A5 - Integrated Audits, Attestation Engagements, Compliance and Government Audits

Question 1

When is an examination engagement performed?

Answer 1

The purpose is to obtain reasonable assurance about whether, in all material respects to the following:
1. prospective F/S is presented in accordance with AICPA guidelines
2. Assumptions underlying projections/forecast are suitably supported
3. Express an opinion in a written report on the matters in a paragraph.

Question 2

What are the main characteristics of an examination engagement?

Answer 2

1. Positive assurance will be provided
2. An opinion will be issued
3. Independence is required

Question 3

When can be examination reported?

Answer 3

Examination can be reported on:
1. Prospective financial statements
2. Pro forma financial statements
3. Compliance engagements
4. Management discussion and analysis (MD&A)
5. Service organizations

Question 4

When is a SOC 1 report used?

Answer 4

A SOC 1 report focuses on internal controls over financial reporting

Question 5

When is a SOC 2 report used?

Answer 5

A SOC 2 report focuses on controls over data security.

Question 6

What is the SOC 2 Trust Service Criteria (TSC)?

Answer 6

1. Security (mandatory)
2. Availability - if you’re making ‘up-time’ guarantees
3. Processing integrity
4. Confidentiality
5. Privacy - protection of private/personal information

Question 7

When is a type 1 report used in a SOC report?

Answer 7

Type 1 reports only cover the design of internal controls over financial reporting at a specific point in time. No opinion is rendered.

Question 8

When is a type 2 report used in a SOC report?

Answer 8

Type 2 reports covers the design and effectiveness of internal controls over security (test of controls and results). An opinion is rendered on the effective operation of the controls over a period of time.

Question 9

What services are not considered attestation engagements?

Answer 9

1. Tax preparation services
2. Consulting or advisory services
3. Internal Control Audits
4. Litigation services

Question 10

What type of engagements are classified as review?

Answer 10

1. Pro forma financial statements
2. Management discussion and analysis (MD&A)

Question 11

What type of engagements are classified as agreed-upon procedures?

Answer 11

1. Prospective financial statements
2. Compliance engagements
3. Agreed-upon procedures

Question 12

What is attestation risk?

Answer 12

It is similar to audit risk and it is the risk the practitioner will express an inaccurate opinion or conclusion on the subject matter or assertion

Question 13

How is attestation risk computed?

Answer 13

Attestation risk = inherent risk + control risk + detection risk

Question 14

What is inherent risk?

Answer 14

Risk of misstatement or error without considering controls. This risk exist independent to the attestation engagement and practitioner does not have control over it.

Question 15

What increases inherent risk?

Answer 15

1. complex calculations
2. High-volume transactions
3. cash businesses
4. amounts derived from estimates
5. economy

Question 16

What is control risk?

Answer 16

Risk of misstatement or error after considering controls. This risk exist independent to the attestation engagement and practitioner does not have control over it.

Question 17

When are control risks considered high?

Answer 17

Control risk is consider high when:
1. Controls implemented are not operating effectively
2. No controls exist relative to a specific assertion
3. Testing operating effectiveness of internal controls is not efficient.

Question 18

What is detection risk?

Answer 18

Risk that the CPA does not identify a material misstatement or error. Detection risk does not exist independent of the attestation engagement. Therefore, the practitioner has control over this risk by modifying the nature, extent, and timing of attestation procedures.

Question 19

When is an inverse relationship with attestation risk?

Answer 19

An inverse relationship exists regarding the practitioner’s acceptable level of detection risk and the assurance that will be required from test of details.

Question 20

What are the key characteristics of an audit?

Answer 20

1. focuses on historical F/S
2. Requires independence
3. express positive assurance
4. PCAOB/SAS standards

Question 21

What are the key characteristics of an examination?

Answer 21

1. focus on proforma F/S, service org, compliance, MD&A, prospective F/S
2. requires independence
3. Express positive opinion
4. SSAE standards

Question 22

What is the objective of an integrated audit?

Answer 22

The objective is to report on internal controls over financial reporting to obtain reasonable assurance that no “material weaknesses” exist.

Question 23

What is the auditor require to do in an integrated audit?

Answer 23

The auditor is required to test internal controls, and should design a test of controls so they are relevant to the financial statement audit

Question 24

What materiality is used by the auditor in an integrated audit?

