Introduction

Enron and other corporate scandals resulted in the demise of
Andersen and passage of the Sarbanes-Oxley Act

The Act establishes the Public Company Accounting Oversight
Board (PCAOB) to provide oversight of auditors of public
companies, including establishing auditing and quality control
standards

Other changes to the profession include new fraud guidance in
SAS No. 99, and the change to a computer-based CPA exam in
April 2004
Disposition of Consulting Units

The Big 5 firms began disposing of their consulting
practices well before Sarbanes-Oxley, partially to address
independence concerns





Andersen Consulting separated from Andersen in Aug. 2000, went
public, and was renamed Accenture
Deloitte Consulting terminated plans to separate from Deloitte &
Touche due to market conditions
Ernst & Young consulting sold to Cap Gemini in Feb. 2000
KPMG Consulting went public in Feb. 2001, and was renamed
BearingPoint
PwC sold its consulting practice to IBM for $3.5 billion in July 2002
Data for Largest CPA Firms
Fiscal Year 2002
Rank Firm
1
2
3
4
Deloitte & Touche
PwC
Ernst & Young
KPMG
Revenue (2)
$ million
5,933
5,174
4,515
3,400
Prof. (2)
Staff
19,835
29,787
15,078
11,000
(a)
Revenue %
A&A Tax MAS Other
36
58
59
44
21
30
38
36
34
9
0
20
(a) Does not reflect sale of consulting practice
Fiscal Year 2000
Rank Firm
1
2
3
4
5
PwC
Deloitte & Touche
KPMG
Ernst & Young
Andersen
Source: Accounting Today
Revenue (2)
$ million
8,878
5,838
5,400
4,270
3,600
Prof. (2)
Staff
34,151
20,658
19,000
13,653
17,600
Revenue %
A&A Tax MAS
33
31
35
57
45
17
19
22
38
30
50
50
43
5
25
9
3
3
0
Public Company Accounting Oversight
Board

Key responsibilities of the PCAOB include:




Registering public accounting firms that audit public company
financial statements
Establishing or adopting auditing, quality control, ethics and
independence standards related to audits of public companies
Conducting inspections of registered audit firms
Conducting investigations and disciplinary proceedings related to
registered accounting firms
Audit Report on Internal Control

Auditor must report on management’s
assessment of internal control



Report is as of the end of the company’s fiscal
year
Auditor’s report date same as date of auditor’s
report on financial statements
Auditor’s report on internal control can be
combined with financial statement audit
report or issued separately
Prohibited Non-audit Services
The Act prohibits the following services, most of which were previously
prohibited by the SEC’s rule on auditor independence:
1.
Bookkeeping or other services
related to the accounting records
or financial statements
2.
Financial information systems
design and implementation
3.
Appraisal or valuation services,
fairness opinions, or
contribution-in-kind reports
4.
Actuarial services
5.
Internal audit outsourcing
services
6.
Management or human
resources functions
7.
Broker or dealer, investment
adviser, or investment banking
services
8.
Legal and expert services
unrelated to the audit
9.
Any other service that the Public
Company Accounting Oversight
Board (Board) determines, by
regulation, is impermissible
Additional Independence Provisions

Audit committee must pre-approve all audit and non-audit
services

Lead audit and review partners must rotate off the audit after
five years

One-year employment “cooling off” period – The audit firm
cannot audit a client if its CEO, CFO, chief accounting
officer, or person in a similar capacity participated in the
audit during the one-year period prior to the initiation of the
audit
Management Certification

CEO and CFO must certify the annual and quarterly
financial statements






Management has reviewed the statements
The statements contain no untrue material facts or omit a
material fact
Based on management’s knowledge, the statements are fairly
presented
Management has evaluated the effectiveness of disclosure
controls with 90 days of filing the report
Management has disclosed any deficiencies in internal control
or fraud to the auditor and audit committee
Management has indicated any significant changes in internal
controls subsequent to management’s evaluation
Audit Documentation

Mandatory retention of audit documentation in sufficient detail
to support the auditor’s conclusions for a period of seven years

Knowing and willful destruction of audit documentation is a
criminal offense subject to fines and imprisonment

Documents generally excluded include:




Superseded drafts of memos and other records
Previous copies of working papers corrected for errors
Duplicates of documents
Voice-mail messages
Client Acceptance

