Tag: Audits

It’s Not Impossible To Make Money on Small Audits

The following post is republished from AccountingWEB, a source of accounting news, information, tips, tools, resources and insight–everything you need to help you prosper and enjoy the accounting profession.

Most small firm practitioners can offer lots of answers as to why it is difficult to profit from small audits. Ever-changing professional standards, increasing quality control requirements, using standard “one-size-fits-all” audit documentation and increasing legal liability are a few of the common answers. The problem is that knowing the answer doesn’t solve the problem!

Maybe we need to change the question to solve the problem. A better question may be, “What changes do we need to make in our audit practices to profit from small audits?” Answer this question correctly and we solve a major problem!

Here are changes in audit practices some smaller CPA firms are considering:


• Developing the technical and leadership abilities of engagement leaders is at the top of the list. Recognizing this takes time and money, small firms are making increasing investments in training and consultations to expand the knowledge resource base of their leaders and the firm. Making sure leaders are technically current in all professional standards affecting auditing engagements is a first step. Teaching leaders to pass their knowledge on to all assistants is the second.

• Designing firm policies and procedures within existing professional standards that provide reasonable assurance audited financial statements are not misstated. While we’d like to achieve absolute assurance the financial statements are not misstated, we have to assume some risk they may contain misstatements. In short, we have to give up some of our traditional approaches to audits in exchange for uniquely tailored audit strategies designed to gather the minimum amount of evidence necessary to verify relevant financial statement assertions. Gathering the minimum required evidence in the most efficient ways results in maximum profits!

• Creating proprietary audit documentation packages by eliminating or modifying documentation purchased from major publishers. Extensive audit documentation is not a substitute for the knowledge of staff personnel! We cannot afford to complete practice aids and other documentation containing everything we need to know on every engagement, particularly on small audits. Many small firms are realizing they can modify their quality control documents to permit engagement leaders to tailor documentation on every audit. Using major publisher’s practice aids for reference is the most any firm should do on small audits. When we know the requirements of professional standards, it isn’t difficult to tailor or create basic practice aids to guide small audit performance.

These are just a few of the small audit changes CPA firms must consider to increase profits. I’ve designed my Small Audit Series of live and on-demand webcasts to provide holistic solutions that will enable practitioners to make more money on small audits. You can obtain over 300 pages of instructional text materials and illustrative practice aids designed for CPE credit on the left sidebar of our website, www.cpafirmsupport.com. Don’t be left behind! Small audits can generate BIG profits!

Somebody Has Been Busy: PCAOB Issues Eight New Audit Standards

Since the PCAOB was only up to Audit Standard 7 last time we checked and seems to take the conservative approach when it comes to issuing new ones, we have to say we were more than shocked to see them almost double their audit standards overnight. Gee, must be serious.


Via the PCAOB:

The Public Company Accounting Oversight Board today adopted a suite of eight auditing standards related to the auditor’s assessment of, and response to, risk in an audit.

The suite of risk assessment standards, Auditing Standards No. 8 through No. 15, sets forth requirements that enhance the effectiveness of the auditor’s assessment of, and response toial misstatement in the financial statements.

The risk assessment standards address audit procedures performed throughout the audit, from the initial planning stages through the evaluation of the audit results.

“These new standards are a significant step in promoting sophisticated risk assessment in audits and minimizing the risk that the auditor will fail to detect material misstatements,” said PCAOB Acting Chairman Daniel L. Goelzer. “Identifying risks, and properly planning and performing the audit to address those risks, is essential to promoting investor confidence in audited financial statements.”

What does this mean for auditors? Let’s check them out.

AS No. 8 – Audit Risk. This standard discusses the auditor’s consideration of audit risk in an audit of financial statements as part of an integrated audit or an audit of financial statements only. It describes the components of audit risk and the auditor’s responsibilities for reducing audit risk to an appropriately low level in order to obtain reasonable assurance that the financial statements are free of material misstatement.

AS No. 9 – Audit Planning. This standard establishes requirements regarding planning an audit, including assessing matters that are important to the audit, and establishing an appropriate audit strategy and audit plan.

AS No. 10 – Supervision of the Audit Engagement. This standard sets forth requirements for supervision of the audit engagement, including, in particular, supervising the work of engagement team members. It applies to the engagement partner and to other engagement team members who assist the engagement partner with supervision.

