8/15/2013

1

©2

01

3 C

lifto

nLa

rson

Alle

n L

LP

©2

01

3 C

lifto

nLa

rson

Alle

n L

LP

cliftonlarsonallen.com

Audit Standards Update Sean M. Walker, CPA, CGFM, CGMS

©20

13 C

lifto

nLar

sonA

llen

LLP

Learning Objectives

• Discuss key changes in Clarity Standards

• Interpret Group Audits in government

• Using an SSAE #16

©20

13 C

lifto

nLar

sonA

llen

LLP

Clarity Standards

Are we clear yet?

8/15/2013

2

©2

01

3 C

lifto

nLa

rson

Alle

n L

LP

The Clarity Project

• Goals

– Address concerns over length and complexity of standards

– Make standards easier to read, understand and apply

– Converge (or at least harmonize) with International Standards on Auditing

– Enhance audit quality

©20

13 C

lifto

nLar

sonA

llen

LLP

Clarity Standards Issued

• SASs 117-120

– Currently effective

• SAS 122, Clarification and Recodification

– Recodifies extant SASs 1-121

– Effective for periods ending on or after 12/15/12

– Early adoption NOT permitted

©20

13 C

lifto

nLar

sonA

llen

LLP

Clarity Standards Issued (continued)

• SASs 123-126

– Effective for periods ending on or after 12/15/12

– Early adoption NOT permitted

• One SAS not yet clarified

– Use of internal auditors

8/15/2013

3

©2

01

3 C

lifto

nLa

rson

Alle

n L

LP

The Clarity Format

• Introduction

• Objective

• Definitions

• Requirements

• Application and Other Explanatory Material

– Integral part of standard – auditors required to read and understand

• Appendices and Exhibits

©20

13 C

lifto

nLar

sonA

llen

LLP

Drafting Conventions: Principle-Based

• Requirements

– Expressed using “must” or “should”

– Must = is required to do action ◊ (always do action, exactly as prescribed)

– Should = is required to do [action] ◊ (always do action, but on rare occasions not exactly as prescribed)

• Special considerations for:

– Audits of smaller, less complex entities

– Audits of governmental entities

©20

13 C

lifto

nLar

sonA

llen

LLP

Terminology Changes

Old New

Generally accepted accounting principles

Applicable financial reporting framework

Other comprehensive basis of accounting

Special purpose framework

Tolerable misstatement Performance materiality

Emphasis-of-a-matter paragraph Emphasis-of-a-matter paragraph, or other-matter paragraph

Financial statements containing components, such as consolidated or combined financial statements, principal auditor, other auditor

Group financial statements, group audit team, group engagement partner, component auditor

8/15/2013

4

©2

01

3 C

lifto

nLa

rson

Alle

n L

LP

Mapping the New Standards

• 58 AU sections = 47 new “AU-C” sections

– AU section numbers changed to converge with ISA numbering

©20

13 C

lifto

nLar

sonA

llen

LLP

Changes from Extant Standards

• No substantive changes to requirements for: – Audit Documentation

– Auditor’s Communication With Those Charged With Governance

– Risk Assessment Standards

– External Confirmations

– Analytical Procedures

– Audit Sampling

– Auditing Accounting Estimates

– Written Representations

– Subsequent Events

– Consideration of Omitted Procedures After the Report Release Date

©20

13 C

lifto

nLar

sonA

llen

LLP

Substantive Changes from Extant Standards

• Overall Objectives of the Independent Auditor and the Conduct of an Audit in Accordance With GAAS (AU-C Preface)

– Framework for understanding an audit

– Supersedes the ten generally accepted auditing standards

8/15/2013

5

©2

01

3 C

lifto

nLa

rson

Alle

n L

LP

Substantive Changes from Extant Standards

• Accepting an Engagement (AU-C section 210)

– Additional pre-conditions to engagement include management’s responsibility for:

◊ Financial reporting framework

◊ Internal control

◊ Access to information and personnel

– Auditor responsible for determining appropriateness of financial reporting framework

– Terminology changes to engagement letter

©20

13 C

lifto

nLar

sonA

llen

LLP

Substantive Changes from Extant Standards

• Accepting an Engagement (AU-C section 210)

– Client signature(s): who should sign? ◊ AU-C 210.09 says: The auditor should agree upon the terms of the

audit engagement with management or (emph. added) those charged with governance, as appropriate.

