The PwC Audit

A Continuous Improvement Approach to Audit Methodology

pwc

Agenda
Governance of PwC Audit Overview of recent evolution of PwC Audit Overview key elements of PwC Audit Acceptance and Continuance Audit Comfort Cycle Substantive Procedures Other Audit Procedures Audit Committee Communications Plan

PricewaterhouseCoopers

PwC Audit Governance

Global Audit Policy Board
Establish global overarching policy principles & goals and ratify policy statements.

Global R&Q
Ensure methodology is consistently implemented by providing feedback on practice issues.

Global Audit Methodology Steering Group

Drive execution of policy in practice through processes, tools, guidance, training content, etc.

Implementation Partner Network

2 PricewaterhouseCoopers

Towards Performance Audit: a continuous improvement program

PwC Audit

PwC Audit

2003:

2002:
2001:
Audit Comfort Cycle Management controls focus Show me and Taking stock Team redeployment Business analysis framework Enhanced audit guides/ practices Scaling up different client situations MyClient integration

Converged approach, enhanced testing guidance Enhanced client communications, transparency focus Application to small companies/ MNCs Better use of specialists and knowledge sources

Time

Historical Financial Statements Opinion

3

Changes in Deliverables
PricewaterhouseCoopers

Changing the Focus of the Audit Model

Key Risk Key Risk

Key Risk Key Risk

Key Risk

Key Risk

Business Risks
4

Audit Risks Identified

PricewaterhouseCoopers

PwC Audit in 2004

Acceptance and Continuance (FRISK)
Audit Comfort Cycle Scoping Understanding Evaluating Validating Substantive Testing Other Audit Procedures Audit Committee Communications Plan

PricewaterhouseCoopers

PwC Audit Approach

Acceptance/Continuance Assessment

Audit Comfort Cycle

No / Limited controls comfort Other audit evidence Mainly tests of details Mainly substantive analytical procedures Significant controls comfort

Other audit procedures Financial statements Completion

PricewaterhouseCoopers

PwC Audit Approach With Attestation

Acceptance/Continuance Assessment
Broader and deeper assessment of COSO controls over financial reporting, including managements evaluation of those controls. e.g., estimates, fraud, tax accrual, more locations.
Report on managements assertions on internal controls over financial reporting

Audit Comfort Cycle

No / Limited controls comfort Other audit evidence Mainly tests of details Mainly substantive analytical procedures Significant controls comfort

Additional procedures deemed necessary to provide independent assurance on financial statements, taking into consideration the internal controls assessment.

Other audit procedures Financial statements Completion

Report on Financial Statements

PricewaterhouseCoopers

Acceptance & Continuance Process

Governance and oversight of management
Past performance Managements expertise and skill Adequacy of management resources Audit relationship

Audit adjustments
Revenue recognition Accounting control Integrity and ethics Management inclination for intentional misstatement in financial reporting Reliability of estimates Incentive for intentional misstatements in financial reporting Risk of insolvency

PricewaterhouseCoopers

Acceptance & Continuance Process

Risk Conditions (13) (defined within Acceptance & Continuance module) Engagement Leader and Team Manager apply professional judgment in describing specific Key Risks that relate to the broader Risk Conditions 1 Key Risks

2 Risk and Approach Schedule

(user defined or selected from Master Data)

The Risk and Approach Schedule is populated by the Key Risks selected and completed by the Engagement Leader and Team Manager

Audit Comfort 3 Matrix

MyClient Client File

PricewaterhouseCoopers

Audit Comfort Cycle

ACCEPTANCE/CONTINUANCE ASSESSMENT

4 Key Questions What does management need to get comfort on? How does management get comfort? Are they entitled to that comfort? Can we audit that comfort?

Market Overview

Strategy

Value Creating Activities

Financial Performance

Audit comfort cycle

SIGNIFICANT CONTROLS COMFORT NO/LIMITED CONTROLS COMFORT

SUBSTANTIVE AUDIT EVIDENCE MAINLY SUBSTANTIVE ANALYTICAL PROCEDURES MAINLY TESTS OF DETAILS

OTHER AUDIT PROCEDURES FINANCIAL STATEMENTS COMPLETION

10

PricewaterhouseCoopers

Audit Comfort Cycle

ACCEPTANCE/CONTINUANCE ASSESSMENT

Market Overview

Strategy

What does management need to get comfort on?