AS No. 11 – Consideration of Materiality in Planning and Performing an Audit. This standard describes the auditor’s responsibilities for consideration of materiality in planning and performing an audit.

AS No. 12 – Identifying and Assessing Risks of Material Misstatement. This standard establishes requirements regarding the process of identifying and assessing risks of material misstatement of the financial statements. The risk assessment process discussed in the standard includes information-gathering procedures to identify risks and an analysis of the identified risks.

AS No. 13 – The Auditor’s Responses to the Risks of Material Misstatement. This standard establishes requirements for responding to the risks of material misstatement in financial statements through the general conduct of the audit and performing audit procedures regarding significant accounts and disclosures.

AS No. 14 – Evaluating Audit Results. This standard establishes requirements regarding the auditor’s evaluation of audit results and determination of whether the auditor has obtained sufficient appropriate audit evidence. The evaluation process set forth in this standard includes, among other things, evaluation of misstatements identified during the audit; the overall presentation of the financial statements, including disclosures; and the potential for management bias in the financial statements.

AS No. 15 – Audit Evidence. This standard explains what constitutes audit evidence and establishes requirements for designing and performing audit procedures to obtain sufficient appropriate audit evidence to support the opinion expressed in the auditor’s report.

Now don’t get me wrong, I love rules and regs as much as the next girl – if not more – but I am of the thought that users of financial statements would be better served not by more rules and regs but by a more comprehensive auditor training program that starts in college. Am I asking too much?

Did we really need clarity on audit evidence? The PCAOB seems to think so and that’s fine, they are well-intentioned in their motive and you can’t fault them for that.

(UPDATE) The PCAOB’s Statement on the Signing of The Dodd-Frank Act Isn’t Exactly Enthusiastic

~ Includes statement from PCAOB spokesperson

Hey! Did you hear? Dodd-Frank got signed into law yesterday and plenty of people are excited (namely Dodd, Frank, BO) and there are plenty who are not.

The PCAOB, it seems, lands somewhere in the middle. Sure the dopes exempted public companies with market caps under $75 million from complying with 404 but putting things in perspective, the Board is probably just amped that the SCOTUS didn’t kick them off the playground.


To show their gratitude, the PCAOB doesn’t bother mentioning the exemption in their press release from yesterday, instead focusing on…foreign auditor oversight (pretty much a black hole) and authority over auditors of broker-dealers. We understand that playing nice is part of the game but COME ON.

We emailed the nice folks over at the Board to ask them about the 404 exemption but we’re still waiting to hear back from them. Perhaps they’re putting on their smiley faces to address this one since they’ve probably been gritting their teeth for the last 20 or so hours.

A PCAOB spokesperson provided us with the following statement:

The PCAOB believes that the internal control audit report required under SOX Section 404(b) has improved the reliability of financial reporting and audit quality. The Board has taken steps to make sure that the internal control auditing standard is scalable to companies of all sizes and has issued guidance and held educational forums to assist smaller company auditors in understanding how to apply that standard to smaller companies. The internal control audit requirement relates to the content of SEC filings, and SEC Chairman Schapiro opposed the exemption for non-accelerated filers.

So, in other words, the compliance technically falls under the SEC and the PCAOB issues the audit standards but it still has to hit a little close to home.

BPR:

PCAOB STATEMENT UPON SIGNING OF THE DODD-FRANK WALL STREET REFORM AND CONSUMER PROTECTION ACT
Washington, D.C. , July 21, 2010

Today’s enactment of the Dodd-Frank Wall Street Reform and Consumer Protection Act facilitates the PCAOB’s ability to share information with foreign auditor oversight authorities and closes gaps in the Board’s authority to oversee audits of brokers and dealers.

While the Sarbanes-Oxley Act of 2002 protects the PCAOB’s inspection and investigative processes from public disclosure, it permits the Board, in certain circumstances, to share information with federal and state authorities. However, at the time the Sarbanes-Oxley Act was enacted, very few other countries had audit oversight bodies and, therefore, there was no provision in the Sarbanes-Oxley Act authorizing the PCAOB to share information with foreign authorities. Since that time, many countries have established or are in the process of establishing audit oversight bodies. The Dodd-Frank Act allows the Board, under certain circumstances, to share information with such foreign auditor oversight authorities.

