Evaluating Audit Results
Effective Date: For audits of fiscal years beginning on or after Dec. 15, 2010
Final Rule: PCAOB Release No. 2010-004
Summary Table of Contents
- (1) Introduction
- (2) Objective
- (3 - 36) Evaluating the Results of the Audit of Financial Statements
- (37) Evaluating the Results of the Audit of Internal Control Over Financial Reporting
- Appendix A Definitions
- Appendix B Qualitative Factors Related to the Evaluation of the Materiality of Uncorrected Misstatements
- Appendix C Matters That Might Affect the Assessment of Fraud Risks
1. This standard establishes requirements regarding the auditor's evaluation of audit results and determination of whether he or she has obtained sufficient appropriate audit evidence.
2. The objective of the auditor is to evaluate the results of the audit to determine whether the audit evidence obtained is sufficient and appropriate to support the opinion to be expressed in the auditor's report.
3. In forming an opinion on whether the financial statements are presented fairly, in all material respects, in conformity with the applicable financial reporting framework, the auditor should take into account all relevant audit evidence, regardless of whether it appears to corroborate or to contradict the assertions in the financial statements.
4. In the audit of financial statements,1/ the auditor's evaluation of audit results should include evaluation of the following:
- The results of analytical procedures performed in the overall review of the financial statements ("overall review");
- Misstatements accumulated during the audit, including, in particular, uncorrected misstatements;2/
- The qualitative aspects of the company's accounting practices;
- Conditions identified during the audit that relate to the assessment of the risk of material misstatement due to fraud ("fraud risk");
- The presentation of the financial statements, including the disclosures; and
- The sufficiency and appropriateness of the audit evidence obtained.
Performing Analytical Procedures in the Overall Review
5. In the overall review, the auditor should read the financial statements and disclosures and perform analytical procedures to (a) evaluate the auditor's conclusions formed regarding significant accounts and disclosures and (b) assist in forming an opinion on whether the financial statements as a whole are free of material misstatement.
6. As part of the overall review, the auditor should evaluate whether:
- The evidence gathered in response to unusual or unexpected transactions, events, amounts, or relationships previously identified during the audit is sufficient; and
- Unusual or unexpected transactions, events, amounts, or relationships3/ indicate risks of material misstatement that were not identified previously, including, in particular, fraud risks.
Note: If the auditor discovers a previously unidentified risk of material misstatement or concludes that the evidence gathered is not adequate, he or she should modify his or her audit procedures or perform additional procedures as necessary in accordance with paragraph 36 of this standard.
7. The nature and extent of the analytical procedures performed during the overall review may be similar to the analytical procedures performed as risk assessment procedures. The auditor should perform analytical procedures relating to revenue through the end of the reporting period.4/
8. The auditor should obtain corroboration for management's explanations regarding significant unusual or unexpected transactions, events, amounts, or relationships. If management's responses to the auditor's inquiries appear to be implausible, inconsistent with other audit evidence, imprecise, or not at a sufficient level of detail to be useful, the auditor should perform procedures to address the matter.
9. Evaluating Whether Analytical Procedures Indicate a Previously Unrecognized Fraud Risk. Whether an unusual or unexpected transaction, event, amount, or relationship indicates a fraud risk, as discussed in paragraph 6.b., depends on the relevant facts and circumstances, including the nature of the account or relationship among the data used in the analytical procedures. For example, certain unusual or unexpected transactions, events, amounts, or relationships could indicate a fraud risk if a component of the relationship involves accounts and disclosures that management has incentives or pressures to manipulate, e.g., significant unusual or unexpected relationships involving revenue and income.
Accumulating and Evaluating Identified Misstatements
10. Accumulating Identified Misstatements. The auditor should accumulate misstatements identified during the audit, other than those that are clearly trivial.
Note: "Clearly trivial" is not another expression for "not material." Matters that are clearly trivial will be of a smaller order of magnitude than the materiality level established in accordance with Auditing Standard No. 11, Consideration of Materiality in Planning and Performing an Audit, and will be inconsequential, whether taken individually or in aggregate and whether judged by any criteria of size, nature, or circumstances. When there is any uncertainty about whether one or more items is clearly trivial, the matter is not considered trivial.
