Exposure Draft The Auditor s Responsibility to Consider Fraud in an Audit of Financial Statements
|
|
- Bryce Nelson
- 5 years ago
- Views:
Transcription
1 Chartered Accountants of Canada Comptables agréés du Canada The Canadian Institute of Chartered Accountants 277 Wellington Street West Toronto, Ontario Canada M5V 3H2 Tel: (416) Fax: (416) Mr. J.M. Sylph, FCA Technical Director International Auditing and Assurance Standards Board 545 Fifth Avenue, 14 th Floor New York, New York USA L Institut Canadien des Comptables Agréés 277, rue Wellington ouest Toronto, Ontario Canada M5V 3H2 Tél: (416) Fax: (416) Dear Mr. Sylph: Re: Exposure Draft The Auditor s Responsibility to Consider Fraud in an Audit of Financial Statements The Auditing and Assurance Standards Board (AASB) is pleased to respond to the above Exposure Draft and strongly supports the proposed standard, subject to the undernoted comments and recommended changes. We believe that these comments and changes are consistent with the substance of the proposed standard and would result in important improvements that merit your consideration. The comments and recommendations result from the deliberations of the AASB during the course of the parallel Canadian project, and from comments by respondents to the equivalent Canadian Exposure Draft. We also include as an appendix a number of editorial comments for your consideration. Significant overall comments 1. Need for additional implementation guidance There is a need for significant additional guidance on implementation of the proposed ISA. The AICPA has published very extensive additional guidance for SAS99, for example by issuing Fraud Detection in a GAAS Audit: SAS No. 99 Implementation Guide and by including extensive guidance on fraud risk assessment and related techniques, and case studies, on its fraud web site. Although the ED does not change the auditor s responsibility to detect fraud, because of the importance of this new standard, and the degree of change required in auditor mindset and performance, we strongly urge the IAASB to issue background guidance concurrently with the ISA, or shortly thereafter. IAASB could use the AICPA guidance as a starting point. Such guidance, we believe, is particularly important for auditors of small owner-managed enterprises. Other matters on which guidance would be useful include evaluation of corporate culture and tone at the top. 2. Applicability to audits of small entities Notwithstanding the reference in several paragraphs to audits of small entities, we believe the particular issues relating to such audits are insufficiently addressed. For example, more
2 Page 2 guidance would be desirable in or after paragraph 28 and in paragraphs 59 through 70 concerning the limited opportunity in such entities for segregation of duties, the compensating controls exercised by an owner-manager, and the related fraud risk factors. 3. Application of professional scepticism to those charged with governance We agree that the auditor should maintain an attitude of professional scepticism throughout the audit notwithstanding the auditor s past experience with the entity and the auditor s belief about the honesty and integrity of management and those charged with governance. However, while the ED provides sufficient guidance on the types of procedures the auditor performs when exercising professional scepticism with respect to management, we believe there needs to be more detailed guidance on the types of procedures the auditor performs when exercising professional scepticism with respect to those charged with governance. 4. Concerns associated with taking a procedural approach in this proposed ISA We agree with the specific procedural requirements in the Exposure Draft (e.g., required procedures concerning revenue recognition, journal entries, inventories, accounting estimates and understanding of the business rationale for significant transactions). However, it must be recognized that, once these standards are finalized, management, aware of the specific procedures the auditor will perform and bent on perpetrating fraud, will presumably take extra care not to do so, for example, by means of a journal entry in a round amount close to the year-end. A risk of having a set of prescribed procedures is that auditors, having performed them, will believe they have done enough. This may not always be the case. To alleviate this risk, we recommend that the phrase at a minimum or at least be incorporated into the lead-in to paragraph 70 and suitable wording be inserted immediately after paragraph 70 to state that, notwithstanding the particular methods of perpetrating fraud described in paragraphs 71 to 76, and in paragraph 67 concerning revenue recognition, management may use different methods of perpetrating fraud that would not be detected by any of the procedures contemplated in paragraphs 70 or There should be a strong statement that auditors should also be alert for evidence of fraud from whatever source and by any method. This will reinforce the basic principle in the standard that the auditor is alert to risks of material misstatement, whether due to revenue recognition, management override of internal controls or some other cause. 5. Auditor communications to those charged with governance We are concerned that the requirements for reporting to those charged with governance are, given the current environment, too limited - even less stringent in some respects than existing ISA 240. For example, the matters that are ordinarily communicated as described in existing ISA 240, paragraph 58, are not all included in the Exposure Draft. Whereas the existing requirement is for the auditor to communicate fraud involving all management, the ED 1 More auditing techniques are usefully described in Appendix 2 but they are not all linked to specific methods of perpetrating fraud.
