100 background - reutersstatic.store.tax.thomsonreuters.com/static/samplepages/sample...100...

Checkpoint Contents

Accounting, Audit & Corporate Finance Library

Editorial Materials

Audit and Attest

PCAOB Audits

Chapter 1 Overview

100 Background

100 Background

100.1 Auditors have traditionally conducted their engagements in accordance with generally accepted auditing

standards developed by the American Institute of Certified Public Accountants (AICPA). Auditors of publicly-

traded companies have also had to follow the additional rules of the SEC. However, this changed dramatically in

2002 with the passage of the Sarbanes-Oxley Act and the subsequent establishment of the Public Company

Accounting Oversight Board (PCAOB).

100.2 The Sarbanes-Oxley Act of 2002 (SOX) was passed in response to a growing number of financial

scandals that started with Enron in the fall of 2001. These financial scandals eventually led to the collapse of

some large public companies, including Enron and WorldCom (owner of telecommunications giant MCI). Their

CEOs and other financial executives were convicted of criminal fraud and received prison sentences.

Stockholders and creditors lost billions when these companies failed. In addition, the Enron and WorldCom

collapses led to the failure of Andersen, one of the world's largest accounting firms. Congress felt compelled to

act and responded with the Sarbanes-Oxley Act of 2002.

Sarbanes-Oxley Act of 2002

100.3 The portion of SOX that has the largest impact on public company auditors is Section 404, which deals

with management's assessment of internal controls. However, there are several sections that are also important

to audit firms. Exhibit 1-1 summarizes some of the more important sections of SOX.

Exhibit 1-1

Highlights of the Sarbanes-Oxley Act of 2002

Section 101 This section establishes the Public Company Accounting Oversight Board (PCAOB), which is

the organization responsible for overseeing the audits of public companies. (Public companies

are referred to as “issuers” in SOX. The term issuer is defined in the SEC rules and generally

refers, among other organizations, to companies whose securities are registered under the

Securities Exchange Act of 1934.)

Section 102 This section establishes the requirement for accounting firms to register with the PCAOB in

order to audit public companies.

Section 103

of 35Checkpoint | Document

5/24/2013https://checkpoint.riag.com/app/view/toolItem?usid=bc03cp207942&feature=ttoc&lastCp...

Section 103 has several important components, including the requirement that auditors keep

their audit workpapers for seven years. In addition, each audit report must have a concurring

review performed before it is issued.

Section 104 This section establishes the requirement for the PCAOB to inspect each large registered

accounting firm (those with more than 100 public company audit clients) annually and each

small firm (those with 100 or fewer clients) at least every three years.

Section 201 Section 201 defines nonaudit services that public company auditors cannot provide without

impairing their independence. These services are further discussed in SEC Rule 2-01 of

Regulation S-X. See section 201 of this Guide for more information.

Section 202 This section requires preapproval of a firm's audit and nonaudit services by the client's audit

committee.

Section 203 This section specifies partner rotation schedules for public company auditors. Generally, a lead

and concurring partner can serve on a client's audit engagement team for no more than five

years in a row. Partner rotation is addressed in more detail in SEC Rule 2-01 of Regulation S-

X. See section 201 of this Guide for more information.

Section 401 This section requires that financial statements reflect all material correcting adjustments

proposed by the auditor.

Section 404 Section 404 is generally considered to be the most challenging section of SOX. It requires a

company's management to assess its internal control over financial reporting, and it requires

the auditor to attest to and report on management's assessment. The auditor must assess and

report on management's assessment as part of the audit of the financial statements.

Note: This exhibit is not a complete overview of SOX, but mentions some of the more important aspects

(in the authors' opinion) from an auditor's perspective.

____________________

Other Legislation Affecting Sarbanes-Oxley

100.4 In recent years, several other Acts have been signed into law by the President that amend key provisions

of the Sarbanes-Oxley Act of 2002. In addition to the amendments of SOX, these Acts introduced other

legislation that impact issuers and their auditors.

100.5 Dodd-Frank Act

On July 21, 2010, President Obama signed into law the Dodd-Frank Wall Street Reform and Consumer

Protection Act (Dodd-Frank Act). In addition to exempting nonaccelerated filers from complying with Section 404

(b) of the Sarbanes-Oxley Act of 2002 requiring an independent auditor's attestation on the effectiveness of an

entity's internal control over financial reporting, the Act contains numerous other provisions that affect registrants

and their auditors. The Dodd-Frank Act is discussed in greater depth in section 1004.

100.6 JOBS Act

On April 5, 2012, President Obama signed the Jumpstart Our Business Startups Act (JOBS Act), which amends

Section 404(b) of the Sarbanes-Oxley Act to eliminate the requirement for an auditor's attestation on the

effectiveness of an entity's internal control over financial reporting for companies defined as an “emerging

growth company.” The JOBS Act also provides for the delay of the use of newly adopted accounting and



auditing standards in certain respects, as well as additional matters, for emerging growth companies. The JOBS

Act is discussed more fully beginning with paragraph 906.57.

PCAOB Standards

100.7 As noted in Exhibit 1-1, Section 101 of SOX established the PCAOB, which operates under the general

oversight of the SEC, to regulate the audits of public companies. Among other requirements, SOX assigns the

following responsibilities to the PCAOB:

a. Registering public accounting firms that provide audit services to public companies.

b. Establishing or adopting auditing, quality control, ethics, independence, and other standards for the

audits of public companies.

c. Conducting periodic inspections of registered public accounting firms to ensure that they are complying

with SOX, PCAOB rules and standards, and federal securities laws.

d. Conducting investigations and disciplinary proceedings, and applying sanctions, as needed.

100.8 Interim Standards

To provide continuity, the PCAOB has adopted the generally accepted auditing standards of the AICPA that

existed as of April 16, 2003, as interim standards for audits of public companies. PCAOB Release No. 2003-

006, which establishes interim auditing and related professional practice standards, consists of the following five

rules:

• Interim auditing standards (Rule 3200T).

• Interim attestation standards (Rule 3300T).

• Interim quality control standards (Rule 3400T).

• Interim ethics standards (Rule 3500T).



• Interim independence standards (Rule 3600T).

Accordingly, AICPA auditing standards that existed prior to April 16, 2003, are appropriate for audits of public

companies until such time as the PCAOB amends or supersedes them.

100.9 Other PCAOB Standards

In addition to the AICPA standards that the PCAOB has adopted as interim standards, the PCAOB has adopted

15 auditing standards, all of which have been approved by the SEC, with the exception of the most recently

issued PCAOB auditing standard, Auditing Standard No. 16, Communications with Audit Committees. Those

additional standards are discussed in the following paragraphs.

100.10 PCAOB Auditing Standard No. 1

PCAOB Auditing Standard. No. 1, References in Auditors' Reports to the Standards of the Public Company

Accounting Oversight Board, was the first standard issued by the PCAOB, and it is very narrow in scope. It

requires accounting firms to state that their public company audits and reviews are conducted in accordance

with the “standards of the Public Company Accounting Oversight Board (United States).” The auditor must also

include the city and state from which the report was issued. Reporting requirements under the PCAOB

standards are discussed in more detail in section 906 of this Guide.


Section 404 of SOX requires a public company's management to assess its internal control over financial

reporting and the auditor to attest to and report on management's assessment. PCAOB Auditing Standard. No.

2, An Audit of Internal Control Over Financial Reporting Performed in Conjunction with an Audit of Financial

Statements, provided detailed guidance to assist the firm in complying with Section 404 of SOX. However,

Auditing Std. No. 2 was superseded by Auditing Std. No. 5, An Audit of Internal Control Over Financial

Reporting That Is Integrated with An Audit of Financial Statements (see discussion in paragraph 100.14).


PCAOB Auditing Standard. No. 3, Audit Documentation, replaces SAS No. 96, Audit Documentation. Auditing

Std. No. 3 establishes documentation standards for audits of financial statements and internal controls as well

as reviews of interim financial statements performed in accordance with PCAOB standards. The standard

covers general audit documentation requirements, documentation of specific matters (including the preparation

of an engagement completion document), and document retention and subsequent changes to audit

documentation. The requirements of this standard are discussed in more detail in Chapter 6.


