A5 - Integrated Audits, Attestation, Engagements, Compliance, and Government Audits

Question 1

What is the top-down approach?

Answer 1

Understand the risk of internal control at the FS level first. It is used in selecting controls to test in an integrated audit.

Question 2

What is an integrated audit?

Answer 2

An audit that includes FS and internal controls.

Question 3

What are the entity-level types of control?

Answer 3

1. Control environment.
2. Risk assessment process.
3. Policies over risk management practices.

Question 4

What factors are considered during the planning state of an integrated audit?

Answer 4

1. Preliminary judgements about the effectiveness of the internal controls.
2. Extent of recent changes in the entity and its operations.
3. Type of available evidential matter pertaining to the effectiveness of the internal controls.

Question 5

What kind of opinion does the auditor express when an auditor identifies material weaknesses in an integrated audit?

Answer 5

An adverse opinion.

Question 6

What should you do if the client refuses to give you a rep letter?

Answer 6

Disclaimer of opinion or withdraw from the engagement.

Question 7

When would an engagement be voluntary?

Answer 7

When a PTC believes it has gotten rid of a material weakness noted in its assessment of internal control, and hires another company to attest to the improvements.

Question 8

What is SSAE?

Answer 8

Statements on Standards for Attestation Engagements.

Question 9

What is an attest engagement?

Answer 9

An engagement where the CPA is to issue an examination, review, or an agree-upon procedures report on subject matter, or on an assertion about the subject matter, that is the responsibility of a party other than the practitioner.

Question 10

What are the attestation services allowed by SSAE

Answer 10

Attestation on:

1. Forecast.
2. Agreed-upon procedures.
3. Reporting on controls.
4. MD&A.
5. ProForma FS.
6. Compliance.

Question 11

When is negative assurance expressed?

Answer 11

When an accountant is requested to report on the results of performing a review of management’s assertion.

Question 12

In an attest engagement, when should the report be not be restricted to specific parties?

Answer 12

When reporting on an assertion about the subject matter instead of reporting directly on the subject matter.

Question 13

What do attestation engagement exclude?

Answer 13

1. Consulting services.
2. Advocacy services.
3. Return prep.

Question 14

What conditions need to exist so a CPA can perform agreed-upon procedures on an attestation engagement?

Answer 14

I AM SURE

1. Independence.
2. Agreement of the parties.
3. Measurability and consistency.
4. Sufficiency of the procedures.
5. Use of the report: Gral or certain ppl.
6. Responsibility of the subj matter.
7. Engagements to perform AUP on prospective FS.

Question 15

What are the required elements on an AUP report?

Answer 15

1. Stmt = subj matter is responsibility of the responsible party.
2. Stmt = Engaging party acknowledges that procedures performed were appropriate to meet the goals of the engagement.
3. Stmt = Report may not be used for purposes other than the engaging purpose. Users are responsible for determining if the procedures are appropriate for their intended use.
4. Stmt = Engagement party acknowledges AUP were appropriate for the engagement goals.
5. Stmt = Engagement complies with AICPA attestation stds.
6. Reports procedures and its findings. Not an opinion! Also, materiality thresholds established for reporting exemptions.
7. Stmt = CPA was not hired to review or give an opinion.
8. Stmt = CPA is independent.

Question 16

Who are prospective FS considered financial projections examinations restricted to?

Answer 16

1. Responsible party.

2. 3rd parties that the responsible party is negotiating with. (Bank to get a loan).

Question 17

What does the CPA need to state on a forecast report?

Answer 17

1. Results may not be achieved.
2. Limitations on the report = There are differences between actuals and forecast.
3. An accountant does not give any assurance on projected FS.
4. Mgmt is responsible for prospective financial info.
5. CPA is not responsible to update the report for events after the report date.

Question 18

What does an examination of financial forecast involve?

Answer 18

1. Evaluating the preparation & presentation of prospective FS.
2. Evaluating the support of the underlying assumptions.
3. Issuing an examination report.

Question 19

What’s the main difference between prospective FS considered financial projections and prospective FS considered financial forecasts?

Answer 19

Prospective FS considered financial projections are restricted to the responsible party and third parties in negotiation with, while prospective FS considered financial forecasts are for general use.

Question 20

What are partial presentations?