3 Page 3 paragraph 88 only requires the auditor to communicate fraud involving senior management. 2 Furthermore, existing ISA 240, paragraph 58, requires the communication of misstatements that may cause future financial statements to be misstated. We believe that this requirement should be retained, either in ISA 240 or ISA 260. We are also concerned that both the ED and SAS99 set too high a threshold before the auditor reports fraud (whether caused by senior management or other employees) to those charged with governance. The requirement in the ED is only for material or possibly material frauds to be reported. We believe that the requirement should be for all non-trivial frauds to be reported. Accordingly, we believe that paragraph 88 should be amended to read: If the auditor has identified any of the following matters, the auditor should communicate them to those charged with governance as soon as practicable: a) Questions concerning the competence and integrity of management; 3 b) Fraud involving management; c) Fraud (whether caused by management or other employees) that results, or may result, in a non-trivial misstatement of the financial statements; and d) Matters that may cause future financial statements to be materially misstated. Specific comments Paragraph 10 The focus of this paragraph is on earnings management and on frauds that have an impact on net income. It is true that fraudulent financial reporting is often caused in this way, however mention should also be made of pressures on management to meet financial ratios involving asset and liabilities and therefore the possibility that there are misstatements due to fraud in these areas. Paragraph 23 Consideration should be given to adding text or a footnote along the lines of footnote 26 of SAS99 which indicates that if the auditor believes that documents may not be authentic he or she should investigate further and consider using the work of a specialist to determine the authenticity. Paragraph 24 The concept that communication and sharing of information should take place throughout the audit, as described in paragraph 27, is important and should be added to the end of paragraph 24 along the following lines: The discussions should take place throughout the audit. 2 ISA requires the reporting of fraud involving management. We interpret this requirement to mean that the auditor should report all fraud involving management. 3 i.e, put the last bullet in paragraph 94 into bold.
4 Page 4 Paragraph 25 It is not sufficient for only key members of the engagement team to be involved in the discussion. All members of the audit team make judgments and determinations during the audit, and not just the senior members of the team. Junior members therefore need to hear the discussions of the more senior members to gain an understanding of the risks and related audit approach. Since the word ordinarily is already used to qualify the need for team members to be involved, the wording could be: Ordinarily the discussion involves all members of the engagement team. Consideration should also be given to incorporating into this paragraph some of the important messages that are set out in SAS99 paragraph 16 regarding how the discussion among the engagement team members reinforces professional scepticism. Paragraph 26 A sentence should be added at the end of this paragraph along the lines of: Difficult issues would be discussed if necessary with a professional colleague. Paragraph 34 If there is an internal audit function, enquiries should be required. At a minimum, the word ordinarily should be deleted. Consideration should also be given to amending paragraph 32 to include reference to internal auditors. For example, The auditor should make enquiries of management, internal auditors, if any, and others Paragraph 35 We recommend changing the last bullet to read: Chief ethics officer or equivalent person or persons charged with the responsibility for dealing with allegations of fraud. Paragraph 36 The phrase the auditor uses professional judgment in deciding when it is necessary to corroborate responses to enquiries appears to leave open the possibility that an auditor can accept such responses without corroboration in some cases. We believe this is the wrong message. It is possible that such a response will correspond with other evidence already obtained by the auditor so that no further corroborating evidence will be required. However, this does not mean that responses from management can be accepted without corroboration. This (perhaps unintended) problem can be remedied by amending the second sentence as follows: Therefore, the auditor needs to have or to obtain corroborating evidence for responses to such enquiries. Paragraph 42 to 46 Indications that fraud risk factors are present should be considered not only when obtaining an understanding of the entity, as implied in paragraph 42 and related following paragraphs. Although identification of fraud risk factors is covered in certain aspects of the audit (see
5 Page 5 paragraphs 47, 49 and 77), it may be preferable to add the phrase and throughout the audit into paragraph 42 and relevant places in 43 to 46. Although fraud risk factors are said to be examples, paragraph 45 should be strengthened to make it clear that the auditor is responsible for identifying risk factors whether or not they are on the list. Wording such as the following could be added after the penultimate sentence: Also, the auditor needs to be alert for risk factors specific to the entity that are not included in the examples in Appendix 1. Paragraph 47 Although probably not intended, this paragraph can be interpreted to mean that analytical procedures are used to understand internal control, which is not usually the case. The phrase including its internal control should be deleted. Paragraph 47 requires the performance of analytical procedures with the objective of identifying unusual or unexpected relationships that may identify a risk of material misstatement due to fraud. The way it is worded, paragraph 47 requires auditors to actively seek unusual or unexpected relationships in all areas of the audit. On the other hand, SAS99 (with the exception of paragraph 29 re analytical procedures relating to revenue recognition) only requires the auditor to consider whether analytical procedures performed as substantive procedures, or in the overall review stage of the audit, indicate a previously unrecognized risk of material misstatement due to fraud (see SAS99 paragraph 69). We believe that the ED therefore goes beyond SAS99 in this respect. We also believe that the final ISA should limit the auditor s responsibilities to be consistent with SAS99 and paragraph 47 should reflect the guidance in SAS99 paragraph 69. Paragraph 52 The term fraud risks used in (a), (b) and (c) is problematical because the term is unclear (see general editorial comment below). The simple solution is to remove the word fraud from each of these sub-points. Paragraph 54 This paragraph belongs more appropriately in the section dealing with the auditor s enquiries of management when obtaining an understanding of the entity and its environment (paragraphs 29-31). The two requirements in paragraph 54 are important and should be in bold text. Therefore, they could be incorporated as extra items (c) and (d) in paragraph 29. The first sentence of paragraph 54 states that the auditor enquires about whether management has reported to those charged with governance how the entity s internal control serves to prevent or detect material misstatements due to fraud. We believe there should be a corresponding requirement for the auditor to enquire of those charged with governance
6 Page 6 concerning what management has reported to them in this respect (i.e., corroborating evidence). This could appear in, or in a paragraph after, paragraph 39. Paragraph 62 Elements of unpredictability should always (not ordinarily ) be incorporated into audit procedures. We suggest that the word ordinarily be dropped from this paragraph. Consideration should be given to amending paragraph 55 to specifically refer to the need for unpredictable procedures. This could be done by adding the following new sentence at the end of the paragraph: The auditor should incorporate an element of unpredictability into such procedures. Paragraphs 71 to 74 Consideration should be given to including a requirement to perform audit procedures on executive compensation and travel and other reimbursed expenses with a view to assessing the risk that they are fraudulent. This requirement is of particular importance with respect to audits of public entities. Consideration might be given to incorporating into 74(b) the last sentence in SAS.99 paragraph 64. Paragraph 75 The second sentence should begin For example.... There are reasons other than earnings management that might cause management to insert bias into financial reporting. Paragraph 76 At the end of the first sentence, we suggest adding and other information obtained during the audit. Paragraph 83 The requirement in 83(c)(iii) that management represent that, for fraud involving others, they have disclosed only fraud that could have a material effect on the financial statements is too high a threshold. Many frauds that concern the auditor would not have a material impact on the financial statements. At the very least, the threshold should be non-trivial. However, there are advantages to having management report even trivial frauds that they are aware of so that the auditor can make the decision whether or not they are of concern. Paragraph 100 SAS99 paragraph 83 requires the auditor to document the reasons for the auditor s conclusion if the auditor has not identified, in a particular circumstance, improper revenue recognition as a risk of material misstatement due to fraud. We believe this should be a requirement in paragraph 100. There may also be a need to refer to paragraph 67.
