100 background - reutersstatic.store.tax.thomsonreuters.com/static/samplepages/sample...100...
TRANSCRIPT
Checkpoint Contents
Accounting, Audit & Corporate Finance Library
Editorial Materials
Audit and Attest
PCAOB Audits
Chapter 1 Overview
100 Background
100 Background
100.1 Auditors have traditionally conducted their engagements in accordance with generally accepted auditing
standards developed by the American Institute of Certified Public Accountants (AICPA). Auditors of publicly-
traded companies have also had to follow the additional rules of the SEC. However, this changed dramatically in
2002 with the passage of the Sarbanes-Oxley Act and the subsequent establishment of the Public Company
Accounting Oversight Board (PCAOB).
100.2 The Sarbanes-Oxley Act of 2002 (SOX) was passed in response to a growing number of financial
scandals that started with Enron in the fall of 2001. These financial scandals eventually led to the collapse of
some large public companies, including Enron and WorldCom (owner of telecommunications giant MCI). Their
CEOs and other financial executives were convicted of criminal fraud and received prison sentences.
Stockholders and creditors lost billions when these companies failed. In addition, the Enron and WorldCom
collapses led to the failure of Andersen, one of the world's largest accounting firms. Congress felt compelled to
act and responded with the Sarbanes-Oxley Act of 2002.
Sarbanes-Oxley Act of 2002
100.3 The portion of SOX that has the largest impact on public company auditors is Section 404, which deals
with management's assessment of internal controls. However, there are several sections that are also important
to audit firms. Exhibit 1-1 summarizes some of the more important sections of SOX.
Exhibit 1-1
Highlights of the Sarbanes-Oxley Act of 2002
Section 101 This section establishes the Public Company Accounting Oversight Board (PCAOB), which is
the organization responsible for overseeing the audits of public companies. (Public companies
are referred to as “issuers” in SOX. The term issuer is defined in the SEC rules and generally
refers, among other organizations, to companies whose securities are registered under the
Securities Exchange Act of 1934.)
Section 102 This section establishes the requirement for accounting firms to register with the PCAOB in
order to audit public companies.
Section 103
Page 1 of 35Checkpoint | Document
5/24/2013https://checkpoint.riag.com/app/view/toolItem?usid=bc03cp207942&feature=ttoc&lastCp...
Section 103 has several important components, including the requirement that auditors keep
their audit workpapers for seven years. In addition, each audit report must have a concurring
review performed before it is issued.
Section 104 This section establishes the requirement for the PCAOB to inspect each large registered
accounting firm (those with more than 100 public company audit clients) annually and each
small firm (those with 100 or fewer clients) at least every three years.
Section 201 Section 201 defines nonaudit services that public company auditors cannot provide without
impairing their independence. These services are further discussed in SEC Rule 2-01 of
Regulation S-X. See section 201 of this Guide for more information.
Section 202 This section requires preapproval of a firm's audit and nonaudit services by the client's audit
committee.
Section 203 This section specifies partner rotation schedules for public company auditors. Generally, a lead
and concurring partner can serve on a client's audit engagement team for no more than five
years in a row. Partner rotation is addressed in more detail in SEC Rule 2-01 of Regulation S-
X. See section 201 of this Guide for more information.
Section 401 This section requires that financial statements reflect all material correcting adjustments
proposed by the auditor.
Section 404 Section 404 is generally considered to be the most challenging section of SOX. It requires a
company's management to assess its internal control over financial reporting, and it requires
the auditor to attest to and report on management's assessment. The auditor must assess and
report on management's assessment as part of the audit of the financial statements.
Note: This exhibit is not a complete overview of SOX, but mentions some of the more important aspects
(in the authors' opinion) from an auditor's perspective.
____________________
Other Legislation Affecting Sarbanes-Oxley
100.4 In recent years, several other Acts have been signed into law by the President that amend key provisions
of the Sarbanes-Oxley Act of 2002. In addition to the amendments of SOX, these Acts introduced other
legislation that impact issuers and their auditors.
100.5 Dodd-Frank Act
On July 21, 2010, President Obama signed into law the Dodd-Frank Wall Street Reform and Consumer
Protection Act (Dodd-Frank Act). In addition to exempting nonaccelerated filers from complying with Section 404
(b) of the Sarbanes-Oxley Act of 2002 requiring an independent auditor's attestation on the effectiveness of an
entity's internal control over financial reporting, the Act contains numerous other provisions that affect registrants
and their auditors. The Dodd-Frank Act is discussed in greater depth in section 1004.
100.6 JOBS Act
On April 5, 2012, President Obama signed the Jumpstart Our Business Startups Act (JOBS Act), which amends
Section 404(b) of the Sarbanes-Oxley Act to eliminate the requirement for an auditor's attestation on the
effectiveness of an entity's internal control over financial reporting for companies defined as an “emerging
growth company.” The JOBS Act also provides for the delay of the use of newly adopted accounting and
Page 2 of 35Checkpoint | Document
5/24/2013https://checkpoint.riag.com/app/view/toolItem?usid=bc03cp207942&feature=ttoc&lastCp...
auditing standards in certain respects, as well as additional matters, for emerging growth companies. The JOBS
Act is discussed more fully beginning with paragraph 906.57.
PCAOB Standards
100.7 As noted in Exhibit 1-1, Section 101 of SOX established the PCAOB, which operates under the general
oversight of the SEC, to regulate the audits of public companies. Among other requirements, SOX assigns the
following responsibilities to the PCAOB:
a. Registering public accounting firms that provide audit services to public companies.
b. Establishing or adopting auditing, quality control, ethics, independence, and other standards for the
audits of public companies.
c. Conducting periodic inspections of registered public accounting firms to ensure that they are complying
with SOX, PCAOB rules and standards, and federal securities laws.
d. Conducting investigations and disciplinary proceedings, and applying sanctions, as needed.
100.8 Interim Standards
To provide continuity, the PCAOB has adopted the generally accepted auditing standards of the AICPA that
existed as of April 16, 2003, as interim standards for audits of public companies. PCAOB Release No. 2003-
006, which establishes interim auditing and related professional practice standards, consists of the following five
rules:
• Interim auditing standards (Rule 3200T).
• Interim attestation standards (Rule 3300T).
• Interim quality control standards (Rule 3400T).
• Interim ethics standards (Rule 3500T).
Page 3 of 35Checkpoint | Document
5/24/2013https://checkpoint.riag.com/app/view/toolItem?usid=bc03cp207942&feature=ttoc&lastCp...
• Interim independence standards (Rule 3600T).
Accordingly, AICPA auditing standards that existed prior to April 16, 2003, are appropriate for audits of public
companies until such time as the PCAOB amends or supersedes them.
100.9 Other PCAOB Standards
In addition to the AICPA standards that the PCAOB has adopted as interim standards, the PCAOB has adopted
15 auditing standards, all of which have been approved by the SEC, with the exception of the most recently
issued PCAOB auditing standard, Auditing Standard No. 16, Communications with Audit Committees. Those
additional standards are discussed in the following paragraphs.
100.10 PCAOB Auditing Standard No. 1
PCAOB Auditing Standard. No. 1, References in Auditors' Reports to the Standards of the Public Company
Accounting Oversight Board, was the first standard issued by the PCAOB, and it is very narrow in scope. It
requires accounting firms to state that their public company audits and reviews are conducted in accordance
with the “standards of the Public Company Accounting Oversight Board (United States).” The auditor must also
include the city and state from which the report was issued. Reporting requirements under the PCAOB
standards are discussed in more detail in section 906 of this Guide.
100.11 PCAOB Auditing Standard No. 2
Section 404 of SOX requires a public company's management to assess its internal control over financial
reporting and the auditor to attest to and report on management's assessment. PCAOB Auditing Standard. No.
2, An Audit of Internal Control Over Financial Reporting Performed in Conjunction with an Audit of Financial
Statements, provided detailed guidance to assist the firm in complying with Section 404 of SOX. However,
Auditing Std. No. 2 was superseded by Auditing Std. No. 5, An Audit of Internal Control Over Financial
Reporting That Is Integrated with An Audit of Financial Statements (see discussion in paragraph 100.14).
100.12 PCAOB Auditing Standard No. 3
PCAOB Auditing Standard. No. 3, Audit Documentation, replaces SAS No. 96, Audit Documentation. Auditing
Std. No. 3 establishes documentation standards for audits of financial statements and internal controls as well
as reviews of interim financial statements performed in accordance with PCAOB standards. The standard
covers general audit documentation requirements, documentation of specific matters (including the preparation
of an engagement completion document), and document retention and subsequent changes to audit
documentation. The requirements of this standard are discussed in more detail in Chapter 6.
