
of gross collected rental income). Alternatively, reference can be made that all
management fees must be at market value.
6. Real estate taxes should be net of abatements. Further, there should be a requirement
that the landlord file for an abatement annually.
7. CAM charges should not include the total cost of capital expenditures. Instead, these
charges should be amortized into CAM charges over a period of time such as the
depreciable or other life.
How can accountants assist their clients with leases?
1. Accountants have a great opportunity to offer a lease audit service to their clients.
The service can be either in the form of auditing one financial statement element (rent
expense), or performing an agreed-upon procedures engagement.
Audit Engagement Developments
294
2. Accountants can assist clients in negotiating or renegotiating their leases.
Key provisions to include in leases include:
Defining the type of capital improvements that are charged to tenants.
Requiring CAM charges to include the amortization of qualifying improvements over a
certain minimum period of time, not in one year.
Capping the total CAM charges that can be charged to the tenant.
Limiting the allocation of CAM charges based only on costs related to space rented.
Fixing the amount of management fees that can be charged in CAM charges.
XXXI. Practice Issues Relating to Auditing
A. Engagement Letter:
Question: Must an engagement letter be obtained for an audit?
Response: SAS No. 108, Planning and Supervision, requires that an understanding of the
nature and terms of the engagement with the client be in writing. Thus, an engagement letter
is required.
Prior to the issuance of SAS No. 108, its predecessor, SAS No. 83 permitted the understanding
to be achieved verbally or in writing. SAS No. 108 eliminated the option of obtaining the
understanding verbally and now requires it to be in writing.
Question: Must an engagement letter be signed by the client?
Response: No. SAS No. 108 requires the understanding to be in writing, but does not
require that it be signed by the client. Therefore, an accountant could send a client a one-way
written communication, summarizing the terms of the agreement, and not require that the
client sign that communication. Obviously, one-way communication is risky because
subsequently to the engagement being performed, the client could disavow that he or she
agreed with the terms of the letter.
B. Inventories:
Facts: A company's year end is December 31. The company has always taken one physical
inventory per year on September 30. At year end, the inventory is adjusted using an estimated
Audit Engagement Developments
295
gross profit. Perpetual inventory records are maintained. Joe CPA observes the physical
inventory on September 30 and tests the valuation at December 31 calculated on the gross
profit method.
Question: May the auditor rely on his interim observation as adequate evidence for supporting
the year end inventory valuation?
Response: SAS No. 1, Receivables and Inventories, states:
“When the well-kept perpetual inventory records are checked by the client
periodically by comparisons with physical counts, the auditor's observation
procedures usually can be performed either during or after the end of the period
under audit......It will always be necessary for the auditor to make, or observe, some
physical counts of the inventory and apply appropriate test of intervening
transactions.”
Therefore, it would appear that the above auditing procedures would be adequate.
C. Confirmation Procedures:
Question: Historically, auditors have had difficulty obtaining confirmation replies from large
corporations and government organizations. What audit procedures should be used in this
situation?
Response: In this situation, the auditor has no choice but to perform alternative auditing
procedures including, but not limited to:
Examination of invoices included in the aging
Collection of the receivable balances (realization test)
Test of sales cutoff
Analytical procedures
Confirmation of bank loans/capital lease obligations:
Question: It is often difficult for banks to confirm loan balances. This includes the balance on
a capitalized lease obligation. What alternative procedures should be performed?
Response: While the debtor may not be able to calculate the loan or obligation balance, there
are details that the debtor may confirm from which the auditor can adapt. For example, a bank
can confirm the original loan balance and terms. From this, the auditor can "roll forward" the
balance from the previous year's balance. This would be deemed an acceptable auditing
procedure.
Using postage-paid return envelopes:
Audit Engagement Developments
296
Question: Does GAAS require that an auditor use postage-paid return envelopes for positive
confirmations?
Response: No. GAAS does not require the use of return envelopes; however, in practice, most
auditors use return envelopes to facilitate responses.
D. Auditing Cash:
Question: Most major banks will not confirm cash balances using the standard bank
confirmation. What options does an auditor have in verifying the cash balance from the third
party bank?
Response: Assuming cash is material, an auditor can use alternative procedures to confirm the
cash balance.
One is for the auditor to request that the client give the auditor the end of year bank statement
directly unopened. The auditor can make a copy of the statement and give the statement back
to the client to complete the year-end bank reconciliation. Some commentators believe that
receiving the bank statement from the client is subject to client manipulation of the bank
statement before it is given to the auditor. The reality is that if the client opens the bank
statement before handing the statement to the auditor, the auditor will know that the glued seal
on the envelope has been broken.
A second option is for the auditor to ask the client to pull up the electronic bank statement on
line at the bank’s web site in the presence of the auditor. At that point, the auditor can inspect
the electronic bank statement on line, and print out a copy of the bank statement and any
canceled checks directly from the bank’s web site.
Question: How important is it to ask for cutoff bank statements at year-end in order to clear all
items in the client's year-end bank reconciliation?
Response: In general, most banks will not send cutoff statements and, if they do, the timing
of receipt of the statement may be too late relative to the timing of the audit engagement.
An alternative to receiving a cutoff statement is to ask the client to deliver the next bank
statement after year end to the auditor unopened. For example, if an audit is conducted as of
December 31, instead of asking for a cutoff statement as of January 15, the auditor should wait
and receive the January 31 bank statement directly from the client unopened. How does the
auditor know that the client did not open the statement? It is quite obvious. With most bank
statements, once the statement is opened, the envelope flap is altered because of the strong glue
that is used to secure the seal.
Another option is for the auditor to ask the client to go on-line and look up the bank account
directly on the bank’s web site. At that time, the auditor can review checks clearing after year
end.
Audit Engagement Developments
297
Question: What alternative procedures might an auditor use to verify endorsements on checks
when the client’s bank does not return canceled checks with the bank statements?
Response: Verifying endorsements on the back of canceled checks is not a required auditing
procedure. Yet, an auditor may decide that this procedure is necessary given his or her
assessment of inherent and control risk. As a general rule, if the auditor is simply testing a
bank reconciliation, the need to verify endorsements on the back of canceled checks is usually
not required and beyond the scope of the audit objective. If, however, the auditor seeks the
endorsements as a part of a compliance test to reduce control risk or other audit procedure, the
auditor can apply the following additional procedures:
a) Ask the client to go directly the bank’s web site and pull up the electronic version of the
bank account. From there, the auditor can select canceled checks and inspect the
endorsement on the bank of those selected checks.
b) Select the checks and order copies of those canceled checks directly from the bank.
Note: You should expect that the bank will charge the client a fee for sending or
photocopying the checks. Further, it is likely that the bank will take 30 to 60 days to send
copies of the checks. This time delay should be factored in when planning the audit.
Observation: With the use of on-line banking, the need for an auditor to confirm bank account
balances and obtain cut-off bank statements is passé. The author believes the most effective
approach for an auditor (and one that saves administrative time) is for the auditor to ask the
client to go on-line and open the bank account and allow the auditor to inspect the bank
statement(s), canceled checks and other transactions. One key point to consider is that most
banks retain only 18 months of bank statements on line. That means that it is critical that the
auditor make sure that he or she is within the 18-month window to retrieve on-line electronic
bank statements. For most audits that are performed within three or four months of year end,
the auditor could be required to go back a total of 15 to 16 months (12 months plus three or
four months after year end), so that there should be no problem obtaining all on-line electronic
bank statements.
However, if the audit engagement is delayed for whatever reason, the auditor may wish to
perform the on-line banking procedures early in the auditor or risk that the 18-month window
for reviewing bank statements on-line is not closed.
E. Auditing Cash Basis Financial Statements:
Facts: An auditor is auditing the financial statements of a company that reports on the cash
basis of accounting. The Company has material balances in its trade receivables or payables,
both of which are not presented on the cash basis balance sheet.
Audit Engagement Developments
298
Question: Does GAAS apply? What auditing procedures should the auditor conduct with
respect to the receivables and payables?
Response: GAAS applies to GAAP statements as well as those statements prepared on an
other comprehensive basis of accounting (OCBOA statements) such as cash basis financial
statements. Because the receivables and payables are not presented on the balance sheet,
confirmation or the conducting of other substantive tests is not required. With respect to the
completeness of revenue and expenses, they can be tested via cash receipts and disbursements.
Therefore, again, no substantive tests are needed with respect to receivables and payables. The
exception may be where the auditor believes that confirmation is needed for the auditor to
comply with SAS No. 99, Consideration of Fraud in a Financial Statement Audit, whereby the
auditor establishes control risk at maximum and he/she is concerned about the possibility of
fraud.
F. Legal Letters:
Facts: As part of her audit, Mary Auditor, CPA examines legal and accounting expense. She
notices several invoices were paid as follows:
Billy Slime, Esq. Legal work-uncollected accounts receivable
Johnny Plaid, Esq. Patent work
Dewey, Charge and Howe Estate planning work in connection with revision of
Attorneys at Law shareholder stock redemption agreements
Robert Arsenalt, Esq. Legal fee in connection with bail out of owner's son
from drug dealing and car theft
Mary asks the client to prepare four legal letters for the above. The client's controller, Bill
Salami doesn't want to send out the letters because each lawyer charges $300 for a reply. He
further states that there are no unasserted claims and assessments against the company.
Question: Should Mary send out legal letters to comply with GAAS?
Response: Probably not. Lawyers generally charge for the time spent on responding to legal
letters. This practice has brought to the forefront the issue of when an auditor must obtain
legal letters to comply with SAS No. 12, Inquiry of a Client's Lawyer Concerning Litigation,
Claims, and Assessments67
, and when, such responses are meaningful.
SAS No. 12 requires that a letter of inquiry be sent only to those attorneys with whom it is
apparent management consulted regarding litigation, claims, and assessments. The initial
evidence for this is obtained from inquiry of management and by reviewing invoices and files
(e.g., analyzing legal expense). Only upon obtaining initial evidence of possible litigation,
claims or assessments should the auditor request that management send a legal letter to those
67
Effective December 31, 2012, SAS No. 12 is replaced with AU-C 501, Audit Evidence- Specific Considerations for
Selected Items.
Audit Engagement Developments
299
attorneys involved. If a legal letter is not sent, it may be prudent for the auditor to include
language in the management representation letter stating that no attorney was consulted with
regard to litigation, claims and assessments.
Example of language to include in management's representation letter:
"We are not aware of any pending or threatened litigation, claims, or assessments or
unasserted claims or assessments that are required to be accrued or disclosed in the
financial statements in accordance with ASC Topic 450, Contingencies (formerly
FASB No. 5), and we have not consulted a lawyer concerning litigation, claims,
or assessments."
G. Unusual Reporting Issues:
Question: If an auditor is engaged to conduct a review, is he or she permitted to perform
selected auditing procedures and still issue a review report?
Response: Yes. Performing certain audit procedures, such as confirmation of receivables or
observation of inventory, may be requested by clients in connection with a review engagement.
The accountant must still issue a review report because audit level assurance has not been
obtained on the financial statements taken as a whole.
In addition, when an accountant, in connection with a compilation or review engagement, plans
to perform procedures that are customarily applied during an audit, he or she may wish to place
additional importance on whether a written engagement letter should be obtained from the
client. (See Interpretation No. 3 of SSARS No. 19, Compilation and Review of Financial
Statements for further guidance.)
Furthermore, in using confirmation requests or other communications in a review engagement,
the accountant should not use phrases such as "part of an audit of the financial statements."
Instead, recommended language might look like this:
As part of our review (compilation) of the financial statements of XYZ Corporation
for the year ended December 31, 20XX, we request that you confirm the following
information.......
Question: What are the procedural and reporting considerations in an audit engagement when
the auditor does not have the appropriate level of assurance on the opening financial statement
balances? An example is where an auditor audits financial statements covering a period in
which he or she did not observe the opening physical inventories.
Response: Although the auditor may not have observed the beginning inventory or audited
other accounts, he or she may, nevertheless, be able to become satisfied as to such prior
balances by applying alternative procedures such as testing prior transactions, review of the
Audit Engagement Developments
300
records of prior counts, application of gross profit tests, etc. If comfort can be obtained, the
auditor can issue an unqualified opinion on all financial statements for that period.
If, however, the auditor cannot obtain comfort on the opening balances by applying alternative
procedures, the auditor may do the following:
Option 1: Perform a balance sheet only audit for the current year, or
Option 2: Express an unqualified opinion on the current balance sheet, and a qualified
opinion or disclaimer on the other financial statements (e.g., income statement, cash flow
statement, statement of equity).
Note: Effective December 31, 2012, the term “unqualified opinion” is replaced with the term
“unmodified opinion.”
Question: May an auditor audit the balance sheet and review the income statement, statement
of cash flows, and statement of retained earnings?
Response: There is no specific literature that prevents an auditor from doing this. AU sec.
508.05 permits an auditor to express an opinion on one financial statement and express a
qualified, adverse or disclaimer opinion on other statement(s) if the circumstances warrant.
Further, this section does not specifically permit or prohibit the audit of one statement and the
review or compilation of the other(s).
This situation could be somewhat effective where an auditor has a scope limitation relating to
the opening balances. Instead of issuing a qualified or disclaimer opinion on the statements of
income, cash flow and retained earnings, the auditor may wish to issue a review report to
provide the client with some level of assurance. However, the auditor must be careful that the
third party user and client are not confused about the two levels of service.
XXXII. Reaudit Engagements
There have been an increasing number of requests for reaudits (audits of financial statements
previously audited by another auditor). What is the impact of this trend on the applicability of
SAS No. 84, Communications Between Predecessor and Successor Auditors68
?
In a reaudit, the guidance of SAS No. 84 should be followed:
1. The successor auditor should inform the predecessor auditor that he or she has been
engaged to perform a reaudit.
68
Effective December 31, 2012, SAS No. 84 is replaced by AU-C 510, Opening Balances-Initial Audit Engagements,
Including Reaudit Engagements.
Audit Engagement Developments
301
2. The successor auditor may request access to the predecessor's working papers however,
the predecessor should consider the risk associated with future litigation.
3. The successor auditor should not assume responsibility for the work of the predecessor
auditor or issue a report that divides responsibility for the audit.
4. The successor auditor should plan and perform the reaudit in accordance with GAAS.
XXXIII. Effectively Using Dual Dating of Reports
In many instances, the auditor may have completed all field work except for information
relating to a subsequent event. In this case, the auditor should consider dual-dating his or her
report in accordance with AU Section 530, Dating of the Independent Auditor's Report.
There are two types of subsequent events to which dual-dating may be appropriate:
a. Events subsequent to year-end that provide additional evidence concerning conditions
that existed at year-end. An adjustment may be required at year-end.
Example: An auditor awaits the receipt of a waiver of a debt covenant violation. The
auditor would date his or her report as of date of completion of the audit except for a
dual-dating with respect to the subsequent event (covenant violation waiver).
Example: A large receivable outstanding at year-end is potentially uncollectible. The
auditor waits until the client receives payment prior to issuance of the financial
statements.
b. Events subsequent to year-end that did not exist at year-end. There may be a required
disclosure, but no adjustment.
Example: Sale or purchase of business after year-end but before issuance of the financial
statements and report thereon. (A disclosure is required.)
Assume the report date is February 23, 20X1, which is the date on which the auditor
obtained sufficient appropriate audit evidence to support the audit opinion.
Example of dating:
February 23, 20X1 except for Note 4, as to which the date is March 17, 20X1
Audit Engagement Developments
302
As an alternative, the auditor can use the later date (March 17, 20X1) for his or her report.
However, the auditor will be responsible for potential subsequent events relating to the entire
set of financial statements up to March 17, 20X1, rather than February 23, 20X1.
Further, dual-dating does not apply in the case where an auditor has obtained sufficient audit
evidence except for one particular procedure. This is not deemed to be a subsequent event to
which dual-dating is appropriate.
Example: An auditor obtains all of her audit evidence on March 3 except she is waiting for a
securities confirmation that isn't received until April 17. Dual-dating is not appropriate and
therefore, the auditor should date her report as of April 17.
XXXIV. Changing Auditors
In cases where there is a change in auditors, the auditors find themselves either as predecessor
or successor auditors and must follow the guidance found in SAS No. 84, Communications
Between Predecessor and Successor Auditors. The SAS defines the terms predecessor and
successor auditors.
A predecessor auditor is one who has reported on the most recent audited (not reviewed or
compiled) financial statements or was engaged to perform but did not complete the assignment,
and has either resigned, declined to stand for reappointment, or been notified that his or her
services have been, or may be, terminated.
A successor auditor is defined as an auditor who is considering accepting an engagement to
audit (not review or compile) financial statements, but has not yet communicated with the
predecessor auditor.
SAS No. 84 requires the successor to make specific and reasonable inquiries of the predecessor
auditor regarding matters that will assist the successor in deciding whether he or she can accept
the engagement. In particular, SAS No. 84 requires that the following matters be included in
the inquiry:
1. Information that might bear on management’s integrity.
2. Whether there was any disagreements with management as to accounting principles,
auditing procedures, or other similarly significant matters.
3. Communications to audit committees or others with equivalent authority and
responsibility regarding fraud; illegal acts by clients, and internal control matters.
4. The reasons why there is a change in auditors.
Audit Engagement Developments
303
The predecessor must respond promptly and fully to the successor’s inquiries. The successor
should consider the effect of a limited response by the predecessor on whether he or she will
accept the engagement.
The predecessor should also permit the successor to review his or her working papers.
However, the SAS provides wide discretion to the predecessor in deciding which working
papers to provide to the successor. At a minimum, the predecessor should permit the successor
to review working papers relating to documentation of planning, internal control, audit results,
and other matters of continuing accounting and auditing significance such as balance sheet
accounts, and contingencies. Further, the term “access” does not necessarily mean copies, and
may be limited to permitting the successor to review the papers without leaving with copies.
There is nothing in SAS No. 84 that precludes the predecessor from charging the successor
auditor for his or her time in gathering information for the successor.
SAS No. 84 also provides an illustrative client consent and acknowledgement letter which the
client should sign authorizing the predecessor to communicate with the successor. It is the
responsibility of the successor, not the predecessor to obtain the letter from the client.
XXXV. Study on Public Perception of Accountants in Jury Trials
A Gallup Poll concluded that the image of the accounting profession has improved back to its
pre-Enron level.
Specifically, 45 percent of those polled had a positive image of the accounting profession as
compared with only 31 percent right after Enron surfaced in 2002, and a pre-Enron high of 47
percent.
Regardless of how the public perceives the accounting profession as a whole, a recent study
suggests that there continues to be a significant disconnect between the perceived
responsibility accountants have to their clients and third parties, and their actual
responsibilities.
Camico Mutual Insurance Co. published a report entitled, Public Perceptions in a “Post
Enron” World, based on a survey of the American public. The purpose of the survey was to
investigate potential juror attitudes towards accountants and whether those attitudes have been
negatively affected by the recent corporate scandals, including Enron. The survey was
performed by Dynamics Incorporated, a trial consulting firm, and was based on surveys of
random respondents from the general public in Atlanta, Los Angeles, Miami, New Orleans,
New York, and Seattle.
General conclusions reached from the survey include:
Audit Engagement Developments
304
In the post-Enron environment, 78% of those surveyed believe the things they hear in the news
about corporate wrongdoing.
1. 61% of respondents believe that accountants are responsible for making sure their
clients stay honest.
2. 42% of respondents state that they blame external accountants for the legal and/or
ethical problems facing Corporate America today.
3. Only 13% of respondents believe that accountants have become more ethical in the past
five years.
4. 62% of respondents think that a professional accounting firm would look the other way
if a client violated the law in order to maintain its relationship with the client.
5. 71% of respondents believe that if an accountant is hired by a company to review
financial statements, but not retained to do an audit, they would expect the accountant to
uncover fraud.
6. 67% believe a professional accounting firm that does not catch a company’s fraud
should pay a severe penalty.
Although the survey is based on the public’s perception of auditors, the conclusions reached
apply to all accountants including those engaged in compilation and review engagements.
Simply put, there continues to be evidence that the public does not differentiate between the
accountant’s responsibility related to an audit, review and a compilation engagement.
Following are excerpts from the survey:
How closely, if at all, have you followed the news about corporate
scandals or wrongdoing?
Very closely 35%
Follow it, but not closely 28%
Sometimes follow it 24%
Rarely follow it 7%
Did not follow it at all 6%
Have you ever felt that you were misled about the financial
health of a company?
Yes 37%
No 63%
Which type of crime poses a greater threat to society, street
crime or white collar crime?
Street crime 49%
White collar crime 51%
Audit Engagement Developments
305
Do you tend to believe the things you hear in the news about
corporate wrongdoing?
Pre
Enron
Post
Enron
Yes 46% 78%
No 54% 22%
Who, if anyone, do you blame for the legal and/or ethical problems
facing Corporate America today?
CEO 70%
Corporate senior executives 68%
CFO 62%
Inside lawyers 58%
Board of directors 55%
Inside accountants 53%
External accountants 42%
External lawyers 40%
External consultants 34%
Do you think accountants have become less ethical, more ethical, or
stayed the same in the past five years?
Less ethical 38%
More ethical 13%
Stayed the same 49%
Over the last few years, has your opinion of accounting firms that
audit corporations changed?
Yes 52%
No 48%
I do not trust accountants:
Strongly agree 8%
Somewhat agree 13%
Neutral 22%
Somewhat disagree 24%
Strongly disagree 33%
Do you think that a professional accounting firm would look the other
way if a client violated the law in order to maintain its relationship with
the client?
Yes 62%
No 38%
Audit Engagement Developments
306
Compared to accountants who work for large national accounting firms, do
you think that accountants in small firms are less honest, more honest or
about the same in terms of honesty?
About the same 55%
More honest 39%
Less honest 6%
A company is ultimately responsible for its financial statements, not the
accountant who audits the company:
Strongly agree 59%
Somewhat agree 20%
Neutral 9%
Somewhat disagree 6%
Strongly disagree 6%
Accountants should know laws that relate to financial matters:
Strongly agree 22%
Somewhat agree 67%
Neutral 7%
Somewhat disagree 4%
Strongly disagree 0%
Accountants are responsible for making sure that companies stay honest:
Pre
Enron
Post
Enron
Agree 34% 61%
Neither 25% 10%
Disagree 39% 29%
If an accountant is hired by a company to review financial statements, but
not retained to do an audit, would you expect the accountant to uncover
fraud?
Pre
Enron
Post
Enron
Yes 40% 71%
No 60% 29%
Quality of work of small firms (when compared with the work of large
firms):
Pre
Enron
Post
Enron
Higher 16% 36%
Same 46% 55%
Lower 38% 9%
Audit Engagement Developments
307
An auditor who works closely with a company’s financial statements should easily
detect any fraud:
Strongly agree 45%
Somewhat agree 29%
Neutral 10%
Somewhat disagree 12%
Strongly disagree 4%
A professional accounting firm that does not catch a company’s fraud should pay a
severe penalty:
Strongly agree 42%
Somewhat agree 25%
Neutral 12%
Somewhat disagree 12%
Strongly disagree 9%
While some accountants have done bad things, the entire accounting profession
should not be condemned:
Strongly agree 65%
Somewhat agree 20%
Neutral 5%
Somewhat disagree
Strongly disagree
4%
6%
Source: Camico Mutual Insurance Company
Moreover, the Audit Risk Alert published the results of audit malpractice claims compiled by
CPA firms insured with Continental Casualty Company’s AICPA insurance program.
Following are some of the statistics published:
1. Only 5% of all audit claims involve revenue fraud.
2. Audit services represent 16 percent of total revenues of CPA firms covered by the
AICPA insurance program and 16 percent of total claims volume.
3. Audit claims occur less frequently than tax practice claims, but audit claims involve
much higher costs.
4. Claims related to public company audits represent only 5% of total claims while such
claims tend to be very severe (high cost).