7 Page 7 Appendix 1 Under Incentives/Pressures, item two, we recommend adding an additional factor that has been significant in several problem cases: Control has changed, especially when the price paid by new management appears, in hindsight, to have been too high. We hope our comments will be helpful to the IAASB in completing this standard. If you have questions about any of the points raised or require additional information, please contact Eric Turner at (416) Yours very truly, Peter Gregory, CA Chair, Auditing and Assurance Standards Board cc: Auditing and Assurance Standards Board Members L.D. Esdon, FCA L.D. Desautels, FCA
8 Page 8 Appendix - Editorial comments General There are inconsistencies in phraseology that could be corrected. Examples noted are: the use of risk of material misstatements (e.g., paragraph 3), risks of material misstatement (e.g., paragraphs 51,52 and 55), and risks of material misstatements (paragraph 33) and fraud risks (see paragraphs 52 and 100) and fraud risk factors. Appendix 1 refers to Risk factors related to misstatements, and SAS99 refers to specific risks of material misstatement due to fraud, either of which might be preferable phraseology generally and in paragraph 100. The solution in paragraph 52 is to eliminate the word fraud, as suggested above. Paragraph 3 The language in the first sentence in paragraph.03 of SAS.99 might usefully be added to paragraph 3 in the proposed ISA. Paragraph 22 Since enquiries are not audit evidence, but a means of obtaining audit evidence, we suggest the beginning of the last sentence read When making enquiries and performing other audit procedures.... Paragraph 25 In the second bullet, we suggest A consideration of practices that might be followed by management.... Paragraph 29 The heading in front of paragraph 29 should be in front of paragraph 37. If a heading is needed in front of paragraph 29 it should refer to enquiries of management and others. Paragraph 69 Clarity would be significantly improved if a heading were inserted in front of this paragraph Audit Procedures Responsive to the Risk of Management Override of Controls. Then the procedures required in paragraphs 70 through 76 have a logical header. A similar level subheading may also be appropriate in front of paragraph 67.
Within our recommendations for editorial changes, additions are noted in bold underline and deletions in strike-through.
1633 Broadway New York, NY 10019-6754 Mr. Jim Sylph Executive Director, Professional Standards International Federation of Accountants 545 Fifth Avenue, 14th Floor New York, NY 10017 Dear Mr. Sylph: We
More informationRe: Exposure Draft Proposed ISAE 3402 on Assurance Reports on Controls at a Third Party Service Organization
Date Le Président Fédération Avenue d Auderghem 22-28 des Experts 1040 Bruxelles 31 May 2008 Comptables Tél. 32 (0) 2 285 40 85 Européens Fax: 32 (0) 2 231 11 12 AISBL E-mail: secretariat@fee.be Mr. Jim
More informationISA 800/805. Proposed changes to ISA 800/ 805 were limited in nature
ISA 800/805 Prof. Annette Köhler, IAASB Member and Drafting Team Chair Agenda Item 4 New York, USA June 16, 2015 Page 1 Proprietary and Copyrighted Information Background and Introduction Proposed changes
More informationInternational Auditing and Assurance Standards Board (IAASB) International Federation of Accountants 545 Fifth Avenue, 14 th Floor New York, NY 10017
3701 Algonquin Road, Suite 1010 Telephone: 847.253.1545 Rolling Meadows, Illinois 60008, USA Facsimile: 847.253.1443 Web Sites: www.isaca.org and www.itgi.org 25 April 2008 International Auditing and Assurance
More informationADVANCED AUDIT AND ASSURANCE
ADVANCED AUDIT AND ASSURANCE CPA PROGRAM SUBJECT OUTLINE The Advanced Audit and Assurance subject provides a body of knowledge for you to understand the nature and diversity of audit and assurance engagements.
More informationAudit Considerations Relating to an Entity Using a Service Organization
An Entity Using a Service Organization 355 AU-C Section 402 Audit Considerations Relating to an Entity Using a Service Organization Source: SAS No. 122; SAS No. 128; SAS No. 130. Effective for audits of
More informationIssue for Consideration: Appropriateness of the Drafting of Paragraph A17
Deloitte & Touche LLP Ten Westport Road Wilton, CT 06897-0820 USA Tel: +1 203 761 3000 Fax: +1 203 761 3013 www.deloitte.com Sherry Hazel Audit and Attest Standards American Institute of Certified Public
More information26 February Office of the Secretary Public Company Accounting Oversight Board 1666 K Street, NW Washington, DC
3701 Algonquin Road, Suite 1010 Telephone: 847.253.1545 Rolling Meadows, Illinois 60008, USA Facsimile: 847.253.1443 Web Sites: www.isaca.org and www.itgi.org 26 February 2007 Office of the Secretary Public
More informationCITADEL INFORMATION GROUP, INC.