Auditing Standard No. 4, Reporting on Whether a Previously Reported Material Weakness Continues to Exist,

provides guidance for voluntary engagements performed only at the request of management, to report on

whether a material weakness previously disclosed in management's and/or the auditor's report on internal

control over financial reporting continues to exist as of a date specified by management. When a material



weakness has been reported, investors may be uncertain about the reliability of the financial statements until

they learn that the material weakness no longer exists. If management has corrected the weakness, it may

determine that communication of the correction in its quarterly disclosure will be sufficient notification to

investors. Also, management might engage the auditor to report that the weakness no longer exists before the

quarterly disclosure. Chapters 5 and 9 also discuss Auditing Standard No. 4.


Auditing Standard No. 5, An Audit of Internal Control Over Financial Reporting That Is Integrated with An Audit

of Financial Statements, replaces the previous internal control auditing standard, Auditing Std. No. 2. Auditing

Std. No. 5 aligns with the SEC's management guidance for management's assessment of internal control under

SOX section 404. It also requires the audit of internal control over financial reporting to be integrated with the

audit of the financial statements and to use a top-down, risk-based approach. Further, Auditing Std. No. 5

eliminated the Auditing Std. No. 2 requirement to report on management's assessment and revised the

definitions of the terms material weakness and significant deficiency, as follows:

• Material Weakness— “a deficiency, or a combination of deficiencies, in internal control over financial

reporting, such that there is a reasonable possibility that a material misstatement of the company's annual

or interim financial statements will not be prevented or detected on a timely basis.”

• Significant Deficiency— “a deficiency, or a combination of deficiencies, in internal control over financial

reporting that is less severe than a material weakness, yet important enough to merit attention by those

responsible for oversight of the company's financial reporting.”

See a detailed discussion of Auditing Std. No. 5 in Chapter 5.


Auditing Standard No. 6, Evaluating Consistency of Financial Statements, supersedes AU 420, Consistency of

Application of Generally Accepted Accounting Principles, and AU 9420, and makes conforming amendments to

the interim auditing standards in response to FASB ASC 250 and the FASB's action to move the hierarchy of

GAAP from the auditing standards to the accounting standards. The standard was issued as a result of the

FASB's issuance of FASB ASC 250. The standard requires auditors to evaluate the consistency of a company's

financial statements and to report on any inconsistencies. Auditing Standard No. 6 is discussed in Section 906.


Auditing Standard No. 7, Engagement Quality Review, provides a framework for an engagement quality

reviewer to objectively evaluate the significant judgments made by the engagement team and the conclusions

reached in forming an overall conclusion on the engagement. The standard directs an engagement quality

reviewer's attention to matters that increase the likelihood of identifying and correcting significant engagement

deficiencies before an audit report is issued. The standard requires an engagement quality review (EQR) for



audits and for reviews of interim financial information, but not for other engagements. The standard is discussed

in Chapters 2, 8, and 10 of this Guide.

100.17 PCAOB Risk Assessment Standards (Auditing Standard Nos. 8-15)

In August 2010, the PCAOB approved eight auditing standards—Nos. 8 through 15—that address auditors'

responsibilities for assessing and responding to the risks of material misstatement in an audit of financial

statements. Those standards, often referred to as the Risk Assessment Standards, are as follows:

• Auditing Std. 8, Audit Risk.

• Auditing Std. 9, Audit Planning.

• Auditing Std. 10, Supervision of the Audit Engagement.

• Auditing Std. 11, Consideration of Materiality in Planning and Performing an Audit.

• Auditing Std. 12, Identifying and Assessing Risks of Material Misstatement.

• Auditing Std. 13, The Auditor's Responses to the Risks of Material Misstatement.

• Auditing Std. 14, Evaluating Audit Results.

• Auditing Std. 15, Audit Evidence.

The standards supersede six interim auditing standards: AU 311, Planning and Supervision; AU 312, Audit Risk

and Materiality in Conducting an Audit; AU 313, Substantive Tests Prior to the Balance Sheet Date; AU 319,

Consideration of Internal Control in a Financial Statement Audit; AU 326, Evidential Matter; and AU 431,

Adequacy of Disclosure in Financial Statements.

100.18 PPC's Guide to PCAOB Audits fully incorporates Auditing Std. Nos. 8-15 into its text and practice aids.

Paragraphs 100.19-.27 summarize the principal provisions of the PCAOB's risk assessment standards.

100.19 Auditing Standard No. 8, Audit Risk.



This standard describes the components of audit risk in an audit of financial statements, the auditor's

considerations in assessing risk, and the auditor's responsibility to reduce risk to an appropriately low level to

obtain reasonable assurance about whether the financial statements are free of material misstatement. Among

other things, Auditing Standard No. 8 requires auditors to—

• Assess risk at the financial statement level and the assertion level.

• Reduce the level of the risk of not detecting material misstatement (detection risk) through the nature,

timing, and extent of the substantive procedures performed. (The higher the risk of material misstatement,

the lower the level of detection risk needs to be to reduce audit risk to an appropriately low level.)

100.20 Auditing Standard No. 9, Audit Planning.

This standard describes the auditor's responsibilities for planning the audit, including determining matters that

are important to the audit and establishing an appropriate audit strategy and developing an audit plan. Among

other things, Auditing Standard No. 9 requires—

• The engagement partner to be responsible for planning the audit. (The engagement partner may be

assisted by engagement team members in fulfilling that responsibility.)

• Auditors to evaluate whether the following matters are important to the entity and its internal control and, if

so, how they will affect the auditor's procedures:

•• Knowledge about risks evaluated as part of client acceptance and continuance.

•• Matters relating to entity's industry.

•• Matters relating to the business, including the complexity of its operations and the extent of

recent changes.

•• Legal or regulatory matters.

•• The auditor's preliminary judgments about materiality and risk.



•• Knowledge of the entity's internal control obtained during other engagements performed by the

auditor.

•• Preliminary judgments about and available evidence related to the effectiveness of the entity's

internal control.

•• Previously communicated control deficiencies.

•• Public information relevant to the evaluation of the likelihood of material misstatements and

internal control effectiveness.

• Auditors to take communications with the audit committee into account when developing the overall audit

strategy.

• Auditors to develop and document an audit plan that includes the nature, timing, and extent of risk

assessment, substantive, and other procedures required by PCAOB standards.

• Auditors to determine the locations or business units at which to perform audit procedures, assess the

risks of material misstatement associated with the location or business unit, and correlate that assessment

with the extent to which audit procedures should be performed.

• Auditors to determine whether specialized skill or knowledge is needed to perform appropriate risk

assessments, plan or perform audit procedures, or evaluate audit results.

100.21 Auditing Standard No. 10, Supervision of the Audit Engagement.

This standard describes the auditor's responsibilities for supervising the audit and the work of the engagement

team. Among other things, Auditing Standard No. 10 requires—



• The engagement partner to be responsible for supervising the audit and the work of the engagement

team. (The engagement partner may be assisted by engagement team members in fulfilling that

responsibility.)

• Supervisory activities to include making engagement team members aware of their responsibilities,

including informing supervisors of significant accounting and auditing issues that arise during the audit, and

reviewing the work of engagement team members.

100.22 Auditing Standard No. 11, Consideration of Materiality in Planning and Performing an Audit.

This standard describes the auditor's responsibilities for considering materiality in planning and performing an

audit and determining the scope of audit procedures, including reevaluating materiality in light of circumstances

or additional information that indicates a lower materiality level may be appropriate. Auditing Standard No. 11

defines materiality in an audit by reference to court decisions interpreting federal securities laws. In that context,

a fact is material if there is “a substantial likelihood that the . . . fact would have been viewed by a reasonable

investor as having significantly altered the 'total mix' of information made available.” Among other things,

Auditing Standard No. 11 requires—

• Auditors to consider a company's earnings and other relevant factors in determining materiality for the

financial statements as a whole.

• Materiality to take into account both qualitative and quantitative factors.

• Materiality for the financial statements to be expressed as a specified amount.

• Auditors to evaluate whether there are certain accounts or disclosures for which a lower level of materiality

is appropriate than materiality for the financial statements as a whole.

• Auditors to establish tolerable misstatement at the account or disclosure level and for individual locations

or business units in audits of companies with operations in multi locations or business units.

