Checkpoint Contents Accounting, Audit & Corporate Finance Library Editorial Materials Audit and Attest PCAOB Audits Chapter 1 Overview 100 Background

100 Background

100.1 For many years, auditors had traditionally conducted their engagements in accordance withgenerally accepted auditing standards developed by the American Institute of Certified PublicAccountants (AICPA). Auditors of publicly­traded companies have also had to follow the additionalrules of the SEC. However, this changed dramatically in 2002 with the passage of the Sarbanes­Oxley Act and the subsequent establishment of the Public Company Accounting Oversight Board(PCAOB).

100.2 The Sarbanes­Oxley Act of 2002 (SOX) was passed in response to a growing number offinancial scandals that started with Enron in the fall of 2001. These financial scandals eventually ledto the collapse of some large public companies, including Enron and WorldCom (owner oftelecommunications giant MCI). Their CEOs and other financial executives were convicted ofcriminal fraud and received prison sentences. Stockholders and creditors lost billions when thesecompanies failed. In addition, the Enron and WorldCom collapses led to the failure of Andersen, oneof the world's largest accounting firms. Congress felt compelled to act and responded with theSarbanes­Oxley Act of 2002.

Sarbanes­Oxley Act of 2002

100.3 The portion of SOX that has the greatest impact on public company auditors is Section 404,which deals with management's assessment of internal controls. However, there are severalsections that are also important to audit firms. Exhibit 1­1 summarizes some of the more importantsections of SOX.

Exhibit 1­1

Highlights of the Sarbanes­Oxley Act of 2002

Section 101 This section establishes the Public CompanyAccounting Oversight Board (PCAOB), which is theorganization responsible for overseeing the audits ofpublic companies. (Public companies are referred to

as “issuers” in SOX. The term issuer is defined in theSEC rules and generally refers, among otherorganizations, to companies whose securities areregistered under the Securities Exchange Act of1934.)

Section 102 This section establishes the requirement foraccounting firms to register with the PCAOB in order toaudit public companies.

Section 103 Section 103 has several important components,including the requirement that auditors keep their auditworkpapers for seven years. In addition, each auditreport must have a concurring review performedbefore it is issued.

Section 104 This section establishes the requirement for thePCAOB to inspect each large registered accountingfirm (those with more than 100 public company auditclients) annually and each small firm (those with 100 orfewer clients) at least every three years.

Section 201 Section 201 defines nonaudit services that publiccompany auditors cannot provide without impairingtheir independence. These services are furtherdiscussed in SEC Rule 2­01 of Regulation S­X. Seesection 201 of this Guide for more information.

Section 202 This section requires preapproval of a firm's audit andnonaudit services by the client's audit committee.

Section 203 This section specifies partner rotation schedules forpublic company auditors. Generally, a lead andconcurring partner can serve on a client's auditengagement team for no more than five years in a row.Partner rotation is addressed in more detail in SECRule 2­01 of Regulation S­X. See section 201 of thisGuide for more information.

Section 401 This section requires that financial statements reflectall material correcting adjustments proposed by theauditor.

Section 404 Section 404 is generally considered to be the mostchallenging section of SOX. It requires a company'smanagement to assess its internal control overfinancial reporting, and it requires the auditor to attestto and report on management's assessment. Theauditor must assess and report on management'sassessment as part of the audit of the financialstatements. (However, the discussion beginning atparagraph 100.4 details amendments to Section 404.)

Note: This exhibit is not a complete overview of SOX, but mentions some of the moreimportant aspects (in the authors' opinion) from an auditor's perspective.

____________________

Other Legislation Affecting Sarbanes­Oxley

100.4 In recent years, several other Acts have been signed into law by the President that amend keyprovisions of the Sarbanes­Oxley Act of 2002. In addition to the amendments of SOX, these Actsintroduced other legislation that impact issuers and their auditors.

100.5 Dodd­Frank Act The Dodd­Frank Wall Street Reform and Consumer Protection Act (Dodd­Frank Act), which became effective on July 21, 2010, exempts nonaccelerated filers from complyingwith Section 404(b) of the Sarbanes­Oxley Act of 2002 requiring an independent auditor's attestationon the effectiveness of an entity's internal control over financial reporting. The Act also containsnumerous other provisions that affect registrants and their auditors.

100.6 Some of the provisions of the Act affecting SEC rule­making or studies include:

• Requires the SEC to conduct a study on how Sarbanes­Oxley Section 404(b) complianceburdens can be reduced for companies with market capitalizations between $75 million and$250 million.

• Requires a nonbinding shareholder vote on compensation for named executive officers at leastonce every three years (say­on­pay). In addition, a nonbinding shareholder vote is required oncompensation for named executive officers in connection with acquisitions, mergers, sales, andsimilar transactions unless otherwise included in the general say­on­pay shareholder vote.

• Requires public companies to have compensation committees that include only independentdirectors.

• Expands disclosures in the annual proxy statement on executive compensation, includinginformation on the median annual total compensation for all employees and the annualcompensation of the CEO, as well as a ratio of such amounts.

• Requires the SEC to issue rules for companies to establish policies to recover excesscompensation paid to executive officers in the event of financial reporting restatements due tononcompliance with accounting standards.

• Unless specific instructions are provided by the owner, prohibits brokers from voting sharesfor director elections, executive compensation, or other significant matters.

• Authorizes the SEC to issue rules that permit shareholders to nominate directors in the proxy,subject to ownership thresholds.

• Requires the disclosure in the proxy materials on why the company has elected to eithercombine or separate the roles of board chairman and CEO.

• Amends the Securities Act of 1933 to allow the SEC to sue a party that “knowingly orrecklessly provides substantial assistance to another person” in violating the Securities Act orrelated rules and regulations. This changes the level of liability from a “knowingly” standard to a“knowingly or recklessly” standard.

Recent SEC activities relating to some of these provisions are discussed in section 1003.

100.7 Section 982 of the Dodd­Frank Act authorizes the PCAOB to establish standards forregistered public accounting firms relating to audits of broker­dealers for reports included in filingswith the SEC. On July 31, 2013, the SEC issued a final rule that, among other things, requires auditsof all broker­dealers (including nonpublic broker­dealers) to be conducted in accordance with thestandards of the PCAOB. Prior to implementing the requirements set forth by the new SEC final rule,audits of nonpublic broker­dealers have been performed in accordance with GAAS. The new rulesalso require broker­dealers to file new reports with the SEC. As further discussed beginning inparagraph 100.36, in October 2013, the PCAOB approved two attestation standards that providerequirements for examining or reviewing the assertions in the broker­dealer's compliance orexemption report filed in compliance with SEC reporting rules. Also, as discussed in paragraph100.32, the PCAOB approved Auditing Std. No. 17, Auditing Supplemental InformationAccompanying Audited Financial Statements, which applies whenever the auditor is engaged to auditand report on supplemental information that accompanies the audited financial statements. Thesupplemental information includes the supporting schedules required by the SEC's broker­dealerfinancial reporting rule or other audited supplemental information included in SEC filings, whetherrequired by another regulatory body or voluntarily submitted by the issuer. A comprehensivediscussion of audits of brokers and dealers is beyond the scope of this Guide. PPC's Practice Aidsfor Audits of Broker­dealers provides additional detailed information on such audits.

100.8 JOBS Act The Jumpstart Our Business Startups Act (JOBS Act), which became effective onApril 5, 2012, amends Section 404(b) of the Sarbanes­Oxley Act to eliminate the requirement for an

auditor's attestation on the effectiveness of an entity's internal control over financial reporting forcompanies defined as an “emerging growth company.” The JOBS Act also provides for the delay ofthe use of newly adopted accounting and auditing standards in certain respects, as well as additionalmatters, for emerging growth companies. The JOBS Act is discussed more fully beginning withparagraph 906.71.

PCAOB Standards

100.9 As noted in Exhibit 1­1, Section 101 of SOX established the PCAOB, which operates underthe general oversight of the SEC, to regulate the audits of public companies. Among otherrequirements, SOX assigns the following responsibilities to the PCAOB:

a. Registering public accounting firms that provide audit services to public companies.

b. Establishing or adopting auditing, quality control, ethics, independence, and other standardsfor the audits of public companies.

c. Conducting periodic inspections of registered public accounting firms to ensure that they arecomplying with SOX, PCAOB rules and standards, and federal securities laws.

d. Conducting investigations and disciplinary proceedings, and applying sanctions, as needed.