CITADEL INFORMATION GROUP, INC. The Role of the Information Security Assessment in a SAS 99 Audit Stan Stahl, Ph.D. President Citadel Information Group, Inc. The auditor has a responsibility to plan and
More informationSAS70 Type II Reports Use and Interpretation for SOX
SAS70 Type II Reports Use and Interpretation for SOX November 19, 2007 Presented by: Erin Erickson, Senior Manager Enterprise Governance and Brenda Karl, Director Technology Risk Management Agenda Background
More informationLearning Objectives. External confirmations procedures as per SA330 and SA 500 requirements
CA. Sudhir Sharma 1 Learning Objectives 1 2 3 4 External confirmations procedures as per SA330 and SA 500 requirements Management s refusal to allow auditor to send confirmation requests Results of the
More informationINTERNATIONAL STANDARD ON AUDITING 505 EXTERNAL CONFIRMATIONS CONTENTS
INTERNATIONAL STANDARD ON AUDITING 505 EXTERNAL CONFIRMATIONS (Effective for audits of financial statements for periods beginning on or after December 15, 2009) CONTENTS Paragraph Introduction Scope of
More informationInternational Standard on Auditing (UK) 505
Standard Audit and Assurance Financial Reporting Council July 2017 International Standard on Auditing (UK) 505 External Confi rmations The FRC s mission is to promote transparency and integrity in business.
More informationProbe MMX Compilation
Probe MMX Compilation 2011.00 What s New Overview Probe MMX Compilations Probe MMX uses the latest CaseWare and Template Technology, creating a way to conduct Compilation engagements using the latest International
More informationEvaluating SOC Reports and NEW Reporting Requirements
Evaluating SOC Reports and NEW Reporting Requirements ISACA Kris Lonborg, EY Partner Maria Avedissian, EY Senior Manager September 12, 2013 Agenda Evaluating SOC reports Recent changes made to the SOC1
More information18 April Re.: Exposure Draft, Improving the Structure of the Code of Ethics for Professional Accountants - Phase 1. Dear Mr.
18 April 2016 Mr. Ken Siong Technical Director International Ethics Standards Board for Accountants 529 Fifth Avenue, 6 th Floor New York NY 10017, USA submitted electronically through the IESBA website
More informationInformation for entity management. April 2018
Information for entity management April 2018 Note to readers: The purpose of this document is to assist management with understanding the cybersecurity risk management examination that can be performed
More informationInternational Standard on Auditing (Ireland) 505 External Confirmations
International Standard on Auditing (Ireland) 505 External Confirmations MISSION To contribute to Ireland having a strong regulatory environment in which to do business by supervising and promoting high
More informationISA 540 (Revised): Update. May 2018 ASB meeting Dan Montgomery May 17, 2018
ISA 540 (Revised): Update May 2018 ASB meeting Dan Montgomery May 17, 2018 Overview Update on March 2018 IAASB meeting and April 2018 board teleconference Significant revisions post-march Next steps Page
More informationAudit confirmation is hereafter referred to as "confirmation."
1666 K Street, NW Washington, D.C. 20006 Telephone: (202) 207-9100 Facsimile: (202)862-8430 www.pcaobus.org CONCEPT RELEASE ON POSSIBLE REVISIONS TO THE PCAOB'S STANDARD ON AUDIT CONFIRMATIONS ) ) ) )
More informationEXTERNAL CONFIRMATIONS SRI LANKA AUDITING STANDARD 505 EXTERNAL CONFIRMATIONS
SRI LANKA STANDARD 505 EXTERNAL CONFIRMATIONS (Effective for audits of financial statements for periods beginning on or after 01 January 2014) CONTENTS Paragraph Introduction Scope of this SLAuS... 1 External
More informationLIST OF SUBSTANTIVE CHANGES AND ADDITIONS. PPC's Guide to Audits of Local Governments. Thirty first Edition (February 2016)
Route To: Partners Managers Staff File LIST OF SUBSTANTIVE CHANGES AND ADDITIONS PPC's Guide to Audits of Local Governments Thirty first Edition (February 2016) Highlights of This Edition The following
More informationSubmission to the International Integrated Reporting Council regarding the Consultation Draft of the International Integrated Reporting Framework
Submission to the International Integrated Reporting Council regarding the Consultation Draft of the International Integrated Reporting Framework JULY 2013 Business Council of Australia July 2013 1 About
More informationTHE CORPORATE CON: INTERNAL FRAUD AND THE AUDITOR
THE CORPORATE CON: INTERNAL FRAUD AND THE AUDITOR GLOBAL HEADQUARTERS THE GREGOR BUILDING 716 WEST AVE AUSTIN, TX 78701-2727 USA TABLE OF CONTENTS I. INTRODUCTION Video Supplement... 1 Course Objectives
More informationDecember 21, 1998 BY ELECTRONIC MAIL AND HAND DELIVERY
Alden Adkins Sr. V. P. and General Counsel BY ELECTRONIC MAIL AND HAND DELIVERY Katherine A. England Assistant Director Division of Market Regulation Securities and Exchange Commission 450 Fifth Street,
More informationPeriod from October 1, 2013 to September 30, 2014
Assurance Report on Controls Placed in Operation and Tests of Operating Effectiveness ISAE 3402 Type 2 Period from October 1, 2013 to September 30, 2014 Frankfurt/Main Table of Contents SECTION I Independent
More informationPolicy for Translating and Reproducing Standards Issued by the International Federation of Accountants
IFAC Policy Statement December 2008 Policy for Translating and Reproducing Standards Issued by the International Federation of Accountants The IFAC Mission To serve the public interest, the International
More informationC22: SAS 70 Practices and Developments Todd Bishop, PricewaterhouseCoopers
C22: SAS 70 Practices and Developments Todd Bishop, PricewaterhouseCoopers SAS No. 70 Practices & Developments Todd Bishop Director, Risk Assurance Services, PricewaterhouseCoopers Agenda SAS 70 Background
More informationSAS 70 SOC 1 SOC 2 SOC 3. Type 1 Type 2
SAAABA Changes in Reports on Service Organization Controls April 18, 2012 Changes in Reports on Service Organization Controls (formerly SAS 70) April 18, 2012 Duane M. Reyhl, CPA Andrews Hooper Pavlik
More informationThe Australian Accounting Standards Board (AASB) is pleased to provide its comments on the above named Consultation Paper (CP).
