Auditor’s ICOFR Decisions:

Analysis, Synthesis, and

Research Directions
Written By Stephen K. Asare, Brian C. Fitzgerald, Lynford E.
Graham, Jennifer R. Joe, Eric M. Negangard, and Christopher
J. Wolfe
 Presented By

Ike Indriyani Ketaren 120620150023

Anna Kania W 120620150024
Pera Yulianingsih 120620150027
Winda Susliani 120620150032
Nova Sabrina Narandani 120620150041
Gina Puspitasari 120620150043
Executive
Summary
The purpose of the synthesis is:
(1) to provide information on how and how well auditors perform the task, which
serves as feedback to the Public Company Accounting Oversight Board
(PCAOB) on implementation issues and problems related to auditors’
application of the professional standards on ICOFR; and
(2) to identify gaps in the current literature and fruitful areas of future research.

Key contributions include providing an ICOFR tasks taxonomy,

proposing a model of the determinants of performance for each task,
evaluating auditors’ performance of the tasks in our taxonomy,
highlighting findings and gaps of importance to regulators, and
providing a road map for future research.
Background &
Framework
 Mautz and
Internal Control Vital Importance Sharaf 1961;
AICPA 1984;
COSO 1992

AS No. 55,
the second standard of fieldwork AICPA 1990;
a sufficient understanding of SAS No. 78,
and longstanding auditing
internal control AICPA 1997;
standards have required
SAS No. 94,
AICPA 2001

Section 404 (b) of SOX

auditors attest to the U.S. House
changed the historical of
effectiveness of their Representa
control model by
public clients’ ICOFR tives 2002
requiring

an early warning signal to judge the

likelihood that a company’s
The ICOFR report is intended to
reporting system will provide
provide stakeholders
accurate financial information
(PCAOB 2007)
 PCAOB
issued
Auditing
Standard
No. 2 while the audit of
ICOFR had produced
significant benefits,
compliance with the
standard had
required greater
effort and resulted in
higher costs than
SEC expected.
sponsored
discussion
on
experiences
Differences between Auditing Standard No. 2 and Auditing Standard No. 5

Less prescriptive, allowing the auditor to exercise more professional judgment

Makes the audit scalable, allowing the auditor to easily tailor its application to the
size and complexity of any company

Directs auditors to focus on areas that present the highest risk, such as the
period-end financial reporting process and controls designed to prevent fraud

Clarifies that management’s evaluation process is not the focus of the audit, in contrast to Auditing Standard
No. 2, which included detailed requirements for the auditor to evaluate management’s evaluation process

Includes a principles-based approach to determining when and to what extent the

auditor can use the work of others.
 top-down
risk-
based Planning
judgment-
oriented
approach Scoping

Testing
an adverse report when the client’s
ICOFR has a material weakness as of
the balance sheet date
Evaluation
Consistent with
Auditing Standard No.
5, researchers
delineate five phases
Reporting
of the ICOFR audit:
 Interaction
between the
auditor and the
client
Client’s
Task attributes
attributes

Auditor’s Performance Environmental

attributes Determinant attributes
Phase 1:
Planning
Risk Assessments

Using the Works of

Others

Materiality
 Risk Assessments
Significant account, disclosures, and relevant
assertions

Selection of controls to test

Evidence necessary for a given control

Risk Assessments

The risk that an auditor

ICOFR will issue an unqualified
ICOFR report when the
Audit client’s ICOFR has at
Risks least one unremediated
material weakness
Performance Auditor

Determinants
of Risk
Assessments Task
attributes
Performance
Determinants
Client

Auditor-
client
interaction
Using Work of Others
The external auditor may use the work
performed by, or receive direct assistance
from:
- internal auditors
- company personnel (in addition to
internal auditors),
- third parties working under the direction
of management or the audit committee
that provide evidence about the
effectiveness of ICOFR, provided that
these ‘‘others’’ are judged competent and
PCAOB objective
Auditing
Standard No.5
Materiality

Financial
ICOFR
Statement
Phase 2:
Scoping
Tabel Summary of suggested Future Research

Panel A : Planning Phase Judgment / Decision

Client Attributes Risk Assessment

Auditor Attributes Risk Assessment

Auditor and Client Interaction Attributes Using the Work of Other

Task Attributes All

Enviromental Attributes Risk Assessment / Materiality

continued

Panel B : Scoping Phase Judgment / Decision

Client Attributes Entity-Level Control

Auditor Attributes Account-Specific Control

Entity-Level Control
Auditor and Client Interaction Attributes Entity-Level Control
Task Attributes Entity-Level Control

