Comprehensive Case A.1 – Enron I. Technical Audit Guidance To maximize the knowledge acquired by students, this book has been designed to be read in conjunction with the post-Sarbanes-Oxley technical audit guidance. All of the PCAOB Auditing Standards that are referenced in this book are available for free at: http://www.pcaobus.org/Standards/index.aspx. In addition, the AU Sections that are referenced in this book are available for free at: http://www.pcaobus.org/Standards/Interim_Standards/Auditing_Standards/index.aspx. Finally, a summary of the provisions of the Sarbanes-Oxley Act of 2002 is available for free at: http://thecaq.aicpa.org/Resources/Sarbanes+Oxley/Summary+of+the+Provisions+of+the+Sarban es-Oxley+Act+of+2002.htm. II. Case Questions – Answer Key 1. What is auditor independence, and what is its significance to the audit profession? What is the difference between independence in appearance and independence in fact? The second general standard of generally accepted auditing standards (GAAS) is, “In all matters relating to the assignment, an independence in mental attitude is to be maintained by the auditor or auditors.” If the auditor is not independent, the financial statements are considered unaudited for all practical purposes. In case where the SEC has found that a CPA firm was not independent, it has required that the financial statements be re-audited by another firm. A lack of independence can result in disciplinary action by regulators and/or professional organizations and litigation by those who relied on the financial statements (e.g., clients and investors). The profession, as a whole, depends on the value of independence in that the auditor’s opinion on the financial statements loses its value if the auditor is not considered to be substantially independent from the management of the firm. Article IV of the AICPA’s Professional Code of Conduct requires that “a member in public practice should be independent in fact and appearance when providing auditing and other attestation services.” To be independent in fact, an auditor must have integrity, a character of intellectual honesty and candor; and objectivity, a state of mind of judicial impartiality that recognizes an obligation of fairness to management and owners of a client, creditors, prospective owners or creditors, and other stakeholders. To be independent in appearance, the auditor must not have any obligations or interests (in the client, its management, or its owners) that could cause others to believe the auditor is biased with respect to the client, its management, or its owners. Even if the auditor does not have any direct or indirect financial interest or obligation with the client in fact, they must assure that no part of their behavior or actions appear to affect their independence in the opinion of the public. When behavior seems to affect independence it has a similar effect on public opinion as a breach of independence in fact. The facts of the case reveal numerous issues that suggest that Andersen's independence may have been compromised. For example, Enron was one of Andersen’s biggest audit clients. It paid Arthur Andersen $46.8 million in fees for auditing, business consulting, and tax work for the fiscal year ended August 31, 1999; $58 million in 2000; and more than $50 million in 2001. At Andersen, the compensation of partners depended on their ability to cross-sell other services to its audit clients. More than half of the fees for Enron were charged for non-audit services. By 2001, Duncan was earning more than $1 million a year. The size of the fees would likely have made it hard for Duncan and his fellow auditors to challenge Enron's management team on difficult accounting issues. In addition, the substantial amount of non-audit work completed by Andersen provided incentives to work as an advocate on behalf of Enron. For example, Arthur Andersen boasted about the closeness of their relationship in a promotional video. “We basically do the same types of things…We’re trying to kinda cross lines and trying to, you know, become more of just a business person here at Enron,” said one accountant. In addition, Since 1993 Andersen had performed Enron’s internal audit function in addition to performing the audit on its financial statements. Performing both the internal and external auditing functions meant that Andersen was auditing its own work and thus would not be unbiased. In addition, more than eighty former Arthur Andersen accountants were working at Enron. Several were in senior executive positions, including Jeffrey McMahon, who served in the positions of treasurer and president; and vice president Sherron Watkins; and chief accounting officer Richard Causey. Article IV of the AICPA Code of Conduct (Objectivity and Independence) states: “A member in public practice should be independent in fact and appearance when providing auditing and other attestation services.” Close relationships might affect independence in appearance, even if independence in fact is maintained. Clearly there was cause for concern at Enron. Causey was good friends with Andersen’s global engagement partner, David Duncan. In fact, their families had even gone on vacations together. Andersen employees often attended Enron-sponsored events and office parties. The nature of Causey and Duncan’s close relationship violated the AICPA Code of Conduct’s requirements for independence in appearance. 2. Refer to Section 201 of SARBOX. Identify the services provided by Arthur Andersen that are no longer allowed to be performed. Do you believe that Section 201 is needed? Why or why not? Section 201 says that it shall be unlawful for a registered public accounting firm to provide any non-audit service to an issuer contemporaneously with the audit, including: (1) bookkeeping or other services related to the accounting records or financial statements of the audit client; (2) financial information systems design and implementation; (3) appraisal or valuation services, fairness opinions, or contribution-in-kind reports; (4) actuarial services; (5) internal audit outsourcing services; (6) management functions or human resources; (7) broker or dealer, investment adviser, or investment banking services; (8) legal services and expert services unrelated to the audit; (9) any other service that the Board determines, by regulation, is impermissible. Arthur Andersen provided services to Enron that would be prohibited today by SOX Section 201. “More than half of that amount (more than $50 million) was for fees that were charged for nonaudit services… $27 million for consulting and other services, such as internal audit services.” Andersen had been providing internal audit services to Enron for eight years. The nonaudit services that Andersen provided were encouraged by the structure of partner compensation. Importantly, the bill allows an accounting firm to “engage in any non-audit service, including tax services,” that is not listed above, only if the activity is pre-approved by the audit committee of the issuer. The audit committee is required to disclose to investors in its periodic filings its decision to pre-approve non-audit services. Most observers now agree that Section 201 was needed. The rise of non-audit services has been a common trend in the public accounting profession. In 1993, 31% of the fees in the industry came from consulting. By 1999, that number had jumped to 51%. In fact, the AICPA released a publication in 1999 titled “Make Audits Pay: Leveraging the Audit Into Consulting Services.” The book advised the auditor to think of himself as a “business advisor.” It did note that conflicts could arise from performing the role of business advisor (which was a client advocate) and the auditor (which had to be independent). It advised erring on the side of looking out for the public interest. Other striking examples include KPMG, which billed Motorola $3.9 million for auditing and $62.3 million for other services; Ernst & Young, which billed Sprint Corp. $2.5 million for auditing and $63.8 million for other services; and PricewaterhouseCoopers, which billed AT&T $7.9 million for auditing and $48.4 million for other services. 