Regulatory Environment of Auditing

Week 1

4-1

Regulatory frameworks for audit & assurance services

Auditing standards - Guide the auditors work - Serve as quality measures - Help ensure that audits are conducted in a thorough & systematic way to produce reliable conclusions IFAC (International Federation of Accountants) MIA & MICPA are members of IFAC IAASB (International Auditing & Assurance Standards Board)
4-2

International auditing standards

International auditing standards

1. International Standards on Auditing (ISA) 2. International Standards on Assurance Engagements (ISAE) 3. International Standards on Quality Control (ISQC) 4. International Standards on Review Engagements (ISRE) 5. International Standards on Related Services (ISRS) 6. International Auditing Practice Statements (IAPS)
4-3

National auditing standards

International auditing standards (ISA) approved by MIA Malaysian Standards on Auditing (MSA) - intended to augment ISAs - will be developed if the requirements in local environment warrant it Recommended Practice Guidelines (RPGs) - developed by local accounting bodies from time to time in response to inquiries from practising accountants relating to interpretation & application of standards
4-4

Regulation of auditing profession Governments role

Government maintains the legislative framework for audit regulation, through Companies Commission of Msia (CCM) - Statutory body established under Companies Commission of Msia Act 2001 - Function: administration & enforcement of CA1965, Trust Companies Act 1949, Registration of Businesses Act 1956 - Also regulates proper conduct of corporate officers & good corporate governance - Monitors auditors and audit firms
4-5

Regulation of auditing profession Governments role

Securities Commission (SC) - Central authority fpr regulating securities & futures industry - Functions: Regulating securities/futures contracts Registering authority for prospectuses/ approving authority for bond issues Regulating take-over & mergers & unit trust schemes Supervising/monitoring activities of stock exchanges, clearing houses, central depositories
4-6

Regulation of auditing profession Governments role (Contd.)

Securities Commission (SC) (Contd.) - Functions (Contd.) Licensing/supervising licensed persons provided under any securities laws Suppressing illegal/dishonourable/ improper practices in securities dealings/ trading Encouraging self-regulation & ensuring proper conduct of market institutions & licensed persons - Responsible for maintaining investor confidence by ensuring adequate protection, by ensuring reliable info for making investment decisions.
4-7

Regulation of auditing profession Governments role (Contd.)

Bursa Malaysia - Regulatory organisation which governs the conduct of stock-broking companies & listed companies. - KLSE Listing Requirements: Listing requirements/disclosure standards, provisions for director responsibilities, duties of external auditors

4-8

Regulation of auditing profession Accountancy profession

Malaysian Institute of Accountants (MIA) - Regulatory body over accounting profession - Determine qualifications of persons for member admissions - Establish standards & rules MSAs, RPGs, Technical Bulletins - Supports IFAC, including adopting ISAs - Issued By-laws (On professional conduct & ethics) - Financial Statements review - Investigation & disciplinary - MIA practice review

4-9

Corporate Governance
"a process by which the owners and creditors of an organisation exert control and require accountability for the resources entrusted to the organization. The owners (shareholders) elect a board of directors to provide oversight of the organisation's activities"

4 - 10

Accountability/Responsibility
Shareholders Elect Board of Directors Empower Management Engage Operating management
4 - 11

Responsibility

Accountability

Importance of CG
Globalisation International capital markets larger pool of investors Countries with high standards of CG practices are more likely to attract international capital

4 - 12

Previous problems with CG

Short-termism - Earnings management to meet analysts expectations Creative accounting - pushing accounting concepts to help boost earnings Business failures & scandals - fraudulent financial reporting - Worldcom & HealthSouth Directors pay linked to share price performance
4 - 13

Previous problems with CG

Auditors were no longer willing to confront clients over questionable accounting practices Consulting fees were impairing auditor independence Accountants were using technical interpretations of GAAP to push the limits of accounting

4 - 14

OECD Principles of Corporate Governance 2004

Identified common elements underlying good CG The rights of shareholders Equitable treatment of shareholders, including minority & foreign shareholders The rights of stakeholders, as established by law, and their role in creating wealth/ jobs & sustainability of sound enterprises Disclosure & transparency Responsibility of the Board of Directors
4 - 15

OECD Principles of Corporate Governance 2004 (Contd.)