©20

13 C

lifto

nLar

sonA

llen

LLP

Substantive Changes from Extant Standards

• Additional Fraud Considerations (AU-C section 240)

– Consider whether earnings are managed

– Fraud communication should be timely

– Withdrawal requirements

8/15/2013

6

©2

01

3 C

lifto

nLa

rson

Alle

n L

LP

Substantive Changes from Extant Standards

• Consideration of Laws and Regulations (AU-C section 250)

– Requires procedures to identify instances of noncompliance with laws and regulations that have a material effect on the financial statements

©20

13 C

lifto

nLar

sonA

llen

LLP

Substantive Changes from Extant Standards

• Communicating Internal Control Related Matters (AU-C section 265)

– Two new requirements: ◊ Communicate to management other deficiencies in internal

control that have not been communicated to management by other parties and that, in the auditor’s professional judgment, are of sufficient importance to merit management’s attention.

◊ Include in the written communication of internal control related matters an explanation of the potential effects of the significant deficiencies and material weaknesses identified.

©20

13 C

lifto

nLar

sonA

llen

LLP

Substantive Changes from Extant Standards

• Legal Letters (AU-C section 501)

– Pre-clarity: communicate with lawyers with whom management consulted concerning litigation, claims, assessments

– Clarity standards: communicate with external legal counsel only if:

◊ Auditor assesses a risk of material misstatement regarding litigation or claims, or

◊ Audit procedures performed indicate material litigation or claims may exist

8/15/2013

7

©2

01

3 C

lifto

nLa

rson

Alle

n L

LP

Substantive Changes from Extant Standards

• Opening Balances on Initial Audits (AU-C section 510)

– Clarifies that reviewing predecessor auditor’s audit documentation cannot be the only procedure performed to obtain sufficient appropriate audit evidence regarding opening balances

©20

13 C

lifto

nLar

sonA

llen

LLP

Substantive Changes from Extant Standards

• Related Parties (AU-C section 550)

– Shift to looking at risk of material misstatements from related parties, regardless of financial reporting framework being used

©20

13 C

lifto

nLar

sonA

llen

LLP

Substantive Changes from Extant Standards

• Group Audits (AU-C section 600)

– Specifies procedures a group engagement team must perform

– Differences in focus and approach for: ◊ Acceptance and continuance

◊ Assessment of risk at group financial statement level

◊ Materiality determinations for audit of group financial statements

◊ Determination of materiality for audit of components

◊ Selection of components and account balances for testing

◊ Communications between group engagement team and component auditors

◊ Involvement with, and understanding of, component auditors

8/15/2013

8

©2

01

3 C

lifto

nLa

rson

Alle

n L

LP

Substantive Changes from Extant Standards

• Using the Work of an Auditor’s Specialist (AU-C section 620)

– Requirements now apply to both external AND internal (in-firm) specialists:

◊ Evaluate competence, capabilities, objectivity

◊ Obtain understanding of field of expertise

◊ Come to agreement about the work

◊ Evaluate adequacy of work, including assumptions used

©20

13 C

lifto

nLar

sonA

llen

LLP

Substantive Changes from Extant Standards

• Auditors’ Reports (AU-C section 700, 705, and 706)

– Expanded discussion of management’s responsibilities and auditor’s responsibilities

– Use of paragraph headings

– New terms: emphasis-of-matter and other matter replace the term explanatory paragraph

©20

13 C

lifto

nLar

sonA

llen

LLP

Substantive Changes from Extant Standards

• Emphasis-of-matter paragraph:

– Refers to a matter appropriately presented or disclosed in the financial statements

– Examples— ◊ Going concern

◊ Contractual or regulatory reporting frameworks

◊ Consistency

◊ Litigation uncertainties

◊ Subsequent events

8/15/2013

9

©2

01

3 C

lifto

nLa

rson

Alle

n L

LP

Substantive Changes from Extant Standards

• Other-matter paragraph:

– Refers to matters not presented or disclosed in the f/s, relevant to users’ understanding of the audit, auditors’ responsibilities, or auditors’ report

– Examples— ◊ Supplementary information

◊ Required supplementary information

◊ Report on comparative f/s different from that originally issued

◊ Predecessor auditor’s report is not reissued

©20

13 C

lifto

nLar

sonA

llen

LLP

Substantive Changes from Extant Standards

• Financial Statements Prepared Under Special Purpose Frameworks (AU-C section 800)

– Replaces the term “OCBOA” with the term “special purpose framework”

– Applies to cash, tax, contractual, and regulatory bases

– Requires the auditor to understand the purpose and intended users for framework appropriateness

©20

13 C

lifto

nLar

sonA

llen

LLP

Resources – Clarity Standards

• Audit Risk Alert: Understanding the Clarified Auditing Standards—2012

• AICPA Clarity Project Website: http://www.aicpa.org/SASClarity – Guide to Clarified and Converged Standards for Auditing and Quality

Control

– Clarity Project FAQs

– Mapping of Existing AU sections to AU-C sections

– Summary of Differences Between Existing SASs and Clarified SASs

– …and many more

• PPC Guide to the Clarified Auditing Standards

8/15/2013

10

©2

01

3 C

lifto

nLa

rson

Alle

n L

LP

Group Audits

©20

13 C

lifto

nLar

sonA

llen

LLP

Group Audits – a Broad Concept

• Old standard = AU section 543, Part of Audit Performed by Other Independent Auditors

• New standard: AU-C 600, Special Considerations—Audits of Group Financial Statements (Including the Work of Component Auditors)

©20

13 C

lifto

nLar

sonA

llen

LLP

A Change in Focus

• Old “principal auditor” rules (AU 543) focused on:

– Who is the principal auditor?

