The PwC Audit

1
The PwC Audit

• A Continuous Improvement Approach
• to Audit Methodology

2
Agenda

• Governance of PwC Audit
• Overview of recent evolution of PwC Audit
• Overview key elements of PwC Audit
• Acceptance and Continuance
• Audit Comfort Cycle
• Substantive Procedures
• Other Audit Procedures
• Audit Committee Communications Plan

3
PwC Audit Governance
Global Audit Policy Board Establish global
overarching policy principles goals and
ratify policy statements.
Global RQ Ensure methodology is consistently
implemented by providing feedback on practice
issues.
Global Audit Methodology Steering Group Drive
execution of policy in practice through
processes, tools, guidance, training content, etc.
Implementation Partner Network
4
Towards Performance Audit a continuous
improvement program
PwC Audit
PwC Audit
Time
Historical Financial Statements Opinion
Changes in Deliverables
5
Changing the Focus of the Audit Model




Audit Risks

Business Risks

Identified

6
PwC Audit in 2004

• Acceptance and Continuance (FRISK)
• Audit Comfort Cycle
• Scoping
• Understanding
• Evaluating
• Validating
• Substantive Testing
• Other Audit Procedures
• Audit Committee Communications Plan

7
PwC Audit Approach
Acceptance/Continuance Assessment
No / Limited controls comfort
Significant controls comfort
Other audit evidence Mainly Mainly tests of
details substantive analytical procedures

• Other audit procedures
• Financial statements
• Completion

8
PwC Audit Approach With Attestation
Acceptance/Continuance Assessment
Broader and deeper assessment of COSO controls
over financial reporting, including managements
evaluation of those controls. e.g., estimates,
fraud, tax accrual, more locations.
Report on managements assertions on internal
controls over financial reporting
No / Limited controls comfort
Significant controls comfort
Other audit evidence Mainly Mainly tests of
details substantive analytical procedures
Additional procedures deemed necessary to provide
independent assurance on financial statements,
taking into consideration the internal controls
assessment.

• Other audit procedures
• Financial statements
• Completion

Report on Financial Statements
9
Acceptance Continuance Process

• Governance and oversight of management
• Past performance
• Managements expertise and skill
• Adequacy of management resources
• Audit relationship
• Audit adjustments
• Revenue recognition
• Accounting control
• Integrity and ethics
• Management inclination for intentional
  misstatement in financial reporting
• Reliability of estimates
• Incentive for intentional misstatements in
  financial reporting
• Risk of insolvency

10
Acceptance Continuance Process
Key Risks
(user defined or
selected from
Master Data)
11
Audit Comfort Cycle

• 4 Key Questions
• What does management need to
  get comfort on?
• How does management get comfort?
• Are they entitled to that comfort?
• Can we audit that comfort?

12
Audit Comfort Cycle

• What does management need to get comfort on?

13
Scoping Forming a Point of View

• Perform company and industry analytical
  procedures
• Research and analyze external communications
• Partners connect with staff members
• Document the teams understanding of the business
• Knowledge broker to capture and share industry
  information
• Form a point of view on the risks that management
  should be concerned about

14
Scoping Business Analysis Framework
15
ScopingRisk Assessment Key Risks
Key risks are those conditions or factors within
an audit that, in the judgment of the auditor,
give rise to a greater risk of material financial
misstatement or other matters resulting in the
issuance of an inappropriate audit report.
16
Scoping Analytical Procedures

• High Level
• Understand the business
• Identify areas of risk
• Disaggregated Account Level
• Determine the nature, timing extent of testing
• External benchmarking to peers, market trends
• Looking for anomalies, areas of risk
• Use of extensive knowledge management tools
  available

17
Scoping Translated into Audit Strategy
Business Objectives
Risks
Controls
Stakeholders
Alignment
Where controls over significant account balances
or classes of transaction are not aligned, we
will need to perform substantive tests of details.
18
Scoping Audit Team of Specialists
Energy Trading Risk
Computer-Assisted Audit Techniques
Enterprise-wide Risk
Business Objectives
Financial Risk
Business Resilience
Project Management
Business Process
Risks
Controls
Stakeholders
Performance Improvement
Data Risk
Fraud
Regulatory/ Compliance
Internal Audit
Security
Alignment
Systems Technology
Treasury
Our best teams use our specialist capabilities to
help in forming a point of view.
19
Scoping Use of Specialists

• Policies for the use of Systems and Process
  Assurance specialists and Fraud Risk Controls
  specialists are based around risk attributes
• Policies are for consultation with specialists
  level of involvement remains a decision of
  engagement leader
• At a minimum, Required to consider use of
  specialists at mobilization stage

20
Audit Comfort Cycle

• 4 Key Questions
• What does management need to get comfort on?