Answer 24

Same materiality for both financial statement audit and the audit of internal control over financial reporting.

Question 25

What is a top-down approach for an audit of internal controls?

Answer 25

Allows the auditor to take a systematic approach to identify risks and select which controls to test

Question 26

Who are lesser deficiencies found communicated to in the case of a non-public entity?

Answer 26

These are reported to management within 60 days of the report release date (documentation completion date). Those charged with governance should be informed.

Question 27

When are lesser deficiencies found communicated to in the case of a governmental entity?

Answer 27

Auditor must communicate deficiencies within 60 days of the report release date (documentation completion date)

Question 28

What opinion does the auditor render in an integrated audit of an issuer with material weaknesses?

Answer 28

The auditor will render an adverse opinion if there are material weaknesses in internal controls. Significant deficiencies do not apply.

Question 29

Who issues Generally Accepted Government Auditing Standards (GAGAS)?

Answer 29

GAGAS is issued by the Government Accountability Officer (GAO) under the authority of the comptroller general of the U.S.

Question 30

What is another name for GAGAS?

Answer 30

The yellow book

Question 31

How is an audit of a governmental entity performed?

Answer 31

It is performed using GAGAS and GAAS standards

Question 32

How is the audit report on internal controls over financial reporting structured under a GAGAS audit?

Answer 32

1. it must be in writing
2. Must be issued regardless of whether there are significant deficiencies or not.
3. Report should comment on the scope of auditor’s testing on internal controls (understanding of design of relevant controls, implementation, and assessed control risk).
4. Report can be combined or separate.

Question 33

How should the auditor documents significant deficiencies on internal controls?

Answer 33

1. if response is written, it should be included in the auditor’s report
2. If response is oral, it should include a summary of the oral response in the auditor’s report.

Question 34

What is the auditor’s responsibility to report on compliance with GAGAS?

Answer 34

Auditor is required to report on compliance with laws, regulations, contracts, and grants even if there are no instances of non-compliance.

Question 35

How is the auditor’s report on compliance structured under GAGAS (GADOMIS)?

Answer 35

G - GAGAS and GAAS compliance
A - Audit’s design to provide reasonable assurance of detecting instances of non-compliance
D - Distinguish b/w general and specific requirements
O - No opinion on overall compliance with laws and regulations
M - Management’s responsibility to comply with laws and regulations
I - Illegal acts reporting (“criminal prosecution” and “more than inconsequential”)
S - Scope of testing of internal controls over compliance and testing results (deficiencies and material weaknesses)

Question 36

What are general requirements in the audit report?

Answer 36

Requirements that are applicable to all general programs

Question 37

What are specific requirements in the audit report?

Answer 37

requirements that are specific to a particular federal program

Question 38

What action should the auditor follow if identifies noncompliance, fraud, illegal act, significant deficiencies in internal controls or if entity refuses to acknowledge it?

Answer 38

1. Auditor approaches management of government entity.
2. If no action taken, auditor approaches external parties (e.g., federal agency furnishing grants)
3. No overall report in compliance is provided by the auditor

Question 39

How should the auditor report instances of illegal acts that result in “criminal prosecution”?

Answer 39

Report in compliance should identify illegal acts that are “more than inconsequential”

Question 40

What are the 3 types of reports under GAGAS?

Answer 40

1. Financial Statement Audit Report
2. Internal control report
3. Report on compliance

Question 41

What does the Single Audit Act requires?

Answer 41

State and local government entities that expended total federal assistance greater than or equal to $750,000 in a fiscal year have an audit performed. Purpose is to promote efficiency.

Question 42

What is the emphasis of a single coordinated audit under the Single Audit Act?

Answer 42

Perform a single coordinated audit of the total federal funds with emphasis on the “major” assistance program. Auditor should recognize the major programs.

Question 43

How is materiality determined under the Single Audit Act?

Answer 43

Materiality is determined for each major federal financial assistance program

Question 44

How is an audit under the Single Audit Act performed?

Answer 44

Auditor should perform the following:
1. test controls over each major program
2. Evaluate compliance with emphasis on matters that have material and direct effect in the major programs

Question 45

When does GAGAS standard use the term “unconditional”?

Answer 45

To describe professional requirements to comply with a standard in all circumstances in which it is relevant

Question 46

When does GAGAS standard use the term “presumptively mandatory”?

