AU 332: Auditing Derivative Instruments, Hedging Activities, and Investments in Securities1

AU-C 501: Audit Evidence—Specific Considerations for Selected Items

AU EFFECTIVE DATE AND APPLICABILITY

AU-C EFFECTIVE DATE

SAS No. 122, Codification of Auditing Standards and Procedures, is effective for audits of financial statements with periods ending on or after December 15, 2012.

AU-C 501 supersedes AU Section 332. AU-C 501 combines the requirements and guidance from extant AU Section 331, Inventories; 332, Auditing Derivative Instruments, Hedging Activities and Investments in Securities; and 337, Inquiry of a Client’s Lawyer Concerning Litigation, Claims, and Assessments.

The ASB found that many of the requirements of AU Section 332 are essentially the same as Section 540, Auditing Accounting Estimates, Including Fair Value Accounting Estimates, and Related Disclosures The ASB decided that the application of those requirements in the other clarified standards to the subject matter addressed by AU Section 332 is most appropriately addressed as interpretative guidance in the AICPA Audit Guide Auditing Derivative Instruments, Hedging Activities, and Investments in Securities. Consideration of these requirements and related application guidance will be a specific focus in the audit guide.

AU-C Section 501 excludes requirements and guidance addressing auditing investments accounted for using the equity method because the auditing of equity investees is addressed more broadly by AU-C Section 600, Special Considerations—Audits of Group Financial Statements (Including the Work of Component Auditors).

AU-C 501.4–10, and the related application material address those requirements (primarily auditing the valuation assertion) that have been retained from AU Section 332.

AU DEFINITIONS OF TERMS

Derivative Instruments and Hedging Activities

This section uses the definitions of derivatives and hedging activities in Financial Accounting Standards Board (FASB) Accounting Standards Codification (ASC) 815, Accounting for Derivative Instruments and Hedging Activities, as amended under the codification, this is ASC 815. Hereinafter, we will refer to it as FASB ASC 815. FASB ASC 815 addresses the accounting for derivatives that are either freestanding or embedded in contracts or agreements. For purposes of applying the guidance in this SAS, a derivative is a financial instrument or other contract with all three of the characteristics listed in FASB ASC 815; that is:

An entity may enter into a derivative for investment purposes or to designate it as a hedge of exposure to changes in fair value (referred to as a fair value hedge), exposure to variability in cash flows (referred to as a cash flow hedge), or foreign currency exposure. The guidance in this section applies to hedging activities in which the entity designates a derivative or a nonderivative financial instrument as a hedge of exposure for which FASB ASC 815 permits hedge accounting.

AU-C 501 DEFINITIONS OF TERMS

AU-C 501 contains no definitions.

OBJECTIVES OF AU SECTION 332

As the accounting standards for investing and related activities have become more complex and detailed, the related auditing guidance has followed suit. Section 332 applies to investments in all securities as well as to derivative instruments and hedging activities.

There are two types of securities—debt securities and equity securities. This section uses the definitions of debt security and equity security that are in the FASB Master Glossary.

Section 332 contains the basic notion that an investee’s unaudited financial statements generally do not provide sufficient evidential matter. However, it adds a cautionary note that even audited financial statements might not be sufficient because of factors such as significant differences in fiscal year-ends or accounting principles between the investor and investee or changes in ownership or conditions.

Section 332 includes substantial guidance on the effect on audit approach and procedures of complexities and risks related to derivatives, involvement of service organizations, and accounting requirements applicable to hedging activities.

The AICPA issued an Audit Guide entitled Auditing Derivative Instruments, Hedging Activities, and Investments in Securities (Guide). The guide contains many illustrative examples of both the accounting for and auditing of the most common types of derivatives, particularly those that are prevalent at small business entities. The Committee of Sponsoring Organizations of the Treadway Commission (COSO) issued Internal Control Issues in Derivatives Usage: An Information Tool for Considering the COSO “Internal Control—Integrated Framework” in Derivatives Applications in 1996. Although the COSO document precedes FASB ASC 815, its guidance may be useful to entities in developing controls over derivatives transactions and to auditors in assessing control risk for assertions about those transactions.