11. The auditor may designate an amount below which misstatements are clearly trivial and do not need to be accumulated. In such cases, the amount should be set so that any misstatements below that amount would not be material to the financial statements, individually or in combination with other misstatements, considering the possibility of undetected misstatement.
12. The auditor's accumulation of misstatements should include the auditor's best estimate of the total misstatement in the accounts and disclosures that he or she has tested, not just the amount of misstatements specifically identified. This includes misstatements related to accounting estimates, as determined in accordance with paragraph 13 of this standard, and projected misstatements from substantive procedures that involve audit sampling, as determined in accordance with AU sec. 350, Audit Sampling.5/
13. Misstatements Relating to Accounting Estimates. If the auditor concludes that the amount of an accounting estimate included in the financial statements is unreasonable or was not determined in conformity with the relevant requirements of the applicable financial reporting framework, he or she should treat the difference between that estimate and a reasonable estimate determined in conformity with the applicable accounting principles as a misstatement. If a range of reasonable estimates is supported by sufficient appropriate audit evidence and the recorded estimate is outside of the range of reasonable estimates, the auditor should treat the difference between the recorded accounting estimate and the closest reasonable estimate as a misstatement.
Note: If an accounting estimate is determined in conformity with the relevant requirements of the applicable financial reporting framework and the amount of the estimate is reasonable, a difference between an estimated amount best supported by the audit evidence and the recorded amount of the accounting estimate ordinarily would not be considered to be a misstatement. Paragraph 27 discusses evaluating accounting estimates for bias.
14. Considerations as the Audit Progresses. The auditor should determine whether the overall audit strategy and audit plan need to be modified if :
- The nature of accumulated misstatements and the circumstances of their occurrence indicate that other misstatements might exist that, in combination with accumulated misstatements, could be material; or
- The aggregate of misstatements accumulated during the audit approaches the materiality level or levels used in planning and performing the audit.6/
Note: When the aggregate of accumulated misstatements approaches the materiality level or levels used in planning and performing the audit, there likely will be greater than an appropriately low level of risk that possible undetected misstatements, when combined with the aggregate of misstatements accumulated during the audit that remain uncorrected, could be material to the financial statements. If the auditor's assessment of this risk is unacceptably high, he or she should perform additional audit procedures or determine that management has adjusted the financial statements so that the risk that the financial statements are materially misstated has been reduced to an appropriately low level.
15. The auditor should communicate accumulated misstatements to management on a timely basis to provide management with an opportunity to correct them.
16. If management has examined an account or a disclosure in response to misstatements detected by the auditor and has made corrections to the account or disclosure, the auditor should evaluate management's work to determine whether the corrections have been recorded properly and whether uncorrected misstatements remain.
17. Evaluation of the Effect of Uncorrected Misstatements. The auditor should evaluate whether uncorrected misstatements are material, individually or in combination with other misstatements. In making this evaluation, the auditor should evaluate the misstatements in relation to the specific accounts and disclosures involved and to the financial statements as a whole, taking into account relevant quantitative and qualitative factors.7/ (See Appendix B.)
Note: In interpreting the federal securities laws, the Supreme Court of the United States has held that a fact is material if there is "a substantial likelihood that the …fact would have been viewed by the reasonable investor as having significantly altered the 'total mix' of information made available."8/ As the Supreme Court has noted, determinations of materiality require "delicate assessments of the inferences a 'reasonable shareholder' would draw from a given set of facts and the significance of those inferences to him …."9/
Note: As a result of the interaction of quantitative and qualitative considerations in materiality judgments, uncorrected misstatements of relatively small amounts could have a material effect on the financial statements. For example, an illegal payment of an otherwise immaterial amount could be material if there is a reasonable possibility10/ that it could lead to a material contingent liability or a material loss of revenue.11/ Also, a misstatement made intentionally could be material for qualitative reasons, even if relatively small in amount.
Note: If the reevaluation of the established materiality level or levels, as set forth in Auditing Standard No. 11,12/ results in a lower amount for the materiality level or levels, the auditor should take into account that lower materiality level or levels in the evaluation of uncorrected misstatements.
