Скачать презентацию AUDIT 2015 Lectures Summer semester 2015 regularly Tuesday
TH_Auditing_2015.pptx
- Количество слайдов: 160
AUDIT 2015 Lectures: Summer semester 2015 regularly Tuesday, 15: 45 – 17: 15 Dipl. Ing. Tomáš HLÁDEK tomas@hladek. cz
Lecturer • Today - Senior Executive Manager of the Czech Banking Association + ext. cooperation with the VŠFS • Formerly: Czech National Bank • Education, Experience • Czech Technical University, Computer Science • Banking, central banking • Payment and settlement systems, ICT projects • Financial sector supervision, auditing… 2
Word origins, explanations • Where the word „AUDIT“ comes from? • Very probably Latin • Audire => listening • Auditus => hearing • Interpretation dictionary of foreign words • revision of accounting books, • control of reported assets and liabilities of an accounting unit • Verification of a status of something 3
Definition • Usual definition If we take it generally then audit is an instrument by which one person assures another person about a quality, conditions or status of a given reality, of a fact, which was examined by the second person. A need for such activity is stemming from the first person‘s doubts, uncertainties with regard to quality, conditions or status of the given reality and from the fact that person cannot remove that uncertainty by its own capacity 4
Players, subjects • 1 st person – interested in quality and correctness • 2 nd person – realizing examination of given reality, facts • Subject of examinations • Very often status of financial statements or final accounts at the end of a given period • Many different facts 5
Another definitions • Audit is a systematical process of the objective gaining and evaluation of evidences regarding information on economic activities and events with the aim to find out level of compliance between reviewed information and given criteria and to inform about reached results those who are interested in these outcomes. • Audit is by its origin a critical analysis of the information with accounting characteristics, which is run by an independent expert, with the aim to express well-founded opinion on financial statements. 6
Another definitions • Audit is a systematical and independent examination, which has an aim to determine, if activities in a given area and results connected to them are in an accord with planned intentions, if these plans are realized effectively and if they are suitable to reach set up targets. 7
Functions & goals • Basic aim - to increase credibility of an inspected activity, function or area • Secondary aim – certain type of prevention. A way how to forestall any chance for origination of errors, mistakes or even frauds • Important: a statement of an independent person => auditor could not mean absolute correctness of the e. g. accounting of the audited company 8
Auditor • An independent person • Should be an expert with theoretical and practical knowledge in the auditor‘s profession • Should be an expert in the audited area • It means very often that ha/she should be an expert in • Accounting • Tax and other relevant legislation • IT systems and technologies 9
Audit Companies • Auditors very often unify in so called audit firms, audit companies • Such companies offer to their clients not only audit function but a set of other services like • Accounting • Advisory, technical assistance • Tax optimizations • Do you know some of them? 10
Audit Companies • International „Big Four“ • • • Pricewaterhouse. Coopers (Pw. C, New York) Ernst & Young (EY, Londýn) KPMG (Amstelveen, Holandsko) Deloitte (Deloitte, New York) • Till 2002 „Big Five“, but Arthur Andersen… 11
Audit Companies • Czech market • All international audit companies • + if you ask google. cz for „Czech audit companies“ you will get more then 300 offers • Czech Chamber of Auditors (www. kacr. cz) 12
Ancient history • Certain type of audit exists as long as accounting • Mesopotamia – 3. 500 BC - check-signs on clay tablets • Egypt – all transactions have to be reported by 2 independent clerks • Rome - 300 BC – questors - 2 clerks who have to control economy and transactions in all provinces => hearing in front of rulers (2 reading together, one loudly, the second one quietly, but the result had to be the same…) 13
Medieval history • Charles the Great – missi dominici – high commissioners – control of province administrators, governors • France – regular annual public „reading“ of accounts • England (Edward I. ) – Parliament issued a document, by which the barons were allowed to choose „listeners“ who had to verify correctness of accounting (there activity was finalized by an „audit report“ in which they mentioned a word „probatur“ (evidence, certified) 14
Modern history • Beginning of the 19 th century together with technical, economical and social changes • Industrial revolution, industrialization • Larger enterprises, concentration • New type of companies: joint stock companies • Investors were not any more managers • They found out that their goals could be different than the goals of management 15
Modern history – cont. • Information on their company were reported to owners by the management • The owners wanted to have an independent review of the fact that given information really reflects real status • This type of uncertainty caused a need for invested capital protection • Another reason for independent control – increase of accounting information volumes – but the owners were often not accounting experts 16
Origins of audit • Results? • A need to assign a person/s with specific knowledge (accounting) who would have to review information correctness: AUDITOR • Changes of legislation: new Companies Act (Great Britain, 1844) 17
Origins of audit Economical growth Needs for investments Capital concentration New legal form of business Need for specific protection of owners 18
British history • The oldest piece of legislation: Companies Act, 1844 • Clause that one (or more) shareholder(s) has/have to review balance sheet of the company which is prepared by its executive director • Shareholders had the right • To look into the general ledger, to review company‘s accounts • To ask management, employees, clerks questions • Balance sheets + accompanying audit reports deposited 19 into „Joint-stock Companies Register“
British history – cont. • Positive • New rights given by the legislation • Negative • Shareholders were often no accounting experts (such requirement was missing in the Act) • Reviewing shareholder(s) was/were not independent, they had their own interests 20
Companies Act 1856 • Similar to the previous one • An auditor could be also from outside world • Accounting statements had to be review and proved during a general meeting of shareholders • Audit was still not mandatory • External audit had to be done if requested by petition signed by 1/5 of shareholders 21