Level 7, 600 Bourke Street MELBOURNE VIC 3000 Postal Address PO Box 204 Collins Street West VIC 8007 Telephone: (03) 9617 7600 Facsimile: (03) 9617 7608 8 June 2012 Ms Stephenie Fox Technical Director
More informationSTAFF REPORT. January 26, Audit Committee. Information Security Framework. Purpose:
STAFF REPORT January 26, 2001 To: From: Subject: Audit Committee City Auditor Information Security Framework Purpose: To review the adequacy of the Information Security Framework governing the security
More informationACCOUNTING (ACCT) Kent State University Catalog
Kent State University Catalog 2018-2019 1 ACCOUNTING (ACCT) ACCT 23020 INTRODUCTION TO FINANCIAL ACCOUNTING 3 Credit (Equivalent to ACTT 11000) Introduction to the basic concepts and standards underlying
More informationComment on Exposure Draft, IFRS Practice Statement: Application of Materiality to Financial Statements
16 February 2016 Mr. Hans Hoogervorst Chairman International Accounting Standards Board 30 Cannon Street London EC4M 6XH United Kingdom Comment on Exposure Draft, IFRS Practice Statement: Application of
More informationRISK ASSESSMENTS AND INTERNAL CONTROL CIS CHARACTERISTICS AND CONSIDERATIONS CONTENTS
CONTENTS Paragraphs Introduction... 1 Organizational Structure... 2 Nature of Processing... 3 Design and Procedural Aspects... 4 Internal Controls in a CIS Environment... 5 General CIS Controls... 6-7
More informationAudit and Assurance Overview
Chartered Professional Accountants of Canada, CPA Canada, CPA are trademarks and/or certification marks of the Chartered Professional Accountants of Canada. 2018, Chartered Professional Accountants of
More informationCASA External Peer Review Program Guidelines. Table of Contents
CASA External Peer Review Program Guidelines Table of Contents Introduction... I-1 Eligibility/Point System... I-1 How to Request a Peer Review... I-1 Peer Reviewer Qualifications... I-2 CASA Peer Review
More informationHong Kong Institute of Certified Public Accountants Practising Certificate ("PC") Business Assurance
Hong Kong Institute of Certified Public Accountants Practising Certificate ("PC") Business Assurance Examinable Auditing Standards December 2017 Session and June 2018 session This document contains the
More informationPREPARING FOR SOC CHANGES. AN ARMANINO WHITE PAPER By Liam Collins, Partner-In-Charge, SOC Audit Practice
PREPARING FOR SOC CHANGES AN ARMANINO WHITE PAPER By Liam Collins, Partner-In-Charge, SOC Audit Practice On May 1, 2017, SSAE 18 went into effect and superseded SSAE 16. The following information is here
More informationTable of Contents 2. Welcome to Checkpoint Engage 5. Creating an Engagement in Advance Flow or Onvio 6. Create Checkpoint Engage Engagement 8
Table of Contents Table of Contents 2 Welcome to Checkpoint Engage 5 Creating an Engagement in Advance Flow or Onvio 6 Create Checkpoint Engage Engagement 8 Add Engagement 8 Single Audit and Yellow Book
More informationCase Study: Simply Soups Inc. Version 1.8
Simply Soups Inc.: A Teaching Case Designed to Integrate the Electronic Confirmation Process into an Auditing Curriculum Instructional Guide for Students 1 Table of Contents Student Instructions Case Study
More informationPEM Contents Checklist
Contents Checklist PEM Contents Checklist Below is a detailed listing of the entire contents for Update #41 dated September 2008. This is provided to allow subscribers to ensure that their binder(s) are
More information3/13/2015. COSO Revised: Implications for Compliance and Ethics Programs. Session Agenda. The COSO Framework
COSO Revised: Implications for Compliance and Ethics Programs Urton Anderson, CCEP Director of the Von Allmen School of Accountancy and EY Professor The University of Kentucky Session Agenda The COSO Framework
More informationDefinition of Internal Control
Definition of Internal Control - To address and limit potential risks - designed, implemented and maintained by those charged with governance to provide reasonable assurance about the achievement of the
More informationSOC Reports The 2017 Update: What s new, What s not, and What you should be doing with the SOC Reports you receive! Presented by Jeff Pershing
SOC Reports The 2017 Update What s new, What s not, and What you should be doing with the SOC Reports you receive! presented to Northeast Ohio ISACA Thursday, April 20, 2017 Jeff Pershing, CISA, CISM,
More informationReviewed by ADM(RS) in accordance with the Access to Information Act. Information UNCLASSIFIED.