The Dodd-Frank Act also expands the PCAOB’s authority to oversee auditors of brokers and dealers. Under the Sarbanes-Oxley Act, auditors of brokers and dealers were required to register with the Board. The Dodd-Frank Act provides the PCAOB with standard-setting, inspection and disciplinary authority regarding broker-dealer audits.

More information about the PCAOB’s plans to implement this authority and guidance for auditors of brokers and dealers will be forthcoming.

PCAOB Report States That There Was a Fair Amount of Failing Going on at Ernst & Young

The PCAOB has issued its annual report on Ernst & Young having given the firm the third degree at its national office and 30 of its 80 U.S. offices. It inspected 58 audits performed by the firm but exactly who is, of course, a big secret (unless you tell us).

There were five “Issuers” that were listed in the report and some form of the word “fail” was used 25 times (that includes the footnotes).

[Issuer A] The Firm failed to adequately test the issuer’s loan loss reserves related to certain loans held for investment. Specifically, the Firm failed to reconcile certain values used in the issuer’s models with industry data, failed to test the recovery rates used in the issuerfailed to test the qualitative components of the reserves.

Damn those loan loss reserves!

[Issuer C] The Firm failed to perform sufficient procedures to test the issuer’s allowance for loan losses (“ALL”). The issuer determined the general portion of its ALL estimate, which represented a significant portion of the ALL, using certain factors such as loan grades. Data for this calculation were obtained from information technology systems that reside at a third-party service organization. The Firm relied on these systems, but it failed to test the information-technology general controls (“ITGCs”) over certain of these systems, and it failed to test certain of the application controls over these systems. Further, the Firm’s testing of the controls over the assignment and monitoring of loan grades was insufficient, as the Firm failed to assess the competence of the individuals performing the control on which it relied.

This loan thing appears to be a trend…

[Issuer D] The Firm failed to sufficiently test the costing of work-in-process and finished goods inventory. Specifically, the Firm’s tests of controls over the costing of such inventory were limited to verifying that management reviewed and approved the cost allocation factors, without evaluating the review process that provided the basis for management’s approval.

Hopefully that doesn’t blow back on an A1.

Anyway, you get the picture. The whole report is below for your reading pleasure. E&Y’s got its $0.02 in, however it was short and was mostly concerned about the firm’s right to keep its response to Part II (the non-public part)…non-public:

We are enclosing our response letter to the Public Company Accounting Oversight Board regarding Part I of the draft Report on 2009 Inspection of Ernst & Young LLP (the “Report”). We also are enclosing our initial response to Part II of the draft Report.

We note that Section 104(g)(2) of the Sarbanes-Oxley Act requires that “no portions of the inspection report that deal with criticisms of or potential defects in the quality control systems of the firm under inspection shall be made public if those criticisms or defects are addressed by the firm, to the satisfaction of the Board, not later than 12 months after the date of the inspection report.” Based on this statutory provision, we understand that our comments on Part ii will be kept non-public as long as Part ii of the Report itself is non-public.

In addition, we are requesting confidential treatment of this transmittal letter.

So this doesn’t mean much other than E&Y would prefer that no one know how it managed to tell the PCAOB to fuck right off as nicely as it could.

If you had the pleasure of being on one of these 58 engagements, we’d love to hear about your experience.

2010 Ernst Young LLP US

PwC May Have Overlooked Billions in Illegal JP Morgan Transactions. Oopsie.

Now £15.7 billion may not seem like much to you if you are, say, Bill Gates or Ben Bernanke but for PwC UK, it may be the magic number that gets them into a whole steaming shitpile of trouble.

UK regulators allege that from 2002 – 2009, PwC client JP Morgan shuffled client money from its futures and options business into its own accounts, which is obviously illegal. Whether or not JP Morgan played with client money illegally is not the issue here, the issue is: will PwC be liable for signing off on JPM’s activities and failing to catch such significant shenanigans in a timely manner?


PwC did not simply audit the firm, they were hired to provide annual client reports that certified client money was safe in the event of a problem with the bank. Obviously that wasn’t the case.

