A5N

Question 1

In an integrated audit of a nonissuer TOC’S

Answer 1

Testing controls over specific risks at business units that are material to the company’s consolidated financial statements.

Question 2

Issuer audit both auditor & MNGMT report on IC

Answer 2

It is management’s responsibility to assess and report on internal control, but the auditor is also required to assess and report on internal control.

Question 3

Auditor to accept an engagement to audit and report on a nonissuer’s internal control over financial reporting?

Answer 3

Management presents its written assessment about the effectiveness of internal control.

Question 4

service auditor is unable to obtain a written assertion from the service organization’s management (PCAOB Audit) regarding its system and the suitability of the design and operating effectiveness of controls, it would be most appropriate for the auditor to:

Answer 4

Withdraw from the engagement unless prohibited by law.

Question 5

Integrated Audit:
“top-down approach”

Answer 5

The auditor then focuses on entity-level controls and works down to significant accounts and disclosures and their relevant assertions.

Example: Begin by understanding the overall risks to internal control over financial reporting at the financial statement level.

Question 6

Integrated Audit:

effective way of understanding sources of potential misstatements.

Answer 6

Walkthroughs are frequently the most effective way of understanding sources of potential misstatements.

PQ you trace it from Initiation all the way to reporting

Question 7

risk assessment process in an integrated audit of a nonissuer

Answer 7

Determining evidence necessary to conclude on the effectiveness of a given control.

Question 8

Entity level controls (ELC’s)_

Answer 8

include controls related to the control environment, the risk assessment process, and the policies over risk management practices.

Question 9

difference btwn scope, procedures, and purpose of tests of controls
issuer vs. non-issuer?

Answer 9

Scope = different
Procedures- different
Scope= different

ALL different

Question 10

responsibility of the auditor with respect to significant deficiencies and material weaknesses in an audit of an issuer

Answer 10

In an audit of an issuer, the auditor is required to communicate both significant deficiencies and material weaknesses to management and the audit committee, but only material weaknesses result in an adverse opinion on the effectiveness of internal control

OJO If an auditor performing an integrated audit identifies one or more material weaknesses in a nonissuer’s internal control, the auditor should express an adverse opinion on the entity’s internal control.

Question 11

Auditor to TCWG

Answer 11

The auditor is not required to communicate all control deficiencies to those charged in governance.

However, control deficiencies that are determined to be significant deficiencies and material weaknesses are required to be communicated to those charged with governance.

Question 12

Timing in communicating weaknesses

Answer 12

An auditor is required to communicate material weaknesses prior to the issuance of the auditor’s report on internal control over financial reporting.

Question 13

auditor’s responsibility to communicate material weaknesses in internal control over financial reporting

Answer 13

An auditor is not required to communicate material weaknesses to all stockholders.

Question 14

Summary of communicating weaknesses

Answer 14

The auditor is required to communicate all deficiencies in internal control to management, and deficiencies that constitute a significant deficiency or a material weakness to management and the audit committee.

Question 15

In an integrated audit of a nonissuer, an auditor should issue an adverse opinion on the effectiveness of an entity’s internal control in which of the following situations?

Answer 15

A material weakness exists.

Question 15

Issuers integrated Audit:
auditor identifies a material weakness during the audit of management’s assessment of the effectiveness of internal control over financial reporting. Which of the following is correct?

Answer 15

The company’s internal control over financial reporting cannot be considered effective.

The presence of a material weakness in internal control results in an adverse opinion on the effectiveness of internal control over financial reporting

Question 15

Statements on Standards for Attestation Engagements (SSAE) example

Answer 15

> Review management’s discussion and analysis (MD&A) prepared pursuant to rules and regulations adopted by the SEC.

> Review of pro forma financial information

> Examining future financial statements constitutes an examination of prospective financial statements

> management’s assertion that the square footage of a warehouse offered for sale

Question 16

Negative assurance expressed when an accountant is requested to report on the

Answer 16

report on the results of performing a review of management’s assertion.

Question 17

The requirement that the CPA be independent is included in both

Answer 17

GAAS (generally accepted auditing standards)
&
SSAE (Statements on Standards for Attestation Engagements)

Question 18

compilations of prospective financial statements are governed by Statements on Standards for Accounting and Review Services (SSARS).