Assistant Deputy Minister (Review Services) Reviewed by in accordance with the Access to Information Act. Information UNCLASSIFIED. Security Audits: Management Action Plan Follow-up December 2015 1850-3-003
More informationWECC Internal Controls Evaluation Process WECC Compliance Oversight Effective date: October 15, 2017
WECC Internal Controls Evaluation Process WECC Compliance Oversight Effective date: October 15, 2017 155 North 400 West, Suite 200 Salt Lake City, Utah 84103-1114 WECC Internal Controls Evaluation Process
More informationService Organization Control (SOC) Reports: What they are and what to do with them MARCH 21, 2017
Service Organization Control (SOC) Reports: What they are and what to do with them MARCH 21, 2017 Presenter Colin Wallace, CPA/CFF, CFE, CIA, CISA Partner Colin has provided management consulting and internal
More informationUsing Security to Lock in Commercial Banking Customers
EXECUTIVE SUMMARY Webinar Using Security to Lock in Commercial Banking Customers Commercial banking is a market opportunity that financial institutions (FIs) should not ignore. Tens of billions of dollars
More informationSmart Lite User Guidance Pack
Smart Lite User Guidance Pack October 08 Training Table of contents Culture Change: examples................................................................................ Why Smart Lite Procedures...............................................................................
More informationAction Plan Developed by The Iranian Institute of Certified Accountants (IICA) BACKGROUND NOTE ON ACTION PLANS
BACKGROUND NOTE ON ACTION PLANS Action Plans are developed by IFAC members and associates to address policy matters identified through their responses to the IFAC Compliance Self-Assessment Questionnaire.
More informationIntroduction to Automated Controls. Jay Swaminathan Senior Manager, SOAProjects. San Francisco Chapter
Introduction to Automated Controls Jay Swaminathan Senior Manager, SOAProjects Agenda Defining Automated Controls The Value of Automated Controls Common Testing Approaches ITGC considerations The Concept
More informationISACA Survey Results. 27 April Ms. Nancy M. Morris, Secretary Securities and Exchange Commission 100 F Street NE Washington, DC
3701 Algonquin Road, Suite 1010 Telephone: 847.253.1545 Rolling Meadows, Illinois 60008, USA Facsimile: 847.253.1443 Web Sites: www.isaca.org and www.itgi.org 27 April 2006 Ms. Nancy M. Morris, Secretary
More informationRetirement of SAS 70 and a new generation of Service Organization Control (SOC) Reports
new generation of Service Organization Control (SOC) Reports Presented by: Nina Currigan, KPMG Advisory Manager Karen Krebsbach, Ernst & Young Advisory Manager With you today Nina Currigan Advisory Manager
More informationIS Audit and Assurance Guideline 2001 Audit Charter
IS Audit and Assurance Guideline 2001 Audit Charter The specialised nature of information systems (IS) audit and assurance and the skills necessary to perform such engagements require standards that apply
More informationArticle II - Standards Section V - Continuing Education Requirements
Article II - Standards Section V - Continuing Education Requirements 2.5.1 CONTINUING PROFESSIONAL EDUCATION Internal auditors are responsible for maintaining their knowledge and skills. They should update
More informationFinancial Planning Standards Council 2016 ENFORCEMENT AND DISCIPLINARY REVIEW REPORT
Financial Planning Standards Council 2016 ENFORCEMENT AND DISCIPLINARY REVIEW REPORT Table of Contents Financial Planning Standards Council... 1 Profile of the Profession... 2 Maintaining High Standards
More informationAction Plan Developed by. Institute of Certified Public Accountants of Uganda BACKGROUND NOTE ON ACTION PLANS
BACKGROUND NOTE ON ACTION PLANS Action Plans are developed by IFAC members and associates to address policy matters identified through their responses to the IFAC Compliance Self-Assessment Questionnaires.
More informationBACKGROUND NOTE ON ACTION PLANS
BACKGROUND NOTE ON ACTION PLANS Action Plans are developed by IFAC members and associates to address policy matters identified through their responses to the IFAC Compliance Self-Assessment Questionnaires.
More informationOF ACCOUNTANTS IAASB CAG MEETING MARCH 7, 2011
INTERNATIONAL FEDERATION OF ACCOUNTANTS IAASB CAG MEETING MARCH 7, 2011 HISTORY OF THE IIA 1941 Founded in New York City 1944 First chapter outside the US chartered in Toronto 1948 First chapters outside
More informationNASD NOTICE TO MEMBERS 97-58
NASD NOTICE TO MEMBERS 97-58 NASD Regulation Requests Comment On Proposed Interpretive Material 1031 Regarding Cold Calling Activity; Comment Period Expires October 31, 1997 Suggested Routing Senior Management
More information13.f Toronto Catholic District School Board's IT Strategic Review - Draft Executive Summary (Refer 8b)
AGENDA ADDENDU TE REGULAR EETING OF TE AUDIT COITTEE COITTEE PUBLIC SESSION Tuesday, June 6, 2017 6:30 P.. Pages 13. Staff Reports 13.f Toronto Catholic District School Board's IT Strategic Review - Draft
More informationAdvanced Corporate Reporting. Corporate Reporting. Financial Accounting. Management in Organisations
CPA Syllabus 018: Auditing Stage: Professional 1 Subject Title: Auditing Examination Duration: 3 Hours Aim The aim of this subject is to introduce students to the concepts and principles of the audit process
More informationmanner. IOPA conducts its reviews in conformance with Government Auditing Standards issued by the Comptroller General of the United States.