SEC final rules make the audit committee “the client”



Audit committee is responsible for auditor appointment,
compensation, and oversight, including pre-approval of all audit and
non-audit services
Audit committee responsible for resolution of any disagreements
between the auditor and management over financial reporting
Auditors are required to report the following matters to the
audit committee:



All critical accounting policies and practices used by management
All material alternative accounting treatments of financial information
within GAAP that have been discussed with management
Other material written communications between the accounting firm
and management
Differences in Scope of Controls Tested in an Audit of
Internal Control and an Audit of Financial Statements
Internal Controls Over Financial Reporting
Internal Controls Used to Assess Control
Risk Below Maximum
Controls that must be tested in an
audit of internal controls
Controls that must be tested in an audit
of financial statements
Audit Committee Financial “Expert”





Understands GAAP and financial statements
Has the ability to assess the application of principles
for estimates, accruals, and reserves
Experience preparing, auditing, or evaluating
financial statements similar in complexity to the
company’s financial statements
Understands internal controls and procedures for
financial reporting
Understands audit committee functions
New Fraud Standard - SAS No. 99

New “brainstorming” meeting among audit engagement team
about fraud risks and discussion about professional skepticism

Broader set of information gathered to assess fraud risks

Focus on the “fraud triangle”

Expand auditor responses to fraud risks

Mandate procedures in all audits to address ever-present risk of
management override
The “Fraud Triangle”
Opportunities
Weak Board of Directors
Weak Internal Controls
Incentives/Pressures
Tight Debt Covenants
Unrealistic Analyst Expectations
Attitudes/Rationalizations
Lack of a Code of Conduct
Disregard for Financial Reporting
Information to Assess Fraud Risks
Analytical
Brainstorming
Inquiries
Procedures
Fraud Risk
Factors
Identified Fraud Risks
Other Information
Procedures to Address Risk of
Management Override of Controls



Examine journal entries and other adjustments
for evidence of possible misstatements due to
fraud
Review accounting estimates for bias
Evaluate business rationale for significant
unusual transactions
Auditor’s Risk Assessment and Risk
Response Processes

In December 2002 the ASB issued an exposure draft of
several new standards relating to risk assessment

Significant proposed changes include:






Auditors must obtain an in-depth understanding of an entity and its
environment
Auditors must assess risk of material misstatements at the financial
statement level and assertion level
Eliminates “default to maximum” for control risk
Strengthens link between risks and auditor’s response to those risks
Strengthens guidance for testing disclosure
Expands documentation requirements
Proposed Changes Related to
Reliance on Controls





Tests of controls are encouraged by eliminating the default to
“maximum risk”
If the auditor plans to rely on controls that have not changed,
their operating effectiveness must be tested at least every
third audit
If the auditor plans to rely on controls to mitigate a significant
risk, all evidence about the operating effectiveness of the
controls must be from tests of controls performed in the
current period
For significant risks, the auditor is require to perform
substantive tests
Greater emphasis is placed on testing disclosures
Computerization of CPA Exam

Significant changes to the CPA exam include:

A shortened exam from 15 ½ hours to 14 hours

Exam content will change:
 Multiple choice questions will comprise approximately 80% of the
exam
 Case study simulations will comprise the other 20%

Case study simulations will contain research activities which will
require candidates to use electronic databases and authoritative
literature to answer various questions. Candidates will also need to be
familiar with spreadsheets and word processing software.
CPA Exam Length
Time Breakdowns by Section for Revised Uniform CPA Examination
Examination
Length
(hours)
14
Auditing &
Attestation
Financial
Accounting
& Reporting
Regulation
Business
Environment
& Concepts
4.5
4
3
2.5
Computerization of CPA Exam

Other significant changes to the exam:

Candidates will be allowed to take the exam at any time during four
exam windows each year (each exam window lasts three months)

Candidates may retain credit for a passed section of the exam for a
period of 18 months beginning on the date the first section passed is
taken

Candidates may sit for each section of the exam individually and in any
order
Exam Content Transition
Paper-and-Pencil
Examination Section
Computer-Based
Examination Section
Auditing
Auditing & Attestation
Financial Accounting & Reporting
(FARE)
Financial Accounting &
Reporting
Accounting & Reporting (ARE)
Regulation
Business Law & Professional
Responsibilities (LPR)
Business Environment
& Concepts