100.10 Interim Standards To provide continuity, the PCAOB has adopted the generally acceptedauditing standards of the AICPA that existed as of April 16, 2003, as interim standards for audits ofpublic companies. PCAOB Release No. 2003­006, which establishes interim auditing and relatedprofessional practice standards, consists of the following five rules:

• Interim auditing standards (Rule 3200T).

• Interim attestation standards (Rule 3300T).

• Interim quality control standards (Rule 3400T).

• Interim ethics standards (Rule 3500T).

1

• Interim independence standards (Rule 3600T).

Accordingly, AICPA auditing standards that existed prior to April 16, 2003, are appropriate for auditsof public companies until such time as the PCAOB amends or supersedes them.

100.11 Other PCAOB Standards In addition to the AICPA standards that the PCAOB has adoptedas interim standards, the PCAOB has adopted 18 auditing standards, all of which have beenapproved by the SEC. Those additional standards are discussed in the following paragraphs.

100.12 PCAOB Auditing Standard No. 1 PCAOB Auditing Standard. No. 1, References inAuditors' Reports to the Standards of the Public Company Accounting Oversight Board, was the firststandard issued by the PCAOB, and it is very narrow in scope. It requires accounting firms to statethat their public company audits and reviews are conducted in accordance with the “standards of thePublic Company Accounting Oversight Board (United States).” The auditor must also include the cityand state from which the report was issued. Reporting requirements under the PCAOB standardsare discussed in more detail in section 906 of this Guide.

100.13 PCAOB Auditing Standard No. 2 Section 404 of SOX requires a public company'smanagement to assess its internal control over financial reporting and the auditor to attest to andreport on management's assessment. PCAOB Auditing Standard. No. 2, An Audit of Internal ControlOver Financial Reporting Performed in Conjunction with an Audit of Financial Statements, provideddetailed guidance to assist the firm in complying with Section 404 of SOX. However, Auditing Std.No. 2 was superseded by Auditing Std. No. 5, An Audit of Internal Control Over Financial ReportingThat Is Integrated with An Audit of Financial Statements (see discussion in paragraph 100.16).

100.14 PCAOB Auditing Standard No. 3 PCAOB Auditing Standard. No. 3, Audit Documentation,replaces SAS No. 96, Audit Documentation. Auditing Std. No. 3 establishes documentationstandards for audits of financial statements and internal controls as well as reviews of interimfinancial statements performed in accordance with PCAOB standards. The standard covers generalaudit documentation requirements, documentation of specific matters (including the preparation of anengagement completion document), and document retention and subsequent changes to auditdocumentation. The requirements of this standard are discussed in more detail in Chapter 7.

100.15 PCAOB Auditing Standard No. 4 Auditing Standard No. 4, Reporting on Whether aPreviously Reported Material Weakness Continues to Exist, provides guidance for voluntaryengagements performed only at the request of management, to report on whether a materialweakness previously disclosed in management's and/or the auditor's report on internal control overfinancial reporting continues to exist as of a date specified by management. When a materialweakness has been reported, investors may be uncertain about the reliability of the financialstatements until they learn that the material weakness no longer exists. If management has correctedthe weakness, it may determine that communication of the correction in its quarterly disclosure will

be sufficient notification to investors. Also, management might engage the auditor to report that theweakness no longer exists before the quarterly disclosure. Chapters 5 and 9 also discuss AuditingStandard No. 4.

100.16 PCAOB Auditing Standard No. 5 Auditing Standard No. 5, An Audit of Internal ControlOver Financial Reporting That Is Integrated with An Audit of Financial Statements, replaces theprevious internal control auditing standard, Auditing Std. No. 2. Auditing Std. No. 5 aligns with theSEC's management guidance for management's assessment of internal control under SOX section404. It also requires the audit of internal control over financial reporting to be integrated with the auditof the financial statements and to use a top­down, risk­based approach. Further, Auditing Std. No. 5eliminated the Auditing Std. No. 2 requirement to report on management's assessment and revisedthe definitions of the terms material weakness and significant deficiency, as follows:

• Material Weakness— “a deficiency, or a combination of deficiencies, in internal control overfinancial reporting, such that there is a reasonable possibility that a material misstatement of thecompany's annual or interim financial statements will not be prevented or detected on a timelybasis.”

• Significant Deficiency— “a deficiency, or a combination of deficiencies, in internal control overfinancial reporting that is less severe than a material weakness, yet important enough to meritattention by those responsible for oversight of the company's financial reporting.”

See a detailed discussion of Auditing Std. No. 5 in Chapter 5.

100.17 PCAOB Auditing Standard No. 6 Auditing Standard No. 6, Evaluating Consistency ofFinancial Statements, superseded AU 420, Consistency of Application of Generally AcceptedAccounting Principles, and AU 9420, and made conforming amendments to the interim auditingstandards in response to FASB ASC 250 and the FASB's action to move the hierarchy of GAAPfrom the auditing standards to the accounting standards. The standard requires auditors to evaluatethe consistency of a company's financial statements and to report on any inconsistencies. AuditingStandard No. 6 is discussed in Section 906.

100.18 PCAOB Auditing Standard No. 7 Auditing Standard No. 7, Engagement Quality Review,provides a framework for an engagement quality reviewer to objectively evaluate the significantjudgments made by the engagement team and the conclusions reached in forming an overallconclusion on the engagement. The standard directs an engagement quality reviewer's attention tomatters that increase the likelihood of identifying and correcting significant engagement deficienciesbefore an audit report is issued. The standard requires an engagement quality review (EQR) foraudits and for reviews of interim financial information, but not for other engagements. The standard isdiscussed in Chapters 2, 8, and 10 of this Guide.

100.19 PCAOB Risk Assessment Standards (Auditing Standard Nos. 8­15) In August 2010, the

PCAOB approved eight auditing standards—Nos. 8 through 15—that address auditors'responsibilities for assessing and responding to the risks of material misstatement in an audit offinancial statements. Those standards, often referred to as the Risk Assessment Standards, are asfollows:

• Auditing Std. 8, Audit Risk.

• Auditing Std. 9, Audit Planning.

• Auditing Std. 10, Supervision of the Audit Engagement.

• Auditing Std. 11, Consideration of Materiality in Planning and Performing an Audit.

• Auditing Std. 12, Identifying and Assessing Risks of Material Misstatement.

• Auditing Std. 13, The Auditor's Responses to the Risks of Material Misstatement.

• Auditing Std. 14, Evaluating Audit Results.

• Auditing Std. 15, Audit Evidence.

The standards superseded six interim auditing standards: AU 311, Planning and Supervision; AU312, Audit Risk and Materiality in Conducting an Audit; AU 313, Substantive Tests Prior to theBalance Sheet Date; AU 319, Consideration of Internal Control in a Financial Statement Audit; AU326, Evidential Matter; and AU 431, Adequacy of Disclosure in Financial Statements.

100.20 Paragraphs 100.21­.28 summarize the principal provisions of the PCAOB's risk assessmentstandards.

100.21 Auditing Standard No. 8, Audit Risk. This standard describes the components of audit risk inan audit of financial statements, the auditor's considerations in assessing risk, and the auditor'sresponsibility to reduce risk to an appropriately low level to obtain reasonable assurance aboutwhether the financial statements are free of material misstatement. Among other things, Auditing

Standard No. 8 requires auditors to—

• Assess risk at the financial statement level and the assertion level.

• Reduce the level of the risk of not detecting material misstatement (detection risk) through thenature, timing, and extent of the substantive procedures performed. (The higher the risk ofmaterial misstatement, the lower the level of detection risk needs to be to reduce audit risk to anappropriately low level.)

100.22 Auditing Standard No. 9, Audit Planning. This standard describes the auditor'sresponsibilities for planning the audit, including determining matters that are important to the audit andestablishing an appropriate audit strategy and developing an audit plan. Among other things, AuditingStandard No. 9 requires—

• The engagement partner to be responsible for planning the audit. (The engagement partnermay be assisted by engagement team members in fulfilling that responsibility.)