Companies Act 1900 • For the first time mandatory audit of the companies‘ balance sheets and financial statements • Still not a must for an auditor to be a professional accountant • But had to be totally independent • Till that time principle „truth and correctness“ (stress was put mainly on revelation of errors, incorrectness, frauds) 22
Companies Act 1948 • Important milestone • Mandatory annual reporting (management to shareholders, balance sheet + profit and lost report) • Public information on accountant policy issues (for potential investors) • Mandatory consolidated financial statement for those companies which had controlling share in other ones • So complicated that only professionals allowed • “Truth and correctness“ => newly “truth and fair“ 23
Companies Act – latest developments • Basic concept valid in GB till today • Statements of Standards Accounting Practice (1971) • Auditors have to review if: • Accounting and statements are in accordance with international accounting standards, generally accepted accounting standards, and legislation • If any divergence => has to be determined and explained the reason why it help to serve better than standards • Amendments 1976, 1980, 1982, 1985, 2006 – fine tunings and more detailed clauses (auditor appointment & removal) 24
U. S. A. • Influenced by the Great Britain example • Main reason for audit existence the same: to protect the owners and their possession • Legislation in the 19 th century was missing, nevertheless British concept was taken as a standard 25
U. S. A. – 1917 - 1929 • FED (Federal Reserve System) - a standard “Uniform Accounts“ prepared by the American Institute of Accountants • Support of uniform accounting • Rules for balance sheet review (audit) • Revisions in 1918, 1929 • 1929 - „Financial Statements Verification“ • Formerly only financial liquidity was important for the market, later balance sheet + profit&lost statements, too 26
U. S. A. – 1936 • 1929 - Collapse of the New York Stock Exchange => further economic indicators started to be important, like operating performance or net profit • Long discussions about the reasons which caused the crisis • Establishment of the Stock Exchange Commission (1934) • Basic task: to set up methodology and rules for financial statements of companies traded on the NYSE market • Another amendment of the Bulletin (1936) – not only separate transactions have to be analyzed, but accounting must be 27 reviewed or proved as a system
U. S. A. – modern history • Second half of 20 th century – influenced by increasing, globalization, financial links and merges, increase number and volumes of market transactions, influence of IT, etc. • Importance of audit was higher and higher (necessity to confirm truth and fair status of all relevant data important for investors or potential investors • Number of scandals => did not help to increase confidence into audit 28
U. S. A. – important institutions • American Institute of Certified Public Accountants (AICPA; since 1887, 300. 000 members) • Research, publications, education • Members: unified tests and exams, practice needed • Certified Public Accountants • Securities and Exchange Commission (SEC; 1934) 29
U. S. A. – newest legislation • Sarbanes-Oxley Act (2002; Public Company Accounting Reform and Investor Protection Act or Corporate and Auditing Accountability and Responsibility Act) • Reaction to a number of major corporate and accounting scandals (Enron, Tyco Int. , World. Com, etc. ). These scandals, which cost investors billions of dollars when the share prices of affected companies collapsed, shook public confidence in the US securities markets • The act contains 11 sections, ranging from additional corporate board responsibilities to criminal penalties, and requires the SEC to implement rulings on requirements to 30 comply with the law
Czech Republic - history • Better Czechoslovakia … 1918 • Different associations • Syndicate of Accounting Experts and Revidents • Association of Accounting Experts and Balancesheet Auditors • Verband der Deutschen Buchsachverständigen und Bücherrevisoren • All of them wanted to edify inspections and audits, enact audit by law (which was not the case) 31
Czechoslovakia - history • 1924 - first draft of law • 1929 – first Parliament hearing => not the best timing… • Therefore long discussions, number of comments, objections • 1939 – World War Two… all attempts have gone… • 1948 – another milestone in the Czech history, not very convenient time for any development of anything what could be called audit… • In 60‘s attempts to renew effectiveness of economy management => also in the area of accounting and audit 32
Czechoslovakia – 60‘s • 1966 -68 – draft of the new legislation • Independent „authorized balance sheet auditors“ defined • Should evaluate economical results of enterprises • Exams, appointment issues, even remuneration • Then August 1968 came… together with occupation 33
Czechoslovakia – 70‘s • Nevertheless certain type of audit existed even in socialist era when all production resources were owned by the state and the economy was centrally planned: “Regulation No. 88/1972 Col. , on check out and approval of final accounting statements“ • Duty to run review of all financial statements in all economical units • Definitions of audited subjects and issues • Definitions of rules for final evaluation (approved wit/without reservation) • Valid till the end of 1989 34
Czechoslovakia – 1989 • Regulation No. 63/1989 Coll, on auditors and their activities • For the 1 st time auditor defined, his/her duties, rights • Requirements (age 35+, CSFR citizenship, uni degree in economy or law, 10 years of practice, clean record, Federal Finance Ministry commission exams) • Mandatory audit of final accounting statements • Allowed for the 1 st time foundation of audit companies • Those also had to be registered by the FMF, at least 2 examined auditors had to be employed by them 35
Finally Czech Republic • Still not: 1991 – New Commercial Act (513/1991 Coll. ) • § 39 – mandatory audit for all joint-stock companies, trading companies and co-operatives, banks and insurance companies had to be audited, too • All relevant documents and records had to be made accessible to auditors • Audit costs: paid by audited unit • + Special act No. 563/1991 Coll. , on accounting (more detailed conditions for audit duty (turnovers, net assets) 36
Finally Czech Republic • Act No. 524/1992 Coll. – on auditors and Chamber of auditors of the Czech Republic • Respects all economic and political changes • A norm for all audit activities, number of new definitions • Later amended by acts No. • 63/1996 Coll. • 254/2000 Coll. (EU membership was the main reason) • 93/2009 Coll. (EU Directive 2006/43/ES implemented) 37
Legislative Process in the CR • Types of legislative instruments • Constitution (Act No. 1/1993 Coll. ) • Codes (Civil Code, Commercial Code, Labor Code) • Acts • Regulations • Governmental regulation • Official Statement (e. g. Mo. F) 38
Constitution • Describes the political system in the country • Declaration of human rights and freedom is an integral part • Describes Lower and Upper Chamber of Parliament • Rules for general elections • Functions of the President • Functions of the Government and other central institutions 39
