the pwc audit - 011704 presentation
TRANSCRIPT
The PwC AuditThe PwC Audit
A Continuous Improvement Approach
to Audit Methodology
A Continuous Improvement Approach
to Audit Methodology
PricewaterhouseCoopers2
Agenda
• Governance of PwC Audit
• Overview of recent evolution of PwC Audit
• Overview key elements of PwC Audit – Acceptance and Continuance– Audit Comfort Cycle– Substantive Procedures– Other Audit Procedures– Audit Committee Communications Plan
PricewaterhouseCoopers3
PwC Audit Governance
Global Audit Policy BoardEstablish global overarching policy principles & goals
and ratify policy statements.
Global R&QEnsure methodology is consistently implemented by providing feedback
on practice issues.
Global Audit Methodology Steering GroupDrive execution of policy in practice through
processes, tools, guidance, training content, etc.
Implementation Partner Network
PricewaterhouseCoopers4
Towards Performance Audit: a continuous improvement program
PwCAudit
PwCAudit
• Audit Comfort Cycle
• Management controls focus
• Show me and Taking stock
• Team re-deployment
2001:
Historical Financial Statements Opinion
Changes in Deliverables
• Business analysis framework
• Enhanced audit guides/ practices
• Scaling up - different client situations
• MyClient integration
2002:• Converged
approach, enhanced testing guidance
• Enhanced client communications, transparency focus
• Application to small companies/ MNCs
• Better use of specialists and knowledge sources
2003:
Time
PricewaterhouseCoopers5
Changing the Focus of the Audit Model
Audit Risks Identified
RiskKey
RiskKey
Key Risk
Key Risk
Key Risk
Key Risk
Business Risks
PricewaterhouseCoopers6
PwC Audit in 2004
• Acceptance and Continuance (FRISK)
• Audit Comfort Cycle– Scoping– Understanding– Evaluating – Validating
• Substantive Testing
• Other Audit Procedures
• Audit Committee Communications Plan
PricewaterhouseCoopers7
PwC Audit Approach
•Other audit procedures•Financial statements•Completion
No / Limitedcontrolscomfort
Significantcontrolscomfort
Other audit evidenceMainly Mainly
tests of details substantive analyticalprocedures
AuditComfort
Cycle
Acceptance/Continuance Assessment
PricewaterhouseCoopers8
PwC Audit Approach – With Attestation
•Other audit procedures•Financial statements•Completion
No / Limitedcontrolscomfort
Significantcontrolscomfort
Other audit evidenceMainly Mainly
tests of details substantive analyticalprocedures
AuditComfort
Cycle
Broader and deeper assessment of COSO controls over financial reporting, including
management’s evaluation of those controls. e.g., estimates, fraud, tax accrual, more
locations.
Additional procedures deemed necessary to provide independent assurance on
financial statements, taking into consideration the internal controls
assessment.
Report on management’s assertions on internal controls over financial reporting
Report on Financial Statements
Acceptance/Continuance Assessment
PricewaterhouseCoopers9
Acceptance & Continuance Process
• Governance and oversight of management
• Past performance
• Management’s expertise and skill
• Adequacy of management resources
• Audit relationship
• Audit adjustments
• Revenue recognition
• Accounting control
• Integrity and ethics
• Management inclination for intentional misstatement in financial reporting
• Reliability of estimates
• Incentive for intentional misstatements in financial reporting
• Risk of insolvency
PricewaterhouseCoopers10
Acceptance & Continuance Process
Risk Conditions (13)
(defined within Acceptance &
Continuance module)
Key Risks
(user defined or selected from Master Data)
Engagement Leader and Team Manager apply professional judgment in describing specific Key
Risks that relate to the broader Risk Conditions
Risk and
Approach
Schedule The Risk and Approach Schedule is populated by the Key Risks selected and completed by the
Engagement Leader and Team Manager
1
2
3 MyClient Client File
Audit Comfort
Matrix
PricewaterhouseCoopers11
Audit Comfort Cycle
4 Key Questions
• What does management need to get comfort on?
• How does management get comfort?
• Are they entitled to that comfort?
• Can we audit that comfort?
