Welcome to the April 2009 edition of the
Sarbanes-Oxley Compliance Professionals Association (SOXCPA) newsletter
SOXCPA is the largest association of Sarbanes Oxley Professionals
in the world
 
 Welcome to the April 2009 edition of the SOXCPA Newsletter. 
Breaking news - Seven New Auditing Standards That Will Change the Sarbanes Oxley Audits
 
After the current market crisis, the US Public Company Accounting Oversight Board is proposing changes to its auditing standards that describe the rules of any Sarbanes Oxley audit.
 
The new challenge for the auditors is to assess and respond to risks during an audit.

Audit risk is the material risk that the auditors will express an inappropriate opinion when the financial statements are materially misstated. The objective of the audits is not to zero this risk, but to to limit audit risk to a low level, so that the auditor can provide reasonable assurance that the financial statements fairly present, in all material respects, the financial position, results of operations, and cash flows of a firm.
The proposed changes are:
1st Proposed Auditing Standard (AS) from the PCAOB: Audit Risk in an Audit of Financial Statements
The auditors must plan and perform the audit to obtain reasonable assurance about whether there is material mistatement in the financial statements due to error or fraud. The auditors must applying due professional care and obtaining sufficient appropriate audit evidence
2nd Proposed AS: Audit Planning and Supervision
Planning an audit includes planned risk assessment procedures and responses to the risks of material misstatement. Planning is a continual and iterative process that begins shortly after (or in connection with) the completion of the previous audit.

The auditors should develop a written audit plan that should include a description of the nature, timing and extent of the risk assessment, tests of controls,  and procedures that are required to be carried out.

3rd Proposed AS: Identifying and Assessing Risks of Material Misstatement
The auditor's assessment procedures apply to both the audit of internal control over financial reporting and the audit of the financial statements. Auditors must obtain an understanding of the company and its environment to find the activities that could have a significant effect on the risks of material misstatement.
4th Proposed AS: The Auditor's Responses to the Risks of Material Misstatement
The auditors should apply professional skepticism in gathering and evaluating audit evidence.
Professional skepticism includes a questioning mind and a critical assessment of the appropriateness and sufficiency of audit evidence.
 
 5th Proposed AS: Evaluating Audit Results
Some definitions here are interesting:
Error is an unintentional misstatement in the financial statements.
Misstatement is anything that causes the financial statements not to be presented fairly in conformity with the applicable financial reporting framework.
Uncorrected misstatements are misstatements accumulated during the audit hat management has not corrected.
6th Proposed AS: Consideration of Materiality in Planning and Performing an Audit
The auditors must establish a materiality level for the financial statements as a whole that is appropriate especially in light of the surrounding circumstances. In order to determine the nature, timing, and extent of audit procedures, the materiality level as a whole needs to be expressed as a specified amount.
7th Proposed Auditing Standard from the PCAOB: Audit Evidence
There are some important changes here, and surprises. Some of the principles of computer forensics can be found in this auditing standard.

For example, evidence provided by original documents is more reliable than evidence provided by photocopies or facsimiles, or filmed and digitized documents.
 
Documents converted into electronic form are not reliable. In fact their reliability depends on the controls over the conversion and maintenance of those documents.
 
 
It is good to know that... 
SPEs, QSPEs, VIEs and Sarbanes Oxley Audits After the Market Crisis
According to the Staff Audit Practice Alert No 3 from the Public Company Accounting Oversight Board, auditors of public firms that have to comply with the Sarbanes Oxley Act of 2002 should give specific consideration to the new and elevated risks after the current market crisis, and should adjust their audit procedures.

One of the areas of concern: Off-balance-sheet arrangements and Special Purpose Entities (again), especially the entities known as Qualifying Special Purpose Entity (QSPEs) and Variable Interest Entities (VIEs).