Codes, Acts • Codes – acts as well, but the most important • Important change – new Civil Code adopted by the Parliament 2 years ago, valid form Jan 2014 • Left „socialist“ approach, based on the former Civil Code • Acts are possible to be taken as basic norms, rules for behavior of institutions, companies, individual • For institutions: What is not explicitly allowed is forbidden • For individuals: What is not explicitly forbidden is allowed 40
Regulations • Legal authorization for their preparation and publication is needed • More detailed description of certain standards, rules, procedures • Simplified legislative process 41
Legislative Process • Who is involved • Experts and lawyers of different institutions • Legal Advisory Board of the Government (Legislativní rada vlády, LRV) • Permanent Legal Advisory Board Expert Committees (stálé pracovní komise LRV) • Lower Chamber of the Parliament • Upper Chamber of the Parliament • President 42
Legislative Process in the EU • Maastricht Treaty (Feb 1992, valid from 1993) • „Updates“ • Amsterdam (1997, resp. 1999) • Nice (2001, resp. 2003) • Lisbon (2007, resp. 2009) • Directives • Regulations 43
Legislative Process in the EU • Who is involved • Experts in the Member States • Different working groups of experts • Diplomats • European Commission • European Council • European Parliament 44
Control, controlling • What is control? • Set of activities, which serve as a certain feedback on work of their subordinates • Used by all types and levels of managers • The feedback gives to these managers objective picture of the existing reality => they can CONTROL fulfilling of planned goals or progress in realization of their decisions • Substance: critical evaluation of the existing situation • Next steps: control conclusions, even penalties, if needed 45
Control tasks • Detection of divergences or differences between the existing and desired, requested status • Revelation and reasons for these divergences • Determination of responsibilities (who caused what) • Managers have to take preventive or necessary measures • Monitoring of these preventive measures 46
Types of divergences • Positive x negative • Both are bad • Negative: somebody doesn‘t fulfill his duties • Positive: wrong planning of goals 47
Control Standards • 1980‘s in the U. S. A. • Cohen‘s Committee, Minahan‘s Commission • Concept of control was not unified • Result: some standards in several areas • Environment for the internal control • Risk analysis processes, which serve for identification and evaluation of risks • Selection of appropriate practice and procedures of the internal control (have to neutralize risk identified in 2) • Monitoring process (effectiveness evaluation) 48
COSO • Committee of Sponsoring Organizations (1985) • Its „Control Definition“ • Process run by any board of directors, supervisory board, or another level of management, focused on providing reasonable certainty connected with set up targets in following categories: a) Effectiveness and efficiency of operations b) Trustworthiness, reliability of financial reports c) Norms and act observance d) Strategic goals of the enterprise 49
COSO • Widely accepted philosophy • Foundations • Control environment • Risk evaluation • Control activities • Information and communication • Monitoring 50
Two control categories • Internal control • Totally internal business • Run by managers or authorized experts • Types of internal control • Prevention • Input • Continuous • Output • Feedback, conclusions, suggestions for new arrangements 51
Czech Legislation • Act No. 552/1991 Coll. , on state control (8 x revised, last revision in 2009) • Specifies those who are allowed for control activities • Specifies those who are not allowed for control activities (partiality, conflict of interests) • Not binding for courts, state attorney‘s office, state notary, armed forces, police with respect to their main rules – but their financial management is possible to reviewed 52
Inspectors‘ Rights and Duties • They can • Entry buildings, offices if it is in connection with the control • Require original documents, all needed information • Even classified, secret information (qualification, screening needed…) • If any document is provided, overtaken, it has to be confirmed • Set up terms and conditions, require a written report in which removal of findings have to be described • In cases given by the law penalties could be imposed 53
Inspectors‘ Rights and Duties • They have to • Announce a beginning of any control to inspected person, • Be correct, describe real status, prove their finding by evidences • Spare rights of controlled persons • Return documents to their owners in the moment the reason for their takeover ceased • Protect all original documents (not to loose them, or even damage, or misuse) • Prepare a protocol describing control results • Maintain confidentiality/secrecy 54
Conclusions • We cannot imagine any activity without a proper control • Internal control • For whom it serves – managers‘ instrument • Types • External control • Often an instrument for regulation – state‘s instrument • Control of economic activities (especially those which use public resources of the state budget) 55
Objections • Controlled person(s) could express their objections in a written form • Decision • Controller could decide if he/she accepts fully objections (7 days) • If not then it is in hands of a manager of controlling institution (if there is no other legal condition) • Administrative proceedings • Have to be opened in 3 months • Sanctions… 56
Audit • A process which quantifies effectiveness and usefulness of planned and later realized operations • Impartial, objective assessment, verification of a certain reality, function, product, process • Number of definitions • Czech Auditors Chamber • Generally audit is an instrument by which one person assures another person about a quality, conditions or status of a given reality, of a fact, which was examined by the second person. A need for such activity is stemming from the first person‘s doubts, uncertainties with regard to quality, conditions or status of the given reality and from the fact that person cannot remove that uncertainty by its own capacity 57
Audit vers Control • Differences not always given by a technology of controlling or certification, that could be similar • The most important - function • Audit investigates not only divergences from specific norms and rules, but even these norms and rules and tolerances for which they allow – and could suggests their amendments • Another difference – area of sanctions • Control – financial sanctions are a standard • Audit – indirect punishment (audit report is published…) 58
Internal Audit • Often accepts working methods of external audit • Differences • Position, status • Scope of activities • Permanent activity • Reports: more detailed, internal usage only • Audit report has to be discussed with those who are audited, they should sign it (if not, it is reported) • For whom: board of directors, supervisory board, general manager, audit committee, general meeting, … 59