The Auditing Standards Board issued Statement of Position (SOP) 01-3, Performing Agreed-Upon Procedures Engagements That Address Internal Control over Derivative Transactions as Required by the New York State Insurance Law, which provides guidance to practitioners on performing an agreed-upon procedures engagement that enables insurance companies to meet the requirements of the New York Derivative Law (the Law) that amends Article 14 of the New York Insurance Law. The Law requires insurers who enter into derivative transactions to file with the State of New York Insurance Department (Department) a statement describing an independent CPA’s assessment of the insurance company’s internal control over derivative transactions. This assessment is considered part of the evaluation of internal control prescribed by Section 307(b) of the New York State Insurance Law. An assessment is required regardless of whether the derivative transactions are material to the insurer’s financial statements.

The Independence Standards Board2 issued Interpretation 99-1 on assisting clients in implementing FASB ASC 815. It includes guidance on the effect of assistance on accounting application of FASB ASC 815 and derivative valuation consulting on the auditor’s independence.

OBJECTIVES OF AU-C SECTION 501

The objective of the auditor is to obtain sufficient appropriate audit evidence regarding the:

FUNDAMENTAL REQUIREMENTS

Required Risk Assessment in Planning

The auditor should consider the inherent risk and control risk for assertions about derivatives and securities when designing audit procedures.

Control Risk Assessment

The auditor should assess control risk for the related assertions after obtaining an understanding of internal control over derivatives and securities transactions.

For assertions for which the auditor plans to assess control risk below the maximum, the auditor should:

• Identify specific controls relevant to the assertions that are likely to prevent or detect material misstatements that have been placed in operation by either the entity or a service organization.
• Gather evidential matter about whether controls are operating effectively.

Confirmations of balances or transactions from a service organization do not provide evidence about its controls.

Designing Auditing Procedures

In designing auditing procedures for assertions about derivatives and securities, the auditor should consider the following about the entity:

• Its size
• Its organizational structure
• The nature of the entity’s operations
• The types, frequency, and complexity of its derivatives and securities transactions
• Its controls over those transactions

Importance of Identifying and Testing Controls

In some circumstances, the auditor will need to identify controls placed in operation by the entity or service organization and gather evidence about the operating effectiveness of the controls to reduce audit risk to an acceptable level.

For example, the auditor likely would be unable to reduce audit risk to an acceptable level without identifying and testing controls for assertions about the occurrence of earnings if the entity has a large number of derivatives or securities transactions. Relevant controls include those over the authorization, recording, custody, and segregation of duties.

Designing Substantive Procedures Based on Risk Assessment

When determining the nature, timing, and extent of substantive procedures to be performed to detect material misstatements of the financial statement assertions, the auditor should use the assessed levels of inherent risk and control risk for assertions about derivatives and securities.

The auditor should consider whether the results of other audit procedures conflict with management’s assertions about derivatives and securities, and, if so, consider the impact on the sufficiency of evidential matter.

Completeness Assertion for Derivatives

In designing tests of the completeness assertion for derivatives, the auditor should not focus exclusively on evidence relating to cash receipts and disbursements. Derivatives may involve only a commitment to perform under a contract and not an initial exchange of tangible considerations.

The auditor should consider the following procedures:

Tests of Valuation Assertions

The auditor should design tests of valuation assertions according to the valuation method used for measurement or disclosure in accordance with GAAP.

GAAP may:

Valuation Based on Cost

If GAAP requires that the derivative or security be valued based on cost, the auditor should evaluate management’s conclusion about recognizing an impairment loss for an other-than-temporary decline in a security’s fair value below its cost.

