A6 Flashcards
professional code of conduct
*a distinguishing mark of a profession that accepts a high degree of responsibility toward the public
When is an auditor required to be independent in fact and in appearance?
- when performing an audit
* when performing attest services (except for a compilation)
Integrity and objectivity apply to which CPAs?
all CPAs
When is independence impaired regarding financial interests?
*any direct financial interest and material indirect financial interest
Three groups for independence
Covered member: audit team and boss/office
Immediate family: under roof
Close relatives: parents, siblings, and adult kids
Independence is not impaired for the following situations when the client is a bank
- collateralized automobile loan
- cash advance or credit card balances not exceeding $10,000
- bank account that is fully insured by the government
- passbook loan
One-year cool off period
*partner or professional employee leaves the firm and is employed by the client in a key position
Is independence impaired if you are seeking employment with a client?
Yes, you must remove yourself from the engagement
Independence Impaired by Business Relationships
- impaired if a member makes management decisions for an attest client
- not impaired for being a member of or an honorary trustee for a nonprofit charitable
- membership in the same trade association is okay unless there is a management role
- unpaid fees not paid before issuance of current year’s report
Rule 201: General Standards
- professional competence
- due professional care
- planning and supervision
- sufficient relevant data
Rule 202: Compliance with Standards
*compliance with different standards (GAAS, PCAOB, etc)
Rule 203: Accounting Principles
GAAP should be followed unless it would cause statements to be misleading
Rule 301: Confidential Client Information
- subpoena
- quality review
- ethics division or trial board of the AICPA
- your defense when the client is suing you
*cannot disclose if you work in bankruptcy if it would indicate that the client is having financial difficulties
Rule 302: Contingent Fees
*only allowed when fixed by courts
Rule 501: Discreditable Acts
*failure to return records to a client after the client makes demand
Rule 503: Commissions
Impair:
- audit or review
- compilation when there is no disclosure of lack of independence
- examination of prospective financial information
Compilation, tax, and advisory commissions are OKAY
How long after the death of a second partner can you continue using the name?
2 years
PCAOB Board Staffing
2 CPAs
3 non CPAs
When is registration with the PCAOB required?
*when auditing SEC issuers
Additional Auditing Standards for PCAOB
- retain papers for 7 years
- provide a concurring review of each audit report
- describe the scope of the testing of the issuer’s internal control structure and procedures
Exception to services that are prohibited due to audit independence
tax services so long as they are preapproved by the audit committee
Which services must be preapproved by the audit committee
- auditing services
* permitted non-audit services
Enhanced Financial Disclosures due to SOX
- off-balance sheet transactions
- disclosure of transactions - officers, directors, or 10% shareholders
- Management Assessment of I/C
* *auditors are required to attest to management’s assessment on their effectiveness
*other audit partners must rotate off the audit engagement after no more than…
7 years (2 years more than lead partners)
Under SEC, when is pre-approval not required from the audit committee
*when non-audit services do not exceed five percent of total revenues from the audit client during the fiscal year
Under PCAOB, can auditor’s provide tax services relating to confidential or aggressive tax transactions?
No
Department of Labor Independence for ERISA
- not impaired when accountant provides actuary services
- not impaired when engaged to audit both f/s and employee benefit plan
- former employee is no longer associated and is not auditing his/her own work
Partner Rotation under ISA
7 years
Is a CPA entitled to the due process of law concerning the state boards of accountancy?
Yes
What does audit documentation do?
*it supports the auditor’s opinion and provides evidence that is was conducted in accordance with GAAS
Audit documentation should:
*indicate that accounting records = F/S or that accounting records reconcile with F/S
Document Retention
SAS: 5 yeras
PCAOB: 7 years
Documentation Completion Date
SAS: release date + 60
PCAOB: release date + 45
What is the objective of substantive testing?
*to detect material misstatements
Negative effect of IT in the audit
- potential for increased errors and irregularities
* increased risk for unauthorized access
Is there more or less segregation of duties in an IT setting?
less
Segregation of Duties in IT Setting
C ontrol team (internal auditors) O perators P rogrammer A nalyst L ibrarian
Advantage to IT
*increased supervision and review
Manual audit procedures vs computer-assisted audit techniques
manual: auditing around the computer
CAAT: auditing through the computer
Special consideration for IT
*substantive testing alone may not suffice; tests of controls should be performed to assess control risk
CAAT Techniques
- transaction tagging
- embedded audit modules
- test data (offline)
- integrated test facility (not informed, dummy accounts)
- parallel simulation
- *controlled processing: actual processing run
- *controlled reprocessing: archived copy
Risks of auditing around the computer
*insufficient, paper-based evidence and insufficient audit procedures
Benefit of generalized audit software packages
- test a higher percentage of transactions
- little technical knowledge
- reduces audit time
Disadvantage of using a computer during an audit
*audit documentation may not contain readily observable details of calculations (hidden in formulas)
Expanded requirement for GAGAS
*includes designing the audit to provide reasonable assurance of detecting material misstatements resulting from noncompliance
Audit Requirements for Federal Financial Assistance
- expanded internal control documentation
- expanded reporting to include formal written reports on the consideration of internal control
- expanded reporting to include whether federal financial assistance has been administered in accordance with applicable laws/standards
- application of single audit standards to federal financial assistance (single audit)
Types of Government Audits/Services
- financial audits
- attestation engagements
* *CPA determines if administered in accordance with laws and regulation - performance audits
* *effectiveness and efficiency
* *I/C
* *compliance
Increased Management Responsibilities because of GAGAS
- identification of all applicable laws
- establishment of internal controls
- preparation of supplementary financial reports
- obtaining an audit
Increased Auditor Responsibilities Identified by GAGAS
- reasonable assurance that financial statements are free of material misstatements resulting from violations that have a DIRECT AND MATERIAL effect
- assessing whether management has identified laws and regulations that have a direct and material effect
Audit Risk of Noncompliance Model
Audit Risk of Noncompliance = Risk of Material Noncompliance X Detection Risk of Noncompliance
RMM
- Inherent Risk of Noncompliance
- Control Risk of Noncompliance
When might tests of controls be necessary under government auditing?