External Audit • Done by audit companies or certified auditors • Could not be run by internal company resources • Most important – final Audit Report • Normally quite short (1 page) • Could be in a form of certificate which is used for special purposes • Correctly maintained accounting • Quality certificates (processes according ISO 9001) 60
External Audit • Most important – final Audit Report • Without reservations • With reservations • Negative assessment • Statement denial • Public, important especially for those who are actively traded on stock exchanges • Example – banks… 61
Reports of External Audit • Audit Report • Management Letter • Another important document • Detailed description of different findings (if any) • Given not only to management but, of course, to the internal audit which uses it for its further activities • Has to be at disposal for the following year auditors • If there is the same finding next year => „repeated finding“ (influences final statement) 62
External Audit Legislation • Act No. 563/1991 Coll. , on accounting • § 20 – final accounts statement certification • If this act does not specify differently then regular or extraordinary audit of final accounts have to have following accounting units: a) Joint stock companies (if one of these conditions is reached: their assets reached 40 mil CZK or their net turnovers were higher than 80 mil CZK, or number of their employees was higher than 50) b) Other companies or co-operatives if they reached two of conditions given in point a) c) Other accounting units according to § 1, par. 2, letter b (enterprisers)… d) … 63
External Audit Legislation • Act No. 563/1991 Coll. , on accounting • § 20 – final accounts statement certification • Exceptions • Bankruptcy procedures (could be still required by creditors‘ committee) • Reorganization plan (could be still required by creditors‘ committee) • If bankruptcy procedures were closed due to the fact that the property of the company is not sufficiently high to satisfy creditors 64
ISA norms • International Standard on Quality Control (ISQC) 1 • Describes rules for • Quality Control for Firms that Perform Audits and Reviews of Financial Statements and Other Assurance and Related Services Engagements 65
ISA norms 200– 299 GENERAL PRINCIPLES AND RESPONSIBILITIES • ISA 200 - Overall Objectives of the Independent Auditor and the Conduct of an Audit in Accordance with International Standards on Auditing • ISA 210 - Agreeing the Terms of Audit Engagements • ISA 220 - Quality Control for an Audit of Financial Statements • ISA 230, Audit Documentation • ISA 240, The Auditor’s Responsibilities Relating to Fraud in an Audit of Financial Statements 66
ISA norms • ISA 250 - Consideration of Laws and Regulations in an Audit of Financial Statements • ISA 260 - Communication with Those Charged with Governance • ISA 265 - Communicating Deficiencies in Internal Control to Those Charged with Governance and Management 67
ISA norms 300– 499 RISK ASSESSMENT AND RESPONSE TO ASSESSED RISKS • ISA 300 - Planning an Audit of Financial Statements • ISA 315 - Identifying and Assessing the Risks of Material Misstatement through Understanding the Entity and Its Environment • ISA 320 - Materiality in Planning and Performing an Audit • ISA 330 - The Auditor’s Responses to Assessed Risks • ISA 402 - Audit Considerations Relating to an Entity Using a Service Organization • ISA 450, Evaluation of Misstatements Identified during the Audit 68
ISA norms 500– 599 AUDIT EVIDENCE • ISA 500 - Audit Evidence • ISA 501 - Audit Evidence - Specific Considerations for Selected Items • ISA 505 - External Confirmations • ISA 510 - Initial Audit Engagements - Opening Balances • ISA 520 - Analytical Procedures • ISA 530 - Audit Sampling 69
ISA norms • ISA 540 - Auditing Accounting Estimates, Including Fair Value Accounting Estimates, and Related Disclosures • ISA 550 - Related Parties • ISA 560 - Subsequent Events • ISA 570 - Going Concern • ISA 580 - Written Representations 70
ISA norms 600– 699 USING THE WORK OF OTHERS • ISA 600 - Special Considerations - Audits of Group Financial Statements (Including the Work of Component Auditors) • ISA 610 - Using the Work of Internal Auditors • ISA 620 - Using the Work of an Auditor’s Expert 71
ISA norms 700– 799 AUDIT CONCLUSIONS AND REPORTING • ISA 700 - Forming an Opinion and Reporting on Financial Statements • ISA 705 - Modifications to the Opinion in the Independent Auditor’s Report • ISA 706 - Emphasis of Matter Paragraphs and Other Matter Paragraphs in the Independent Auditor’s Report • ISA 710, Comparative Information—Corresponding Figures and Comparative Financial Statements • ISA 720, The Auditor’s Responsibilities Relating to Other Information in • Documents Containing Audited Financial Statements 72
ISA norms • 800– 899 SPECIALIZED AREAS • ISA 800 - Special Considerations - Audits of Financial Statements Prepared in Accordance with Special Purpose Frameworks • ISA 805 - Special Considerations - Audits of Single Financial Statements and Specific Elements, Accounts or Items of a Financial Statement • ISA 810 - Engagements to Report on Summary Financial Statements 73
ISA Norm 200 • International standards adjust general duties of an auditor performing an audit of a given final account (financial statement) of a company • Relevant for all types of audit • Define • • • Goals Range of audit Its character Subject Scope of standards 74
Final Financial Statement Audit • Goal of audit – strengthen trust of supposed user into data of the final financial statement • Auditor‘s statement – auditor comments if the financial statement reflects in all relevant aspects given data and respects existing legislation, international accounting standards and frameworks • Financial statement should accurately show the reality • Subject of audit - financial statement built by the management of the financial unit • Standards do not speak about duties of that management • They do not take precedence over legislation • Significance concept – used in moment of planning and final assessment 75
Final Financial Statement Audit • Basic sense of standards – to help the auditor to reach his/her certainty • According top standards the auditor in moment of planning has to • be skeptic enough • use his expertise, knowledge • reveal errors and mistakes • identify risks 76
General Goals of Auditor • To reach sufficiently adequate certainty • On the basis of assessment to express his/her meaning by preparation of Audit Report 77
Definitions • • • Relevant framework for accounting statements Evidences Risk assessment methods Auditor Assessment, investigation risks Final statement Historical financial information Management Incorrectness 78 Persons authorized by administration and management