Answer 46

To describe professional requirements to comply with a standard or provide a special explanation for not doing so.

Question 47

How should the CPA complete the audit documentation under GAGAS?

Answer 47

Similar to GAAS, audit documentation should be sufficient information so that supplementary oral explanations are not required. This will help the new auditor reviewing the documentation be able to determine what work was performed without additional explanations.

Question 48

Who can perform a single audit?

Answer 48

1. CPA Firms
2. Government Auditors at the state and local levels

Question 49

What standards are single audits performed?

Answer 49

GAGAS and GAAS standards.

Question 50

Who are the users of a forecast?

Answer 50

Forecast are for general use

Question 51

Who are the users of a projection?

Answer 51

Projections have a restricted use (limited use only).

Question 52

What are the types of prospective financial statements?

Answer 52

1. Forecast
2. Projection

Question 53

What is a forecast?

Answer 53

Next year’s F/S assuming what is generally expected regarding company growth, interest rates, inflation, and assumptions based on reasonable expectations from last year (historical data)

Question 54

What is a projection?

Answer 54

Next year’s F/S assuming hypothetical situations/assumptions that are not widely expected (what if type of scenario).

Question 55

When are examples of limited use or restricted use applied?

Answer 55

1. The principle stockholder only
2. Negotiations for a bank loan
3. Submission to a regulatory agency
4. Use solely within the entity

Question 56

What are the steps in a top-down approach in an integrated audit to assess risk?

Answer 56

1. obtain an understanding of the company and industry
2. Examines entity level controls
3. Review accounts, disclosures, and assertions that have a reasonable possibility to be materially misstated.
4. Select controls for testing (selecting appropriate evidence to conclude on the control)
5. Conclude on the effectiveness of internal controls over financial reporting.

Question 57

What are entity-level controls?

Answer 57

Are used to ensure that sufficient policies and procedures are implemented to recognize misstatements due to error or fraud in a timely manner.

Question 58

What are entity-level controls?

Answer 58

1. controls related to Control Environment
2. Controls to prevent mgmt override
3. Entity’s risk assessment process
4. Controls over information and communication
5. Controls over monitoring the results of operations
6. controls over monitoring the results of other controls (e.g., activities of internal audit staff)
7. controls over period end financial reporting process
8. Control over risk management practices

Question 59

What are the controls over the control environment?

Answer 59

Asses how management promotes the following:
1. Ethical values and integrity
2. whether board of directors assumed responsibility for the accuracy and completeness of the F/S

Question 60

What are the controls over the period end financial reporting process?

Answer 60

Assess methods used to perform the following:
1. enter information to the general ledger
2. extent to which IT is used
3. Type of adjusting and consolidation entries
4. Involvement of management
5. board and audit committee in the period end reporting process

Question 61

When can the CPA report on an examination of proforma financial information?

Answer 61

The CPA can report on an examination of proforma financial information if the historical F/S has been audited.

Question 62

What are the engagements regarding proforma the CPA attempts to determine whether management’s assumptions provide reasonable basis for presenting the significant effects attributable to the underlying transactions and events?

Answer 62

Examination and Review

Question 63

What are the type of opinions that could be rendered in an examination engagement of pro forma F/S?

Answer 63

unmodified, qualified, adverse or disclaimer of opinion

Question 64

What’s the date used in an examination report of proforma F/S?

Answer 64

As of the date of completion of the pro forma procedures

Question 65

What does the CPA’s report on a review of proforma F/S include?

Answer 65

1. Identification of proforma information
2. Reference to the F/S from which the historical financial information is derived
3. A statement as to whether the F/S were audited or reviewed
4. A statement on conformance with AICPA standards
5. A caveat that a review is substantially less in scope than an examination and that no opinion is expressed.
6. Separate paragraph stating the objective of proforma financial information
7. Practitioner’s conclusion providing limited assurance

Question 66

What are preconditions for the CPA to perform an examination or review on proforma F/S?

Answer 66

1. Obtain appropriate knowledge of the entity’s accounting and financial reporting (e.g., knowledge from CPA who performed historical F/S, industry trade journals)
2. CPA must be independent
3. Ensure computation in proforma columns are correct
4. Obtain written representation at the end of engagement

Question 67

What is an agreed-upon procedures engagement?

