A5 Flashcards
what are the elements of internal control
C - Control environment
R - Risk assessment
I - Information and communication system
M - Monitoring
E - Existing Control activities
Who do PCAOB internal control standards apply to
Issuers (public company)
Who do AICPA internal control standards apply to
non issuers private company
When performing an integrated audit, what approach shold be used in selecting controls to be tested
top down approach
when are the auditors and management’s responsibility presented in separate paragraphs
when auditng a private company (either separately or combined report
what opinion does the presence of a material weakness in internal controls result in
adverse opinion
what is a financial forecast fs
Prospective FS based on expected conditions and expected courses of action
what standards does an audit engagement follow?
PCAOB for issues, and SAS for non issuers
what standards do preparation, compilation, and review engagements. follow
SSAES (statements on standards for accounting and review services)
what standards do attest engagements follow?
SSAE (statements on standards for attestation engae magnets
what two items will an attestion never referrence
1- historic financial statements
2 - GAAP
what are the common concepts included in SSAE
CAPE CORP
C - Compliance
A - Acceptance and continuance
P- Preconditions are present
E - ENgagement documentation (timeliness, retention, ownership, confidental
C - Acceptance of change in terms as reasonable
O - using work of others
R - Responsibility of quality control
P - professional skepticism and professional judgement
What are some subject areas that SSAE provides standards
agree upon procedures
financial forecasts and projections
pro forma FS
compliance
Mgt discussion and analysis
reporting on controls at a serivce org
what is a financial projection fs
prospective FS based on hypothetical assumptions. what if
what are the prospective FS engagement types
preparation
compilation
examination
agree upon procedure
Agreed upon procedures engagement have the following conditions
I - independence
A - agreement of parties (procedures, criteria material limits:)
M - measurability and consistency
S - ufficiency of procedures (clients responsibility)
U - use of report (general or restricted)
R - responsibility of subject matter (clients responsible)
E - engagement to perform AUP on prospective FS
What criteria is used to determine findings in an agreed upon procedures enegagmenet
the client and CPA will agree on criteria , procedures, and materiality limits for reporting
which prospective FS are for Limited Use
Both Financial Forecasts and Financial Projections
which prospective FS are for general use
only financial forecasts
explain the limited use of prospective FS
these prospective FS are only able to be used by responslie party or by parting negoating wiht repsonsible parties.
can be either financal forecast or financial projections
explain the general use of prospective FS
financial forecast can be used by all parites. (public)
What is an agreed upon procedure engagement
type of attestation engagement in which CPA is eneagged by. client to issue a report based on specific procedures performed
requirements for compliance examination
1 - perform risk assessment
2 - design responses to risk assessment
3 - determine if supplementary audit requirements exit
4 - obtain written representation form mgt
5 - prepare reports
6 - prepare required documentation
what two types of engagments are addressed by attestation standards
1- compliance with specific requirements
2 - internal control over compliance
what must be true for an auditor to report on a clients complacne in connection to fs audit
1- auditor must have audited clients fs express unmodified or qualified
2 - only issue negative assurance on compliance
what is the objective of CPA examination procedures applied to an entity’s compliance with specified requirements
express opinion on an entity’s compliance or related assertions, based on specified criteria
what is a SOC report
Service Organizations Controls
an independent evaluation of service providers control and practices
SOC Report 1
This is a report on the SOC internal controls relevant to the entity’s internal controls over financial reporting
SOC 1 = IC
restricted report
SOC report 2
this report is on controls at a SO relevant to security , availability, processing integrity, confidence, or privacy
restricted report
Type 1 SOC report (Can be for either SOC 1 or SOC 2)
report on design and implementation of service orgs controls. does not provide assurance. report is for a Specific date. (type 1 , one day)
Type 2 SOC report (can be for either SOC 1 or SOC 2)
reports on design, implementation, and Operating effectiveness of service orgs controls. report is on a specified period
just remember period and OPerating effectiveness
What are the key categories of performance audit objectives (GAGAS)
Effectiveness, Economy, Efficiency
Internal Control
Compliance
Prospective Analysis
In FS audit, GAGAS requires a report on what
internal controls over financial reporting
WHat are the types of engagements under government audit standards
- financial audits
- attest engagements
- performance audits
auditor’s objectives in a compliance audit of a governmental entity
form an opinion on whether the govt compled with applicable compliance requirements and report at the level specified by governmental audit requiements
when can a audtior report on compliance
- with contractual agreements or regulatory requirements in connection with FS audit
- attestation engagement regarding entity compliance with requirements to specific laws/regulations or on internal control over compliance
- over compliance of a single audit engagement when auditing a recipient of federal financial assistance
what should i know with regards to compliance reports in connection with audited FS
- may only issue a negative assurance
- if report on compliance is included in audited FS report, restriction of use is enforced on all reports.
- if report on compliance is separate of FS report, only report on compliance is restricted
how will a compliance attestation enaggemnt be
agree upon procedures (no assurance) or examination (reasonable assurnace) no review allowed
what does GAGAS define as what the auditor must comply to
“unconditional requirements”
what does GAGAS define as what the auditor should comply to
“presumptively mandatory requirements”
if you depart you must document
What does GAGAS include
all of GAAS standards by reference and expands requirements with additional standards focused on gov’t audits and govt financial assistance audits
single audits represent
supplementary audit requirements that relate to federal financial assistance
what is important in determining if govt assistance has been qualified or if it is owed back to grantor
compliance
what is the yellow book
a written report on internal control and compliance.
who can have a single audit
entities that spend equal or more than $750,000 of fedreal financial assistance in fiscal year
what are the auditors responsibilities in a single audit
- express opinion regarding fair presentation of FS (GAAP)
- express opinion regarding fair presentation of SEFA
- report on iC over FR and compliance (GAGAS)
- report on compliance for each major program and report onIC over compliance
- provide a schedule of findings and questioned costs
how should single audits materiality be evaluated
individually for each program.