Definitions • • • Applicable financial reporting framework Audit evidence Risk assessment methods Audit risk Auditor Detection risk Final statements Historical financial information Management Misstatement 79
Definitions – cont. • Premise that management has certain responsibilities • For preparation of financial statements free of material misstatement (fraud or error) • To provide auditor with access to all needed information • Professional judgment • Professional skepticism • Reasonable assurance • Risk of material misstatement • Inherent risk • Control risk • Those charged with government 80
Czech Legal Framework of External Audit • Act No 93/2009 Coll. on auditors and amendment of some other acts (minor changes during last years) • EU directives and relevant rules implemented • Defines • Auditors‘ statute, international standards • Czech Chamber of Auditors + Public Supervision Council on Audit • Mandatory audit, audit activities • Statutory auditor • Audit company • Audit person from the 3 rd country • Certification requirements, tests, the oath 81
Auditor‘s Exam • General accounting theory and • Legal requirements and standards (financial statements and consolidated financial statements preparation + mandatory audit and statutory auditors) • International accounting standards • International audit standards • Financial analysis • Cost and management accounting • Risk management and internal control • Execution of mandatory audit and professional knowledge • Professional ethics and independency 82
Auditor‘s Exam – cont. • To needed extent also the exam is also focused on following areas • • Company law Administration and management of companies Insolvency legislation Financial legislation Civil and Commercial Codes Labor Code and legislation of social insurance IT systems Mathematics and statistics 83
Auditor‘s Exam – cont. • Examination Committee – appointed by the Public Supervision Council on Audit • Rules for publications of test dates • Rules for evaluation of tests • Etc… 84
On-going Education • Statutory auditors have to take part in on-going education, studies, training • 60 hours per year • Goal – to increase theoretical and practical knowledge • Program of these seminars • Internal rules of the Czech Chamber of Auditors 85
CACR (KAČR) • Legal person, Prague • Provides conditions for organization, management and performance of the quality control system • Supervises compliance of statutory auditors, audit firms, assistants of auditor with legal framework • Issues Internal Rules, Code of Ethics, Auditors‘ Standards (with respect to those given by EU harmonized legislation) • List of auditors and auditors‘ assistants • Creates conditions for on-going education, preparation of assistants for auditors‘ tests • Organizes auditors'‘ certification exams • Co-operates with gov. institutions, CNB… 86
CACR Management • Assembly • The highest authority • Executive Committee + president of the Chamber • management • Supervisory Commission • Control function • Disciplinary Commission • Auditors‘ offences resolution 87
Public Supervision Council on Audit • • • Legal person, Prague Presidium (5 members, Mo. F (CNB involved)) Main task - public supervision on audit Compliance with legislation, standards, Code of Ethics, internal rules of the CACR Quality control On-going education Disciplinary management Domestic and international co-operation (institutions, regulators) Internal rules management process 88
Mandatory Audit of Public Interest Entities • Public interest entities: also trading companies or cooperatives or consolidating accounting entities which have more then 4000 employees • In case of these => auditor has to publish in 3 months special report • • Legal form, owners of the audit company Description of network (if the audit company is a part of) Description of internal management of audit company Description of quality control (date of the last one) List of public interest entities for which it works or worked Information on on-going education of auditors Statement on independence (had to be reviewed) 89
Mandatory Audit of Public Interest Entities – cont. • In case of these => auditor has to publish in 3 months special report • Financial information (market position, turnovers, income divided by its origin (mandatory + others like tax advisory, assurance services, non-audit services) • Information concerning the method of remuneration calculations of the acting auditors • If individual statutory auditor => conditions have to be fulfilled adequately 90
Audit Committee • World-wide known concept • Recommended in 1998 by so called Cadburry Committee (in CR enacted by Act No. 93/2009 Coll. ) • Public interest entity has to establish an audit committee (exceptions only if otherwise specified by the law) • Min 3 members • 1 member independent on the audited entity with 3 years of practice (auditing or accounting) • Members appointed by highest management • Either from supervisory board members or • Third parties members 91
Audit Committee – cont. • If the audit committee is not set up => its functions have to be fulfilled by the supervisory board of the public entity • Without prejudice of different responsibilities of statutory or supervisory boards members of the audit committee have following rights and duties: • Oversight of the preparation of financial statements and consolidated FS • Evaluates effectiveness of internal control, internal audit and risk management • Follows the process of financial statement audit • Assess the independency of statutory auditor, audit company and its additional services • Recommends an external auditor (CNB could refuse to accept it in case of financial institutions 92
Audit Services • Special basic concept, term • Audit of financial statements and consolidated financial statements, annual reports and consolidated annual reports • Audit and verification of other facts (given by special legislation) • Verification of other economic facts and information specified by the contract 93
Auditor, auditing company • Auditor - person registered by CACR • Auditing company • Basically trading company • Also has to be registered by the CACR • Independence – auditor responsible for the contract has to formulate a conclusion of independency. He has to: • Obtain relevant information to identify and evaluate circumstances and relationships which could create threat to independence • If any infringement of principles occurs => has to determine if there is any influence to the audit contract • Steps to eliminate or reduce such threats to acceptable level 94 (or withdraw if possible)
Confidentiality • If not given by the law differently => confidentiality of all non-public information obtained during auditing is private and secret • Even when the audit has been finished or audit activities left – min 10 years • This applies to employees and other persons involved in audit 95