PCAOB Public Company Accounting Oversight Board 1666 K Street, N.W. Washington, DC 20006 Telephone: (202) 207-9100 Facsimile: (202) 862-8430 www.pcaobus.org The Honorable Christopher Cox Chairman Securities
More informationEffective Cyber Incident Response in Insurance Companies
August 2017 Effective Cyber Incident Response in Insurance Companies An article by Raj K. Chaudhary, CRISC, CGEIT; Troy M. La Huis; and Lucas J. Morris, CISSP Audit / Tax / Advisory / Risk / Performance
More informationImplementation of the NATS-only recommendations of the Independent Enquiry
Dame Deirdre Hutton Chair, Civil Aviation Authority 45-59 Kingsway London WC2B 6TE 14 th October 2016 NATS Corporate & Technical Centre 4000 Parkway Whiteley Fareham PO15 7FL Dear Dame Deirdre Implementation
More informationIndependent Assurance Statement
Independent Assurance Statement Scope and Objectives DNV GL Business Assurance USA, Inc. (DNV GL) was commissioned by Lockheed Martin Corporation (Lockheed Martin) to conduct independent assurance of its
More informationUSER CORPORATE RULES. These User Corporate Rules are available to Users at any time via a link accessible in the applicable Service Privacy Policy.
These User Corporate Rules are available to Users at any time via a link accessible in the applicable Service Privacy Policy. I. OBJECTIVE ebay s goal is to apply uniform, adequate and global data protection
More information2016 SC REGIONAL HOUSING AUTHORITY NO. 3 S EIV SECURITY POLICY
2016 SC REGIONAL HOUSING AUTHORITY NO. 3 S EIV SECURITY POLICY Purpose: The purpose of this policy is to provide instruction and information to staff, auditors, consultants, contractors and tenants on
More information( ' ' (6-6 (6/%& A ' (6 -& (6 - & & (& %& (6-6 (6 $&&&
#$#% &' & ( ' ' @& (6/%& A ' (6 -& (6 - & & (& %& " ) >? + &'0&8' (6 $&&&! = ( ' ' & '& &5 % & &67( 5 / 8(0 2 -& 9% + ::;'( 0 (..0 )*'+++, -./&, /. */ / 0' & /' 1. 2-&3& ' 4 Crowe Horwath New Zealand Audit
More information26 May Victoria Learmonth Prudential Supervision Department PO Box 2498 Wellington
26 May 2017 Victoria Learmonth Prudential Supervision Department PO Box 2498 Wellington 6140 Email: Victoria.Learmonth@rbnz.govt.nz Dear Victoria, Amazon Web Services (AWS) is grateful for the opportunity
More informationIS Audit and Assurance Guideline 2002 Organisational Independence
IS Audit and Assurance Guideline 2002 Organisational Independence The specialised nature of information systems (IS) audit and assurance and the skills necessary to perform such engagements require standards
More informationDATA SUBJECT ACCESS REQUEST PROCEDURE
DATA SUBJECT ACCESS REQUEST PROCEDURE DATA PROTECTION ACT 1998 This procedure seeks to ensure that the Transport Executive receives and processes Data Subject Access Requests in accordance with the Data
More informationArticle I - Administrative Bylaws Section IV - Coordinator Assignments
3 Article I - Administrative Bylaws Section IV - Coordinator Assignments 1.4.1 ASSIGNMENT OF COORDINATORS To fulfill the duties of the Fiscal Control and Internal Auditing Act (30 ILCS 10/2005), the Board
More informationIn 2017, the Auditor General initiated an audit of the City s information technology infrastructure and assets.
REPORT FOR ACTION IT Infrastructure and IT Asset Management Review: Phase 1: Establishing an Information Technology Roadmap to Guide the Way Forward for Infrastructure and Asset Management Date: January
More informationManaging Linear & Non-Linear Content Development
Managing Linear & Non-Linear Content Development i4i s A4L Enterprise product supports the business process of label content production in the pharmaceutical industry, and the output and management of
More informationMODEL COMPLAINTS SYSTEM AND POLICY THE OMBUDSMAN'S GUIDE TO DEVELOPING A COMPLAINT HANDLING SYSTEM
MODEL COMPLAINTS SYSTEM AND POLICY THE OMBUDSMAN'S GUIDE TO DEVELOPING A COMPLAINT HANDLING SYSTEM Published by the Office of the Ombudsman 18 Lower Leeson Street Dublin 2 Telephone: 01 639 5600 Lo-call:
More informationXBRL Accounts Taxonomies
Deloitte LLP 2 New Street Square London EC4A 3BZ Tel: +44 (0) 20 7936 3000 Fax: +44 (0) 20 7583 1198 www.deloitte.co.uk Direct: 0207 007 0884 Direct fax: 020 7007 0158 vepoole@deloitte.co.uk Jennifer Guest
More informationBuilding Consent Authority Complaint 2017/002 6 October 2017 Complaint against Auckland Council
Building Consent Authority Complaint 2017/002 6 October 2017 Complaint against Auckland Council 1. About this complaint 1.1 This is a complaint under Part 3 Subpart 1 of the Building Act 2004 1 ( the Act
More informationCPA National Accreditation Standards for the ACAF Program and Applied Courses. Effective: May 19, 2017
CPA National Accreditation Standards for the ACAF Program and Applied Courses Effective: May 19, 2017 CPA Canada Advanced Certificate in Accounting and Finance (ACAF) 2017 Chartered Professional Accountants
More informationSmall Entities Audit Manual (SEAM)
Small Entities Audit Manual (SEAM) CPA Australia Ltd ( CPA Australia ) is the largest professional organisation in Australia with more than 132,000 members of the financial, accounting and business profession