• Auditors to evaluate whether the following matters are important to the entity and its internalcontrol and, if so, how they will affect the auditor's procedures:

•• Knowledge about risks evaluated as part of client acceptance and continuance.

•• Matters relating to entity's industry.

•• Matters relating to the business, including the complexity of its operations and theextent of recent changes.

•• Legal or regulatory matters.

•• The auditor's preliminary judgments about materiality and risk.

•• Knowledge of the entity's internal control obtained during other engagements

performed by the auditor.

•• Preliminary judgments about and available evidence related to the effectiveness ofthe entity's internal control.

•• Previously communicated control deficiencies.

•• Public information relevant to the evaluation of the likelihood of materialmisstatements and internal control effectiveness.

• Auditors to take communications with the audit committee into account when developing theoverall audit strategy.

• Auditors to develop and document an audit plan that includes the nature, timing, and extent ofrisk assessment, substantive, and other procedures required by PCAOB standards.

• Auditors to determine the locations or business units at which to perform audit procedures,assess the risks of material misstatement associated with the location or business unit, andcorrelate that assessment with the extent to which audit procedures should be performed.

• Auditors to determine whether specialized skill or knowledge is needed to perform appropriaterisk assessments, plan or perform audit procedures, or evaluate audit results.

100.23 Auditing Standard No. 10, Supervision of the Audit Engagement. This standard describes theauditor's responsibilities for supervising the audit and the work of the engagement team. Among otherthings, Auditing Standard No. 10 requires—

• The engagement partner to be responsible for supervising the audit and the work of theengagement team. (The engagement partner may be assisted by engagement team members infulfilling that responsibility.)

• Supervisory activities to include making engagement team members aware of theirresponsibilities, including informing supervisors of significant accounting and auditing issues thatarise during the audit, and reviewing the work of engagement team members.

100.24 Auditing Standard No. 11, Consideration of Materiality in Planning and Performing an Audit.This standard describes the auditor's responsibilities for considering materiality in planning andperforming an audit and determining the scope of audit procedures, including reevaluating materialityin light of circumstances or additional information that indicates a lower materiality level may beappropriate. Auditing Standard No. 11 defines materiality in an audit by reference to court decisionsinterpreting federal securities laws. In that context, a fact is material if there is “a substantial likelihoodthat the . . . fact would have been viewed by a reasonable investor as having significantly altered the'total mix' of information made available.” Among other things, Auditing Standard No. 11 requires—

• Auditors to consider a company's earnings and other relevant factors in determining materialityfor the financial statements as a whole.

• Materiality to take into account both qualitative and quantitative factors.

• Materiality for the financial statements to be expressed as a specified amount.

• Auditors to evaluate whether there are certain accounts or disclosures for which a lower levelof materiality is appropriate than materiality for the financial statements as a whole.

• Auditors to establish tolerable misstatement at the account or disclosure level and for individuallocations or business units in audits of companies with operations in multi locations or businessunits.

100.25 Auditing Standard No. 12, Identifying and Assessing Risks of Material Misstatement . Thisstandard describes the auditor's responsibilities for identifying and assessing the risks of materialmisstatement that provide a basis for designing and implementing responses to those risks. Amongother things, Auditing Standard No. 12 requires auditors to perform risk assessment procedures thatare sufficient to provide a reasonable basis for identifying and assessing the risks of materialmisstatement and design further audit procedures—tests of controls and substantive procedures—to

2

respond to the risks. Auditing Standard No. 12 specifies the following risk assessment procedures:

• Obtain an understanding of the company and its environment, including evaluating whethersignificant changes in the company from prior periods affect the risks of material misstatement.The understanding includes understanding industry, regulatory, and other external factors; thenature of the company; the company's selection and application of accounting principles,including related disclosures; the company's objectives, strategies, and related business risks;and the company's performance measures.

•• As part of understanding the company, auditors should consider reading publicinformation about the company, observing or reading transcripts of earnings calls,understanding the compensation arrangements with senior management, and obtaininginformation about trading activity and holdings in the company's securities bysignificant holders.

•• As part of understanding the company's selection and application of accountingprinciples, including related disclosures, auditors are required to develop expectationsabout the disclosures that are necessary for the company's financial statements to befairly presented and assess the risks of material misstatement related to omitted,incomplete, or inaccurate disclosures.

• Obtain an understanding of internal control and evaluate whether control deficiencies identified,if any, are indicative of fraud risk factors. The understanding of internal control includes thecompany's control environment, risk assessment process, information system relevant tofinancial reporting, process of communicating financial reporting roles and responsibilities andother significant matters, control activities, and monitoring controls. As part of understanding thecompany's information system relevant to financial reporting, auditors are required to obtain anunderstanding of how IT affects the flow of transactions.

• Consider information from the client acceptance and retention evaluation, audit planningactivities, past audits, and other engagements performed for the company, including informationobtained during reviews of interim financial information. Auditors should evaluate whetherinformation from past audits remains relevant and reliable if they plan to rely on that informationto limit the nature, timing, or extent of risk assessment procedures.

• Perform analytical procedures.

• Conduct a discussion among all key engagement team members, including the engagementpartner, regarding the risks of material misstatement, including fraud risks.

• Make specified inquiries of the audit committee, management, and others within the companyabout the risks of material misstatement, including fraud risks.

After performing risk assessment procedures, Auditing Std. No.12 requires auditors to evaluate howrisks at the financial statement level could affect risks of material misstatement at the assertion leveland whether fraud risk factors are present that should be taken into account in identifying andassessing fraud risks. The auditor's evaluation of fraud risk factors should (a) include evaluation ofhow fraud could be perpetrated or concealed by presenting incomplete or inaccurate disclosures orby omitting disclosures, (b) presume there is a fraud risk involving improper revenue recognition, and(c) consider the risk of management override of controls.

100.26 Auditing Standard No. 13, The Auditor's Responses to the Risks of Material Misstatement.This standard describes the auditor's responsibilities for designing and implementing both overallresponses and responses involving the nature, timing, and extent of auditing procedures to addressthe risks of material misstatement. Among other things, Auditing Standard No. 13 requires auditors to—

• Implement overall responses to address the risks of material misstatement due to both errorand fraud, including appropriately assigning engagement responsibilities to the engagementteam and providing appropriate supervision, incorporating elements of unpredictability inperforming audit procedures, and evaluating the appropriateness of the entity's significantaccounting principles.

• Consider the types, likelihood, and magnitude of potential misstatements, and obtain morepersuasive audit evidence the higher the auditor's assessment of risk.

• Perform substantive procedures, including tests of details, to respond to significant risks,including fraud risks.

• Perform tests of controls if the auditor plans to assess control risk at less than the maximum

by relying on controls and for each relevant assertion for which substantive procedures alonecannot provide sufficient appropriate audit evidence.

• Obtain more persuasive audit evidence from tests of controls the greater the reliance theauditor places on the effectiveness of a control and for each relevant assertion for which theaudit approach consists primarily of tests of controls.

• When testing the operating effectiveness of controls, include procedures to determine whetherthe person performing the control possesses the necessary authority and competence toperform the control effectively.

• When auditors plan to rely on controls tested in past audits, obtain audit evidence in the currentaudit about the design and operating effectiveness of the controls.

• Assess control risk for relevant assertions.

• Perform substantive procedures for each relevant assertion of each significant account anddisclosure, regardless of the assessed level of control risk, including procedures related to theperiod­end financial reporting process.

• When substantive procedures are performed at an interim date, perform substantiveprocedures or substantive procedures together with tests of controls that provide a basis toextend the interim conclusions to the period end.

100.27 Auditing Standard No. 14, Evaluating Audit Results. This standard describes the auditor'sresponsibilities to evaluate whether the audit evidence obtained is sufficient to support the auditor'sopinion on the financial statements. Among other things, Auditing Standard No. 14 requires auditorsto—

• Perform analytical procedures in the overall review of the financial statements, includinganalytical procedures relating to revenue through the end of the period, and evaluate whetherthey indicate a previously undisclosed risk of material misstatement.

• Evaluate whether differences between estimates best supported by the audit evidence andestimates included in the financial statements, which are individually reasonable, indicatepossible bias on the part of the company's management.