5. Claims related to nonpublic company audits represent 11% of total claims.
6. Audit claims involving nonpublic entities are broken down as follows:
Audit Engagement Developments
308
Technical standards violations:
Improper inventory valuation 32%
Inadequate testing and verification of receivables including
accepting management representations regarding the
collectibility, and maintaining an inadequate allowance for
doubtful accounts
21%
All other technical standards violations
10%
Failure to detect defalcations
20%
Missing disclosures including those related to related parties and
derivatives
13%
Other
4%
100%
8. Engagement letters are issued in 85% of audit engagements, which is higher than other
areas of practice.
9. In 35% of all cases involving defalcation, the amount stolen was material to the
financial statements.
Audit Engagement Developments
309
REVIEW QUESTIONS
Under the NASBA-AICPA self-study standards, self-study sponsors are required to present
review questions intermittently throughout each self-study course. Additionally, feedback must
be given to the course participant in the form of answers to the review questions and the reason
why answers are correct or incorrect.
To obtain the maximum benefit from this course, we recommend that you complete each of the
following questions, and then compare your answers with the solutions that immediately
follow. These questions and related suggested solutions are not part of the final examination
and will not be graded by the sponsor.
1. According to the AICPA’s Private Companies Practice Section (PCPS) of the Top Ten
CPA Firm Issues published, which continues to be the biggest challenge for the accounting
profession:
a. Finding, hiring and retaining staff
b. Work/life balance
c. Keeping up with technology
d. Client collections
2. Which of the following suggestions does the author provide to decrease audit time:
a. Increase audit work in high-risk areas
b. Replace analytical procedures with tests of account balances in low risk audit areas
c. Set high materiality thresholds
d. Use “canned” programs
3. To save time when auditing the accounts payable, which of the following procedures is
recommended by the author?
a. Do not request cut-off statements
b. Eliminate confirmation of trade payables
c. Performance of confirmation of receivables at interim to compare with payables
d. Performance of physical observation at interim to assist with payables
4. Under SAS No. 67, when should confirmations be used with respect to accounts receivable:
a. In all cases even if alternative substantive tests would be adequate to reduce audit risk
b. When audit risk is assessed very low
c. When the balance is immaterial
d. When the auditor believes that the recipients will reply
5. What factor might make an auditor question a company’s ability to continue as a going
concern:
a. Compliance with statutory capital requirements
b. Continued operating losses coupled with increasing revenues
c. New loans
Audit Engagement Developments
310
d. Unusually liberal credit terms to customers
6. From the tenant’s perspective, which of the following provisions should be included in a
lease agreement?
a. A provision allowing the tenant the right to audit CAM charges
b. A provision including a pro rata share of the cost of an umbrella policy insurance
c. A provision including persons involved in administration in the labor portion of CAM
charges
d. An open-ended management fees clause
7. Which one of the following is required to be performed by an auditor:
a. Engagement letters
b. Legal letters for unasserted litigation, claims, and assessments
c. The use of return envelopes in confirmations
d. Verification of endorsements on the back of canceled checks
8. In a reaudit engagement:
a. A report that divides responsibility for the audit should be issued by the predecessor
auditor
b. Copies of working papers should be provided to the successor auditor
c. Responsibility for the predecessor auditor’s work should be assumed by the successor
auditor
d. The reaudit should be planned and performed in accordance with GAAS
9. According to Camico Mutual Insurance Co.’s report, Public Perceptions in a “Post Enron”
World, what percentage of respondents believe what they hear in the news about corporate
misconduct:
a. 13%
b. 31%
c. 61%
d. 78%
10. According to the AICPA Audit Risk Alert, which of the following is not a technical
standards violation against auditors noted by a malpractice insurance carrier:
a. Improper inventory valuation
b. Failure to detect defalcations
c. Missing disclosures
d. Not establishing prepaid insurance
Audit Engagement Developments
311
SUGGESTED SOLUTIONS
1. According to the AICPA’s Private Companies Practice Section (PCPS), of the Top Ten
CPA Firm Issues published, which continues to be the biggest challenge for the
accounting profession:
a. Correct. According to the AICPA’s PCPS, finding, hiring and retaining staff
continues to be the biggest challenge for the accounting profession.
b. Incorrect. Work/life balance, although on the Top Ten list, is not one of the top issues.
In fact, it is tenth on the list.
c. Incorrect. Keeping up with technology is not at the top of the list. It is ninth on the list.
d. Incorrect. Client collections are only number seven on the list.
2. Which of the following suggestions does the author provide to decrease audit time:
a. Correct. The author suggests that auditors increase audit work in high-risk areas
such as inventories and receivables to decrease audit time.
b. Incorrect. The author suggests that auditors replace tests of account balances with
analytical procedures in low risk audit areas to decrease audit time.
c. Incorrect. The author suggests that auditors reassess the materiality threshold at a higher
level established for the audit. Many firms set materiality too low and do too much work
based on the assessment.
d. Incorrect. The author suggests that auditors streamline the audit program and not use
“canned” programs which include too many procedures.
3. To save time when auditing the accounts payable, which of the following procedures is
recommended by the author?
a. Incorrect. To save time when auditing the cash, auditors should not request cut-off
statements. This procedure has no impact on accounts payable.
b. Correct. To save time when auditing accounts payable, auditors should eliminate
confirmation of trade payables. Confirmation usually does not test for unrecorded
liabilities which is where the greatest audit risk lies.
c. Incorrect. To save time when auditing the accounts receivable, the confirmation of
receivables should be performed at interim. However, this procedure does not impact
accounts payable.
d. Incorrect. To save time when auditing inventories, the physical observation should be
performed at interim. Even though inventories and accounts payable are related
accounts, the physical observation at interim does not save time in auditing accounts
payable.
4. Under SAS No. 67, when should confirmations be used with respect to accounts receivable:
a. Incorrect. If alternative substantive tests would be adequate to reduce audit risk,
confirmations with respect to accounts receivable may not be appropriate or needed.
b. Incorrect. If audit risk is assessed very low, confirmations with respect to accounts
receivable may not be appropriate or needed as alternative procedures may be used that
reduce audit time relative to the risk.
Audit Engagement Developments
312
c. Incorrect. If the balance is immaterial, there is no need to use confirmations.
d. Correct. A key element in determining whether receivables should be used is
whether the recipients are likely to reply. If, based on historical responses of other
information, the auditor believes that recipients are not responsive, use of
confirmations would not be an effective audit procedure.
5. What factor might make an auditor question a company’s ability to continue as a going
concern:
a. Incorrect. A factor that might raise doubts about a company’s ability to continue as a
going concern is noncompliance with statutory capital requirements.
b. Incorrect. A factor that might raise doubts about a company’s ability to continue as a
going concern is continued operating losses coupled with declining revenues.
c. Incorrect. A factor that might raise doubts about a company’s ability to continue as a
going concern is loan defaults.
d. Correct. A factor that might raise doubts about a company’s ability to continue as
a going concern is unusually liberal credit terms to customers including significant
dating of receivables.
6. From the tenant’s perspective, which of the following provisions should be included in a
lease agreement?
a. Correct. From the tenant’s perspective, a lease agreement should contain a
provision giving the tenant the right to audit the CAM charges.
b. Incorrect. From the tenant’s perspective, a lease agreement should not contain a
provision that includes a pro rata share of umbrella policy insurance because this is an
indirect cost.
c. Incorrect. From the tenant’s perspective, a lease agreement should have a provision
excluding persons involved in administration from the labor portion of CAM charges.
d. Incorrect. From the tenant’s perspective, a lease agreement should state that
management fees are either fixed or based on a measurable amount. It should not
include an open-ended management fees clause.
7. Which one of the following is required to be performed by an auditor:
A. Correct. Under SAS No. 108, auditors must ensure that the client understands the
nature and terms of the engagement in writing. Thus, an engagement letter is
required. Previously, there was no requirement that such an understanding be in
writing.
b. Incorrect. Legal letters are not required for unasserted litigation, claims, and
assessments. Letters of inquiry must be sent only to attorneys with whom management
had consulted regarding litigation, claims and assessments.
c. Incorrect. GAAS does not require the use of return envelopes for confirmations.
However, in practice, most auditors use return envelopes to facilitate responses.
d. Incorrect. Verifying endorsements on the back of canceled checks is not a required
auditing procedure. Yet, an auditor may decide that this procedure is necessary given
his or her assessment of inherent and control risk.
Audit Engagement Developments
313
8. In a reaudit engagement:
a. Incorrect. In a reaudit engagement, a report that divides responsibility for the audit
should not be issued by either the predecessor auditor or the successor auditor.
b. Incorrect. In a reaudit engagement, the successor auditor may request access to the
predecessor auditor’s working papers. However, the predecessor should consider the
risk associated with future litigation.
c. Incorrect. In a reaudit engagement, responsibility for the predecessor auditor’s work
should not be assumed by the successor auditor.
d. Correct. In a reaudit engagement, the reaudit should be planned and performed in
accordance with GAAS by the successor auditor.
9. According to Camico Mutual Insurance Co.’s report, Public Perceptions in a “Post Enron”
World, what percentage of respondents believe what they hear in the news about corporate
misconduct:
a. Incorrect. According to Camico Mutual Insurance Co.’s report, Public Perceptions in a
“Post Enron” World, only 13% believe accountants have become more ethical since the
Enron scandal.
b. Incorrect. According to a recent Gallup Poll, only 31% of those polled right after Enron
surfaced in 2002, had a positive image of the accounting profession.
c. Incorrect. According to Camico Mutual Insurance Co.’s report, Public Perceptions in a
“Post Enron” World, 61% hold accountants responsible for making sure their clients
stay honest.
d. Correct. According to Camico Mutual Insurance Co.’s report, Public Perceptions
in a “Post Enron” World, 78% of respondents believe what they hear in the news
about corporate misconduct.
10. According to the AICPA Audit Risk Alert, which of the following is not a technical
standards violation against auditors noted by a malpractice insurance carrier:
a. Incorrect. In 32 percent of the noted cases, improper inventory valuation was noted as a
violation against the auditor.
b. Incorrect. The Alert cites that in 20 percent of the cases noted, failure to detect
defalcations was a GAAS violation.
c. Incorrect. In 13 percent of the cases, disclosures were missing with particular emphasis
on those involving related parties and derivatives.
d. Correct. Not establishing prepaid insurance was not on the list and is a relatively
low risk audit area.
Audit Engagement Developments
314
SECTION 4: ASB’s Clarity Project
XXXIV. SAS Nos. 122-125
Introduction:
In 2004, the Auditing Standards Board (ASB) started a project aimed at converging U.S.
auditing standards with International Standards on Auditing (ISA) issued by the International
Audit & Assurance Standards Board (IAASB). The project, referred to as the Clarity Project,
is similar to the one being done between the FASB and IASB on the GAAP side. Certain
information in this section regarding the Clarity Project was obtained from the AICPA’s
document entitled, Clarity Project: Update and Final Products, issued in January 2012, and
SAS Nos. 122-125.
The goal of the Project is two-fold:
1. To make existing U.S. auditing standards easier to apply and comprehend, and
2. To converge U. S. GAAS with International Standards on Auditing (ISA) issued by the
International Auditing & Assurance Standards Board (IAASB).
Key points to consider under this project include:
1. As of December 2011, the ASB has completed the redraft of all existing auditing
standards (except two) with the issuance of SAS Nos. 122-125, apply drafting
conventions to those standards, and has converged the material with the ISAs. The
redrafting process included exposing clarity redrafts, considering comments, making
changes and finalizing the standards.
2. All new standards found in SAS Nos. 122-125 incorporate conventions under the
Clarity Format that include the following:
a. A standard format is used for each new SAS, segregated into sections as follows:
Introduction and Scope
Objective
Definitions
Requirements and
Application and other explanatory material that links to the underlying material.
b. The new format provides for:
Audit Engagement Developments
315
A separation between the requirements section and the application and other
explanatory material
Standard formatting techniques such as use of bullets for lists
Special considerations for smaller entity audits, and
Special considerations for audits of governmental entities, if applicable.
3. All existing auditing statements (SAS No. 1 to 116) have been superseded, except two,
with the replacement standards now part of the new codification.
a. SAS No. 117-121 has been retained but are recodified into the new AU-C format.
b. In completing the new codification, some existing auditing (AU) sections were
merged and others were split into different sections.
4. The new codification under the Clarity Project was completed with the October 2011
issuance of three new SASs: SAS No. 122-124, and the December 2011 issuance of
SAS No. 125 as follows:
SAS No. 122: Statements on Auditing Standards: Clarification and Recodification
SAS No. 123: Omnibus Statement on Auditing Standards- 2011
SAS No. 124: Financial Statements Prepared in Accordance With a Financial
Reporting Framework Generally Accepted in Another Country
SAS No. 125: Alert That Restricts the Use of the Auditor’s Written Communication.
5. Effective dates of SAS Nos. 122-125:
a. SAS Nos. 122-124 are effective for audits of financial statements for periods ending
on or after December 15, 2012. Early application is not permitted.
b. SAS No. 125 is effective for the auditor’s written communications related to audits
of financial statements for periods ending on or after December 15, 2012. For all
other types of engagements in accordance with GAAS, SAS No. 125 is effective for
the auditor’s written communications issued on or after December 15, 2012.
c. Early adoption of SAS No. 122-125 is not permitted.
d. Although the effective date of the SASs is calendar year 2012 (in most cases),
interim procedures for a year end December 31, 2012, that are performed prior to the
effective date, are subject to the new standards. The effective date runs to the year
end of the audit, not when the procedures are actually performed.
Although most changes to auditing standards made by SAS Nos. 122-125 are not substantive,
auditors need to change their work programs and specific procedures to reference guidance
found in the authoritative standards as follows:
Audit Engagement Developments
316
Engagement letters and management representations letters need to be changed.
Audit programs and work papers need to reference the new auditing standards authority.
Key changes made in the new SASs:
1. The term “generally accepted accounting principles” (GAAP) is replaced with the term
“applicable financial reporting framework,” which also includes cash, tax, regulatory, and
contractual bases of accounting.
2. The SAS replaces the definition of other comprehensive basis of accounting (OCBOA) with a
broader term “special purpose framework.”
3. The wording of the auditor’s report has changed to include:
use of paragraph headings
an expanded section on management’s responsibility
an expanded description of the auditor’s responsibility and objectives of an audit
a broad definition of an audit.
4. The new SASs:
Introduce two terms: “emphasis-of-matter” and “other-matter” paragraphs, which replace
the previous term “explanatory paragraph.”
Make explicit requirements for auditors to perform procedures related to detection of
noncompliance with laws and regulations (formerly illegal acts).
Make explicit requirements for auditors to perform certain procedures on opening balances
in initial audit engagements.
Change the language in engagement and management representation letters.
Expand the auditor’s requirements in connection with audits under a special purpose
framework, such as OCBOA.
Expand the requirement in communicating internal control matters (which is an expansion
of SAS No. 115).
Expand the scope of existing GAAS on how to conduct an effective audit of group financial
statements involving component auditors.
Expand the auditor’s responsibility with respect to the audit of a single financial statement
or a specific element.
Audit Engagement Developments
317
New SASs With Substantive Changes
Although most of the existing auditing standards have been reissued under the new Clarity
Project, only a handful of the SASs significantly impact the audit engagement and are
summarized in the following chart.
New SASs With Substantive (Significant) Changes to Existing GAAS
AU-C Title
250 Consideration of Laws and Regulations in an Audit of Financial Statements
265 Communicating Internal Control Related Matters Identified in an Audit
700 Forming an Opinion and Reporting on Financial Statements 705 Modifications to the Opinion in the Independent Auditor’s Report
706 Emphasis-of-Matter Paragraphs and Other-Matter Paragraphs in the
Independent Auditor’s Report
600 Special Considerations- Audits of Group Financial Statements (Including
the Work of Component Auditors)
800 Special Considerations- Audits of Financial Statements Prepared in
Accordance With Special Purpose Frameworks 210 Terms of Engagement
580 Written Representations
In the following section, the author reviews each of these new standards that make substantive
changes to the way in which auditors will be required to perform their audits.
Audit Engagement Developments
318
AU-C 250- Consideration of Laws and Regulations in an Audit of
Financial Statements
Supersedes: SAS No. 54, Illegal Acts by Clients
Key changes in the SAS:
1. Requires the auditor to perform specific audit procedures designed to detect
noncompliance with laws and regulations including:
the performance of procedures to identify instances of non-compliance with those
laws and regulations that may have a material effect on the financial statements,
and
the auditor’s inspection of correspondence, if any, with the relevant licensing or
regulatory authorities.
2. The concept of “illegal acts” as previously used in SAS No. 54 has been replaced
with “noncompliance with laws and regulations.”
3. Replaces the concept of “no assurance” found in existing GAAS with the term
“inherent limitations of an audit.”
4. Requires an auditor to obtain a written representation from management concerning
the absence of noncompliance with laws or regulations.
1. General requirements of the AU-C:
a. The requirements in AU-C 250 are designed to assist the auditor in identifying material
misstatement of the financial statements due to noncompliance with laws and
regulations. However, the auditor is not responsible for preventing noncompliance and
cannot be expected to detect noncompliance with all laws and regulations.
The term “illegal acts” is replaced with the term “noncompliance with laws and
regulations.”
b. Definition of Noncompliance: AU-C-250 defines noncompliance as:
Audit Engagement Developments
319
“Acts of omission or commission by the entity, either intentional or
unintentional, which are contrary to the prevailing laws or regulations.”
1) Such acts include transactions entered into by, or in the name of the entity, or on its
behalf, by those charged with governance, management, or employees. Non-
compliance does not include personal misconduct (unrelated to the business
activities of the entity) by those charged with governance, management, or
employees of the entity.
Note: Previously issued SAS No. 54 stated “an audit performed in accordance with
generally accepted auditing standards provides no assurance that illegal acts will be
detected.” This new SAS replaces the term “no assurance” with the term “inherent
limitations of an audit” which is a much softer threshold.
Responsibility of Management
1. The AU-C states that it is management’s responsibility, with the oversight of those charged
with governance, to ensure that the entity’s operations are conducted in accordance with the
provisions of laws and regulations, including compliance with the provisions of laws and
regulations that determine the reported amounts and disclosures in the entity’s financial
statements.
a. Policies and procedures that any entity may implement to assist it in preventing and
detecting noncompliance with laws and regulations include:
Monitoring legal requirements to ensure that operating procedures are designed to
meet those requirements
Instituting and operating appropriate systems of internal control
Developing, publicizing, and following a code of ethics or conduct
Ensuring employees are properly trained and understand the code of ethics or
conduct
Monitoring compliance with the code of ethics or conduct, and disciplining
employees who fail to comply with it
Engaging legal advisors to assist in monitoring legal requirements, AND
Maintaining a register of significant laws and regulations with which the entity must
comply within a particular industry and a record of complaints.
Responsibility of the Auditor
1. The Auditor’s Consideration of Compliance With Laws and Regulations
a. As part of obtaining an understanding of the entity and its environment, in accordance
with AU-C 315, Understanding the Entity and Its Environment and Assessing the Risks
Audit Engagement Developments
320
of Material Misstatement, the auditor should obtain a general understanding of the
following:
The legal and regulatory framework applicable to the entity and the industry or
sector in which the entity operates, and
How the entity is complying with that framework.
b. To obtain a general understanding of the legal and regulatory framework and how the
entity complies with that framework, the auditor may, for example:
use the auditor’s existing understanding of the entity’s industry and regulatory and
other external factors
update the understanding of those laws and regulations that directly determine the
reported amounts and disclosures in the financial statements
inquire of management about other laws or regulations that may be expected to have
a fundamental effect on the operations of the entity
inquire of management concerning the entity’s policies and procedures regarding
compliance with laws and regulations (including the prevention of noncompliance),
if appropriate
inquire of management regarding the policies or procedures adopted for identifying,
evaluating, and accounting for litigation claims
inquire of management regarding the use of directives issued by the entity and
periodic representations obtained by the entity from management at appropriate
levels of authority concerning compliance with laws and regulations, and
consider the auditor’s knowledge of the entity’s history of noncompliance with laws
and regulations.
c. Laws and regulations that have a direct effect on the financial statements:
The auditor should obtain sufficient appropriate audit evidence regarding material
amounts and disclosures in the financial statements that are determined by the
provisions of those laws and regulations generally recognized to have a direct effect on
the financial statements such:
the form and content of financial statements (for example, statutorily-mandated
requirements)
industry-specific financial reporting issues
accounting for transactions under government contracts (for example, laws and
regulations that may affect the amount of revenue to be accrued), and
the accrual or recognition of expenses for income tax or pension costs.
Note: With respect to laws and regulations that have a direct effect on the financial
statements, the auditor’s responsibility is to obtain sufficient appropriate audit evidence
Audit Engagement Developments
321
regarding material amounts and disclosures in the financial statements that are
determined by the provisions of those laws and regulations. That responsibility is the
same as that for misstatements caused by error or fraud.
d. Other Laws and regulations that do not have a direct effect on the financial statements:
The auditor should perform specific audit procedures that may identify noncompliance
with other laws and regulations that may have a material effect on the financial
statements such as:
Inquiring of management and, when appropriate, those charged with governance
about whether the entity is in compliance with such laws and regulations, and
Inspecting correspondence, if any, with the relevant licensing or regulatory
authority.
e. In the absence of identified or suspected noncompliance, the auditor is not required to
perform audit procedures regarding the entity’s compliance with laws and regulations,
other than:
those set out in paragraphs (1)(a) through (d) above, and
the requirement to obtain written representations from management regarding an
entity’s compliance with laws and regulations.69
Note: The newly issued AU-C 580, Written Representations, includes the following
language to be included in a management representation letter:
“We have disclosed to you all known instances of non-
compliance or suspected non-compliance with laws and
regulations whose effects should be considered when preparing
financial statements.”
Previous language: SAS No. 85 (AU 333) (Superseded by AU-C 580):
“There are no violations or possible violations of laws or
regulations whose effects should be considered for disclosure in
the financial statements or as a basis for recording a loss
contingency.”
Note: An entity’s noncompliance with laws and regulations may result in a material
misstatement of its financial statements. Detection of noncompliance, regardless of
materiality, may affect other aspects of the audit, including, the auditor’s consideration
69
AU-C 580, Written Representations, (paragraph .13).
Audit Engagement Developments
322
of the integrity of management or employees, as well as the possibility of fraudulent
activity.
2. Audit Procedures When Noncompliance Is Identified or Suspected
a. If the auditor becomes aware of information concerning an instance of noncompliance
or suspected noncompliance with laws and regulations, the auditor should obtain:
an understanding of the nature of the act and the circumstances in which it has
occurred, and
further information to evaluate the possible effect on the financial statements.
b. An auditor may perform additional procedures in response to becoming aware of
noncompliance or suspected noncompliance with laws and regulations, including:
Examining supporting documents, such as invoices, cancelled checks, and
agreements, and comparing them with accounting records
Confirming significant information concerning the matter with the other party to the
transaction or intermediaries, such as banks or lawyers
Determining whether the transaction has been properly authorized, and
Considering whether other similar transactions or events may have occurred and
applying procedures to identify them
3. Reporting of Identified or Suspected Noncompliance
Reporting Noncompliance to Those Charged With Governance
a. Unless all of those charged with governance are involved in management of the entity
and aware of matters involving identified or suspected noncompliance already
communicated by the auditor, the auditor should communicate with those charged with
governance matters involving noncompliance with laws and regulations that come to the
auditor’s attention during the course of the audit, other than when the matters are clearly
inconsequential.
4. Other Provisions
a. AU-C 250 also provides guidance about documentation and communication with those
charged with governance, and other matters.
Audit Engagement Developments
323
REVIEW QUESTIONS
Under the NASBA-AICPA self-study standards, self-study sponsors are required to present
review questions intermittently throughout each self - study course. Additionally, feedback
must be given to the course participant in the form of answers to the review questions and the
reason why answers are correct or incorrect.
To obtain the maximum benefit from this course, we recommend that you complete each of the
following questions, and then compare your answers with the solutions that immediately
follow. These questions and related suggested solutions are not part of the final examination
and will not be graded by the sponsor.