18. The auditor's evaluation of uncorrected misstatements, as described in paragraph 17 of this standard, should include evaluation of the effects of uncorrected misstatements detected in prior years and misstatements detected in the current year that relate to prior years.
19. The auditor cannot assume that an instance of error or fraud is an isolated occurrence. Therefore, the auditor should evaluate the nature and effects of the individual misstatements accumulated during the audit on the assessed risks of material misstatement. This evaluation is important in determining whether the risk assessments remain appropriate, as discussed in paragraph 36 of this standard.
20. Evaluating Whether Misstatements Might Be Indicative of Fraud. The auditor should evaluate whether identified misstatements13/ might be indicative of fraud and, in turn, how they affect the auditor's evaluation of materiality and the related audit responses. As indicated in AU sec. 316, Consideration of Fraud in a Financial Statement Audit, fraud is an intentional act that results in material misstatement of the financial statements.14/
21. If the auditor believes that a misstatement is or might be intentional, and if the effect on the financial statements could be material or cannot be readily determined, the auditor should perform procedures to obtain additional audit evidence to determine whether fraud has occurred or is likely to have occurred and, if so, its effect on the financial statements and the auditor's report thereon.
22. For misstatements that the auditor believes are or might be intentional, the auditor should evaluate the implications on the integrity of management or employees and the possible effect on other aspects of the audit. If the misstatement involves higher-level management, it might be indicative of a more pervasive problem, such as an issue with the integrity of management, even if the amount of the misstatement is small. In such circumstances, the auditor should reevaluate the assessment of fraud risk and the effect of that assessment on (a) the nature, timing, and extent of the necessary tests of accounts or disclosures and (b) the assessment of the effectiveness of controls. The auditor also should evaluate whether the circumstances or conditions indicate possible collusion involving employees, management, or external parties and, if so, the effect of the collusion on the reliability of evidence obtained.
23. If the auditor becomes aware of information indicating that fraud or another illegal act has occurred or might have occurred, he or she also must determine his or her responsibilities under AU secs. 316.79-.82A, AU sec. 317, and Section 10A of the Securities Exchange Act of 1934, 15 U.S.C. § 78j-1.
Evaluating the Qualitative Aspects of the Company's Accounting Practices
24. When evaluating whether the financial statements as a whole are free of material misstatement, the auditor should evaluate the qualitative aspects of the company's accounting practices, including potential bias in management's judgments about the amounts and disclosures in the financial statements.
25. The following are examples of forms of management bias:
- The selective correction of misstatements brought to management's attention during the audit (e.g., correcting misstatements that have the effect of increasing reported earnings but not correcting misstatements that have the effect of decreasing reported earnings).
Note: To evaluate the potential effect of selective correction of misstatements, the auditor should obtain an understanding of the reasons that management decided not to correct misstatements communicated by the auditor in accordance with paragraph 15.
- The identification by management of additional adjusting entries that offset misstatements accumulated by the auditor. If such adjusting entries are identified, the auditor should perform procedures to determine why the underlying misstatements were not identified previously and evaluate the implications on the integrity of management and the auditor's risk assessments, including fraud risk assessments. The auditor also should perform additional procedures as necessary to address the risk of further undetected misstatement.
- Bias in the selection and application of accounting principles.15/
- Bias in accounting estimates.16/
26. If the auditor identifies bias in management's judgments about the amounts and disclosures in the financial statements, the auditor should evaluate whether the effect of that bias, together with the effect of uncorrected misstatements, results in material misstatement of the financial statements. Also, the auditor should evaluate whether the auditor's risk assessments, including, in particular, the assessment of fraud risks, and the related audit responses remain appropriate.
27. Evaluating Bias in Accounting Estimates. The auditor should evaluate whether the difference between estimates best supported by the audit evidence and estimates included in the financial statements, which are individually reasonable, indicate a possible bias on the part of the company's management. If each accounting estimate included in the financial statements was individually reasonable but the effect of the difference between each estimate and the estimate best supported by the audit evidence was to increase earnings or loss, the auditor should evaluate whether these circumstances indicate potential management bias in the estimates. Bias also can result from the cumulative effect of changes in multiple accounting estimates. If the estimates in the financial statements are grouped at one end of the range of reasonable estimates in the prior year and are grouped at the other end of the range of reasonable estimates in the current year, the auditor should evaluate whether management is using swings in estimates to achieve an expected or desired outcome, e.g., to offset higher or lower than expected earnings.