Audit Documentation (ISA 230) • Serves as a proof of audit • Records of audit procedures performed, obtained relevant evidence and conclusions auditor reached (sometimes „working papers“) • Auditor‘s file – set of documents • Experienced auditor • Nature and purpose of the documentation • Provides evidence for auditor‘s conclusions and gives reasons why he achieved them • Provides evidences that the audit was planned and performed in compliance with ISA‘s and relevant legislation • Supports planning 96 • Supports control of audit by its management
Audit Team (ISA 230) • Auditor responsible for the contract has to be sure that all persons involved have • Sufficient expertise • Knowledge of legislation and standards • Ability to prepare audit report according to given conditions 97
Audit Requirements (ISA 230) • Timely preparation of audit documentation • Documentation of all audit procedures performed and audit evidence obtained • Documents on such level that if reviewed by another experienced auditor he has to be able to follow: • Nature, timing and range of audit • Results of audit procedures and evidences • Significant issues arising during audit, relevant conclusions and professional judgments made 98
Later Events (ISA 230) • If something serious occurs after the date of auditor's report => auditor has to: • Describe new circumstances • New or additional auditor‘s procedures performed • New documentation and audit evidence obtained, their impact on the auditor‘s report • The person who made the final changes • Why: because normally no modification of auditor‘s file is allowed 99
Internal Audit • IIA – Institute of Internal Auditors • • USA, 1941, Altamonte Springs, Florida Professional standards Certification of internal auditors Education (conferences, workshops, publications) • Research • International co-operation 100
Internal Audit in Europe • ECIIA – European Confederation of Institutes of Internal Audit - 1982, Brussels • Main goals • To share experience (conferences, publications) • Support for adoption of International Standards for professional practice of IA (certification) • Contacts with EU and international co-operation • Work towards to establish world-wide organization 101
Internal Audit in the CR • ČIIA – Český institut interních auditorů (Czech Institute of Internal Auditors - 1995, Praha • Mission • • Promote and support developments of IA Contacts with EIIA and international co-operation Publications (magazine Internal Auditor) Education, etc. 102
IA –Importance and functions • Done by whom? • Specially trained employees • Serves to whom? • Management • How often? • On-going, permanent activity • Main goals? • Independent evaluation of different activities within the organization 103
IA – functions • Focuses on following areas • • • If adopted policy and goals are achieved If standards are followed If effectiveness is achieved If documentation is accurate If information or records are complete, reliable and if they reflect reality 104
IA – audit record • • • Name of the auditing dept. Name of the audit Audit registration number Auditor‘s name Program of audit Objects of audit Dates (from-to, final, term for checkings) Results (recommendations) Signatures (auditor, audited manager) Manager‘s opinion 105
IA – audit record • Internal audit conclusions and recommendations are in the most of (esp. financial) institutions taken as binding ones and they have to be according to internal rules followed by all managers. 106
IA – measurements • Performance, productivity, could be measured • Measurements could be used for • Management and control • To support developments and progress • To maximize effectiveness and efforts • To achieve compliance with the objectives and goals • Remuneration, discipline maintenance 107
IA – measurements • When measuring => sequence is to be followed • 1) Products • What and how to do it • 2) Processes • Must ensure necessary products • Must be efficient • 3) Sources • In terms of their range, prices, quality are determined by processes and they serve to achieve, secure them 108
IA – measurements Market position of the company Results Financial Quality Determinants of results Adaptability Used sources Innovation Relative market quota and position Growing receipts Cliental base Liquidity Liability Profitability Activity Capital market Credibility Safety Easy maintainability Aesthetic style Capacity Rate Special requirements Productivity Efficiency Economy Innovative processes efficiency Individual innovation efficiency 109
IA – benefits to management • IA – advisory body to top management (TM) • Tasks • Monitoring of activities which TM is not able to monitor on his own • Identification and minimization of risks • Validation of different reports (TM, superior inst. ) • Providing information for decision processes • Evaluation and assessment of the past and future 110
IA – who is its main claimant? • Top management, board of directors, supervisory board • Operational management • The Audit Committee of the company • External auditors • IA „services“ – analysis, evaluations, recommendations, proposals, information • Results not public • Never available for any public body or regulator (only ion specific cases given by the law) 111
IA – planning • Audit activities should be planned according to risk analysis • Risks identification – the main task of IA • Results – starting point for determination of those activities which have to be audited 112
Risk Identification and Analysis • Audit activities should be planned according to risk analysis • Risks identification – the main task of IA • Results – starting point for determination of those activities which have to be audited 113
Risk Identification and Analysis • • Management control system quality Competence (abilities) of management Management integrity (completeness) Size of the entity (total sales, assets) Recent changes in the accounting system Operations´ complexity Recent changes in key personnel Liquidity of assets 114
Risk Identification and Analysis • • • Economic conditions are getting worse Rapid growth Range of IT implementation and data processing Period since the last audit Pressure on management to achieve the aims 115
IA Planning • Starting points • Objectives and strategy of the organization • Risk analysis • Requirements of the supervisory board or the audit committee • Suggestions and proposals of the executives • Types of plans • Strategic plan (normally for a period of 3 Y) • Periodic medium-term plan (1 Y or ½Y) • Time reserve for contingencies and auditors´ studies 116
Assurance services of IA • Audits as required by legislation and regulatory authorities; • Audits of corporate activities, based on risk analysis; • Verification of the measures taken; • Verification of the efficiency and effectiveness of the management and control system. 117
Consultancy Services of IA • Management requirements • Company activities‘ risks monitoring and system of their identification and analysis • Methodological activity • Complex reporting on the activities of the internal audit • Co-operation with the external auditor 118
Audit Preparation • Document „Authorization for the internal audit“ • • • Name of the audited body (dept. ) Date of the audit Audit team leader Members of the audit team Date of issue and the person responsible for approval 119