• Accumulate misstatements identified during the audit, other than those that are “clearly trivial.”Misstatements that are clearly trivial will be of a smaller magnitude than the materiality levelestablished in accordance with Auditing Std. No. 11 and will be inconsequential, whether takenindividually or in the aggregate, and whether judged by any criteria of size, nature, orconsequence.

• Evaluate the effect of uncorrected misstatements, including the effects of uncorrectedmisstatements detected in prior years and misstatements detected in the current year that relateto prior years.

• Communicate accumulated misstatements to management and evaluate whether managementhas properly corrected them and whether uncorrected misstatements, if any, are material.

• Evaluate whether identified misstatements might be indicative of fraud. If so, auditors arerequired to obtain additional evidence to determine whether fraud has, or is likely to have,occurred and, in that case, determine the effect on the financial statements and the auditor'sreport.

• Evaluate the qualitative aspects of the company's accounting policies, including potential biasin management's judgments and estimates, and determine whether the effects of any bias,together with any uncorrected misstatements, materially misstate the financial statements.

• If management identifies adjusting entries that offset misstatements accumulated by theauditor, perform procedures to determine why the misstatements were not previously identifiedand evaluate the implications on management integrity and the auditor's risk assessments.

• Consider the form, arrangement, and content of the financial statements and accompanyingnotes, including the terminology used, the amount of detail given, and classification of items inthe financial statements, and the basis of amounts presented to evaluate whether the financial

statements are fairly presented.

100.28 Auditing Standard No. 15, Audit Evidence. This standard describes the principles fordetermining the sufficiency and appropriateness of audit evidence, how the characteristics of auditevidence affect the procedures necessary to obtain sufficient appropriate evidence to support theauditor's opinion, specific types of audit procedures, and alternative means of selecting items fortesting. Auditing Standard No. 15 requires auditors to—

• When using information produced by the company as audit evidence, test the accuracy andcompleteness of the information and evaluate whether it is sufficiently precise and detailed forthe auditor's purposes.

• Determine the appropriate means of selecting items for testing (selecting all items, selectingspecific items, or audit sampling) depending on the nature of the audit procedure, thecharacteristics of the control or items being tested, and the evidence necessary to meet theobjective of the audit procedure.

100.29 PCAOB Auditing Standard No. 16 PCAOB Auditing Standard No. 16, Communicationswith Audit Committees, which superseded AU 380, Communications with Audit Committees, and AU310, Appointment of the Independent Auditor, and amended certain other PCAOB standards, carriedforward substantially all of the required communications in the PCAOB's prior interim standards andsignificantly expands required communications and audit procedures aimed at enhancingcommunications between auditors and audit committees. Some of the required communications areto take place during the planning phase of the audit, others are required on an ongoing basisthroughout the audit, and several would take place during the concluding phase of the audit. Thestandard requires that communications occur in a timely manner. The timing of a particularcommunication, unless otherwise specified, depends on factors such as the significance of thematter and corrective or follow­up action needed. The communication can be made with the auditcommittee chair to facilitate timely communication during the audit. All communications are requiredto be made annually prior to the issuance of the auditor's report, or in the case of interim reviews,before the interim financial statements are filed. Unless otherwise specified, the communications canbe in writing or made orally. Regardless of whether the communications are oral or written, theyshould be documented in sufficient detail to allow an experienced auditor having no previousconnection with the engagement to understand the communications made.

100.30 The most significant provisions in the standard, in addition to previously existingrequirements, require the auditor to communicate:

• The terms of the engagement, on an annual basis, upon establishing an understandingspecifically with the audit committee and documented in a written engagement letter provided to

3

the audit committee. In addition, if the engagement letter is executed by an appropriate partyother than the audit committee or its chair, the auditor should determine that the audit committeeacknowledged and agreed to the terms.

• Significant issues the auditor discussed with management in connection with appointment orretention, including significant discussions about the application of accounting principles andauditing standards.

• An overview of the audit strategy, including a discussion of the significant risks identified by theauditor, and the timing of the audit, including the following:

•• Nature and extent of specialized skill or knowledge needed to perform appropriaterisk assessments, plan or perform audit procedures, or evaluate audit results.

•• Planned use of the company's internal audit function in both the financial statementand internal control audits.

•• For audits of internal control over financial reporting, the extent to which the auditorplans use other company personnel and third parties working under the direction ofmanagement.

•• Names, locations, and planned responsibilities of other public accounting firms andother persons, including affiliated firms, participating in the audit.

•• Basis for the auditor's determination that the firm can serve as principal auditor.

• Any significant changes to the planned audit strategy or the significant risks initially identifiedand the reasons for the changes.

• Significant accounting policies and practices, including (a) management's initial selection of orchanges in significant accounting policies and practices in the current period and (b) the effecton financial statements or disclosures of significant accounting policies in controversial areas orareas for which there is a lack of authoritative guidance or consensus or diversity in practice.

• Critical accounting policies and practices, including (a) the reasons certain policies areconsidered critical and (b) how current and anticipated future events might affect thedetermination of whether certain policies and practices are considered critical.

• Critical accounting estimates, including (a) a description of the process management uses todevelop critical accounting estimates, any changes management made to those processes,their reasons for the changes, and the effect on the financial statements, and (b) management'sassumptions used in critical accounting estimates that have a high degree of subjectivity.

• Significant unusual transactions that are outside the normal course of business or thatotherwise are unusual due to their timing, size, or nature and the policies and practicesmanagement used to account for significant unusual transactions.

• Quality of the company's financial reporting including the following:

•• Evaluation of and conclusion about the qualitative aspects of the company'ssignificant accounting policies and practices, including bias in management'sjudgments reflected in the financial statements and disclosures. Auditing Std. No. 14provides the following examples of management bias: (1) the selective correction ofmisstatements brought to management's attention during the audit, (2) the identificationby management of additional adjusting entries that offset misstatements accumulatedby the auditor, (3) bias in the selection and application of accounting principles, and (4)bias in accounting estimates.

•• Evaluation of the differences between estimates best supported by the auditevidence and estimates included in the financial statements that indicate possiblemanagement bias.

•• Assessment of management's disclosures related to the company's critical

accounting policies and any changes to those disclosures proposed by the auditorsthat management did not make.

•• Auditor's understanding of the business rationale for significant unusual transactions.

•• Basis for the auditor's conclusions regarding the reasonableness of the company'scritical accounting estimates.

•• Evaluation of whether the presentation of the financial statements and the relateddisclosures are in conformity with GAAP.

•• Concern regarding management's anticipated application of accountingpronouncements that have been issued but are not yet effective and might have asignificant effect on future financial reporting. (For example, for financial statementsthat are prepared on the basis of accounting principles that are acceptable at thefinancial statement date but that will not be acceptable in the future, AU 9410 requiresthe auditor to consider whether disclosures regarding the impending change in principleand effects that may result on the required future adoption of accounting principle areadequate.)

•• All alternative treatments permissible under the applicable financial reportingframework for policies and practices related to material items that have beendiscussed with management, including the ramifications of the use of such alternativedisclosures and treatments and the treatment preferred by the auditor.

• Matters that are difficult or contentious for which the auditor has consulted outside theengagement team when relevant to the audit committee's oversight of the financial reportingprocess.

• Significant auditing or accounting matters about which management has consulted otheraccountants when the auditor has concerns about such matters.

• The fact that uncorrected misstatements or matters underlying them could potentially causefuture period financial statements to be materially misstated even if the auditor has concludedthat the uncorrected misstatements are immaterial to the financial statements and, ifmanagement has not already done so, the basis for the determination that the uncorrectedmisstatements were immaterial, including the qualitative factors considered.

• When the auditor has concerns about the company's ability to continue as a going concern: (a)conditions and events that indicate there is substantial doubt about the company's ability tocontinue as a going concern for a reasonable period of time, (b) if substantial doubt is alleviatedafter consideration of management's plans, the basis for the auditor's conclusion, and (c) ifsubstantial doubt remains after consideration of management's plans, the effects on the financialstatements, including the adequacy of disclosure, and the auditor's report.

• When the auditor expects to modify the opinion in the auditor's report or include an explanatoryparagraph, the reasons for the modification or explanatory paragraph, and the proposed wordingof the modification or explanatory paragraph.

• Other material written communications between the auditor and management.