100.23 Auditing Standard No. 12, Identifying and Assessing Risks of Material Misstatement.

This standard describes the auditor's responsibilities for identifying and assessing the risks of material

misstatement that provide a basis for designing and implementing responses to those risks. Among other things,



Auditing Standard No. 12 requires auditors to perform risk assessment procedures that are sufficient to provide

a reasonable basis for identifying and assessing the risks of material misstatement and design further audit

procedures—tests of controls and substantive procedures—to respond to the risks. Auditing Standard No. 12

specifies the following risk assessment procedures:

• Obtain an understanding of the company and its environment, including evaluating whether significant

changes in the company from prior periods affect the risks of material misstatement. The understanding

includes understanding industry, regulatory, and other external factors; the nature of the company; the

company's selection and application of accounting principles, including related disclosures; the company's

objectives, strategies, and related business risks; and the company's performance measures.

•• As part of understanding the company, auditors should consider reading public information

about the company, observing or reading transcripts of earnings calls, understanding the

compensation arrangements with senior management, and obtaining information about trading

activity and holdings in the company's securities by significant holders.

•• As part of understanding the company's selection and application of accounting principles,

including related disclosures, auditors are required to develop expectations about the disclosures

that are necessary for the company's financial statements to be fairly presented and assess the

risks of material misstatement related to omitted, incomplete, or inaccurate disclosures.

• Obtain an understanding of internal control and evaluate whether control deficiencies identified, if any, are

indicative of fraud risk factors. The understanding of internal control includes the company's control

environment, risk assessment process, information system relevant to financial reporting, process of

communicating financial reporting roles and responsibilities and other significant matters, control activities,

and monitoring controls. As part of understanding the company's information system relevant to financial

reporting, auditors are required to obtain an understanding of how IT affects the flow of transactions.

• Consider information from the client acceptance and retention evaluation, audit planning activities, past

audits, and other engagements performed for the company, including information obtained during reviews

of interim financial information. Auditors should evaluate whether information from past audits remains

relevant and reliable if they plan to rely on that information to limit the nature, timing, or extent of risk

assessment procedures.

• Perform analytical procedures.



• Conduct a discussion among all key engagement team members, including the engagement partner,

regarding the risks of material misstatement, including fraud risks.

• Make specified inquiries of the audit committee, management, and others within the company about the

risks of material misstatement, including fraud risks.

After performing risk assessment procedures, Auditing Standard No.12 requires auditors to evaluate how risks

at the financial statement level could affect risks of material misstatement at the assertion level and whether

fraud risk factors are present that should be taken into account in identifying and assessing fraud risks. The

auditor's evaluation of fraud risk factors should (a) include evaluation of how fraud could be perpetrated or

concealed by presenting incomplete or inaccurate disclosures or by omitting disclosures, (b) presume there is a

fraud risk involving improper revenue recognition, and (c) consider the risk of management override of controls.

100.24 Auditing Standard No. 13, The Auditor's Responses to the Risks of Material Misstatement.

This standard describes the auditor's responsibilities for designing and implementing both overall responses and

responses involving the nature, timing, and extent of auditing procedures to address the risks of material

misstatement. Among other things, Auditing Standard No. 13 requires auditors to—

• Implement overall responses to address the risks of material misstatement due to both error and fraud,

including appropriately assigning engagement responsibilities to the engagement team and providing

appropriate supervision, incorporating elements of unpredictability in performing audit procedures, and

evaluating the appropriateness of the entity's significant accounting principles.

• Consider the types, likelihood, and magnitude of potential misstatements, and obtain more persuasive

audit evidence the higher the auditor's assessment of risk.

• Perform substantive procedures, including tests of details, to respond to significant risks, including fraud

risks.

• Perform tests of controls if the auditor plans to assess control risk at less than the maximum by relying on

controls and for each relevant assertion for which substantive procedures alone cannot provide sufficient

appropriate audit evidence.



• Obtain more persuasive audit evidence from tests of controls the greater the reliance the auditor places on

the effectiveness of a control and for each relevant assertion for which the audit approach consists primarily

of tests of controls.

• When testing the operating effectiveness of controls, include procedures to determine whether the person

performing the control possesses the necessary authority and competence to perform the control

effectively.

• When auditors plan to rely on controls tested in past audits, obtain audit evidence in the current audit

about the design and operating effectiveness of the controls.

• Assess control risk for relevant assertions.

• Perform substantive procedures for each relevant assertion of each significant account and disclosure,

regardless of the assessed level of control risk, including procedures related to the period-end financial

reporting process.

• When substantive procedures are performed at an interim date, perform substantive procedures or

substantive procedures together with tests of controls that provide a basis to extend the interim conclusions

to the period end.

100.25 Auditing Standard No. 14, Evaluating Audit Results.

This standard describes the auditor's responsibilities to evaluate whether the audit evidence obtained is

sufficient to support the auditor's opinion on the financial statements. Among other things, Auditing Standard No.

14 requires auditors to—

• Perform analytical procedures in the overall review of the financial statements, including analytical

procedures relating to revenue through the end of the period, and evaluate whether they indicate a

previously undisclosed risk of material misstatement.

• Evaluate whether differences between estimates best supported by the audit evidence and estimates

included in the financial statements, which are individually reasonable, indicate possible bias on the part of

the company's management.



• Accumulate misstatements identified during the audit, other than those that are “clearly trivial.”

Misstatements that are clearly trivial will be of a smaller magnitude than the materiality level established in

accordance with Auditing Standard No. 11, Consideration of Materiality in Planning and Performing an

Audit, and will be inconsequential, whether taken individually or in the aggregate, and whether judged by

any criteria of size, nature, or consequence.

• Evaluate the effect of uncorrected misstatements, including the effects of uncorrected misstatements

detected in prior years and misstatements detected in the current year that relate to prior years.

• Communicate accumulated misstatements to management and evaluate whether management has

properly corrected them and whether uncorrected misstatements, if any, are material.

• Evaluate whether identified misstatements might be indicative of fraud. If so, auditors are required to

obtain additional evidence to determine whether fraud has, or is likely to have, occurred and, in that case,

determine the effect on the financial statements and the auditor's report.

• Evaluate the qualitative aspects of the company's accounting policies, including potential bias in

management's judgments and estimates, and determine whether the effects of any bias, together with any

uncorrected misstatements, materially misstates the financial statements.

• If management identifies adjusting entries that offset misstatements accumulated by the auditor, perform

procedures to determine why the misstatements were not previously identified and evaluate the implications

on management integrity and the auditor's risk assessments.

• Consider the form, arrangement, and content of the financial statements and accompanying notes,

including the terminology used, the amount of detail given, and classification of items in the financial

statements, and the basis of amounts presented to evaluate whether the financial statements are fairly

presented.

100.26 Auditing Standard No. 15, Audit Evidence.



This standard describes the principles for determining the sufficiency and appropriateness of audit evidence,

how the characteristics of audit evidence affect the procedures necessary to obtain sufficient appropriate

evidence to support the auditor's opinion, specific types of audit procedures, and alternative means of selecting

items for testing. Auditing Standard No. 15 requires auditors to—

• When using information produced by the company as audit evidence, test the accuracy and completeness

of the information and evaluate whether it is sufficiently precise and detailed for the auditor's purposes.

• Determine the appropriate means of selecting items for testing (selecting all items, selecting specific

items, or audit sampling) depending on the nature of the audit procedure, the characteristics of the control

or items being tested, and the evidence necessary to meet the objective of the audit procedure.

100.27 PCAOB Auditing Standard. No. 16 1

On August 15, 2012, the PCAOB issued Auditing Standard No. 16, Communications with Audit Committees,

which supersedes AU 380, Communications with Audit Committees, and AU 310, Appointment of the

Independent Auditor, and amends certain other PCAOB standards.

100.28 The standard carries forward substantially all of the required communications in the PCAOB's existing

interim standards and significantly expands required communications and audit procedures aimed at enhancing

communications between auditors and audit committees. Some of the required communications are to take

place during the planning phase of the audit, others are required on an ongoing basis throughout the audit, and

several would take place during the concluding phase of the audit. The standard requires that communications

occur in a timely manner. The timing of a particular communication, unless otherwise specified, depends on

factors such as the significance of the matter and corrective or follow-up action needed. The communication can

be made with the audit committee chair to facilitate timely communication during the audit. All communications

are required to be made annually prior to the issuance of the auditor's report, or in the case of interim reviews,

before the interim financial statements are filed. Unless otherwise specified, the communications can be in

writing or made orally. Regardless of whether the communications are oral or written, they should be

documented in sufficient detail to allow an experienced auditor having no previous connection with the

engagement to understand the communications made.