Audit Preparation • Documents used by the members of the team • • • Effective legislation Internal regulations of the audited department Organizational structure of the audited body; Manuals developed in the audited area Information systems (databases) Accounting and reporting data Organizational rules describing audited activities Personnel lists and descriptions of functions Results of earlier audits Samples of forms used 120
Audit Analytical Procedures • Very useful in finding: • • Unexpected differences The absence of expected differences Potential errors Potential irregularities or activities which are inconsistent with applicable law; • Other unusual or non-recurring transactions or events 121
Audit Analytical Procedures • Comparing the information for the current period • with similar information for prior period • with similar information from other organizational units of the company • with the budget and forecasts • with similar information within the industry in which the company operates 122
Audit Analytical Procedures • Examination of relationships between • information (e. g. movements in settled income interests in comparison with the changes in the balances of loans) • financial information with relevant nonfinancial information (e. g. settled wages expenditures vers the average number of employees) 123
Audit Techniques • Physical check • Examine – check-out the existence, dimensions and status of things • Calculations • Approve – differences should be explained • Summary of numerical values • Horizontal comparison, time comparison • Evaluate unusual items • Track document sequence • Recapitulation, documents completeness 124 • Validation of documents
Audit Techniques • Interviewing • Questionnaires (purpose should be explained) • Information confirmation from the third parties • Discussions, interviews • Observations • Course of operations, their particularities • Recapitulation - step by step, also retrospectively • Inspections (physical visits) 125
Audit Techniques • Calculations • • Where possibly by any operation Measurements Quantifications Analysis of • All relevant steps • Any change of account status • Criteria – reasons and results 126
Audit Techniques • Comparisons • Of similarities and differences • Approve quantities • Disparities of information from different sources • Analytical sequence: analysis – synthesis • Standards, scales, benchmarks 127
Audit Techniques • General procedures and principles • Different sources • Verifications • Selected samples • Statistically and random chosen • Test – different techniques should be used • Evaluate, assess, judge 128
Audit Types • Basic definitions of audit types • Substantive audit • Evaluation of operations results • Control audit • Control of processes by which results have been achieved • Other • Decision trees • Economic and optimization model • Statistical methods, etc. 129
Audit Types • • • Audit of the firm; Financial audit Prevention and detection of fraud Contracts Audit (investors, suppliers, customers); Compliance of firm policies and procedures with laws, decrees and regulations • Operations audit • Audit of productivity • Audit of management 130
Audit Types • Quality audit • Environmental audit • Personnel audit (for example employment´s contracts) • Audit of corporate relations (including various contracts); • Security audit (physical, IT) • IT audit; • Forensic audit 131
Audit Manual • Certain handbook for internal auditors • Stemming from experience of previous periods • Should be permanently replenished, enriched 132
Risk Management • Risk - uncertainty of future development • Generally could be both positive and negative • In practice, however, the term risk usually understood as a negative development, or the fact that the development of deviated from the expected value. • Due to risk – losses could occur (which could in the near or later future influence the given entity, its existence, economic results, market position, reputation, etc. • We try to express some probability of occurrence. 133
Risk Management • Risk management can be divided into • Risk identification – we have to detect where and how risk occurs • Measurement and evaluation of risks – to quantify it • Periodical monitoring, comparison of revealed size with the maximally acceptable level, limit • Reducing the risk by actions, relevant steps – aim: reduction of potential losses. 134
Risk Matrix • • • Characteristics and management credibility Correct reporting - responsibility of management Organization and management structure Nature of business Business Environment Results of audit Compliance with audit findings Important: accounting, financial results The ability to run the business in the future 135
Common definitions of risks • Probability or possibility of loss (fail, e. g. in accounting, • Risk of wrong decisions • Probability of a result different from the expected one • Possibility that a specific threat exploits vulnerability of the system • Variability of possible results or uncertainty of their achievement 136
Common definitions of risks • Risk of negative deviation from the target (so -called net exposure) • Possibility of loss or profit (so-called speculative risk) • Uncertainty associated with the development of the asset value (the investment risk) • Deviation of actual and expected results. 137
Statistical definitions of risks • Product of the size of the consequences of an event and the probability of such action • Mean value of the loss function • Certain phenomenon subject follows according to its quantity certain probability distribution, • Volatility of financial variables (portfolio value, profit, etc. ) around the expected value due to changes of many different circumstances. 138
Increase of profit • 5 basic was how to achieve higher profit • • • Higher sales Reduction of costs Improving product mix Increase of prices - selectively or globally Reduction of capital used • Performance Equation • ROCE = Return on Capital Employed • Profit = (Selling Price * Quantity) – (Unit Variable Costs * Quantity) – Fixed Costs 139
Risk Classification • • Not so simple, many factors, uncertainties Aim => profit Precondition: initial investments Uncertainties, behavior of market => possible losses • Differences between the reasons and implications, consequences => different classification categories 140
Risk Classification • Dynamic Risks • Changes in the company and its surroundings (political, economical, competition, consumers) • Static Risk • Other than economy - natural factors, unfair behavior • Occurs with some regularity – possible to predict and to be insured • Speculative Risk – either profit of loss • Net Risk – profit not evaluated; consideration if 141 loss occurs or not