3. Refer to Sections 203 and 206 of SARBOX. How would these sections of the law have impacted the Enron audit? Do you believe that these sections rewere needed? Why or why not? Section 203 says that the lead audit or coordinating partner and the reviewing partner must rotate off of the audit every 5 years. Section 206 says that the CEO, Controller, CFO, Chief Accounting Officer or person in an equivalent position cannot have been employed by the company’s audit firm during the 1-year period ("the cooling off period) proceeding the audit. Section 203 could have impacted the Enron audit. Lead partner for the Enron engagement, David Duncan had formed a close personal relationship with Enron’s Chief Accounting Officer, Richard Causey. “…and their families had even gone on vacations together.” The nature of this close relationship put Duncan in a position that he might not be able to challenge management. A key point to raise in this response is that David Duncan would not have been the lead audit partner after 5 years of service because of the establishment of Section 203. It is important to point out that the relationship that develops among professionals is interrupted by regulation to help insure independence. Section 206 requires a “one year cooling off period” for former Andersen employees to accept a position as CEO, CFO, Controller, or Chief Accounting Officer. “Causey was responsible for recruiting many Andersen alumni to work at Enron. Over the years, Enron hired at least 86 Andersen accountants. Several were in senior executive positions.” Section 206 of SOX would have prevented some of these hirings before the cooling off period had expired. Since both of these laws help to insure independence in appearance and in fact, most students are likely to agree that they were needed. Both Section 203 and Section 206 would have impacted the Enron engagement. 4. Refer to Section 301 of SARBOX. Do you believe that Section 301 is important to maintaining independence between the auditor and the client? Why or why not? Section 301 of SARBOX requires that the “audit committee of an issuer shall be directly responsible for the appointment, compensation, and oversight of the work of any registered public accounting firm employed by that issuer.” As a result, the relationship between the audit firm and the CFO and/or Controller at an audit client has changed dramatically. In the past, it may have been difficult for an auditor to challenge the CFO and/or the Controller on difficult accounting issues because the auditor knew that these individuals had the authority to fire the audit firm from the job. At a minimum, this was a major threat to independence in appearance. Now, the auditor reports directly to the audit committee. As a result, the independence between the auditor and client has improved. 5. Consider the principles, assumptions, and constraints of Generally Accepted Accounting Principles (GAAP). Define the revenue recognition principle and explain why it is important to users of financial statements. The revenue recognition principle of GAAP states that revenue must be both earned and realized before it is recognized and is supported by the FASB Statement of Financial Concepts No. 5. In addition, the amount of the sale needs to be fixed and determinable. Also, the recognition of revenue is dependent on an assumption that the cash will be collected from the customer in a timely manner. Other points that should be made to students are that the buyer needs to assume the risks and rewards of ownership of the product (i.e., the risk of damage or physical loss). In addition, for certain types of sales, the SEC has established specific and exacting criteria that must be followed in the revenue recognition process. In the case of Enron, the manner in which MTM accounting was applied to its trading business was suspect. That is, by recognizing the present value of the stream of future inflows under the entire contract as revenues and recognizing the present value of future costs under the entire contract as expenses. Of course, this violated the revenue recognition principle because Enron hadn’t performed under the contract at the time it recognized revenues. 6. Consider the Sithe Energies contract described in the case. Does the accounting for this contract provide an example of how Enron violated the revenue recognition principle? Why or why not? Please be specific. According to GAAP, in order for revenue to be recognized, it must have been earned by the company. In the present context, Enron used MTM accounting to allow for the recognition of the present value of the stream of future inflows as revenues on its contract with Sithe Energies. However, the application of MTM (in this context) clearly violates the revenue recognition requirements under GAAP. Consider that Enron recognized revenue from the Sithe contract before the Sithe plant had even begun its own operations. As a result, Enron had not done its part in fulfilling its contract obligations. Thus, revenue on this contract was not yet earned and should not have been recognized. 7. Consult Paragraph 2 and Paragraph A5 (in Appendix A) of PCAOB Auditing Standard No. 5. Based on the case information, do you believe that Enron had established an effective system of internal control over financial reporting related to the contract revenue recorded in its financial statements? Why or why not? According to paragraph #2 of Auditing Standard #5, “effective internal control over financial reporting provides reasonable assurance regarding the reliability of financial reporting and the preparation of financial statement for external purposes. If one or more material weaknesses exist, the company's internal control over financial reporting cannot be considered effective.” In the Appendix of Auditing Standard #5, paragraph #A5 provides more specifics about the definition of an internal control system. According to that paragraph, such a system is “a process designed by, or under the supervision of, the company's principal executive and principal financial officers, or persons performing similar functions, and effected by the company's board of directors, management, and other personnel, to provide reasonable assurance regarding the reliability of financial reporting and the preparation of financial statements for external purposes in accordance with GAAP and includes those policies and procedures that – (1) Pertain to the maintenance of records that, in reasonable detail, accurately and fairly reflect the transactions and dispositions of the assets of the company; (2) Provide reasonable assurance that transactions are recorded as necessary to permit preparation of financial statements in accordance with generally accepted accounting principles, and that receipts and expenditures of the company are being made only in accordance with authorizations of management and directors of the company; and (3) Provide reasonable assurance regarding prevention or timely detection of unauthorized acquisition, use, or disposition of the company's assets that could have a material effect on the financial statements.” Enron did not have an effective system of internal control over financial reporting related to contract revenue recorded in its financial statements. Stated simply, Enron’s internal control system does not provide reasonable assurance that revenue was being recorded fairly, and in accordance with GAAP. Consider the valuation assertion. An example of a control procedure that would help to prevent a material misstatement related to the valuation assertion related to revenue would be to require an independent valuation firm to be responsible for valuing all material contracts. When considering the discretion of an independent 3rd party upon an estimate, the estimate can be considered more reliable and competent. Although this valuation procedure can be costly to the client, the reliability of the estimate is far more valuable