additional assurance services: other information chapter 20 mcgraw-hill/irwin copyright © 2010 by...
TRANSCRIPT
Additional Assurance Services: Other Information
Chapter 20
McGraw-Hill/Irwin Copyright © 2010 by The McGraw-Hill Companies, Inc. All rights reserved.
20-2
Assurance ServicesAssurance Services
Independent professional services that “improve the quality of information, or its context, for decision makers”
Assurance service encompass attestation services but are broader
Attestation, a portion of assurance services, are restricted to examination, review or agreed-upon procedures engagements
Assurance services go beyond attestation, may involve analyzing data or putting them in a form to facilitate decision making
20-3
Relationship Between Assurance and Relationship Between Assurance and AttestationAttestation
20-4
Demand for Assurance ServicesDemand for Assurance Services
Reduce information risk for outside parties and enable the company to contract at more favorable terms
Information technology has significantly changed expectations of information users
New services being developed Continuous auditing Assurance on system reliability
Performed in accordance with Statement on Standards for Attestation Services
20-5
Selected Characteristics of Selected Characteristics of Assurance Services Assurance Services
20-6
Subject MatterSubject Matter
Historical or prospective performance or condition
Physical characteristics Historical events Analyses Systems or processes Behavior
20-7
AssertionAssertion
Declaration about whether the subject matter is presented in accordance with certain criteria.
Practitioners generally must obtain appropriate assertion about subject matter
Report can be on either The assertion about the subject matter or The subject matter itself
20-8
CriteriaCriteria
Suitable Objective Permit reasonable consistent measurements Complete Relevant
Available Publicly available Presented in a summary, the assertion or the
practitioners’ report
20-9
Relationships Among Terms Used Relationships Among Terms Used in Attestation Engagementsin Attestation Engagements
20-10
Attestation RiskAttestation Risk
Risk that practitioners will unknowingly fail to appropriately modify their report on subject matter that is materially misstated
Consists of Inherent risk Control risk Detection risk
Materiality Difficult because subject matter may not be financial Determine likely needs of intended users
20-11
Types of Attestation EngagementsTypes of Attestation Engagements
Examinations Highest level of assurance Attestation risk at low level
Reviews Limited or negative assurance Attestation risk at moderate level
Agreed-upon procedures Restricted use reports
20-12
Examination ReportExamination Report
20-13
Review Report on Subject Matter
20-14
Assurance on Internal Control over Assurance on Internal Control over Financial ReportingFinancial Reporting
Practitioners can audit (AT 501) or perform agreed-upon procedures engagements (AT 201) for nonpublic companies
Audits of internal control are a part of integrated audits
Reviews are not performed for internal control engagements.
Management must evaluate company’s internal control using a set of suitable criteria
Example: COSO control criteria
20-15
Management Report on Internal Control Management Report on Internal Control ("Management's Assertion")("Management's Assertion")
Wilson Company maintains internal control over financial reporting, which is designed to provide reasonable assurance to the Company's management and board of directors regarding the preparation of reliable published financial statements. Internal control contains self-monitoring mechanisms, and actions are taken to correct deficiencies as they are identified. Even with effective internal control, no matter how well designed, has inherent limitations---including the possibility of the circumvention or overriding of controls---and therefore can provide only reasonable assurance with respect to financial statement preparation. Further, because of changes in conditions, internal control effectiveness may vary over time. The Company assessed its internal control as of December 31, 19X5, in relation to criteria for effective internal control over financial reporting described in Internal Control---Integrated Framework issued by the Committee of Sponsoring Organizations of the Treadway Commission. Based on this assessment, the Company believes that, as of December 31, 19X5, its internal control over financial reporting met those criteria.
