A1 Integrated Audit Procedures

Question 1

Integrated Audits

Answer 1

These includes FS audit and audit of internal control over financial reporting (ICFR) as required by the Sox act.

The objective of an integrated audit is to express an opinion on the effectiveness of a company’s ICFR, ensure the date specified in mgmt’s assessment corresponds with the BS date for the FS audit, and the entity’s internal control cannot be considered effective if one or more material weakness exist.

Question 2

Section 404 of Sox Act

Answer 2

Section 404 of the Sarbanes Oxley Act details mgmt’s responsibility for adequate controls.

Question 3

PCAOB Standards for Internal Control

Answer 3

These standards only apply to audits of issuers.

Question 4

Engagement Withdrawal

Answer 4

If a service auditor is unable to obtain a written assertion from the service organization’s management regarding its system and suitability of the design & operating effectiveness of controls, it would be appropriate for the auditor to withdraw from the engagement as per the requirements of the statement on standards for attestation engagements. (unless prohibited by law).

Question 5

Entity Level Controls

Answer 5

These include controls related to the control environment, the risk assessment process, and the policies over risk mgmt practices.

Question 6

Integrated Audits for Nonissuers

Answer 6

Private companies can also have integrated audits using AICPA auditing standards board SAS (Statement on Auditing Standards)

SAS 130 governs the audit & report.

Question 7

Integrated Auditor Requirements

Answer 7

For both issuers & nonissuers, these include planning & performing the integrated audit to achieve the objective of both engagements, use the same control criteria to perform the audit of internal control as mgmt uses for its evaluation, & test the controls which are designed to provide sufficient appropriate evidence to support both the opinion of internal control & the control risk assessment for the FS audit.