Value Creating Activities

Financial Performance

Audit comfort cycle

SIGNIFICANT CONTROLS COMFORT NO/LIMITED CONTROLS COMFORT

SUBSTANTIVE AUDIT EVIDENCE MAINLY SUBSTANTIVE ANALYTICAL PROCEDURES MAINLY TESTS OF DETAILS

OTHER AUDIT PROCEDURES FINANCIAL STATEMENTS COMPLETION

11

PricewaterhouseCoopers

Scoping: Forming a Point of View

Perform company and industry analytical procedures
Research and analyze external communications Partners connect with staff members Document the teams understanding of the business Knowledge broker to capture and share industry information Form a point of view on the risks that management should be concerned about

12

PricewaterhouseCoopers

Scoping: Business Analysis Framework

13

PricewaterhouseCoopers

Scoping: Risk Assessment Key Risks

Business Risks
Key Risk

Key risks are those conditions or factors within an audit that, in We identify audit risk the judgment the auditor, give through of understanding entitysrisk business rise tothe a greater of material objectives and related financial misstatement or other risks. matters resulting in the issuance of an inappropriate audit report.

Key Risk

Key Risk Key Risk

Key Risk

Audit Risks
14 PricewaterhouseCoopers

Scoping: Analytical Procedures

High Level Understand the business Identify areas of risk
Disaggregated Account Level Determine the nature, timing & extent of testing External benchmarking to peers, market trends Looking for anomalies, areas of risk Use of extensive knowledge management tools available

15

PricewaterhouseCoopers

Scoping Translated into Audit Strategy

Business Objectives

Risks
Stakeholders

Controls

Alignment
Where controls over significant account balances or classes of transaction are not aligned, we will need to perform substantive tests of details.
16 PricewaterhouseCoopers

Scoping: Audit Team of Specialists

Computer-Assisted Audit Techniques Financial Business Risk Project Management Energy Trading Risk Business Resilience Business Process Enterprise-wide Risk

Objectives

Risks
Stakeholders
Performance Improvement

Controls
Data Risk Fraud

Internal Audit
Security Systems & Technology

Regulatory/ Compliance

Alignment
Treasury

Our best teams use our specialist capabilities to help in forming a point of view.
17 PricewaterhouseCoopers

Scoping: Use of Specialists

Policies for the use of Systems and Process Assurance specialists and Fraud Risk & Controls specialists are based around risk attributes
Policies are for consultation with specialists level of involvement remains a decision of engagement leader At a minimum, Required to consider use of specialists at mobilization stage

18

PricewaterhouseCoopers

Audit Comfort Cycle

ACCEPTANCE/CONTINUANCE ASSESSMENT

4 Key Questions What does management need to get comfort on?

Market Overview

Strategy

Value Creating Activities

Financial Performance

How does management get comfort? Are they entitled to that comfort? Can we audit that comfort?

Audit comfort cycle

SIGNIFICANT CONTROLS COMFORT NO/LIMITED CONTROLS COMFORT

SUBSTANTIVE AUDIT EVIDENCE MAINLY SUBSTANTIVE ANALYTICAL PROCEDURES MAINLY TESTS OF DETAILS

OTHER AUDIT PROCEDURES FINANCIAL STATEMENTS COMPLETION

19

PricewaterhouseCoopers

Applying Audit Comfort Cycle from the Top-Down

Organize audit team to align with how management runs the business. Audit controls from the top down
Board Sr Mgmt Department Heads

Extend discussions about business objectives & risk to management controls. Understand & evaluate how management controls risk. Validate controls against engagement teams point of view.

Operations

Transaction Processing

20

PricewaterhouseCoopers

Taking Stock: Real-Time Linkage in the Iterative Process

Share team members cumulative knowledge
Update risk identification and assessment Consider the audit comfort gained to date, by audit assertion Answer: Do we have enough comfort? Answer: What do we do next?