• Auditor's responsibilities with respect to other information in documents containing auditedfinancial statements, including the auditor's procedures and the results of those procedures.

• Disagreements with management about matters, whether or not satisfactorily resolved, thatcould be significant to the company's financial statements or the auditor's report.

• Difficulties encountered in performing the audit.

100.31 In addition to the above communications requirements, the standard also requires the auditorto:

• Provide the audit committee with a schedule of (a) uncorrected misstatements and (b)corrected misstatements, other than those that are clearly trivial, that, in the auditor's judgment,

may not have been detected except through the auditor's procedures.

• Make inquiries of the audit committee (or its chair) about whether they are aware of othermatters that may be relevant to the audit, including knowledge of violations or possible violationsof laws or regulations.

100.32 PCAOB Auditing Standard No. 17 PCAOB Auditing Standard No. 17, AuditingSupplemental Information Accompanying Audited Financial Statements, applies when the auditor isengaged to audit and report on whether supplemental information is fairly stated, in all materialrespects, in relation to the financial statements as a whole. Auditing Std. No. 17 superseded AU 551,Reporting on Information Accompanying the Basic Financial Statements in Auditor­SubmittedDocuments. The standard applies whenever the auditor is engaged to audit and report onsupplemental information that accompanies the audited financial statements. The supplementalinformation includes the supporting schedules required by the SEC's broker­dealer financial reportingrule or other audited supplemental information included in SEC filings, whether required by anotherregulatory body or voluntarily submitted by the issuer. The standard retains the language in theauditor's report previously required by AU 551, stating that the opinion on the supplementalinformation is fairly stated “in relation to the financial statements as a whole.” Existing PCAOBstandards, however, have been enhanced by Auditing Std. No. 17 by (a) requiring procedures to testand evaluate supplemental information and (b) promoting coordination between the work on thesupplemental information and on the financial statement audit, as well as other engagements, suchas the compliance attestation engagement for brokers and dealers. Auditing Std. No. 17 is discussedfurther in section 908.

100.33 PCAOB Auditing Standard No. 18 On June 10, 2014, the PCAOB adopted Auditing Std.No. 18, Related Parties, along with amendments to certain PCAOB auditing standards regardingsignificant unusual transactions and other amendments to PCAOB auditing standards. The standardand included amendments are a response to past financial reporting frauds that involvedrelationships and transactions with related parties, significant unusual transactions, and certaintransactions and relationships with executive officers. The standard also considers the Board'sinspection activities, comments from the PCAOB's Standing Advisory Group (SAG), andinternational developments. The resulting auditing standard and related amendments are intended tostrengthen existing procedures for identifying, assessing, and responding to risks of materialmisstatement pertaining to related­party and significant unusual transactions.

100.34 Auditing Standard No. 18 complements and builds upon the existing risk assessmentstandards. It supersedes the existing PCAOB interim auditing standard, AU 334, Related Parties,and also amends a number of PCAOB interim standards, including AU 316, Consideration of Fraudin a Financial Statement Audit, as well as certain provisions of several PCAOB auditing standards,including Auditing Std. No. 12, Identifying and Assessing Risks of Material Misstatement, andAuditing Std. No. 5, An Audit of Internal Control Over Financial Reporting That Is Integrated with An

Audit of Financial Statements. Auditing Std. No. 18, which is effective for audits of financialstatements for fiscal years and interim periods beginning on or after December 15, 2014, has beenfully integrated in this edition of the Guide and is discussed further in section 804.

SEC Rules and PCAOB Standards for Broker­dealers

100.35 On July 31, 2013, the SEC issued a final rule that, among other things, requires audits of allbroker­dealers (including nonpublic broker­dealers) be conducted in accordance with PCAOBstandards. The Dodd­Frank Wall Street Reform and Consumer Protection Act had previously givenoversight authority to the PCAOB for audits of broker­dealers. The rules also require broker­dealersto file new reports with the SEC. A comprehensive discussion of audits of broker­dealers is beyondthe scope of this Guide. PPC's Practice Aids for Audits of Broker­dealers provides detailedinformation on performing such audits.

100.36 PCAOB Attestation Standard No. 1 and No. 2 The Dodd­Frank Wall Street Reform andConsumer Protection Act amended the Sarbanes­Oxley Act to give the PCAOB oversight authoritywith respect to audits of broker­dealers that are registered with the SEC. Thus, the PCAOB now hasresponsibility for standard­setting, inspections, investigations, and disciplinary proceedings forregistered accounting firms' audits of broker­dealers, including broker­dealers that are nonissuers.(See paragraph 101.4.) In October 2013, the PCAOB approved two attestation standards thatprovide requirements for examining or reviewing the assertions in the broker­dealer's compliancereport or exemption report, respectively, as indicated in the SEC's amendments to Rule 17a­5 of theSecurities Exchange Act of 1934. The following is a summary of the adopted standards:

• Examination Engagements Regarding Compliance Reports of Broker­dealers. The attestationstandard requires auditors to obtain evidence to express an opinion on the assertions of thebroker­dealer in the compliance report. In addition, it provides requirements for a risk­basedapproach for the examination. The requirements are designed to be scalable for the size andcomplexity of the broker­dealer. In addition, the requirements coordinate the examinationengagement with the audit of the financial statements and supplemental information. Thestandard includes requirements for the auditor's report, as well as an illustrative report.

• Review Engagements Regarding Exemption Reports of Broker­dealers. The attestationstandard provides requirements for making inquiries and performing other procedures directedto the auditor's responsibility to obtain moderate assurance that the broker­dealer meets theidentified conditions for an exemption from Exchange Act Rule 15c3­3. The procedures allow theauditor to scale the engagement based on the size and complexity of the broker­dealer. As partof the procedures, the auditor evaluates relevant evidence obtained from the audit of thefinancial statements and supplemental information. The standard includes reportingrequirements and an illustrative report.

The attestation standards were effective for examination and review engagements for fiscal years

ending on or after June 1, 2014. A comprehensive discussion of audits of brokers and dealers isbeyond the scope of this Guide. PPC's Practice Aids for Audits of Broker­dealers provides detailedinformation on such audits.

Proposed PCAOB Standards

100.37 Confirmation On July 13, 2010, the PCAOB issued a proposed auditing standard,Confirmation, which would supersede AU 330, The Confirmation Process, and amend certain otherPCAOB standards. The proposed standard carries forward some of the requirements in thePCAOB's interim standard regarding confirmations and augments others. In addition, the proposedstandard expands the auditor's existing responsibilities to perform confirmation procedures in certainareas, has been updated to reflect technology advances, proposes additional auditor responsibilitiesfor confirmation procedures, provides guidance regarding designing confirmation requests anddetermining the types of confirmation requests to send, and expands the auditors' responsibilities forevaluating confirmation responses, including electronic confirmation responses, responses thatrepresent exceptions, and responses that include disclaimers and restrictive language.

100.38 The most significant changes in the proposed standard would—

• Require auditors to perform confirmation procedures for—

•• Receivables that arise from credit sales, loans, or other transactions, includingpurchased loans, accounts receivable, royalty receivables, lease receivables, andnotes receivables.

•• Cash, including, when appropriate, cash accounts with an immaterial or zerobalance, and other relationships with financial institutions (such as lines of credit, otherdebt, compensating balance arrangements, and contingent liabilities, includingguarantees).

•• The purpose of responding to significant risks relating to relevant assertions that canbe adequately addressed by confirmation procedures.

• Not carry forward from the interim standard the exceptions for not confirming receivables when(a) accounts receivable are immaterial, (b) the use of confirmations would be ineffective, or (c)the auditor's combined assessed level of inherent and control risk is low, and that assessedlevel together with other substantive tests is sufficient to reduce audit risk to an acceptably low

level.

• State that an oral response to a confirmation request is audit evidence, but it does notconstitute a confirmation response.

• Permit confirmation response by electronic or other media and by direct access in certaincircumstances.

• Include additional requirements regarding maintaining control over the confirmation process.Among other things, auditors would be required to perform procedures to determine the validityof the addresses on confirmations and to request confirming parties to respond directly to theauditor and obtain another response if the responding party sends the confirmation to anyoneother than the auditor.