100.29 The most significant provisions in the standard, in addition to existing requirements, require the auditor

to communicate:

• The terms of the engagement, on an annual basis, upon establishing an understanding specifically with

the audit committee and documented in a written engagement letter provided to the audit committee. In

addition, if the engagement letter is executed by an appropriate party other than the audit committee or its

chair, the auditor should determine that the audit committee acknowledged and agreed to the terms.



• Significant issues the auditor discussed with management in connection with appointment or retention,

including significant discussions about the application of accounting principles and auditing standards.

• An overview of the audit strategy, including a discussion of the significant risks identified by the auditor,

and the timing of the audit, including the following:

•• Nature and extent of specialized skill or knowledge needed to perform appropriate risk

assessments, plan or perform audit procedures, or evaluate audit results.

•• Planned use of the company's internal audit function in both the financial statement and internal

control audits.

•• For audits of internal control over financial reporting, the extent to which the auditor plans use

other company personnel and third parties working under the direction of management.

•• Names, locations, and planned responsibilities of other public accounting firms and other

persons, including affiliated firms, participating in the audit.

•• Basis for the auditor's determination that the firm can serve as principal auditor.

• Any significant changes to the planned audit strategy or the significant risks initially identified and the

reasons for the changes.

• Significant accounting policies and practices, including (a) management's initial selection of or changes in

significant accounting policies and practices in the current period and (b) the effect on financial statements

or disclosures of significant accounting policies in controversial areas or areas for which there is a lack of

authoritative guidance or consensus or diversity in practice.



• Critical accounting policies and practices, including (a) the reasons certain policies are considered critical

and (b) how current and anticipated future events might affect the determination of whether certain policies

and practices are considered critical.

• Critical accounting estimates, including (a) a description of the process management uses to develop

critical accounting estimates, any changes management made to those processes, their reasons for the

changes, and the effect on the financial statements, and (b) management's assumptions used in critical

accounting estimates that have a high degree of subjectivity.

• Significant unusual transactions that are outside the normal course of business or that otherwise are

unusual due to their timing, size, or nature and the policies and practices management used to account for

significant unusual transactions.

• Quality of the company's financial reporting including the following:

•• Evaluation of and conclusion about the qualitative aspects of the company's significant

accounting policies and practices, including bias in management's judgments reflected in the

financial statements and disclosures. Auditing Std. 14 provides the following examples of

management bias: (1) the selective correction of misstatements brought to management's

attention during the audit, (2) the identification by management of additional adjusting entries that

offset misstatements accumulated by the auditor, (3) bias in the selection and application of

accounting principles, and (4) bias in accounting estimates.

•• Evaluation of the differences between estimates best supported by the audit evidence and

estimates included in the financial statements that indicate possible management bias.

•• Assessment of management's disclosures related to the company's critical accounting policies

and any changes to those disclosures that the auditors proposed that management did not make.

•• Auditor's understanding of the business rationale for significant unusual transactions.



•• Basis for the auditor's conclusions regarding the reasonableness of the company's critical

accounting estimates.

•• Evaluation of whether the presentation of the financial statements and the related disclosures

are in conformity with GAAP.

•• Concern regarding management's anticipated application of accounting pronouncements that

have been issued but are not yet effective and might have a significant effect on future financial

reporting. (For example, for financial statements that are prepared on the basis of accounting

principles that are acceptable at the financial statement date but that will not be acceptable in the

future, AU 9410 requires the auditor to consider whether disclosures regarding the impending

change in principle and effects that may result on the required future adoption of accounting

principle are adequate.)

•• All alternative treatments permissible under the applicable financial reporting framework for

policies and practices related to material items that have been discussed with management,

including the ramifications of the use of such alternative disclosures and treatments and the

treatment preferred by the auditor.

• Matters that are difficult or contentious for which the auditor has consulted outside the engagement team

when relevant to the audit committee's oversight of the financial reporting process.

• Significant auditing or accounting matters about which management has consulted other accountants

when the auditor has concerns about such matters.

• The fact that uncorrected misstatements or matters underlying them could potentially cause future period

financial statements to be materially misstated even if the auditor has concluded that the uncorrected

misstatements are immaterial to the financial statements and, if management has not already done so, the

basis for the determination that the uncorrected misstatements were immaterial, including the qualitative

factors considered.



• When the auditor has concerns about the company's ability to continue as a going concern: (a) conditions

and events that indicate there is substantial doubt about the company's ability to continue as a going

concern for a reasonable period of time, (b) if substantial doubt is alleviated after consideration of

management's plans, the basis for the auditor's conclusion, and (c) if substantial doubt remains after

consideration of management's plans, the effects on the financial statements, including the adequacy of

disclosure, and the auditor's report.

• When the auditor expects to modify the opinion in the auditor's report or include an explanatory

paragraph, the reasons for the modification or explanatory paragraph, and the proposed wording of the

modification or explanatory paragraph.

• Other material written communications between the auditor and management.

• Auditor's responsibilities with respect to other information in documents containing audited financial

statements, including the auditor's procedures and the results of those procedures.

• Disagreements with management about matters, whether or not satisfactorily resolved, that could be

significant to the company's financial statements or the auditor's report.

• Difficulties encountered in performing the audit.

100.30 In addition to the above communications requirements, the standard also requires the auditor to:

• Provide the audit committee with a schedule of (a) uncorrected misstatements and (b) corrected

misstatements, other than those that are clearly trivial, that, in the auditor's judgment, may not have been

detected except through the auditor's procedures.

• Make inquiries of the audit committee (or its chair) about whether they are aware of other matters that may

be relevant to the audit, including knowledge of violations or possible violations of laws or regulations.

100.31 Auditing Std. No. 16 will be effective for audits of fiscal years beginning on or after December 15, 2012.

As with all new standards, adopted by the Board, the SEC must approve the standard for it to become effective.

(The transitional amendments to AU 380 are to be effective for periods that the PCAOB standards become



applicable to audits of brokers and dealers, as designated by the SEC on the adoption of its amendments.)

Auditing Std. No. 16, Communications with Audit Committees, can be accessed at

http://pcaobus.org/Rules/Rulemaking/Docket030/Release_2012-004.pdf.

Proposed PCAOB Standards

100.32 Confirmations

On July 13, 2010, the PCAOB issued a proposed auditing standard, Confirmation, which would supersede AU

330, The Confirmation Process, and amend certain other PCAOB standards. The proposed standard carries

forward some of the requirements in the PCAOB's interim standard regarding confirmations and augments

others. In addition, the proposed standard expands the auditor's existing responsibilities to perform confirmation

procedures in certain areas, has been updated to reflect technology advances, proposes additional auditor

responsibilities for confirmation procedures, provides guidance regarding designing confirmation requests and

determining the types of confirmation requests to send, and expands the auditors' responsibilities for evaluating

confirmation responses, including electronic confirmation responses, responses that represent exceptions, and

responses that include disclaimers and restrictive language.

100.33 The most significant changes in proposed standard would—

• Require auditors to perform confirmation procedures for—

•• Receivables that arise from credit sales, loans, or other transactions, including purchased loans,

accounts receivable, royalty receivables, lease receivables, and notes receivables.

•• Cash, including, when appropriate, cash accounts with an immaterial or zero balance, and other

relationships with financial institutions (such as lines of credit, other debt, compensating balance

arrangements, and contingent liabilities, including guarantees).

•• The purpose of responding to significant risks relating to relevant assertions that can be

adequately addressed by confirmation procedures.

• Not carry forward from the interim standard the exceptions for not confirming receivables when (a)

accounts receivable are immaterial, (b) the use of confirmations would be ineffective, or (c) the auditor's

combined assessed level of inherent and control risk is low, and that assessed level together with other

substantive tests is sufficient to reduce audit risk to an acceptably low level.



• State that an oral response to a confirmation request is audit evidence, but it does not constitute a

confirmation response.