to users that are dependent upon an unbiased and objective MTM estimate. An example of a control procedure designed to detect a material misstatement related to the valuation assertion about revenue would be to have the internal audit department perform independent recalculations of the valuation of material contracts. In such a situation, the internal audit department would be responsible for evaluating (independent of management) the subjective components of the MTM valuation to determine if the valuation is reasonable, reliable, and has competent evidence to support the valuation. For example, an interest rate used in the calculation of an MTM valuation must be supported by market information that supports the use of a particular interest rate. 8. Consult Paragraphs .21-.22 of AU Section 326. As an auditor, what type of evidence would you want to examine to determine whether Enron was inappropriately recording revenue from the Sithe Energies contract? According to paragraph #21 of AU Section 326, “To be competent, evidence, regardless of its form, must be both valid and relevant.” Indeed, “the validity of evidential matter is so dependent on the circumstances under which it is obtained that generalizations about the reliability of various kinds of evidence are subject to important exceptions.” So, the competence of audit evidence refers to the quality of the evidence gathered for a financial statement assertion about a financial statement account balance and/or an economic transaction(s). And, as indicated in the standard, there are two aspects to evidence quality that are most important: relevance and reliability. The relevance of audit evidence specifically relates to whether the evidence gathered actually relates to the financial statement assertion being tested. That is, will the evidence allow the auditor to reach conclusions related to that financial statement assertion? The reliability of the evidence specifically relates to whether the evidence gathered can truly be relied upon as providing a true indication about the financial statement assertion being tested. There are a number of factors that should influence an auditor’s conclusions about reliability, the most important of which is the source (e.g., is it from a third party?) of the audit evidence. According to paragraph #22 of AU Section 326, “The amount and kinds of evidential matter required to support an informed opinion are matters for the auditor to determine in the exercise of his or her professional judgment after a careful study of the circumstances in the particular case.” So, the sufficiency of audit evidence refers directly to the quantity of the audit evidence gathered about a financial statement assertion. All things being equal, the greater the risk of material misstatement related to the financial statement assertion, the more audit evidence will be gathered by the auditor. Recall that Enron employed MTM accounting on an agreement that Enron reached to supply Sithe Energies with 195 million cubic feet of gas per day for 20 years for a plant that Sithe was going to build in New York. The estimated value of the gas to be supplied was $3.5 to $4 billion. At the moment the contract was signed, the present value of the stream of future inflows under the contract was recognized as revenues and the present value of the expected costs of fulfilling the contract were expensed. In order to determine whether Enron was properly accounting for the contract, the auditor would need to gather competent and sufficient evidence related to the contract. In testing the contract, the auditor would have to gather sufficient and competent evidence to ascertain how much work was completed under the contract. According to GAAP, revenue must be earned and realized in order to be recorded. The bottom line is that inquiry of management, without corroboration, would not be enough to conclude on the appropriateness of revenue recognition practices. While interviews of management may be an appropriate first step in the evidence gathering process, the interviews cannot serve as the basis for an auditor’s conclusion. Students must always remember that the auditor must consider the source of the evidence when evaluating the competence of evidence. And, given the elevated inherent risk for this transaction, the competence of evidential matter relied upon would be even more important. Stated simply, the auditor would have to examine documentary evidence that convinced the auditor that revenue should be recognized. 9. Explain why an accounting and auditing research function (like Andersen’s PSG) is important in the operations of a CPA firm. What role does the function play in completing the audit? In order to mitigate their risk of an audit failure, CPA firms must implement their own system of internal controls to ensure that professional standards (and their own standards) of audit quality are being met. Stated simply, a firm must have assurance that the work being completed by its audit professionals is being completed in accordance with professional standards set forth by the firm. The accounting and auditing research function (like Andersen’s PSG) is an instrumental part of a firm’s quality assurance process. Typically, the group is comprised of a CPA firm’s leading technical experts on accounting, auditing and industry-specific professional standards. Thus, if an engagement partner (like Andersen’s David Duncan) encounters a difficult technical issue, he/she has the necessary technical support that may be necessary to reach the correct conclusion in the field. 10. Consult Section 103 of SARBOX. Do you believe that the engagement leader of an audit (like David Duncan on the Enron audit) should have the authority to overrule the opinions and recommendations of the accounting and auditing research function (like the PSG)? Why or why not? According to Section 103 of SOX, the “PCAOB shall: 1) register public accounting firms; 2) establish, or adopt, by rule, “auditing, quality control, ethics, independence, and other standards relating to the preparation of audit reports for issuers; 3) conduct inspections of accounting firms; 4) conduct investigations and disciplinary proceedings, and impose appropriate sanctions; 5) perform such other duties or functions as necessary or appropriate; 6) enforce compliance with the Act, the rules of the Board, professional standards, and the securities laws relating to the preparation and issuance of audit reports and the obligations and liabilities of accountants with respect thereto; 7) set the budget and manage the operations of the Board and the staff of the Board.” In essence, this section of SOX provides for government regulation of the audit profession and it represents one of most dramatic changes mandated by the new law. Indeed, this section requires the PCAOB to perform detailed inspections of the audit process employed by each audit firm. In addition, PCAOB inspectors have the authority to review the audit work completed at any publicly traded corporations. Considering that the audit profession has relied solely on peer evaluation for decades, this represents a dramatic change. Considering these sweeping changes, there is no way that an engagement partner should be allowed to overrule the firm’s technical experts on an accounting or auditing matter. The role of the technical experts is to provide information needed to make a correct decision on a technical or complex matter. By the very nature of the expert’s role, they are used at a time when the auditing professionals do not have the knowledge to make a correct decision. To overrule the expert would defeat the objective of the technical experts entirely. In addition, in the post-Sarbanes environment, it is not likely that the PCAOB would agree that the engagement partner on a particular audit should have the authority to overrule the firm’s auditing and accounting research group. The bottom line is that since the function is in place to insure a quality audit, it is likely that a PCAOB inspector would note this as an egregious