Management Types • a) Strategic management - deciding on the basic principles of future business, determining strategic objectives and the basic tools to achieve them; • b) Operational management - decision making processes and activities are strategically set out to meet aims; • c) Risk management - identifying, analyzing and controlling hazards connected to existing or intended processes 142
Risk Management Process • Identification of events which could influence strategic intentions • Both • positive (searching for opportunities) • Negative (searching for threats or uncertainties) • Risks are analyzed, evaluated (probability, amount, possibilities how to influence them) • Finally decisions have to be adopted how to manage different types of risks (accept, if minor, avoid, mitigate, share)… 143
Benchmarking • Another type or audit instrument • Instrument helping to survive in the competitive world • Again: continuous, systematic process • Comparison of own effectiveness (in terms of productivity, quality and practice) with leading companies and organizations 144
Benchmarking – main goals • Keep up competitive advantages (if we have them) • Finding and using of optimal methods in the given field of business • To ensure the survival of the company in the future • To be in compliance with the requirements of customers – clients • Assurance of own quality from all points of view 145
Benchmarking – benefits • Stimulates growth even there where no direct effects of market economy occur (where the competitors and clients are not in direct contact) • Important e. g. for • natural monopoles, such as electricity, gas • All cases where customers have no other option • Types of cartels which could not be penalized (such as OPEC (oil), coffee sales in the international market, etc. ) 146
Benchmarking – effects • Benchmarking determines which operations should be improved • How? We have to search for companies and organizations which operations, activities similar to ours perform very extraordinary successfully • It could lead to even to license procurement or acquisitions • Warning: boundary between benchmarking and industrial espionage should be distinguished… 147
Benchmarking – categories • Internal – within the company • comparisons between subsidiaries and divisions • External • comparisons with other companies and organizations; • Functional • comparisons within the same industry • Generic • comparisons regardless of industry type 148
Benchmarking process • Selection of benchmarking subject • Determine the main parts and measurement possibilities (not only financial analysis…) • Partners selection, type of comparisons (internal x external) • Contacts, information collections • Analysis, sorting, identifying significant differences in theory and practice • Synthesis, conclusions, decision – in-house solution or acquisition? 149
Benchmarking process • It's not just about numbers – if we have them we have to find their explanation • Even managerial procedures or organizational structure are important • We have to determine objectively what is functional and then we have to focus on it our measurements, evaluations to be able to define what are the main factors leading to desired behavior and results 150
Benchmarking measurements • By measurements we get • • Information database Reasons for necessary changes Diagnosis of important areas to be improved Prioritization of these important areas 151
Benchmarking measurements • Productivity, costs • • • How product costs are managed and controlled Percentage of revenues, percentage of overall budget Actual versus expected costs (budget plan) Output per 1 employee rate Detailed partial costs (materials, wages, amortizations, write-offs, etc. ) • Process effectiveness, reliability • How processes and systems support different operations • Error-rates, automatization, down-times, etc. 152
Benchmarking measurements • In production everything has to fit together • Speeding – up in one section may cause troubles in the overall process • Bottlenecks, weakest „segments of the chain“ should be revealed • We have to describe and compare different process cycles from their duration point of view • even soft information could be important (clients‘ complaints resolution, clients‘ satisfaction, loyalty, employees‘ satisfaction and loyalty) 153
Soft information x hard changes • Non-financial measurements of productivity = soft type of information => higher and higher importance • High impact on real economic results => • They influence need for changes • Unfortunately, not everybody is able to perform non-financial measurements properly • Then information on relations between nonfinancial costs and cash-flow, profit, prices is missing 154
Usual mistakes • Missing interconnection with strategy • It is impossible to use blindly different methods, some of them are not universal • Subjective assessment – could wrongly determine relation reason=>effect • Often the first-view impression must not be the correct one • Incorrect productivity goals, unknown level of satisfaction needed for reaching them • Short-term positive results do not mean 155 automatically long-term ones
Conclusions • Benchmarking is a procedure with the aim to analyze business operations and activities in order to identify areas that can bring cost reduction and permanent process improvements • Such improvement requires knowledge of performance standards, with which the analyzed activities should be measured • Not all activities and operations can be measured with the aim to reach lowest cost • Even interests of shareholders should be incorporated into these improvements efforts… 156
Quality Audit • Often internal audit activity • Why? External auditor is usually focused on financial issues (accounting, financial statements, annual reports) • Production quality is objectively out of his scope • Limited knowledge, experience, qualifications (specialists in specific field of production needed) • Exception – forensic audit 157
Quality Audit Importance • Quality products = competitive advantage • Often true "higher quality = higher price„ • Poor quality => cause of losses, need for discounts, etc. • Input quality essential – where final product based on purchased materials, semi-finished products and components • Low quality inputs often impossible to be compensated during final production 158
Quality And Satisfaction • Quality and clients‘ satisfaction interconnected • Could be supported by • certification of products • Certification of quality management (ISO norms) • Wide and long-term guarantees and other services • ČSN definition • "a systematic and independent testing whether activities and their results are consistent with planned arrangements and whether they are in 159 accordance with the original intentions. "
Environmental Audit • Is that logical to speak about audit activities and ecological behavior of a company? • Yes, it is – that area could heavily influence not only economy of that unit but nature and environment, too • Specific fields • Storage or mining of some raw materials (oil, nuclear products) • Technologies working e. g. with freon • Very often outsourced activity of the internal audit 160