Question

1.  Describe a) what you believe to be the most important COSO component; and b)why. (If for some reason your mind has taken a nap, see question #2 which identifies all 5).

2.  Accountants utilize the body of knowledge called GAAP in the performance of their duties partly to ensure comparability and consistency in the preparation of accounting records / financial statements. Auditors on the other hand perform their responsibilities following GAAS as defined within the AICPA SASs or PCAOB Auditing Standards. What does this use ensure?

3. Compare (similarities) OR contrast (differences) between the AICPA SASs & the PCAOB Auditing Standards.

4. In performing & conducting audit tests, what is the difference between tests of compliance versus substantive testing?

Answer 1

Q1. The Committee of Sponsoring Organizations of the Treadway Commission (COSO) developed a model for evaluating internal controls. In an effective internal control system, the following five components work to support the achievement of an entity’s mission, strategies and related business objectives:

1. Control Environment

• Exercise integrity and ethical values.
• Make a commitment to competence.
• Use the board of directors and audit committee.
• Facilitate management’s philosophy and operating style.
• Create organizational structure.
• Issue assignment of authority and responsibility.
• Utilize human resources policies and procedures.

1. Risk Assessment

• Create companywide objectives.
• Incorporate process-level objectives.
• Perform risk identification and analysis.
• Manage change.

1. Control Activities

• Follow policies and procedures.
• Improve security (application and network).
• Conduct application change management.
• Plan business continuity/backups.
• Perform outsourcing.

1. Information and Communication

• Measure quality of information.
• Measure effectiveness of communication.

1. Monitoring

• Perform ongoing monitoring.
• Conduct separate evaluations.
• Report deficiencies.

Q3. AICPA

By far the older of the two, AICPA was founded in the 1940s to help auditors better perform their tasks, the more modern set of their self-regulatory audit standards taking root in the 1970s. The group has a diverse set of responsibilities that range in everything from preparing and grading the CPA examination and public financial education programs to -- the topic du jour -- setting audit standards for every size of company along with non-profits and government entities.

If you’re saying to yourself that those varied tasks seem like an awful lot for a single organization to handle, you’re right. You’d also be correct in surmising that an AICPA audit, given its auditor-friendly roots, has a distinctly less stringent focus. Simply put, it’s an audit opinion that concentrates on providing assurances to stakeholders that an organization’s financial statements are accurate, reliable, and free of material misstatements. Therefore, while the concurring partner is still meant to bolster the integrity of the process, their review is much lighter and non-evasive. An AICPA audit has a comparatively longer timeline and substantially lower in risk, where the PCAOB has absolutely no jurisdiction over the process.

PCAOB

If an AICPA audit is the kinder, gentler side of the audit coin, then a PCAOB audit is the more intense and scrutinizing one. In fact, its very name and founding speak volumes -- the Public Company Accounting Oversight Board, founded in 2002 as a part of Sarbanes-Oxley. PCAOB was formed in direct response to the many accounting scandals from that era that, collectively, shook investor confidence and broke the public’s trust in many publicly traded companies. Given the dynamic nature of industry, PCAOB adopts a forward-looking perspective to keep pace with changes in the financial environment, helping to ensure ongoing investor protection.

Therefore, the focus of a PCAOB audit has a distinct bent towards a company’s stakeholders and providing the investing public with clarity, accuracy, and accountability. As such, a PCAOB audit will have two opinions, one for financial statements and the other, ICFR, regarding your control environment and effectiveness. The auditor will typically have a lower materiality threshold due to the public nature of the company and the involved risk. This corresponds with a lower scoping materiality as well.