violation of a firm quality control procedure and may even issue some type of sanction against the firm. 11. After Carl Bass was removed from the Enron account, he indicated to his boss that he did not believe Enron should have known about internal discussions regarding accounting and auditing issues. Do you agree with Bass’s position? Why or why not? In general, it is hard not to agree with Carl Bass’s position that Enron should not have known about the internal discussions regarding accounting and auditing treatments. There are a number of different points that can be made to support this view. They include: The firm has an obligation to maintain independence and objectivity per the requirements of Rule 102 of the AICPA Code of Conduct. In order to maintain independence and objectivity, the firm should have a policy that prevents this type of communication with the client about the treatment of complex accounting or auditing transactions. Collaboration with the client on these types of issues is comparable to asking “their opinion”, which of course would be a violation of independence standards. It is absolutely not acceptable to allow the client to know about any internal discussions related to a complex accounting and/or auditing issue. The firm’s position needs to be unified to the client in all cases. If employees of Enron knew about such conversations, they may be able to understand the “thinking” behind certain audit procedures and perhaps take actions to circumvent other audit procedures that might be considered by the audit firm. Additionally, sharing this internal information violates independence in appearance. 12. Consult Section 203 of SARBOX. Do you believe that this provision of the law goes far enough? That is, do you believe the audit firm itself (and not just the partner) should have to rotate off an audit engagement every five years? Why or why not? According to Section 203, the lead audit or coordinating partner and the reviewing partner must rotate off of the audit every 5 years. Again, it is hard not to agree that some type of auditor rotation should be required. However, there may be differences in opinion on whether this provision goes far enough. Some thoughts raised by students may include: The current provision is sufficient to maintain independence. There is no need to rotate the entire firm from the audit. Doing so would be too costly to both CPA firms and audit clients. If the entire audit firm was required to rotate off, the tradeoff is that the new CPA firm would not have the benefit of the experience and knowledge gained by the staff on prior audits. Previous knowledge proves beneficial for analytical procedures and during substantive testing. As a result, the overall cost of performing the audit would increase. The current provision is not enough. Instead, Section 203 of SOX should require that the audit firm should rotate off the engagement every five years. The fact is that the longer a firm is involved with a client, the greater the chance that the firm’s objectivity will become compromised as evidenced by the relationship between Andersen and Enron. 13. Consult Paragraph 9 of PCAOB Auditing Standard No. 5. Based on your understanding of inherent risk assessment and the case information, identify three specific factors about Enron’s business model in the late 1990s that might cause you to elevate inherent risk at Enron. At the entity and at the financial statement assertion level, inherent risk refers to the exposure or susceptibility of an assertion within an entity’s financial statements to a material misstatement, without regard to the system of internal controls. A detailed understanding of an audit client's business model, including their products and services is an essential part of an auditor’s inherent risk assessment process at both the entity level and the financial statement assertion level. Inherent risk assessment guides the auditor to allocating resources towards testing specific accounts as well as what planning what substantive tests will be employed during testing. Paragraph #9 of PCAOB Auditing Standard No. 5 relates to the planning of the audit of internal control over financial reporting. Specifically, the paragraph says that such audit should be properly planned and assistants, if any, are to be properly supervised. The paragraph then goes on to explicitly identify matters that will impact the auditor's procedures. Several of the relevant factors include: 1) Matters affecting the industry in which the company operates, such as financial reporting practices, economic conditions, laws and regulations, and technological changes; 2) Matters relating to the company’s business, including its organization, operating characteristics, and capital structure; 3) Legal or regulatory matters of which the company is aware; and 4) The relative complexity of the company’s operations. Importantly, the factors that are likely to impact the audit of internal control over financial reporting mirror the factors that are likely to impact the assessment of inherent risk in a financial statement audit. This is a key learning point for this question. In the 1980s, while employing an asset heavy strategy, Enron was a relatively simple enterprise, with a straight forward business model. As such, the inherent risk assessment is likely to have been much lower in the 1980s than in the late 1990s. In the late 1990s, there were a number of factors that would result in a higher inherent risk assessment by the independent auditor, including: Significant changes to its industry environment due to the government’s decision to de-regulate their industry. Specifically, the government decided to allow the market forces of supply and demand to dictate prices and volumes sold (previously the government had dictated the price pipeline companies paid for gas and the price they could charge their customers). This represents a significant change for the market and the business practices employed by Enron. Dramatic changes in the industry environment increase inherent risk in a client. Since Enron was now contracting with other pipeline companies to get their gas to certain customer (e.g., Brooklyn Union), Enron was assuming added risks related to the transportation of the gas. Enron’s assumption of additional operational risk increases the overall inherent risk level for Enron. Enron entered into many long term contracts with their clients. Because the terms of the contract (e.g. price) was purely speculative, Enron was assuming additional risk that the future price of their products (e.g. gas) would rise above the contract price. The nature of many of their long-term contracts was now riskier because prices could rise to a level that would make the contract unprofitable. Enron became regularly involved with the trading and financing of natural gas contracts. The accounting for such contracts is complex. In addition, the natural gas contracts it devised were quite complex and variable, depending on different pricing, capacity, and transportation parameters. Complex business transactions require complex accounting. As a result, inherent risk increases for complex transactions because it requires the independent auditor to possess complex technical knowledge regarding the appropriate accounting for the transaction. Enron decided to apply its “trading model” to other commodity markets, including electricity, paper and chemicals. Due to the fact that these commodity markets were a new focus for Enron, there is risk associated with the possibility that the “trading models” would not be fundamentally appropriate for the other commodity markets. Enron undertook international projects involving the construction and management of energy facilities outside the United States—in the United Kingdom, Eastern Europe, Africa, the Middle East, India, China, and Central and South America. When a company employs a globalization strategy, they assume an increased inherent risk associated with the reliance upon foreign economies, exchange rates, as well as a number of potential political and cultural barriers. Enron began using mark to market (MTM) accounting for its trading business. Enron was the first company outside the financial services industry to use MTM accounting. MTM accounting involves a series of subjective valuations that require management discretion. Enron also began establishing several “special purpose entities,” which were formed to accomplish specific tasks, such as building gas pipelines. An SPE could be utilized by a company hoping to achieve certain accounting purposes, such as hiding debt or certain assets. 