construction audit issues update
DESCRIPTION
Construction Audit Issues Update. AGC Financial Issues Forum January 9, 2014 Presented By: Tim Wilson. Agenda. AICPA Audit Risk Alert Accounting and Auditing issues Auditor Risk Assessment Approach Enterprise Risk Management IT Risk Governance. AICPA Audit Risk Alert. - PowerPoint PPT PresentationTRANSCRIPT
Construction Audit Issues Update
AGC Financial Issues Forum
January 9, 2014
Presented By: Tim Wilson
Agenda
• AICPA Audit Risk Alert Accounting and Auditing issues
• Auditor Risk Assessment Approach
• Enterprise Risk Management
• IT Risk
• Governance
AICPA Audit Risk Alert
• AICPA publishes annually
• Focus is to help auditors better understand business, economic and regulatory environment
• Understanding audit risk is the key
• Combines Real Estate and Construction
Real Estate Market Conditions
• Keep an eye on residential
• Commercial Strength – Q3 of 2013 Industrial availability – 11.7%, 130bps under 2012
Retail availability – 12.2%, 70bps under 2012
Apartment vacancy – steady at 4.6%
Office vacancy – 15.1%, 50bps under 2012
Hotels – 35.8% growth in rooms under construction
Construction Market Conditions
• Total construction starts up 6% over 2012 Residential up 25%
Non-residential building up 8%
Non-building down 15%
Excluding electric utility category total is up 14%
Economic and Industry Risks
• Debt modifications
• Debt covenants
• Decreased margins
• Subcontractor concerns
• Warranty claims and change orders
Accounting Developments
• AICPA FRF for SME’s
• FASB/PCC for nonpublic companies
• ASU 2013-02 – Reclasses of AOCI Public – 12/15/12, Nonpublic – 12/15/13
• ASU 2013-03 – Disclosures related to fair value for nonpublic companies – effective on issuance
• Other narrow subjects
Auditing Developments
• Continued push towards risk based auditing
• Clarity standards Larger focus on planning, interim testing, analyzing risk
of material misstatement (RMM)
Group audit issues and materiality
Component auditors
Related party transactions
Common Issues in Peer Review Findings
• Subsequent event date disclosures and evaluation
• Lack of disclosure of open tax years
• Documentation on expectations for analytics
• Documentation on risk assessment procedures
• Engagement letters not updated
Risk Assessment Approach
• Looking for RMM in the financials
• Control Risk Usually assessed as high unless testing key controls for
operating effectiveness
• Inherent Risk Must understand transactions that flow thru
• Any stories from 2012 audits?
Enterprise Risk Management
• Boards and audit committees are becoming more involved – governance
• Integrated approach for companies to assess risk and controls
• More than financial risks
• Not just for public companies
• Treadway Commission (COSO) – 2004 Report
Enterprise Risk Management
• Integrated Approach Operational
Financial
Strategic
Regulatory
Technology
Components of Enterprise Risk Management
• Internal Environment – the tone
• Objective Setting – must exist to understand risk
• Event Identification – internal and external
• Risk Assessment – analyze likelihood and impact
• Risk Response – align response with tolerances
• Control Activities – policies and procedures
Components of Enterprise Risk Management
• Information and Communication – important process to allow flow of information
• Monitoring – ERM must be monitored and modified
IT Risk
• Anybody seen the headlines lately?
• Do you know where your risks are?
• More mobile technology in construction
• Remote job sites
• Vendor/subcontractor connectivity
IT Risk
• Should review IT risk in all areas Identity theft
Physical security
Logical security
Business continuity planning
Information security
Vendor management
Internet security
Social Engineering
• Obtaining confidential information thru user manipulation Simulated pretext phone calls
Spoofing
Phishing
Physical access attempts
Malware
Counterfeit websites for security testing
IT Risks
• Network scanning Beginning step for full penetration testing
• Vulnerability Scanning Network hosts, services, operating system, applications
• Penetration Testing Combination of network and vulnerability scanning –
the true hacking approach
Governance
• Auditors are much more focused on the “Tone at the Top”
• Active board and audit committees are good!!
• Closely aligned with ERM
• Open discussion on best practices