• Preclude auditors from using internal auditors to send confirmation requests, receiveconfirmation responses, or to evaluate audit evidence obtained from performing confirmationprocedures. (However, auditors could consider work of internal auditors in deciding on the timingof the auditor's confirmation procedures or the number of accounts to confirm.)

• Require auditors to perform—

•• Other substantive procedures to supplement the use of negative confirmationrequests.

•• Substantive procedures if management requests the auditor not to confirm certainaccounts, balances, or other items.

•• Alternative procedures for all nonresponses to positive confirmation requests.

• Require auditors to obtain a response to a positive confirmation request as a condition ofobtaining sufficient appropriate audit evidence when—

•• Information to corroborate management's assertions is available only outside thecompany.

•• Specific fraud risk factors, such as the risk of management override of controls orthe risk of collusion, prevent the auditors from relying on evidence from the company.

• Perform procedures to address the risks that electronic confirmation responses might not bereliable.

• Perform procedures to evaluate the effect of disclaimers and restrictive language on thereliability of a confirmation response.

100.39 In addition, amendments to PCAOB interim standards proposed in conjunction with theauditing standard on confirmations would, among other things—

• Amend the interim standard, The Auditor's Consideration of the Internal Audit Function in anAudit of Financial Statements (AU 322), to remove reference to “assertions about the existenceof cash” as an example of assertions that might have a low risk of material misstatement orinvolve a low degree of subjectivity in the evaluation of audit evidence such that the results ofwork performed by internal auditors may render direct testing by auditors unnecessary.

• Amend the interim standard, Management Representations (AU 333), to add the followingrepresentations to the written representations auditors should obtain from management aboutspecific items:

•• If management requests the auditor not confirm certain accounts, balances, or otheritems and the auditor agrees to management's request, the reason for management'srequest.

•• If the auditor does not receive a response to a positive confirmation request whenconfirming the terms of a significant transaction or agreement, the terms of thetransaction or agreement.

100.40 The PCAOB's standard­setting agenda indicates that the Board will repropose the proposedstandard; however, no timetable was indicated at the time this edition of the Guide went to press. Afuture edition of this Guide will fully incorporate any new developments. The proposed standard canbe accessed at http://pcaobus.org/Rules/Rulemaking/Pages/Docket028.aspx.

100.41 Improving Transparency On December 4, 2013, the PCAOB issued a reproposed auditingstandard entitled Improving the Transparency of Audits: Proposed Amendments to PCAOB AuditingStandards to Provide Disclosure in the Auditor's Report of Certain Participants in the Audit, whichwould have amended its standards to bring greater transparency to public company audits byrequiring disclosure in the audit report of (a) the name of the engagement partner; (b) the names,location, and extent of participation of other accounting firms; and (c) the locations and extent ofparticipation of other persons not employed by the auditor who took part in the audit. The reproposalfollowed a Concept Release (Release No. 2009­005), Concept Release on Requiring theEngagement Partner to Sign the Audit Report, issued in July 2009, which grew, in part, out of the2008 Final Report of the Department of the Treasury Advisory Committee on the Auditing Profession.The PCAOB Concept Release can be accessed athttp://pcaobus.org/Rules/Rulemaking/Pages/Docket029.aspx. The Final Report of theDepartment of the Treasury Advisory Committee on the Auditing Profession can be accessed athttp://www.treasury.gov/about/organizational­structure/offices/Documents/final­report.pdf.)The reproposed amendments are reflected in PCAOB Release No. 2013­009 and can be located athttp://pcaobus.org/Rules/Rulemaking/Pages/Docket029.aspx.

100.42 Due to the many comment letters received expressing concerns about liability andquestioning the overall appropriateness of including such information in the auditor's report, thePCAOB issued a supplemental request for comment seeking information on alternative disclosurelocations. The supplemental request states that the Board is considering a new PCAOB form, FormAP—Auditor Reporting of Certain Audit Participants, as an alternative to disclosure in the auditor'sreport. The PCAOB release states that it believes the new form, which would require the sameinformation specified in the reproposed standard, could serve the same purpose and reach the sameaudience (i.e., investors and other financial statement users) as the disclosure in the auditor's report.Unlike other PCAOB forms, which primarily serve oversight purposes, this form would serve a publicdisclosure purpose and would, therefore, be made available to the public by the PCAOB as soon asreasonably possible once filed. Auditors would also still have the option of including the disclosuresin their report on a voluntary basis. Additional details about the proposed Form AP and filingrequirements are available in Release No. 2015­004 athttp://pcaobus.org/Rules/Rulemaking/Docket029/Release_2015_004.pdf. See section 906 forfurther discussion of the proposal.

100.43 The comment period on the supplemental request for comment ended August 31, 2015. ThePCAOB's standard setting agenda indicates that an adopting release recommending that theinformation be required to be disclosed on a new PCAOB form is expected to be released in thefourth quarter of 2015. Future editions of this Guide will be updated for the status of this project andwill fully incorporate any new requirements.

100.44 The Auditor's Report and the Auditor's Responsibility for Other Information In August2013, the PCAOB issued two proposed auditing standards. The first proposes significant changes tothe auditor's report. The proposed standard would require the auditor's report to (a) communicatecritical audit matters; (b) include information related to the auditor's independence, tenure, andresponsibility for, and evaluation of, other information in annual reports filed with the SEC that containaudited financial statements and the auditor's report; and (c) enhance certain standardized languagein the auditor's report. See section 906 for further discussion of this proposed standard.

100.45 The second proposed auditing standard provides procedures that auditors would be requiredto perform regarding other information, including procedures that would be necessary when theauditor identifies a material inconsistency between other information and audited financial statements,material misstatements of fact, or both. Since the proposed standard on the auditor's report wouldrequire an element on the auditor's responsibility for, and evaluation of, other information, the PCAOBdetermined it was appropriate to update and improve the auditor's responsibilities and procedures forsuch information. The proposed auditing standard would supersede AU 550, Other Information inDocuments Containing Audited Financial Statements. See section 1003 for discussion of thisproposed standard.

100.46 The PCAOB staff is currently considering comments received and drafting a reproposal forthe Board's consideration. The PCAOB anticipates issuing a reproposed standard on the auditor'sreport in the first quarter of 2016. The Board is continuing to consider comments received on theproposed standard addressing the auditor's responsibilities for other information, and further actionwill be determined at a later date. PCAOB Release No. 2013­005, Proposed Auditing Standards—The Auditor's Report on an Audit of Financial Statements When the Auditor Expresses anUnqualified Opinion; The Auditor's Responsibilities Regarding Other Information in CertainDocuments Containing Audited Financial Statements and the Related Auditor's Report; and RelatedAmendments to PCAOB Standards, can be accessed athttp://pcaobus.org/Rules/Rulemaking/Docket034/Release_2013­005_ARM.pdf.

100.47 Field Test Findings. On June 20, 2014, the Center for Audit Quality (CAQ), an autonomouspublic policy organization affiliated with the AICPA (see paragraph 101.5), released key findings fromfield tests performed by some member firms relating to certain aspects of the PCAOB's proposedauditor's reporting model. Firms of various sizes participated in the field testing, the objective ofwhich was to gather real­life perspective on the time and effort involved in implementing the proposedmodel. Firms tested the addition of critical audit matters and other information in the auditor's report ina “retrospective environment.” This, unfortunately, made it difficult to assess the true effect of theproposals in a “live” audit environment. The teams did, however, make a number of usefulobservations regarding determination, communication, description, and documentation of critical audit

matters. The teams also noted that there is some ambiguity around the auditor's responsibility for andscope of other information. The field test also indicated that auditors may experience heavy auditactivity during the wrap­up phase of the audit as they determine which issues constitute critical auditmatters and how they are to be communicated and reported. As a result, the CAQ report suggeststhat the PCAOB consider the added audit effort and resulting cost of implementation.

100.48 The full report to the PCAOB on the CAQ's auditor report field test findings is available atwww.thecaq.org/docs/comment­letters/arm­field­testing­addendum.pdf?sfvrsn=2.