100.13 PCAOB Auditing Standard No. 4
Auditing Standard No. 4, Reporting on Whether a Previously Reported Material Weakness Continues to Exist,
provides guidance for voluntary engagements performed only at the request of management, to report on
whether a material weakness previously disclosed in management's and/or the auditor's report on internal
control over financial reporting continues to exist as of a date specified by management. When a material
Page 4 of 35Checkpoint | Document
5/24/2013https://checkpoint.riag.com/app/view/toolItem?usid=bc03cp207942&feature=ttoc&lastCp...
weakness has been reported, investors may be uncertain about the reliability of the financial statements until
they learn that the material weakness no longer exists. If management has corrected the weakness, it may
determine that communication of the correction in its quarterly disclosure will be sufficient notification to
investors. Also, management might engage the auditor to report that the weakness no longer exists before the
quarterly disclosure. Chapters 5 and 9 also discuss Auditing Standard No. 4.
100.14 PCAOB Auditing Standard No. 5
Auditing Standard No. 5, An Audit of Internal Control Over Financial Reporting That Is Integrated with An Audit
of Financial Statements, replaces the previous internal control auditing standard, Auditing Std. No. 2. Auditing
Std. No. 5 aligns with the SEC's management guidance for management's assessment of internal control under
SOX section 404. It also requires the audit of internal control over financial reporting to be integrated with the
audit of the financial statements and to use a top-down, risk-based approach. Further, Auditing Std. No. 5
eliminated the Auditing Std. No. 2 requirement to report on management's assessment and revised the
definitions of the terms material weakness and significant deficiency, as follows:
• Material Weakness— “a deficiency, or a combination of deficiencies, in internal control over financial
reporting, such that there is a reasonable possibility that a material misstatement of the company's annual
or interim financial statements will not be prevented or detected on a timely basis.”
• Significant Deficiency— “a deficiency, or a combination of deficiencies, in internal control over financial
reporting that is less severe than a material weakness, yet important enough to merit attention by those
responsible for oversight of the company's financial reporting.”
See a detailed discussion of Auditing Std. No. 5 in Chapter 5.
100.15 PCAOB Auditing Standard No. 6
Auditing Standard No. 6, Evaluating Consistency of Financial Statements, supersedes AU 420, Consistency of
Application of Generally Accepted Accounting Principles, and AU 9420, and makes conforming amendments to
the interim auditing standards in response to FASB ASC 250 and the FASB's action to move the hierarchy of
GAAP from the auditing standards to the accounting standards. The standard was issued as a result of the
FASB's issuance of FASB ASC 250. The standard requires auditors to evaluate the consistency of a company's
financial statements and to report on any inconsistencies. Auditing Standard No. 6 is discussed in Section 906.
100.16 PCAOB Auditing Standard No. 7
Auditing Standard No. 7, Engagement Quality Review, provides a framework for an engagement quality
reviewer to objectively evaluate the significant judgments made by the engagement team and the conclusions
reached in forming an overall conclusion on the engagement. The standard directs an engagement quality
reviewer's attention to matters that increase the likelihood of identifying and correcting significant engagement
deficiencies before an audit report is issued. The standard requires an engagement quality review (EQR) for
Page 5 of 35Checkpoint | Document
5/24/2013https://checkpoint.riag.com/app/view/toolItem?usid=bc03cp207942&feature=ttoc&lastCp...
audits and for reviews of interim financial information, but not for other engagements. The standard is discussed
in Chapters 2, 8, and 10 of this Guide.
100.17 PCAOB Risk Assessment Standards (Auditing Standard Nos. 8-15)
In August 2010, the PCAOB approved eight auditing standards—Nos. 8 through 15—that address auditors'
responsibilities for assessing and responding to the risks of material misstatement in an audit of financial
statements. Those standards, often referred to as the Risk Assessment Standards, are as follows:
• Auditing Std. 8, Audit Risk.
• Auditing Std. 9, Audit Planning.
• Auditing Std. 10, Supervision of the Audit Engagement.
• Auditing Std. 11, Consideration of Materiality in Planning and Performing an Audit.
• Auditing Std. 12, Identifying and Assessing Risks of Material Misstatement.
• Auditing Std. 13, The Auditor's Responses to the Risks of Material Misstatement.
• Auditing Std. 14, Evaluating Audit Results.
• Auditing Std. 15, Audit Evidence.
The standards supersede six interim auditing standards: AU 311, Planning and Supervision; AU 312, Audit Risk
and Materiality in Conducting an Audit; AU 313, Substantive Tests Prior to the Balance Sheet Date; AU 319,
Consideration of Internal Control in a Financial Statement Audit; AU 326, Evidential Matter; and AU 431,
Adequacy of Disclosure in Financial Statements.
100.18 PPC's Guide to PCAOB Audits fully incorporates Auditing Std. Nos. 8-15 into its text and practice aids.
Paragraphs 100.19-.27 summarize the principal provisions of the PCAOB's risk assessment standards.
100.19 Auditing Standard No. 8, Audit Risk.
Page 6 of 35Checkpoint | Document
5/24/2013https://checkpoint.riag.com/app/view/toolItem?usid=bc03cp207942&feature=ttoc&lastCp...
This standard describes the components of audit risk in an audit of financial statements, the auditor's
considerations in assessing risk, and the auditor's responsibility to reduce risk to an appropriately low level to
obtain reasonable assurance about whether the financial statements are free of material misstatement. Among
other things, Auditing Standard No. 8 requires auditors to—
• Assess risk at the financial statement level and the assertion level.
• Reduce the level of the risk of not detecting material misstatement (detection risk) through the nature,
timing, and extent of the substantive procedures performed. (The higher the risk of material misstatement,
the lower the level of detection risk needs to be to reduce audit risk to an appropriately low level.)
100.20 Auditing Standard No. 9, Audit Planning.
This standard describes the auditor's responsibilities for planning the audit, including determining matters that
are important to the audit and establishing an appropriate audit strategy and developing an audit plan. Among
other things, Auditing Standard No. 9 requires—
• The engagement partner to be responsible for planning the audit. (The engagement partner may be
assisted by engagement team members in fulfilling that responsibility.)
• Auditors to evaluate whether the following matters are important to the entity and its internal control and, if
so, how they will affect the auditor's procedures:
•• Knowledge about risks evaluated as part of client acceptance and continuance.
•• Matters relating to entity's industry.
•• Matters relating to the business, including the complexity of its operations and the extent of
recent changes.
•• Legal or regulatory matters.
•• The auditor's preliminary judgments about materiality and risk.
Page 7 of 35Checkpoint | Document
5/24/2013https://checkpoint.riag.com/app/view/toolItem?usid=bc03cp207942&feature=ttoc&lastCp...
•• Knowledge of the entity's internal control obtained during other engagements performed by the
auditor.
•• Preliminary judgments about and available evidence related to the effectiveness of the entity's
internal control.
•• Previously communicated control deficiencies.
•• Public information relevant to the evaluation of the likelihood of material misstatements and
internal control effectiveness.
• Auditors to take communications with the audit committee into account when developing the overall audit
strategy.
• Auditors to develop and document an audit plan that includes the nature, timing, and extent of risk
assessment, substantive, and other procedures required by PCAOB standards.
• Auditors to determine the locations or business units at which to perform audit procedures, assess the
risks of material misstatement associated with the location or business unit, and correlate that assessment
with the extent to which audit procedures should be performed.
• Auditors to determine whether specialized skill or knowledge is needed to perform appropriate risk
assessments, plan or perform audit procedures, or evaluate audit results.
100.21 Auditing Standard No. 10, Supervision of the Audit Engagement.
This standard describes the auditor's responsibilities for supervising the audit and the work of the engagement
team. Among other things, Auditing Standard No. 10 requires—
Page 8 of 35Checkpoint | Document
5/24/2013https://checkpoint.riag.com/app/view/toolItem?usid=bc03cp207942&feature=ttoc&lastCp...
• The engagement partner to be responsible for supervising the audit and the work of the engagement
team. (The engagement partner may be assisted by engagement team members in fulfilling that
responsibility.)
• Supervisory activities to include making engagement team members aware of their responsibilities,
including informing supervisors of significant accounting and auditing issues that arise during the audit, and
reviewing the work of engagement team members.
100.22 Auditing Standard No. 11, Consideration of Materiality in Planning and Performing an Audit.
This standard describes the auditor's responsibilities for considering materiality in planning and performing an
audit and determining the scope of audit procedures, including reevaluating materiality in light of circumstances
or additional information that indicates a lower materiality level may be appropriate. Auditing Standard No. 11
defines materiality in an audit by reference to court decisions interpreting federal securities laws. In that context,
a fact is material if there is “a substantial likelihood that the . . . fact would have been viewed by a reasonable
investor as having significantly altered the 'total mix' of information made available.” Among other things,
Auditing Standard No. 11 requires—
• Auditors to consider a company's earnings and other relevant factors in determining materiality for the
financial statements as a whole.
• Materiality to take into account both qualitative and quantitative factors.
• Materiality for the financial statements to be expressed as a specified amount.
• Auditors to evaluate whether there are certain accounts or disclosures for which a lower level of materiality
is appropriate than materiality for the financial statements as a whole.
• Auditors to establish tolerable misstatement at the account or disclosure level and for individual locations
or business units in audits of companies with operations in multi locations or business units.