14. Consult Paragraphs .03-.06 of AU Section 311. Comment on how your understanding of the inherent risks identified at Enron (in Question 13) would influence the nature, timing, and extent of your audit work at Enron. According to paragraph #5 of AU Section 311 “In planning the audit, the auditor should consider the nature, extent, and timing of work to be performed and should prepare a written audit program (or set of written audit programs) for every audit. The audit program should set forth in reasonable detail the audit procedures that the auditor believes are necessary to accomplish the objectives of the audit. The form of the audit program and the extent of its detail will vary with the circumstances. In developing the program, the auditor should be guided by the results of the planning considerations and procedures. As the audit progresses, changed conditions may make it necessary to modify planned audit procedures.” As a general rule, the lower the risk of material misstatement, the less audit attention is needed during the audit. It therefore follows that the higher the risk of material misstatement; the more audit attention is needed during the audit. Although this is somewhat obvious, it is a basic point that needs to be driven home to students. Clearly the nature, timing and extent of audit work should change as a result of the auditor’s risk assessment. Specifically, “if the risk is lower, the persuasiveness of the evidence that the auditor needs to obtain also decreases.” On the other hand, as the risk increases, the persuasiveness of the evidence that the auditor needs to obtain also increases. Regarding the timing of testing for controls, “as the risk associated with the control being tested decreases, the testing may be performed farther from the as-of date; on the other hand, as the risk associated with the control increases, the testing should be performed closer to the as-of date.” Finally, regarding extent of testing for controls, “as the risk associated with a control decreases, the extensiveness of the auditor's testing should decrease; as the risk associated with a control increases, the extensiveness of the auditor's testing also should increase.” In addition, Paragraph #46 of PCAOB Auditing Standard No. 5 also provides some relevant guidance for this question. Specifically, the paragraph states that “the evidence necessary to persuade the auditor that the control is effective depends upon the risk associated with the control.” Specifically, if the risk is lower, the evidence needed to persuade the auditor about its effectiveness decreases. On the other hand, as the risk increases, the evidence needed to persuade the auditor will clearly increase. 15. Consult Paragraphs 28–30 of PCAOB Auditing Standard No. 5. Next, consider how the change in industry regulation and Enron’s resulting strategy shift would impact your inherent risk assessment for the relevant assertions about revenue. Finally, idenity the most relevant assertion for revenue before and after Enron’s resulting strategy shift and briefly explain why. Among other matters, paragraphs #28-30 of PCAOB Auditing Standard No. 5 focuses the auditor’s attention on the importance of identifying each of the relevant financial statement assertions related to significant accounts and disclosures. Indeed, the identification of relevant assertions is a critical component of the audit of internal control over financial reporting. Specifically, according to Paragraph # 28, “relevant assertions are those financial statement assertions that have a reasonable possibility of containing a misstatement that would cause the financial statements to be materially misstated.” In paragraph #30, auditors might “determine the likely sources of potential misstatements by asking himself or herself “what could go wrong?” within a given significant account or disclosure.” It is clear that certain financial statement assertions are “more” relevant than others for a particular set of financial statements. When Enron shifted from the “asset heavy” strategy to the “asset light” strategy, Enron essentially was operating in a “new” industry because it faced an entirely new business environment, with new industry regulations. As a result, the likelihood that a material misstatement could occur has increased due to the possibility of Enron (or Andersen) not fully understanding all aspects of the new regulated industry environment and the relevant accounting guidance. This change in business environment and a necessary understanding of the related aspects of a new industry represents an increase in inherent risk that material misstatement could occur. For the Revenue account, among others, there are two relevant assertions that stand out. Specifically, the resulting strategy change at Enron would significantly increase inherent risk assessment related to the Valuation or Allocation assertion for revenue recognized on contracts when using mark-to-market accounting. That is, given the number of estimates used when determining the specific amount of revenue to be recognized, inherent risk would be elevated. In addition, the inherent risk related to the Occurrence assertion would also be elevated since it is not entirely clear whether the revenue related to such contracts should have been recognized under GAAP. In addition, the Existence or Occurrence assertion related to revenue recognized from international subsidiaries and/or SPEs would also be elevated. The implementation of several international subsidiaries and/or SPEs increases the likelihood that revenue fraud through related party transactions could occur. As such, an elevation of the level of inherent risk occurs. 16. Consult Paragraphs .14-.16 of AU Section 316. How might a revenue recognition fraud occur under Enron’s strategy in the late 1990s. Identify an internal control procedure that would prevent, detect, or deter such a fraudulent scheme? According to paragraph #14 of AU Section 316, on each audit engagement “members of the audit team should discuss the potential for material misstatement due to fraud.” According to paragraph #15 of AU Section 316, this discussion “should include a consideration of the known external and internal factors affecting the entity that might (a) create incentives/pressures for management and others to commit fraud, (b) provide the opportunity for fraud to be perpetrated, and (c) indicate a culture or environment that enables management to rationalize committing fraud.” Of course, these three factors are commonly referred to as the “fraud triangle”. The first condition (incentives/pressure) recognizes that an employee or a manager of a company is likely to either have incentives in place (e.g., bonus compensation) or be under significant pressure to achieve meet specific estimates, forecasts, or expectations. The second condition (opportunity) recognizes that in order for a fraud to be perpetrated, the internal control environment must provide an opportunity for an employee or a manager of a company to commit a fraudulent act. Finally, the third condition (rationalization) recognizes that for an employee or a manager of a company to perpetrate a fraud, the individual (or individuals) must possess an “attitude” that allows them to rationalize that they are knowingly committing a crime. Clearly, there are a number of allowable answers to this question. The absolute key is that students show that they have tried to “brainstorm” about how a fraud might occur at Enron. As