AICPA Statement on Quality Control Standard No. 8

100.49 In 2007, the AICPA issued Statement on Quality Control Standards (SQCS) No. 7, A Firm'sSystem of Quality Control. SQCS No. 7 superseded and replaced all of the AICPA quality controlstandards that existed at the time. SQCS No. 7 comprehensively addressed the quality controlpractices over a firm's accounting and auditing practice and placed an unconditional obligation on thefirm to establish a QC system designed to provide reasonable assurance that the firm (a) complieswith professional standards and legal and regulatory requirements and (b) issues reports that areappropriate in the circumstances. In October 2011, the AICPA issued Statement on Quality ControlStandard No. 8, A Firm's System of Quality Control, which superseded SQCS No. 7 and applied to aCPA firm's system of quality control for its accounting and auditing practice as of January 1, 2012.

100.50 Because SQCS No. 8 (QC 10) was issued by the AICPA after 2003, it is not included in theInterim Quality Control Standards adopted by the PCAOB. As a result, it does not address the qualitycontrol ramifications of PCAOB standards that must be followed by auditors of issuers, nor does itinclude any modifications that may be necessary for a firm's system of quality control to conform toPCAOB standards. However, in certain areas, SQCS No. 8 incorporates requirements that are morecomprehensive than existing PCAOB Interim Quality Control Standards. The authors believe thatfollowing the requirements of SQCS No. 8 in those areas is prudent and can increase engagementeffectiveness. Further, the authors believe that firms will not ordinarily establish less rigorous QCpolicies and procedures for audits of issuers than those required for audits of nonissuers. Thus,when requirements of SQCS No. 8 are more stringent than those of the PCAOB Interim QualityControl Standards, such requirements have been incorporated throughout this Guide. According tothe most recent standard­setting agenda, the PCAOB anticipates issuing a staff consultation paperto request public feedback on potential improvements to the existing PCAOB Interim Quality ControlStandards, although no date has been specified.

On March 31, 2015, the PCAOB adopted PCAOB Release 2015­002, Reorganization of PCAOBAuditing Standards and Related Amendments to PCAOB Standards and Rules, which reorders itsexisting interim and subsequently issued auditing standards into a topical structure with an integratednumbering system. The SEC has approved the amendments, and they are effective as of December15, 2016, with early implementation permitted. This reorganization is discussed further in section1004. Future editions of this Guide will be updated to reflect the new references under the

1

reorganization.

With the issuance of Release No. 2014­002, Auditing Standard No. 18, Related Parties;Amendments to Certain PCAOB Auditing Standards Regarding Significant Unusual Transactions;and Other Amendments to PCAOB Auditing Standards, the PCAOB amended Auditing Std. No. 12 toinclude specific requirements related to significant unusual transactions and executivecompensation. Significant unusual transactions are discussed further in sections 604 and 706.Executive compensation is discussed in section 302. These amendments have been fully integratedin this edition of the Guide.

The PCAOB's proposed auditing standard, Confirmation, which would supersede AU 330, wouldalso require auditors to communicate to the audit committee any management requests that theauditor not confirm certain accounts, balances, or other items. The proposed auditing standard isdiscussed beginning at paragraph 100.37.

© 2015 Thomson Reuters/PPC. All rights reserved.

2

3

END OF DOCUMENT ­

© 2016 Thomson Reuters/Tax & Accounting. All Rights Reserved.

Checkpoint Contents Accounting, Audit & Corporate Finance Library Editorial Materials Audit and Attest PCAOB Audits Chapter 1 Overview 101 How to Use This Guide

101 How to Use This Guide

101.1 This Guide provides a step­by­step approach to providing audit services to issuers underPCAOB standards. It is designed to help firms comply with PCAOB standards as well as appropriateSEC measurement and disclosure requirements. The Guide is divided into two sections—text andpractice aids. The text portion (Chapters 1­10) describes the authors' suggested audit approach andshould be read by all engagement team members who are performing a financial statement audit onlyor an integrated audit under the PCAOB standards. The practice aids should be tailored for theunique aspects of each engagement and can be used to document much of the auditor's work.

101.2 This Guide provides guidance to auditors who are performing an integrated audit, as well asauditors who are performing a financial statement audit only. If an integrated audit of an entity is notrequired, an audit of the financial statements only may be performed. In addition to the entitiesdiscussed beginning in paragraph 100.3, there are limited circumstances in which an integrated auditis not required, such as for audits of investment companies.

Performing Audits of Nonpublic Entities Using PCAOB Standards

101.3 As previously noted, this Guide was developed to help firms who audit issuers. However, thePCAOB standards can be used in audits of nonpublic entities as well. Firms that wish to use thisGuide as a tool in auditing nonpublic entities should consider the guidance in the PCAOBStaff Question and Answer document entitled Audits of Financial Statements of Non­issuersPerformed Pursuant to the Standards of the Public Company Accounting Oversight Board. Thisdocument can be found at http://pcaobus.org/Standards/QandA/06­30­2004.pdf.

101.4 Section 982 of the Dodd­Frank Wall Street Reform and Consumer Protection Act (the Dodd­Frank Act), which was signed into law in July 2010, amended the Sarbanes­Oxley Act to (a) requireauditors of all broker­dealers to register with the PCAOB and (b) authorize the PCAOB to establishauditing and related attestation, quality control, ethics, and independence standards to be used byregistered public accounting firms regarding audit reports included in broker­dealer filings with theSEC. As further noted in the discussion beginning at paragraph 100.7, in 2013 the SEC issued a final

rule that requires that all audits of broker­dealers (including nonpublic broker­dealers) be conductedin accordance with the standards of the PCAOB. Also, the PCAOB issued two new attestationstandards and Auditing Std. No. 17 that apply to examinations and reviews of broker­dealerreporting. A comprehensive discussion of audits of broker­dealers is beyond the scope of thisGuide. PPC's Practice Aids for Audits of Broker­dealers provides detailed information on suchaudits.

Library Resources

101.5 This Guide is an audit engagement guidance product that provides an auditor the toolsnecessary to perform recurring audits and interim reviews under PCAOB standards and related SECmeasurement and disclosure requirements. However, the Guide is not intended to address audits ofinitial public offerings (IPOs) in connection with the Securities and Exchange Act of 1933 or to be acomprehensive source of information about SEC rules and regulations. Instead, it should beconsidered an important component of a professional library that includes additional resources.Some of the resources that the authors suggest are as follows:

• Sarbanes­Oxley Act of 2002, copies of which are usually available in comprehensive SECservices such as www.sec.gov/about/laws.shtml and the ones cited below. In addition, theact can be found on the Internet in several locations.

• All PCAOB standards, including the interim standards of the AICPA, as well as standardsissued by the PCAOB and approved by the SEC. PPC offers a comprehensive PCAOBstandards package in CD­ROM and online formats. In addition, these standards are included onCheckpoint, an online resource offered by Thomson Reuters. [PPC resources can be orderedby calling (800) 431­9025 or at tax.thomsonreuters.com; to order Checkpoint, call theThomson Reuters order department at (800) 950­1216 or visit tax.thomsonreuters.com.]

• GAAP as contained in the Accounting Standards Codification and updates and supersededstandards issued by the Financial Accounting Standards Board (FASB) and the AICPA. Sincefinancial statements of public companies must be prepared in accordance with generallyaccepted accounting principles, a library that includes the standards as well as other GAAPresources, such as PPC's Guide to GAAP and PPC's Guide to Preparing Financial Statements,can be very useful. PPC offers comprehensive FASB and AICPA packages in CD­ROM andonline formats. In addition, these standards are included on Checkpoint, an online resourceoffered by Thomson Reuters. [PPC resources can be ordered by calling (800) 431­9025 or attax.thomsonreuters.com; to order Checkpoint, call the Thomson Reuters order department at(800) 950­1216 or visit tax.thomsonreuters.com.]

FASB Accounting Standards Codification also includes relevant portions of certain SEC rules,regulations, interpretive releases, and staff guidance pertaining to financial accounting and

4

reporting that are relevant only to issuers. Examples of such SEC guidance are Regulation S­X,Financial Reporting Releases (FRR), Accounting Series Releases (ASR), InterpretativeReleases (IR), SEC staff guidance in Staff Accounting Bulletins (SAB), EITF Topic D, and SECStaff Observer comments. Such guidance is segregated within the Codification and identifiedwith the same two digit section numbers and titles as the FASB sections, except that the SECmaterial is preceded by the letter “S.” In addition, certain topics also include a separate section—S99, SEC Materials, consisting of SEC content. (The SEC content is included in the FASB'sAccounting Standards Codification as a convenience to users and does not represent theauthoritative sources of such content.)