100.23 Auditing Standard No. 12, Identifying and Assessing Risks of Material Misstatement.
This standard describes the auditor's responsibilities for identifying and assessing the risks of material
misstatement that provide a basis for designing and implementing responses to those risks. Among other things,
Page 9 of 35Checkpoint | Document
5/24/2013https://checkpoint.riag.com/app/view/toolItem?usid=bc03cp207942&feature=ttoc&lastCp...
Auditing Standard No. 12 requires auditors to perform risk assessment procedures that are sufficient to provide
a reasonable basis for identifying and assessing the risks of material misstatement and design further audit
procedures—tests of controls and substantive procedures—to respond to the risks. Auditing Standard No. 12
specifies the following risk assessment procedures:
• Obtain an understanding of the company and its environment, including evaluating whether significant
changes in the company from prior periods affect the risks of material misstatement. The understanding
includes understanding industry, regulatory, and other external factors; the nature of the company; the
company's selection and application of accounting principles, including related disclosures; the company's
objectives, strategies, and related business risks; and the company's performance measures.
•• As part of understanding the company, auditors should consider reading public information
about the company, observing or reading transcripts of earnings calls, understanding the
compensation arrangements with senior management, and obtaining information about trading
activity and holdings in the company's securities by significant holders.
•• As part of understanding the company's selection and application of accounting principles,
including related disclosures, auditors are required to develop expectations about the disclosures
that are necessary for the company's financial statements to be fairly presented and assess the
risks of material misstatement related to omitted, incomplete, or inaccurate disclosures.
• Obtain an understanding of internal control and evaluate whether control deficiencies identified, if any, are
indicative of fraud risk factors. The understanding of internal control includes the company's control
environment, risk assessment process, information system relevant to financial reporting, process of
communicating financial reporting roles and responsibilities and other significant matters, control activities,
and monitoring controls. As part of understanding the company's information system relevant to financial
reporting, auditors are required to obtain an understanding of how IT affects the flow of transactions.
• Consider information from the client acceptance and retention evaluation, audit planning activities, past
audits, and other engagements performed for the company, including information obtained during reviews
of interim financial information. Auditors should evaluate whether information from past audits remains
relevant and reliable if they plan to rely on that information to limit the nature, timing, or extent of risk
assessment procedures.
• Perform analytical procedures.
Page 10 of 35Checkpoint | Document
5/24/2013https://checkpoint.riag.com/app/view/toolItem?usid=bc03cp207942&feature=ttoc&lastCp...
• Conduct a discussion among all key engagement team members, including the engagement partner,
regarding the risks of material misstatement, including fraud risks.
• Make specified inquiries of the audit committee, management, and others within the company about the
risks of material misstatement, including fraud risks.
After performing risk assessment procedures, Auditing Standard No.12 requires auditors to evaluate how risks
at the financial statement level could affect risks of material misstatement at the assertion level and whether
fraud risk factors are present that should be taken into account in identifying and assessing fraud risks. The
auditor's evaluation of fraud risk factors should (a) include evaluation of how fraud could be perpetrated or
concealed by presenting incomplete or inaccurate disclosures or by omitting disclosures, (b) presume there is a
fraud risk involving improper revenue recognition, and (c) consider the risk of management override of controls.
100.24 Auditing Standard No. 13, The Auditor's Responses to the Risks of Material Misstatement.
This standard describes the auditor's responsibilities for designing and implementing both overall responses and
responses involving the nature, timing, and extent of auditing procedures to address the risks of material
misstatement. Among other things, Auditing Standard No. 13 requires auditors to—
• Implement overall responses to address the risks of material misstatement due to both error and fraud,
including appropriately assigning engagement responsibilities to the engagement team and providing
appropriate supervision, incorporating elements of unpredictability in performing audit procedures, and
evaluating the appropriateness of the entity's significant accounting principles.
• Consider the types, likelihood, and magnitude of potential misstatements, and obtain more persuasive
audit evidence the higher the auditor's assessment of risk.
• Perform substantive procedures, including tests of details, to respond to significant risks, including fraud
risks.
• Perform tests of controls if the auditor plans to assess control risk at less than the maximum by relying on
controls and for each relevant assertion for which substantive procedures alone cannot provide sufficient
appropriate audit evidence.
Page 11 of 35Checkpoint | Document
5/24/2013https://checkpoint.riag.com/app/view/toolItem?usid=bc03cp207942&feature=ttoc&lastCp...
• Obtain more persuasive audit evidence from tests of controls the greater the reliance the auditor places on
the effectiveness of a control and for each relevant assertion for which the audit approach consists primarily
of tests of controls.
• When testing the operating effectiveness of controls, include procedures to determine whether the person
performing the control possesses the necessary authority and competence to perform the control
effectively.
• When auditors plan to rely on controls tested in past audits, obtain audit evidence in the current audit
about the design and operating effectiveness of the controls.
• Assess control risk for relevant assertions.
• Perform substantive procedures for each relevant assertion of each significant account and disclosure,
regardless of the assessed level of control risk, including procedures related to the period-end financial
reporting process.
• When substantive procedures are performed at an interim date, perform substantive procedures or
substantive procedures together with tests of controls that provide a basis to extend the interim conclusions
to the period end.
100.25 Auditing Standard No. 14, Evaluating Audit Results.
This standard describes the auditor's responsibilities to evaluate whether the audit evidence obtained is
sufficient to support the auditor's opinion on the financial statements. Among other things, Auditing Standard No.
14 requires auditors to—
• Perform analytical procedures in the overall review of the financial statements, including analytical
procedures relating to revenue through the end of the period, and evaluate whether they indicate a
previously undisclosed risk of material misstatement.
• Evaluate whether differences between estimates best supported by the audit evidence and estimates
included in the financial statements, which are individually reasonable, indicate possible bias on the part of
the company's management.
Page 12 of 35Checkpoint | Document
5/24/2013https://checkpoint.riag.com/app/view/toolItem?usid=bc03cp207942&feature=ttoc&lastCp...
• Accumulate misstatements identified during the audit, other than those that are “clearly trivial.”
Misstatements that are clearly trivial will be of a smaller magnitude than the materiality level established in
accordance with Auditing Standard No. 11, Consideration of Materiality in Planning and Performing an
Audit, and will be inconsequential, whether taken individually or in the aggregate, and whether judged by
any criteria of size, nature, or consequence.
• Evaluate the effect of uncorrected misstatements, including the effects of uncorrected misstatements
detected in prior years and misstatements detected in the current year that relate to prior years.
• Communicate accumulated misstatements to management and evaluate whether management has
properly corrected them and whether uncorrected misstatements, if any, are material.
• Evaluate whether identified misstatements might be indicative of fraud. If so, auditors are required to
obtain additional evidence to determine whether fraud has, or is likely to have, occurred and, in that case,
determine the effect on the financial statements and the auditor's report.
• Evaluate the qualitative aspects of the company's accounting policies, including potential bias in
management's judgments and estimates, and determine whether the effects of any bias, together with any
uncorrected misstatements, materially misstates the financial statements.
• If management identifies adjusting entries that offset misstatements accumulated by the auditor, perform
procedures to determine why the misstatements were not previously identified and evaluate the implications
on management integrity and the auditor's risk assessments.
• Consider the form, arrangement, and content of the financial statements and accompanying notes,
including the terminology used, the amount of detail given, and classification of items in the financial
statements, and the basis of amounts presented to evaluate whether the financial statements are fairly
presented.
100.26 Auditing Standard No. 15, Audit Evidence.
Page 13 of 35Checkpoint | Document
5/24/2013https://checkpoint.riag.com/app/view/toolItem?usid=bc03cp207942&feature=ttoc&lastCp...
This standard describes the principles for determining the sufficiency and appropriateness of audit evidence,
how the characteristics of audit evidence affect the procedures necessary to obtain sufficient appropriate
evidence to support the auditor's opinion, specific types of audit procedures, and alternative means of selecting
items for testing. Auditing Standard No. 15 requires auditors to—
• When using information produced by the company as audit evidence, test the accuracy and completeness
of the information and evaluate whether it is sufficiently precise and detailed for the auditor's purposes.
• Determine the appropriate means of selecting items for testing (selecting all items, selecting specific
items, or audit sampling) depending on the nature of the audit procedure, the characteristics of the control
or items being tested, and the evidence necessary to meet the objective of the audit procedure.
100.27 PCAOB Auditing Standard. No. 16 1
On August 15, 2012, the PCAOB issued Auditing Standard No. 16, Communications with Audit Committees,
which supersedes AU 380, Communications with Audit Committees, and AU 310, Appointment of the
Independent Auditor, and amends certain other PCAOB standards.
100.28 The standard carries forward substantially all of the required communications in the PCAOB's existing
interim standards and significantly expands required communications and audit procedures aimed at enhancing
communications between auditors and audit committees. Some of the required communications are to take
place during the planning phase of the audit, others are required on an ongoing basis throughout the audit, and
several would take place during the concluding phase of the audit. The standard requires that communications
occur in a timely manner. The timing of a particular communication, unless otherwise specified, depends on
factors such as the significance of the matter and corrective or follow-up action needed. The communication can
be made with the audit committee chair to facilitate timely communication during the audit. All communications
are required to be made annually prior to the issuance of the auditor's report, or in the case of interim reviews,
before the interim financial statements are filed. Unless otherwise specified, the communications can be in
writing or made orally. Regardless of whether the communications are oral or written, they should be
documented in sufficient detail to allow an experienced auditor having no previous connection with the
engagement to understand the communications made.