• Permit confirmation response by electronic or other media and by direct access in certain circumstances.

• Include additional requirements regarding maintaining control over the confirmation process. Among other

things, auditors would be required to perform procedures to determine the validity of the addresses on

confirmations and to request confirming parties to respond directly to the auditor and obtain another

response if the responding party sends the confirmation to anyone other than the auditor.

• Preclude auditors from using internal auditors to send confirmation requests, receive confirmation

responses, or to evaluate audit evidence obtained from performing confirmation procedures. (However,

auditors could consider work of internal auditors in deciding on the timing of the auditor's confirmation

procedures or the number of accounts to confirm.)

• Require auditors to perform—

•• Other substantive procedures to supplement the use of negative confirmation requests.

•• Substantive procedures if management requests the auditor not to confirm certain accounts,

balances, or other items.

•• Alternative procedures for all nonresponses to positive confirmation requests.

• Require auditors to obtain a response to a positive confirmation request as a condition of obtaining

sufficient appropriate audit evidence when—

•• Information to corroborate management's assertions is available only outside the company.



•• Specific fraud risk factors, such as the risk of management override of controls or the risk of

collusion, prevent the auditors from relying on evidence from the company.

• Perform procedures to address the risks that electronic confirmation responses might not be reliable.

• Perform procedures to evaluate the effect of disclaimers and restrictive language on the reliability of a

confirmation response.

100.34 In addition, amendments to PCAOB interim standards proposed in conjunction with the auditing standard

on confirmations would, among other things—

• Amend the interim standard, The Auditor's Consideration of the Internal Audit Function in an Audit of

Financial Statements (AU 322), to remove reference to “assertions about the existence of cash” as an

example of assertions that might have a low risk of material misstatement or involve a low degree of

subjectivity in the evaluation of audit evidence such that the results of work performed by internal auditors

may render direct testing by auditors unnecessary.

• Amend the interim standard, Management Representations (AU 333), to add the following representations

to the written representations auditors should obtain from management about specific items:

•• If management requests the auditor not confirm certain accounts, balances, or other items and

the auditor agrees to management's request, the reason for management's request.

•• If the auditor does not receive a response to a positive confirmation request when confirming the

terms of a significant transaction or agreement, the terms of the transaction or agreement.

100.35 The comment period for the proposed standard ended on September 13, 2010. Any final standard the

PCAOB adopts will be submitted to the SEC for approval and will be effective upon approval by the SEC. The

PCAOB's strategic plan indicates that the Board will adopt or repropose the proposed standard in the fourth

quarter of 2012. A future edition of this Guide will fully incorporate any final standard issued. Auditors should be

alert for the issuance of the final standard and assess its applicability to engagements beginning after the



effective date. The proposed standard and its current status can be accessed at

www.pcaobus.org/Rules/Rulemaking/Pages/Docket028.aspx.

100.36 Improving Transparency

On October 11, 2011, the PCAOB issued a proposed auditing standard, Improving the Transparency of Audits:

Proposed Amendments to PCAOB Auditing Standards and Form 2, which would amend its standards to bring

greater transparency to public company audits by requiring (a) registered public accounting firms to disclose the

name of the engagement partner in the audit report and on the PCAOB Annual Report form and (b) disclosure in

the audit report of other accounting firms and other persons not employed by the auditor that took part in the

audit. The proposal follows a Concept Release (Release No. 2009-005), Concept Release on Requiring the

Engagement Partner to Sign the Audit Report, issued in July 2009, which grew, in part, out of the 2008 Final

Report of the Department of the Treasury Advisory Committee on the Auditing Profession [Concept Release on

Requiring the Engagement Partner to Sign the Audit Report (PCAPB Release Bo. 2009-005)] can be accessed

at http://pcaobus.org/Rules/Rulemaking/Pages/Docket029.aspx. The Final Report of the Department of the

Treasury Advisory Committee on the Auditing Profession can be accessed at

http://www.treasury.gov/about/organizational-structure/offices/Documents/final-report.pdf.) The

proposed amendments are discussed in the following paragraphs.

100.37 The proposed amendments would require the audit report to disclose the name of the engagement

partner responsible for the most recent period's audit. Inclusion of the partner's name would not increase or

otherwise affect the duties and obligations of the engagement partner under PCAOB standards. The PCAOB

considered, but decided not to propose, a rule that would require the engagement partner's signature to be

included in the audit report. Thus, the name of the engagement partner would be disclosed and the only

signature included in the audit report would be the signature of the firm issuing the report. The changes would

be made by amending AU 508, Reports on Audited Financial Statements, and Auditing Std. No. 5, An Audit of

Internal Control Over Financial Reporting That Is Integrated with An Audit of Financial Statements, which

describe the required elements of the audit report. The Board also is proposing conforming amendments to

certain other PCAOB standards that include examples of the audit report.

100.38 The disclosure would be accomplished by adding a sentence to the audit report as follows:

The engagement partner responsible for the audit for the [Period] ended [Date] was

[Name] .

Because the proposed amendments require the name of the engagement partner to be disclosed only for the

most recent period's audit, when another engagement partner is responsible for other periods included in

comparative financial statements, disclosure of the other partner's name is not required. The proposed

amendments also provide examples of how the name of the engagement partner would be disclosed when all

periods presented were audited during one audit engagement (e.g., in an initial public offering, single-period

audit, or re-audit), and when financial statements are dual-dated and the firm has changed engagement

partners since the original report date.

100.39 The proposed amendments also would amend PCAOB Rule 2201, which requires each registered firm

to file an annual report on Form 2 that provides basic information about the firm and the firm's issuer-related



practice over the most recent 12-month period. Item 4.1 of Form 2 requires the firm to provide, for any audit

reports issued during the reporting period, the issuer's name, the issuer's CIK number (if it has one), and the

date of the audit report. The proposed amendments would add to Item 4.1 a requirement for firms to disclose

the name of the engagement partner. Disclosure of the name of the engagement partner on Form 2 would make

that information available in one place that could be easily retrieved since such reports are posted on the

Board's website.

100.40 Finally, in many public company audits, the accounting firm issuing the audit report does not perform

100% of the audit procedures. This may be especially common in (but not limited to) audits of companies with

operations in more than one country or audits of the company's foreign operations for which audit procedures

are performed by other accounting firms or other participants in the audit not employed by the auditor. The

proposed amendments would require disclosure in the audit report when the auditor (a) assumes responsibility

for or supervises the work of another independent public accounting firm or supervises the work of a person that

performed audit procedures on the audit, and (b) divides responsibility with another independent public

accounting firm. Specifically, when assuming responsibility or supervising the work of others, the auditor would

be required to disclose the name, location, and extent of participation in the audit of (a) independent public

accounting firms for whose audit the auditor assumed responsibility under AU 543, Part of Audit Performed by

Other Independent Auditors, and (b) independent public accounting firms or other persons not employed by the

auditor that performed audit procedures on the most recent period's audit and whose work the auditor was

required to supervise as required by Auditing Std. No. 10, Supervision of the Audit Engagement. When dividing

responsibility, the auditor would be required to disclose the name and location of another independent public

accounting firm that audited the financial statements of one or more subsidiaries, divisions, branches,

components, or investments included in the financial statements of the company, to which the auditor makes

reference in the audit report on the consolidated financial statements and, when applicable, the report on

internal control over financial reporting.

100.41 The comment period for the proposed amendments ended on January 12, 2012. Any final standard the

PCAOB adopts will be submitted to the SEC for approval and will be effective upon approval by the SEC. A

future edition of this Guide will fully incorporate any final standard issued. Auditors should be alert for the

issuance of the final standard and assess its applicability to engagements beginning after the effective date. The

proposed standard and its current status can be accessed at

http://pcaobus.org/Rules/Rulemaking/Docket029/PCAOB_Release_2011-007.pdf.