long as this has been demonstrated, we recommend that credit be awarded for this question. Importantly, this question is also designed to help the students understand the differences between preventive controls and detective controls and the importance of each in a well- functioning internal control system. The absolute key to answering this part of the question is to focus on a relevant financial statement assertion. That is, in the post-Sarbanes environment, students must be able to identify a control procedure that would prevent specific misstatements from occurring related to specific assertions. For example, one control procedure that could be designed to prevent a fraud related to the valuation or allocation assertion related to revenue would be to have an appropriate manager approve all relevant assumptions used to estimate the amount of revenue to record related to a particular contract. In addition, another possible revenue fraud would involve side agreements within related party transactions. As Enron began to implement international subsidiaries and/or SPEs, there is an increased likelihood that not all revenue transactions were completed as an “arm’s length transaction.” As such, a prevention control would be to implement control activities such as documentation and appropriate approvals for all related party transactions. This would help ensure proper disclosure in the financial statements. 17. Consult Paragraphs .07-.08 of AU Section 316. Based on your understanding of fraud risk assessment, what three conditions are likely to be present when fraud occurs (the fraud triangle)? Based on the information provided in the case, which of these three conditions appears to have been the most prevalent at Enron, and why? According to paragraph #7 of AU Section 316, “Three conditions generally are present when fraud occurs. First, management or other employees have an incentive or are under pressure, which provides a reason to commit fraud. Second, circumstances exist—for example, the absence of controls, ineffective controls, or the ability of management to override controls—that provide an opportunity for a fraud to be perpetrated. Third, those involved are able to rationalize committing a fraudulent act. Some individuals possess an attitude, character, or set of ethical values that allow them to knowingly and intentionally commit a dishonest act. However, even otherwise honest individuals can commit fraud in an environment that imposes sufficient pressure on them. The greater the incentive or pressure, the more likely an individual will be able to rationalize the acceptability of committing fraud.” The three conditions that are likely to be present comprise what is commonly referred to as the “fraud triangle”. The first condition (incentives/pressure) recognizes that an employee or a manager of a company is likely to either have incentives in place (e.g., bonus compensation) or be under significant pressure to achieve meet specific estimates, forecasts, or expectations. The second condition (opportunity) recognizes that in order for a fraud to be perpetrated, the internal control environment must provide an opportunity for an employee or a manager of a company to commit a fraudulent act. In order to have an opportunity to commit fraud, there must be a weakness in the operating effectiveness of a control or a non-existent control. Finally, the third condition (rationalization) recognizes that for an employee or a manager of a company to perpetrate a fraud, the individual (or individuals) must possess an “attitude” that allows them to rationalize that they are knowingly committing a crime. For Enron, as evidenced by the case information, the incentives and pressure was the most prevalent factor. For example, executives had incentive to achieve high revenue growth because their salary and bonus levels were directly linked to reported revenues. In addition, they also had incentive to achieve high revenues and earnings targets because of the shares of stock they held. That is, Enron made significant use of stock options as a means to provide incentives for its executives to achieve growth. Indeed, as of December 31, 2000, Enron dedicated 96 million of its outstanding shares (almost 13 percent of its common shares outstanding) to stock option plans. When a senior manager holds a quantity of stock options, it is in their personal best interest to see the value of the share go up even if it means overstating income fraudulently. This is precisely the type of condition that may lead to a fraud. 18. Consult Paragraph 25 of PCAOB Auditing Standard No. 5. Define what is meant by control environment. Why is the control environment so important to effective internal control over financial reporting at an audit client like Enron? Paragraph #25 of Auditing Standard No. 5 outlines the auditor’s responsibilities to understand the control environment. Indeed, “because of its importance to effective internal control over financial reporting, the auditor must evaluate the control environment at the company.” The control environment is influenced heavily by a company’s management team and is therefore often referred to as “the tone at the top”. With respect to the control environment, the absolute key for management is to try and impact the attitudes towards internal controls throughout the organization by setting the proper example for the organization to follow. According to paragraph #25, “As part of evaluating the control environment, the auditor should assess – • Whether management's philosophy and operating style promote effective internal control over financial reporting; • Whether sound integrity and ethical values, particularly of top management, are developed and understood; and • Whether the Board or audit committee understands and exercises oversight responsibility over financial reporting and internal control. The control environment has a “pervasive” effect on the reliability of financial reporting at Enron and all audit clients because it impacts ALL other components of an organization’s internal control system. The lack of an appropriate control environment sends a message to all employees that management does not believe internal controls are important for efficiency and effectiveness of financial reporting. While it is difficult to glean information that would allow for a complete evaluation of the integrity of Enron’s management, their competence, their leadership style, or their perceived honesty from the case materials, students should point out that Enron’s compensation philosophy (as an example of the company’s human resource process) should raise concern about their control environment. “At Enron, executives had incentives to achieve high-revenue growth because their salary increases and cash bonus amounts were linked to reported revenue.” This policy sends a message to employees that above all it is important to meet financial expectations. In fact, the Enron case provides a terrific context to illustrate that an organization’s compensation policy can be used as a mechanism to foster an excellent control environment. “One Enron employee said, ‘At the time, it was a great tool… When we started the ranking process, we were trying to week out the lower 5 or 6 percent of the company.’” This control intends to strip Enron of employees who are not adding value to their business processes. However, it does not appear that Enron has taken advantage of this opportunity. The nature of the ranking system established a cutthroat control environment where everyone fought for themselves and did whatever they could to meet or exceed the financial expectations placed upon them. Overall, by the end of class discussion, it should be clear that a proper control environment importance provides a platform or a foundation for the entire internal control system. 