Auditors to be accountable to shareholders, not management BOD should effectively oversee the financial reporting function & ensure that appropriate systems of control are in place The need to ensure audit competence in all countries

4 - 16

Sarbanes-Oxley Act 2002 PCAOBs authority & powers (US)

Establishes the Public Companies Accounting Oversight Board (PCAOB) with broad authority, including the power to set auditing standards for audits of plcs Authority & powers: Set auditing standards Set standards for the reports on internal control and risk management Perform quality reviews of public accounting firms & recommend penalties if the firms fail to perform Establish quality control standards for the audits of public companies Require all public accounting firms that audit plcs to register with the PCAOB and become licensed to perform such audits

4 - 17

SOX - auditor independence provisions?

Audit firms cannot perform consulting work for their audit clients (in most cases) Audit Committee = auditor's client Audit Committee to pre-approve any non-audit services by the audit firm, e.g. tax planning Audit partners (and other partners & managers with significant roles in the audit) must be rotated off the engagement every 5 years for plcs A "cooling off" period before an audit partner or manager can take a high-level position with an audit client Auditors must report on internal controls
4 - 18

SOX - Management
CEO & CFO to certify the accuracy of the FS; criminal penalties for misrepresentation Management to describe whether they have implemented a Corporate Code of Conduct Management to report on the effectiveness of internal control over financial reporting Increased disclosure of "off-balance sheet" transactions or agreements that may have a material effect
4 - 19

SOX Audit Committees

All PLCs must have a fully independent Audit Committee = Audit client Oversight responsibilities over the internal audit and financial reporting processes Comprised of "outside" directors, i.e. not management or have other relationships with the organization At least 1 person who is a financial expert. Other members must be knowledgeable in financial accounting and control Must report on its activities to public, including the results of significant discussions with the external auditor

4 - 20

SOX - Audit committee responsibilities

Be informed of all significant accounting decisions made by management Be informed of all significant changes in accounting systems and system controls Have authority to hire & fire the external auditor Review the audit plan & discuss audit results with the auditor Have authority to hire & fire the head of the internal audit function & set the budget for the internal audit function Review the audit plan & discuss all significant results Receive all regulatory audit reports & meet with regulatory auditors to discuss findings
4 - 21

Protections for Corporate Whistleblowers under Sarbanes- Oxley

Civil liability whistleblower protection Creates civil liability for companies that retaliate against whistleblowers Protects only employees of publicly traded companies The employee must report the suspected misconduct to a federal regulatory or law enforcement agency, a member of Congress or committee of Congress, or a supervisor Employees are protected against retaliation for filing, testifying in, participating in, or otherwise assisting in a proceeding filed or about to be filed Protected even if the company is ultimately found not to have committed securities fraud

4 - 22

Protections for Corporate Whistleblowers under Sarbanes- Oxley

Criminal liability whistleblower protection Makes it a crime to knowingly, with the intent to retaliate, take any harmful action against a person for providing truthful information relating to the commission or possible commission of any federal offense Information must be provided to a law enforcement officer in order for protection to be triggered Broader than the civil liability protections Protections covers all individuals regardless of where they work
4 - 23

Corporate governance in Malaysia

Establishment of Securities Commission in 1993 to regulate the market, CG Financial Reporting Act, 1997 --> introduces accountability & transparency in the regulatory environment Finance Committee on Corporate Governance established, issued The Finance Committee Report on CG (1999), sets out The Malaysian Code on Corporate Governance principles & best practices for good governance by plcs
4 - 24

The Finance Committee Report on Corporate Governance

Strengthening laws over shareholder rights, director duties, duties of other corporate participants (with emphasis on RPTs) Enhancing disclosure & transparency Promoting effective enforcement Development of a Malaysian Code of Best Practices in CG restructure BOD composition, more effective Identification of training & education needs of directors, other key corporate participants & investors
4 - 25

Malaysian Code of Best Practices in CG

(a) (b) (c) (d) (e) Set by the Malaysian Institute of Corporate Governance (MICG) MICG comprised of: The Federation of Public Listed Companies MIA MAICSA MICPA The Malaysian Institute of Directors Improvement of BOD composition independent directors, independence of working Increase in efficiency & accountability of BODs independent & seen to be independent
4 - 26

Malaysian Code of Best Practices in CG

Enforcement by Bursa Malaysia in Revamp Listing Requirements 2001. Requirements for companies to disclose in reports/accounts: (a) How have companies applied the principles set out in the Code? (b) To what extent have they complied with best practices in the Code (with justification for non-compliance)? (c) To set out dates when the Code would be complied with

4 - 27

Recommendations of Finance Committee Report

Every plc should be headed by an effective BOD which should lead & control the company BOD should have a balance of executive & nonexec directors (including independent non-execs) such that no individual or small group can dominate decision-making Timely & high quality information should be supplied to the BOD to enable decision making Formal & transparent procedures: For appointment of new directors All directors to submit themselves for re-election at regular intervals, & at least every 3 years Annual Report should contain details of directors remuneration
4 - 28

Recommendations of Finance Committee Report (Contd.)