1. Which of the following is an element of the new format under the Clarity Project:
a. An integration between the requirements section and the application and other
explanatory material
b. Special consideration for larger, public entities
c. A separate section for auditors of not-for-profit organizations
d. Standard formatting techniques such as use of bullets for lists
2. Whose responsibility is it to ensure that an entity’s operations are conducted in accordance
with the provisions of laws and regulations:
a. Those charged with governance
b. Management
c. Auditor
d. Law enforcement
3. If an auditor becomes aware of noncompliance or suspected noncompliance with laws and
regulations, additional procedures he or she may perform include all of the following
except:
a. Examining supporting documents, such as invoices, cancelled checks, and agreements,
and comparing with accounting records
b. Receiving a written confirmation from management refuting the allegation of
noncompliance
c. Confirming significant information concerning the matter with the other party to the
transaction or intermediaries, such as banks or lawyers
d. Determining whether the transaction has been properly authorized
Audit Engagement Developments
324
SUGGESTED SOLUTIONS
1. Which of the following is an element of the new format under the Clarity Project?
a. Incorrect. One element is that there is a separation, not integration, between the
requirements section and the application and other explanatory material
b. Incorrect. The new format provides special consideration for smaller entity audits, not
larger, public entity ones.
c. Incorrect. There is no separate section for auditors of not-for-profit organizations,
making the answer incorrect.
d. Correct. One of the elements is that there is a standard formatting techniques
such as use of bullets for lists.
2. Whose responsibility is it to ensure that an entity’s operations are conducted in accordance
with the provisions of laws and regulations:
a. Incorrect. Those charged with governance are responsible for oversight of management,
not direct responsibility for ensuring that an entity’s operations are conducted in
accordance with the provisions of laws and regulations.
b. Correct. Management is responsible to ensure that an entity’s operations are
conducted in accordance with the provisions of laws and regulations.
c. Incorrect. The auditor is not responsible for ensuring that an entity’s operations are
conducted in accordance with laws and regulations, making the answer incorrect.
d. Incorrect. In general, law enforcement is not responsible for an entity’s compliance
with laws and regulations, making the answer incorrect.
3. If an auditor becomes aware of noncompliance or suspected noncompliance with laws and
regulations, additional procedures he or she may perform include all of the following
except:
a. Incorrect. Examining supporting documents, such as invoices, cancelled checks, and
agreements, and comparing with accounting records, is an example of an additional
procedure that the auditor may perform, making the answer incorrect.
b. Correct. Receiving a written confirmation from management refuting the
allegation of noncompliance, is not an additional procedure identified within the
AU-C. Thus, the answer is correct.
c. Incorrect. The AU-C does state that confirming significant information concerning the
matter with the other party to the transaction or intermediaries, such as banks or
lawyers, is an additional answer. Thus, the answer is incorrect.
d. Incorrect. Determining whether the transaction has been properly authorized is
identified as an additional procedure, making the answer incorrect.
Audit Engagement Developments
325
AU-C 265: Communicating Internal Control Related Matters Identified in
an Audit
Supersedes: SAS No. 115, Communicating Internal Control Related Matters Identified in an
Audit
Key Changes in the SAS:
1. The new SAS makes explicit the following requirements that were implied in SAS No.
115.
a. The auditor is required to determine whether, on the basis of the audit work
performed, the auditor has identified one or more deficiencies in internal control,
and,
b. The auditor is required to include specific matters if there is a written communication
made stating that no material weaknesses were identified during the audit.
2. The new SAS adds two new requirements that were not previously included in SAS No.
115:
a. The auditor is required to communicate, in writing or orally, only to management
other deficiencies (that are not material weaknesses or significant deficiencies) in
internal control identified during the audit that have not been communicated to
management by other parties and that, in the auditor’s professional judgment, are of
sufficient importance to merit management’s attention.
b. In its written communication identifying significant deficiencies or material
weaknesses, the auditor must now include an explanation of the potential effects of
those significant deficiencies and material weaknesses identified.
Definitions
1. For purposes of generally accepted auditing standards, the following terms have the
meanings attributed as follows:
Deficiency in internal control. A deficiency in internal control exists when the
design or operation of a control does not allow management or employees, in the
normal course of performing their assigned functions, to prevent, or detect and
correct, misstatements on a timely basis. A deficiency in design exists when (a) a
Audit Engagement Developments
326
control necessary to meet the control objective is missing or (b) an existing
control is not properly designed so that, even if the control operates as designed,
the control objective would not be met. A deficiency in operation exists when a
properly designed control does not operate as designed or when the person
performing the control does not possess the necessary authority or competence to
perform the control effectively.
Material weakness. A deficiency, or a combination of deficiencies, in internal
control, such that there is a reasonable possibility that a material misstatement of
the entity’s financial statements will not be prevented, or detected and corrected,
on a timely basis.
Significant deficiency. A deficiency, or a combination of deficiencies, in
internal control that is less severe than a material weakness yet important enough
to merit attention by those charged with governance.
Requirements for the Auditor
1. An auditor is required to determine whether, on the basis of the audit work performed, the
auditor has identified one or more deficiencies in internal control during his or her audit
engagement.
2. The AU-C carries over the requirement from SAS No. 115 that if an auditor identifies one
or more deficiencies in internal control during his or her audit engagement, the auditor
should evaluate each deficiency to determine whether, individually or in combination, they
constitute:
Significant deficiencies, or
Material weaknesses
Communication of Deficiencies in Internal Control
1. The auditor should communicate in writing to those charged with governance on a timely
basis significant deficiencies and material weaknesses identified during the audit, including
those that were remediated during the audit.
2. The auditor also should communicate to management at an appropriate level of
responsibility, on a timely basis:
a. In writing, significant deficiencies and material weaknesses that the auditor has
communicated or intends to communicate to those charged with governance, unless it
would be inappropriate to communicate directly to management in the circumstances.
b. In writing or orally, other deficiencies in internal control identified during the
audit that have not been communicated to management by other parties and that,
Audit Engagement Developments
327
in the auditor’s professional judgment, are of sufficient importance to merit
management’s attention. If other deficiencies in internal control are communicated
orally, the auditor should document the communication. (NEW)
3. The communications referred to in (1) and (2) above should be made no later than 60 days
following the report release date.
4. The auditor should include in the written communication of significant deficiencies and
material weaknesses the following:
a. The definition of the term “material weakness” and, when relevant, the definition of the
term “significant deficiency.”
b. A description of the significant deficiencies and material weaknesses and an
explanation of their potential effects (NEW).
c. Sufficient information to enable those charged with governance and management to
understand the context of the communication. In particular, the auditor should include in
the communication the following elements that explain that:
the purpose of the audit was for the auditor to express an opinion on the financial
statements
the audit included consideration of internal control over financial reporting in order
to design audit procedures that are appropriate in the circumstances, but not for the
purpose of expressing an opinion on the effectiveness of internal control
the auditor is not expressing an opinion on the effectiveness of internal control
the auditor’s consideration of internal control was not designed to identify all
deficiencies in internal control that might be material weaknesses or significant
deficiencies, and therefore, material weaknesses or significant deficiencies may exist
that were not identified.
d. In accordance with the AU-C 905, Restricting Use of an Auditor’s Report, a restriction
regarding the use of the communication to management, those charged with
governance, others within the organization, and any governmental authority to which
the auditor, is required to report.
Note: One of the new requirements found in AU-C 265 is that the communication includes
a description of the significant deficiencies and material weaknesses and an explanation of
their potential effects. In explaining the potential effects of significant deficiencies and
material weaknesses, the auditor is not required to quantify those effects. Instead, the
potential effects may be described:
in terms of the control objectives and types of errors the control was designed to prevent
or detect and correct, or
Audit Engagement Developments
328
in terms of the risks of misstatement that the control was designed to address.
Moreover, the potential effects may be evident from the description of the significant
deficiencies or material weaknesses.
5. No Material Weakness Communications
a. An auditor is permitted (but not required) to issue a written communication stating that
no material weaknesses were identified during the audit.
1) If the auditor makes such a communication, he or she should include the matters in
paragraph 4(a), (c), and (d), above.
2) The auditor should not issue a written communication stating that no significant
deficiencies were identified during the audit.
Audit Engagement Developments
329
REVIEW-FEEDBACK QUESTIONS
Under the NASBA-AICPA self-study standards, self-study sponsors are required to present
review questions intermittently throughout each self - study course. Additionally, feedback
must be given to the course participant in the form of answers to the review questions and the
reason why answers are correct or incorrect.
To obtain the maximum benefit from this course, we recommend that you complete each of the
following questions, and then compare your answers with the solutions that immediately
follow. These questions and related suggested solutions are not part of the final examination
and will not be graded by the sponsor.
1. A __________________ is defined as a deficiency, or a combination of deficiencies, in
internal control, such that there is a reasonable possibility that a material misstatement of
the entity’s financial statements will not be prevented, or detected and corrected, on a
timely basis.
a. Deficiency
b. Material weakness
c. Violation of internal control
d. Weakness
2. An auditor is required to communicate in writing, to those charged with governance, which
of the following:
a. Significant deficiencies
b. Weaknesses
c. Other deficiencies
d. Important matters
3. Which of the following is correct as it relates to a situation in which there are no significant
deficiencies identified during an audit. The auditor_____________stating that no
significant deficiencies were identified during the audit.
a. Should issue an oral or written communication
b. Should not issue a written communication
c. Is permitted to issue a written communication
d. Is not permitted to issue an oral communication
Audit Engagement Developments
330
SUGGESTED SOLUTIONS
1. A __________________ is defined as a deficiency, or a combination of deficiencies, in
internal control, such that there is a reasonable possibility that a material misstatement of
the entity’s financial statements will not be prevented, or detected and corrected, on a
timely basis.
a. Incorrect. A deficiency does not necessarily rise to creating a material misstatement,
making the answer incorrect.
b. Correct. A material weakness is a deficiency where it is reasonably possible that a
material misstatement of the entity’s financial statements will not be prevented, or
detected and corrected on a timely basis.
c. Incorrect. The definition presented is for a material weakness, and not for a violation of
internal control
d. Incorrect. The definition is for a material weakness and not just a weakness, making the
answer incorrect.
2. An auditor is required to communicate in writing, to those charged with governance, which
of the following:
a. Correct. An auditor must communicate in writing significant deficiencies and
material weaknesses identified during the audit.
b. Incorrect. Only material weaknesses must be communicated.
c. Incorrect. An auditor must disclose other deficiencies to management and not those
charged with governance. Further, such communications may be made orally, and not
in writing.
d. Incorrect. There is no requirement to communication important matters.
3. Which of the following is correct as it relates to a situation in which there are no significant
deficiencies identified during an audit. The auditor ___________ stating that no
significant deficiencies were identified during the audit.
a. Incorrect. An auditor should not issue a written communication making the statement
incorrect.
b. Correct. The SAS states that an auditor should not issue a written communication
stating that no significant deficiencies were identified during the audit.
c. Incorrect. The SAS states that the auditor should not issue a written communication,
making the answer incorrect.
d. Incorrect. The SAS precludes issuing of a written communication, but does not preclude
making an oral communication, making the answer incorrect.
Audit Engagement Developments
331
AU-C 700: Forming an Opinion and Reporting on Financial Statements
Supersedes: certain sections of SAS No. 1, Codification of Auditing Standards and
Procedures, and SAS No. 58, Reports on Audited Financial Statements.
Key changes in the SAS:
The new SAS rewrites the standard auditor’s report to include:
A more expansive description of management’s responsibility for the preparation
and fair presentation of the financial statements, than the one required by SAS No.
58.
A clearer description of the auditor’s responsibility.
An expanded definition of an audit.
Headings throughout the auditor’s report to clearly distinguish each section of the
report.
A change in terminology by which the term “unqualified opinion” is replaced with
the new term “unmodified opinion.”
Auditor’s Report for Audits Conducted in Accordance With GAAS
AU-C 700 changes the components of the standard auditor’s report as follows:
1. The term “unqualified opinion” is replaced with the term “unmodified opinion.”
2. Management’s Responsibility for the Financial Statements:
a. The auditor’s report should include a section with the heading “Management’s
Responsibility for the Financial Statements.” (NEW)
b. The auditor’s report should describe management’s responsibility for the preparation
and fair presentation of the financial statements.
The description should include an explanation that management is responsible for
the preparation and fair presentation of the financial statements in accordance
Audit Engagement Developments
332
with the applicable financial reporting framework; this responsibility includes the
design, implementation, and maintenance of internal control relevant to the
preparation and fair presentation of financial statements that are free from
material misstatement, whether due to fraud or error. (NEW)
c. The description about management’s responsibility for the financial statements in the
auditor’s report should not be referenced to a separate statement by management about
such responsibilities if such a statement is included in a document containing the
auditor’s report.
3. Auditor’s Responsibility:
a. The auditor’s report should include a section with the heading “Auditor’s
Responsibility” and should state that the responsibility of the auditor is to express an
opinion on the financial statements based on the audit. (NEW)
b. The auditor’s report should describe an audit by stating that: (NEW)
an audit involves performing procedures to obtain audit evidence about the amounts
and disclosures in the financial statements. (NEW)
the procedures selected depend on the auditor’s judgment, including the assessment
of the risks of material misstatement of the financial statements, whether due to
fraud or error. In making those risk assessments, the auditor considers internal
control relevant to the entity’s preparation and fair presentation of the financial
statements in order to design audit procedures that are appropriate in the
circumstances, but not for the purpose of expressing an opinion on the effectiveness
of the entity’s internal control, and accordingly, no such opinion is expressed.
an audit also includes evaluating the appropriateness of the accounting policies used
and the reasonableness of significant accounting estimates made by management, as
well as the overall presentation of the financial statements.
c. When the auditor also has a responsibility to express an opinion on the effectiveness of
internal control in conjunction with the audit of the financial statements, the auditor
should omit from the audit report the phrase that the auditor’s consideration of internal
control is “not for the purpose of expressing an opinion on the effectiveness of internal
control, and accordingly, no such opinion is expressed.”
d. The auditor’s report should state whether the auditor believes that the audit evidence the
auditor has obtained is sufficient and appropriate to provide a basis for the auditor’s
opinion.
4. Auditor’s Opinion:
Audit Engagement Developments
333
a. The auditor’s report should include a section with the heading “Opinion.” (NEW)
b. When expressing an unmodified opinion on financial statements, the auditor’s opinion
should state that the financial statements present fairly, in all material respects, the
financial position of the entity as of the balance sheet date and the results of its
operations and its cash flows for the period then ended, in accordance with the
applicable financial reporting framework.
c. The auditor’s opinion should identify the applicable financial reporting framework and
its origin.
5. Other Reporting Responsibilities:
a. If the auditor addresses other reporting responsibilities in the auditor’s report on the
financial statements that are in addition to the auditor’s responsibility under GAAS to
report on the financial statements, these other reporting responsibilities should be
addressed in a separate section in the auditor’s report that should be subtitled “Report on
Other Legal and Regulatory Requirements” or otherwise, as appropriate to the content
of the section.
b. If the auditor’s report contains a separate section on other reporting responsibilities, the
headings, statements, and explanations should be under the subtitle “Report on the
Financial Statements.” The “Report on Other Legal and Regulatory Requirements”
should follow the “Report on the Financial Statements.”
Note: If there are no other legal or regulatory reporting requirements, both the “Report
on the Financial Statements,” and “Report on Other Legal and Regulatory Require-
ments” headings are eliminated from the auditor’s report.
6. Date of the Auditor’s Report:
a. The auditor’s report should be dated no earlier than the date on which the auditor has
obtained sufficient appropriate audit evidence on which to base the auditor’s opinion on
the financial statements, including evidence that:
the audit documentation has been reviewed
all the statements that the financial statements comprise, including the related notes,
have been prepared, and
management has asserted that they have taken responsibility for those financial
statements.
Audit Engagement Developments
334
Auditor’s Report for Audits Conducted in Accordance With Both GAAS and Another
Set of Auditing Standards
1. When the auditor’s report refers to both GAAS and another set of auditing standards, the
auditor’s report should identify the other set of auditing standards, as well as their origin.
Example: New Standard Audit Report under AU-C 700
An Auditor’s Report on Comparative Financial Statements Prepared in Accordance
With Accounting Principles Generally Accepted in the United States of America
Facts:
Audit of a complete set of general purpose financial statements (comparative).
The financial statements are prepared in accordance with accounting principles
generally accepted in the United States of America.
The auditor has no other reporting requirements to be included in the report.
Audit Engagement Developments
335
INDEPENDENT AUDITOR’S REPORT
[Appropriate Addressee]
We have audited the accompanying financial statements of ABC Company, which comprise the balance sheets as of
December 31, 20X1 and 20X0, and the related statements of income, changes in stockholders’ equity and cash flows for the
years then ended, and the related notes to the financial statements.
Management’s Responsibility for the Financial Statements
Management is responsible for the preparation and fair presentation of these financial statements in accordance with
accounting principles generally accepted in the United States of America; this includes the design, implementation, and
maintenance of internal control relevant to the preparation and fair presentation of financial statements that are free from
material misstatement, whether due to fraud or error.
Auditor’s Responsibility
Our responsibility is to express an opinion on these financial statements based on our audits. We conducted our audits in
accordance with auditing standards generally accepted in the United States of America. Those standards require that we
plan and perform the audit to obtain reasonable assurance about whether the financial statements are free from material
misstatement.
An audit involves performing procedures to obtain audit evidence about the amounts and disclosures in the financial
statements. The procedures selected depend on the auditor’s judgment, including the assessment of the risks of material
misstatement of the financial statements, whether due to fraud or error. In making those risk assessments, the auditor
considers internal control relevant to the entity’s preparation and fair presentation of the financial statements in order to
design audit procedures that are appropriate in the circumstances, but not for the purpose of expressing an opinion on the
effectiveness of the entity’s internal control. Accordingly, we express no such opinion. An audit also includes evaluating
the appropriateness of accounting policies used and the reasonableness of significant accounting estimates made by
management, as well as evaluating the overall presentation of the financial statements.
We believe that the audit evidence we have obtained is sufficient and appropriate to provide a basis for our audit opinion.
Opinion
In our opinion, the financial statements referred to above present fairly, in all material respects, the financial position of
ABC Company as of December 31, 20X1 and 20X0, and the results of their operations and their cash flows for the years
then ended in accordance with accounting principles generally accepted in the United States of America.
[Auditor’s signature]
[Auditor’s city and state]
[Date of the auditor’s report]
Observation: The Example 1 report is the new standard audit report that replaces the standard
audit report found in SAS No. 58.
Audit Engagement Developments
336
AU-C 705: Modifications to the Opinion in the Independent Auditor’s
Report
Supersedes: portions of SAS No. 58, Reports on Audited Financial Statements
Key changes in the SAS:
The new SAS addresses report modifications to the standard audit report.
The SAS introduces the term “modified opinion” which is either a qualified opinion, adverse
opinion, or a disclaimer of opinion.
General Rules
1. The new AU-C establishes three types of modified opinions which are carried over from
SAS No. 58.
Qualified opinion
Adverse opinion
Disclaimer of opinion
2. The decision as to which type of modified opinion is appropriate depends on the nature of
the matter and the auditor’s professional judgment.
Definitions
Modified opinion: A qualified opinion, an adverse opinion, or a disclaimer of opinion.
Pervasive: A term used in the context of misstatements to describe the effects on the
financial statements of misstatements or the possible effects on the financial statements of
misstatements, if any, that are undetected due to an inability to obtain sufficient appropriate
audit-evidence. Pervasive effects on the financial statements are those that, in the auditor’s
professional judgment:
are not confined to specific elements, accounts, or items of the financial statements
if so confined, represent or could represent a substantial portion of the financial
statements, or
with regard to disclosures, are fundamental to users’ understanding of the financial
statements.
Audit Engagement Developments
337
Requirements:
1. The auditor should modify the opinion in the auditor’s report when:
a. The auditor concludes that, based on the audit evidence obtained, the financial
statements as a whole are materially misstated or may be materially misstated, or
b. The auditor is unable to obtain sufficient appropriate audit evidence to conclude that
the financial statements as a whole are free from material misstatement.
2. Types of Modifications:
a. In deciding the type of modified opinion depends on two factors:
Materiality of item: Whether the financial statements are materially misstated or may
be materially misstated, and
Pervasiveness of the item: The pervasiveness of the effects or possible effects of the
matter on the financial statements.
The following table describes the basis for which an auditor should issue a modification.
Type of Modified Opinion
Qualified opinion Adverse opinion Disclaimer of opinion
Material but not Pervasive
Material and Pervasive
Material and Pervasive
The auditor should express a
qualified opinion when:
The auditor concludes that
misstatements, individually or
in the aggregate, are material
but not pervasive to the
financial statements, or
The auditor was unable to
obtain sufficient appropriate
audit evidence on which to
base the opinion, but the
auditor concludes that the
possible effects on the financial
statements of undetected
misstatements could be
material but not pervasive.
The auditor should express an
adverse opinion when the auditor,
having obtained sufficient
appropriate audit evidence,
concludes that misstatements,
individually or in the aggregate, are
both material and pervasive to the
financial statements.
The auditor should disclaim an
opinion when the auditor is unable
to obtain sufficient appropriate
audit evidence on which to base the
opinion, and the auditor concludes
that the possible effects on the
financial statements of undetected
misstatements, if any, could be
both material and pervasive.
Audit Engagement Developments
338
b. If there is a modified opinion (qualified opinion, adverse opinion, or disclaimer of
opinion), the auditor’s report has two paragraphs associated with the modification:
Basis for Modification paragraph, and
Opinion paragraph
3. Basis for Modification Paragraph:
a. When the auditor modifies the opinion, the auditor should include a paragraph in the
auditor’s report that provides a description of the matter giving rise to the modification.
b. The Basis for Modification paragraph should be placed immediately before the opinion
paragraph in the auditor’s report and should use a heading that includes:
Basis for Qualified Opinion
Basis for Adverse Opinion
Basis for Disclaimer of Opinion
c. Lack of independence: When the auditor is not independent but is required by law or
regulation to report on the financial statements, the auditor should disclaim an opinion
and should specifically state that the auditor is not independent.70
Note: The auditor is not required to provide, nor precluded from providing, the reasons
for the lack of independence. If the auditor chooses to provide the reasons for lack of
independence, the auditor should include all the reasons.
4. Opinion Paragraph:
a. If an auditor issues a modified opinion, the auditor should use a heading such as one of
the following for the opinion paragraph:
Qualified Opinion
Adverse Opinion
Disclaimer of Opinion
b. The auditor’s professional judgment about the matter(s) giving rise to the modification
and the pervasiveness of its effects on the financial statements affect the type of opinion
the auditor should issue:
The following table illustrates the interrelation of an auditor’s professional judgment and the
pervasiveness of the effects on the financial statements:
70
Amendment to SAS No. 122 made by SAS No. 123.
Audit Engagement Developments
339
Nature of Matter Giving Rise
to the Modification
Auditor’s Professional Judgment About
the Pervasiveness of the Effects or Possible
Effects on the Financial Statements
Material but not pervasive Material and pervasive
Financial statements materially
misstated
Qualified opinion Adverse opinion
Inability to obtain sufficient
appropriate audit evidence
Qualified opinion Disclaimer of opinion
Source: SAS No. 122, AU-C 705
Following are examples of the three types of modified opinions:
An Auditor’s Report- Qualified Opinion Due to a Material Misstatement of the Financial
Statements
Facts:
Audit of a complete set of general purpose financial statements (comparative).
The financial statements are prepared in accordance with accounting principles
generally accepted in the United States of America.
The auditor has no other reporting requirements to be included in the report.
Inventories are misstated.
The auditor’s report contains a qualified opinion because the misstatement is considered
to be material, but not pervasive to the financial statements.
Basis for Qualified Opinion
The Company has stated inventories at cost in the accompanying balance sheets. Accounting
principles generally accepted in the United States of America require inventories to be stated
at the lower of cost or market. If the Company stated inventories at the lower of cost or
market, a writedown of $200,000 and $100,000 would have been required as of December
31, 20X1 and 20X0, respectively.