19. Consult Paragraphs 21-22 of PCAOB Auditing Standard No. 5. Comment on how your understanding of Enron’s control environment and other entity-level controls would help you implement a top-down approach to an internal control audit at Enron. According to paragraph #21 of PCAOB Auditing Standard No. 5, “The auditor should use a top-down approach to the audit of internal control over financial reporting to select the controls to test. A top-down approach begins at the financial statement level and with the auditor's understanding of the overall risks to internal control over financial reporting. The auditor then focuses on entity-level controls and works down to significant accounts and disclosures and their relevant assertions. This approach directs the auditor's attention to accounts, disclosures, and assertions that present a reasonable possibility of material misstatement to the financial statements and related disclosures.” In paragraph #22, the PCAOB states that the “auditor must test those entity-level controls that are important to the auditor's conclusion about whether the company has effective internal control over financial reporting. The auditor's evaluation of entity-level controls can result in increasing or decreasing the testing that the auditor otherwise would have performed on other controls.” The absolute goal of this process is to help the auditor focus on those controls that really matter in supporting the goal of reliable financial reporting. While it is difficult to glean information that would allow for a complete evaluation of Enron’s control environment and entity level controls, the case does provide enough detail to conclude that the integrity of Enron’s management, their leadership style, and their compensation philosophy should raise concern about their control environment and perhaps other entity level controls. Overall, by the end of class discussion, it should be clear that a proper functioning control environment and strong entity level controls provide a foundation for the entire internal control system. 20. Consult Paragraph 69 of PCAOB Auditing Standard No. 5 and Sections 204 and 301 of SARBOX. What is the role of the audit committee in the financial reporting process? Do you believe that an audit committee can be effective in providing oversight of a management team like Enron’s? It is important to note that paragraph #69 of Auditing Standard No. 5 explicitly notes that “ineffective oversight of the company's external financial reporting and internal control over financial reporting by the company’s audit committee” is an indicator of a material weakness in internal control over financial reporting. This of course has elevated the importance of the audit committee. In addition, the audit committee plays an important role as a liaison with a company’s auditor. According to Section 301 of SOX, the “audit committee of an issuer shall be directly responsible for the appointment, compensation, and oversight of the work of any registered public accounting firm employed by that issuer.” Moreover, according to Section 204, the auditing firm must report all “critical accounting policies and practices” and “all alternative treatments of financial information within [GAAP] that have been discussed with management” as well as the “ramifications of the use of such alternative disclosures and treatments, and the treatment preferred” by the auditing firm. This is an important component of the oversight role played by the audit committee. For Enron, the audit committee can absolutely be effective in helping to insure fair and accurate financial reporting. Specifically, the audit committee can help to insure that an organization’s tone at the top is properly established. In addition, an audit committee can have important input into the compensation policies at an audit client. That is, the audit committee can help insure that an organization is not providing extra incentives to managers (via their compensation policies) to commit a fraudulent act. When compensation wages and bonuses are tied to the financial performance of the company, there is strong motivation to commit a fraudulent act in order to “earn” a personal compensation incentive. Or, they can help to include performance measures for fair and reliable financial reporting in the compensation structure for individuals responsible for financial reporting. 21. Consult Sections 302 and 305 and Title IX of SARBOX. Do you believe that these new provisions could help deter fraudulent financial reporting by an upper management group? Why or why not? According to section 302 of SOX, in the post-Sarbanes audit environment, the CEO and CFO of each issuer must now prepare a statement to accompany the audit report to certify the “appropriateness of the financial statements and disclosures contained in the periodic report, and that those financial statements and disclosures fairly present, in all material respects, the operations and financial condition of the issuer.” If a CEO or CFO violates this section, he/she can be held criminally liable. Essentially this statement holds the CEO and the CFO personally liable for the assertions that they have made within the financial statements. And, under Title IX of SOX, the maximum penalty for filing false financial statements with the SEC “for willful and knowing violations” are “a fine of not more than $5,000,000 and/or imprisonment of up to 20 years.” This is an absolutely critical point that must be made to answer this question. The bottom line is that crime does not pay! Imprisonment and financial penalties have been established to deter an upper management group from committing fraudulent activity. A further illustration of the point that crime really does not pay can be found in Section 305 of SOX. According to Section 305, if a company is ultimately required to restate their financial statement with the SEC due to "material noncompliance" with financial reporting rule, the CEO and CFO are now required to "reimburse the issuer for any bonus or other incentive-based or equity-based compensation received during the twelve months following the issuance or filing of the noncompliant document and any profits realized from the sale of securities of the issuer" during that period.” Given the changes brought upon by SOX, these new provisions are likely to deter fraudulent behavior. Stated simply, the penalties are severe and if it is found that such an upper manager did profit from a fraudulent act, the law now provides a clear mechanism to get the money back; not only to repay the financial benefit but also to incur punitive penalties as well, amounting to financial penalty and jail time. 22. Consult the key provisions of Emerging Issues Task Force (EITF) 90-15. How did Enron’s Chewco SPE fail to meet the outside equity requirement for nonconsolidation? Did Enron meet the control requirement for nonconsolidation? According to EITF 90-15, in order for Enron to not consolidate an SPE, there must be an independent owner of the SPE with at least a 3% ownership interest, and that interest must remain at risk throughout the transaction. Importantly, the independent owner must also exercise control of the SPE. In the Chewco SPE situation, the “outside” owners that comprised the necessary 3% ownership interest were not truly independent from Enron. Specifically, in substance, Michael Kopper, an Enron employee who reported to Andrew Fastow (Enron’s CFO), was in control of the entity, even though the partnership agreement provided some limits on the general partner’s ability to manage the partnership’s affairs. As a result, Enron did not meet the control requirement for non-consolidation because they did not have an independent owner exercise control over the SPE. Instead, Enron put one of its own people, Michael Kopper, who had been reporting to a top Enron manager, as manager of Chewco. In addition, while the majority of the 3% interest came from an entity called Big River Funding LLC (whose sole member was an entity called Little River Funding LLC), most of this money was provided by Barclays Bank ($11.4 Million) in the form of “equity loans” to Big River and Little River. And since Barclays Bank required Big River and Little River to establish cash reserve accounts of $6.6 million that were fully pledged to secure repayment of the $11.4 million, there was never really 3% at risk throughout the transaction. This violates EITF 90-15 because the independent owner (who was not really independent) did not maintain a 3% owner that was at risk throughout the transaction. As a result, Chewco did not meet the independent ownership requirement for nonconsolidation, nor did Enron meet the “control” requirement for nonconsolidation. 