Valuation Based on an Investee’s Financial Results

If GAAP required that the derivative or security be valued based on the investee’s financial results, the auditor should obtain sufficient evidence to support those financial results, including but not limited to the equity method of accounting (see APB Opinion 18). The investor’s auditor should:

• Read financial statements and the audited report of the investee, if available. Audited financial statements of the investee and an audit report satisfactory for the investor auditor’s purpose may constitute sufficient evidential matter.
• Ask that the investor arrange with the investee to have another auditor apply appropriate auditing procedures if the investee’s financial statements are not audited or the investee’s audit report is not satisfactory.
• Obtain sufficient evidence to support the carrying amount of the security if this amount reflects factors not recognized in the investee’s financial statements or if the asset’s fair values are materially different from the carrying amounts.
• Add an explanatory paragraph to the auditor’s report because of the change in reporting period if a change in time lag occurs that materially affects the investor’s financial statements.

• Evaluate management’s conclusion about recognizing an impairment loss for an other-than-temporary decline in a security’s fair value below its cost.
• Obtain evidence about (1) whether unrealized profits and losses on transactions between the entity and the investee are properly eliminated when the equity method of accounting is used to account for an investment under GAAP and (2) the disclosures of material related-party transactions are adequate.
• Read the investee’s interim financial statements and make inquiries of the investor to identify subsequent events (those occurring after the date of the investee’s financial statements but before the date of the investor auditor’s report) that are material to the investor’s financial statements. Subsequent events discussed in Section 560, “Subsequent Events,” should be disclosed in the notes to the investor’s financial statements and labeled “unaudited.”

Valuation Based on Fair Value

If GAAP requires that the derivative or security be valued based on fair value, the auditor should obtain evidence supporting management’s assertions about the fair value of derivatives and securities measured or disclosed at fair value. The auditor should:

• Determine whether GAAP specifies the method to be used for calculating the fair value of the derivatives and securities, and evaluate whether the fair value calculations are consistent with that valuation method.
• Consider the guidance in Section 342, Auditing Accounting Estimates, if appropriate, and the guidance in Section 312, Audit Risk and Materiality in Conducting an Audit, guidance on considering a difference between an estimated amount best supported by the audit evidence and the estimated amount in the financial statements.

Sources of Fair Value Information

If derivatives or securities are listed on national exchanges or over-the-counter markets, quoted market prices are available in financial publications, the exchange, the National Association of Securities Dealers Automated Quotations Systems (NASDAQ), pricing services, and other sources.

Quoted market prices for certain other derivatives and securities can be obtained from broker-dealers who are market makers or through the National Quotation Bureau. However, special knowledge may be necessary for understanding the way in which the quote was developed. For example, National Quotation Bureau quotes may not be based on recent trades and may only indicate interest and not an actual price for the underlying derivative or security.

If quoted market prices for derivatives or securities are not available, broker-dealers or other third-party sources can often develop fair value estimates using internally or externally developed valuation models. The auditor should understand the method used in developing the estimate. The auditor may also decide to obtain estimates from more than one pricing source. This may be appropriate if either:

• There is a relationship between the pricing source and the entity that might impair objectivity, such as an affiliate or a counterparty involved in selling or structuring the product.
• The valuation is based on highly subjective or particularly sensitive assumptions.

Fair Value Determined Using a Model

The entity may use a valuation model, such as the present value of expected future cash flows, option-pricing models, matrix pricing, option-adjusted spread models, and fundamental analysis, to value a derivative or security.

The auditor should perform procedures such as the following to obtain evidence about management’s assertions about fair value as determined by the model:

• Assess whether the model is reasonable and appropriate. (For example, estimates of future cash flows should be based on reasonable and supportable assumptions.) Since evaluating appropriateness may require knowledge of valuation techniques and other factors, the auditor may need to involve a specialist to assess the model.
• Calculate the value using the auditor’s model or a model developed by the auditor’s specialist to corroborate the reasonableness of the entity’s value.
• Compare the fair value with subsequent or recent transactions.