Companies should use the AGM to communicate with shareholders & encourage their participation Audit Committees: Each plc to establish an AC of at least 3 non-exec directors (majority of them independent), with written terms of reference which deal clearly with its authority & duties Chairman should be an independent nonexecutive director

4 - 29

Recommendations of Finance Committee Report (Contd.)

Audit Committees duties (Contd.): Consider the appointment of external auditor, audit fee, questions of resignation/dismissal Discuss with external auditor before audit commences, the nature & scope of audit. Ensure co-ordination where more than 1 audit firm is involved. Review half-year & annual FS, focusing on changes in accounting policies/practices, significant adjustments arising from audit, going concern assumption, compliance with standards & other legal requirements Discuss problems & reservations arising from interim & final audits, and any other matter the auditor wants to discuss (in absence of mgt where necessary) Review external auditors management letter & mgts response

4 - 30

Recommendations of Finance Committee Report (Contd.)

Audit Committees duties (Contd.): Where an internal audit function exists, to ensure that it is adequately resourced & has appropriate standing in the company. To review the IA programme Consider RPTs Consider major findings of internal investigations & mgts response Consider other topics as defined by the BOD

4 - 31

Recommendations of Finance Committee Report (Contd.)

Audit Committee meetings Shall be attended by a representative of the IA function & external auditors Other BOD members may attend meetings at the invitation of the AC At least once a year, the AC will meet with external auditors without the presence of executive BOD members Companies should consider having an IA function External auditors should communicate matters of governance to those in charge (ISA 260)
4 - 32

Limitation of Audit Committees

Compliance mentality: Heavy responsibilities placed on AC may cultivate an increasingly cautious approach may inhibit managers from taking risks & exercising creativity, which is essential to long-term prosperity Too much time & effort, risk of loss of reputation may dissuade individuals from becoming a member of AC
4 - 33

Enterprise-wide risk management (EWRM)

Integrates credit, market and operational risk with effective organisation, reporting and other support functions into a single framework to help give managers a complete picture of firm-wide risks Risk management is a part of CG Managements role: - identifying and managing risk and for implementing ERM in a structured, consistent, and coordinated approach BODs role: - monitoring the risks and for gaining assurance that they are managed at an acceptable level.
4 - 34

Enterprise-wide risk management (EWRM)

Internal auditors role: - Providing assurance on the design and effectiveness of risk management processes. - Providing assurance that risks are correctly evaluated. - Evaluating risk management processes. - Evaluating the reporting on the status of key risks and controls. - Reviewing the management of key risks, including the effectiveness of the controls and other responses to them.
4 - 35

Money laundering

Process by which dirty money (funds generated from illegal activities) is channeled through legitimate businesses and institutions to make it appear clean

4 - 36

Money laundering

4 - 37

International initiatives
1989: Financial Action Task Force on Money Laundering (FATF) inter-governmental organisation to examine & recommend measures to counter money laundering 2001: expanded scope to cover terrorist financing 1992: International Organisation of Securities Commissions (IOSCO) adopted resolution to consider issues to minimise money laundering 1996, 2003, 2004: FATF issued & revised recommendations to deal with money laundering
4 - 38

Legislation in Malaysia
Anti-Money Laundering & AntiTerrorism Financing Act 2001 Government Gazette on Anti-Money Laundering (Amendment) Act 2003 Government Gazette on Anti-Money Laundering and Anti-Terrorism Financing (Reporting Obligations) Regulations 2007

4 - 39

Legislation in Malaysia
Anti-Money Laundering & AntiTerrorism Financing Act 2001 Government Gazette on Anti-Money Laundering (Amendment) Act 2003 Government Gazette on Anti-Money Laundering and Anti-Terrorism Financing (Reporting Obligations) Regulations 2007

4 - 40

4 - 41

Relevant services
As holders of practising certificates: 1. Buying and selling of immovable property 2. Managing clients money, securities or other property 3. Managing of accounts including savings and securities accounts 4. Organising of contributions for the creation, operation or management of companies 5. Creating, operating or managing of legal entities or arrangements and buying and selling of business entities
4 - 42

Relevant services (Contd.)

1. 2. As company secretaries: Acting as a formation agent of legal entities Acting as (or arranging for another person to act as) a director or secretary of a company, a partner of a partnership or a similar position in relation to other legal entities Providing a registered office, business address or accommodation, correspondence or administrative address for a company, a partnership or any other legal entity or arrangement Acting as (or arranging for another person to act as) a trustee of an express trust Acting as (or arranging for another person to act as) a nominee shareholder for another person
4 - 43

3. 4. 5. 6.