– Will the principal auditor’s report make reference to other auditor?

– Required inquiries about the other auditor: ◊ Professional reputation and standing

◊ Independence

◊ Familiar with US GAAP and GAAS

– Procedures to consider if not making reference: ◊ Visit other auditor and discuss procedures

◊ Review audit programs and, in some cases, issue instructions

◊ Review workpapers

8/15/2013

11

©2

01

3 C

lifto

nLa

rson

Alle

n L

LP

A Change in Focus

• New “group auditor” rules (AU-C 600) focus on:

– Group auditor is responsible for fair presentation of group f/s as a whole (vs. division of responsibility under old rules)

– Financial statements are often “group financial statements” when there is not an other auditor

– Focus on risk assessment in performing a group audit

©20

13 C

lifto

nLar

sonA

llen

LLP

New Rules (AU-C 600)

• Clearly articulated requirements for:

– Assessing risk at group financial statement level

– Responding to assessed risks

– Understanding component auditors

– Involvement with work of component auditors

– Determining component materiality

– Communications with: ◊ Component auditors

◊ Group management

◊ Those charged with governance of group

– Audit documentation

©20

13 C

lifto

nLar

sonA

llen

LLP

When is an Audit a Group Audit?

• Group audit = audit of group financial statements

• Group financial statements = financial statements that include financial information of more than one component

• Component = Entity or business activity for which group or component management prepares financial information that is required to be included in the group financial statements

8/15/2013

12

©2

01

3 C

lifto

nLa

rson

Alle

n L

LP

Identifying Components

©20

13 C

lifto

nLar

sonA

llen

LLP

Indicators for Component in Governments

• Part of the audit is performed by other auditors or auditors from the same firm

• Separate legal entity

• Separate governance structure

(e.g. different board or management)

• Outsourced operations

• Equity method investments

©20

13 C

lifto

nLar

sonA

llen

LLP

Other Considerations for Governments

• Opinion units = groups, so components should be considered within each opinion unit. – Exceptions: Other auditors or legally separate entities which are

automatically components

• Most governments with multiple opinion units will be a group audit.

• Most common components: – Aggregate discretely presented component units

– Aggregate remaining fund information

◊ Non-major, pension and OPEB funds, fiduciary funds

– Departments within a major fund that are separately managed

8/15/2013

13

©2

01

3 C

lifto

nLa

rson

Alle

n L

LP

Acceptance and Continuance

• Old rules: who is principal auditor? Consider—

– Materiality and importance of portion being audited

– Knowledge of overall financial statements

• New rules: who is group auditor? Consider—

– Ability to obtain sufficient evidence, through group engagement team’s work or use of work of component auditors, to act as auditor of group financial statements and report as such on the group financial statements

©20

13 C

lifto

nLar

sonA

llen

LLP

Assessing Risk

• Understand:

– Group, its components, their environments, group-wide controls

– Group-wide controls

– Consolidation process

– Instructions issued by group management to components

– Component auditors

• Identify risks of material misstatement due to fraud or error at the group financial statement level

©20

13 C

lifto

nLar

sonA

llen

LLP

Responding to Assessed Risks • Determine nature, timing and extent of involvement

in work of component auditors

• Identify significant components

– If “financially significant,” component must be audited

– If significant because of assessed risk of material misstatement, perform audit or “other audit procedures”

– If not significant, perform analytical procedures

8/15/2013

14

©2

01

3 C

lifto

nLa

rson

Alle

n L

LP

Determining Materiality

Group engagement team must determine:

• Materiality for group financial statements

• Performance materiality for group financial statements

• Component materiality for each component for which an audit or review will be performed

– For each component, component materiality must be less than materiality for the group financial statements

©20

13 C

lifto

nLar

sonA

llen

LLP

Understanding Component Auditors

• Understanding and compliance with ethical requirements, including independence

• Professional competence

• Ability to be involved with work of component auditor

• Ability to obtain information affecting consolidation process

• Existence of regulatory authority that actively oversees component auditor

©20

13 C

lifto

nLar

sonA

llen

LLP

Involvement With Work of Component Auditors

If assuming responsibility for the work of component auditors, additional requirements, e.g.,:

