A6: Professional Responsibilities, Audit Documentation, Effect of IT & Gov't Auditing Flashcards

1
Q

Code of Conduct

A

-distinguishing mark of profession that accepts responsibility towards the public

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

AICPA Code of Professional Conduct

A
  • governs any service a member of the AICPA provides

- independence applies only to auditing and other attestation services

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

AICPA Independence: General Rules

A
  • not required for compilations (disclose in report) and nonattestation (advisory/tax) services
  • apply to covered persons: audit team, partners in office, partners/managers providing nonattest services to attest client, firm itself, anyone who can influence attest engagement (chain of command)
  • generally also applies to immediate family (spouse and dependents)
  • independence in mind and of appearance
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

AICPA Independence: Financial Interests

A
  • impaired if: direct financial interest or material indirect financial interest (eg, thru mutual fund), member or immediate family has loan to/from client, receipt of more than a token gift
  • okay if in ordinary course of business: fully collateralized car loan, cash advance/credit card balance no more than 10K, fully insured bank account, passbook loan
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

AICPA Independence: Employment Relationships

A
  • client to CPA firm: impair if participate on engagement team or able to influence engagement when engagement covers any of period of employment with client
  • immediate family to client: impair if spouse/ dependent in key position w client (eg, internal audit)
  • CPA to client: impair if leave firm and employed by client in key position (unless no longer able to influence CPA firm business decisions and amounts due to CPA are immaterial to the firm)
  • job offer: impair if member of engagement or chain of command over it seeking employment or offered employment w client
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

AICPA Independence: Business Relationships

A
  • impair if make management decisions for attest client
  • okay if honorary trustee for nonprofit, or member of same trade association
  • impair if: overdue fees unpaid for one year (must be paid before issuance of report for following year) or actual/threatened litigation (unless immaterial amount unrelated to attestation service)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

AICPA General Standards

A

Professional Competence: technical qualifications, supervise and evaluate staff, knowledge of subject matter (or ability to obtain)
Due Professional Care: skill commonly possessed by others in field, reasonably prudent accountant
Accounting Principles: GAAP should be followed, departure justified if compliance would be misleading (eg, new law or new type of transaction)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

AICPA: Confidential Information

A
  • general rule: no disclosure w/o client permission
  • may disclose name of client unless would indicate financial problem of client
  • exceptions: subpoena/summons, peer review, ethics board, your own defense team when client suing you
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

AICPA: Contingent Fees

A
  • generally not allowed

- permitted if fixed by courts (tax/bankruptcy courts)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

AICPA: Discreditable Acts

A
  • failure to return records to client after demand

- solicitation/disclosure of CPA exam questions or answers

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

AICPA: Advertising/Commissions

A
  • ads permitted but not false/misleading/ deceptive (eg, false expectations, underestimated fees)
  • may not refer product/service for commission to audit or attestation client (or compilation used by third parties when lack of independence not disclosed)
  • must disclose commissions/referral fees otherwise permitted
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

AICPA: Firm Name/Organization

A
  • if “AICPA” or “CPA” all must be AICPA members or CPAs
  • can’t use misleading name: if all partners but one leave/die, must continue to use partnership name for 2 years as sole proprietor
  • CPA firm must be majority owned by CPAs
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Sarbanes-Oxley: PCAOB

A
  • regulate firms auditing issuers, prep rules for issuer audit reports
  • annual inspections of firms audited over 100 issuers, otherwise every 3 years
  • issuer auditors must register w/ PCAOB
  • must maintain audit documentation for 7 years
  • second partner review of all issuer audit reports
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Sarbanes-Oxley: Independence

A
  • issuer auditor may not do must non-audit services (pre-approved tax services okay)
  • audit and non-audit services pre-approved by audit committee
  • lead and reviewing partner rotate off audit after 5 years
  • one year cooling off: can’t have employed issuer’s CEO/CFO/Controller/Chief Accountant for 1 year before audit
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Sarbanes-Oxley: Enhanced Disclosures

A

-off-balance sheet transactions, related party transactions, mgt assessment of internal controls (CPA reports of such assessment), officer code of ethics, audit committee financial expert

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

SEC: Independence

A
  • impaired by: direct or material indirect investments/business relationships, contingent fee/commission arrangements, failure of audit committee to oversee engagement (ie, pre-approval of services – no preapproval of non-audit services less than 5% of total revenues if approved before audit completion)
  • lead and concurring partner rotate off after 5 years (5 year time out), other partners rotate off after 7 years (2 year time out)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

PCAOB: Independence

A
  • may not provide tax services for confidential/ aggressive tax transactions or corporation officers
  • discuss independence w/ audit committee before initial engagement and annually thereafter
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

Department of Labor

A
  • independence was opinion on employee benefit plan
  • impaired when: direct or material indirect financial interest in plan or sponsor, maintain financial records for plan
  • okay if: former plan/sponsor employee works for CPA (disassociated from old firm and not participation in audit of F/S for any period of prior employment), CPA engaged by sponsor during period of engagement w/ plan, actuary associated w/ CPA gave services to plan
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

State CPA Boards

A
  • sole power to license
  • disciplinary power: misconduct while performing accounting services, misconduct outside scope of accounting services, criminal conviction
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