Use of Collateral in Evaluating Fair Value

If collateral is important in evaluating the security, the auditor should obtain evidence regarding the:

• Existence
• Fair value
• Transferability
• Investor’s rights to the collateral

Impairment Losses

The auditor should evaluate management’s conclusion about whether it is necessary to recognize in earnings an impairment loss for a decline in fair value that is other than temporary. In doing so, the auditor should evaluate (1) whether management has considered relevant information about whether a decline is other than temporary and (2) management’s conclusions about recognizing an impairment loss. The auditor is required to obtain evidence about such factors that tend to corroborate or conflict with management’s conclusions. When an impairment loss is recognized, the auditor should obtain evidence supporting the recorded amount of the impairment adjustment and determine whether the entity has appropriately followed GAAP.

Unrealized Appreciation or Depreciation in Fair Value of a Derivative

The auditor should obtain evidence to support the amount of unrealized appreciation or depreciation in the fair value of a derivative that is recognized in earnings or other comprehensive income or that is disclosed because of the ineffectiveness of a hedge.

GAAP may also require reclassification of amounts from accumulated other comprehensive income to earnings. For example, such reclassifications may be required because a hedged transaction is determined to no longer be probable of occurring.

Assertions about Presentation and Disclosure

The auditor should evaluate whether the derivatives and securities are presented and disclosed in conformity with GAAP.

Additional Considerations Related to Gathering Evidential Matter about Hedging Activities

The auditor should gather evidential matter to:

• Determine whether management complied with hedge accounting requirements, including designation and documentation requirements
• Support management’s expectation at the inception of the hedge that the relationship will be highly effective and periodically assess ongoing effectiveness
• Support the recorded change in the hedged item’s fair value attributable to the hedged risk
• Determine whether management has properly applied GAAP to the hedged item
• Evaluate whether a forecasted transaction that is hedged is probable of occurring

Assertions Related to Management’s Ability and Intent

If GAAP requires that management’s intent and ability be considered in valuing securities, in evaluating management’s intent and ability the auditor should:

• Understand management’s process for classifying securities as trading, available-for-sale, or held-to-maturity
• For equity method investments, ask management if the entity has the ability to exercise significant influence over the operating and financial policies of the investee and evaluate the attendant circumstances that serve as a basis for management’s conclusions
• If the investment is accounted for contrary to the presumption established by GAAP for use of the equity method, obtain sufficient competent evidential matter about whether that presumption has been overcome and whether the reasons for not accounting for the investment in keeping with that presumption are appropriately disclosed.
• Consider whether management’s activities support or conflict with its stated intent. For example, the auditor should evaluate management’s assertion that it intends to hold debt securities to their maturity by examining evidence such as documentation of management’s strategies and sales and other historical activities with respect to those securities and similar securities.
• Determine whether management is required by GAAP to document its intentions and specify the content and timeliness of that documentation. The auditor should inspect the documentation and obtain evidence about its timeliness. Evidential matter supporting the classification of debt and equity securities may be more informal than the documentation required for hedging activities.
• Determine whether management’s activities, contractual agreements, or the entity’s financial condition support its ability. For example:
  • Evidence about an entity’s ability to hold debt securities to their maturity may be provided by the entity’s financial position, working capital needs, operating results, debt agreements, guarantees, alternate sources of liquidity, and other relevant contractual obligations, as well as laws and regulations
  • Management’s cash flow projections may not support the entity’s ability to hold debt securities to their maturity
  • If management cannot obtain information from an investee, it may suggest that it does not have the ability to significantly influence the investee
  • If the entity asserts that it maintains effective control over securities transferred under a repurchase agreement, the contractual agreement may indicate that the entity actually surrendered control over the securities and therefore should appropriately account for the transfer as a sale instead of a secured borrowing.

Management Representations

The auditor ordinarily should obtain written management representations confirming management’s intent and ability concerning assertions about derivatives and securities, and consider obtaining representations about other aspects of derivatives and securities transactions that affect assertions about them.

