E&Y Global Audit Methodology: Responding to the New Environment

1
EY Global Audit Methodology Responding to the
New Environment

• University of Illinois at Urbana-Champaign
• March 10, 2005

2
Topics

• Regulatory Backdrop
• Historical Timeline of Key Events
• Sarbanes-Oxley Act of 2002
• Creation of PCAOB
• Responding to the New Environment
• Recent Changes to EY Global Audit Methodology
• Integrated Audit of Internal Control and
  Financial Statements
• Identifying and Responding to Fraud Risks
• Other EY Firm Changes to Improve Quality
• Discussion/Questions

3
Regulatory Backdrop Timeline of Key Events
Auditing standards consolidated, name changed to
AudSEC
Creation of the SEC
AudSEC, now ASB, sets rules for audits
Auditing standards consolidated
CPE required by all AICPA members
1933 1934 Securities Acts
1961
1972
1977
1978
1979
1990
1929
1933-34
1939
1938-1959
2002
Accounting standards moved from AICPA to FASB
First auditing standards issued
FCPA issued, POB created, peer review required by
AICPA
QCIC established
Stock market crash
Sarbanes -Oxley Act, PCAOB formed
AICPA issued accounting standards
1929 Speculative boom leads to crash
1929-1934 Nervous investors, low integrity market
19341995 Growth in capital markets increases
need for standards, quality, and controls
199500 Dot.com era
2000-01 ENRON WorldcomAndersen
2002-Now Corporate reform, economic rebuild
4
Sarbanes-Oxley Act of 2002 (SOA)

• Most significant federal securities legislation
  since 1933/34 Securities Acts Renewed focus on
  corporate governance practices and financial
  reporting integrity and transparency
• SOA aims to
• Improve reporting/disclosures (e.g., new
  requirement to report on internal control
  Section 404)
• Strengthen corporate governance (e.g., new
  standards for audit committee practices)
• Expand insider accountability (e.g., new
  requirements for code of ethics and protection
  for whistleblowers)
• Increase oversight (e.g., creation of PCAOB
  increased SEC review of company filings on
  10-K/10-Q)
• Broaden sanctions/penalties (e.g., criminal
  penalties strengthened when management issues
  false financial reports)
• Heighten auditor independence (e.g., certain
  services can no longer be performed by auditors)

5
Public Company Accounting Oversight Board

• Created by SOA
• New regulator for public accounting profession
• Three key functions of PCAOB
• Establish standards for Accounting Firms
  (auditing, quality control, ethics, and
  independence)
• Conduct inspections of firms to assess compliance
  with professional standards
• Take action to enforce PCAOB rules/standards

6
PCAOB Standards Adopted to Date

• In April 2003, the PCAOB adopted substantially
  all pre-existing standards issued by the AICPA
  Auditing Standards Board (ASB) to initially
  establish the standards of the PCAOB.
• Key new standards/rules adopted by PCAOB to date
• Standard 1, References in Auditors Reports to
  the Standards of the PCAOB (December 2003) - now
  refer to the standards of the PCAOB, rather than
  to U.S. generally accepted auditing standards
• Standard 2, Audits of Internal Control Over
  Financial Reporting (March 2004) - guidance for
  auditors to report on internal control over
  financial reporting as required by Section 404
• Standard 3, Audit Documentation (June 2004)
  increases documentation requirements on audits
• Rule 3101, Rules Regarding Terms Used in
  Standards (June 2004) establishes specific
  professional requirements when certain terms are
  used in standards (e.g., should, must)

7
Responding to the New Environment

• Recent Changes to EY Global Audit Methodology
• Changes focus on importance of professional
  skepticism, audit quality, and diligent execution
  of procedures
• Increased emphasis on
• planning and coordinating multi-location
  engagements
• procedures to test and report on internal
  controls (for public companies)
• preparation and retention of documentation
  (presumption if not documented, not done)
• independent review partner and national
  consultation requirements
• identifying and responding to fraud risks,
  including the use of journal entries to override
  controls
• testing estimates, fair values, and income tax
  accounts

8
PCAOB Std 2 Performing an Integrated Audit

• Financial Statement Audit
• Auditor opinion on ?
• whether company financial statements present
  fairly, in all material respects, the financial
  position, results of operations, and cash flows

An Integrated Audit Adds
9
Integrated Audit - Significant Increase in
Internal Control Work
Historical
2004
2005

• Risk Assessment
• Customize Audit Approach

• Understand the Business
• Understand the Control Structure

Second Year of Integrated Audit
Financial Statement Audit
First Year of Integrated Audit
Range ofSynergies Anticipated
Account Balance Testing
I/C Testing
Account Balance Testing
Account Balance Testing
I/C Testing
I/C Testing
Combination of Internal Control and Account
Balance Testing for the Best Audit Coverage and
Efficiency
Both Internal Control Testing and Account Balance
Testing Required
Both Internal Control Testing and Account Balance
Testing Required
Financial and Internal Control Reporting
10
Integrated Audit - Key Changes Affecting
Management and Auditor

• Both must test controls over ALL significant
  accounts/disclosures and assertions
• Management must have controls documented, in
  place, and operating effectively throughout the
  organization
• Management must have their own resources/controls
  to get financial statements right
• Cannot simply rely on auditor to adjust
  financial statements ? can be Material Weakness
  in internal control and potentially an
  independence issue
• Auditor evaluates effectiveness of audit
  committee
• New rules have changed the auditors ability to
  leverage work of internal audit
• New requirements to evaluate and communicate
  control deficiencies identified

11
Identifying and Responding to Fraud Risks

• SAS 99 was issued by ASB to increase emphasis on
  fraud risks during the audit
• 2004 calendar year is second full year of
  implementation for SAS 99
• Auditors responsibilities did not change with
  SAS 99 to plan and perform the audit to obtain
  reasonable assurance that financial statements
  are not materially misstated, whether caused by
  error or fraud
• Fraud a top priority for PCAOB ? focus area in
  PCAOB inspections may see additional rulemaking
  by PCAOB in 2005

12
Most Common Fraud Areas

• Revenue Recognition (Deliberate Overstatement)
• 1 Area of Fraud
• Can be fictitious transactions or legitimate
  transactions that are recorded incorrectly (e.g.,
  accelerating revenue recognition or
  misclassifying revenue in the income statement)
• Understatement of Expenses
• Significant Estimates
• Related Party Transactions/Self-Dealing
• Fair Values
• Most fraud is perpetrated and/or concealed with
  inappropriate journal entries and other
  adjustments

13
Fraud House Summary of SAS 99
Documentation
Professional Skepticism
14
Other EY Responses to the Changing Environment

• Other EY Firm Changes to Improve Quality
• Taking significant steps to strengthen our
  independence policies and procedures
• Focusing more directly on the audit committee as
  our client, and
• Taking a more rigorous risk management approach
  when deciding whether to accept new clients or
  continue a relationship with existing clients

15
Discussion/Questions