Professional skepticism and internal control over financial reporting are two key areas for auditors that have attracted the focus of regulators in recent years.
These areas are among those addressed in one of two risk alerts published Monday by the Center for Audit Quality (CAQ), which is affiliated with the AICPA.
In Select Auditing Considerations for the 2015 Audit Cycle, the CAQ identifies and discusses some of the areas of significant judgment and complexity for firms. Many of these areas also are included in a PCAOB Staff Inspection Brief published earlier this month.
The CAQ also has issued a companion alert, Select Considerations for the 2015 Audit Cycle for Brokers and Dealers, in light of another recent PCAOB Staff Inspection Brief.
The first risk alert covers the following areas and offers the following guidance:
Professional skepticism. A questioning mind and a critical assessment of the appropriateness and sufficiency of audit evidence are essential for performing a quality audit with due professional care.
Internal control over financial reporting (ICFR). Risks can be minimized in this area by selecting appropriate controls to test, evaluating whether those controls adequately address the risks, and testing the operating effectiveness of those controls.
Risk assessment and audit planning. Procedures for assessing risk should be performed during audit planning and should continue throughout the audit. They are most effective when there is timely participation by the engagement partner and review by the engagement quality review partner.
Supervision of other auditors and multi-location audit engagements. The engagement partner has the responsibility to supervise the work of all engagement team members so that the work is performed as directed and supports the conclusions reached. The auditor is required to assess the risks of material misstatement to the consolidated financial statements associated with the location or business unit and correlate the amount of auditing attention devoted to the location or business unit with the degree of the risk of material misstatement.
Testing issuer-prepared data and reports. When using information produced by the company as audit evidence, the auditor should evaluate whether information obtained is both sufficient and appropriate for purposes of the audit.
Cybersecurity. The financial statement and ICFR audit responsibilities do not encompass an evaluation of cybersecurity risk across a company’s entire IT platform.
Revenue recognition. Although the new accounting standard for revenue recognition has not yet taken effect, the auditor should evaluate management’s required disclosure of the impact the new standard is likely to have on the financial statements, including evaluating the form, arrangement, and content of the disclosure.
Auditing accounting estimates, including fair value measurements. The auditor is responsible for evaluating how accounting estimates have been developed; assessing the reasonableness of accounting estimates made by management in the circumstances; and assessing whether they are presented in conformity with applicable accounting principles and are appropriately disclosed.
Related parties and significant unusual transactions. Performance requirements recently have been enhanced in three key areas: related party transactions; significant unusual transactions; and a company’s financial relationships and transactions with its executive officers.
The CAQ member alerts highlight certain areas for consideration, but are not intended to be relied upon as definitive or all-inclusive, and should be read in conjunction with the applicable rules, standards, and guidance in their entirety, according to the CAQ.
—Ken Tysiac (firstname.lastname@example.org) is a JofA editorial director.