Note: AU secs. 316.64-.65 establish requirements regarding performing a retrospective review of accounting estimates and evaluating the potential for fraud risks.
Evaluating Conditions Relating to the Assessment of Fraud Risks
28. When evaluating the results of the audit, the auditor should evaluate whether the accumulated results of auditing procedures17/ and other observations affect the assessment of the fraud risks made throughout the audit and whether the audit procedures need to be modified to respond to those risks. (See Appendix C.)
29. As part of this evaluation, the engagement partner should determine whether there has been appropriate communication with the other engagement team members throughout the audit regarding information or conditions that are indicative of fraud risks.
Note: To accomplish this communication, the engagement partner might arrange another discussion among the engagement team members about fraud risks. (See paragraphs 49-51 of Auditing Standard No. 12.)
Evaluating the Presentation of the Financial Statements, Including the Disclosures
30. The auditor must evaluate whether the financial statements are presented fairly, in all material respects, in conformity with the applicable financial reporting framework.
Note: AU sec. 411, The Meaning of Present Fairly in Conformity With Generally Accepted Accounting Principles, establishes requirements for evaluating the presentation of the financial statements. Auditing Standard No. 6, Evaluating Consistency of Financial Statements, establishes requirements regarding evaluating the consistency of the accounting principles used in financial statements.
Note: The auditor should look to the requirements of the Securities and Exchange Commission for the company under audit with respect to the accounting principles applicable to that company.
31. As part of the evaluation of the presentation of the financial statements, the auditor should evaluate whether the financial statements contain the information essential for a fair presentation of the financial statements in conformity with the applicable financial reporting framework. Evaluation of the information disclosed in the financial statements includes consideration of the form, arrangement, and content of the financial statements (including the accompanying notes), encompassing matters such as the terminology used, the amount of detail given, the classification of items in the statements, and the bases of amounts set forth.
Note: According to AU sec. 508, if the financial statements, including the accompanying notes, fail to disclose information that is required by the applicable financial reporting framework, the auditor should express a qualified or adverse opinion and should provide the information in the report, if practicable, unless its omission from the report is recognized as appropriate by a specific auditing standard.18/
Evaluating the Sufficiency and Appropriateness of Audit Evidence
32. Auditing Standard No. 8, Audit Risk, states:
To form an appropriate basis for expressing an opinion on the financial statements, the auditor must plan and perform the audit to obtain reasonable assurance about whether the financial statements are free of material misstatement due to error or fraud. Reasonable assurance is obtained by reducing audit risk to an appropriately low level through applying due professional care, including obtaining sufficient appropriate audit evidence.19/
33. As part of evaluating audit results, the auditor must conclude on whether sufficient appropriate audit evidence has been obtained to support his or her opinion on the financial statements.
34. Factors that are relevant to the conclusion on whether sufficient appropriate audit evidence has been obtained include the following:
- The significance of uncorrected misstatements and the likelihood of their having a material effect, individually or in combination, on the financial statements, considering the possibility of further undetected misstatement (paragraphs 14 and 17-19 of this standard).
- The results of audit procedures performed in the audit of financial statements, including whether the evidence obtained supports or contradicts management's assertions and whether such audit procedures identified specific instances of fraud (paragraphs 20-23 and 28-29 of this standard).
- The auditor's risk assessments (paragraph 36 of this standard).
- The results of audit procedures performed in the audit of internal control over financial reporting, if the audit is an integrated audit.
