o Sarbanes-Oxley applies to publicly traded companies. SOX created the
PCAOB to increase the independence of auditors. Most provisions are aimed at solving specific deficiencies in: Audit practice * Corporate governance * Capital markets o Partner in charge rotation: 5 years on and 5 years of o Other partners are rotated on a 7-2-7 basis o Auditors face a 1 year cooling of period before accepting employment with a former audit client. o SEC 404: the internal controls that are in place are audited by the external auditors as well as the financial statements o SOX requires that public companies have an audit committee composed entirely of independent directors and have at least one financial expert (SEC 407) Clarity standards: (new audit report) o See print out Audit opinions: o Unqualified opinion: independent auditors judgment that a companys financial records and statements are fairly and appropriately presented and in accordance with GAAP. The most common opinion given. Now called an unmodified opinion o Qualified opinion: the information provided was limited in scope and the company has not presented their financial records in accordance with GAAP. o Adverse opinion: opinion that the companys financial statements are misrepresented, misstated, and do not reflect the companys financial performance and health. o Disclaimer of opinion: issued when the auditor is not independent or when there is a limitation on scope imposed by the client so the auditor is unable to obtain evidence to supply an appropriate opinion. New client acceptance: o Talk with the previous auditor of that company o Identify the clients reason for needing the audit (going public, want to sell the company) o Send out an engagement letter to the potential client o Develop an audit strategy (depends on the business and industry) o Select the right staf to meet GAAS o See if outside specialists are needed (people who know the business or industry) Audit risk: o Refers to the risk that an auditor may issue an unmodified (unqualified) report due to the auditors failure to detect material misstatements either due to error or fraud. o There are two types of audit risk:
Acceptable audit risk: is a measure of how willing the auditor is
to accept that the financial statements may be materially misstated after the audit is complete and an unmodified opinion has been issued. Inherent risk: is a measure of the auditors assessment of the likelihood that there are material misstatements in an account balance before considering the efectiveness of internal control. o Assessing risk is important to help determine the amount of evidence needed to be accumulated. Analytical procedures: o Defined as evaluations of financial information made by a study of plausible relationships among financial and nonfinancial data. o Performed at any 3 times during an engagement: In the planning phase To determine the nature, extent, and timing of audit procedures During the testing phase Substantive test in support of account balances During the completion phase Final review of audited financial statements (senior partner) o 5 types of analytical procedures: Industry data Similar prior-period data Client-determined expected results Auditor-determined expected results Expected results using nonfinancial data Testing of controls: o 4 types of testing: Make inquiries of appropriate client personnel Examine documents, records, and reports Observe control-related activities Reperform client procedures Work papers: o Bank reconciliation