Chapter 1 Flashcards
Framework to describe how the financial reporting process protects investors’ interest
CEO/CFO
External Auditor
Regulators (SEC and PCAOB)
Board of Directors (Audit Committee)
Internal Auditor
“issuer”
If they file with the SEC they are an “issuer”
Public company
SEC oversees…
“issuers” or public companies
PCAOB governs…
US Companies, “firms,” who AUDIT public companies
(Inspected auditors)
SOX created PCAOB
Internal Auditor
Works for the company
Objective (unbiased)
Partially observe independence
Wide scope of responsibility (reporting, compliance, operations)
Who is responsible for the faithful representation of the financial statements?
CEO and CFO
(SOX requires the CFO and CEO to certify that the financial statements are fairly stated)
Who oversees finanical reporting?
The Board of Directors, specifically the Audit Committee
Audit Committee
Must be fully independent
Tasked with ensuring proper reporting
Oversees the internal auditor and the external auditor
Board of Directors
Mix of independent and “inside” members
Strategy, represent investors, etc.
External Auditor
Provide an opinion on the fairness of the financial statements. External auditors are required to be independent.
Should internal auditors be independent?
They should be objective, but by definition they aren’t independent because they work for the company
Internal audit can focus on more than just financial reporting risk, but…
they often play a role in financial reporting quality
Does the SEC have the authority to investigate issuers for financial reporting misconduct?
Yes
Does the SEC have the authority to enforce disclosure quality?
Yes
Does the PCAOB have oversight of Deloitte UK?
Yes. Big 4 are actually “global conglomerates,” not “global companies” Deloitte UK participates in audity US public companies, so PCAOB has oversight even in the foreign entity.
What are the 2 buckets of PCAOB companies?
Companies who are inspected annually and those who are inspected tri-annually (smaller firms)
SEC EDGAR
Used to search filings
Fees paid to the auditor will be listed in the…
Proxy statement
10-K
Annual
Audited
10-Q
Quarterly
Not Audited
8-K
Dissmissal of auditors
Restatement of filings
Proxy
Prior to annual meeting
Voting items
Includes fees paid to the auditor
Microsoft paid Deloitte $43 million in 2022.
2022 Microsoft revenue was $198 billion.
Audit cost 0.02% of revenue.
Would the percentage be higher or lower for smaller companies?
Higher
SEC tiers company rules because there aren’t economies of scale
Why do audits have value?
Information asymmetry
In 1926, before audits were required by law, __% of NYSE firms paid for audits
82%
Demand for reliable information
Information Asymmetry
Agent (management) may use information advantage to maximize self-interst at the expense of the owner
When might you be willing to pay for an audit?
- Gas station
- Buying a used car
- Ebay
Demand for Audits increase with…
- Environmental risk
- Information risk
Environmental risk
- complexity
- remoteness
- time-sensitivity
- consequences
Information risk
Probability that information will be false/misleading
List Attestation, Assurance, and Auditing in order from broad to narrow.
Assurrance
Attestation
Auditing
Assurance
Lending of credibility by independent and objective intermediaries
Attestation
When assurance is provided for specific assertions made by management
Auditing
When assertions are embodied in a company’s financial statements
PwC counts Oscar ballots. Parterns ahve memorized every winner in case something happens. What type of credibility is this?
Assurance. PwC is hired to lend thier credibility because they are independent of the Oscars.
Definition of Auditing:
Systematic process of objectively obtaining and evaluating evidence regarding assertions about economic actions and events to ascertain the degree of correspondence between those assertions and established criteria and communicating the results to interested ussers
Economic actions
The business
Assertions
Financial Statements
Established criteria
GAAP/IFIRS
Communicating results
Audit reports
When a company lists a fixed asset on theri financial statment they are asserting that…
they actually own the asset and that the asset really exists
Examples of Financial attestation engagements other than audits:
- Financial forecasts and projections
- Examination of Management’s Disscussion & Analusis
- From forma financial information
Examples of Non-Financial attestation engagements other than audits:
***Effectiveness of internal control systems
- Compliance with environmental regualtions
- Sustainability reporting engagements
Examples of Assurance Services:
Independent professional services that improve the quality of information, or its context, for decision makers
- Internal audit outsourcing
- IT security penetration test
What is SOC 1?