- The appropriateness (i.e., the relevance and reliability) of the audit evidence obtained.20/
35. If the auditor has not obtained sufficient appropriate audit evidence about a relevant assertion or has substantial doubt about a relevant assertion, the auditor should perform procedures to obtain further audit evidence to address the matter. If the auditor is unable to obtain sufficient appropriate audit evidence to have a reasonable basis to conclude about whether the financial statements as a whole are free of material misstatement, AU sec. 508 indicates that the auditor should express a qualified opinion or a disclaimer of opinion.21/
36. Evaluating the Appropriateness of Risk Assessments. As part of the evaluation of whether sufficient appropriate audit evidence has been obtained, the auditor should evaluate whether the assessments of the risks of material misstatement at the assertion level remain appropriate and whether the audit procedures need to be modified or additional procedures need to be performed as a result of any changes in the risk assessments. For example, the re-evaluation of the auditor's risk assessments could result in the identification of relevant assertions or significant risks that were not identified previously and for which the auditor should perform additional audit procedures.
Note: Auditing Standard No. 12 establishes requirements on revising the auditor's risk assessment.22/ Auditing Standard No. 13 discusses the auditor's responsibilities regarding the assessment of control risk and evaluation of control deficiencies in an audit of financial statements.23/
37. Auditing Standard No. 5, An Audit of Internal Control Over Financial Reporting That Is Integrated with An Audit of Financial Statements, indicates that the auditor should form an opinion on the effectiveness of internal control over financial reporting by evaluating evidence obtained from all sources, including the auditor's testing of controls, misstatements detected during the financial statement audit, and any identified control deficiencies. Auditing Standard No. 5 describes the auditor's responsibilities regarding evaluating the results of the audit, including evaluating the identified control deficiencies.24/
1/ For purposes of this standard, the term "audit of financial statements" refers to the financial statement portion of the integrated audit and to the audit of financial statements only.
2/ Terms defined in Appendix A, Definitions, are set in boldface type the first time they appear.
3/ Paragraphs 46-48 of Auditing Standard No. 12, Identifying and Assessing Risks of Material Misstatement and paragraph .03 of AU sec. 329, Substantive Analytical Procedures.
4/ Paragraph 47 of Auditing Standard No. 12 contains a requirement to perform analytical procedures relating to revenue as part of the risk assessment procedures.
5/ AU sec. 350.26.
6/ Auditing Standard No. 11.
7/ If the financial statements contain material misstatements, AU sec. 508, Reports on Audited Financial Statements, indicates that the auditor should issue a qualified or an adverse opinion on the financial statements. AU sec. 508.35 discusses situations in which the financial statements are materially affected by a departure from the applicable financial reporting framework.
8/ TSC Industries v. Northway, Inc., 426 U.S. 438, 449 (1976). See also Basic, Inc. v. Levinson, 485 U.S. 224 (1988).
9/ TSC Industries, 426 U.S. at 450.
10/ There is a reasonable possibility of an event, as used in this standard, when the likelihood of the event is either "reasonably possible" or "probable," as those terms are used in the FASB Accounting Standards Codification, Contingencies Topic, paragraph 450-20-25-1.
11/ AU sec. 317, Illegal Acts by Clients.
12/ Paragraphs 11-12 of Auditing Standard No. 11.
13/ Misstatements include omission and presentation of inaccurate or incomplete disclosures.
14/ AU sec. 316.05.
15/ Paragraph 5.d. of Auditing Standard No. 13, The Auditor's Responses to the Risks of Material Misstatement.
16/ Paragraph 27 of this standard.
17/ Such auditing procedures include, but are not limited to, procedures in the overall review (paragraph 9 of this standard), the evaluation of identified misstatements (paragraphs 20-23 of this standard), and the evaluation of the qualitative aspects of the company's accounting practices (paragraphs 24-27 of this standard).
18/ AU secs. 508.41-.44.
19/ Paragraph 3 of Auditing Standard No. 8.
20/ Paragraphs 7-9 of Auditing Standard No. 15, Audit Evidence, discuss the relevance and reliability of audit evidence.
21/ AU sec. 508.22-.34 contains requirements regarding audit scope limitations.
22/ Paragraph 74 of Auditing Standard No. 12.
23/ Paragraphs 32-34 of Auditing Standard No. 13.
24/ Paragraphs 62-70 of Auditing Standard No. 5 discuss evaluating identified control deficiencies, and paragraphs 71-73 of Auditing Standard No. 5 discuss forming an opinion on the effectiveness of internal control over financial reporting.