Answer 20

Prospective financial info that omits:

1. Sales/Revenue.
2. Gross profit/COGS.
3. Discretes.
4. Tax provision.
5. Disc Ops.
6. Op income.
7. Net income.
8. EPS.
9. Changes in financial position.

Question 21

What are the engagements that provide limited assurance?

Answer 21

1. Review of proforma financial info = Limited assurance about the effect of hypothetical events .

Question 22

What are the engagements that provide no assurance?

Answer 22

1. Compilation engagement.

2. AUP engagement.

Question 23

What are te engagements that provide reasonable assurance?

Answer 23

1. Examination engagement.

2. Audit Engagement.

Question 24

What’s the main difference between SSAE and SSARS?

Answer 24

SSARS = preparation, compilation, and review (of historical financial statements).

SSAE = All others (examination, agreed-upon, review of PRO FORMA FS, etc.) you use SSAE.

Question 25

What is a SOC 1 report?

Answer 25

SOC 1 - For service organizations: Internal Control Over Financial Reporting

• A report that is used by the client and its auditor to evaluate the impact that certain relevant controls at the service provider have on the FS of the client.
• It is restricted to mgmg of svc org, user entity, and user auditor.

Question 26

What is a SOC 2 report?

Answer 26

SOC 2 - For service organizations: Trust Service Criteria

- A report intended to give assurance to users regarding the controls in place relevant to security and privacy.

Question 27

What is a Type 1 report?

Answer 27

• A report that helps the auditor obtain an understanding of controls.
• This report is provided when tests of controls were not performed, so it can’t be used to reduce control risk assessment.

Question 28

What is a Type 2 report?

Answer 28

• A report that helps the auditor obtain assurance about the design, implementation, and effectiveness of internal controls.
• It can be used to reduce control risk assessment.

Question 29

What needs to be documented in an examination of an entity’s compliance with specified requireements?

Answer 29

1. Assessed risk of material noncompliance.
2. Responses to risk assessment.
3. Basis or rationale for materiality levels.
4. Compliance with supplemental requirements in an examination.

Question 30

What’s the relation between risk of material noncompliance and detection risk?

Answer 30

Inverse.
The less detection risk, the more risk of material noncompliance.

Same as RMM and Detection Risk!

Question 31

What is attestation risk composed of?

Answer 31

Control, inherent, detection risk.

Question 32

When will the auditor need to test the effectiveness of internal control on a compliance audit?

Answer 32

When:

1. The risk assessment includes an explanation of the operating effectiveness of controls over compliance.
2. Substantive procedures do not provide enough evidence to support a conclusion.
3. Test of controls are required by the applicable governmental audit requirements.

Question 33

What are the three types of engagements under GAGAS?

Answer 33

1. Financial audits.
2. Attest engagements.
3. Performance audits.

Question 34

What’s the main difference between GAGAS and GAAS?

Answer 34

Under GAGAS you must report the scope of testing of compliance an internal control.

Question 35

What are the objectives of a Single Audit?

Answer 35

1. Audit of the entity’s FS and reporting on a separate schedule of expenditures of fed awards in relation to those FS.
2. Compliance audit of fed awards expended during the year as a basis for issuing additional reports on compliance related to major programs and on internal controls over compliance.

Question 36

How is materiality determined in a single audit?

Answer 36

Separately; per program. Not FS as a whole.

Question 37

What is the risk-based approach, in a single audit, designed to?

Answer 37

Focus the audit on high risk programs.

Question 38

What’s the difference between type A and type B programs?

Answer 38

Type A = Larger programs.

Type B = Smaller programs.

Question 39

What approach is used to determine major programs?

Answer 39

Risk-based approach.

Question 40

What are the considerations on a risk-based approach?

Answer 40

1. Current and prior audit experience.
2. Oversight of federal agencies.
3. Inherent risk.

Question 41

What are the 4-steps for a risk-based approach?

Answer 41

1. Identify type A and type B programs.
2. Identify type A programs that are low risk.
3. Identify type B programs that are high risk.
4. Major programs = A programs, not low risk + B programs that are high risk.

Question 42

What is a cognizant agency?

Answer 42

The lead agency that provides the most funding to the recipient and the one that receives and distributes the reports.