Market Overview
Strategy Value Creating Activities
Financial Performance
OTHER AUDIT PROCEDURES FINANCIAL STATEMENTS
COMPLETION
ACCEPTANCE/CONTINUANCE ASSESSMENT
SUBSTANTIVE AUDIT EVIDENCE
MAINLY SUBSTANTIVEANALYTICAL
PROCEDURES
SIGNIFICANTCONTROLSCOMFORT
NO/LIMITEDCONTROLSCOMFORT
Auditcomfortcycle
MAINLY TESTSOF DETAILS
PricewaterhouseCoopers12
Audit Comfort Cycle
Market Overview
Strategy Value Creating Activities
Financial Performance
OTHER AUDIT PROCEDURES FINANCIAL STATEMENTS
COMPLETION
ACCEPTANCE/CONTINUANCE ASSESSMENT
SUBSTANTIVE AUDIT EVIDENCE
MAINLY SUBSTANTIVEANALYTICAL
PROCEDURES
SIGNIFICANTCONTROLSCOMFORT
NO/LIMITEDCONTROLSCOMFORT
Auditcomfortcycle
MAINLY TESTSOF DETAILS
• What does management need to get comfort on?
PricewaterhouseCoopers13
Scoping: Forming a Point of View
• Perform company and industry analytical procedures
• Research and analyze external communications
• Partners connect with staff members
• Document the team’s understanding of the business
• Knowledge broker to capture and share industry information
• Form a point of view on the risks that management should be concerned about
PricewaterhouseCoopers14
Scoping: Business Analysis Framework
PricewaterhouseCoopers15
Scoping:Risk Assessment – Key Risks
Key Risk
We identify audit risk through understanding the entity’s business objectives and related risks.
Business Risks
Audit Risks
Key Risk
Key Risk
Key Risk
Key Risk
Key risks are those conditions or factors within an audit that, in the judgment of the auditor, give rise to a greater risk of material financial misstatement or other matters resulting in the issuance of an inappropriate audit report.
PricewaterhouseCoopers16
Scoping: Analytical Procedures
• High Level– Understand the business– Identify areas of risk
• Disaggregated Account Level– Determine the nature, timing & extent of testing
• External benchmarking to peers, market trends– Looking for anomalies, areas of risk – Use of extensive knowledge management tools
available
PricewaterhouseCoopers17
Scoping Translated into Audit Strategy
Where controls over significant account balances or classes of transaction are not aligned, we will need to perform substantive tests of details.
StakeholdersRisks Controls
Alignment
Business Objectives
PricewaterhouseCoopers18
Scoping: Audit Team of Specialists
Our best teams use our specialist capabilities to help in forming a point of view.
Stakeholders
Business Objectives
Financial Risk
Business Process
Enterprise-wide Risk
Systems & Technology
Energy Trading Risk
Business Resilience
Project Management
Internal Audit Security
Data Risk
Regulatory/ Compliance
Performance Improvement
Treasury
Risks Controls
Alignment
Computer-Assisted Audit Techniques
Fraud
PricewaterhouseCoopers19
Scoping: Use of Specialists
• Policies for the use of Systems and Process Assurance specialists and Fraud Risk & Controls specialists are based around risk attributes
• Policies are for consultation with specialists – level of involvement remains a decision of engagement leader
• At a minimum, RequiredRequired to consider use of specialists at mobilization stage
PricewaterhouseCoopers20
Audit Comfort Cycle
4 Key Questions
• What does management need to get comfort on?
Market Overview
Strategy Value Creating Activities
Financial Performance
OTHER AUDIT PROCEDURES FINANCIAL STATEMENTS
COMPLETION
ACCEPTANCE/CONTINUANCE ASSESSMENT
SUBSTANTIVE AUDIT EVIDENCE
MAINLY SUBSTANTIVEANALYTICAL
PROCEDURES
SIGNIFICANTCONTROLSCOMFORT
NO/LIMITEDCONTROLSCOMFORT
Auditcomfortcycle
MAINLY TESTSOF DETAILS
• How does management get comfort?
• Are they entitled to that comfort?
• Can we audit that comfort?
PricewaterhouseCoopers21
Applying Audit Comfort Cycle from the Top-Down
• Organize audit team to align with how management runs the business.
• Extend discussions about business objectives & risk to management controls.
• Understand & evaluate how management controls risk.
• Validate controls against engagement team’s point of view.
Audit controls from the top down
BoardSr Mgmt
DepartmentHeads
Operations
Transaction Processing
PricewaterhouseCoopers22
“Taking Stock”: Real-Time Linkage in the Iterative Process
• Share team members’ cumulative knowledge
• Update risk identification and assessment
• Consider the audit comfort gained to date, by audit assertion
• Answer: “Do we have enough comfort?”
• Answer: “What do we do next?”