21

PricewaterhouseCoopers

Connecting the Dots

Business Objectives

Business Process A Completeness Accuracy Validity Restricted Access

Account Balances and Transactions

Financial Statement Assertions/ Audit Objectives Classes of Transactions Occurrence Completeness Accuracy Cutoff Classification Account Balances Rights & Obligations Existence Completeness Accuracy/Valuation Presentation & Disclosure Occurrence/R&O Completeness Understandability Accuracy/Valuation

Business Risks related to achieving Objectives

Business Process B Completeness Accuracy Validity Restricted Access

Account Balances and Transactions

Business Process C Completeness Accuracy Validity Restricted Access

Account Balances and Transactions

General Computer Controls

22

PricewaterhouseCoopers

Audit Comfort Matrix

23

PricewaterhouseCoopers

Summary of Comfort

24

PricewaterhouseCoopers

Substantive Audit Evidence

ACCEPTANCE/CONTINUANCE ASSESSMENT

Market Overview

Strategy

Value Creating Activities

Financial Performance

Audit comfort cycle

SIGNIFICANT CONTROLS COMFORT NO/LIMITED CONTROLS COMFORT

SUBSTANTIVE AUDIT EVIDENCE MAINLY SUBSTANTIVE ANALYTICAL PROCEDURES MAINLY TESTS OF DETAILS

OTHER AUDIT PROCEDURES FINANCIAL STATEMENTS COMPLETION

25

PricewaterhouseCoopers

Achieving the Right Balance

No/Limited Controls Comfort Significant Controls Comfort

26

PricewaterhouseCoopers

Assurance Hierarchy
Will we obtain audit assurance from tests of controls?

Yes No
Test controls.

Can we obtain audit assurance from substantive analytical procedures?

Yes No
Perform substantive analytical procedures.

Do we need additional audit assurance?

Yes
Perform tests of details.
27

No
No further testing required.
PricewaterhouseCoopers

Other Audit Procedures

ACCEPTANCE/CONTINUANCE ASSESSMENT

Market Overview

Strategy

Value Creating Activities

Financial Performance

Audit comfort cycle

SIGNIFICANT CONTROLS COMFORT NO/LIMITED CONTROLS COMFORT

SUBSTANTIVE AUDIT EVIDENCE MAINLY SUBSTANTIVE ANALYTICAL PROCEDURES MAINLY TESTS OF DETAILS

OTHER AUDIT PROCEDURES FINANCIAL STATEMENTS COMPLETION

28

PricewaterhouseCoopers

Other Audit Procedures: More Connecting the Dots

Link management information to financial statements
Review adjustments necessary to reconcile management information to the financial statements Review non-standard journal entries and other adjustments to ascertain whether entries may be indicative of fraud based upon the risk of management override on controls

Perform ongoing analytical procedures, including updating analytical procedures related to revenue

29

PricewaterhouseCoopers

Audit Committee Communications Framework: Objectives

Promote effective and candid communications

Enhance timely reporting, dialogue and sharing views Service approach Risk and Control Financial Reporting Governance

Provide consistency in our deliverables through recommended templates and practice aids
30 PricewaterhouseCoopers

Audit Committee Communications Plan

Getting started Understanding the audit Staying informed Resolution and completion

[Indicate timing]

[Indicate timing]
Our audit plan

[Indicate timing]

[Indicate timing]

Service approach

PwC principles and practices Communications plan

Engagement letter and independence confirmation

Reporting timetable Business unit scope Engagement team Other deliverables

Risk analysis

Risk and control

Risk condition alert

Perspectives on fraud risk

Internal control and business issues report

Update on accounting/audit issues and risk analysis

Other regulatory requirements plan

Reporting requirements

Financial reporting

Quarterly review

Quarterly review

Quarterly review
Best practices in corporate reporting

Internal control deficiencies Accounting policies Management judgments Quality of earnings Independence Transparency Audit opinion

Transparency of corporate reporting

Governance

Corporate governance: roles and practices

Assessing our performance and yours

Ongoing assessment of needs & expectations

31

PricewaterhouseCoopers

The PwC Audit

Global approach adaptable to all clients
Designed for continuous improvement Performance metrics will play a larger role in future audits Audit quality is at the core of our long term business objectives.

32

PricewaterhouseCoopers

pwc