Enviromental Attributes Location Control

continued

Panel C : Testing Phase Judgment / Decision

Client Attributes NA

Auditor Attributes Nature, Extent, and Timing

Auditor and Client Interaction Attributes Nature, Extent, and Timing
Task Attributes Nature, Extent, and Timing

Enviromental Attributes Nature, Extent, and Timing

continued

Panel D : Evaluation Phase Judgment / Decision

Client Attributes Compensating Control

Auditor Attributes Severity Assessment

Auditor and Client Interaction Attributes Severity Assessment

Task Attributes Severity Assessment

Prudent Official Test
Impact on Substantive Testing

Enviromental Attributes Severity Assessment

continued

Panel E : Reporting Phase Judgment / Decision

Client Attributes NA

Auditor Attributes Reporting

Auditor and Client Interaction Attributes Reporting
Task Attributes Reporting

Enviromental Attributes Reporting

 1. Entity-Level Controls
Entity-level controls • Example :
operate over multiple • controls related to the control environment
accounts, vary in • controls over management override
• company’s risk assessment process
nature and precision, • centralized processing and controls
and include controls • controls to monitor results of operations
that can have a direct • controls to monitor other controls
or indirect effect on • including activities of the internal
• audit function
the likelihood that a • the audit committee
material • self-assessment programs
misstatement is • controls over the period-end financial reporting process
prevented or • and policies that address significant business control and risk
management practices
detected.
Entity-Level Controls

Effect of
Client
Effect of Attribute
Environm s
ental
Attribute
Entity-Level Controls ; Effect of Client Attributes
client
attributes:

Because of its
importance to
control effective ICOFR,
consciousness auditors must Competence
affect audit evaluate the control
environment of a
judgments. company (PCAOB
2007, }25).

Trustworthiness
Entity-Level Controls ; Effect of Environmental Attributes
Doogar et al. (2010) examine the effect of Auditing Standard No. 5 on
scoping. Specifically,they examine the alignment of audit fees and client
fraud risk under Auditing Standard No. 2 and Auditing Standard No. 5.
• If auditors apply Auditing Standard No.5’s risk-based, top-down,
judgment-oriented approach, then it should result in a better alignment of
risk and effort, hence fees, compared to Auditing Standard No. 2.
• During the Auditing StandardNo. 5 period, higher-fraud-risk clients pay
higher fees than lower-fraud-risk clients.
• the average fees under the Auditing Standard No. 5 era to be lower than
that under Auditing Standard No. 2.
2. Account-Specific Controls

Account-specific controls are

emplaced within a particular control
or cycle (PCAOB 2007). In the
absence of precise ELC, account-
specific controls are important to
the auditor’s conclusion about
whether the company’s controls
sufficiently address he assessed
risk of misstatement to each
relevant assertion.
Account-Specific Controls ; Effect of Client Attributes
1) Which client attributes are
associated with the incidence of
account-specific material
weaknesses?

2) Which account-specific deficiencies

are auditors likely to classify as severe?
3. Location Controls
Effect of Client
Attributes

Effect of
Environmental
Attributes

Summary and
Future
Research
Phase 3:
Testing
 Effect of
Auditor
Attributes

Summary
and Effect of
Future TESTING Client
Research Attributes

Effect of
Task
Attributes
 Phase 4:
Evaluation
Severity Assessment

Effect of Auditor Effect of Client

Attributes Attributes

Effect of Auditor
Effect of Task
and Client
Attributes
Interactions
 Effect of Auditor
Compensating Controls and Client
Interactions

Effect of Task
Attributes
The Impact of Substantive
Testing
Summary and
Future Research
Phase 5:
Reporting
 • Effect of Client
Attributes
Reporting • Summary and
Future Research
Conclusion
Our synthesis contributes to the accounting
literature in five ways

• We providean ICOFR task taxonomy.

1.

• We provide a model of the determinants of performance in each phase of the taxonomy.

2.
• We highlight findings related to the PCAOB staff’s stated interest in the auditor’s testing of entity-level controls,
multi-location scoping, and the effect of compensating controls on the evaluation of identified control
3. deficiencies

• We highlight anecdotal problems from PCAOB inspections to identify areas of research that are likely to affect
regulations.
4.

• We provide a comprehensive synthesis of the literature on audit decision-making required by the Sarbanes-
Oxley Act of 2002.
5.
THANK YOU!