100.42 Attestation Standards Relating to Audits of Brokers and Dealers

The Dodd-Frank Wall Street Reform and Consumer Protection Act amended the Sarbanes-Oxley Act to give the

PCAOB oversight authority with respect to audits of brokers and dealers that are registered with the SEC. Thus,

the PCAOB now has responsibility for standard-setting, inspections, investigations, and disciplinary proceedings

for registered accounting firms' audits of brokers and dealers, including broker-dealers that are nonissuers. (See

paragraph 101.5.) 2 In July 2011, the PCAOB issued two proposed attestation standards that provide

requirements for examining or reviewing the assertions in the broker's or dealer's compliance report or

exemption report as indicated in the SEC's proposed amendments to Rule 17a-5 of the Securities Exchange Act

of 1934. 3 In addition, the PCAOB also proposed a new standard on auditing supplemental information



accompanying audited financial statements that addresses supplemental information of broker-dealers and

other issuers that file with the SEC. The following is a summary of the proposed standards:

• Examination Engagements Regarding Compliance Reports of Brokers and Dealers. The proposed

attestation standard would require auditors to obtain evidence to express an opinion on the assertions of

the broker or dealer in the compliance report. In addition, it provides proposed requirements for a risk-

based approach for the examination. The proposed requirements are designed to be scalable for the size

and complexity of the broker-dealer. In addition, the requirements would coordinate the examination

engagement with the audit of the financial statements and supplemental information. The proposed

standard includes requirements for the auditor's report, as well as an illustrative report.

• Review Engagements Regarding Exemption Reports of Brokers and Dealers. The proposed attestation

standard provides requirements for making inquiries and performing other procedures directed to the

auditor's responsibility to obtain moderate assurance that the broker or dealer meets the identified

conditions for an exemption from Exchange Act Rule 15c3-3. The procedures allow the auditor to scale the

engagement based on the size and complexity of the broker-dealer. As part of the procedures, the auditor

would evaluate relevant evidence obtained from the audit of the financial statements and supplemental

information. The proposed standard includes reporting requirements and an illustrative report.

The comment period for the proposed attestation standards ended on September 12, 2011. The PCAOB's

Release No. 2011-004 can be found on the PCAOB's website at


100.43 Supplemental Information Accompanying Audited Financial Statements

PCAOB Release No. 2011-005, Auditing Supplemental Information Accompanying Audited Financial

Statements and Related Amendments to PCAOB Standards, proposes an auditing standard that applies when

the auditor is engaged to audit and report on whether supplemental information is fairly stated, in all material

respects, in relation to the financial statements as a whole. The proposed standard would supersede AU 551,

Reporting on Information Accompanying the Basic Financial Statements in Auditor-Submitted Documents. The

proposed standard would apply whenever the auditor is engaged to audit and report on supplemental

information that accompanies the audited financial statements. The supplemental information includes the

supporting schedules required by the SEC's broker-dealer financial reporting rule (see paragraph 100.49) or

other audited supplemental information included in SEC filings, whether required by another regulatory body or

voluntarily submitted by the issuer. The proposed standard retains the existing language in the auditor's report

currently required by AU 551 stating that the opinion on the supplemental information is fairly stated “in relation

to the financial statements as a whole.” Existing PCAOB standards, however, will be enhanced by the proposed

standard by (a) requiring procedures to test and evaluate supplemental information and (b) promoting

coordination between the work on the supplemental information and that of the financial statement audit, as well

as other engagements, such as the compliance attestation engagement for brokers and dealers.



100.44 The comment period for the proposed standard ended on September 12, 2011. PCAOB Release No.

2011-005 can be found on the PCAOB's website at


100.45 Related Parties and Significant Unusual Transactions

On February 28, 2012, the PCAOB proposed a new auditing standard on related parties, along with

amendments to various auditing standards relating to significant unusual transactions. The proposals are being

issued in response to past financial reporting frauds that involve relationships and transactions with related

parties, significant unusual transactions, and certain transactions and relationships with executive officers. The

proposals also consider the Board's inspection activities, comments from the PCAOB's Standing Advisory

Group (SAG), and international developments. The proposed auditing standard, Related Parties; Proposed

Amendments to Certain PCAOB Auditing Standards Regarding Significant Unusual Transactions; and Other

Proposed Amendments to PCAOB Auditing Standards, is intended to strengthen existing procedures for

identifying, assessing, and responding to risks of material misstatement pertaining to related party and

significant unusual transactions. The proposed guidance complements and builds upon the existing risk

assessment standards. The proposed standard would supersede the PCAOB existing interim auditing standard,

AU 334, Related Parties, and also proposes amendments to AU 316, Consideration of Fraud in a Financial

Statement Audit. Among other things, the proposed standard contains the following auditor requirements:

• Identifying and Understanding Related Parties and Transactions. The auditor would be required to perform

procedures to identify related parties, obtain an understanding of the nature of the relationship with such

parties, and understand the business purpose and terms of related party transactions. The auditor would be

required to understand the controls over (a) identifying related parties and transactions, (b) the

authorization and approval of related party transactions, and (c) the accounting and disclosure for such

relationships and transactions. In addition, the auditor would be required to make certain inquiries of

management, other employees, and the audit committee about related parties and associated transactions.

• Procedures for Transactions Disclosed or Considered Significant Risks. The auditor would be required to

perform specific procedures for each related party transaction (or type of transaction) that is required to be

disclosed or is deemed to be a significant risk. The auditor would read underlying documentation; determine

whether transactions have been authorized and approved; and evaluate the financial capability of the

related party with respect to uncollected balances, guarantees, or other obligations, when applicable.

• Undisclosed Related Parties and Transactions. The proposed standard would require the auditor to

evaluate whether information that comes to the auditor's attention during the audit indicates undisclosed

related parties, relationships, or transactions. Furthermore, if the auditor determines that such matters exist,

the proposed guidance would require the performance of certain specific procedures. Among other things,

the auditor would (a) determine why the related party or transaction was undisclosed, (b) assess whether

procedures are needed to identify additional relationships or transactions, (c) perform the procedures



required for significant risk related party transactions, and (d) evaluate the implications on the internal

control assessment and the audit, if fraud or an illegal act is suspected.

• Audit Committee Communications. According to the proposal, the auditor would communicate the

auditor's evaluation of the company's identification, accounting, and disclosure of relationships and

transactions with related parties. In addition, the auditor would communicate other significant matters

regarding the company's relationships and transactions with related parties.

100.46 The Board's proposal includes amendments to AU 316, Consideration of Fraud in a Financial Statement

Audit, as well as other standards, to strengthen the evaluation of significant unusual transactions. In addition to

other matters, the proposed amendments would require the auditor to—

• perform specific procedures to identify significant unusual transactions;

• perform specific procedures to obtain an understanding of the business purpose of identified significant

unusual transactions; and

• evaluate whether such transactions have been appropriately accounted for and adequately disclosed.

100.47 The PCAOB is also proposing to amend other standards that would complement the proposals on

related parties and significant unusual transactions. Among other things, the amendments would—

• require the auditor to obtain an understanding of the company's financial relationships and transactions

with executive officers as part of the risk assessment;

• require representations from management that there are no undisclosed side agreements or other

arrangements; and

• emphasize the auditor's existing responsibilities to communicate possible fraud to management, the audit

committee, and in certain situations, the SEC or others.

100.48 The Board anticipates that the proposals would be effective, subject to SEC approval, for audits of fiscal

years beginning on or after December 15, 2012. Comments on the proposals are due by May 15, 2012. PCAOB

Release No. 2012-001, Proposed Auditing Standard—Related Parties; Proposed Amendments to Certain



PCAOB Auditing Standards Regarding Significant Unusual Transactions; and Other Proposed Amendments to

PCAOB Auditing Standards, can be found at

http://pcaobus.org/Rules/Rulemaking/Docket038/Release_2012-001_Related_Parties.pdf.

AICPA Statement on Quality Control Standard No. 8

100.49 In 2007, the AICPA issued Statement on Quality Control Standards (SQCS) No. 7, A Firm's System of

Quality Control. SQCS No. 7 superseded and replaced all of the AICPA quality control standards that existed at

the time. SQCS No. 7 comprehensively addressed the quality control practices over a firm's accounting and

auditing practice and placed an unconditional obligation on the firm to establish a QC system designed to

provide reasonable assurance that the firm (a) complies with professional standards and legal and regulatory

requirements and (b) issues reports that are appropriate in the circumstances. In October 2011, the AICPA

issued Statement on Quality Control Standard No. 8, A Firm's System of Quality Control, which supersedes

SQCS No. 7 and applies to a CPA firm's system of quality control for its accounting and auditing practice as of

January 1, 2012.