100.29 The most significant provisions in the standard, in addition to existing requirements, require the auditor
to communicate:
• The terms of the engagement, on an annual basis, upon establishing an understanding specifically with
the audit committee and documented in a written engagement letter provided to the audit committee. In
addition, if the engagement letter is executed by an appropriate party other than the audit committee or its
chair, the auditor should determine that the audit committee acknowledged and agreed to the terms.
Page 14 of 35Checkpoint | Document
5/24/2013https://checkpoint.riag.com/app/view/toolItem?usid=bc03cp207942&feature=ttoc&lastCp...
• Significant issues the auditor discussed with management in connection with appointment or retention,
including significant discussions about the application of accounting principles and auditing standards.
• An overview of the audit strategy, including a discussion of the significant risks identified by the auditor,
and the timing of the audit, including the following:
•• Nature and extent of specialized skill or knowledge needed to perform appropriate risk
assessments, plan or perform audit procedures, or evaluate audit results.
•• Planned use of the company's internal audit function in both the financial statement and internal
control audits.
•• For audits of internal control over financial reporting, the extent to which the auditor plans use
other company personnel and third parties working under the direction of management.
•• Names, locations, and planned responsibilities of other public accounting firms and other
persons, including affiliated firms, participating in the audit.
•• Basis for the auditor's determination that the firm can serve as principal auditor.
• Any significant changes to the planned audit strategy or the significant risks initially identified and the
reasons for the changes.
• Significant accounting policies and practices, including (a) management's initial selection of or changes in
significant accounting policies and practices in the current period and (b) the effect on financial statements
or disclosures of significant accounting policies in controversial areas or areas for which there is a lack of
authoritative guidance or consensus or diversity in practice.
Page 15 of 35Checkpoint | Document
5/24/2013https://checkpoint.riag.com/app/view/toolItem?usid=bc03cp207942&feature=ttoc&lastCp...
• Critical accounting policies and practices, including (a) the reasons certain policies are considered critical
and (b) how current and anticipated future events might affect the determination of whether certain policies
and practices are considered critical.
• Critical accounting estimates, including (a) a description of the process management uses to develop
critical accounting estimates, any changes management made to those processes, their reasons for the
changes, and the effect on the financial statements, and (b) management's assumptions used in critical
accounting estimates that have a high degree of subjectivity.
• Significant unusual transactions that are outside the normal course of business or that otherwise are
unusual due to their timing, size, or nature and the policies and practices management used to account for
significant unusual transactions.
• Quality of the company's financial reporting including the following:
•• Evaluation of and conclusion about the qualitative aspects of the company's significant
accounting policies and practices, including bias in management's judgments reflected in the
financial statements and disclosures. Auditing Std. 14 provides the following examples of
management bias: (1) the selective correction of misstatements brought to management's
attention during the audit, (2) the identification by management of additional adjusting entries that
offset misstatements accumulated by the auditor, (3) bias in the selection and application of
accounting principles, and (4) bias in accounting estimates.
•• Evaluation of the differences between estimates best supported by the audit evidence and
estimates included in the financial statements that indicate possible management bias.
•• Assessment of management's disclosures related to the company's critical accounting policies
and any changes to those disclosures that the auditors proposed that management did not make.
•• Auditor's understanding of the business rationale for significant unusual transactions.
Page 16 of 35Checkpoint | Document
5/24/2013https://checkpoint.riag.com/app/view/toolItem?usid=bc03cp207942&feature=ttoc&lastCp...
•• Basis for the auditor's conclusions regarding the reasonableness of the company's critical
accounting estimates.
•• Evaluation of whether the presentation of the financial statements and the related disclosures
are in conformity with GAAP.
•• Concern regarding management's anticipated application of accounting pronouncements that
have been issued but are not yet effective and might have a significant effect on future financial
reporting. (For example, for financial statements that are prepared on the basis of accounting
principles that are acceptable at the financial statement date but that will not be acceptable in the
future, AU 9410 requires the auditor to consider whether disclosures regarding the impending
change in principle and effects that may result on the required future adoption of accounting
principle are adequate.)
•• All alternative treatments permissible under the applicable financial reporting framework for
policies and practices related to material items that have been discussed with management,
including the ramifications of the use of such alternative disclosures and treatments and the
treatment preferred by the auditor.
• Matters that are difficult or contentious for which the auditor has consulted outside the engagement team
when relevant to the audit committee's oversight of the financial reporting process.
• Significant auditing or accounting matters about which management has consulted other accountants
when the auditor has concerns about such matters.
• The fact that uncorrected misstatements or matters underlying them could potentially cause future period
financial statements to be materially misstated even if the auditor has concluded that the uncorrected
misstatements are immaterial to the financial statements and, if management has not already done so, the
basis for the determination that the uncorrected misstatements were immaterial, including the qualitative
factors considered.
Page 17 of 35Checkpoint | Document
5/24/2013https://checkpoint.riag.com/app/view/toolItem?usid=bc03cp207942&feature=ttoc&lastCp...
• When the auditor has concerns about the company's ability to continue as a going concern: (a) conditions
and events that indicate there is substantial doubt about the company's ability to continue as a going
concern for a reasonable period of time, (b) if substantial doubt is alleviated after consideration of
management's plans, the basis for the auditor's conclusion, and (c) if substantial doubt remains after
consideration of management's plans, the effects on the financial statements, including the adequacy of
disclosure, and the auditor's report.
• When the auditor expects to modify the opinion in the auditor's report or include an explanatory
paragraph, the reasons for the modification or explanatory paragraph, and the proposed wording of the
modification or explanatory paragraph.
• Other material written communications between the auditor and management.
• Auditor's responsibilities with respect to other information in documents containing audited financial
statements, including the auditor's procedures and the results of those procedures.
• Disagreements with management about matters, whether or not satisfactorily resolved, that could be
significant to the company's financial statements or the auditor's report.
• Difficulties encountered in performing the audit.
100.30 In addition to the above communications requirements, the standard also requires the auditor to:
• Provide the audit committee with a schedule of (a) uncorrected misstatements and (b) corrected
misstatements, other than those that are clearly trivial, that, in the auditor's judgment, may not have been
detected except through the auditor's procedures.
• Make inquiries of the audit committee (or its chair) about whether they are aware of other matters that may
be relevant to the audit, including knowledge of violations or possible violations of laws or regulations.
100.31 Auditing Std. No. 16 will be effective for audits of fiscal years beginning on or after December 15, 2012.
As with all new standards, adopted by the Board, the SEC must approve the standard for it to become effective.
(The transitional amendments to AU 380 are to be effective for periods that the PCAOB standards become
Page 18 of 35Checkpoint | Document
5/24/2013https://checkpoint.riag.com/app/view/toolItem?usid=bc03cp207942&feature=ttoc&lastCp...
applicable to audits of brokers and dealers, as designated by the SEC on the adoption of its amendments.)
Auditing Std. No. 16, Communications with Audit Committees, can be accessed at
http://pcaobus.org/Rules/Rulemaking/Docket030/Release_2012-004.pdf.
Proposed PCAOB Standards
100.32 Confirmations
On July 13, 2010, the PCAOB issued a proposed auditing standard, Confirmation, which would supersede AU
330, The Confirmation Process, and amend certain other PCAOB standards. The proposed standard carries
forward some of the requirements in the PCAOB's interim standard regarding confirmations and augments
others. In addition, the proposed standard expands the auditor's existing responsibilities to perform confirmation
procedures in certain areas, has been updated to reflect technology advances, proposes additional auditor
responsibilities for confirmation procedures, provides guidance regarding designing confirmation requests and
determining the types of confirmation requests to send, and expands the auditors' responsibilities for evaluating
confirmation responses, including electronic confirmation responses, responses that represent exceptions, and
responses that include disclaimers and restrictive language.
100.33 The most significant changes in proposed standard would—
• Require auditors to perform confirmation procedures for—
•• Receivables that arise from credit sales, loans, or other transactions, including purchased loans,
accounts receivable, royalty receivables, lease receivables, and notes receivables.
•• Cash, including, when appropriate, cash accounts with an immaterial or zero balance, and other
relationships with financial institutions (such as lines of credit, other debt, compensating balance
arrangements, and contingent liabilities, including guarantees).
•• The purpose of responding to significant risks relating to relevant assertions that can be
adequately addressed by confirmation procedures.
• Not carry forward from the interim standard the exceptions for not confirming receivables when (a)
accounts receivable are immaterial, (b) the use of confirmations would be ineffective, or (c) the auditor's
combined assessed level of inherent and control risk is low, and that assessed level together with other
substantive tests is sufficient to reduce audit risk to an acceptably low level.
Page 19 of 35Checkpoint | Document
5/24/2013https://checkpoint.riag.com/app/view/toolItem?usid=bc03cp207942&feature=ttoc&lastCp...