Qualified Opinion
In our opinion, except for the effects of the matter described in the Basis for Qualified
Opinion paragraph, the financial statements referred to above present fairly, in all material
respects, the financial position of ABC Company as of December 31, 20X1 and 20X0, and
the results of its operations and its cash flows for the years then ended in accordance with
accounting principles generally accepted in the United States of America.
Audit Engagement Developments
340
An Auditor’s Report- Adverse Opinion Due to a Material Misstatement of the Financial
Statements
Facts:
Audit of a complete set of general purpose financial statements (comparative).
The financial statements are prepared in accordance with accounting principles
generally accepted in the United States of America.
The auditor has no other reporting requirements to be included in the report.
The financial statements are materially misstated due to the unconsolidation of a
significant subsidiary. This material misstatement is considered to be pervasive to the
financial statements due to the size of the subsidiary.
The auditor’s report contains an adverse opinion. The effects of the misstatement have
not been determined because it was not practicable to do so.
Basis for Adverse Opinion
As described in Note X, the Company has not consolidated the financial statements of
subsidiary XYZ Company that it acquired during 20X1 because it has not yet been able to
determine the fair values of certain of the subsidiary’s material assets and liabilities at the
acquisition date. Therefore, this investment is stated at cost on the Company’s balance sheet.
Under accounting principles generally accepted in the United States of America, the
subsidiary should have been consolidated because it is controlled by the Company. Had
XYZ Company been consolidated, many elements in the accompanying financial statements
would have been materially affected. The effects on the financial statements of the failure to
consolidate have not been determined.
Adverse Opinion
In our opinion, because of the significance of the matter discussed in the Basis for Adverse
Opinion paragraph, the financial statements referred to above do not present fairly the
financial position of ABC Company as of December 31, 20X1, and the results of its
operations and its cash flows for the year then ended.
An Auditor’s Report- Disclaimer of Opinion Due to the Auditor’s Inability to Obtain
Sufficient Appropriate Audit Evidence About a Multiple Elements of the Financial
Statements
Facts:
Audit of a complete set of general purpose financial statements (comparative).
The financial statements are prepared in accordance with accounting principles
generally accepted in the United States of America.
The auditor has no other reporting requirements to be included in the report.
Audit Engagement Developments
341
The auditor was unable to obtain sufficient appropriate audit evidence about multiple
elements of the financial statements, such as the entity’s inventories and accounts
receivable. The possible effects of the auditor’s inability to obtain sufficient evidence
are considered to be both material and pervasive to the financial statements
The auditor’s report contains a disclaimer of opinion.
Basis of Disclaimer of Opinion
We were not engaged as auditors of the Company until after December 31, 20X1, and,
therefore, did not observe the counting of physical inventories at the beginning or end of the
year. We were unable to satisfy ourselves by other auditing procedures concerning the
inventory held at December 31, 20X1, which is stated in the balance sheet at $1,000,000. In
addition, the introduction of a new computerized accounts receivable system in September
20X1 resulted in numerous misstatements in accounts receivable. As of the date of our audit
report, management was still in the process of rectifying the system deficiencies and
correcting the misstatements. We were unable to confirm or verify by alternative means
accounts receivable included in the balance sheet at a total amount of $2,500,000 at
December 31, 20X1. As a result of these matters, we were unable to determine whether any
adjustments might have been found necessary in respect of recorded or unrecorded
inventories and accounts receivable, and the elements making up the statements of income,
changes in stockholders’ equity, and cash flows.
Disclaimer of Opinion
Because of the significance of the matters described in the Basis for Disclaimer of Opinion
paragraph, we have not been able to obtain sufficient appropriate audit evidence to provide a
basis for an audit opinion. Accordingly, we do not express an opinion on these financial
statements.
Audit Engagement Developments
342
REVIEW QUESTIONS
Under the NASBA-AICPA self-study standards, self-study sponsors are required to present
review questions intermittently throughout each self - study course. Additionally, feedback
must be given to the course participant in the form of answers to the review questions and the
reason why answers are correct or incorrect.
To obtain the maximum benefit from this course, we recommend that you complete each of the
following questions, and then compare your answers with the solutions that immediately
follow. These questions and related suggested solutions are not part of the final examination
and will not be graded by the sponsor.
1. Which of the following is a heading that should be in the auditor’s report?
a. Auditor’s Responsibility for the Financial Statements
b. Management’s Responsibility for the Financial Statements
c. See Accountant’s Audit Report
d. Responsibility for the Report
2. In the auditor’s report, if there are no other legal or regulatory reporting requirements:
a. There should be a separate report paragraph stating so
b. Both the “Report on the Financial Statements,” and “Report on Other Legal and
Regulatory Requirements” headings are eliminated from the auditor’s report
c. All report headings are eliminated
d. A separate additional report heading entitled “Elimination of Other Legal or Regulatory
Reporting Requirements” is included in the report
3. Which of the following is an example of appropriate heading for a Basis for Modification
paragraph?
a. “Opinion”
b. “Basis for Auditor’s Report”
c. “Basis for Qualified Opinion”
d. “Basis for Opinion”
4. Assume financial statements are materially misstated but the effect on the financial
statements is not pervasive. The auditor should most likely issue what type of audit
opinion:
a. Unmodified opinion
b. Qualified opinion
c. Adverse opinion
d. Disclaimer of opinion
Audit Engagement Developments
343
SUGGESTED SOLUTIONS
1. Which of the following is a heading that should be in the auditor’s report?
c. Incorrect. One of the headings is not “Auditor’s Responsibility for the Financial
Statements.”
b. Correct. The management’s responsibility paragraph should have a heading
entitled “Management’s Responsibility for the Financial Statements.”
c. Incorrect. There is no heading in the audit report entitled “See Accountant’s Audit
Report.”
d. Incorrect. There is no heading in the audit report entitled “Responsibility for the
Report.”
2. In the auditor’s report, if there are no other legal or regulatory reporting requirements:
a. Incorrect. There is no requirement to include a separate report paragraph.
b. Correct. If there is no other legal or regulatory reporting requirements, the two
headings: “Report on the Financial Statements,” and “Report on Other Legal and
Regulatory Requirements” are eliminated from the auditor’s report.
c. Incorrect. Only two headings are eliminated.
d. Incorrect. Headings are eliminated. No separate additional report heading entitled
“Elimination of Other Legal or Regulatory Reporting Requirements” is included in the
report.
3. Which of the following is an example of appropriate heading for a Basis for Modification
paragraph?
a. Incorrect. “Opinion” is not an appropriate heading for the Basis for Modification
paragraph.
b. Incorrect. “Basis for Auditor’s Report” is not a heading for the Basis for Modification
paragraph.
c. Correct. “Basis for Qualified Opinion” is an appropriate heading if there is a
qualified report, which is a modification.
d. Incorrect. “Basis for Opinion” is not an appropriate heading for the Basis for
Modification paragraph.
4. Assume financial statements are materially misstated but the effect on the financial
statements is not pervasive. The auditor should most likely issue what type of audit
opinion:
a. Incorrect. Because there is a material misstatement, an unmodified opinion is not
appropriate.
b. Correct. When there is a material misstatement and the effect is not pervasive, a
qualified opinion is appropriate.
c. Incorrect. An adverse opinion would be appropriate if the effect is pervasive, which it
is not in this case.
d. Incorrect. There is no scope limitation. Thus, a disclaimer of opinion is not appropriate.
Audit Engagement Developments
344
AU-C 706: Emphasis-of-Matter Paragraphs and Other-Matter Paragraphs
in the Independent Auditor’s Report
Supersedes: portions of SAS No. 58, Reports on Audited Financial Statements
Key changes in the SAS:
1. The new SAS introduces the terms emphasis-of-matter and other-matter paragraphs.
Emphasis-of-matter paragraph. A paragraph included in the auditor’s report that
refers to a matter appropriately presented or disclosed in the financial statements to
draw users’ attention to a particular matter.
Other-matter paragraph. A paragraph included in the auditor’s report that refers to a
matter other than those presented or disclosed in the financial statements.
2. The new SAS requires an emphasis-of-matter or other-matter paragraph to always follow
the opinion paragraph and be included in a separate section of the auditor’s report under
the section heading “Emphasis of Matter” or “Other Matter.”
3. The concept of an “explanatory paragraph” is no longer included in GAAS and is
replaced with either the emphasis-of-matter or other-matter paragraphs.
Scope of AU-C 706:
1. AU-C 706: Emphasis-of-Matter Paragraphs and Other-Matter Paragraphs in the
Independent Auditor’s Report, addresses additional communications in the auditor’s report
when the auditor considers it necessary to draw users’ attention to:
a. a matter or matters presented or disclosed in the financial statements that are of such
importance that they are fundamental to users’ understanding of the financial statements
(emphasis-of-matter paragraph), or
b. any matter or matters other than those presented or disclosed in the financial statements
that are relevant to users’ understanding of the audit, the auditor’s responsibilities, or
the auditor’s report (other-matter paragraph).
Definitions
Audit Engagement Developments
345
1. For purposes of generally accepted auditing standards (GAAS), the following terms have
the meanings attributed as follows:
Emphasis-of-matter paragraph: A paragraph included in the auditor’s report that is
required by GAAS, or is included at the auditor’s discretion, and that refers to a matter
appropriately presented or disclosed in the financial statements that, in the auditor’s
judgment, is of such importance that it is fundamental to users’ understanding of the
financial statements.
Other-matter paragraph: A paragraph included in the auditor’s report that is required
by GAAS, or is included at the auditor’s discretion, and that refers to a matter other
than those presented or disclosed in the financial statements that, in the auditor’s
judgment, is relevant to users’ understanding of the audit, the auditor’s responsibilities,
or the auditor’s report.
Requirements
Emphasis-of-Matter Paragraph in the Auditor’s Report
1. If the auditor considers it necessary to draw users’ attention to a matter appropriately
presented or disclosed in the financial statements that is of such importance that it is
fundamental to users’ understanding of the financial statements, the auditor should include
an emphasis-of-matter paragraph in the auditor’s report: In order to include an emphasis-
of matter paragraph:
a. The auditor must obtained sufficient appropriate audit evidence that the matter is not
materially misstated in the financial statements, and
b. The emphasis-of-matter paragraph should refer only to information presented or
disclosed in the financial statements.
2. Circumstances in which an auditor must emphasize a matter in the audit report:
a. There are certain auditing standards that require an auditor to include an emphasis-of-
matter paragraph in the auditor’s report in certain circumstances. That list includes:
Subsequent Events and Subsequently Discovered Facts (AU-C 570, paragraph .16c)
Going Concern (Proposed AU-C 570)
Special Considerations—Audits of Financial Statements Prepared in Accordance
With Special Purpose Frameworks (AU-C- 800, paragraphs .19 and .21)
Consistency of Financial Statements (AU-C 708, paragraphs 8-9 and .11-.13)
3. Circumstances in which an emphasis-of-matter paragraph may be necessary:
Audit Engagement Developments
346
a. In addition to the use of an emphasis-of-matter paragraph required by other SASs, the
following are examples of circumstances when the auditor may consider it necessary to
include an emphasis-of-matter paragraph:
An uncertainty relating to the future outcome of unusually important litigation or
regulatory action
A major catastrophe that has had, or continues to have, a significant effect on the
entity’s financial position
Significant transactions with related parties, and
Unusually important subsequent events
4. Including an emphasis-of-matter paragraph in the auditor’s report:
a. An emphasis-of-matter paragraph should refer only to matters appropriately presented
or disclosed in the financial statements.
1) To include information in an emphasis-of-matter paragraph about a matter beyond
what is presented or disclosed in the financial statements may raise questions about
the appropriateness of such presentation or disclosure.
b. The inclusion of an emphasis-of-matter paragraph in the auditor’s report does not affect
the auditor’s opinion. An emphasis-of-matter paragraph is not a substitute for either:
1) the auditor expressing a qualified opinion or an adverse opinion, or disclaiming an
opinion, when required by the circumstances of a specific audit engagement (see
AU-C 705, Modifications to the Opinion in the Independent Auditor’s Report), or
2) disclosures in the financial statements that the applicable financial reporting
framework requires management to make.
Other-Matter Paragraph in the Auditor’s Report
1. If the auditor considers it necessary to communicate a matter other than those that are
presented or disclosed in the financial statements that, in the auditor’s judgment, is relevant
to users’ understanding of the audit, the auditor’s responsibilities, or the auditor’s report,
the auditor should:
a. do so in a paragraph in the auditor’s report with the heading “Other Matter” or other
appropriate heading, and
b. include this paragraph immediately after the opinion paragraph and any emphasis-of-
matter paragraph or elsewhere in the auditor’s report if the content of the other-matter
paragraph is relevant to the “Other Reporting Responsibilities” section.
2. An “other matter” paragraph is used in situations in which:
Audit Engagement Developments
347
a. It is necessary to communicate a matter that is not presented or disclosed in the
financial statements (e.g., not in the notes), and
b. Is relevant to the users’ understanding of the:
audit
auditor’s responsibilities, or
auditor’s report.
Note: An other-matter paragraph does not address circumstances when the auditor has
other reporting responsibilities that are in addition to the auditor’s responsibility under
GAAS to report on the financial statements, or when the auditor has been asked to perform
and report on additional specified procedures or to express an opinion on specific matters.
3. Exhibit C of AU-C 706 provides a list of other auditing standards that require use of an
other-matter paragraph in the auditor’s report in certain circumstances:
AU-C 560, Subsequent Events and Subsequently Discovered Facts
AU-C 700, Forming an Opinion and Reporting on Financial Statements
AU-C 720, Other Information in Documents Containing Audited Financial
Statements
AU-C 725, Supplementary Information in Relation to the Financial Statements as a
Whole
AU-C 730, Required Supplementary Information
AU-C 800, Special Considerations- Audits of Financial Statements Prepared in
Accordance With Special Purpose Frameworks
AU-C 806, Reporting on Compliance With Aspects of Contractual Agreements or
Regulatory Requirements in Connection With Audited Financial Statements
AU-C 905, Restricting the Use of an Auditor’s Report
4. If there are both emphasis-of-matter and other-matter paragraphs, those paragraphs should
be presented in the auditor’s report in the following order:
FIRST: Opinion paragraph
SECOND: Emphasis-of-matter paragraph
THIRD: Other-matter paragraph
Communication With Those Charged With Governance
1. If the auditor expects to include an emphasis-of-matter or other-matter paragraph in the
auditor’s report, the auditor should communicate with those charged with governance
regarding the expectation and the proposed wording of this paragraph.
Audit Engagement Developments
348
Examples of Auditor’s Reports With Emphasis-of-Matter or Other-Matter Paragraphs:
Example 1: An Auditor’s Report With an Emphasis-of-Matter Paragraph Because
There Is Uncertainty Relating to a Pending Unusually Important Litigation Matter
Facts:
Audit of a complete set of general purpose financial statements (single year) prepared in
accordance with accounting principles generally accepted in the United States of
America.
There is uncertainty relating to a pending unusually important litigation matter.
The auditor’s report includes an emphasis-of-matter paragraph.
INDEPENDENT AUDITOR’S REPORT
[Appropriate Addressee]
We have audited the accompanying financial statements of ABC Company, which comprise the balance sheet as of
December 31, 20X1, and the related statements of income, changes in stockholders’ equity and cash flows for the year then
ended, and the related notes to the financial statements.
Management’s Responsibility for the Financial Statements
Management is responsible for the preparation and fair presentation of these financial statements in accordance with
accounting principles generally accepted in the United States of America; this includes the design, implementation, and
maintenance of internal control relevant to the preparation and fair presentation of financial statements that are free from
material misstatement, whether due to fraud or error.
Auditor’s Responsibility
Our responsibility is to express an opinion on these financial statements based on our audit. We conducted our audit in
accordance with auditing standards generally accepted in the United States of America. Those standards require that we
plan and perform the audit to obtain reasonable assurance about whether the financial statements are free from material
misstatement.
An audit involves performing procedures to obtain audit evidence about the amounts and disclosures in the financial
statements. The procedures selected depend on the auditor’s judgment, including the assessment of the risks of material
misstatement of the financial statements, whether due to fraud or error. In making those risk assessments, the auditor
considers internal control relevant to the entity’s preparation and fair presentation of the financial statements in order to
design audit procedures that are appropriate in the circumstances, but not for the purpose of expressing an opinion on the
effectiveness of the entity’s internal control.71
Accordingly, we express no such opinion. An audit also includes evaluating
the appropriateness of accounting policies used and the reasonableness of significant accounting estimates made by
71
In circumstances when the auditor also has responsibility to express an opinion on the effectiveness of internal control in
conjunction with the audit of the financial statements, this sentence would be worded as follows: “In making those risk
assessments, the auditor considers internal control relevant to the entity’s preparation and fair presentation of the financial
statements in order to design audit procedures that are appropriate in the circumstances.” In addition, the next sentence,
“Accordingly, we express no such opinion,” would not be included.
Audit Engagement Developments
349
management, as well as evaluating the overall presentation of the financial statements.
We believe that the audit evidence that we have obtained is sufficient and appropriate to provide a basis for our audit
opinion.
Opinion
In our opinion, the financial statements referred to above present fairly, in all material respects the financial position of
ABC Company as of December 31, 20X1, and the results of its operations and its cash flows for the year then ended in
accordance with accounting principles generally accepted in the United States of America.
Emphasis of Matter
As discussed in Note X to the financial statements, the Company is a defendant in a lawsuit [briefly describe the
nature of the litigation consistent with the Company's description in the note to the financial statements]. Our
opinion is not modified with respect to this matter.
[Auditor’s signature]
[Auditor’s city and state]
[Date of the auditor’s report]
Example 2: An Auditor’s Report With an Other-Matter Paragraph That May Be
Appropriate When an Auditor Issues an Updated Report on the Financial Statements of
a Prior Period That Contains an Opinion Different From the Opinion Previously
Expressed
Facts:
Audit of a complete set of general purpose financial statements (comparative) prepared
in accordance with accounting principles generally accepted in the United States of
America.
The auditor’s report on the prior period financial statements expressed an adverse
opinion due to identified departures from accounting principles generally accepted in
the United States of America that resulted in the financial statements being materially
misstated. The entity has elected to change its method of accounting for the matters that
gave rise to the adverse opinion in the prior period, and have restated the prior period
financial statements. Therefore, the auditor issued an adverse opinion.
The auditor’s report includes an other-matter paragraph indicating that the updated
report on the financial statements of the prior period contains an opinion different from
the opinion previously expressed, as required by AU-C 700, Forming an Opinion and
Reporting on Financial Statements.
Although the entity changed its method of accounting for the matters that gave rise to
the adverse opinion in the prior period, the principal objective of the communication in
the other-matter paragraph is to draw users’ attention to the change in the auditor’s
opinion on the prior period financial statements. The other-matter paragraph also refers
to the change in accounting principle and the related disclosure in the financial
statements. Therefore, the other-matter paragraph also meets the objective of
Audit Engagement Developments
350
communicating the change in accounting principle as required by AU-C 708,
Consistency of Financial Statements, and a separate emphasis-of-matter paragraph is
not considered necessary.
INDEPENDENT AUDITOR’S REPORT
[Appropriate Addressee]
We have audited the accompanying financial statements of ABC Company, which comprise the balance sheets as of
December 31, 20X1 and 20X0, and the related statements of income, changes in stockholders’ equity and cash flows for the
years then ended, and the related notes to the financial statements.
Management’s Responsibility for the Financial Statements
Management is responsible for the preparation and fair presentation of these financial statements in accordance with
accounting principles generally accepted in the United States of America; this includes the design, implementation, and
maintenance of internal control relevant to the preparation and fair presentation of financial statements that are free from
material misstatement, whether due to fraud or error.
Auditor’s Responsibility
Our responsibility is to express an opinion on these financial statements based on our audits. We conducted our audits in
accordance with auditing standards generally accepted in the United States of America. Those standards require that we
plan and perform the audit to obtain reasonable assurance about whether the financial statements are free from material
misstatement.
An audit involves performing procedures to obtain audit evidence about the amounts and disclosures in the financial
statements. The procedures selected depend on the auditor’s judgment, including the assessment of the risks of material
misstatement of the financial statements, whether due to fraud or error. In making those risk assessments, the auditor
considers internal control relevant to the entity’s preparation and fair presentation of the financial statements in order to
design audit procedures that are appropriate in the circumstances, but not for the purpose of expressing an opinion on the
effectiveness of the entity’s internal control. Accordingly, we express no such opinion. An audit also includes evaluating
the appropriateness of accounting policies used and the reasonableness of significant accounting estimates made by
management, as well as evaluating the overall presentation of the financial statements.
We believe that the audit evidence that we have obtained is sufficient and appropriate to provide a basis for our audit
opinion.
Opinion
In our opinion, the financial statements referred to above present fairly, in all material respects, the financial position of
ABC Company as of December 31, 20X1 and 20X0, and the results of its operations and its cash flows for the years then
ended in accordance with accounting principles generally accepted in the United States of America.
Other Matter
In our report dated March 1, 20X1, we expressed an opinion that the 20X0 financial statements did not fairly
present the financial position, results of operations, and cash flows of ABC Company in accordance with accounting
principles generally accepted in the United States of America because of two departures from such principles: (1)
ABC Company carried its property, plant, and equipment at appraisal values, and provided for depreciation on the
basis of such values, and (2) ABC Company did not provide for deferred income taxes with respect to differences
between income for financial reporting purposes and taxable income. As described in Note X, the Company has
changed its method of accounting for these items and restated its 20X0 financial statements to conform with
accounting principles generally accepted in the United States of America. Accordingly, our present opinion on the
restated 20X0 financial statements, as presented herein, is different from that expressed in our previous report.
Audit Engagement Developments
351
[Auditor’s signature]
[Auditor’s city and state]
[Date of the auditor’s report]
Observation: Notice in the Example 2 report that the Other Matter paragraph does not
reference a footnote such as “As disclosed in Note X.” The reason is because the matter
addressed in the Other-Matter paragraph is not addressed elsewhere in the financial statements
or notes.
Audit Engagement Developments
352
REVIEW QUESTIONS
Under the NASBA-AICPA self-study standards, self-study sponsors are required to present
review questions intermittently throughout each self - study course. Additionally, feedback
must be given to the course participant in the form of answers to the review questions and the
reason why answers are correct or incorrect.
To obtain the maximum benefit from this course, we recommend that you complete each of the
following questions, and then compare your answers with the solutions that immediately
follow. These questions and related suggested solutions are not part of the final examination
and will not be graded by the sponsor.
1. Which kind of paragraph refers to a matter appropriately presented or disclosed in the
financial statements that is of such importance that it is fundamental to users’
understanding of the financial statements:
a. Emphasis-of-matter paragraph
b. Unmodified opinion paragraph
c. Qualified opinion paragraph
d. Adverse-opinion paragraph
2. A key element of an other matter paragraph is that:
a. It involves a communication of a matter that is presented in the financial statements but
not the notes.
b. It involves a communication of a matter that is not presented in the financial statements
but is presented in the notes
c. It involves a communication of a matter that is presented or disclosed in the financial
statements or the notes
d. It involves a communication of a matter that is not presented or disclosed in the
financial statements or the notes
3. If the auditor expects to include an emphasis-of-matter or other-matter paragraph in the
auditor’s report, which of the following should the auditor do:
a. Send a letter to management notifying them of the wording of the paragraph
b. Communicate with those charged with governance
c. Nothing is specifically required in the auditing standard
d. Make an oral communication to management giving them an opportunity to challenge
the wording in the paragraph
Audit Engagement Developments
353
SUGGESTED SOLUTIONS
1. Which kind of paragraph refers to a matter appropriately presented or disclosed in the
financial statements that is of such importance that it is fundamental to users’
understanding of the financial statements:
a. Correct. An emphasis-of-matter paragraph refers to a matter that is disclosed in
the financial statements and is of such importance that it is fundamental to users’
understanding of the financial statements.
b. Incorrect. An unmodified opinion paragraph does not deal with a matter that is
presented or disclosed in the financial statements.
c. A qualified opinion paragraph has nothing to do with referring to a matter that is
importance to fundamental users’ understanding of the financial statements.
d. An adverse opinion paragraph does not refer to a matter that is importance to
fundamental users’ understanding of the financial statements.