Answer 67

An independents CPA issues a report on findings based on specified procedures performed and agreed with the engaging party. Follows attestation standards, SSAE#19

Question 68

How does agreed-upon procedures services differentiate from other engagements?

Answer 68

1. Must be independent
2. Performs specific procedures on subject matter
3. Report findings without any opinion or conclusion.
4. Produces no assurance (no positive or negative assurance)
5. Will list out procedures and their corresponding findings
6. Report can be used for general use or restricted
7. Engaging party takes responsibility for the procedures prior to the issuance of the AUP report
8. Engagement letter is required
9. Mgmt. rep letter is required,

Question 69

What are the AICPA standards that apply to an AUP?

Answer 69

SSAE standards

Question 70

How does the AICPA require the procedures to be described in the engagement letter (specific terms)?

Answer 70

1. Inspection
2. confirmation
3. comparison
4. agree
5. trace
6. inquire
7. recalculate
8. observe
9. mathematical check

Question 71

What is the role of the client’s internal audit staff in an agreed upon procedures engagement?

Answer 71

Client’s internal audit staff can provide the CPA schedules and collect data for their use, but they cannot perform any procedures.

Question 72

Who is required to perform the agreed upon procedures?

Answer 72

The CPA and the specialist.

Question 73

What is the date of the written representation letter on an AUP?

Answer 73

written representation should be dated the same as the agreed upon procedures report date.

Question 74

What information is included in a report related to an agreed upon procedures engagement (SAPITO ROSADA)?

Answer 74

S - Statement stating CPA’s independence and meet certain ethical requirements
A - Addressee
P - Procedures and findings description, no assurance
I - Identification of engaging party
T - Title of report includes word independent
O - No Opinion/conclusion rendered

R - Relevant subject matter - F/S, forecasts, projections
O - practitioner’s office City and state
S - Signature of CPA Firm
A - AICPA SSAE standards
D - Date of report (no earlier than when the procedures were performed and findings determined)
A - Alert to restrict

Question 75

What should the CPA do if engaged to perform an examination of projections?

Answer 75

It should ensure that hypothetical assumptions used to determine the projection are disclosed. Otherwise, it should not accept the engagement.

Question 76

What would the auditor do if the engaging party and responsible party refuses to provide a written assertion or written representation in an examination engagement under SSAE?

Answer 76

The auditor should withdraw from the engagement
This is applicable to all attestation engagements.

Question 77

When does the CPA renders a qualified or adverse opinion in an examination engagement related to financial forecast or projection?

Answer 77

Prospective financial information departs in a material way from AICPA presentation guidelines

Question 78

When is an adverse opinion rendered in an examination engagement related to financial forecast or projection?

Answer 78

Prospective financial information fails to disclose any “significant assumptions,” or if one or more of the significant assumptions are not suitably supported or do not provide reasonable basis for the forecast or projection.

Question 79

When is a disclaimer of opinion rendered in an examination engagement related to financial forecast or projection?

Answer 79

If the CPA is unable to obtain sufficient appropriate evidence as a basis for the opinion.

Question 80

What is a list of walkthrough procedures used in an integrated audit?

Answer 80

1. Inquiry
2. Observation
3. Inspection of relevant documentation
4. Reperformance of controls

Question 81

What would the auditor do if the engaging party and responsible party are different and refuse to provide a written assertion or written representation in an examination engagement under SSAE?

Answer 81

1. Auditor should disclose in the refusal in the examination or review
2. The auditor should restrict the use of the examination/review to the engaging party

Question 82

How are significant deficiencies reported in an audit of internal controls over compliance under GAGAS?

Answer 82

Auditor should obtain a response from management of the entity.
1. If response is written, it should be included in the auditor’s report.
2. If response is oral, report should include a summary of oral responses.

Question 83

How is the integrated audit report titled?

Answer 83

PCAOB issuer audit reports typically use the title “Report of Independent Registered Public Accounting Firm.”

Question 84

When is a prospective financial statement presented partially?

Answer 84

A presentation is partial if it “omits” one or more of the following:
1. Sale or revenue
2. Gross profit or cost of sales
3. Unusual or infrequently occurring items
4. Provisions for income taxes
5. Discontinued operations
6. Income from continuing operations
7. Net income
8. Basic and diluted earnings-per-share
9. significant changes in financial position.