• State that an oral response to a confirmation request is audit evidence, but it does not constitute a
confirmation response.
• Permit confirmation response by electronic or other media and by direct access in certain circumstances.
• Include additional requirements regarding maintaining control over the confirmation process. Among other
things, auditors would be required to perform procedures to determine the validity of the addresses on
confirmations and to request confirming parties to respond directly to the auditor and obtain another
response if the responding party sends the confirmation to anyone other than the auditor.
• Preclude auditors from using internal auditors to send confirmation requests, receive confirmation
responses, or to evaluate audit evidence obtained from performing confirmation procedures. (However,
auditors could consider work of internal auditors in deciding on the timing of the auditor's confirmation
procedures or the number of accounts to confirm.)
• Require auditors to perform—
•• Other substantive procedures to supplement the use of negative confirmation requests.
•• Substantive procedures if management requests the auditor not to confirm certain accounts,
balances, or other items.
•• Alternative procedures for all nonresponses to positive confirmation requests.
• Require auditors to obtain a response to a positive confirmation request as a condition of obtaining
sufficient appropriate audit evidence when—
•• Information to corroborate management's assertions is available only outside the company.
Page 20 of 35Checkpoint | Document
5/24/2013https://checkpoint.riag.com/app/view/toolItem?usid=bc03cp207942&feature=ttoc&lastCp...
•• Specific fraud risk factors, such as the risk of management override of controls or the risk of
collusion, prevent the auditors from relying on evidence from the company.
• Perform procedures to address the risks that electronic confirmation responses might not be reliable.
• Perform procedures to evaluate the effect of disclaimers and restrictive language on the reliability of a
confirmation response.
100.34 In addition, amendments to PCAOB interim standards proposed in conjunction with the auditing standard
on confirmations would, among other things—
• Amend the interim standard, The Auditor's Consideration of the Internal Audit Function in an Audit of
Financial Statements (AU 322), to remove reference to “assertions about the existence of cash” as an
example of assertions that might have a low risk of material misstatement or involve a low degree of
subjectivity in the evaluation of audit evidence such that the results of work performed by internal auditors
may render direct testing by auditors unnecessary.
• Amend the interim standard, Management Representations (AU 333), to add the following representations
to the written representations auditors should obtain from management about specific items:
•• If management requests the auditor not confirm certain accounts, balances, or other items and
the auditor agrees to management's request, the reason for management's request.
•• If the auditor does not receive a response to a positive confirmation request when confirming the
terms of a significant transaction or agreement, the terms of the transaction or agreement.
100.35 The comment period for the proposed standard ended on September 13, 2010. Any final standard the
PCAOB adopts will be submitted to the SEC for approval and will be effective upon approval by the SEC. The
PCAOB's strategic plan indicates that the Board will adopt or repropose the proposed standard in the fourth
quarter of 2012. A future edition of this Guide will fully incorporate any final standard issued. Auditors should be
alert for the issuance of the final standard and assess its applicability to engagements beginning after the
Page 21 of 35Checkpoint | Document
5/24/2013https://checkpoint.riag.com/app/view/toolItem?usid=bc03cp207942&feature=ttoc&lastCp...
effective date. The proposed standard and its current status can be accessed at
www.pcaobus.org/Rules/Rulemaking/Pages/Docket028.aspx.
100.36 Improving Transparency
On October 11, 2011, the PCAOB issued a proposed auditing standard, Improving the Transparency of Audits:
Proposed Amendments to PCAOB Auditing Standards and Form 2, which would amend its standards to bring
greater transparency to public company audits by requiring (a) registered public accounting firms to disclose the
name of the engagement partner in the audit report and on the PCAOB Annual Report form and (b) disclosure in
the audit report of other accounting firms and other persons not employed by the auditor that took part in the
audit. The proposal follows a Concept Release (Release No. 2009-005), Concept Release on Requiring the
Engagement Partner to Sign the Audit Report, issued in July 2009, which grew, in part, out of the 2008 Final
Report of the Department of the Treasury Advisory Committee on the Auditing Profession [Concept Release on
Requiring the Engagement Partner to Sign the Audit Report (PCAPB Release Bo. 2009-005)] can be accessed
at http://pcaobus.org/Rules/Rulemaking/Pages/Docket029.aspx. The Final Report of the Department of the
Treasury Advisory Committee on the Auditing Profession can be accessed at
http://www.treasury.gov/about/organizational-structure/offices/Documents/final-report.pdf.) The
proposed amendments are discussed in the following paragraphs.
100.37 The proposed amendments would require the audit report to disclose the name of the engagement
partner responsible for the most recent period's audit. Inclusion of the partner's name would not increase or
otherwise affect the duties and obligations of the engagement partner under PCAOB standards. The PCAOB
considered, but decided not to propose, a rule that would require the engagement partner's signature to be
included in the audit report. Thus, the name of the engagement partner would be disclosed and the only
signature included in the audit report would be the signature of the firm issuing the report. The changes would
be made by amending AU 508, Reports on Audited Financial Statements, and Auditing Std. No. 5, An Audit of
Internal Control Over Financial Reporting That Is Integrated with An Audit of Financial Statements, which
describe the required elements of the audit report. The Board also is proposing conforming amendments to
certain other PCAOB standards that include examples of the audit report.
100.38 The disclosure would be accomplished by adding a sentence to the audit report as follows:
The engagement partner responsible for the audit for the [Period] ended [Date] was
[Name] .
Because the proposed amendments require the name of the engagement partner to be disclosed only for the
most recent period's audit, when another engagement partner is responsible for other periods included in
comparative financial statements, disclosure of the other partner's name is not required. The proposed
amendments also provide examples of how the name of the engagement partner would be disclosed when all
periods presented were audited during one audit engagement (e.g., in an initial public offering, single-period
audit, or re-audit), and when financial statements are dual-dated and the firm has changed engagement
partners since the original report date.
100.39 The proposed amendments also would amend PCAOB Rule 2201, which requires each registered firm
to file an annual report on Form 2 that provides basic information about the firm and the firm's issuer-related
Page 22 of 35Checkpoint | Document
5/24/2013https://checkpoint.riag.com/app/view/toolItem?usid=bc03cp207942&feature=ttoc&lastCp...
practice over the most recent 12-month period. Item 4.1 of Form 2 requires the firm to provide, for any audit
reports issued during the reporting period, the issuer's name, the issuer's CIK number (if it has one), and the
date of the audit report. The proposed amendments would add to Item 4.1 a requirement for firms to disclose
the name of the engagement partner. Disclosure of the name of the engagement partner on Form 2 would make
that information available in one place that could be easily retrieved since such reports are posted on the
Board's website.
100.40 Finally, in many public company audits, the accounting firm issuing the audit report does not perform
100% of the audit procedures. This may be especially common in (but not limited to) audits of companies with
operations in more than one country or audits of the company's foreign operations for which audit procedures
are performed by other accounting firms or other participants in the audit not employed by the auditor. The
proposed amendments would require disclosure in the audit report when the auditor (a) assumes responsibility
for or supervises the work of another independent public accounting firm or supervises the work of a person that
performed audit procedures on the audit, and (b) divides responsibility with another independent public
accounting firm. Specifically, when assuming responsibility or supervising the work of others, the auditor would
be required to disclose the name, location, and extent of participation in the audit of (a) independent public
accounting firms for whose audit the auditor assumed responsibility under AU 543, Part of Audit Performed by
Other Independent Auditors, and (b) independent public accounting firms or other persons not employed by the
auditor that performed audit procedures on the most recent period's audit and whose work the auditor was
required to supervise as required by Auditing Std. No. 10, Supervision of the Audit Engagement. When dividing
responsibility, the auditor would be required to disclose the name and location of another independent public
accounting firm that audited the financial statements of one or more subsidiaries, divisions, branches,
components, or investments included in the financial statements of the company, to which the auditor makes
reference in the audit report on the consolidated financial statements and, when applicable, the report on
internal control over financial reporting.
100.41 The comment period for the proposed amendments ended on January 12, 2012. Any final standard the
PCAOB adopts will be submitted to the SEC for approval and will be effective upon approval by the SEC. A
future edition of this Guide will fully incorporate any final standard issued. Auditors should be alert for the
issuance of the final standard and assess its applicability to engagements beginning after the effective date. The
proposed standard and its current status can be accessed at
http://pcaobus.org/Rules/Rulemaking/Docket029/PCAOB_Release_2011-007.pdf.