Answer 18

compilations of prospective financial statements are governed by Statements on Standards for Accounting and Review Services (SSARS).

Question 19

Statements on Standards for Attestation Engagements DO NOT address services involving advocating for a client, such as testifying as an expert witness.

Answer 19

Statements on Standards for Attestation Engagements do not address services involving advocating for a client, such as testifying as an expert witness.

Question 20

MD&A presentation

Answer 20

nonfinancial data has been accurately derived from related records.

Question 21

LIMITATIONS OF Attest engagements covered under Statements on Standards for Attestation Engagements (SSAE)

Answer 21

Attest engagements covered under Statements on Standards for Attestation Engagements (SSAE) specifically exclude services performed in accordance with Statements on Standards for Accounting and Review Services (SSARS).

Question 22

Statements on Standards for Attestation Engagements (SSAE) provide:

Answer 22

a framework for the attest function beyond historical financial statements.

Question 23

A practitioner reporting on pro forma does not possess an understanding of the client’s business and the industry in which the client operates. The practitioner should take which of the following actions?

Answer 23

Review industry trade journals.

Question 24

reporting on internal control when performing an integrated audit of a nonissuer

Answer 24

Whether or not a material weakness exists, the auditor must express an opinion directly on the effectiveness of internal control, and not on management’s assessment.

Question 25

SOC 1® vs SOC 2®

Answer 25

A SOC 1® report is a report on the internal controls over financial reporting at a service organization and a SOC 2® report is a report on internal controls related to one or more of the Trust Services Criteria.

Question 26

SOC REPORT

Answer 26

Information regarding the service organization’s system for calculating accounts receivable balances is relevant for gathering data on the service organization’s internal controls.

Question 27

soc 1 report type 1 vs type 2

Answer 27

TYPE 1: Provides more general (not detailed) info ONLY design and implementation

TYPE 2: Provides a more in-depth analysis (security, availability, processing integrity, confidentiality, and privacy.)

Question 28

SOC 1® Type 1

Answer 28

should include management’s description of the service organization’s system.

Question 29

soc auditor should include in their report:

Answer 29

his or her report a description of the scope and nature of the procedures performed.

Question 30

Type 2 (SOC 1 & SOC 2 ) tests for operating effectiveness of controls

Answer 30

Both a SOC 1® and SOC 2® report can include the tests of operating effectiveness of controls if a Type 2 report is issued. Type 1 reports of both SOC 1® and SOC 2® reports only include testing of the design and implementation of controls and do not include testing of the operating effectiveness.

Question 31

Requirement for accepting an attestation engagement to report on the controls at a service

Answer 31

The service auditor has the competence and capability to perform the engagement.

Question 32

user auditor (CPA performing Financail Audit) can inquire about the competence of the service auditor (CPA performing SOC report)

Answer 32

YES, In considering whether the service auditor’s report is satisfactory for the user auditor; the user auditor should make inquiries concerning the service auditor’s competence.

Question 33

if an auditor is asked to issue a report on a client’s compliance with contractual agreements or regulatory requirements in connection with a financial statement audit,

Answer 33

The auditor must have audited the client’s financial statements and may only issue negative assurance on compliance.

Question 34

Negative assurance =

Answer 34

Non an OPINION

Question 35

f the auditor issues a report on compliance with contractual agreements in connection with the audit of financial statements, the report should include

Answer 35

a reference to the specific covenants of the contractual agreements. This is required in cases of compliance or noncompliance.

Question 36

When an auditor reports on a nonissuer’s compliance with aspects of contractual agreements in a report separate from the audit report on the financial statements, the report should include a statement that:

Answer 36

The report is being provided in connection with the audit of the financial statements.

Como es separado entonces the auditor needs to mention tha the report is being provided in connection

Question 37

Examination has an OPINION

Answer 37

The purpose of examination procedures applied to compliance requirements is for the practitioner to accumulate sufficient evidence regarding an entity’s compliance with specified requirements to allow for the practitioner to issue an opinion with reasonable assurance.

Question 38

Standers that rule Examination are the Compliance attestation standards.