More informationMega International Commercial bank (Canada)
Mega International Commercial bank (Canada) Policy and Procedures for Clear Language and Presentation Est. Sep. 12, 2013 I. Purposes: The Mega ICB (C) distributes a limited range of retail banking services,
More informationElders Estates Privacy Notice
15A Bath Street, Ilkeston Derbyshire. DE7 8AH 01159 32 55 23 info@eldersestates.co.uk 31 Market Place, Ripley Derbyshire. DE5 3HA 01773 30 44 44 info@eldersestates.co.uk Elders Estates Privacy Notice Introduction
More informationEXAM PREPARATION GUIDE
When Recognition Matters EXAM PREPARATION GUIDE PECB Certified Management System Auditor www.pecb.com The objective of the PECB Certified Management System Auditor examination is to ensure that the candidates
More informationOffice Properties Income Trust Privacy Notice Last Updated: February 1, 2019
General Office Properties Income Trust Privacy Notice Last Updated: February 1, 2019 Office Properties Income Trust ( OPI ) is committed to your right to privacy and to keeping your personal information
More informationTable of Contents. Preface xvii PART ONE: FOUNDATIONS OF MODERN INTERNAL AUDITING
Table of Contents Preface xvii PART ONE: FOUNDATIONS OF MODERN INTERNAL AUDITING Chapter 1: Significance of Internal Auditing in Enterprises Today: An Update 3 1.1 Internal Auditing History and Background
More informationIIA EXAM - IIA-CGAP. Certified Government Auditing Professional. Buy Full Product.
IIA EXAM - IIA-CGAP Certified Government Auditing Professional Buy Full Product http://www.examskey.com/iia-cgap.html Examskey IIA IIA-CGAP exam demo product is here for you to test the quality of the
More informationContents. Process flow diagrams and other documentation
Process flow diagrams and other documentation Contents 1. Audit lessons 2. Process flows 3. Flowcharts 4. Information produced by entity (IPE) 5. Documentation Topic 1: Audit lessons Audit lessons Teams
More informationFOLLOW-UP REPORT Industrial Control Systems Audit
FOLLOW-UP REPORT Industrial Control Systems Audit February 2017 Office of the Auditor Audit Services Division City and County of Denver Timothy M. O Brien, CPA The Auditor of the City and County of Denver
More informationICAEW REPRESENTATION 68/16
ICAEW REPRESENTATION 68/16 Improving the Structure of the Code of Ethics for Professional Accountants - Phase 1 ICAEW welcomes the opportunity to comment on the Improving the Structure of the Code of Ethics
More informationUpcoming PIPEDA Changes What is changing and what to do about it
Upcoming PIPEDA Changes What is changing and what to do about it Danny Pehar Global Television Cyber Security Expert 02 Danny Pehar Put Text Here This slide is 100% editable. Adapt it to your needs and
More informationCOBIT 5 With COSO 2013
Integrating COBIT 5 With COSO 2013 Stephen Head Senior Manager, IT Risk Advisory Services 1 Our Time This Evening Importance of Governance COBIT 5 Overview COSO Overview Mapping These Frameworks Stakeholder
More informationNOW IS THE TIME. to secure our future
NOW IS THE TIME to secure our future A FRAMEWORK FOR UNITING THE CANADIAN ACCOUNTING PROFESSION VISION FOR THE PROFESSION To be the pre-eminent, internationally recognized Canadian accounting designation
More informationExam Questions IIA-CGAP
Exam Questions IIA-CGAP Certified Government Auditing Professional https://www.2passeasy.com/dumps/iia-cgap/ 1. Help define the role and responsibilities of auditors to internal and external entities.
More informationISACA Cincinnati Chapter March Meeting
ISACA Cincinnati Chapter March Meeting Recent and Proposed Changes to SOC Reports Impacting Service and User Organizations. March 3, 2015 Presenters: Sayontan Basu-Mallick Lori Johnson Agenda SOCR Overview
More informationEXAM PREPARATION GUIDE
When Recognition Matters EXAM PREPARATION GUIDE PECB Certified ISO 9001 Lead Auditor www.pecb.com The objective of the PECB Certified ISO 9001 Lead Auditor examination is to ensure that the candidate possesses
More informationNERC Staff Organization Chart
NERC Staff Organization Chart President and CEO Administrative Associate Director to the Office of the CEO Associate Director, Member Relations and MRC Secretary Senior Vice President and Chief Reliability
More informationMODULE SPECIFICATIONS
S 1. Title of the module Leading Assurance Engagements PRSN7106 2. School or partner institution which will be responsible for management of the module 3. The level of the module (e.g. Level 4, Level 5,
More informationApplication for Certification
Application for Certification Requirements to Become a Certified Information Security Manager To become a Certified Information Security Manager (CISM), an applicant must: 1. Score a passing grade on the
More informationINFORMATION TECHNOLOGY AUDITING GAO AND THE FISCAM AUDIT FRAMEWORK. Ronald E. Franke, CISA, CIA, CFE, CICA. April 30, 2010
INFORMATION TECHNOLOGY AUDITING GAO AND THE FISCAM AUDIT FRAMEWORK Presented by Ronald E. Franke, CISA, CIA, CFE, CICA April 30, 2010 1 Agenda General Accountability Office (GAO) and IT Auditing Federal
More information