20-16
Objective and Steps of IC Objective and Steps of IC ReportingReporting
Objective: Form an opinion on the effectiveness of the entity's internal control
Steps (originally presented in Chapter 7) Plan the engagement Use a top-down approach to identify controls to test Test and evaluate design effectiveness of internal control Test and evaluate operating effectiveness of internal
control Form an opinion on the effectiveness of Internal control
20-17
Accountants’ Report on Internal Control--Accountants’ Report on Internal Control--Introductory and Scope Paragraphs Introductory and Scope Paragraphs
We have examined Wilson Company’s internal control over financial reporting as of December 31, 20X1, based on criteria established in Internal Control—Integrated Framework issued by the Committee of Sponsoring Organizations of the Treadway Commission (COSO). Wilson Company’s management is responsible for maintaining effective internal control over financial reporting, and for its assertion of the effectiveness of internal control over financial reporting, included in the accompanying Management Report on Internal Control. Our responsibility is to express an opinion on Wilson Company’s internal control over financial reporting based on our examination.
We conducted our examination in accordance with attestation standards established by the American Institute of Certified Public Accountants. Those standards require that we plan and perform the examination to obtain reasonable assurance about whether effective internal control over financial reporting was maintained in all material respects. Our examination included obtaining an understanding of internal control over financial reporting, assessing the risk that a material weakness exists, and testing and evaluating the design and operating effectiveness of internal control based on the assessed risk. Our examination also included performing such other procedures as we considered necessary in the circumstances. We believe that our examination provides a reasonable basis for our opinion.
20-18
Accountants’ Report on Internal Accountants’ Report on Internal Control--Definition ParagraphControl--Definition Paragraph
An entity’s internal control over financial reporting is a process effected by those charged with governance, management and other personnel, designed to provide reasonable assurance regarding the preparation of reliable financial statements in accordance with accounting principles generally accepted in the United States of America. An entity’s internal control over financial reporting includes those policies and procedures that (1) pertain to the maintenance of records that, in reasonable detail, accurately and fairly reflect the transactions and disposition of the assets of the entity; (2) provide reasonable assurance that transactions are recorded as necessary to permit preparation of financial statements in accordance with accounting principles generally accepted in the United States of America, and that receipts and expenditures of the entity are being made only in accordance with authorizations of management and those charged with governance; and (3) provide reasonable assurance regarding prevention, or timely detection and correction of unauthorized acquisition, use, or disposition of the entity’s assets that could have a material effect on the financial statements.
20-19
Accountants’ Report on Internal Control--Inherent Limitations, Accountants’ Report on Internal Control--Inherent Limitations, Opinion, and Audit of Financial Statements ParagraphsOpinion, and Audit of Financial Statements Paragraphs
Because of inherent limitations of internal control, errors or irregularities may occur and not be detected. Also, projections of any evaluation of internal control over financial reporting to future periods are subject to the risk that internal control may become inadequate because of changes in conditions, or that the degree of compliance with the policies or procedures may deteriorate. Because of its inherent limitations, internal control over financial reporting may not prevent, or detect and correct misstatements. Also, projections of any evaluation of effectiveness to future periods are subject to the risk that controls may become inadequate because of changes in conditions, or that the degree of compliance with the policies or procedures may deteriorate.
In our opinion, Wilson Company maintained, in all material respects, effective internal control over financial reporting as of December 31, 20X1, based on criteria established in Internal Control—Integrated Framework issued by the Committee of Sponsoring Organizations of the Treadway Commission (COSO)
We also have audited, in accordance with auditing standards generally accepted in the Untied States of America, the financial statements of Wilson Company and our report dated February 15, 20X2 expressed an unqualified opinion.