100.50 Since SQCS No 8 was issued by the AICPA after 2003, it is not included in the Interim Quality Control

Standards adopted by the PCAOB. As a result, it does not address the quality control ramifications of PCAOB

standards that must be followed by auditors of issuers, nor do they include any modifications that may be

necessary for a firm's system of quality control to conform to PCAOB Standards. However, in certain areas,

SQCS No. 8 incorporates requirements that are more comprehensive than existing PCAOB Interim Quality

Control Standards. The authors believe that following the requirements of SQCS No. 8 in those areas is prudent

and can increase engagement effectiveness. Further, the authors believe that firms will not ordinarily establish

less rigorous QC policies and procedures for audits of issuers than those required for audits of nonissuers.

Thus, when requirements of SQCS No. 8 are more stringent than those of the PCAOB Interim Quality Control

Standards, such requirements have been incorporated throughout this Guide.

1 The PCAOB's proposed auditing standard, Confirmation, which would supersede AU 330, would also require

auditors to communicate to the audit committee any management requests that the auditor not confirm certain

accounts, balances, or other items. The proposed auditing standard is discussed beginning at paragraph

100.32.

2 The provisions of PCAOB Release No. 2011-001, Temporary Rule for an Interim Program of Inspection

Related to Audits of Brokers and Dealers, and PCAOB Release No. 2011-002, Board Funding; Final Rules for

Allocation of the Board's Accounting Support Fee Among Issuers, Brokers, and Dealers, and Other

Amendments to the Board's Funding Rules, are discussed in Chapter 10.

3 In June 2011, the SEC proposed rules in Release No. 34-64676, Broker-Dealer Reports, that would amend

the broker-dealer financial reporting in Rule 17a-5 of Securities Exchange Act of 1934 to, among other things,

require the annual report to include a financial report and either a compliance report examined by an auditor or

an exemption report reviewed by an auditor performed in accordance with PCAOB standards. (Currently, the

existing auditing requirements mandate an audit be performed in accordance with GAAS and other



requirements and performed under the audit and attest standards of the AICPA, including the AICPA Audit &

Accounting Guide, Brokers and Dealers in Securities.) See further discussion in section 1004.

© 2012 Thomson Reuters/PPC. All rights reserved.

END OF DOCUMENT -

© 2013 Thomson Reuters/RIA. All rights reserved.



Checkpoint Contents


Editorial Materials

Audit and Attest

PCAOB Audits

Chapter 1 Overview

101 How to Use This Guide

101 How to Use This Guide

101.1 This Guide provides a step-by-step approach to providing audit services to issuers under PCAOB

standards. It is designed to help firms comply with PCAOB standards as well as appropriate SEC measurement

and disclosure requirements. The Guide is divided into two sections—text and practice aids. The text portion

(Chapters 1-10, located in Volumes 1 and 2) describes the authors' suggested audit approach and should be

read by all engagement team members who are performing a financial statement audit only or an integrated

audit under the PCAOB standards. The practice aids, which are located in Volumes 2-4, should be tailored for

the unique aspects of each engagement and can be used to document much of the auditor's work.

101.2 This Guide provides guidance to auditors who are performing an integrated audit, as well as auditors who

are performing a financial statement audit only. If an integrated audit of an entity is not required, an audit of

financial statements only may be performed. In addition to the entities discussed in paragraph 100.15, there are

limited circumstances in which an integrated audit is not required, such as for audits of investment companies.

Performing Audits of Nonpublic Entities Using PCAOB Standards

101.3 As noted in the preceding paragraph, this Guide was developed to help firms who audit issuers. However,

the PCAOB standards can be used in audits of nonpublic entities as well. In fact, some regulatory agencies are

considering the option of requiring use of PCAOB standards in certain cases. Firms that wish to use this Guide

as a tool in auditing nonpublic entities should consider the guidance in the PCAOB Staff Question and Answer

document entitled Audits of Financial Statements of Non-issuers Performed Pursuant to the Standards of the

Public Company Accounting Oversight Board. This document can be found

at www.pcaobus.org/Standards/QandA/06-30-2004.pdf.

101.4 In addition, financial statements of nonpublic broker-dealers for fiscal years ending after Dec. 31, 2008,

must be certified by a registered public accounting firm. In January 2010, the PCAOB issued Staff Questions

and Answers, Registration of Broker-Dealer Auditors, to address the registration of auditors of nonpublic broker-

dealers. Issues addressed in the guidance include the registration process, including timing and fees; the extent

to which applications are public and the process for seeking confidential treatment; and obligations associated

with being registered, including annual and special reporting requirements. The Q&As can be accessed at



http://pcaobus.org/Registration/Auditors/Documents/Staff_QAs_on_the_Registration_of_Broker-

Dealers.pdf.

101.5 Section 982 of the Dodd-Frank Wall Street Reform and Consumer Protection Act (the Dodd-Frank Act),

which was signed into law in July 2010, amends the Sarbanes-Oxley Act to (a) require auditors of all broker-

dealers to register with the PCAOB and (b) authorize the PCAOB to establish auditing and related attestation,

quality control, ethics, and independence standards to be used by registered public accounting firms regarding

audit reports included in broker-dealer filings with the SEC. SEC Release No. 34-62991, issued on September

24, 2010, provides guidance to clarify the application of certain SEC rules, regulations, releases, and staff

bulletins in light of the authority granted to the PCAOB in Section 982 of the Dodd-Frank Act. The Dodd-Frank

Act can be found at www.gpo.gov/fdsys/pkg/BILLS-111hr4173enr/pdf. SEC Release 34-62991 can be

accessed at http://sec.gov/rules/interp/2010/34-62991.pdf. See Chapter 10 for further discussion of SEC

Release 34-62991.

Library Resources

101.6 This Guide is an audit engagement guidance product that provides an auditor the tools necessary to

perform recurring audits and interim reviews under PCAOB standards and related SEC measurement and

disclosure requirements. However, the Guide is not intended to address audits of initial public offerings (IPOs) in

connection with the Securities and Exchange Act of 1933 or to be a comprehensive source of information about

SEC rules and regulations. Instead, it should be considered an important component of a professional library

that includes additional resources. Some of the resources that the authors suggest are as follows:

• A copy of the Sarbanes-Oxley Act of 2002. Copies of this act are usually available in comprehensive SEC

services such as www.sec.gov/about/laws.shtml#secexact1934 and the ones cited below. In addition,

the act can be found on the Internet in several locations, including

www.law.uc.edu/CCL/SOact/soact.pdf. Other federal securities laws and regulations, including S-X and

S-K, can also be found at www.law.uc.edu/CCL/xyz/sldtoc.html.

• All PCAOB standards, including the interim standards of the AICPA, as well as standards issued by the

PCAOB and approved by the SEC. PPC offers a comprehensive PCAOB standards package in CD-ROM

and online formats. In addition, these standards are included on Checkpoint, an online resource offered by

Thomson Reuters. [PPC resources can be ordered by calling (800) 431-9025 or at

ppc.thomsonreuters.com; to order Checkpoint, call the Thomson Reuters order department at (800) 950-

1216 or visit ria.thomsonreuters.com.]

• GAAP as contained in the Accounting Standards Codification and updates and superseded standards

issued by the Financial Accounting Standards Board (FASB) and the AICPA. Since financial statements of

public companies must be prepared in accordance with generally accepted accounting principles, a library

that includes the standards as well as other GAAP resources, such as PPC's Guide to GAAP and PPC's

Guide to Preparing Financial Statements, can be very useful. PPC offers comprehensive FASB and AICPA



packages in CD-ROM and online formats. In addition, these standards are included on Checkpoint, an

online resource offered by Thomson Reuters. [PPC resources can be ordered by calling (800) 431-9025 or

at ppc.thomsonreuters.com; to order Checkpoint, call the Thomson Reuters order department at (800)

950-1216 or visit ria.thomsonreuters.com.]