• Evaluate appropriateness of performance materiality at component level

8/15/2013

15

©2

01

3 C

lifto

nLa

rson

Alle

n L

LP

Involvement With Work of Component Auditors (continued)

• Determine:

– Type of work to be performed on component (e.g., audit, review, specified procedures)

– Nature, timing and extent of involvement in component auditor’s work, e.g.,

◊ Involvement in risk assessment

◊ Discuss component’s business activities

◊ Discuss susceptibility of component to material misstatement

◊ Review documentation of identified risks of material misstatement

©20

13 C

lifto

nLar

sonA

llen

LLP

Communications

• Communications with component auditor:

– Required pre-engagement communications with component auditor

– Additional required communications if assuming responsibility for component auditor’s work

©20

13 C

lifto

nLar

sonA

llen

LLP

Communications (continued)

• Required client communications:

– with group management

– with those charged with governance of the group

8/15/2013

16

©2

01

3 C

lifto

nLa

rson

Alle

n L

LP

Documentation Requirements

• Analysis of components

• For components for which the group auditor’s report made reference to the report of component auditors, the component f/s and component auditor’s report

• Communications between group auditor and component auditors

• Additional requirements if assuming responsibility for work of component auditor

©20

13 C

lifto

nLar

sonA

llen

LLP

Resources – Group Audits • Audit Risk Alert: Understanding the Responsibilities of

Auditors for Audits of Group Financial Statements

• AICPA Clarity Project Website: http://www.aicpa.org/SASClarity

– Special Considerations – Audits of Group Financial Statements (Including the Work of Component Auditors)

– Significant Components

– Component Auditors, Materiality and Communication in a Group Audit

• PPC Guide to the Clarified Auditing Standards

©20

13 C

lifto

nLar

sonA

llen

LLP

Questions on Group Audits

8/15/2013

17

©2

01

3 C

lifto

nLa

rson

Alle

n L

LP

Using an SSAE #16 Report

AU-C 402, Auditing Considerations Relating to an Entity Using a Service Organization

©20

13 C

lifto

nLar

sonA

llen

LLP

Service Organization

• An organization that provides services to another organization.

– Payroll

– Claims payments

– Benefit payments

– Etc.

• These transactions need to be relevant to the reporting organizations internal control over financial reporting.

©20

13 C

lifto

nLar

sonA

llen

LLP

Why and Auditor Uses a Service Organization’s SSAE #16 • Objectives of the user auditor:

– Understand the services provided

– Determine the significance of the services provided

– Consider the effect on the internal control system

– Design and perform audit procedures to respond to risk identified during the evaluation of service organization

8/15/2013

18

©2

01

3 C

lifto

nLa

rson

Alle

n L

LP

Two Types of Reports

• Type 1 (design and implementation)

– Documentation of system’s design

– Management’s written assertion that system’s documentation is fairly presented and implemented

• Type 2 (test of effectiveness)

– Documentation of system’s design

– Management’s written assertion that system’s documentation is fairly presented and implemented

– Expression that the system is operating effectively.

©20

13 C

lifto

nLar

sonA

llen

LLP

No SSAE #16

• Your options are:

– Contact the service organization through the user entity and obtain the necessary information.

– Visit the service organization and perform necessary procedures.

– Use another auditor to perform the necessary procedures.

©20

13 C

lifto

nLar

sonA

llen

LLP

Procedures

• Service auditor’s professional competence and independence from the service organization.

• Timing

• Sufficiency and appropriateness of evidence provided in the report

• Complementary user entity controls

• Responding to the assessed risk of material misstatement

• Test of controls

8/15/2013

19

©2

01

3 C

lifto

nLa

rson

Alle

n L

LP

Timing

• Type 1

– As of a date (point in time)

– If the date is before the period under audit, update may be needed

• Type 2

– For a period (period of time)

– Level of overlap (service report period vs. financial statement period)

◊ More overlap, more reliable

◊ No or minimal overlap, not reliable

– Additional work need to rely on service organization report

©20

13 C

lifto

nLar

sonA

llen

LLP

Complementary User Entity Controls

• Documented in the service report

• Closes the business process

– Test design and implementation to obtain understanding

– Test effectiveness is controls are key to the business process

©20

13 C

lifto

nLar

sonA

llen

LLP

Recap

• Obtain SSAE #16

• Determine Type 1 or 2

• Read for auditor’s report and analyze findings, if any

• Consider complementary user entity controls

– Test design and implementation (RAS)

– If Type 2, testing of effectiveness should be considered

• Rely on the work

8/15/2013

20

©2

01

3 C

lifto

nLa

rson

Alle

n L

LP

Questions