2. A key element of an other matter paragraph is that:
a. Incorrect. An other matter paragraph does not involve a communication of a matter that
is presented in the financial statements but not the notes.
b. Incorrect. An other matter paragraph does not involve a communication of a matter that
is not presented in the financial statements but is presented in the notes.
c. Incorrect. An other matter paragraph does not involve a communication of a matter that
is presented or disclosed in the financial statements or the notes.
d. Correct. An other matter paragraph involves a communication of a matter that is
not presented or disclosed in the financial statements or the notes.
3. If the auditor expects to include an emphasis-of-matter or other-matter paragraph in the
auditor’s report, which of the following should the auditor do:
a. Incorrect. There is no requirement for the auditor to communicate with management
notifying them of the wording of the paragraph
b. Correct. The auditor should communicate with those charged with governance
regarding the expectation and the proposed wording of the paragraph.
c. Incorrect. There is a required communication to those charged with governance,
making the answer incorrect.
d. Incorrect. No communication is required to be made to management, making the
answer incorrect.
Audit Engagement Developments
354
AU-C 600: Special Considerations- Audits of Group Financial Statements
(Including the Work of Component Auditors)
Supersedes: SAS No. 1, Part of Audit Performed by Other Independent Auditors (AU section
543)
Key changes in the SAS:
1. The new SAS expands the scope of existing GAAS found in AU 543 of SAS No. 1, with a focus on
how a group auditor must conduct an effective audit of group financial statements.
2. The new SAS:
a. Introduces the concepts of “group auditor” and “component auditor.”
b. Requires the group auditor to have greater involvement in the audit work of a component
auditor including indentifying significant components, and defining materiality at both the
group and component level.
c. Expands the communication required between the group and component auditors.
d. Deals with the reporting options for a group auditor.
Introduction:
1. AU-C 600: Special Considerations- Audits of Group Financial Statements (Including the
Work of Component Auditors), deals with a group auditor reporting on group financial
statements, and replaces the previous guidance found in AU 543, Part of Audit Performed
by Other Independent Auditors.
2. In the group auditor report, the group auditor has the choice of referring to the work of the
component auditor or not referring to the work of the component auditor.
a. In situations when the group engagement partner does not make reference to a
component auditor’s work in the auditor’s report on the group financial statements, all
of the performance requirements for the group auditor, found in AU-C 600, apply.
That is, if the group report does not reference the work of the component auditor, the
group auditor is responsible for that component.
Audit Engagement Developments
355
b. In situations when the group engagement partner decides to make reference to a
component auditor in the audit report on the group financial statements, certain of the
requirements of AU-C 600 would not apply because the group auditor would not be
taking responsibility for the component that was audited by the component auditor.
Note: While AU-C 600 is based on ISA 600, ISA 600 does not permit reference to a
component auditor in the auditor’s report on the group financial statements.
Definitions found in AU-C 600:
AU-C 600 includes several new terms as well as certain revised terms from AU 543.
Component: An entity or business activity for which group or component management
prepares financial information that should be included in the group financial statements.
Group Financial Statements: Financial statements that include the financial information
of more than one component.
Group Engagement Partner: The partner or other person in the firm who is responsible
for the group audit engagement and its performance and for the auditor’s report on the
group financial statements that is issued on behalf of the firm.
Group: All of the components whose financial information is included in the group
financial statements. A group always has more than one component.
Group Audit: The audit of group financial statements.
Group Engagement Team: Partners, including the group engagement partner, and staff
who establish the overall group audit strategy, communicate with component auditors,
perform work on the consolidation process, and evaluate the conclusions drawn from the
audit evidence as the basis for forming an opinion on the group financial statements.
Group-Wide Controls: Controls designed, implemented, and maintained by group
management over group financial reporting.
Component Management: Management responsible for preparing the financial infor-
mation of a component.
Component Materiality: The materiality for a component determined by the group
engagement team for the purposes of the group audit.
Component Auditor: An auditor who performs work on the financial information of a
component that will be used as audit evidence for the group audit. A component auditor
may be part of the group engagement partner’s firm, a network firm of the group
engagement partner’s firm, or another firm.
Audit Engagement Developments
356
Note: An auditor is only a component auditor when a group auditor decides to either a) use
the work of the component auditor, or b) make reference to the component auditor’s work
in the group auditor’s report.
Significant Component: A component identified by the group engagement team (i) that is
of individual financial significance to the group, or (ii) that, due to its specific nature or
circumstances, is likely to include significant risks of material misstatement of the group
financial statements.
Requirements of AU-C 600:
1. The AU-C establishes the responsibilities for a group auditor when it is relying on the
auditor a component, which is referred to as the component auditor.
2. The AU-C identifies the responsibilities for the:
Group engagement partner, and
Group engagement team
3. The group engagement partner is the individual responsible for:
a. the direction, supervision, and performance of the group audit engagement in comp-
liance with professional standards and regulatory and legal requirements
b. determining whether the auditor’s report that is issued is appropriate in the
circumstances, and
c. reviewing and approving the overall group audit strategy and group audit plan.
4. The group engagement team is responsible for:
a. obtaining an understanding of the group, its components, and their environments that is
sufficient to identify components that are likely to be significant components
b. identifying significant components
c. establishing an overall group audit strategy and developing a group audit plan
d. identifying and assessing the risks of material misstatements through obtaining an
understanding of the entity and its environment
e. obtaining an understanding that is sufficient to:
Audit Engagement Developments
357
Confirm or revise its initial identification of components that are likely to be a
significant components, and
Assess the risks of material misstatement of the group financial statements whether
due to fraud or error.
f. obtaining an understanding of the component auditor.
Determining Whether to Reference the Component Auditor in the Group Auditor’s
Report
1. Once the group engagement team has gained its understanding of each component auditor,
the group engagement partner should determine whether to:
a. Not reference to the component auditor in the group auditor’s report: Group auditor
assumes responsibility for the work of component auditors which requires the group
auditor to be involved in the work of component auditors, insofar as that work relates to
the expression of an opinion on the group financial statements, or
b. Make reference to the component auditor in the group auditor’s report: Group auditor
does not assume responsibility for the component, which requires the group auditor to
make reference to the audit of a component auditor in the auditor’s report on the group
financial statements.
2. The decision to reference the work of the component auditor in the group auditor’s report is
made individually for each component auditor, regardless of the decision to reference any
other component auditors.
Procedures Performed by the Group Auditor on the Component Auditor- All Situations
1. Regardless of whether the group auditor makes reference to the work of the component
auditor in the group auditor report, at a minimum, the group engagement team is required
to:
a. Gain an understanding of the component auditor, and
b. Communicate with and evaluate the component auditor.
Thus, in a situation in which there is a group engagement and a component is audited by a
component auditor, the group auditor must gain an understanding of the component auditor,
and communicate with and evaluate the component auditor. Then, the group auditor can
decide if he or she is going to reference the component auditor in the group audit report.
Gain Understanding a Component Auditor
Audit Engagement Developments
358
1. Regardless of whether the group auditor makes reference to the work of the component
auditor in the group auditor report, the group engagement team is required to gain an
understanding of the component auditor in terms of:
a. Whether a component auditor understands, and will comply with the ethical
requirements that are relevant to the group audit
b. Whether the component auditor is independent
c. The component auditor’s professional competence
d. The extent to which the group engagement team will be able to be involved in the work
of the component auditor
e. Whether the group engagement team will be able to obtain information affecting the
consolidation process from a component auditor, and
f. Whether a component auditor operates in a regulatory environment that actively
oversees auditors (e.g., peer review).
Communication With and Evaluate the Component Auditor
1. AU-C 600 requires that there be communications to and from the group auditor and
component auditor regardless of whether the component auditor will be referenced in the
group auditor’s report.
2. The group engagement team is required to communicate specific items to the component
auditor on a timely basis.
3. The group engagement team should request that a component auditor communicate to the
group matters relevant to the group’s conclusion with regard to the group audit which
should include:
a. Whether the component auditor has complied with ethical requirements, including
independence and professional competence, relevant to the group audit
b. Identification of the financial information of the component on which the component
auditor is reporting, and
c. The component auditor’s overall financings, conclusions, or opinion.
4. The group engagement team is required to evaluate a component auditor’s
communication and to discuss significant findings and issues arising from that evaluation
with the component auditor, component management, or group management, as
appropriate.
Audit Engagement Developments
359
Making Reference to the Component Auditor in the Group Auditor’s Report
1. If the group auditor decides to reference to component auditor in its group auditor report,
the group auditor no longer assumes responsibility for that component.
2. By referencing the component auditor’s work in the group audit report, the group auditor’s
procedures are limited because the group auditor is not taking responsibility for that
component.
Therefore, the group engagement team’s work is limited to obtaining sufficient appropriate
audit evidence by performing the following procedures:
a. Procedures performed on all component auditors:
Gain an understanding of the component auditor, and
Communicate with and evaluate the component auditor
b. Reading the component’s financial statements and the component auditor’s report to
identify significant findings and issues and, when considered necessary, communicating
with the component auditor in this regard.
3. The group auditor should not reference the audit of the component auditor in its audit report
unless:
a. The component’s financial statements are prepared using the same financial reporting
framework as the group financial statements
b. The component auditor has performed an audit on the financial statements of the
component in accordance with GAAS or PCAOB (for public companies), and
c. The component auditor has issued an auditor’s report that is not restricted as to use.
4. When the group engagement partner decides to make reference to the audit of a component
auditor in the group auditor’s report, the report on the group financial statements should:
a. Clearly indicate that the component was not audited by the group auditor but was
audited by the component auditor, and
b. Include the magnitude of the portion of the financial statements audited by the
component auditor.
5. The group auditor may name the component auditor in the group auditor’s report provided:
a. The component auditor’s express permission is obtained, and
Audit Engagement Developments
360
b. The component auditor’s report is presented together with that of the group auditor’s
report.
6. If the component auditor’s report opinion is modified and includes an emphasis-of-matter
or other-matter paragraph, the group auditor should determine the effect that this
modification may have on the group auditor’s report.
a. When deemed appropriate, the group auditor should modify the opinion on the group
financial statements or include an emphasis-of-matter or other-matter paragraph in the
group auditor’s report.
Not Making Reference in the Auditor’s Report
1. If the group engagement partner decides to assume responsibility for the component, no
reference should be made to the component auditor in the group auditor’s report.
2. In not referencing the component auditor in the group auditor’s report, the group
engagement team is required to perform certain additional procedures on the component
and the component auditor’s work, as follows:
Define materiality of the component, and
Get involved in the work of the component auditor including identifying significant
components and identifying risk of the component
Defining Materiality
1. The group engagement team should determine the following:
a. Materiality, including performance materiality, for the group financial statements as a
whole when establishing the overall group audit strategy
b. Whether particular classes of transactions, account balances, or disclosures in the group
financial statements exist for which misstatement of lesser amounts than materiality for
the group financial statements as a whole could reasonably be expected to influence the
economic decisions of users taken on the basis of the group financial statements
c. Component materiality for those components on which the group engagement team will
perform, or request a component auditor to perform, an audit or review
Component materiality is required to be lower than group materiality in order to
reduce the risk that the aggregate of detected and undetected misstatements in the
group financial statements exceeds the materiality for the group financial statements
as a whole.
Audit Engagement Developments
361
Component performance materiality should be lower than group performance
materiality.
Getting Involved in the Work of the Component Auditor and Significant Components
1. AU-C 600 provides that when a component auditor performs an audit of a significant
component for which the group auditor is assuming responsibility for that component
(e.g., the component auditor is not referenced in the group auditor’s report), the group
engagement team should be involved in the risk assessment of the component to identify
significant risks of material misstatements of the group financial statements. In making that
assessment, the group engagement team should do the following:
a. Discuss with the component auditor or component management the component’s
business activities of significance to the group
b. Discuss with the component auditor the susceptibility of the component to material
misstatement due to fraud or error
c. Review the component auditor’s documentation of identified significant risks of
material misstatement of the group financial statements
d. If significant risks of material misstatement have been identified in a component,
evaluate the appropriateness of further audit procedures to be performed to respond to
the identified significant risks of material misstatement.
2. AU-C 600 introduces a new concept of a significant component, which is defined as a
component identified by the group engagement team that is either:
a. of individual financial significance to the group, or
b. due to its specific nature or circumstances, is likely to include significant risks of
material misstatement of the group financial statements.
LARGE OR RISKY COMPONENT = SIGNIFICANT COMPONENT
3. The group engagement team should identify significant components so that the work effort
should be directed toward such components.
4. In performing audit work on significant components, AU-C 600 provides the following
requirements for the group engagement team:
a. For a component that is individually financially significant to the group:
Audit the component’s financial information using the component materiality.
Audit Engagement Developments
362
b. For a component considered significant because it is likely to include significant risks of
material misstatements of the group financial statements, an audit of the component is
performed in one or more of the following ways:
Audit the component financial information using component materiality
Audit one or more account balances, classes of transactions, or disclosures where the
risk resides, or
Perform specific audit procedures related to the likely significant risks of material
misstatement of the group financial statements.
5. For components that are not significant, the group engagement team should perform
analytical procedures at the group level.
Dealing with the Consolidation Process
1. The AU-C also provides guidance on how the group engagement team should deal with the
consolidation process, communicate with the group management and those charged with
governance, a specific documentation requirements.
Audit Engagement Developments
363
AU-C 800: Special Considerations- Audits of Financial Statements
Prepared in Accordance With Special Purpose Frameworks
Supersedes: certain portions of AU 544 of SAS No. 62, Special Reports.
Key changes in the SAS:
1. The term OCBOA is replaced with the term special purpose framework, which no longer includes a
definite set of criteria having substantial support that is applied to all material items appearing in
financial statements.
a. Special purpose frameworks are limited to cash, tax, regulatory, or contractual bases of
accounting.
2. The new SAS requires:
a. The auditor to obtain an understanding of:
the purpose for which the financial statements are prepared
the intended users, and
the steps taken by management to determine that the special purpose framework is
acceptable in the circumstances.
b. The auditor to obtain the agreement of management that it acknowledges and understands its
responsibility to include all informative disclosures that are appropriate for the special purpose
framework used to prepare the financial statements.
c. In the case of special purpose financial statements prepared in accordance with a contractual
basis of accounting, the auditor to obtain an understanding of any significant interpretations of
the contract that management made in the preparation of those financial statements and to
evaluate whether the financial statements adequately describe such interpretations.
d. When management has a choice of financial reporting frameworks in the preparation of the
financial statements, the explanation of management’s responsibility for the financial
statements in the auditor’s report to make reference to management’s responsibility for
determining that the applicable financial reporting framework is acceptable in the
circumstances.
e. In the case of financial statements prepared in accordance with a regulatory or contractual basis
of accounting, the auditor’s report to describe the purpose for which the financial statements
are prepared or refer to a note in the special purpose financial statements that contains that
information.
Audit Engagement Developments
364
f. The auditor’s report to include an emphasis-of-matter paragraph under an appropriate heading
that, among other things, states that the special purpose framework is a basis of accounting
other than GAAP. As previously indicated, the term OCBOA is no longer used in GAAS.
g. The auditor’s report to include specific elements if the auditor is required by law or regulation
to use a specific layout, form, or wording of the auditor’s report.
Definitions
1. For purposes of AU-C 800, the following terms have the meanings attributed as follows:
Special purpose financial statements: Financial statements prepared in accordance with a
special purpose framework.
Special purpose framework: A financial reporting framework other than GAAP that is
one of the following bases of accounting:
Cash basis: A basis of accounting that the entity uses to record cash receipts and
disbursements and modifications of the cash basis having substantial support (for
example, recording depreciation on fixed assets).
Tax basis: A basis of accounting that the entity uses to file its income tax return for the
period covered by the financial statements.
Regulatory basis: A basis of accounting that the entity uses to comply with the
requirements or financial reporting provisions of a regulatory agency to whose
jurisdiction the entity is subject (for example, a basis of accounting that insurance
companies use pursuant to the accounting practices prescribed or permitted by a state
insurance commission.)
Contractual basis: A basis of accounting that the entity uses to comply with an
agreement between the entity and one or more third parties other than the auditor.
Example: A borrower is required by its lender to prepare consolidated financial
statements presented on a contractual basis of accounting, which is not GAAP.
The cash, tax, and regulatory bases of accounting are commonly referred to as other
comprehensive bases of accounting, although the term OCBOA is no longer included in
GAAS.
Observation: Under the new SAS, the term OCBOA is replaced with the term special purpose
framework. Previously, the definition of other comprehensive basis of accounting (OBCOA)
Audit Engagement Developments
365
included any set of criteria that had substantial support. The new SAS does not include under
the definition of special purpose framework, any set of criteria having substantial support.
Further, the definition of income tax basis is changed slightly from the previous one found in
SAS No. 62. The SAS No. 62 definition was “a basis of accounting that the entity uses or
expects to use to file its income tax return for the period covered by the financial statements.”
The new definition removes the “expects to use” from the definition. As a practical matter,
eliminating the “expects to use” from the definition should have no significant effect on the
application of the SAS.
Lastly, the term “income tax basis of accounting” has been replaced with the term “tax basis of
accounting.”
Auditor Requirements:
1. The auditor is required to determine the acceptability of the financial reporting framework
applied in the preparation of the financial statements. In an audit of special purpose
financial statements, the auditor should obtain an understanding of:
a. the purpose for which the financial statements are prepared
b. the intended users, and
c. the steps taken by management to determine that the applicable financial reporting
framework is acceptable in the circumstances.
2. The SAS requires the auditor to establish whether the preconditions for an audit are present
including obtaining the agreement of management that it acknowledges and understands its
responsibility to include all informative disclosures that are appropriate for the special
purpose framework used to prepare the entity’s financial statements including:
a a description of the special purpose framework, including a summary of significant
accounting policies, and how the framework differs from GAAP, the effects of which
need not be quantified
b. informative disclosures similar to those required by GAAP, in the case of special
purpose financial statements that contain items that are the same as, or similar to, those
in financial statements prepared in accordance with GAAP
c. a description of any significant interpretations of the contract on which the special
purpose financial statements are based, in the case of special purpose financial
statements prepared in accordance with a contractual basis of accounting, and
d. additional disclosures beyond those specifically required by the framework that may be
necessary for the special purpose financial statements to achieve fair presentation.
3. The auditor is required to comply with all AU-C sections relevant to the audit.
Audit Engagement Developments
366
a. In planning and performing an audit of special purpose financial statements, the auditor
should adapt and apply all AU-C sections relevant to the audit as necessary in the
circumstances of the engagement.
b. In the case of special purpose financial statements prepared in accordance with a
contractual basis of accounting, the auditor should obtain an understanding of any
significant interpretations of the contract that management made in the preparation of
those financial statements. An interpretation is significant when adoption of another
reasonable interpretation would have produced a material difference in the information
presented in the financial statements.
Reporting
1. When reporting on special purpose financial statements, the auditor should apply the
requirements in AU-C 700, Forming an Opinion and Reporting on Financial Statements.
2. With respect to the auditor’s report on special purpose financial statements, the following
rules apply:
a. The explanation of management’ responsibility for the financial statements should also
reference to its responsibility for determining that the applicable financial reporting
framework is acceptable in the circumstances.
When management has no choice of financial reporting frameworks, no reference to
the responsibility for determining the applicable framework is required.
b. The auditor’s report should also describe the purpose for which the financial statements
are prepared, or refer to a note in the special purpose financial statements that contains
that information.
Note: The requirement to describe the purpose for which the financial statements are
prepared only applies to:
a contractual basis of accounting or
a regulatory basis of accounting (general or restricted use only)
3. In most cases, the auditor’s report on special purpose financial statements should have
either an emphasis-of-matter paragraph or other-matter (restricted use) paragraph.
4. Emphasis-of-Matter Paragraph
a. The auditor’s report on special purpose financial statements should include an
emphasis-of- matter paragraph, under an appropriate heading, that:
Audit Engagement Developments
367
indicates that the financial statements are prepared in accordance with the applicable
special purpose framework
refers to the note to the financial statements that describes that framework, and
states that the special purpose framework is a basis of accounting other than GAAP.
b. The exception is that an emphasis-of-matter paragraph is not required if special-purpose
financial statements are prepared on a regulatory basis for general use.
5. Restricted Use (Other Matter) Paragraph
a. The auditor’s report on special purpose financial statements should include an other
matter paragraph, under an appropriate heading, that restricts the use of the auditor’s
report to those within the entity, the parties to the contract or agreement, or the
regulatory agencies to whose jurisdiction the entity is subject when the special purpose
financial statements are prepared in accordance with either:
a contractual basis of accounting or
a regulatory basis of accounting (restricted use only)
Note: The restricted use (other matter) paragraph is not required for other types of
special purpose reports (e.g., cash or tax basis, or regulatory basis for general use).
6. Regulatory Basis Financial Statements Intended for General Use
a. If the special purpose financial statements are prepared in accordance with a regulatory
basis of accounting, and the special purpose financial statements together with the
auditor’s report are intended for general use, the auditor should not include the
emphasis-of-matter or other-matter paragraphs. Instead, the auditor should provide dual
opinions in the same report as follows:
Opinion 1: Expresses an opinion about whether the special purpose financial statements
are prepared in accordance with GAAP.
Opinion 2: The auditor should also, in a separate paragraph, express an opinion as to
whether the financial statements are prepared in accordance with the special purpose
framework, which is the regulatory basis for general use.
This dual opinion only applies if the auditor reports on a regulatory basis intended for
general use, and not restricted for use. If the regulatory basis for restricted use is used,
a single opinion should be issued.
7. Report Prescribed by Law or Regulation
Audit Engagement Developments
368
a. If an auditor is required by law or regulation to use a specific layout, form, or wording
of the auditor’s report, the report should refer to GAAS only if the auditor’s report
includes the following elements, at a minimum:
Title
Addressee
Introductory paragraph that identifies the special purpose financial statements
audited
Description of the responsibility of management
Management’s responsibility for determining that the applicable financial reporting
framework is acceptable in the circumstances
Description of the auditor’s responsibility
Opinion paragraph
Emphasis-of-matter paragraph indicating that the financial statements are prepared
in accordance with a special purpose framework, when required
Other-matters paragraph that restricts the use of the auditor’s report, when required
Auditor’s signature
Auditor’s city and state, and
Date of auditor’s report.
Note: AU-C 800 states that if the prescribed specific layout, form, or wording of the
auditor’s report, required by law or regulation, is not acceptable or would cause an
auditor to make a statement that the auditor has no basis to make, the auditor should
reword the prescribed form of report or attach an appropriately worded separate report.
The following chart summarizes the format of the auditor’s report when reporting under a
special purpose framework.
Audit Engagement Developments
369
Special Purpose Reports
Cash basis Tax basis Contractual basis Regulatory
basis
Restricted Use
Regulatory basis
General Use
Opinion
Single opinion
on special
purpose
framework
Single opinion
on special
purpose
framework
Single opinion on
special purpose
framework
Single opinion
on special
purpose
framework
Dual
Opinion on
GAAP and
special purpose
framework
Emphasis-of
matter
paragraph- alerting
reader to special
purpose
framework (other
than GAAP)
Yes Yes Yes Yes No
Describe purpose
of financial
statements
No No Yes Yes Yes
Other matter
paragraph
restricting use
No No Yes Yes No
Source: AU-C 800, as modified by author.
Example 1: Auditor’s Report Prepared in Accordance With the Cash Basis of
Accounting (Source: AU-C 800, as modified by author)
Facts:
The financial statements have been prepared by management of a partnership in
accordance with the cash basis of accounting (that is, a special purpose framework).