• Audit and reporting standards of the Securities and Exchange Commission. Checkpoint offersseveral SEC services that could be helpful, including SEC Guidelines: Rules and Regulations,which provides all the major regulations, forms, and official releases of the SEC, and SECCompliance: Financial Reporting and Forms, which is a more comprehensive service thatincludes the official text of rules and regulations, agency documents and forms, andexplanations of all necessary filings. [To order Checkpoint, call the Thomson Reuters orderdepartment at (800) 950­1216 or visit tax.thomsonreuters.com.]

• The Center for Audit Quality (CAQ), an autonomous public policy organization affiliated with theAICPA, makes available various resources to auditors of public companies, including Alerts thatprovide information about developments in accounting, auditing, and regulatory matters, periodicWebcasts on current issues, comment letters on PCAOB and SEC rulemaking proposals, whitepapers, technical practice aids, and best­practice documents. (Certain information is availableonly to members of the CAQ.) The Center for Audit Quality can be accessed atwww.thecaq.org.

• There are numerous resources available online that can be very helpful to auditors of publiccompanies. One such resource, the WG&L Accounting & Compliance Alert, is an electronicnewsletter that keeps subscribers informed of the latest SEC, PCAOB, GAAP, and FASBdevelopments regarding accounting, reporting, and disclosure requirements. [To orderCheckpoint, call the Thomson Reuters order department at (800) 950­1216 or visittax.thomsonreuters.com.]

• Auditors should check the PCAOB's website periodically for new content. Not only are newand proposed standards included on that site, but there are also other useful resources, such asinspection reports and Staff Questions and Answers. The PCAOB's website can be accessedat http://pcaobus.org.

101.6 Almost all publishers that provide accounting and auditing information do so electronically,offering an array of resources and information for auditors of public companies. In addition to acomplete library of GAAP, PCAOB, and SEC rules, regulations, and standards, Thomson Reuters,publisher of PPC and WG&L brand products, provides online access to most of its product line onCheckpoint. To see a list of products offered, visit tax.thomsonreuters.com.

On December 4, 2013, the PCAOB adopted amendments to its rules and forms to apply to auditsand auditors of broker­dealers. The amendments also required registered firms that audit broker­dealers to comply with PCAOB professional practice standards. Additional amendments were madeas a result of administrative experience, as well as certain updates to the PCAOB Ethics Code.PCAOB Release No. 2013­010, Amendments to Conform the Board's Rules and Forms to the Dodd­Frank Act and Make Certain Updates and Clarifications can be found athttp://pcaobus.org/Rules/Rulemaking/Pages/Docket039.aspx.

© 2015 Thomson Reuters/PPC. All rights reserved.

4

END OF DOCUMENT ­

© 2016 Thomson Reuters/Tax & Accounting. All Rights Reserved.

Checkpoint Contents Accounting, Audit & Corporate Finance Library Editorial Materials Audit and Attest PCAOB Audits Chapter 1 Overview 102 Organization of This Guide

102 Organization of This Guide

102.1 As previously noted, this Guide provides a step­by­step approach to providing audit andreview services for issuers. The following paragraphs discuss the organization of the Guide in moredetail.

Chapter 2—“Preliminary Engagement Activities”

102.2 Chapter 2 explains the activities that take place (a) before an engagement is accepted and (b)in the early planning stages of an engagement. Chapter 2 includes discussions of client acceptanceand continuance, establishing the terms of the engagement, and special planning considerationsrelating to an initial engagement.

Chapter 3—“Risk Assessment Procedures and Planning”

102.3 Chapter 3's focus is on general planning decisions. General or preliminary planning should bedistinguished from detailed planning of audit procedures, which is the subject of Chapter 6.Preliminary planning includes deciding on an overall strategy for the audit; obtaining an understandingof the entity and its environment, including internal control (for a financial statement audit only);making an initial assessment of audit risk and materiality, considering fraud; and deciding on theoverall timing of the engagement. (Auditing internal control is addressed in Chapter 5.)

Chapter 4—“Management's Responsibility for Internal Control”

102.4 Chapter 4 is the first of two chapters related to the procedures that should be performed inauditing a client's internal control over financial reporting. Among other topics, this chapter discussesthe framework (such as COSO) used by management to evaluate its internal controls. The chapterdiscusses COSO's updated 2013 Framework and internal control frameworks commonly used inCanada and the United Kingdom. In addition, this chapter discusses management's responsibilitiesfor assessing and reporting on internal control over financial reporting. Chapter 4 also includes asection on special considerations for smaller public companies that may not have the strongsegregation of duties that larger companies have.

Chapter 5—“Auditing Internal Control over Financial Reporting”

102.5 Chapter 5 provides an overview of the process that should be followed when performing anaudit of a company's internal control over financial reporting. The guidance in this chapter along withthe related practice aids are designed to walk an auditor through all stages of the internal controlaudit process, from the initial planning phase through all phases of the audit. Chapter 5 alsodiscusses the requirements related to Auditing Std. No. 4 on performing voluntary engagements todetermine whether previously reported material weaknesses in internal control over financialreporting continue to exist as of a date specified by management.

Chapter 6—“Assessing Risks and Developing the Detailed Audit Plan”

102.6 Chapter 6 focuses on (a) assessing the risks identified by the auditor throughout the processof performing the risk assessment procedures and (b) selecting responses that are appropriate toaddress those risks. Chapter 6 includes discussions of financial statement assertions, identifyingand assessing risks at the assertion level, considering fraud risks, and responding to the riskassessment and preparing the detailed audit plan.

Chapter 7—“Substantive Procedures and Documentation”

102.7 Chapter 7 discusses substantive procedures, which consist of tests of details and substantiveanalytical procedures. Included in the chapter is a discussion of substantive procedures required inevery audit, choosing substantive procedures, performing tests of details, performing substantiveanalytical procedures, responding to fraud risks, considerations when performing interim auditprocedures, and audit documentation and retention.

Chapter 8—“General Procedures and Summary Documentation”

102.8 Chapter 8 discusses several important procedures that are more general in nature and notnecessarily affected by the auditor's risk assessments. Topics include the following:

• Procedures to search for commitments and contingencies, including obtaining lawyers' letters.

• Procedures to search for subsequent events that occur after the balance sheet date that affecteither the company's financial statements or its internal control over financial reporting.

• Procedures to identify and evaluate the disclosure of related­party transactions.

• Evaluating whether there is a substantial doubt about the entity's ability to continue as a goingconcern.

• Procedures to identify and evaluate the disclosure requirements and auditing considerationsrelated to risks and uncertainties.

• Obtaining written representations from management in a management representation letter.

• Procedures for performing an engagement quality review as required by Auditing Std. No. 7.

In addition, the chapter discusses engagement wrap­up procedures, such as summarizing andevaluating the overall results of audit tests, analytical review and review of workpapers, developingan overall engagement summary memorandum, and audit committee communications.

Chapter 9—“Reporting and Other Auditing Considerations”

102.9 Chapter 9 discusses several important topics, including reporting on a company's financialstatements and special considerations that should be considered in initial audits. It also covers thereporting requirements of Auditing Std. No. 5, as well as the reporting considerations related toperforming a voluntary engagement under Auditing Std. No. 4 to determine whether previouslyreported material weaknesses in internal control over financial reporting continue to exist. Chapter 9discusses auditing supplemental information, the use of specialists, internal auditors, and otherauditors' work in an engagement. Unique issues involved in audits of consolidated or combinedfinancial statements and the use of data extraction techniques are also discussed in Chapter 9.

Chapter 10—“Other SEC and PCAOB Matters”

102.10 Chapter 10 discusses matters unique to public companies, including performing interimreviews of financial information, SEC accounting and disclosure issues, special PCAOB auditissues, PCAOB inspections, the auditor's responsibility for other information accompanying auditedfinancial statements in SEC filings in accordance with Reg. S­K for larger companies and smallerreporting companies, and firm registration with the PCAOB.

© 2015 Thomson Reuters/PPC. All rights reserved.

END OF DOCUMENT ­

© 2016 Thomson Reuters/Tax & Accounting. All Rights Reserved.