FASB Accounting Standards Codification also includes relevant portions of certain SEC rules, regulations,

interpretive releases, and staff guidance pertaining to financial accounting and reporting that are relevant

only to issuers. Examples of such SEC guidance are Regulation S-X, Financial Reporting Releases (FRR),

Accounting Series Releases (ASR), Interpretative Releases (IR), SEC staff guidance in Staff Accounting

Bulletins (SAB), EITF Topic D, and SEC Staff Observer comments. Such guidance is segregated within the

Codification and identified with the same two digit section numbers and titles as the FASB sections, except

that the SEC material is preceded by the letter “S.” In addition, certain topics also include a separate

section—S99, SEC Materials, consisting of SEC content. (The SEC content is included in the FASB's

Accounting Standards Codification as a convenience to users and does not represent the authoritative

sources of such content.)

• Audit and reporting standards of the Securities and Exchange Commission. RIA offers several SEC

services that could be helpful, including SEC Guidelines: Rules and Regulations, which provides all the

major regulations, forms, and official releases of the SEC, and SEC Compliance: Financial Reporting and

Forms, which is a more comprehensive service that includes the official text of rules and regulations,

agency documents and forms, and explanations of all necessary filings. [To order Checkpoint, call the

Thomson Reuters order department at (800) 950-1216 or visit ria.thomsonreuters.com.]

• The Center for Audit Quality (CAQ), an autonomous public policy organization affiliated with the AICPA,

makes available various resources to auditors of public companies, including Alerts that provide information

about developments in accounting, auditing, and regulatory matters, periodic Webcasts on current issues,

comment letters on PCAOB and SEC rulemaking proposals, white papers, technical practice aids, and best

-practice documents. (Certain information is available only to members of the CAQ.) The Center for Audit

Quality can be accessed at http://thecaq.org/index.htm.

• There are numerous resources available online that can be very helpful to auditors of public companies.

One such resource, the SEC/GAAP Watch, is an electronic newsletter that keeps subscribers informed of

the latest SEC, GAAP, and FASB developments regarding accounting, reporting, and disclosure

requirements. This free newsletter is available at ria.thomsonreuters.com/secgaapwatch/.



• Auditors should check the PCAOB's website periodically for new content. Not only are new and proposed

standards included on that site, but there are also other useful resources, such as inspection reports and

Staff Questions and Answers. The PCAOB's website can be accessed at www.pcaobus.org.

101.7 Almost all publishers that provide accounting and auditing information do so electronically, offering an

array of resources and information for auditors of public companies. In addition to a complete library of GAAP,

PCAOB, and SEC rules, regulations, and standards, Thomson Reuters, publisher of PPC and RIA brand

products, provides online access to most of its product line on Checkpoint. To see a list of products offered by

PPC and RIA, visit http://ria.thomsonreuters.com/financialreporting/seccompliance/.


END OF DOCUMENT -




Checkpoint Contents


Editorial Materials

Audit and Attest

PCAOB Audits

Chapter 1 Overview

102 Organization of This Guide

102 Organization of This Guide

102.1 As previously noted, this Guide provides a step-by-step approach to providing audit and review services

for issuers. The following paragraphs discuss the organization of the Guide in more detail.

Chapter 2—“Preliminary Engagement Activities”

102.2 Chapter 2 explains the activities that take place (a) before an engagement is accepted and (b) in the early

planning stages of an engagement. Chapter 2 includes discussions of client acceptance and continuance,

establishing the terms of the engagement, and special planning considerations relating to an initial engagement.

Chapter 3—“Risk Assessment Procedures and Planning”

102.3 Chapter 3's focus is on general planning decisions. General or preliminary planning should be

distinguished from detailed planning of audit procedures, which is the subject of Chapter 6. Preliminary planning

includes deciding on an overall strategy for the audit; obtaining an understanding of the entity and its

environment, including internal control (for a financial statement audit only); making an initial assessment of

audit risk and materiality, considering fraud; and deciding on the overall timing of the engagement. (Auditing

internal control is addressed in Chapter 5.)

Chapter 4—“Management's Responsibility for Internal Control”

102.4 Chapter 4 is the first of two chapters related to the procedures that should be performed in auditing a

client's internal control over financial reporting. Among other topics, this chapter discusses the framework (such

as COSO) used by management to evaluate its internal controls. The chapter discusses COSO's 1992 report,

Internal Control—Integrated Framework, 4 as well as its 2006 report, Internal Control over Financial

Reporting—Guidance for Smaller Public Companies. Internal control frameworks commonly used in Canada

and the United Kingdom are also included in this discussion. In addition, this chapter discusses management's

responsibilities for assessing and reporting on internal control over financial reporting. Chapter 4 also includes a

section on special considerations for smaller public companies that may not have the strong segregation of

duties that larger companies have.

Chapter 5—“Auditing Internal Control over Financial Reporting”



102.5 Chapter 5 provides an overview of the process that should be followed when performing an audit of a

company's internal control over financial reporting. The guidance in this chapter along with the practice aids in

Volume 3 of the Guide are designed to walk an auditor through all stages of the internal control audit process,

from the initial planning phase through all phases of the audit. Chapter 5 also discusses the requirements

related to Auditing Std. No. 4 on performing voluntary engagements to determine whether previously reported

material weaknesses in internal control over financial reporting continue to exist as of a date specified by

management.

Chapter 6—“Assessing Risks and Developing the Detailed Audit Plan”

102.6 Chapter 6 focuses on (a) assessing the risks identified by the auditor throughout the process of

performing the risk assessment procedures and (b) selecting responses that are appropriate to address those

risks. Chapter 6 includes discussions of financial statement assertions, identifying and assessing risks at the

assertion level, considering fraud risks, and responding to the risk assessment and preparing the detailed audit

plan.

Chapter 7—“Substantive Procedures and Documentation”

102.7 Chapter 7 discusses substantive procedures, which consist of tests of details and substantive analytical

procedures. Included in the chapter is a discussion of substantive procedures required in every audit, choosing

substantive procedures, performing tests of details, performing substantive analytical procedures, responding to

fraud risks, considerations when performing interim audit procedures, and audit documentation and retention.

Chapter 8—“General Procedures and Summary Documentation”

102.8 Chapter 8 discusses several important procedures that are more general in nature and not necessarily

affected by the auditor's risk assessments. Topics include the following:

• Procedures to search for commitments and contingencies, including obtaining lawyers' letters.

• Procedures to search for subsequent events that occur after the balance sheet date that affect either the

company's financial statements or its internal control over financial reporting.

• Procedures to identify and evaluate the disclosure of related-party transactions.

• Evaluating whether there is a substantial doubt about the entity's ability to continue as a going concern.

• Procedures to identify and evaluate the disclosure requirements and auditing considerations related to

risks and uncertainties.



• Obtaining written representations from management in a management representation letter.

• Procedures for performing an engagement quality review as required by Auditing Std. No. 7.

In addition, the chapter discusses engagement wrap-up procedures, such as summarizing and evaluating the

overall results of audit tests, analytical review and review of workpapers, developing an overall engagement

summary memorandum, and audit committee communications. Chapter 8 also discusses the PCAOB's

proposed standard on communications with audit committees.

Chapter 9—“Reporting and Other Auditing Considerations”

102.9 Chapter 9 discusses several important topics, including reporting on a company's financial statements

and special considerations that should be considered in initial audits. It also covers the reporting requirements of

Auditing Std. No. 5, as well as the reporting considerations related to performing the voluntary engagement

under Auditing Std. No. 4 to determine whether previously reported material weaknesses in internal control over

financial reporting continue to exist. Chapter 9 discusses the use of specialists, internal auditors, and other

auditors' work in an engagement. Unique issues involved in audits of consolidated or combined financial

statements and the use of data extraction techniques are also discussed in Chapter 9.

Chapter 10—“Other SEC and PCAOB Matters”

102.10 Chapter 10 discusses matters unique to public companies, including performing interim reviews of

financial information, SEC accounting and disclosure issues, special PCAOB audit issues, PCAOB inspections,

the auditor's responsibility for other information accompanying audited financial statements in SEC filings in

accordance with Reg. S-K for larger companies and smaller reporting companies, and firm registration with the

PCAOB. Chapter 10 also incorporates discussions of the PCAOB and SEC proposed standards and rules for

broker-dealers.

4 As discussed in Chapter 4, COSO has issued an exposure draft of an updated Internal Control—Integrated

Framework. The planned enhancements will not alter the core principles of the framework but will consider

changes that are necessary due to the evolution of the business environment as well as the changed

marketplace expectations.


END OF DOCUMENT -