20-20
Internal Control Audit Report ModificationsInternal Control Audit Report Modifications
Situation Report Modification
Material Weakness Adverse opinion
Scope limitation Withdraw or disclaimer
Management report incomplete or improper
Explanatory paragraph
Other auditor Explanatory language (if not taking responsibility)
Management's report includes additional information
Add paragraph indicating no opinion or other assurance on this information
20-21
Prospective Financial StatementsProspective Financial Statements
Financial Forecasts Information about the entity’s expected
financial position, results of operations and cash flows
Financial Projection Expected results, given one or more
hypothetical assumptions CPAs engaged to examine or perform
agreed-upon procedures but no review
20-22
Examinations of Prospective Examinations of Prospective Financial StatementsFinancial Statements
Practitioners gather evidence relating to the client’s procedures for preparation of the statements
Evaluate the underlying assumptions Obtain a written representation letter from
the client Evaluate whether statements are in
conformity with AICPA guidelines
20-23
ReportReport
Report on subject matter States whether the statements are
presented in conformity with AICPA guidelines
Whether underlying assumptions provide a reasonable basis for the statements
Does not vouch for the achievability of the forecast or projection
20-24
ComplianceCompliance
Types1. Attesting to an entity’s compliance with
specified requirements of laws, regulations, rules, contracts, or grants.
2. Attesting to the effectiveness of an entity’s internal control over compliance with specified requirements.
20-25
Management’s Discussion and Management’s Discussion and AnalysisAnalysis
Management required to provide narrative explanation of financial results as part of 10-K and 10-Q
Practitioner may examine or review Objective to provide assurance on
(1) the presentation includes, in all material respects, the required elements of the rules and regulations adopted by the SEC;
(2) the historical financial amounts included in the presentation have been accurately derived, in all material respects, from the entity’s financial statements; and
(3) the underlying information, determinations, estimates, and assumptions of the entity provide a reasonable basis for the disclosures contained in the presentation.
20-26
Trust ServicesTrust Services
Intended to address user and preparer needs regarding issues of security, availability, processing integrity, online privacy and confidentiality within e-commerce and other systems
System consists of Infrastructure Software People Procedures data
20-27
Trust ServicesTrust Services
The practitioner
(1) performs procedures to determine that management’s description of the system is fairly stated and
(2) obtains evidence that the controls over the system are designed and operating effectively to meet the Trust Services Principles and Criteria—the suitable criteria required for an attest engagement
20-28
Principles and CriteriaPrinciples and Criteria
Principles
1. Security
2. Availability
3. Processing Integrity
4. Online privacy
5. Confidentiality
Criteria for each principle
1. Policies
2. Communications
3. Procedures
4. Monitoring
20-29
Types of Trust Services EngagementsTypes of Trust Services Engagements
Examination or agreed-upon procedures WebTrust
• Assurance on electronic commerce systems
SysTrust
• Assurance on any system
20-30
Reporting on Trust ServicesReporting on Trust Services
Designed to incorporate a seal management process Seal (logo) included on a client’s website as electronic
representation of the report Engagement must be updated at least annually to use
the seal Initial reporting period must be at least 2 months
Competition BBBOnLine program TRUSTe
20-31
ElderCare/PrimePlus ServicesElderCare/PrimePlus Services
Financial Goal setting, funding analysis, needs assessment
Nonfinancial Interpersonal and relationship management Management of interaction between service providers
and client Target market
Older clients of CPA Children of older adults Other professionals that deal with older adults
20-32
CPA Performance ViewCPA Performance View
System that merges standard financial measures with leading indicators such as: Customer satisfaction. Employee training and satisfaction. Product quality. Sales calls and proposals delivered.
Based on performance measurement theory like balanced scorecard approach
20-33
CPA Risk Advisory ServicesCPA Risk Advisory Services
Help organization manage risk Approach
(1) identifying and analyzing risks,
(2) designing and implementing strategies related to risks, and
(3) measuring, monitoring, and reporting on solutions.
20-34
Future Assurance ServicesFuture Assurance Services
Committees working on: Health care performance measurement.
This service provides assurance about the effectiveness of health care services provided by health maintenance organizations, hospitals, doctors, and other providers.
Continuous auditing
provides assurance using a series of reports provided simultaneously or shortly after the related information is released.