23. Based on your understanding of the audit evidence, did Arthur Andersen rely on sufficient and competent audit evidence in its audit of the Chewco transaction? Why or why not? The competence of audit evidence refers to the quality of the evidence gathered for a financial statement assertion about a financial statement account balance and/or an economic transaction(s). There are two aspects to evidence quality that are most important: relevance and reliability. The relevance of audit evidence specifically relates to whether the evidence gathered actually relates to the financial statement assertion being tested. That is, will the evidence allow the auditor to reach conclusions related to that particular financial statement assertion? The reliability of the evidence specifically relates to whether the evidence gathered can truly be relied upon as providing a true indication about the financial statement assertion being tested. There are a number of factors that should influence an auditor’s conclusions about reliability, the most important of which is probably the source (e.g., is it from an independent 3rd party?) of the audit evidence. The sufficiency of audit evidence refers directly to the quantity of the audit evidence gathered about a financial statement assertion. All things being equal, the greater the risk of material misstatement related to the financial statement assertion, the more audit evidence will be gathered by the auditor. An auditor must obtain sufficient audit evidence that they are able to gain comfort over the assertion with the financial statements. On the Chewco transaction, Anderson did not obtain sufficient and competent audit evidence when examining the Chewco transaction. For example, Andersen requested that Enron provide documents relating to Chewco’s formation and structure. Given Enron’s ownership of JEDI and its involvement with Chewco transaction, this was absolutely essential. However, Enron told Andersen that it did not have these documents and could not obtain them because Chewco was a third party with its own legal counsel and ownership independent of Enron. The fact is that Jedi’s ownership in Chewco and Enron’s ownership in JEDI meant that Andersen needed to review this evidence. Thus, Enron’s response that they did not have these documents was inadequate and Andersen should have demanded to examine this information. In fact, Andersen should have threatened to disclaim their opinion without such evidence based on the scope restriction. In addition, the evidence that Andersen did rely on for the Chewco transaction was not competent. While Andersen did receive a confirmation regarding the loan agreement from a Chewco representative, the reliability of the body of evidence should have been questioned as the majority represented internal documents including: Minutes of Enron’s Executive Committee of the Board of Directors approving the transaction; The $132 million loan agreement between JEDI and Chewco; Enron’s guarantee agreement of a $240 million from Barclays to Chewco An amended JEDI partnership agreement A representation letter from Enron and a representation letter from JEDI, each of which stated that related party transactions had been disclosed and that all financial records and related data had been made available to Andersen. It is important to understand internally developed documents are not nearly as competent as a confirmation from an independent 3rd party. External evidence is significantly more competent than internal documents. The auditor must consider the nature of the source from which the evidence is derived. 24. Consult Section 401 of SARBOX. How would Section 401 apply on the Enron audit? Do you think Section 401 would have improved the presentation of Enron’s financial statements? Why or why not? Section 401 of SOX explicitly requires that each set of financial statements (and related disclosures) that is required to be prepared in accordance with GAAP, shall disclose all material off-balance sheet transactions" and "other relationships" with "unconsolidated entities" that may have a material current or future effect on the financial condition of the issuer.” It is abundantly clear that the inclusion of this section of SOX was based on restatement of Enron’s financial statements due to its SPE relationships, namely the Chewco entity. There is no doubt that Section 401 of SOX would have dramatically improved the presentation of Enron’s financial statements. Consider that when the Chewco transaction was reviewed in October/November 2001, Enron and Andersen concluded that Chewco was an SPE without sufficient outside equity and that it should have been consolidated into Enron’s financial statements. The retroactive consolidation of Chewco and the investment partnership in which Chewco was a limited partner had a largely material impact on the financial statements of Enron. The retroactive consolidation in the restatements decreased Enron’s reported net income by $28 million (out of $105 million total) in 1997, by $133 million (out of $703 million total) in 1998, by $153 million (out of $893 million total) in 1999, by and by $91 million (out of $979 million total) in 2000. The restatement also increased Enron’s reported debt by $711 million in 1997, by $561 million in 1998, by $685 million in 1999, and by $628 million in 2000. 25. Consult Paragraphs .03-.08 of AU Section 326. Identify at least one relevant financial statement assertion about the financial statement accounts related to the Chewco transaction. Provide adequate support for your answer. For the Chewco transaction, there are at least two relevant assertions that the auditor should identify when auditing internal control over financial reporting. First, is the completeness assertion related to Enron’s long term liabilities? Clearly, there were significant long term liabilities that were “hidden” off the balance sheet and on the balance sheet of a non-consolidated SPE. The Chewco entity should have been properly consolidated within the financial statements of Enron, as a result the reported long term liabilities were understated. Second is the presentation and disclosure assertion related to disclosure of the Chewco special purpose entity? There was not proper disclosure of the related party Chewco, as it did not meet the control requirement nor the independent ownership requirement of the EITF 90-15. 26. Consider the role of the Enron employee who was responsible for applying MTM accounting rules to electric power contracts, like the Eli Lilly contract. Assuming the employee knew that the use of MTM accounting was beyond the scope of the SEC approval parameters, do you believe that the employee had a responsibility to report the behavior to the audit committee? Why or why not? Clearly, there are a number of allowable answers to this question. The absolute key is for a student to try and justify his or her position. Consider the following acceptable sample answer from a student: Yes, I do believe that the employee had a responsibility to report the use of MTM accounting beyond the scope of SEC approval to the audit committee. The employee should have realized that while the short term benefits of taking this action may seem promising on the surface, the long term effects will ultimately be harmful. In my opinion, such an employee should follow a constant maxim. Their maxim in this example should have been not to apply the MTM accounting rules to any transaction that was beyond the scope of SEC approval. If it was applied and they knew about the action, they should have reported the action to the audit committee.