100.42 Attestation Standards Relating to Audits of Brokers and Dealers
The Dodd-Frank Wall Street Reform and Consumer Protection Act amended the Sarbanes-Oxley Act to give the
PCAOB oversight authority with respect to audits of brokers and dealers that are registered with the SEC. Thus,
the PCAOB now has responsibility for standard-setting, inspections, investigations, and disciplinary proceedings
for registered accounting firms' audits of brokers and dealers, including broker-dealers that are nonissuers. (See
paragraph 101.5.) 2 In July 2011, the PCAOB issued two proposed attestation standards that provide
requirements for examining or reviewing the assertions in the broker's or dealer's compliance report or
exemption report as indicated in the SEC's proposed amendments to Rule 17a-5 of the Securities Exchange Act
of 1934. 3 In addition, the PCAOB also proposed a new standard on auditing supplemental information
Page 23 of 35Checkpoint | Document
5/24/2013https://checkpoint.riag.com/app/view/toolItem?usid=bc03cp207942&feature=ttoc&lastCp...
accompanying audited financial statements that addresses supplemental information of broker-dealers and
other issuers that file with the SEC. The following is a summary of the proposed standards:
• Examination Engagements Regarding Compliance Reports of Brokers and Dealers. The proposed
attestation standard would require auditors to obtain evidence to express an opinion on the assertions of
the broker or dealer in the compliance report. In addition, it provides proposed requirements for a risk-
based approach for the examination. The proposed requirements are designed to be scalable for the size
and complexity of the broker-dealer. In addition, the requirements would coordinate the examination
engagement with the audit of the financial statements and supplemental information. The proposed
standard includes requirements for the auditor's report, as well as an illustrative report.
• Review Engagements Regarding Exemption Reports of Brokers and Dealers. The proposed attestation
standard provides requirements for making inquiries and performing other procedures directed to the
auditor's responsibility to obtain moderate assurance that the broker or dealer meets the identified
conditions for an exemption from Exchange Act Rule 15c3-3. The procedures allow the auditor to scale the
engagement based on the size and complexity of the broker-dealer. As part of the procedures, the auditor
would evaluate relevant evidence obtained from the audit of the financial statements and supplemental
information. The proposed standard includes reporting requirements and an illustrative report.
The comment period for the proposed attestation standards ended on September 12, 2011. The PCAOB's
Release No. 2011-004 can be found on the PCAOB's website at
http://pcaobus.org/Rules/Rulemaking/Docket035/PCAOB_Release_2011-004.pdf.
100.43 Supplemental Information Accompanying Audited Financial Statements
PCAOB Release No. 2011-005, Auditing Supplemental Information Accompanying Audited Financial
Statements and Related Amendments to PCAOB Standards, proposes an auditing standard that applies when
the auditor is engaged to audit and report on whether supplemental information is fairly stated, in all material
respects, in relation to the financial statements as a whole. The proposed standard would supersede AU 551,
Reporting on Information Accompanying the Basic Financial Statements in Auditor-Submitted Documents. The
proposed standard would apply whenever the auditor is engaged to audit and report on supplemental
information that accompanies the audited financial statements. The supplemental information includes the
supporting schedules required by the SEC's broker-dealer financial reporting rule (see paragraph 100.49) or
other audited supplemental information included in SEC filings, whether required by another regulatory body or
voluntarily submitted by the issuer. The proposed standard retains the existing language in the auditor's report
currently required by AU 551 stating that the opinion on the supplemental information is fairly stated “in relation
to the financial statements as a whole.” Existing PCAOB standards, however, will be enhanced by the proposed
standard by (a) requiring procedures to test and evaluate supplemental information and (b) promoting
coordination between the work on the supplemental information and that of the financial statement audit, as well
as other engagements, such as the compliance attestation engagement for brokers and dealers.
Page 24 of 35Checkpoint | Document
5/24/2013https://checkpoint.riag.com/app/view/toolItem?usid=bc03cp207942&feature=ttoc&lastCp...
100.44 The comment period for the proposed standard ended on September 12, 2011. PCAOB Release No.
2011-005 can be found on the PCAOB's website at
http://pcaobus.org/Rules/Rulemaking/Docket036/PCAOB_Release_2011-005.pdf.
100.45 Related Parties and Significant Unusual Transactions
On February 28, 2012, the PCAOB proposed a new auditing standard on related parties, along with
amendments to various auditing standards relating to significant unusual transactions. The proposals are being
issued in response to past financial reporting frauds that involve relationships and transactions with related
parties, significant unusual transactions, and certain transactions and relationships with executive officers. The
proposals also consider the Board's inspection activities, comments from the PCAOB's Standing Advisory
Group (SAG), and international developments. The proposed auditing standard, Related Parties; Proposed
Amendments to Certain PCAOB Auditing Standards Regarding Significant Unusual Transactions; and Other
Proposed Amendments to PCAOB Auditing Standards, is intended to strengthen existing procedures for
identifying, assessing, and responding to risks of material misstatement pertaining to related party and
significant unusual transactions. The proposed guidance complements and builds upon the existing risk
assessment standards. The proposed standard would supersede the PCAOB existing interim auditing standard,
AU 334, Related Parties, and also proposes amendments to AU 316, Consideration of Fraud in a Financial
Statement Audit. Among other things, the proposed standard contains the following auditor requirements:
• Identifying and Understanding Related Parties and Transactions. The auditor would be required to perform
procedures to identify related parties, obtain an understanding of the nature of the relationship with such
parties, and understand the business purpose and terms of related party transactions. The auditor would be
required to understand the controls over (a) identifying related parties and transactions, (b) the
authorization and approval of related party transactions, and (c) the accounting and disclosure for such
relationships and transactions. In addition, the auditor would be required to make certain inquiries of
management, other employees, and the audit committee about related parties and associated transactions.
• Procedures for Transactions Disclosed or Considered Significant Risks. The auditor would be required to
perform specific procedures for each related party transaction (or type of transaction) that is required to be
disclosed or is deemed to be a significant risk. The auditor would read underlying documentation; determine
whether transactions have been authorized and approved; and evaluate the financial capability of the
related party with respect to uncollected balances, guarantees, or other obligations, when applicable.
• Undisclosed Related Parties and Transactions. The proposed standard would require the auditor to
evaluate whether information that comes to the auditor's attention during the audit indicates undisclosed
related parties, relationships, or transactions. Furthermore, if the auditor determines that such matters exist,
the proposed guidance would require the performance of certain specific procedures. Among other things,
the auditor would (a) determine why the related party or transaction was undisclosed, (b) assess whether
procedures are needed to identify additional relationships or transactions, (c) perform the procedures
Page 25 of 35Checkpoint | Document
5/24/2013https://checkpoint.riag.com/app/view/toolItem?usid=bc03cp207942&feature=ttoc&lastCp...
required for significant risk related party transactions, and (d) evaluate the implications on the internal
control assessment and the audit, if fraud or an illegal act is suspected.
• Audit Committee Communications. According to the proposal, the auditor would communicate the
auditor's evaluation of the company's identification, accounting, and disclosure of relationships and
transactions with related parties. In addition, the auditor would communicate other significant matters
regarding the company's relationships and transactions with related parties.
100.46 The Board's proposal includes amendments to AU 316, Consideration of Fraud in a Financial Statement
Audit, as well as other standards, to strengthen the evaluation of significant unusual transactions. In addition to
other matters, the proposed amendments would require the auditor to—
• perform specific procedures to identify significant unusual transactions;
• perform specific procedures to obtain an understanding of the business purpose of identified significant
unusual transactions; and
• evaluate whether such transactions have been appropriately accounted for and adequately disclosed.
100.47 The PCAOB is also proposing to amend other standards that would complement the proposals on
related parties and significant unusual transactions. Among other things, the amendments would—
• require the auditor to obtain an understanding of the company's financial relationships and transactions
with executive officers as part of the risk assessment;
• require representations from management that there are no undisclosed side agreements or other
arrangements; and
• emphasize the auditor's existing responsibilities to communicate possible fraud to management, the audit
committee, and in certain situations, the SEC or others.
100.48 The Board anticipates that the proposals would be effective, subject to SEC approval, for audits of fiscal
years beginning on or after December 15, 2012. Comments on the proposals are due by May 15, 2012. PCAOB
Release No. 2012-001, Proposed Auditing Standard—Related Parties; Proposed Amendments to Certain
Page 26 of 35Checkpoint | Document
5/24/2013https://checkpoint.riag.com/app/view/toolItem?usid=bc03cp207942&feature=ttoc&lastCp...
PCAOB Auditing Standards Regarding Significant Unusual Transactions; and Other Proposed Amendments to
PCAOB Auditing Standards, can be found at
http://pcaobus.org/Rules/Rulemaking/Docket038/Release_2012-001_Related_Parties.pdf.
AICPA Statement on Quality Control Standard No. 8
100.49 In 2007, the AICPA issued Statement on Quality Control Standards (SQCS) No. 7, A Firm's System of
Quality Control. SQCS No. 7 superseded and replaced all of the AICPA quality control standards that existed at
the time. SQCS No. 7 comprehensively addressed the quality control practices over a firm's accounting and
auditing practice and placed an unconditional obligation on the firm to establish a QC system designed to
provide reasonable assurance that the firm (a) complies with professional standards and legal and regulatory
requirements and (b) issues reports that are appropriate in the circumstances. In October 2011, the AICPA
issued Statement on Quality Control Standard No. 8, A Firm's System of Quality Control, which supersedes
SQCS No. 7 and applies to a CPA firm's system of quality control for its accounting and auditing practice as of
January 1, 2012.