EXAMINATION = ATTESTATION

Answer 38

Compliance attestation standards apply for an examination of a client’s compliance with specified requirements, such as debt covenants associated with a bank loan. In addition, examination engagements fall under attestation standards.

Question 39

Examination/attestation should assess control risk & Practitioner MUST be Independent

Answer 39

he auditor should assess attestation risk, which is composed of control risk, inherent risk, and detection risk. Fo

Question 40

Single Audits= expenditures of Federal awards (del gobierno)

Answer 40

The auditor is to determine whether the federal financial assistance has been administered in accordance with applicable laws and regulations.

Question 41

2 CFR 200 single audit

Answer 41

Performance of additional procedures to test and report on compliance with laws, rules, regulations and provisions of contracts or grant agreements that have a direct and material effect on major federal award programs.

In addition RISK BASED APPROACH is allowed to determine Major Grants

In addition, materiality is determined separately for each major federal financial assistance program.

Question 42

Auditors engaged to perform audits of federal financial assistance (generally under the provisions of the Single Audit Act) must perform procedures to :

Answer 42

obtain an understanding of internal control pertaining to compliance, and should document this understanding of internal control.

Question 43

Single Audits don’t provide “reasonable assurance” - they provide “ COMPLIANCE (w/FED Regulations)

Answer 43

One of the objectives of single audits is to audit the compliance of federal awards expended during the year as a basis for issuing additional reports on compliance related to major programs.

Question 44

How does Title 2 of the Code of Federal Regulations (containing single audit requirements) define a subrecipient?

Answer 44

As a nonfederal entity that expends federal awards received from another entity to carry out a federal program.

Question 45

Single Audit: If material instances of noncompliance are identified, the auditor should express

Answer 45

either a qualified or adverse opinion on compliance

Question 46

financial statement audits in accordance with Government Auditing Standards report should say…

Answer 46

An auditor should report on the scope of the auditor’s testing of internal controls.

They are not expressing an opinion on IC they just need to REPORT the testing of IC

Question 47

GAGAS (Generally Accepted Government Auditing Standards) Apply to both

Answer 47

> audits of federal financial assistance and
government organizations

Question 48

GAGAS terms to describe a professional requirement to comply with a standard or provide a special explanation for not doing so

Answer 48

Presumptively mandatory requirement

Question 49

GAGAS (Generally Accepted Government Auditing Standards yellow book) audit has greater reporting responsibilities than accepted under a GAAS (Generally Accepted Auditing Standards) b/c…?

Answer 49

Auditor Accepts greater reporting responsibilities than accepted under a GAAS audit, since the auditor must report on compliance with laws, rules, and regulations, violations of which may affect financial statement amounts, and on the organization’s internal control over financial reporting.

Question 50

Government Audit Standards define three types of engagements:

Answer 50

> financial audits
attest engagements
performance audits.

Question 51

Government Auditing Standards (the Yellow Book), report contains/discloses

Answer 51

The scope of the auditor’s testing of internal controls.

Question 52

Government Auditing Standards (the Yellow Book), report DO NOT contain:

Answer 52

A concurrent opinion on the financial statements taken as a whole

Question 53

Government Auditing Standards require

Answer 53

auditor issue a written report on Understanding of internal control and assessment of control risk.

Question 54

Government Auditing Standards require

Answer 54

Present the results of the auditor’s tests of controls.

=scope of the auditor’s testing of compliance with laws and regulations and internal control over financial reporting, and present the results of those tests.

Question 55

Government Auditing Standards in some circumstances

Answer 55

require AUFDITORS to report fraud and illegal acts directly to parties external to the audited entity.

Question 56

GAGAS, INFO excluded —>

Answer 56

Disclose in the report that certain information has been omitted and the reasons that make the omission necessary.

Question 57

Government Auditing Standards report includes:

Answer 57

A disclaimer of opinion on internal control over compliance.

The audit opinion states that the audit was conducted in order to express an opinion on compliance but not for the purpose of expressing an opinion on the effectiveness of internal control over compliance.

Question 58

GAGAS require a written report on the auditor’s understanding of internal control. The auditor should report all significant deficiencies and material weaknesses in internal control.

Answer 58

Report as findings both the significant deficiencies and the material weaknesses.