The Financial Reporting Council and the Institute of Chartered Accountants of England are investigating the matter, and the Financial Services Authority has already fined P-dubs £33.3 million for co-mingling client money and bank money. That’s $48.8 million in Dirty Fed Notes if you are playing along at home.

Good luck with that, PwC. We genuinely mean that.

Inquiries mount after PwC ‘failed to notice’ mistakes [Times UK]

Just Because Cloud Companies Pay For a SAS 70 Doesn’t Make It Any Less Legit, Does It?

Confession: not 100% sure on the hype surrounding SaaS, cloud computing, living in the cloud and whatever but apparently it’s the next big thing (if it’s not already) and might make our lives just one notch short of Jetsons flying car awesome.

Ask guys like Geoff, he’ll tell you all about it. I buy it and I don’t even need to use it, have heard amazing things, and have even evangelized it once or twice.

But it’s your data so instead of jumping on the SaaS/Cloud bandwagon without asking what happens to it once you do, it might be wise to check out the SAS 70 certification and the strange relationship that legitimizes it.


Complying with the AICPA lends a certain bit of credibility to vendors who want to show how tight their control systems are so auditors can rely on them, right?

Perhaps not, says Jay Heiser via Gartner in “Analyzing the Risk Dimensions of Cloud and SaaS Computing,” who is concerned by a sense of deja vu between the faulty systems that collapsed throughout the financial crisis and cloud computing. In an extremely risk-adverse environment, a bit of caution is due before jumping head first into the unknown.

Or you can just trust the shiny marketing materials and forget that it’s your data.

Now back to cloud computing and SAS 70. Okay, let me get this straight: So the cloud companies pay accounting firms for SAS 70 certifications just as the financial organizations paid Moody’s for an investment-grade rating?

“Yes, if you see someone who claims to be SAS 70, they have paid an accounting firm. Not only have they paid an accounting firm to go do the test, but they’ve told the accounting firm what processes need to be tested,” Heiser says.

And that’s different from an audit client paying an auditor how?

In a financial crisis corollary, Big 4 opinions are fetching less these days than they used to. Cloud computing marketers don’t really get what they are pushing but cloud provider clients certainly should understand what this means for the shift to life in the cloud.

Better start updating those marketing materials.

How Cloud Computing Security Resembles the Financial Meltdown [Datamation]

Three Examples of “Significant Unusual Transactions” that Should Get Auditors’ Attention

The PCAOB issued a friendly reminder yesterday to auditors that sometimes unusual transactions can be cause for alarm and should send the risk red flags flying. Unfortunately, the friendly reminder did not actually mention anything about what “unusual transactions” are but regardless, you better be on the lookout for them.

“The PCAOB’s message to auditors, in this challenging economic environment, has consistently emphasized attention to audit risk and adherence to existing audit requirements,” said Martin F. Baumann, Chief Auditor and Director of Professional Standards.

Since Practice Alert No. 5 (makes it sound kind of hot, don’t it?) warns of the risk of material misstatement inherent to unusual transactions without mentioning what those transactions could be, we came up with three unusual transactions to which the PCAOB could possibly be referring. It isn’t called guidance for nothing, you’re on your own when it comes to determining what qualifies as unusual, little auditors. Hopefully this helps.

• Large and frequent A/P entries to an entity known only as “Candy” (substitute “Bubbles”, “Kitty”, or “Roxy” as appropriate) This is why you have professional judgment so use it, we’re pretty sure even if you haven’t been to a strip club you know what strippers look like on the books and records.

• If you find yourself in a warehouse on December 31st counting an inventory full of dirty bombs, AK-47s, plutonium rods, chances are your entity is engaged in “unusual transactions.” Bonus points for extra unusual if you’re counting that crap and your entity is a church. Red flag, dear auditor, red flag!

• Recurring transactions for “crack” are definitely unusual. You don’t need us to tell you that’s a giant red flag, unless you are auditing under the influence yourself and concerned mostly with where the entity’s CFO hides his stash. Remember also that crack is pretty cheap on the street so repeated transactions will likely fall outside the scope of materiality though a raging crack habit will be material in the aggregate. Adjust scope accordingly.

PCAOB Issues Staff Audit Practice Alert on Auditor Considerations of Significant Unusual Transactions [PCAOB]