Key elements of the AMLA framework

Internal controls, policies Appointment of AMLRO & accountabilities

Know your client

Education & training Monitoring & detection Reporting obligations & procedures Record keeping Compliance programme

Client identification programme Staff training

Role of AMLRO Suspicious Transaction Report At least 6 years Guidance by MIA, firms programme
4 - 44

(1) Internal controls, policies & accountabilities

Client acceptance procedures Know your client information Controls over clients money & transactions passing through the client account

Review other services to clients

Appropriateness of internal reporting lines Role of the Compliance Officer/AMLRO

4 - 45

(1) Responsibilities & accountabilities

All member firms have a clear obligation to ensure that: 1. Staff knows reporting person (AMLRO) 2. Firm is aware of own legal obligations

3. Establishment of clear reporting chain

4. Confidentiality of reports & relevant documents

4 - 46

(1) AMLRO
Appointment of an Anti-Money Laundering Reporting Officer (AMLRO) Characteristics of the AMLRO: 1. Suitable level of seniority & experience

2. Capable of exercising authority over staff

3. Able to handle reporting responsibility 4. Preferably principal or partner of firm

4 - 47

(1) Main responsibilities of AMLRO

Assist partners/principals & employees to comply with AMLA requirements

Monitor changes in business practices Assist in training Act as central point for the receipt & validation of Suspicious Transaction Records (STR) Lodge STR with Financial Intelligence Unit (FIU) if suspicious Review suspicious transactions Create awareness of AML obligations, assemble & distribute information on AMLA, provide guidance on compliance with AMLA requirements
4 - 48

(2) Know your client

Formal identification evidence for all clients are required which include obtaining one or more of the following:
1. Passport 2. Drivers licence 3. Identification card

4. Certification of incorporation
5. Registered or correspondence address 6. List of shareholders and directors

Handling clients money especially when monies are of higher risk, e.g. FOREX

4 - 49

(3) Education & training

Employee training programmes Awareness of personal statutory obligations

To include in training modules:

1. definition & process of money laundering 2. reporting obligations

3. various risks involved

4. know your client policy 5. examples of suspicious transactions & their possible sources 6. actions to be taken on suspicious transactions
4 - 50

(3) Education & training

Training should be provided on: 1. How to recognise activities related to money laundering 2. Procedures for reporting suspicious transactions to the AMLRO

3. Areas that may give rise to suspicions

4. Procedures to be adopted when a transaction is deemed suspicious

4 - 51

(4) Monitoring & detection

AMLRO should ensure that all staff are aware: 1. They must report all suspicious transactions to AMLRO immediately

2. Of the procedure for reporting

3. They do not have to be certain, only suspicious 4. If they are suspicious but fail to report may be a criminal offence 5. They should not inform client of their suspicion or that a STR has been lodged no TIPPING OFF

6. Should continue to deal with the client normally, unless instructed otherwise.
4 - 52

(5) Reporting obligations & procedures

Forward all STR to FIU at BNM
Standard STR form Must report the identity of persons involved, the transaction itself, any other circumstances concerning that transaction

4 - 53

(5) Reporting obligations & procedures

Failure to comply with the obligation to report STR is an offence

If convicted

RM100,000 fine AND/OR

6 months jail
4 - 54

(6) Retention of records

Client identification
Transaction activities Internal policies & procedures Training & compliance programmes Reports to authorities & AMLRO

Monitoring/review work carried out

Time frame = at least 6 years

4 - 55

(7) Compliance Programme

Co-operate with FIU of BNM
Compliance with AMLA & MIA guidance Establishment & implementation of internal policies on AMLA On-going review

Dissemination of policies within member firm & relevant level of staff

Develop audit functions
4 - 56

Warning signs of suspicious transactions

Size of transaction
Irrational transaction Change in patterns

Where personal identity is difficult to determine

Unconventionally large currency transactions Apparently structuring of transactions Transactions passed through intermediaries for no apparent reason Transaction is international in nature for no obvious reason
4 - 57

Client confidentiality
Section 20 of AMLA overrides secrecy obligations or duty of confidentiality
But only disclose information that is relevant To inform client of member firms legal obligations to disclose any suspicious transactions

4 - 58

Legal protection
Section 24(1) Protects against civil, criminal or disciplinary proceedings if disclose information or lodge STR (unless in bad faith)

Section 24(2)
Provides a defence if you can show that you have taken all reasonable steps & exercised all due diligence to avoid committing the offence
4 - 59