Management has a choice of financial reporting frameworks.
Audit Engagement Developments
370
Independent Auditor’s Report
[Appropriate Addressee]
We have audited the accompanying financial statements of ABC Partnership, which comprise the statements of assets and
liabilities arising from cash transactions as of December 31, 20X1, and the related statements of revenue collected and
expenses paid for the year then ended, and the related notes to the financial statements.
Management’s Responsibility for the Financial Statements
Management is responsible for the preparation and fair presentation of these financial statements in accordance with the
cash basis of accounting; this includes determining that the cash basis of accounting is an acceptable basis for the
preparation of financial statements in the circumstances.72
Management is also responsible for the design, implementation,
and maintenance of internal control relevant to the preparation and fair presentation of financial statements that are free
from material misstatement, whether due to fraud or error.
Auditor’s Responsibility
Our responsibility is to express an opinion on these financial statements based on our audit. We conducted our audit in
accordance with auditing standards generally accepted in the United States of America. Those standards require that we
plan and perform the audit to obtain reasonable assurance about whether the financial statements are free from material
misstatement.
An audit involves performing procedures to obtain audit evidence about the amounts and disclosures in the financial
statements. The procedures selected depend on the auditor’s judgment, including the assessment of the risks of material
misstatement of the financial statements, whether due to fraud or error. In making those risk assessments, the auditor
considers internal control relevant to the partnership’s preparation and fair presentation of the financial statements in order
to design audit procedures that are appropriate in the circumstances, but not for the purpose of expressing an opinion on the
effectiveness of the partnership’s internal control. Accordingly, we express no such opinion. An audit also includes
evaluating the appropriateness of accounting policies used and the reasonableness of significant accounting estimates made
by management, as well as evaluating the overall presentation of the financial statements.
We believe that the audit evidence we have obtained is sufficient and appropriate to provide a basis for our audit opinion.
Opinion
In our opinion, the financial statements referred to above present fairly, in all material respects, the assets and liabilities
arising from cash transactions of ABC Partnership as of December 31, 20X1, and its revenue collected and its expenses
paid during the year then ended in accordance with the cash basis of accounting described in Note X.
Basis of Accounting
We draw attention to Note X of the financial statements, which describes the basis of accounting. The financial
statements are prepared on the cash basis of accounting which is a basis of accounting other than accounting
principles generally accepted in the United States of America. Our opinion is not modified with respect to this
matter.
[Auditor’s Signature]
[Auditor’s City and State]
[Date of the Auditor’s Report]
72
The SAS requires the auditor’s report to reference management' responsibility for determining that the applicable
financial reporting framework is acceptable in the circumstances. If management does not have a choice of financial
reporting frameworks, the audit report should remove this language from the report.
Audit Engagement Developments
371
Example 2: Auditor’s Report Prepared in Accordance With the Tax Basis of Accounting
(Source: AU-C 800, as modified by author)
Facts:
The financial statements have been prepared by management of a partnership in
accordance with the basis of accounting the partnership uses for income tax purposes
(that is, a special purpose framework).
Based on the partnership agreement, management does not have a choice of financial
reporting frameworks.
Independent Auditor’s Report
[Appropriate Addressee]
We have audited the accompanying financial statements of ABC Partnership, which comprise the statements of assets,
liabilities, and capital-income tax basis as of December 31, 20X1, and the related statements of revenue and expenses-
income tax basis and of changes in partners’ capital accounts-income tax basis for the year then ended, and the related
notes to the financial statements.
Management’s Responsibility for the Financial Statements
Management is responsible for the preparation and fair presentation of these financial statements in accordance with the
basis of accounting the Partnership uses for income tax purposes; this includes the design, implementation and maintenance
of internal control relevant to the preparation and fair presentation of financial statements that are free from material
misstatement, whether due to fraud or error.
Auditor’s Responsibility
Our responsibility is to express an opinion on these financial statements based on our audit. We conducted our audit in
accordance with auditing standards generally accepted in the United States of America. Those standards require that we
plan and perform the audit to obtain reasonable assurance about whether the financial statements are free from material
misstatement.
An audit involves performing procedures to obtain audit evidence about the amounts and disclosures in the financial
statements. The procedures selected depend on the auditor’s judgment, including the assessment of the risks of material
misstatement of the financial statements, whether due to fraud or error. In making those risk assessments, the auditor
considers internal control relevant to the partnership’s preparation and fair presentation of the financial statements in order
to design audit procedures that are appropriate in the circumstances, but not for the purpose of expressing an opinion on the
effectiveness of the partnership’s internal control. Accordingly, we express no such opinion. An audit also includes
evaluating the appropriateness of accounting policies used and the reasonableness of significant accounting estimates made
by management, as well as evaluating the overall presentation of the financial statements.
We believe that the audit evidence we have obtained is sufficient and appropriate to provide a basis for our audit opinion.
Opinion
In our opinion, the financial statements referred to above present fairly, in all material respects, the assets, liabilities, and
capital of ABC Partnership as of December 31, 20X1, and its revenue and expenses and changes in partners’ capital
accounts for the year then ended in accordance with the basis of accounting the Partnership uses for income tax
purposes described in Note X.
Basis of Accounting
Audit Engagement Developments
372
We draw attention to Note X of the financial statements, which describes the basis of accounting. The financial
statements are prepared on the basis of accounting the Partnership uses for income tax purposes, which is a basis of
accounting other than accounting principles generally accepted in the United States of America. Our opinion is not
modified with respect to this matter.
[Auditor’s Signature]
[Auditor’s City and State]
[Date of the Auditor’s Report]
Observations- Example 2 Report:
AU-C 800 uses the term “tax basis” to describe income tax basis financial statement. Yet, the
sample report fund in the AU-C uses the term “income tax basis.” In practice, most parties use
the term “income tax basis” and, in the author’s opinion, should continue to do so.
In Example 2, management does not have a choice of framework because the income tax basis
of accounting is required under the partnership agreement. In such a case, the Management’s
Responsibility for the Financial Statements paragraph does not include language referencing
that management is responsible for determining that the income tax basis of accounting is
acceptable.
Let’s look at the comparison:
Scenario 1:
The income tax basis of accounting is used and management does not have the choice of using
another framework.
The language in the management’s responsibility paragraph is as follows (which is what is
given in this Example 2):
Management’s Responsibility for the Financial Statements
Management is responsible for the preparation and fair presentation of these
financial statements in accordance with the basis of accounting the Partnership
uses for income tax purposes; this includes the design, implementation and
maintenance of internal control relevant to the preparation and fair presentation of
financial statements that are free from material misstatement, whether due to fraud
or error.
Scenario 2:
The income tax basis of accounting is used and management does have the choice of using
another framework.
Audit Engagement Developments
373
The language in the management’s responsibility paragraph is as follows:
Management’s Responsibility for the Financial Statements
Management is responsible for the preparation and fair presentation of these
financial statements in accordance with the basis of accounting the Partnership
uses for income tax purposes; this includes determining that the income tax basis
of accounting is an acceptable basis for the preparation of financial statements in
the circumstances. Management is also responsible for the design, implementation
and maintenance of internal control relevant to the preparation and fair
presentation of financial statements that are free from material misstatement,
whether due to fraud or error.
Example 3: Regulatory Basis- Not Intended for General Use
(Source: AU-C 800, as modified by author)
Facts:
The financial statements have been prepared by management of the entity in accordance
with the financial reporting provisions established by a regulatory agency (that is, a
special purpose framework).
The financial statements together with the auditor’s report are not intended for general
use.
Based on the regulatory requirements, management does not have a choice of financial
reporting frameworks.
Independent Auditor’s Report
[Appropriate Addressee]
We have audited the accompanying financial statements of ABC City, Any State, which comprise cash and unencumbered
cash for each fund as of December 31, 20X1, and the related statements of cash receipts and disbursements and
disbursements-budget and actual for the year then ended, and the related notes to the financial statements.
Management’s Responsibility for the Financial Statements
Management is responsible for the preparation and fair presentation of these financial statements in accordance with the
financial reporting provisions of Section Y of Regulation Z of Any State. Management is also responsible for the design,
implementation and maintenance of internal control relevant to the preparation and fair presentation of financial statements
that are free from material misstatement, whether due to fraud or error.
Auditor’s Responsibility
Our responsibility is to express an opinion on these financial statements based on our audit. We conducted our audit in
accordance with auditing standards generally accepted in the United States of America. Those standards require that we
Audit Engagement Developments
374
plan and perform the audit to obtain reasonable assurance about whether the financial statements are free from material
misstatement.
An audit involves performing procedures to obtain audit evidence about the amounts and disclosures in the financial
statements. The procedures selected depend on the auditor’s judgment, including the assessment of the risks of material
misstatement of the financial statements, whether due to fraud or error. In making those risk assessments, the auditor
considers internal control relevant to the entity’s preparation and fair presentation of the financial statements in order to
design audit procedures that are appropriate in the circumstances, but not for the purpose of expressing an opinion on the
effectiveness of the entity’s internal control. Accordingly, we express no such opinion. An audit also includes evaluating
the appropriateness of accounting policies used and the reasonableness of significant accounting estimates made by
management, as well as evaluating the overall presentation of the financial statements.
We believe that the audit evidence we have obtained is sufficient and appropriate to provide a basis for our audit opinion.
Opinion
In our opinion, the financial statements referred to above present fairly, in all material respects, the cash and unencumbered
cash of each fund of ABC City as of December 31, 20X1, and their respective cash receipts and disbursements, and
budgetary results for the year then ended in accordance with the financial reporting provisions of Section Y of Regulation Z
of Any State described in Note X.
Basis of Accounting
We draw attention to Note X of the financial statements, which describes the basis of accounting. As described in Note X to
the financial statements, the financial statements are prepared by ABC City on the basis of the financial reporting
provisions of Section Y of Regulation Z of Any State, which is a basis of accounting other than accounting principles
generally accepted in the United States of America, to meet the requirements of Any State.73
Our opinion is not modified
with respect to this matter.
Restriction on Use
Our report is intended solely for the information and use of ABC City and Any State and is not intended to be and should
not be used by anyone other than these specified parties.
[Auditor’s Signature]
[Auditor’s City and State]
[Date of the Auditor’s Report]
Note: The restriction on use paragraph is only required for reports on a regulatory basis, not
intended for general use, or on a contractual basis.
73
For reports prepared on a contractual or regulatory basis (general or restricted), the report must include a description of
the purpose for which the financial statements are prepared.
Audit Engagement Developments
375
Example 4: Regulatory Basis- Intended for General Use
(Source: AU-C 800, as modified by author)
Facts:
The financial statements have been prepared by management of the entity in accordance
with the financial reporting provisions established by a regulatory agency (that is, a
special purpose framework).
The financial statements together with the auditor’s report are intended for general use.
Based on the regulatory requirements, management does not have a choice of financial
reporting frameworks.
The variances between the regulatory basis of accounting and accounting principles
generally accepted in the United States of America (U.S. GAAP) are not reasonably
determinable and are presumed to be material.
Independent Auditor’s Report
[Appropriate Addressee]
We have audited the accompanying financial statements of XYZ City, Any State, which comprise cash and unencumbered
cash for each fund as of December 31, 20X1, and the related statements of cash receipts and disbursements and
disbursements-budget and actual for the year then ended, and the related notes to the financial statements.
Management’s Responsibility for the Financial Statements
Management is responsible for the preparation and fair presentation of these financial statements in accordance with the
financial reporting provisions of Section Y of Regulation Z of Any State. Management is also responsible for the design,
implementation and maintenance of internal control relevant to the preparation and fair presentation of financial statements
that are free from material misstatement, whether due to fraud or error.
Auditor’s Responsibility
Our responsibility is to express an opinion on these financial statements based on our audit. We conducted our audit in
accordance with auditing standards generally accepted in the United States of America. Those standards require that we
plan and perform the audit to obtain reasonable assurance about whether the financial statements are free from material
misstatement.
An audit involves performing procedures to obtain audit evidence about the amounts and disclosures in the financial
statements. The procedures selected depend on the auditor’s judgment, including the assessment of the risks of material
misstatement of the financial statements, whether due to fraud or error. In making those risk assessments, the auditor
considers internal control relevant to the entity’s preparation and fair presentation of the financial statements in order to
design audit procedures that are appropriate in the circumstances, but not for the purpose of expressing an opinion on the
effectiveness of the entity’s internal control. Accordingly, we express no such opinion. An audit also includes evaluating
the appropriateness of accounting policies used and the reasonableness of significant accounting estimates made by
management, as well as evaluating the overall presentation of the financial statements.
We believe that the audit evidence we have obtained is sufficient and appropriate to provide a basis for our audit opinions.
Audit Engagement Developments
376
Basis for Adverse Opinion on U.S. Generally Accepted Accounting Principles
As described in Note X of the financial statements, the financial statements are prepared by XYZ City on the basis of the
financial reporting provisions of Section Y of Regulation Z of Any State, which is a basis of accounting other than
accounting principles generally accepted in the United States of America, to meet the requirements of Any State.74
The effects on the financial statements of the variances between the regulatory basis of accounting described in Note X and
accounting principles generally accepted in the United States of America, although not reasonably determinable, are
presumed to be material.
Adverse Opinion on U.S. Generally Accepted Accounting Principles
In our opinion, because of the significance of the matter discussed in the “Basis for Adverse Opinion on U.S.
Generally Accepted Accounting Principles” paragraph, the financial statements referred to above do not present
fairly, in accordance with accounting principles generally accepted in the United States of America, the financial
position of each fund of XYZ City as of December 31, 20X1, or changes in financial position or cash flows thereof for
the year then ended.
Opinion on Regulatory Basis of Accounting
In our opinion, the financial statements referred to above present fairly, in all material respects, the cash and
unencumbered cash of each fund of XYZ City as of December 31, 20X1, and their respective cash receipts and
disbursements, and budgetary results for the year then ended in accordance with the financial reporting provisions
of Section Y of Regulation Z of Any State described in Note X.
[Auditor’s Signature]
[Auditor’s City and State]
[Date of the Auditor’s Report]
Observation: In the Example 4 report, there is a dual opinion: one on GAAP and one on the
regulatory basis of accounting. The dual opinion is required whenever an auditor reports on a
regulatory basis and the financial statements are intended for general use. In doing so, there is
an adverse opinion on the GAAP basis, and an unmodified opinion on the regulatory basis. If
the financial statements are restricted for use, only an opinion on the regulatory basis is
required.
Example 5: Contractual Basis of Accounting
(Source: AU-C 800, as modified by author)
Facts:
The financial statements have been prepared by management of the entity in accordance
with a contractual basis of accounting (that is, a special purpose framework) to comply
with the provisions of that contract.
Based on the provisions of the contract, management does not have a choice of financial
reporting frameworks.
74
For reports prepared on a contractual or regulatory basis (general or restricted), the report must include a description of
the purpose for which the financial statements are prepared.
Audit Engagement Developments
377
Independent Auditor’s Report
[Appropriate Addressee]
We have audited the accompanying financial statements of ABC Company, which comprise the assets and liabilities-
contractual basis as of December 31, 20X1, and the revenues and expenses-contractual basis, changes in equity-contractual
basis and cash flows-contractual basis for the year then ended, and the related notes to the financial statements.
Management’s Responsibility for the Financial Statements
Management is responsible for the preparation and fair presentation of these financial statements in accordance with the
financial reporting provisions of Section Z of the contract between ABC Company and DEF Company dated January 1,
20X1 (the contract). Management is also responsible for the design, implementation, and maintenance of internal control
relevant to the preparation and fair presentation of financial statements that are free from material misstatement, whether
due to fraud or error.
Auditor’s Responsibility
Our responsibility is to express an opinion on these financial statements based on our audit. We conducted our audit in
accordance with auditing standards generally accepted in the United States of America. Those standards require that we
plan and perform the audit to obtain reasonable assurance about whether the financial statements are free from material
misstatement.
An audit involves performing procedures to obtain audit evidence about the amounts and disclosures in the financial
statements. The procedures selected depend on the auditor’s judgment, including the assessment of the risks of material
misstatement of the financial statements, whether due to fraud or error. In making those risk assessments, the auditor
considers internal control relevant to the entity’s preparation and fair presentation of the financial statements in order to
design audit procedures that are appropriate in the circumstances, but not for the purpose of expressing an opinion on the
effectiveness of the entity’s internal control. Accordingly, we express no such opinion. An audit also includes evaluating
the appropriateness of accounting policies used and the reasonableness of significant accounting estimates made by
management, as well as evaluating the overall presentation of the financial statements.
We believe that the audit evidence we have obtained is sufficient and appropriate to provide a basis for our audit opinion.
Opinion
In our opinion, the financial statements referred to above present fairly, in all material respects, the assets and liabilities of
ABC Company as of December 31, 20X1, and revenues, expenses, changes in equity, and cash flows for the year then
ended in accordance with the financial reporting provisions of Section Z of the contract.
Basis of Accounting
We draw attention to Note X of the financial statements, which describes the basis of accounting. The financial statements
are prepared by ABC Company on the basis of the financial reporting provisions of Section Z of the contract, which is a
basis of accounting other than accounting principles generally accepted in the United States of America, to comply with the
financial reporting provisions of the contract75
referred to above. Our opinion is not modified with respect to this matter.
75
For reports prepared on a contractual or regulatory basis (general or restricted), the report must include a description of
the purpose for which the financial statements are prepared.
Audit Engagement Developments
378
Restriction on Use
Our report is intended solely for the information and use of ABC Company and DEF Company and is not intended to be
and should not be used by anyone other than these specified parties.
[Auditor’s Signature]
[Auditor’s City and State]
[Date of the Auditor’s Report]
Note: The restriction on use paragraph is only required for reports on a regulatory basis, not
intended for general use, or on a contractual basis.
Fair Presentation and Adequate Disclosures
1. When the special purpose financial statements contain items that are the same as, or similar
to, those in financial statements prepared in accordance with GAAP, informative
disclosures similar to those required by GAAP are necessary to achieve fair presentation.
Example: Financial statements prepared on a tax basis or on a modified cash basis of
accounting usually reflect depreciation, long-term debt, and owners’ equity. Thus, the
informative disclosures for depreciation, long-term debt, and owners’ equity in such
financial statements would be comparable to those in financial statements prepared in
accordance with GAAP.
2. As a result, with respect to special purpose financial statements that contain items that are
the same as, or similar to, those in financial statements prepared in accordance with
generally accepted accounting principles (GAAP), the new SAS requires the auditor to
evaluate:
Whether the financial statements include informative disclosures similar to those
required by GAAP, and
Whether additional disclosures, beyond those specifically required by the framework,
relate to matters that are not specifically identified on the face of the financial
statements or other disclosures are necessary for the financial statements to achieve fair
presentation.
3. If special purpose financial statements contain items for which GAAP would require
disclosure, the financial statements may either:
Provide the relevant disclosure that would be required for those items in a GAAP
presentation, or
Provide qualitative information that communicates the substance of that disclosure.
Audit Engagement Developments
379
4. If GAAP provides requirements that apply to the presentation of financial statements,
special purpose financial statements may either:
Comply with those requirements, or
Provide qualitative information that communicates the substance of those requirements,
without modifying the format of the special purpose financial statements.
Note: When special purpose financial statements are issued, qualitative information may be
substituted for the quantitative information required for GAAP presentations provides the
information communicates the substance of the GAAP requirements.
5. For special purpose financial statements, if GAAP disclosure requirements are not relevant
to the measurement of the item, those disclosures do not have to be considered.
Example:
Fair value disclosures for debt and equity securities would not be relevant when the
basis of presentation does not adjust the cost of such securities to their fair value.
Disclosures related to actuarial calculations for contributions to defined benefit plans
would not be relevant in financial statements prepared in accordance with the cash or
tax basis of accounting.
Disclosures related to the use of estimates would not be relevant in a presentation that
has no estimates, such as the cash basis of accounting.
6. Statement of cash flows:
Special purpose financial statements may not require that a statement of cash flows be
presented, such as in the case of cash or tax basis financial statements.
If a presentation of cash receipts and disbursements is presented in a format similar to a
statement of cash flows or if the entity chooses to present such a statement, the
statement would either conform to the requirements for a GAAP presentation or
communicate their substance.
Audit Engagement Developments
380
AU-C 210: Terms of Engagement
Supersedes: portions of SAS No. 108, Planning and Supervision, and SAS No. 84,
Communication Between Predecessor and Successor Auditors.
Key changes in the SAS:
1. Requires the auditor to explicitly determine whether the financial reporting framework
to be applied in the preparation of the financial statements is acceptable.
2. Requires the auditor to obtain the agreement of management (in an engagement letter)
that it acknowledges and understands its responsibility.
a. Such understanding should include management’s responsibility for:
preparation and fair presentation of the financial statements under the
applicable framework
the design, implementation and maintenance of internal control, and
providing access and information to the auditor.
3. On recurring audits, requires the auditor to assess whether circumstances require the
terms of the audit to be revised.
4. Deals with situations in which law or regulation prescribes a specific layout, form, or
wording of the auditor’s report that significantly differs from GAAS.
Audit Engagement Developments
381
Example of an Audit Engagement Letter (from Exhibit A of AU-C 210)
Following is an example the new engagement letter offered by AU-C 210.
Changes made by AU-C 210 are presented in bold type.
To the appropriate representative of those charged with governance of ABC Company:
[The objective and scope of the audit]
You have requested that we audit the financial statements of ABC Company, which comprise the balance sheet
as of December 31, 20XX, and the related statements of income, changes in stockholders’ equity and cash flows
for the year then ended, and the related notes to the financial statements. We are pleased to confirm our
acceptance and our understanding of this audit engagement by means of this letter. Our audit will be conducted
with the objective of our expressing an opinion on the financial statements.
[The responsibilities of the auditor]
We will conduct our audit in accordance with auditing standards generally accepted in the United States
(GAAS). Those standards require that we plan and perform the audit to obtain reasonable assurance about
whether the financial statements are free of material misstatement. An audit involves performing procedures to
obtain audit evidence about the amounts and disclosures in the financial statements. The procedures selected
depend on the auditor’s judgment, including the assessment of the risks of material misstatement of the financial
statements, whether due to fraud or error. An audit also includes evaluating the appropriateness of accounting
policies used and the reasonableness of significant accounting estimates made by management, as well as
evaluating the overall presentation of the financial statements.
Because of the inherent limitations of an audit, together with the inherent limitations of internal control, an
unavoidable risk that some material misstatements may not be detected exists, even though the audit is properly
planned and performed in accordance with GAAS.
In making our risk assessments, we consider internal control relevant to the entity’s preparation and fair
presentation of the financial statements in order to design audit procedures that are appropriate in the
circumstances but not for the purpose of expressing an opinion on the effectiveness of the entity’s internal
control. However, we will communicate to you in writing concerning any significant deficiencies or material
weaknesses in internal control relevant to the audit of the financial statements that we have identified during the
audit.
[The responsibilities of management and identification of the applicable financial reporting framework]
Our audit will be conducted on the basis that [management and, where appropriate, those charged with
governance] acknowledge and understand that they have responsibility:
a. for the preparation and fair presentation of the financial statements in accordance with
accounting principles generally accepted in the United States
Audit Engagement Developments
382
b. for the design, implementation, and maintenance of internal control relevant to the preparation
and fair presentation of financial statements that are free from material misstatement, whether
due to fraud or error, and
c. to provide us with:
access to all information of which [management] is aware that is relevant to the preparation
and fair presentation of the financial statements such as records, documentation, and other
matters
additional information that we may request from [management] for the purpose of the audit,
and
unrestricted access to persons within the entity from whom we determine it necessary to
obtain audit evidence.
As part of our audit process, we will request from [management and, where appropriate, those charged
with governance], written confirmation concerning representations made to us in connection with the
audit.
[Other relevant information]
[Insert other information, such as fee arrangements, billings, and other specific terms, as appropriate.]