100.50 Since SQCS No 8 was issued by the AICPA after 2003, it is not included in the Interim Quality Control
Standards adopted by the PCAOB. As a result, it does not address the quality control ramifications of PCAOB
standards that must be followed by auditors of issuers, nor do they include any modifications that may be
necessary for a firm's system of quality control to conform to PCAOB Standards. However, in certain areas,
SQCS No. 8 incorporates requirements that are more comprehensive than existing PCAOB Interim Quality
Control Standards. The authors believe that following the requirements of SQCS No. 8 in those areas is prudent
and can increase engagement effectiveness. Further, the authors believe that firms will not ordinarily establish
less rigorous QC policies and procedures for audits of issuers than those required for audits of nonissuers.
Thus, when requirements of SQCS No. 8 are more stringent than those of the PCAOB Interim Quality Control
Standards, such requirements have been incorporated throughout this Guide.
1 The PCAOB's proposed auditing standard, Confirmation, which would supersede AU 330, would also require
auditors to communicate to the audit committee any management requests that the auditor not confirm certain
accounts, balances, or other items. The proposed auditing standard is discussed beginning at paragraph
100.32.
2 The provisions of PCAOB Release No. 2011-001, Temporary Rule for an Interim Program of Inspection
Related to Audits of Brokers and Dealers, and PCAOB Release No. 2011-002, Board Funding; Final Rules for
Allocation of the Board's Accounting Support Fee Among Issuers, Brokers, and Dealers, and Other
Amendments to the Board's Funding Rules, are discussed in Chapter 10.
3 In June 2011, the SEC proposed rules in Release No. 34-64676, Broker-Dealer Reports, that would amend
the broker-dealer financial reporting in Rule 17a-5 of Securities Exchange Act of 1934 to, among other things,
require the annual report to include a financial report and either a compliance report examined by an auditor or
an exemption report reviewed by an auditor performed in accordance with PCAOB standards. (Currently, the
existing auditing requirements mandate an audit be performed in accordance with GAAS and other
Page 27 of 35Checkpoint | Document
5/24/2013https://checkpoint.riag.com/app/view/toolItem?usid=bc03cp207942&feature=ttoc&lastCp...
requirements and performed under the audit and attest standards of the AICPA, including the AICPA Audit &
Accounting Guide, Brokers and Dealers in Securities.) See further discussion in section 1004.
© 2012 Thomson Reuters/PPC. All rights reserved.
END OF DOCUMENT -
© 2013 Thomson Reuters/RIA. All rights reserved.
Page 28 of 35Checkpoint | Document
5/24/2013https://checkpoint.riag.com/app/view/toolItem?usid=bc03cp207942&feature=ttoc&lastCp...
Checkpoint Contents
Accounting, Audit & Corporate Finance Library
Editorial Materials
Audit and Attest
PCAOB Audits
Chapter 1 Overview
101 How to Use This Guide
101 How to Use This Guide
101.1 This Guide provides a step-by-step approach to providing audit services to issuers under PCAOB
standards. It is designed to help firms comply with PCAOB standards as well as appropriate SEC measurement
and disclosure requirements. The Guide is divided into two sections—text and practice aids. The text portion
(Chapters 1-10, located in Volumes 1 and 2) describes the authors' suggested audit approach and should be
read by all engagement team members who are performing a financial statement audit only or an integrated
audit under the PCAOB standards. The practice aids, which are located in Volumes 2-4, should be tailored for
the unique aspects of each engagement and can be used to document much of the auditor's work.
101.2 This Guide provides guidance to auditors who are performing an integrated audit, as well as auditors who
are performing a financial statement audit only. If an integrated audit of an entity is not required, an audit of
financial statements only may be performed. In addition to the entities discussed in paragraph 100.15, there are
limited circumstances in which an integrated audit is not required, such as for audits of investment companies.
Performing Audits of Nonpublic Entities Using PCAOB Standards
101.3 As noted in the preceding paragraph, this Guide was developed to help firms who audit issuers. However,
the PCAOB standards can be used in audits of nonpublic entities as well. In fact, some regulatory agencies are
considering the option of requiring use of PCAOB standards in certain cases. Firms that wish to use this Guide
as a tool in auditing nonpublic entities should consider the guidance in the PCAOB Staff Question and Answer
document entitled Audits of Financial Statements of Non-issuers Performed Pursuant to the Standards of the
Public Company Accounting Oversight Board. This document can be found
at www.pcaobus.org/Standards/QandA/06-30-2004.pdf.
101.4 In addition, financial statements of nonpublic broker-dealers for fiscal years ending after Dec. 31, 2008,
must be certified by a registered public accounting firm. In January 2010, the PCAOB issued Staff Questions
and Answers, Registration of Broker-Dealer Auditors, to address the registration of auditors of nonpublic broker-
dealers. Issues addressed in the guidance include the registration process, including timing and fees; the extent
to which applications are public and the process for seeking confidential treatment; and obligations associated
with being registered, including annual and special reporting requirements. The Q&As can be accessed at
Page 29 of 35Checkpoint | Document
5/24/2013https://checkpoint.riag.com/app/view/toolItem?usid=bc03cp207942&feature=ttoc&lastCp...
http://pcaobus.org/Registration/Auditors/Documents/Staff_QAs_on_the_Registration_of_Broker-
Dealers.pdf.
101.5 Section 982 of the Dodd-Frank Wall Street Reform and Consumer Protection Act (the Dodd-Frank Act),
which was signed into law in July 2010, amends the Sarbanes-Oxley Act to (a) require auditors of all broker-
dealers to register with the PCAOB and (b) authorize the PCAOB to establish auditing and related attestation,
quality control, ethics, and independence standards to be used by registered public accounting firms regarding
audit reports included in broker-dealer filings with the SEC. SEC Release No. 34-62991, issued on September
24, 2010, provides guidance to clarify the application of certain SEC rules, regulations, releases, and staff
bulletins in light of the authority granted to the PCAOB in Section 982 of the Dodd-Frank Act. The Dodd-Frank
Act can be found at www.gpo.gov/fdsys/pkg/BILLS-111hr4173enr/pdf. SEC Release 34-62991 can be
accessed at http://sec.gov/rules/interp/2010/34-62991.pdf. See Chapter 10 for further discussion of SEC
Release 34-62991.
Library Resources
101.6 This Guide is an audit engagement guidance product that provides an auditor the tools necessary to
perform recurring audits and interim reviews under PCAOB standards and related SEC measurement and
disclosure requirements. However, the Guide is not intended to address audits of initial public offerings (IPOs) in
connection with the Securities and Exchange Act of 1933 or to be a comprehensive source of information about
SEC rules and regulations. Instead, it should be considered an important component of a professional library
that includes additional resources. Some of the resources that the authors suggest are as follows:
• A copy of the Sarbanes-Oxley Act of 2002. Copies of this act are usually available in comprehensive SEC
services such as www.sec.gov/about/laws.shtml#secexact1934 and the ones cited below. In addition,
the act can be found on the Internet in several locations, including
www.law.uc.edu/CCL/SOact/soact.pdf. Other federal securities laws and regulations, including S-X and
S-K, can also be found at www.law.uc.edu/CCL/xyz/sldtoc.html.
• All PCAOB standards, including the interim standards of the AICPA, as well as standards issued by the
PCAOB and approved by the SEC. PPC offers a comprehensive PCAOB standards package in CD-ROM
and online formats. In addition, these standards are included on Checkpoint, an online resource offered by
Thomson Reuters. [PPC resources can be ordered by calling (800) 431-9025 or at
ppc.thomsonreuters.com; to order Checkpoint, call the Thomson Reuters order department at (800) 950-
1216 or visit ria.thomsonreuters.com.]
• GAAP as contained in the Accounting Standards Codification and updates and superseded standards
issued by the Financial Accounting Standards Board (FASB) and the AICPA. Since financial statements of
public companies must be prepared in accordance with generally accepted accounting principles, a library
that includes the standards as well as other GAAP resources, such as PPC's Guide to GAAP and PPC's
Guide to Preparing Financial Statements, can be very useful. PPC offers comprehensive FASB and AICPA
Page 30 of 35Checkpoint | Document
5/24/2013https://checkpoint.riag.com/app/view/toolItem?usid=bc03cp207942&feature=ttoc&lastCp...
packages in CD-ROM and online formats. In addition, these standards are included on Checkpoint, an
online resource offered by Thomson Reuters. [PPC resources can be ordered by calling (800) 431-9025 or
at ppc.thomsonreuters.com; to order Checkpoint, call the Thomson Reuters order department at (800)
950-1216 or visit ria.thomsonreuters.com.]
FASB Accounting Standards Codification also includes relevant portions of certain SEC rules, regulations,
interpretive releases, and staff guidance pertaining to financial accounting and reporting that are relevant
only to issuers. Examples of such SEC guidance are Regulation S-X, Financial Reporting Releases (FRR),
Accounting Series Releases (ASR), Interpretative Releases (IR), SEC staff guidance in Staff Accounting
Bulletins (SAB), EITF Topic D, and SEC Staff Observer comments. Such guidance is segregated within the
Codification and identified with the same two digit section numbers and titles as the FASB sections, except
that the SEC material is preceded by the letter “S.” In addition, certain topics also include a separate
section—S99, SEC Materials, consisting of SEC content. (The SEC content is included in the FASB's
Accounting Standards Codification as a convenience to users and does not represent the authoritative
sources of such content.)