• How does management get comfort?

• Are they entitled to that comfort?

• Can we audit that comfort?

21
Applying Audit Comfort Cycle from the Top-Down

• Organize audit team to align with how management
  runs the business.
• Extend discussions about business objectives
  risk to management controls.
• Understand evaluate how management controls
  risk.
• Validate controls against engagement teams point
  of view.

Audit controls from the top down
22
Taking Stock Real-Time Linkage in the
Iterative Process

• Share team members cumulative knowledge
• Update risk identification and assessment
• Consider the audit comfort gained to date, by
  audit assertion
• Answer Do we have enough comfort?
• Answer What do we do next?

23
Connecting the Dots

• Financial Statement Assertions/Audit Objectives
• Classes of Transactions
• Occurrence
• Completeness
• Accuracy
• Cutoff
• Classification
• Account Balances
• Rights Obligations
• Existence
• Completeness
• Accuracy/Valuation
• Presentation Disclosure
• Occurrence/RO
• Completeness
• Understandability
• Accuracy/Valuation

• Business Process A
• Completeness
• Accuracy
• Validity
• Restricted Access

Account Balances and Transactions
Business Objectives

• Business
• Risks related to achieving Objectives

• Business Process B
• Completeness
• Accuracy
• Validity
• Restricted Access

Account Balances and Transactions

• Business Process C
• Completeness
• Accuracy
• Validity
• Restricted Access

Account Balances and Transactions
General Computer Controls
24
Audit Comfort Matrix
25
Summary of Comfort
26
Substantive Audit Evidence
27
Achieving the Right Balance
No/Limited Controls Comfort
Significant Controls Comfort
28
Assurance Hierarchy
Will we obtain audit assurance from tests of
controls?
Yes
No
Test controls.
Can we obtain audit assurance from substantive
analytical procedures?
Yes
Perform substantive analytical procedures.
No
Do we need additional audit assurance?
No
Yes
No further testing required.
Perform tests of details.
29
Other Audit Procedures
30
Other Audit Procedures More Connecting the Dots

• Link management information to financial
  statements
• Review adjustments necessary to reconcile
  management information to the financial
  statements
• Review non-standard journal entries and other
  adjustments to ascertain whether entries may be
  indicative of fraud based upon the risk of
  management override on controls
• Perform ongoing analytical procedures, including
  updating analytical procedures related to revenue

31
Audit Committee Communications Framework
Objectives

• Promote effective and candid communications
• Enhance timely reporting, dialogue and sharing
  views
• Service approach
• Risk and Control
• Financial Reporting
• Governance
• Provide consistency in our deliverables through
  recommended templates and practice aids

32
Audit Committee Communications Plan
Understanding the audit
Staying informed
Resolution and completion
Getting started
Indicate timing


Our audit plan
PwC principles and practices

• Reporting timetable
• Business unit scope
• Engagement team
• Other deliverables

Service approach
Communications plan
Engagement letter and independence confirmation


Internal control and business issues report
Risk analysis
Update on accounting/audit issues and risk
analysis
Perspectives on fraud risk
Risk and control
Risk condition alert
Other regulatory requirements plan

• Reporting
• requirements
• Internal control deficiencies
• Accounting policies
• Management judgments
• Quality of earnings
• Independence
• Transparency

Quarterly review
Quarterly review
Quarterly review
Financial reporting
Audit opinion
Best practices in corporate reporting
Transparency of corporate reporting
Governance
Corporate governance roles and practices
Assessing our performance and yours
Ongoing assessment of needs expectations
33
The PwC Audit

• Global approach adaptable to all clients
• Designed for continuous improvement
• Performance metrics will play a larger role in
  future audits
• Audit quality is at the core of our long term
  business objectives.

34
pwc