Report on controls at a service organization relevant to user entities’ internal control over financial reporting
(Very common ATTESTATION engagement)
Provides assurance over internal controls of an outsourced environment
Important because this outsourced environment affects the quality of the user entity’s information
Service organization
Provide outsourced services
Ex: ADP provides an outsourced payroll software
ADP hires BDO to report (attest) the internal controls in its payroll outsourcing service. Exon uses ADP as a payroll service. How is the ADP SOC 1 relevant to Exon?
Exon’s auditors (PwC) will rely on the SOC 1 for ADP that was prepared by BDO.
SOX 302
States that key company officials must certify the financial statments. The CEO and CFO must sign a statement (quarterly) indicating:
1. they have read the financial statements
2. they are not aware of any false or misleading statements (or key omissions)
3. they believe the financial statements present an accurate picture of the company’s financial condition
Management’s Financial Statement Assertions (PCAOB)
- Existence/occurrence
- Rights and obligations
- Completeness
- Valuation/allocation
- Presentation and disclosure
What is the most important assertion and why?
Existence/occurrence. It catches over-statements of revenue.
Existence/occurrence
Assets and liabilities included in the acounts exist and recorded transactions are valid and have actually occurred
Rights and obligations
Entity has a legal claim on all assets and revenues reported and has a legal responsibiliy for all liabilities and expenses
Completeness
All balances and transactions have been recorded in the financial statements
Valuation/allocation
Assets, liabilities, and recorded transactions have been valued in accordance with GAAP.
Presentation and disclosure
All accounts are presented in the appropriate place and all information required has been disclosed in the statements and footnotes
Resale shop. I sell suits on consignment. Do I have the right to include the suits in my shop inventory?
No
Rights and obligations assertion
What assertion catches the understatement of expenses?
Completeness
Banks have a lot of cash, but they can’t use it all. So they would have a disclosure in the financial statements saying how much they reserved.
Presentation and disclosure
The objective in an auditor’s review of credit ratings of a client’s customers is to obtain evidence related to management’s assertion about…
Valuation and allocation
What is the reliability of your customers? Will they pay? What should the net A/R be? - Affects the valuation of A/R
Cutoff
is the transaction recorded int eh right period?
AICPA (private company standard)
Existence and completeness
Professional Skepticism
Refers to an auditor’s questioning mindset towards representatins made by management and evidential mater gathered
Questioning mindset
Trust but verify
Is inquiry alone enough?
Never. The auditor must obtain sufficient corroborative evidence. Ask questions, get answers, and then verify the answers.
Why must you be skeptical as an auditor?
There is a potential conflict of interst between the auditor and the client.
Managment wants to portray the company and its operations in the best possible light.
Auditors want to make sure that this portrayal is fair and accurate as possible.
The Audit Report
- Expresses an opinion on financial statements
- Provides reasonable assurance (high level, but not 100%)
- Conducted in accordance with auditing standards (PCAOB, AICPA)
- Asserts that the financial statements are presented fairly, in all material respects, in conformity with an applicable framework (GAAP, IFRS)
Beginning in 2004, the auditor must also express an opinion on the issuer’s…
internal controls over financial reporting for large, public companies
What kind of services are prohibited for audit clients?
No service in which auditors may find themselves making management decisions or auditing their own firm’s work
Firms cannot provide the following to issuer audit clients:
- bookkeping/related services
- design or implementation of financial information systems
- appraisal or valuation services
- actuarial service
- internal audit outsourcing
- managment or human resource services
- investment or broker/dealer services
- legal and expert services (unrelated to the audit)
Can the firm provide the issuer audit client with tax services and other non-prohibited services if the issuer’s audit committee has approved them in advance?
Yes (with some restrictions on tax)