INTERPRETATIONS

Auditing Derivative Instruments, Hedging Activities, and Investments in Securities (July 2005; Revised April 2007)

When testing the existence and measurement of an investment in securities, it is not sufficient to receive a confirmation with respect to the valuation assertion. However, a confirmation on an investment-by-investment basis does constitute adequate audit evidence with respect to the existence assertion. If the auditor cannot audit the existence or measurement of interests in investments in securities, this may be a scope limitation.

TECHNIQUES FOR APPLICATION

Special Skill or Knowledge Might Be Needed to Plan or Perform Auditing Procedures Related to Derivatives or Securities

Examples of situations that might require special skill or knowledge to plan or perform auditing procedures related to derivatives or securities are when the auditor:

• Obtains an understanding of an entity’s information system for derivatives and securities, including services provided by a service organization. The auditor may need to have special skills or knowledge about computer applications when significant information about derivatives and securities is transmitted, processed, maintained, or accessed electronically.
• Identifies controls placed in operation by a service organization that provides services to an entity that are part of the entity’s information system for derivatives and securities. The auditor may need to have an understanding of the operating characteristics of entities in a certain industry.
• Gains an understanding of GAAP for assertions about derivatives. The auditor may need special knowledge because of the complexity of those principles. In addition, a complex derivative may require the auditor to have special knowledge to evaluate the measurement and disclosure of the derivative in conformity with GAAP.
• Gains an understanding of how fair values of derivatives and securities are determined, including the appropriateness of various types of valuation models and the reasonableness of key factors and assumptions. The auditor may need to know about valuation concepts.
• Assesses inherent risk and control risk for assertions about derivatives used in hedging activities. The auditor may need an understanding of general risk management concepts and typical asset/liability management strategies.

If the auditor seeks assistance from employees of the auditor’s firm, or others outside the firm, with the necessary skill or knowledge, the auditor should consider the guidance in Section 311, Planning and Supervision. If the auditor plans to use the work of a specialist, the auditor should consider the guidance in Section 336, Using the Work of a Specialist.

Assessing Inherent Risk for an Assertion about a Derivative or Security

The primary inherent risk is the susceptibility of an assertion about a derivative or security to a material misstatement, assuming there are no related controls. According to AU 332.08, examples of considerations that might affect the auditor’s assessment of inherent risk are as follows:

• Management’s objectives. The complexity of accounting requirements based on management’s objectives may increase the inherent risk for certain assertions.
• The complexity of the features of the derivative or security. The complexity of the features of the derivative or security may increase the complexity of measurement and disclosure considerations required by GAAP.
• Whether the transaction that gave rise to the derivative or security involved the exchange of cash. Derivatives that do not involve an initial exchange of cash are subject to an increased risk that they will not be identified for valuation and disclosure considerations.
• The entity’s experience with the derivative or security. An entity’s inexperience with a derivative or security increases the inherent risk for assertions about it.
• Whether a derivative is freestanding or an embedded feature of an agreement. Embedded derivatives are less likely to be identified by management, which increases the inherent risk for certain assertions.
• Whether external factors affect the assertion. Assertions about derivatives and securities may be affected by a variety of risks related to external factors, such as
  • Credit risk, which exposes the entity to the risk of loss as a result of the issuer of a debt security or the counterparty to a derivative failing to meet its obligation.
  • Market risk, which exposes the entity to the risk of loss from adverse changes in market factors that affect the fair value of a derivative or security, such as interest rates, foreign exchange rates, and market indexes for equity securities.
  • Basis risk, which exposes the entity to the risk of loss from ineffective hedging activities. Basis risk is the difference between the fair value (or cash flows) of the hedged item and the fair value (or cash flows) of the hedging derivative. The entity is subject to the risk that fair values (or cash flows) will change so that the hedge will no longer be effective.
  • Legal risk, which exposes the entity to the risk of loss from a legal or regulatory action that invalidates or otherwise precludes performance by one or both parties to the derivative or security.