[Reporting]
[Insert appropriate reference to the expected form and content of the auditor’s report. Example follows:]
We will issue a written report upon completion of our audit of ABC Company’s financial statements. Our report
will be addressed to the board of directors of ABC Company. We cannot provide assurance that an unmodified
opinion will be expressed. Circumstances may arise in which it is necessary for us to modify our opinion, add an
emphasis of matter or other matter paragraph(s), or withdraw from the engagement.
We also will issue a written report on [Insert appropriate reference to other auditor’s reports expected to be
issued.] upon completion of our audit.
Please sign and return the attached copy of this letter to indicate your acknowledgement of, and agreement with,
the arrangements for our audit of the financial statements including our respective responsibilities.
XYZ & Co.
Acknowledged and agreed on behalf of ABC Company by
___________________________
[Signed]
[Name and Title]
[Date]
Audit Engagement Developments
383
580: Written Representations
Supersedes: SAS No. 85, Management Representations.
Key changes in the SAS:
The SAS introduces a new management representation letter.
1. AU-C 580 makes minor changes to the language found in the illustrative management
representation letter.
2. The new SAS does not change or expand the requirements previously found in SAS No. 85,
in any significant respect.
Audit Engagement Developments
384
Exhibit: Illustrative Representation Letter
The following illustrative letter includes written representations that are required by this and
other AU sections in effect for audits of financial statements for periods ending on or after
December 15, 2012.
New language provided by AU-C 580 is presented in bold type.
(Entity Letterhead)
(To Auditor) (Date)
This representation letter is provided in connection with your audit of the financial statements of ABC
Company, which comprise the balance sheet as of December 31, 20XX, and the related statements of income,
changes in stockholders’ equity and cash flows for the year then ended, and the related notes to the financial
statements, for the purpose of expressing an opinion as to whether the financial statements are presented fairly,
in all material respects, in accordance with accounting principles generally accepted in the United States (U.S.
GAAP).
Certain representations in this letter are described as being limited to matters that are material. Items are
considered material, regardless of size, if they involve an omission or misstatement of accounting information
that, in the light of surrounding circumstances, makes it probable that the judgment of a reasonable person
relying on the information would be changed or influenced by the omission or misstatement.
Except where otherwise stated below, immaterial matters less than $[insert amount] collectively are not
considered to be exceptions that require disclosure for the purpose of the following representations. This
amount is not necessarily indicative of amounts that would require adjustment to or disclosure in the
financial statements.
We confirm that, to the best of our knowledge and belief, having made such inquiries as we considered
necessary for the purpose of appropriately informing ourselves, as of (date of auditor’s report):
Financial Statements
We have fulfilled our responsibilities, as set out in the terms of the audit engagement dated [insert date],
for the preparation and fair presentation of the financial statements in accordance with U.S. GAAP [or
other financial reporting framework].
We acknowledge our responsibility for the design, implementation, and maintenance of internal
control relevant to the preparation and fair presentation of financial statements that are free from
material misstatement, whether due to fraud or error.
We acknowledge our responsibility for the design, implementation, and maintenance of internal control
to prevent and detect fraud.
Significant assumptions used by us in making accounting estimates, including those measured at
fair value, are reasonable.
Related party relationships and transactions have been appropriately accounted for and disclosed in
accordance with the requirements of U.S. GAAP.
All events subsequent to the date of the financial statements and for which U.S. GAAP requires
adjustment or disclosure have been adjusted or disclosed.
Audit Engagement Developments
385
The effects of uncorrected misstatements are immaterial, both individually and in the aggregate, to the
financial statements as a whole. A list of the uncorrected misstatements is attached to the representation
letter. [Attached List]76
The effects of all known actual or possible litigation and claims have been accounted for and disclosed
in accordance with U.S. GAAP.
[Any other matters that the auditor may consider appropriate]
Information Provided
We have provided you with:
o Access to all information, of which we are aware that is relevant to the preparation and fair
presentation of the financial statements such as records, documentation and other matters;
Additional information that you have requested from us for the purpose of the audit; and
o Unrestricted access to persons within the entity from whom you determined it necessary to
obtain audit evidence.
All transactions have been recorded in the accounting records and are reflected in the financial
statements.
We have disclosed to you the results of our assessment of the risk that the financial statements
may be materially misstated as a result of fraud.
We have [no knowledge of any][disclosed to you all information that we are aware of in relation to]
fraud or suspected fraud that affects the entity and involves:
o Management;
o Employees who have significant roles in internal control; or
o Others where the fraud could have a material effect on the financial statements.
We have [no knowledge of any][disclosed to you all information in relation to] allegations of fraud, or
suspected fraud, affecting the entity’s financial statements communicated by employees, former
employees, analysts, regulators or others.
We have disclosed to you all known instances of non-compliance or suspected non-compliance
with laws and regulations whose effects should be considered when preparing financial
statements.
We [have disclosed to you all known actual or possible][ are not aware of any pending or threatened]
litigation and claims whose effects should be considered when preparing the financial statements [and
we have not consulted legal counsel concerning litigation or claims]
We have disclosed to you the identity of the entity’s related parties and all the related party relationships
and transactions of which we are aware.
[Any other matters that the auditor may consider necessary].
___________________
[Name of Chief Executive Officer and Title]
____________________
[Name of Chief Financial Officer and Title]
Note: The previous illustration assumes that the applicable financial reporting framework is
accounting principles generally accepted in the United States. Further, it assumes that there is
no requirement for representation involving going concern, and that there are no exceptions
76
Attached to the representation letter should be a list of uncorrected entries.
Audit Engagement Developments
386
that exist to the requested written representations. If there were exceptions, the representations
would need to be modified to reflect the exceptions.
Audit Engagement Developments
387
REVIEW QUESTIONS
Under the NASBA-AICPA self-study standards, self-study sponsors are required to present
review questions intermittently throughout each self - study course. Additionally, feedback
must be given to the course participant in the form of answers to the review questions and the
reason why answers are correct or incorrect.
To obtain the maximum benefit from this course, we recommend that you complete each of the
following questions, and then compare your answers with the solutions that immediately
follow. These questions and related suggested solutions are not part of the final examination
and will not be graded by the sponsor.
1. In a group audit, which of the following is responsible for reviewing and approving the
overall group audit strategy and group audit plan:
a. Component auditor
b. Group engagement team
c. Group engagement partner
d. Component management
2. In a group audit, which of the following parties is responsible for obtaining an
understanding of the component auditor:
a. Group engagement partner
b. Group quality control reviewer
c. Group engagement team
d. Group board of directors
3. If a group auditor does not wish to assume responsibility for a component, which of the
following should he or she do:
a. Make reference to the component auditor in the group auditor’s report
b. Include a disclaimer in the engagement letter and make no reference in the group
auditor’s report
c. Do not reference the component auditor in the group auditor’s report
d. Include a disclosure in the notes to financial statements in which the group auditor
disclaims responsibility for the work of the component auditor
4. A group auditor should not reference the work of a component auditor in the group audit
report unless the component’s financial statements are prepared using _____________.
a. International standards
b. the same financial reporting framework as the group financial statements
c. U.S. GAAP
d. Other comprehensive basis of accounting (OCBOA)
Audit Engagement Developments
388
5. Which of the following is not a basis of accounting included under the special purpose
framework?
a. Cash basis
b. Tax basis
c. Contractual basis
d. Accrual basis
6. In an audit of a special purpose framework, the auditor is required to obtain agreement of
management that it acknowledges and understands it responsibility. Such information
includes all of the following except:
a. Description of the special purpose framework
b. Required GAAP disclosures
c. A description of any significant interpretations of the contract on which the special
purpose financial statements are based
d. Additional disclosures beyond those specifically required
7. Facts: Management is using a financial reporting framework for its financial statements.
Management has no choice of using another financial reporting framework. Which of the
following is correct?
a. Reference to the responsibility for determining the applicable framework is required
b. No reference to the responsibility for determining the applicable framework is required
c. The report should not explain the management’s responsibility for the financial
statements
d. Reference to the responsibility for determining the applicable framework is not
permitted
8. An auditor’s report on special purpose financial statements should include an other-matter
paragraph that restricts the use of the auditor’s report for which of the following bases of
accounting:
a. Cash basis of accounting
b. Tax basis of accounting
c. Contractual basis of accounting
d. Regulatory basis of accounting, general use only
9. With respect to special purpose financial statements, if such statements contain items for
which GAAP would require disclosure, the financial statements may ___________:
a. Provide a quantitative disclosure in the special purpose format
b. Provide the relevant disclosure that would be required for those items in a GAAP
presentation
c. Show comparative disclosures in both the special purpose and GAAP format
d. Provide both qualitative and quantitative disclosure in the special purpose format
Audit Engagement Developments
389
SUGGESTED SOLUTIONS
1. In a group audit, which of the following is responsible for reviewing and approving the
overall group audit strategy and group audit plan:
a. Incorrect. The component auditor has nothing to do with the work at the group level.
b. Incorrect. The group engagement team is responsible for executing the group audit but
is not responsible for the final review and approval of the overall group audit strategy
and audit plan. That task belongs to the group engagement partner.
c. Correct. The group engagement partner is responsible for reviewing and
approving the overall group audit strategy and group audit plan.
d. Incorrect. Component management and, in fact, any management, is not involved in
making decisions related to the audit, making the answer incorrect.
2. In a group audit, which of the following parties is responsible for obtaining an
understanding of the component auditor?
a. Incorrect. Although the group engagement partner is responsible for final approval, the
group engagement partner is not involved in obtaining an understanding of the
component auditor. That task is performed by the group engagement team.
b. Incorrect. The group quality control reviewer is responsible for reviewing the audit
engagement but is not involved in actually performing the audit work, which includes
obtaining an understanding of the component auditor.
c. Correct. The group engagement team is required to obtain an understanding of the
component auditor.
d. Incorrect. The group board of directors is not involved in performing any audit
procedures, making the answer incorrect.
3. If a group auditor does not wish to assume responsibility for a component, which of the
following should he or she do:
a. Correct. By making reference to the component auditor in the group auditor’s
report, the group auditor does not assume responsibility for the component
auditor.
b. Incorrect. Although the group auditor may wish to include a disclaimer in the
engagement letter, the group auditor also must reference the component auditor in the
group auditor’s report
c. Incorrect. GAAS requires that the group auditor must reference the component auditor
in the group auditor’s report if the group auditor does not wish to assume responsibility
for the component.
d. Incorrect. Placing a disclosure in the notes to financial statements is not sufficient.
There must be reference to the component auditor in the group auditor’s report.
4. A group auditor should not reference the work of a component auditor in the group audit
report unless the component’s financial statements are prepared using _____________.
Audit Engagement Developments
390
a. Incorrect. Use of international standards by the component’s financial statements would
be required only if the group financial statements were also prepared using international
standards. Thus, the answer is incorrect.
b. Correct. GAAS requires that the component’s financial statements be on the same
financial reporting framework as the group financial statements. If not, the group
auditor is not allowed to reference to work of the component auditor in the group
audit report.
c. Incorrect. U.S. GAAP is required for the component financial statements only if U.S.
GAAP is used for the group’s financial statements.
d. Incorrect. Using OCBOA is required for the component financial statements only if
OCBOA is used for the group’s financial statements.
5. Which of the following is not a basis of accounting included under the special purpose
framework?
a. Incorrect. The cash basis is an example of a basis under the special purpose framework.
b. Incorrect. The tax basis is an example of a basis under the special purpose framework.
c. Incorrect. The contractual basis is an example of a basis under the special purpose
framework.
d. Correct. The accrual basis of accounting, by itself, is not a basis included under
the definition of a special purpose framework, making the answer correct.
6. In an audit of a special purpose framework, the auditor is required to obtain agreement of
management that it acknowledges and understands its responsibility. Such information
includes all of the following except:
a. Incorrect. One of the items that the auditor must get agreement with management is the
description of the special purpose framework including a summary of significant
accounting policies, and how the framework differs from GAAP, the effects of which
need not be quantified.
b. Correct. The agreement should include all informative disclosures similar to those
required by GAAP (not required GAAP disclosures), making the answer correct.
c. Incorrect. One requirement is for the auditor to obtain agreement on a description of any
significant interpretations of the contract on which the special purpose financial
statements are based.
d. Incorrect. The auditor is required to obtain agreement as to any additional disclosures
beyond those specifically required
7. Facts: Management is using a financial reporting framework for its financial statements.
Management has no choice of using another financial reporting framework. Which of the
following is correct?
a. Incorrect. Reference to the responsibility for determining the applicable framework is
not required, making the answer incorrect.
b. Correct. In a situation in which management has no choice of the financial
reporting framework, no reference to the responsibility for determining the
applicable framework is required.
Audit Engagement Developments
391
c. Incorrect. The report should always explain management’s responsibility for the
financial statements, regardless of whether management has a choice of framework.
d. Incorrect. The SAS states that when management has no choice of using another
framework, reference to the responsibility for determining the applicable framework is
not required, but it is permitted.
8. An auditor’s report on special purpose financial statements should include an other-matter
paragraph that restricts the use of the auditor’s report for which of the following bases of
accounting:
a. Incorrect. A restricted use of the auditor’s report is not required for the cash basis of
accounting.
b. Incorrect. A restricted use of the auditor’s report is not required for the tax basis of
accounting.
c. Correct. GAAS requires that the report be restricted for use when there is a
contractual basis of accounting.
d. Incorrect. Only a regulatory basis of accounting, restricted for use only, requires that
the auditor’s report be restricted for use. A regulatory basis of accounting for general
use has no such restriction.
9. With respect to special purpose financial statements, if such statement contains items for
which GAAP would require disclosure, the financial statements may ___________.
a. Incorrect. AU-C 600 provides one option which is to provide qualitative (not
quantitative) disclosure in the special purpose format.
b. Correct. One option allowed is to provide the relevant disclosure that would be
required for those items in a GAAP presentation
c. Incorrect. There is no requirement to show comparative disclosures in both the special
purpose and GAAP format.
d. Incorrect. GAAS provides for presenting qualitative disclosures in the special purpose
format, but no requirement to show quantitative disclosures along with it.
Audit Engagement Developments
392
Other SASs Issued in the Clarity Project as Part of SAS Nos. 122-125
The remainder of the Clarity Project changes found in SAS Nos. 122-125 consist of numerous
new standards that, in general, do not make substantive changes to the way in which auditors
conduct their auditors.
Following is a listing of those new standards, segregated into those that make modest changes
to GAAS, and those that result in a mere reformatting of existing GAAP.
AU-C Title
Standards –Modest Changes to GAAS
200 Overall Objectives of the Independent Auditor and the Conduct of An Audit in
Accordance with Generally Accepted Auditing Standards
220 Quality Control for an Engagement Conducted in Accordance With Generally
Accepted Auditing Standards
510 Opening Balances-Initial Audit Engagements, Including Reaudit Engagements
Standards- Reformatting of Existing GAAS
230 Audit Documentation
240 Consideration of Fraud in a Financial Statement Audit
260 The Auditor’s Communication With Those Charged With Governance
300 Planning an Audit
315 Understanding the Entity and Its Environment and Assessing the Risks of
Material Misstatement
320 Materiality in Planning and Performing an Audit
330 Performing Audit Procedures in Response to Assessed Risks and Evaluating the
Audit Evidence Obtained
402 Audit Considerations Relating to an Entity Using a Service Organization
450 Evaluation of Misstatements Identified During the Audit
500 Audit Evidence
501 Audit Evidence-Specific Considerations for Selected Items
505 External Confirmations
520 Analytical Procedures
530 Audit Sampling
540 Auditing Accounting Estimates, Including Fair Value Accounting Estimates and
Related Disclosures
550 Related Parties
560 Subsequent Events and Subsequently Discovered Facts
585 Consideration of Omitted Procedures After the Report Release Date
620 Using the Work of an Auditor’s Specialist
708 Consistency of Financial Statements
720 Other Information in Documents Containing Audited Financial Statements
725 Supplementary Information in Relation to the Financial Statements as a Whole
Audit Engagement Developments
393
730 Required Supplementary Information
805 Special Considerations- Audits of Single Financial Statements and Specific
Elements, Accounts, or Items of a Financial Statement
806 Reporting on Compliance With Aspects of Contractual Agreements or
Regulatory Requirements in Connection With Audited Financial Statements
810 Engagements to Report on Summary Financial Statements
905 Alert That Restricts the Use of the Auditor’s Written Communication
910 Financial Statements Prepared in Accordance With a Financial Reporting
Framework Generally Accepted in Another Country
915 Reporting on Application of Requirements of an Applicable Financial Reporting
Framework
920 Letters for Underwriters and Certain Other Requesting Parties
925 Filings With the U.S. Securities and Exchange Commission Under the Securities
Act of 1933
930 Interim Financial Information
935 Compliance Audits
Audit Engagement Developments
394
Glossary
Brainstorming: A method of shared problem solving in which all members of a group
spontaneously contribute ideas.
Cash basis: A basis of accounting that the entity uses to record cash receipts and
disbursements and modifications of the cash basis having substantial support.
Component: An entity or business activity for which group or component management
prepares financial information that should be included in the group financial statements.
Component auditors: Auditors who do not meet the definition of a member of the group
engagement team, including an auditor who may work for a network firm of the group
engagement partner’s firm or may even work for a different office of the same firm.
Contractual basis: A basis of accounting that the entity uses to comply with an agreement
between the entity and one or more third parties other than the auditor.
Deficiency in internal control: The design or operation of a control does not allow
management or employees, in the normal course of performing their assigned functions, to
prevent, or detect and correct, misstatements on a timely basis.
Emphasis-of-matter paragraph: A paragraph included in the auditor’s report that is required
by GAAS, or is included at the auditor’s discretion, and that refers to a matter appropriately
presented or disclosed in the financial statements that, in the auditor’s judgment, is of such
importance that it is fundamental to users’ understanding of the financial statements.
Fraud: An intentional act by one or more individuals among management, those charged with
governance, employees, or third parties, involving the use of deception that results in a
misstatement in financial statements that are the subject of an audit.
Group: All the components whose financial information is included in the group financial
statements. A group always has more than one component.
Group engagement partner: The partner or other person in the firm who is responsible for
the group audit engagement and its performance and for the auditor’s report on the group
financial statements that is issued on behalf of the firm.
Group engagement team: Partners, including the group engagement partner, and staff who
establish the overall group audit strategy, communicate with component auditors, perform
work on the consolidation process, and evaluate the conclusions drawn from the audit evidence
as the basis for forming an opinion on the group financial statements.
Audit Engagement Developments
395
Group financial statements: Financial statements that include the financial information of
more than one component.
Material weakness: A deficiency, or a combination of deficiencies, in internal control, such
that there is a reasonable possibility that a material misstatement of the entity’s financial
statements will not be prevented, or detected and corrected, on a timely basis.
Modified opinion: A qualified opinion, an adverse opinion, or a disclaimer of opinion.
Money laundering: To move illegally acquired cash through financial systems so that it
appears to be legally acquired.
Noncompliance: Acts of omission or commission by the entity, either intentional or
unintentional, which are contrary to the prevailing laws or regulations.
Other-matter paragraph: A paragraph included in the auditor’s report that is required by
GAAS, or is included at the auditor’s discretion, and that refers to a matter other than those
presented or disclosed in the financial statements that, in the auditor’s judgment, is relevant to
users’ understanding of the audit, the auditor’s responsibilities, or the auditor’s report.
Pervasive: A term used in the context of misstatements to describe the effects on the financial
statements of misstatements or the possible effects on the financial statements of
misstatements, if any, that are undetected due to an inability to obtain sufficient appropriate
audit-evidence.
Preconditions for an audit: The use by management of an acceptable financial reporting
framework in the preparation of the financial statements and the agreement of management
and, when appropriate, those charged with governance, to the premise on which an audit is
conducted.
Privity standard: Accountant’s liability is limited to those third parties with whom the
accountant has a contractual relationship.
Professional skepticism: An open-minded attitude that presumes that parties are neither
totally honest nor totally dishonest.
Public Company Accounting Oversight Board (PCAOB): A regulatory body created by the
Sarbanes-Oxley Act of 2002, which regulates audits of SEC registrants, and operates under the
U.S. Securities and Exchange Commission.
Rainy day fund: A hidden reserve that can be used to adjust quarterly earnings.
Recurring audit: An audit engagement for an existing audit client for whom the auditor
performed the preceding audit.
Audit Engagement Developments
396
Regulatory basis: A basis of accounting that the entity uses to comply with the requirements
or financial reporting provisions of a regulatory agency to whose jurisdiction the entity is
subject (for example, a basis of accounting that insurance companies use pursuant to the
accounting practices prescribed or permitted by a state insurance commission).
Sarbanes-Oxley Act: The Act signed into law that became effective in 2002. The Act contains
sweeping reforms for issuers of publicly traded securities, corporate board members, and
lawyers. It adopts tough new provisions intended to deter and punish corporate and accounting
fraud and corruption, threatening severe penalties for wrongdoers, and protecting the interests
of workers and shareholders.
Significant Component: A component identified by the group engagement team (i) that is of
individual financial significance to the group, or (ii) that, due to its specific nature or
circumstances, is likely to include significant risks of material misstatement of the group
financial statements.
Significant deficiency: A deficiency, or a combination of deficiencies, in internal control that
is less severe than a material weakness yet important enough to merit attention by those
charged with governance.
Special purpose financial statements: Financial statements prepared in accordance with a
special purpose framework.
Special purpose framework: A financial reporting framework other than GAAP that is one of
the following bases of accounting: cash basis, tax basis, regulatory basis, or contractual basis.
Spring-loading: The practice in which an entity acquiring another entity may try to
manipulate the financial performance of the target entity during the preacquisition period.
Tax basis: A basis of accounting that the entity uses to file its income tax return for the period
covered by the financial statements.
Variable interest entity: An entity that has one or both of the following characteristics: (1) its
equity at risk is not sufficient to permit the entity to finance its activities without additional
subordinated financial support from other parties, or (2) as a group, the equity investors lack
one or more of the following characteristics: (a) direct/indirect ability to make decisions, (b)
obligation to absorb expected losses, or (c) right to receive expected residual returns.
Audit Engagement Developments
397
Index
A
accounting estimates, 10,14, 19, 20, 85, 88, 334
adverse opinion, 160, 162, 338, 339, 340, 341, 342
Altman Z Score, 234
analytical procedures, 10, 14, 63, 85, 90, 95, 101, 102, 202, 209,
233, 269, 279, 280, 281, 282, 283, 297, 311
audit documentation, 268, 269
B
Big Four, 132, 137, 139, 140, 141, 142, 143, 146, 148, 149, 150,
151, 152, 153, 293
C
cash larceny, 43, 44, 66, 68, 71
component, 357
Crazy Eddie Rip-off, 62
D
D&O insurance, 173, 174, 175, 176
defined benefit pension plans, 23, 381
E
engagement letter, 132, 133, 135, 136, 202, 205, 256, 257, 263,
264, 278, 296, 301, 310, 318, 382, 383
F
foreseability approach, 264, 266, 267
fraud triangle, 56, 57, 58, 64, 118, 127
fraudulent cash disbursements, 42, 43, 66
fraudulent financial reporting, 21, 36, 39, 55, 56, 58, 59, 60, 61,
83, 84, 87, 98, 102, 104, 192
G
going concern, 10, 12, 13, 24, 87, 143, 146, 235, 236, 269, 283,
284, 285, 387
I
investment writedowns, 17
L
lease agreements, 292
legal letters, 300
long-lived assets, 17, 279
M
material weakness, 162, 166, 328
misappropriation of assets, 39
modified opinion, 338
money laundering, 105
N
near-privity, 264
noncompliance, 223, 284, 318, 320, 321, 322, 323, 324
O
occupational fraud, 37, 39
other-matter paragraph, 347
outsourcing, 26
P
Pervasive, 338
privity, 263, 264
Q
qualified opinion, 338, 339, 340, 341
R
regulatory basis, 366
related party transactions, 244, 245
restatement approach, 264, 265
revenue fraud, 97
risk assessment procedures, 9
round-trip transactions, 240
S
Sarbanes-Oxley Act, 141, 153, 156, 160, 161, 163, 164
significant component, 358
significant deficiency, 328
skimming, 39
spring-loading, 28
T
tax basis, 279, 366
termination benefits, 30
time theft, 81
U
understated expenses, 24
unmodified opinion, 333
NAME: ______________________________
Email address: _____________________________ please print clearly
Mailing address: _____________________________
_____________________________ You can either fax the exam back to 1-317-219-3223 or scan it and email it back to [email protected]. If you
prefer to mail it, the address is CFO Resources LLC, PO 611 Noblesville, IN 46061.