Qualifying Special Purpose Entity (QSPE)

According to the Statement of Financial Accounting Standards No. 140 from the Financial Accounting Standards Board, a QSPE is a legal vehicle (like a trust) that:

 - It is distinct from the transferor

 - Performs significantly limited activities (so banks, insurance firms, pension plans and investment firms are not sufficiently limited and can not become qualifying SPEs).

 - May hold only financial assets transferred to it that are passive (the holder in making decisions only about servicing). Examples are passive derivative financial instruments, guarantees or rights to collateral.

Variable Interest Entities (VIE)

A VIE is often a holding company, created by another legal entity to hold assets or debt, to carry out operations or handle corporations, partnerships, trusts and limited liability companies. A VIE usually does not have the capital to support itself, so by design it is supported by another entity. The "primary beneficiary" (that has a controlling financial interest in the variable interest entity) consolidates the VIE (assets, liabilities, and profit).

There are several types of "variable interest" like loans, leases, call options, equity investments, written put options, forward contracts, derivatives, guarantees, credit enhancements etc.

According to the FASB Staff Position (FSP) FAS 140-4 and FIN 46(R)-8, public companies must disclose more about transfers of financial assets to QSPEs and VIEs.

Primary beneficiaries, servicers, holders of significant variable interests, transferors and sponsors are primarily affected.

According to the Public Company Accounting Oversight Board, the tough economic environment after the current market crisis led public companies to provide guarantees and financial support to QSPEs and VIEs. They have a "variable interest" or have increased their exposure to the above described entities, and perhaps they gave become a "primary beneficiary".

Their investors have a need to know. Their auditors have the obligation to ask the proper questions. The disclosures about transfers of financial assets in VIEs and QSPEs are meaningful and necessary.
 
 
It is good to know that...
Forensics Principles Become Part of the Sarbanes Oxley Audits After the Market Crisis
According to the new proposed from the PCAOB auditing standards, auditors must obtain sufficient appropriate audit evidence to provide a reasonable basis for their opinion.
 
What is sufficiency? It is the measure of the quantity of audit evidence.

What is appropriateness? It is the measure of the quality of the evidence obtained.

Evidence must be relevant, which means that it must be related to the assertion or to the objective of the control being tested.

Evidence must also be reliable. It means that it depends on:

1. The nature
2. The source of the evidence
3. The circumstances under which the evidence is obtained.

Obtaining more of the same poor audit evidence, cannot compensate for the poor quality of it.

Here is where computer forensics principles come in. According to the new proposed from the PCAOB auditing standards, everything depends on the nature, source and circumstances under which evidence is obtained.

A. A knowledgeable source that is independent of the company obtains more reliable evidence than evidence obtained only from internal company sources

B. Evidence is more reliable when the company's controls over that information are effective.

C. Evidence is more reliable when obtained directly by the auditors.

D. Evidence is more reliable when provided by original documents. Photocopies, facsimiles, documents filmed, digitized or converted into electronic form, are secondary evidence.
 
The more controls over the conversion and maintenance of those documents, the more auditors can use these documents.

The auditors don't have to be experts in document authentication.
 
If a document may not be authentic or there are modifications not disclosed to the auditors, they should also modify their planned audit procedures or perform additional procedures.

Auditors do not trust all information produced by a company.
They should evaluate whether the information is sufficient and appropriate by:

A. Testing the accuracy and completeness of the information

B. Testing the controls over the accuracy and completeness of that information

C. Evaluating the information (is it sufficiently precise and detailed?)

If audit evidence obtained from one source is not consistent with what is obtained from another, or if the auditor has any reasons to believe that there is a problem with the reliability of information to be used as audit evidence, they should use professional judgment and perform all the procedures needed to resolve the matter.
 
Dear member, 
 - Visit the website of our association.
 - Write in your CV, resume, websites etc. that you are members of the Sarbanes Oxley Compliance Professionals Association (SOXCPA).
 
 - Take advantage of the distance learning and online certification program of our Association - at a cost that is unheard of.