• The evolving nature of derivatives and the applicable GAAP. As new forms of derivatives are developed, interpretive accounting guidance for them may not be issued until after the derivatives are broadly used in the marketplace. In addition, GAAP for derivatives may be subject to frequent interpretation by various standard-setting bodies. Evolving interpretative guidance and its applicability increase the inherent risk for valuation and other assertions about existing forms of derivatives.
• Significant reliance on outside parties. An entity that relies on external expertise may be unable to appropriately challenge the specialist’s methodology or assumptions. This may occur, for example, when a valuation specialist values a derivative.
• GAAP may require developing assumptions about future conditions. As the number and subjectivity of those assumptions increase, the inherent risk of material misstatement increases for certain assertions. For example, inherent risk for valuation assertions based on assumptions about debt securities whose value fluctuates with changes in prepayments (for example, interest-only strips) increases as the expected holding period lengthens. Similarly, the inherent risk for assertions about cash flow hedges fluctuates with the subjectivity of the assumptions and probability, timing, and amounts of future cash flows.

Assessing Control Risk for Assertions about Derivatives or Securities

To achieve its objectives, management of an entity with extensive derivatives transactions should consider the following:

• Are derivative transactions monitored by a control staff that is fully independent of derivatives activities?
• Do derivatives personnel obtain at least oral approval from senior management independent of derivatives activities prior to exceeding limits?
• Does senior management properly address limit excesses and divergences from approved derivatives strategies?
• Are derivatives positions accurately transmitted to the risk measurement systems?
• Are appropriate reconciliations performed to ensure data integrity across the full range of derivatives, including any new or existing derivatives that may be monitored apart from the main processing networks?
• Do derivatives traders, risk managers, and senior management define constraints on derivatives activities and justify identified excesses?
• Does senior management, an independent group, or an individual that management designates perform a regular review of the identified controls and financial results of the derivatives activities to determine whether controls are being effectively implemented and the entity’s business objectives and strategies are being achieved?
• Are limits reviewed in the context of changes in strategy, risk tolerance of the entity, and market conditions?

The required extent of the auditor’s understanding of internal control over derivatives and securities depends on how much information the auditor needs to identify the types of potential misstatements, consider factors that affect the risk of material misstatement, design tests of controls where appropriate, and design substantive tests. The understanding could include controls over derivatives and securities transactions from initiation to inclusion in the financial statements and might encompass controls placed in operation by the entity and by service organizations whose services are part of the entity’s information system.

The Effect of a Service Organization on Audit Approach and Procedures

AU 332 provides guidance on how service organizations apply to audits of derivatives and securities.

AU ILLUSTRATIONS

1 This section is affected by the Public Company Accounting Oversight Board’s (PCAOB’s) Standard, Conforming Amendments to PCAOB Interim Standards Resulting from the Adoption of PCAOB Auditing Standard No. 5, An Audit of Internal Control Over Financial Reporting That Is Integrated with an Audit of Financial Statements.

2 The ISB was dissolved on July 31, 2001.

3 Existence assertions relate to whether the derivatives and securities reported in the financial statements through recognition or disclosure exist at the date of the statement of financial position. Occurrence assertions relate to whether derivatives and securities transactions reported in the financial statements, as a part of earnings, other comprehensive income, or cash flows or through disclosure, occurred.

4 Completeness assertions relate to whether all the entity’s derivatives and securities are reported in the financial statements through recognition or disclosure. They also relate to whether all derivatives and securities transactions are reported in the financial statements as a part of earnings, other comprehensive income, or cash flows, or through disclosure. The extent of substantive procedures for completeness may vary in relation to the assessed level of control risk. The auditor should consider that derivatives may not involve an initial exchange of tangible consideration, and thus it may be difficult to limit audit risk for assertions about the completeness of derivatives to an acceptable level with an assessed level of control risk at the maximum.

5 Assertions about rights and obligations relate to whether the entity has the rights and obligations associated with derivatives and securities, including pledging arrangements, reported in the financial statements.