• Audit and reporting standards of the Securities and Exchange Commission. RIA offers several SEC
services that could be helpful, including SEC Guidelines: Rules and Regulations, which provides all the
major regulations, forms, and official releases of the SEC, and SEC Compliance: Financial Reporting and
Forms, which is a more comprehensive service that includes the official text of rules and regulations,
agency documents and forms, and explanations of all necessary filings. [To order Checkpoint, call the
Thomson Reuters order department at (800) 950-1216 or visit ria.thomsonreuters.com.]
• The Center for Audit Quality (CAQ), an autonomous public policy organization affiliated with the AICPA,
makes available various resources to auditors of public companies, including Alerts that provide information
about developments in accounting, auditing, and regulatory matters, periodic Webcasts on current issues,
comment letters on PCAOB and SEC rulemaking proposals, white papers, technical practice aids, and best
-practice documents. (Certain information is available only to members of the CAQ.) The Center for Audit
Quality can be accessed at http://thecaq.org/index.htm.
• There are numerous resources available online that can be very helpful to auditors of public companies.
One such resource, the SEC/GAAP Watch, is an electronic newsletter that keeps subscribers informed of
the latest SEC, GAAP, and FASB developments regarding accounting, reporting, and disclosure
requirements. This free newsletter is available at ria.thomsonreuters.com/secgaapwatch/.
Page 31 of 35Checkpoint | Document
5/24/2013https://checkpoint.riag.com/app/view/toolItem?usid=bc03cp207942&feature=ttoc&lastCp...
• Auditors should check the PCAOB's website periodically for new content. Not only are new and proposed
standards included on that site, but there are also other useful resources, such as inspection reports and
Staff Questions and Answers. The PCAOB's website can be accessed at www.pcaobus.org.
101.7 Almost all publishers that provide accounting and auditing information do so electronically, offering an
array of resources and information for auditors of public companies. In addition to a complete library of GAAP,
PCAOB, and SEC rules, regulations, and standards, Thomson Reuters, publisher of PPC and RIA brand
products, provides online access to most of its product line on Checkpoint. To see a list of products offered by
PPC and RIA, visit http://ria.thomsonreuters.com/financialreporting/seccompliance/.
© 2012 Thomson Reuters/PPC. All rights reserved.
END OF DOCUMENT -
© 2013 Thomson Reuters/RIA. All rights reserved.
Page 32 of 35Checkpoint | Document
5/24/2013https://checkpoint.riag.com/app/view/toolItem?usid=bc03cp207942&feature=ttoc&lastCp...
Checkpoint Contents
Accounting, Audit & Corporate Finance Library
Editorial Materials
Audit and Attest
PCAOB Audits
Chapter 1 Overview
102 Organization of This Guide
102 Organization of This Guide
102.1 As previously noted, this Guide provides a step-by-step approach to providing audit and review services
for issuers. The following paragraphs discuss the organization of the Guide in more detail.
Chapter 2—“Preliminary Engagement Activities”
102.2 Chapter 2 explains the activities that take place (a) before an engagement is accepted and (b) in the early
planning stages of an engagement. Chapter 2 includes discussions of client acceptance and continuance,
establishing the terms of the engagement, and special planning considerations relating to an initial engagement.
Chapter 3—“Risk Assessment Procedures and Planning”
102.3 Chapter 3's focus is on general planning decisions. General or preliminary planning should be
distinguished from detailed planning of audit procedures, which is the subject of Chapter 6. Preliminary planning
includes deciding on an overall strategy for the audit; obtaining an understanding of the entity and its
environment, including internal control (for a financial statement audit only); making an initial assessment of
audit risk and materiality, considering fraud; and deciding on the overall timing of the engagement. (Auditing
internal control is addressed in Chapter 5.)
Chapter 4—“Management's Responsibility for Internal Control”
102.4 Chapter 4 is the first of two chapters related to the procedures that should be performed in auditing a
client's internal control over financial reporting. Among other topics, this chapter discusses the framework (such
as COSO) used by management to evaluate its internal controls. The chapter discusses COSO's 1992 report,
Internal Control—Integrated Framework, 4 as well as its 2006 report, Internal Control over Financial
Reporting—Guidance for Smaller Public Companies. Internal control frameworks commonly used in Canada
and the United Kingdom are also included in this discussion. In addition, this chapter discusses management's
responsibilities for assessing and reporting on internal control over financial reporting. Chapter 4 also includes a
section on special considerations for smaller public companies that may not have the strong segregation of
duties that larger companies have.
Chapter 5—“Auditing Internal Control over Financial Reporting”
Page 33 of 35Checkpoint | Document
5/24/2013https://checkpoint.riag.com/app/view/toolItem?usid=bc03cp207942&feature=ttoc&lastCp...
102.5 Chapter 5 provides an overview of the process that should be followed when performing an audit of a
company's internal control over financial reporting. The guidance in this chapter along with the practice aids in
Volume 3 of the Guide are designed to walk an auditor through all stages of the internal control audit process,
from the initial planning phase through all phases of the audit. Chapter 5 also discusses the requirements
related to Auditing Std. No. 4 on performing voluntary engagements to determine whether previously reported
material weaknesses in internal control over financial reporting continue to exist as of a date specified by
management.
Chapter 6—“Assessing Risks and Developing the Detailed Audit Plan”
102.6 Chapter 6 focuses on (a) assessing the risks identified by the auditor throughout the process of
performing the risk assessment procedures and (b) selecting responses that are appropriate to address those
risks. Chapter 6 includes discussions of financial statement assertions, identifying and assessing risks at the
assertion level, considering fraud risks, and responding to the risk assessment and preparing the detailed audit
plan.
Chapter 7—“Substantive Procedures and Documentation”
102.7 Chapter 7 discusses substantive procedures, which consist of tests of details and substantive analytical
procedures. Included in the chapter is a discussion of substantive procedures required in every audit, choosing
substantive procedures, performing tests of details, performing substantive analytical procedures, responding to
fraud risks, considerations when performing interim audit procedures, and audit documentation and retention.
Chapter 8—“General Procedures and Summary Documentation”
102.8 Chapter 8 discusses several important procedures that are more general in nature and not necessarily
affected by the auditor's risk assessments. Topics include the following:
• Procedures to search for commitments and contingencies, including obtaining lawyers' letters.
• Procedures to search for subsequent events that occur after the balance sheet date that affect either the
company's financial statements or its internal control over financial reporting.
• Procedures to identify and evaluate the disclosure of related-party transactions.
• Evaluating whether there is a substantial doubt about the entity's ability to continue as a going concern.
• Procedures to identify and evaluate the disclosure requirements and auditing considerations related to
risks and uncertainties.
Page 34 of 35Checkpoint | Document
5/24/2013https://checkpoint.riag.com/app/view/toolItem?usid=bc03cp207942&feature=ttoc&lastCp...
• Obtaining written representations from management in a management representation letter.
• Procedures for performing an engagement quality review as required by Auditing Std. No. 7.
In addition, the chapter discusses engagement wrap-up procedures, such as summarizing and evaluating the
overall results of audit tests, analytical review and review of workpapers, developing an overall engagement
summary memorandum, and audit committee communications. Chapter 8 also discusses the PCAOB's
proposed standard on communications with audit committees.
Chapter 9—“Reporting and Other Auditing Considerations”
102.9 Chapter 9 discusses several important topics, including reporting on a company's financial statements
and special considerations that should be considered in initial audits. It also covers the reporting requirements of
Auditing Std. No. 5, as well as the reporting considerations related to performing the voluntary engagement
under Auditing Std. No. 4 to determine whether previously reported material weaknesses in internal control over
financial reporting continue to exist. Chapter 9 discusses the use of specialists, internal auditors, and other
auditors' work in an engagement. Unique issues involved in audits of consolidated or combined financial
statements and the use of data extraction techniques are also discussed in Chapter 9.
Chapter 10—“Other SEC and PCAOB Matters”
102.10 Chapter 10 discusses matters unique to public companies, including performing interim reviews of
financial information, SEC accounting and disclosure issues, special PCAOB audit issues, PCAOB inspections,
the auditor's responsibility for other information accompanying audited financial statements in SEC filings in
accordance with Reg. S-K for larger companies and smaller reporting companies, and firm registration with the
PCAOB. Chapter 10 also incorporates discussions of the PCAOB and SEC proposed standards and rules for
broker-dealers.
4 As discussed in Chapter 4, COSO has issued an exposure draft of an updated Internal Control—Integrated
Framework. The planned enhancements will not alter the core principles of the framework but will consider
changes that are necessary due to the evolution of the business environment as well as the changed
marketplace expectations.
© 2012 Thomson Reuters/PPC. All rights reserved.
END OF DOCUMENT -
© 2013 Thomson Reuters/RIA. All rights reserved.
Page 35 of 35Checkpoint | Document
5/24/2013https://checkpoint.riag.com/app/view/toolItem?usid=bc03cp207942&feature=ttoc&lastCp...