PricewaterhouseCoopers23
BusinessRisks
related to achieving Objectives
………………
Business Process A Completeness Accuracy Validity Restricted Access
Business Process B Completeness Accuracy Validity Restricted Access
Business Process C Completeness Accuracy Validity Restricted Access
Account Balances and Transactions
Account Balances and Transactions
General Computer Controls
Account Balances and Transactions
Connecting the Dots …
Business Objectives
Financial Statement Assertions/Audit Objectives
Classes of Transactions Occurrence Completeness Accuracy Cutoff ClassificationAccount Balances Rights &
Obligations Existence Completeness Accuracy/ValuationPresentation & Disclosure Occurrence/R&O Completeness Understandability Accuracy/Valuation
PricewaterhouseCoopers24
Audit Comfort Matrix
PricewaterhouseCoopers25
Summary of Comfort
PricewaterhouseCoopers26
Substantive Audit Evidence
Market Overview
Strategy Value Creating Activities
Financial Performance
OTHER AUDIT PROCEDURES FINANCIAL STATEMENTS
COMPLETION
ACCEPTANCE/CONTINUANCE ASSESSMENT
SUBSTANTIVE AUDIT EVIDENCE
MAINLY SUBSTANTIVEANALYTICAL
PROCEDURES
SIGNIFICANTCONTROLSCOMFORT
NO/LIMITEDCONTROLSCOMFORT
Auditcomfortcycle
MAINLY TESTSOF DETAILS
PricewaterhouseCoopers27
Achieving the Right Balance
No/Limited Controls Comfort Significant Controls Comfort
PricewaterhouseCoopers28
Assurance Hierarchy
Will we obtain audit assurance from tests of controls?
Test controls.
No further testing required.
Can we obtain audit assurance from substantive analytical procedures?
Perform substantive analytical procedures.
Perform tests of details.
Do we need additional audit assurance?
No
Yes No
No
Yes
Yes
PricewaterhouseCoopers29
Other Audit Procedures
Market Overview
Strategy Value Creating Activities
Financial Performance
OTHER AUDIT PROCEDURES FINANCIAL STATEMENTS
COMPLETION
ACCEPTANCE/CONTINUANCE ASSESSMENT
SUBSTANTIVE AUDIT EVIDENCE
MAINLY SUBSTANTIVEANALYTICAL
PROCEDURES
SIGNIFICANTCONTROLSCOMFORT
NO/LIMITEDCONTROLSCOMFORT
Auditcomfortcycle
MAINLY TESTSOF DETAILS
PricewaterhouseCoopers30
Other Audit Procedures: More Connecting the Dots
• Link management informationmanagement information to financial statements
• Review adjustmentsadjustments necessary to reconcile management information to the financial statements
• Review non-standard journal entries and other adjustments to ascertain whether entries may be indicative of fraudindicative of fraud based upon the risk of management override on controls
• Perform ongoing analytical procedures, including updating analytical procedures related to revenueanalytical procedures related to revenue
PricewaterhouseCoopers31
Audit Committee Communications Framework: Objectives
• Promote effective and candid communications
• Enhance timely reporting, dialogue and sharing views– Service approach – Risk and Control– Financial Reporting– Governance
• Provide consistency in our deliverables through recommended templates and practice aids
PricewaterhouseCoopers32
Service approach
Risk and control
Financial reporting
Governance
Ongoing assessment of needs & expectations
[Indicate timing] [Indicate timing] [Indicate timing] [Indicate timing]
Understanding the audit Staying informed Resolution and completion
Corporate governance:roles and practices
Internal control and business issues report
Assessing our performance and yours
– Reporting timetable– Business unit
scope– Engagement team– Other deliverables
Risk analysis
Perspectives on fraud risk
Other regulatory requirements – plan
Our audit plan
Communications plan
Risk condition alert
Transparency of corporate reporting
Reportingrequirements
– Internal control deficiencies
– Accounting policies
– Management judgments
– Quality of earnings
– Independence
– Transparency
Audit opinionBest
practices in corporate reporting
PwC principles and practices
Engagement letter and independence confirmation
Update on accounting/audit issues and risk analysis
Quarterly review
Quarterly review
Quarterly review
Getting started
Audit Committee Communications Plan Audit Committee Communications Plan
PricewaterhouseCoopers33
The PwC Audit
• Global approach adaptable to all clients
• Designed for continuous improvement
• Performance metrics will play a larger role in future audits
• Audit quality is at the core of our long term business objectives.