- risk assessment includes an expectation of the operating effectiveness of controls over compliance
- substantive procedures do not provide enough evidence to support a conclusion
- tests of controls are required by the applicable governmental audit requirements
Is obtaining a written management representation letter required for government audits?
Yes
GAGAS: Ethics
- serving the public interest
- integrity
- objectivity
- proper use of government information, resources, and positions
- professional behavior
GAGAS: General Standards:
- independence
- professional judgment
- competence
- quality control and assurance
How often must peer review be done under GAGAS?
every 3 years
Additional GAGAS for PERFORMING
- previous audits and attestation engagements
- fraud, noncompliance, and abuse
- developing a finding
- audit documentation (supervisory review)
Additional GAGAS for REPORTING
- compliance with GAGAS
2. report on internal control and compliance (higher level of assurance)
When to report to outside parties under GAGAS:
when management fails to:
- satisfy legal or regulatory requirements to report
- take time and appropriate steps to respond to known or likely fraud, noncompliance, or abuse
Report Views of Responsible Officials
*written responses by the audited organization are included in the auditor’s report
Reporting Confidential or Sensitive Information
*disclose the exclusion of confidential or sensitive information
Difference in reporting on internal controls between GAGAS and GAAS
unlike GAAS, GAGAS requires a written report on the auditor’s understanding of internal control and the assessment of control risk in all audits
*GAAS requires only when significant deficiencies are reported
Content of the Report on Internal Control for GAGAS
- assertion that evaluating compliance is part of developing an opinion on financial statements
- assertion that specific controls relating to financial reporting are considered
- no weaknesses were found or that significant deficiencies were found
GAGAS Threats to Independence
- self-interest threat ($)
- self-review threat
- bias threat (strong CPA opinion)
- familiarity threat
- undue influence threat (pressure)
- management participation threat (CPA acts for management)
- structural threat (bureaucracy)
Safeguards do not work against which threat to independence under GAGAS?
management participation threat
Evaluation of Nonaudit Services and Self-Review Threat
- critical component of this determination is consideration of management’s ability to effectively oversee the nonaudit service to be performed
- auditors should obtain assurance that management was really in charge
Documentation of Independence
- threats to independence
- safeguards
- consideration of management’s ability to oversee
- auditor’s understanding with the client
Entities subject to Single Audit Act
*expend total federal assistance equal to or in excess of $500,000
Objectives of the Single Audit
- audit the entity’s financial statements and report on a separate schedule of expenditures of federal awards
- compliance audit of federal awards expended during the year in order to report on major programs
Objectives for Compliance Audits
*obtain sufficient evidence to form an opinion on compliance requirements
Compliance audits are a type of _________ audits
Performance Audits
Materiality Determinations for Single Audit
- $300,000 or more
- qualitative
- risk-assessment
Single Audits vs. Program-Specific Audits
*program specific audits focus on one specific program whereas single audits report on financial statements and on the specific programs
Obtaining an Understanding of I/C Pertaining to Compliance
Effective –> test
Ineffective –> report
Is reporting illegal acts required under OMB Single Audits?
Yes
What to do with instances of noncompliance
modify report: qualified –> adverse
Scope Paragraph for Single Audit
GAAS
GAGAS
OMB Circular A-133
Opinion Paragraph on Internal Control over Compliance for Single Audit
- disclaiming an opinion on internal control over compliance
- opinion on additional schedules required by the single audit act (NOT a part of the basic financial statements)
Does a report on single audits provide a legal determination of the entity’s compliance?
No, we are not lawyers
When is a schedule of findings and questioned costs required?
under OMB Circular A-133
Components of the Schedule of Findings and Questioned Costs
Summary of Auditor’s Results
Financial Statement Audit Results
**Federal Award Results
**ID the major programs
**yes/no on I/C and anything that needs to be disclosed
Financial Statement Findings
Federal Award Findings and Questioned Costs
Quality Control Standards
H uman resources E ngagement/client acceptance and continuance L eadership responsibilities P erformance of the engagement M onitoring E thical requirements
GAAS vs. Quality Control Standards
GAAS relates to the conduct of each individual audit engagement
Quality control relates to all professional activities
Deficiencies in or noncompliance with a firm’s quality control standards do not necessarily indicate
a lack of compliance with GAAS for any one specific engagement
Objectives of quality control standards for an engagement
- the audit complies with professional standards and applicable legal and regulatory requirements
- the auditor issues a report that is appropriate
If more evidence needs to be obtained, when should the date of the auditor’s report be?
the date on which additional evidence has been obtained or the additional procedures have been completed