You will be notified of results within one week. A passing grade is 70%.
If you prefer instant results, take the on-line exam and receive an instant grade and certificate for passing. Just click
on the Student Login button on the top of the www.cpaselfstudy.com website or go to
http://www.takeexams.cpaselfstudy.com.
I prefer to receive my grade and certificate by – please select one:
Email Mail Fax
Course Name: Audit Engagement Developments Course ID: AACSFAUD Please transfer your answers to this sheet and fax them so that you do not have to fax all the pages. Please make
sure that your answers are clearly circled.
1 A B C D 21 A B C D 41 A B C D 61 A B C D
2 A B C D 22 A B C D 42 A B C D 62 A B C D
3 A B C D 23 A B C D 43 A B C D 63 A B C D
4 A B C D 24 A B C D 44 A B C D 64 A B C D
5 A B C D 25 A B C D 45 A B C D 65 A B C D
6 A B C D 26 A B C D 46 A B C D 66 A B C D
7 A B C D 27 A B C D 47 A B C D 67 A B C D
8 A B C D 28 A B C D 48 A B C D 68 A B C D
9 A B C D 29 A B C D 49 A B C D 69 A B C D
10 A B C D 30 A B C D 50 A B C D 70 A B C D
11 A B C D 31 A B C D 51 A B C D 71 A B C D
12 A B C D 32 A B C D 52 A B C D 72 A B C D
13 A B C D 33 A B C D 53 A B C D 73 A B C D
14 A B C D 34 A B C D 54 A B C D 74 A B C D
15 A B C D 35 A B C D 55 A B C D 75 A B C D
16 A B C D 36 A B C D 56 A B C D 76 A B C D
17 A B C D 37 A B C D 57 A B C D 77 A B C D
18 A B C D 38 A B C D 58 A B C D 78 A B C D
19 A B C D 39 A B C D 59 A B C D 79 A B C D
20 A B C D 40 A B C D 60 A B C D 80 A B C D
Click or access this link to go to our course evaluation page.
http://cpaselfstudy.com//evaluation.htm
Audit Engagement Developments CPE -Exam
Instructions: Please select the single best answer.
1. Factors to consider in evaluating going concern include all of the following except:
a. Negative trends and recurring operating losses or working capital deficiencies
b. Financial difficulties such as loan defaults or denial of trade credit from suppliers
c. Ability to obtain external financing
d. Ability to obtain new customers at terms and conditions acceptable to the company
2. Auditing procedures with respect to receivables and, in particular, the adequacy of the
allowance for doubtful accounts include all of the following except:
a. Investigate unusual credit limits or nonstandard payment terms given to customers
b. Test the realization of receivables
c. Review the industry in which the customers operate
d. Review the collectability of vendor financing given to customers
3. Specific auditing procedures to determine if inventories are properly valued include all of the
following except:
a. Product sales trends and expected future demand
b. Sales forecasts for products in comparison to industry demand
c. Anticipated technological changes that could affect the value of inventories
d. The quantity of high-value inventory items at year end
4. ASC 320, Debt and Equity Securities (formerly FASB No. 115), deals with the accounting
for securities. ASC 320 places securities into ______ categories.
a. Two
b. Three
c. Four
d. Five
5. Categories of securities included under ASC 320 (formerly FASB No. 115) include all of the
following except:
a. Debt securities held-to-maturity
b. Investments in closely held businesses
c. Trading securities
d. Available-for-sale securities
6. What continues to head the list of areas subject to fraudulent financial reporting:
a. Inventory valuation
b. Revenue recognition
c. Understating payables
d. None of the above
7. Auditors should be aware of ways in which entities may attempt to apply spring-loading
tactics such as inflating reserves and allowances. Examples of inflating reserves and
allowances include all of the following except:
a. Reserve for merger costs
b. Reserve for inventory obsolescence
c. Allowance for doubtful accounts on receivables
d. Accrued vacation pay
8. What differentiates fraud from an error:
a. Intent
b. Risk
c. Degree of loss
d. None of the above
9. The three conditions of the fraud triangle include all of the following except:
a. Lifestyle and standard of living
b. Incentive and pressure
c. Opportunity
d. Rationalization or attitude
10. Common types of financial statement fraud noted by the FBI include all of the following
except:
a. Phony sales
b. Cash theft
c. Parked inventory sales
d. Channel stuffing
11. Misappropriation of assets is accomplished in several ways, including all of the following
except:
a. Embezzling receipts
b. Overstating revenue or inventory
c. Stealing assets
d. Causing the entity pay for goods or services not received
12. In the comparison of types of fraud, which of the following has the highest ease of
concealing the identity of the fraudster?
a. Phony vendors
b. Register disbursement
c. Expense reimbursement
d. Check tampering
13. Professional skepticism is an attitude based on all of the following except:
a. Having a questioning mind and performing a critical assessment of all audit evidence
received
b. Possessing a “show me” mindset that recognizes the distinct possibility that a material
misstatement due to fraud could be present
c. Ensuring that all statements made by a client are included in a management
representation letter
d. Probing evidence more thoroughly and critically
14. SAS No. 99 requires that an auditor perform three additional procedures to deal with the risk
of management override of internal controls. The additional procedures include all of the
following except:
a. Examine journal entries
b. Review accounting estimates for biases that could result in material misstatement due
to fraud
c. Evaluate the business rationale for significant unusual transactions
d. Conduct a brainstorming session
15. One of the key elements emphasized in SAS No. 99 is for an auditor to have heightened
professional skepticism in conducting an audit. The AICPA’s Audit Risk Alert identifies a
list of “circumstances and observations” that should catch the attention of the auditor. That
list includes all of the following except:
a. A company that has a culture of arrogance
b. An ineffective audit committee and board governance
c. An overly centralized control over the financial reporting process
d. An overly loyal management team
16. Weak audit procedures increase the risk that deficiencies in internal control and poor
accounting practices will not be noticed. Examples of audit procedures that enhance the risk
that fraud might not be detected include all of the following except:
a. Accepting verbal or written representations by company management and personnel
without obtaining independent corroborating evidence of such representations
b. Accepting confirmations sent directly to the company being audited instead of the
auditor
c. Failure to confirm unusual transactions with third parties
d. Failure to observe inventories
17. SAB No. 101, Revenue Recognition in Financial Statements, offers four criteria that need to
be met in order to recognize revenue. The four criteria include all of the following except:
a. There is persuasive evidence that an arrangement exists
b. A delivery of goods has occurred or services have been rendered
c. There is a right to return the goods by the buyer
d. Collectability of the sale or service is reasonably assured
18. Under ASC 605-15-25, Revenue Recognition-Products- Recognition (formerly FASB
No. 48), if an entity sells its product but gives the buyer the right to return the product, the
revenue shall be recorded only if all of the conditions have been met. The conditions include
all of the following except:
a. The seller’s price to the buyer is substantially fixed or determinable at the date of sale
b. The buyer has economic substance apart from the seller
c. The amount of future returns can be reasonably estimated
d. There is a legal right of offset
19. With respect to side agreements involving receivables, an auditor should consider the use of
additional audit procedures that may include all of the following except:
a. Obtaining a sufficient understanding of the client’s industry and business
b. Send out the standard confirmation to the accounts payable department
c. Make inquiries of relevant personnel
d. Read and understand contracts
20. Which of the following is an element of the predator profile that Bernie Madoff had?
a. People around Madoff loved him
b. Madoff had an inferiority complex
c. Madoff apologized too much for his fraud
d. Madoff had the need to look successful
21. Which of the following is an acceptable type of indemnification clause that an auditor can
place in his or her engagement letter: Indemnification against ________________?
a. Auditor’s negligence
b. Knowing misrepresentations made by audit client’s management
c. Intentional errors committed by the auditor
d. Client unintentional errors
22. Which of the following is a fact identified in a GAO report related to a concentration in
audit market for larger public companies:
a. The Big Four audit approximately 50 percent of all U.S. public companies
b. Midsize and smaller firms audit about 40 percent of the smallest public companies
c. Internationally, the Big Four dominate the market for audit services
d. Approximately 90 percent of large companies noted that the number of accounting
firms from which they could choose was adequate
23. Which of the following is true as it relates to litigation settlements against auditors and
accountants:
a. The average settlement has declined in 2011 from an average high in 2006
b. The inventory of cases waiting to be settled has increased
c. The ultimate settlement is only 10-15% of the total estimated damages claims
d. The number of large settlements at more than $1 billion increased considerably in 2011
and 2010
24. The top accounting issues cited in lawsuits include all of the following except:
a. Estimates
b. Depreciation and amortization
c. Understated liabilities and expenses
d. Revenue recognition
25. Which of the following is a recommendation made by the Advisory Committee on the
Auditing Profession:
a. Auditor liability should be limited to a percentage of firm capital
b. Large auditing firms should issue audited financial statements to the PCAOB
c. The SEC should force the creation of a fifth firm that will compete with the Big Four
d. None of the above
26. The AICPA’s Top 10 Technology Issues of 2011 includes all of the following except:
a. Control and Use of Mobile Devices
b. Information Security
c. Data Retention Policies and Structure
d. 3G wireless
27. Section 404 of Sarbanes-Oxley Act requires that the company’s auditor evaluate
management’s assessment of internal control by taking certain steps that include all of the
following except:
a. Perform a walkthrough of the company’s significant processes
b. Test and evaluate the effectiveness of the design and operating effectiveness of internal
controls
c. Identify control deficiencies and categorize them into two categories
d. Issue, if applicable, an unqualified opinion on the company’s financial statements
28. Which of the following is a change made by Dodd-Frank with respect to Section 404:
a. Dodd-Frank specifically exempts all public companies from Section 404(a) only
b. Dodd-Frank specifically exempts all public companies from Section 404(a) and (b).
c. Dodd-Frank specifically exempts no-accelerated filers from having to comply with
Section 404(b) only
d. Dodd-Frank specifically exempts non-accelerated filers from having to comply with
section 404(a) and (b)
29. According to a Wall Street Journal report, many of the advantages of staying public no
longer exist. Examples of such advantages include all of the following except:
a. Access to public market capital is no longer important
b. Smaller public companies do not benefit from the public markets like the larger
companies do
c. The direct and indirect costs of staying public exceed the benefits
d. In general, smaller companies do not reap the benefits of higher stock prices
30. According to one article noted in the course, board members need to do all of the
following except:
a. Ask hard questions of management
b. Apply sound judgment
c. Have legal counsel to advise on personal liability
d. Come to board meetings prepared
31. Section 953 of Dodd-Frank requires disclosure of which of the following:
a. The annual total compensation of the lowest one third of all employees of an issuer
b. The annual total compensation of the CEO of an issuer
c. The annual total compensation of all employees of an issuer
d. The annual total compensation of the CEO and all senior management of an issuer
32. According to the 2010 Report to the Nation, which of the following is the number one most
effective control in detecting and limiting financial statement fraud schemes:
a. Fraud hotline
b. Granting rewards for whistleblowing
c. Enhancing internal control
d. Performing an external audit
33. Under Section 806 of Sarbanes-Oxley, which of the following whistleblowing protections
are provided for employees of public companies?
a. Requires a company board to pay whistleblowers a referral fee
b. Requires a company to rehire an employee at three times his or her previous average
compensation over the past three years
c. Prevents a company from discharging an employee for providing information about
fraud
d. Permits a company to sue an employee who whistleblows false information
34. An incentive for a whistleblower to overreact and report to the SEC prematurely is:
a. The information provided to the SEC must be fresh
b. The first party to disclose a fraud is the only one who receives the reward
c. There is a short time limit to whistleblow and receive a reward
d. The special anti-retaliation rules allow for a very short window of protection after
which a company can retaliate against an employee without recourse
35. One incentive for a company to offer a mechanism for employees to report an SEC
violation is:
a. It allows a company to correct the action internally before being reported to the SEC
b. It allows the company to terminate the employee before the employee is able to report
to the SEC
c. It allows a company to file an injunction against the employee before the employee is
able to report to the SEC
d. It allows the company to modify files and other evidence and develop a defense
strategy before being reported to the SEC
36. With respect to recurring peer review comments, deficiencies in audit procedures noted
include all of the following except:
a. Failure to perform cash reconciliations
b. Failure to use a written audit program
c. Failure to obtain a client management representation letter
d. Failure to tailor audit programs for specialized industries
37. Specific financial statement deficiencies noted in peer reviews related to assets include all of
the following except:
a. Improper classifications between current and long-term assets
b. Investments in majority owned or controlled subsidiary not consolidated
c. Cash overdrafts shown as a negative balance in the current asset section
d. Inventories valued using the wrong accounting method
38. Specific financial statement deficiencies noted in peer reviews related to incomplete and
missing disclosures include all of the following except:
a. Not disclosing the amount of the fixed assets on hand
b. Significant accounting policies, such as revenue recognition
c. Basis of accounting other than GAAP
d. Concentrations of credit risk
39. Common functional area deficiencies noted in peer reviews related to employee benefit
plans include all of the following except:
a. Inadequate testing of participant data and investments
b. Inadequate or missing disclosures related to participant directed investment programs,
investments and participant data
c. Failure to understand testing requirements on a limited-scope engagement
d. Failure to include the proper wording in the report
40. In accordance with the AICPA peer review program, which of the following types of
engagements performed would require that a system review be performed on that firm: A
firm that performs:
a. Only compilations that omit substantially all disclosures
b. Only audits
c. Only reviews
d. Only compilations and reviews
41. With respect to the AICPA peer review program, if a firm receives a “fail” in its reviewer’s
grade, it means which of the following:
a. There was one or more significant deficiencies
b. There were at least three deficiencies
c. There was a combination of more than one deficiency and a significant deficiency
d. None of the above
42. In a comparison with SAS No. 70, SSAE No. 16 does all of the following except:
a. Requires management to provide a written assertion
b. Requires the user auditor to perform new expansive procedures
c. Requires a risk analysis be performed
d. Expands the reporting requirements for use of subservice organizations
43. Which of the following is true?
a. A Type 1 Report is as of a specific date while a Type 2 report opines on controls in
effect during a period of time
b. A Type 1 report is for a period of time while a Type 2 report is as of a specific date
c. A Type 1 report is as of the beginning of the period while Type 2 is as of the end of the
period
d. Both reports are as of a specific date
44. Under SSAE No. 16, which of the following must an auditor include in a Type 2 report that
is not in a Type 1 report:
a. Description of tests of controls
b. Restricted use
c. Service auditor’s responsibilities
d. Service organization’s responsibilities
45. Which of the following is an example of a coverage ratio?
a. Days sales in receivables
b. Times debt service is earned
c. Altman Z score
d. Inventory turnover
46. Factors that may indicate a potential going concern problem include all of the following
except:
a. Unusually liberal credit terms to customers including dating of receivables
b. Continued operating losses
c. Company is within a very competitive marketplace
d. Weak financial ratios such as the Altman Z Score
47. In searching for related party transactions, the auditor may wish to perform all of the
following procedures except:
a. Review material cash disbursements and other transactions
b. Research the definition of related parties in accounting literature
c. Discuss with other professionals about related parties
d. Use the Internet to search records for the names of principals at the audit client to find
other affiliated entities
48. According to the author, _____ of lawsuits are initiated by third parties.
a. 15%
b. 25%
c. 75%
d. 85%
49. Most lawsuits against auditors occur within which period of time:
a. The first two years of the auditor’s relationship
b. Typically once there is a triggering event
c. The first five years of the auditor’s relationship
d. The first seven years of the auditor’s relationship
50. Common pitfalls that continue to expose accountants to loss in litigation include all of the
following except:
a. Failure to maintain professional skills
b. Working in areas and industries in which the accountant has too much expertise
c. Unprofessional working habits
d. Failure to maintain a good relationship with clients
51. The Top Ten Actions to minimize the risk of being sued include:
a. Never sue to collect unpaid fees
b. Take additional CPE courses
c. Have two partners sign off on all workpapers
d. None of the above
52. According to the AICPA, _____________ has (have) proven to be one of the principal
factors giving rise to liability claims against auditors.
a. Overbilling clients
b. Personality disputes between the client and the auditor
c. Problem clients
d. Missing deadlines
53. Which of the following is not a symptom of an undesirable client?
a. Client is unwilling to pay professional service fees
b. Has a weak financial condition
c. Management chronically enters into material high-risk transactions
d. Client lacks formal education
54. Generally, an auditor may be sued under which of the following causes of action:
a. Breach of contract
b. Negligence
c. Fraud
d. All of the above
55. Auditors’ responsibility to third parties can be categorized into four different categories that
include:
a. Near-privity
b. Restatement approach
c. Foreseeability approach
d. All of the above
56. In order to tighten up workpapers, the author recommends that the auditor does all of the
following except:
a. Complete the audit or review program
b. Include all “to do” lists, whether or not completed
c. Document, document, document
d. Perform analytical procedures
57. Suggestions on how a firm can reduce time and increase audit efficiency include all of the
following except:
a. Manage and train the client and its staff
b. Weed out unprofitable clients and increase fees
c. Cut time down, particularly time allocated to planning the engagement
d. Retain and effectively use staff
58. With respect to weeding out unprofitable clients, clients that are:
a. High risk should be retained if the auditor receives an unusually high fee for the
engagement
b. High risk, slow payers, high maintenance and low profitability may not be worth
keeping
c. Low risk, fast payers, low maintenance and high profitability may not be worth keeping
d. None of the above
59. One way in which the author recommends saving time is to:
a. Perform physical inventories right after year end
b. Confirm trade payables
c. Send out lawyers letters at the same time
d. Eliminate the request for cash cut-off statements
60. SAS No. 67 stipulates that negative confirmations may not be used unless control risk is set
at:
a. Below maximum
b. Maximum
c. Less than 50% of maximum
d. None of the above
61. Examples of mitigating factors that are sought in evaluating going concern include all of the
following except:
a. The ability of an entity to refinance its loan when due three years from the balance
sheet date
b. Alternative sources of financing
c. Management’s plan of action, including its forecast for the coming year
d. Disposition of assets
62. The doctrine of _____________________ liability involves assigning one party’s liability to
another party.
a. Joint and several
b. Vicarious
c. Alter ego
d. Merged
63. Which of the following is a factor that one can use to argue that one entity is merely the
alter ego of another entity?
a. Separate bank accounts, one for each entity
b. Separate facilities
c. Failure to adhere to corporation formalities
d. Separate ownership
64. In auditing lease agreements, common problems found in such leases include all of the
following except:
a. Landlords are passing along the entire cost of new equipment in one year
b. CAM charges are increasing because of security costs required for the building
c. Landlords are charging arbitrarily high management fees to manage the building
d. Landlords are passing along the credit from real estate tax abatements to tenants
65. Under the ASB’s Clarity Format, each new standard is segregated into which of the
following elements:
a. Background
b. Definitions
c. Theory
d. Conclusion
66. Which of the following is a category of laws and regulations that AU-C 250 identifies:
Laws and regulations that _____________.
a. Have a direct effect on the financial statements
b. Have an impact on audit planning
c. Have an impact on the entity’s ethical framework
d. Require a legal interpretation from an entity’s legal counsel
67. An auditor should communicate with those charged with governance, matters involving
noncompliance with laws and regulations that come to the auditor’s attention during the
course of the audit _________________.
a. Other than when the matters are clearly inconsequential
b. Regardless of the materiality of the matters
c. Only if each matter is individually material to the financial statements
d. Unless fraud is involved in the matter.
68. A ____________ is defined as deficiency, or a combination of deficiencies, in internal
control that is less severe than a material weakness, yet important enough to merit
attention by those charged with governance.
a. Significant deficiency
b. Error
c. Irregularity
d. Severe deficiency
69. Which of the following is true as it relates to a situation in which there are no material
weaknesses identified during an audit. The auditor __________stating that no material
weaknesses were identified during the audit.
a. Is not permitted to issue a written communication
b. Is required to issue a written communication
c. Is permitted to issue a written communication
d. Is not permitted to issue an oral communication
70. In accordance with AU-C 700, which of the following is the definition of an opinion
expressed by the auditor when the auditor concludes that the financial statements are
presented fairly, in all material respects, in accordance with the applicable financial
reporting framework:
a. Unmodified opinion
b. Unqualified opinion
c. Disclaimer of opinion
d. Clean opinion
71. Which of the following is a heading that should be in the auditor’s report?
a. “Auditor’s Responsibility”
b. “Client Responsibility”
c. “Responsible Party”
d. “General Responsibility”
72. The auditor’s report should be dated _____________________.
a. As of the date on which the auditor has obtained sufficient appropriate audit evidence
b. On earlier than the last day of field work
c. No earlier than the date on which the auditor has obtained sufficient appropriate audit
evidence
d. As of the date on which the report is completed and proofed
73. If an auditor issues a modified opinion, which of the following is an example of a heading
that could be used for the opinion paragraph:
a. Unmodified Opinion
b. Qualified Opinion
c. Auditor’s Responsibility
d. Management’s Responsibility
74. Which kind of paragraph refers to a matter other than those presented or disclosed in the
financial statements that is relevant to users’ understanding of the audit, the auditor’s
responsibilities, or the audit report:
a. Unqualified opinion paragraph
b. Other-matter paragraph
c. Qualified opinion paragraph
d. Adverse-opinion paragraph
75. If there are both emphasis-of-matter and other-matter paragraphs in an auditor’s report, in
what order should the various paragraphs be presented:
a. FIRST: Opinion paragraph, SECOND: Emphasis-of-matter paragraph, and THIRD:
Other-matter paragraph
b. FIRST: Emphasis-of-matter paragraph, SECOND: Other-matter paragraph, and THIRD:
Opinion paragraph
c. FIRST: Emphasis-of-matter paragraph, SECOND: Opinion paragraph, and THIRD:
Other-matter paragraph
a. FIRST: Opinion paragraph, SECOND: Other-matter paragraph, and THIRD: Emphasis-
of matter paragraph
76. A _________________ is defined as a component identified by the group engagement team
that is of individual financial significance to the group, or (ii) that, due to its specific nature
or circumstances, is likely to include significant risks of material misstatement of the group
financial statements.
a. Significant component
b. Critical element
c. Important component
d. Material element
77. In a group audit, which of the following is responsible for determining whether the auditor’s
report that is issued is appropriate in the circumstances:
a. Component auditor
b. Group engagement partner
c. Group engagement team
d. Component management
78. In a group audit, if the group engagement partner decides to assume responsibility for the
work of a component auditor, how should this event be handled by the group auditor:
a. Reference should be made to the component auditor in the group auditor’s report
b. No reference should be made to the component auditor in the group auditor’s report
c. Reference should be made in the notes to financial statements
d. Reference should be made in the engagement letter
79. With respect to a group audit, which of the following procedures should the group
engagement team perform on components that are not significant:
a. Perform analytical procedures at the component level
b. Perform analytical procedures at the group level
c. Perform analytical procedures combining both the group and component level elements
d. No procedures are required because the component is insignificant
80. When special purpose financial statements contain items that are the same as, or similar to,
those in GAAP financial statements, what kind of disclosures should be presented for the
special purpose financial statements:
a. Disclosures identical to GAAP disclosures
b. Information disclosures similar to those required by GAAP
c. Only disclosures required by the special purpose framework without regard to disclosures
required by GAAP
d. GAAP disclosures with quantitative substitutes to reflect the special purpose format
Please email or fax your completed ANSWER SHEET to the address noted on the sheet if you do
not use the online exam. The online exam and the paper exam are the same.
Good Luck!
Thank you for participating in our self-study program.