AICPA and State Boards

A
  • joint ethics enforcement program: share information

- AICPA can sanction members, only state boards can suspend/revoke license

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

SEC penalties

A
  • censure/suspend/revoke right to practice before SEC

- cease and desist orders

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

Audit Documentation

A
  • supports the auditor’s opinion

- workpapers belong to auditors, may not disclose w/o client permission or court order

23
Q

Documentation Requirements

A
  • indicate that accounting records reconcile w/ F/S
  • assist planning/conducting/supervising audit
  • allow experienced auditor who no connection to client to understand NET of procedures, results and evidence, significant findings, conclusions
24
Q

Documentation Retention

A
  • report release date: date CPA allows client to use report, often date report delivered to client
  • nonissuers: keep 5 years after release date
  • isssuers: keep 7 years after release date
25
Q

Documentation Completion Date

A
  • nonissuers: 60 days after report release date
  • issuers: 45 days after report release date
  • after date: documentation can’t be deleted, additions must be documented as such
26
Q

Workpaper Contents

A
  • permanent file: things of continuing interest year to year (contracts, minutes, etc.)
  • current file: audit plan, F/S and report, trial balance (w/ area for adjustment/reclassification), records of tests, significant audit findings
27
Q

Significant Audit Findings

A

-selection of accounting principles, significant risks, possible material misstatements, difficulties in applying audit procedures, anything that may result in opinion modification/emphasis or other matters paragraph

28
Q

Differences between Manual and IT Environments

A
  • combination of functions usually separated in manual system
  • reduction of audit trail: perform tests on continuous basis
  • increased processing consistency
  • more chance of unauthorized access to networked data
  • integration of audit procedures into applications themselves
  • more data available, greater opportunity for analytical procedures
29
Q

IT and Evidence Gathering

A

-substantive testing alone may not suffice, tests of controls needed to assess control risk in highly automated system

30
Q

Manual Audit Procedures

A
  • auditing around the computer
  • test input data, process data independently, compare to client program results
  • emphasis on input and output stages
  • useful for simple batch systems
31
Q

Computer Assisted Audit Techniques

A
  • auditing through the computer

- emphasis on input and processing stages

32
Q

Types of CAAT

A

Transaction Tagging: mark certain transactions and follow them through client’s system
Embedded Audit Modules: code in application that collects transaction data for auditor, often built into program when it is developed
Test Data: clients system processes auditor’s test data, off-line, while under auditor’s control; live computer files not affected
Integrated Test Facility: test data mixed w/ live data, client’s system processes online, client personnel not informed of test
Parallel Simulation (reperformance): CPA re-processes client’s live data using software provided by client and compares to client’s results (controlled processing: observe actual processing and compare to CPA’s results OR controlled re-processing: re-process transactions and compare to client’s results)

33
Q

Generalized Audit Software Packages

A
  • can perform tests of controls and substantive tests directly on client’s system
  • can sample/test higher % of transactions
  • no need for technical knowledge of client’s hardware/software systems
34
Q

Auditing With a Computer

A
  • benefits: fewer errors, automatic recalculations

- disadvantage: no readily observable calculation details in documentation

35
Q

Government Auditing Standards

A
  • GAGAS (Yellow Book): standards for audits of gov’ts and recipients of federal financial assistance
  • GAGAS includes designing audit for reasonable assurance of detecting material misstatements resulting from noncompliance
36
Q

Audits for Federal Financial Assistance

A
  • conducted in accordance w/ GAAS and GAGAS
  • expanding internal control documentation and testing requirements, formal written reports on consideration of internal control and assessment of control risk, report whether assistance administered in accordance w/ applicable laws, application of single audit standards
37
Q

Types of Government Audits

A
  • financial audits: whether F/S fairly presented (GAAP or OCBOA)
  • attestation engagements: compliance w/ legal/ grant requirements, effectiveness of internal control over compliance, etc.
  • performance audits: effectiveness, economy and efficiency (achievement of goals, cost-benefit/ cost effectiveness, utility of performance measures); internal control (objectives achieved efficiently and effectively, effective security, resources used in compliance w/ law/regulation); compliance (established compliance criteria met, target population served)
38
Q

Effects of Law/Regulation on F/S

A
  • mgt responsibilities: identify laws/regulations w/ compliance requirements, establish internal controls to assure compliance, prepare supplementary financial reports, obtain audit
  • CPA responsibilities: reasonable assurance F/S are free of material misstatements from violation of laws/regulations that have direct material effect on F/S (not required to detect abuse), assess if mgt identified laws/regulations w/ direct material effect on F/S, understand possible effects of laws/regulations on F/S
39
Q

Compliance Audits

A

-obtain sufficient appropriate evidence to form opinion on whether entity materially complied w/ applicable compliance requirements
Audit Risk of Noncompliance = assessed Risk of Material Noncompliance x Detection Risk
-as risk of material noncompliance increases, CPA should decrease detection risk (more audit work)
-inherent risk of noncompliance (likelihood of noncompliance if no related controls) and control risk of noncompliance (risk noncompliance won’t be timely prevented/detected by internal controls)
-detection risk: risk CPA won’t detect material noncompliance, change by varying NET of audit procedures
-tests of operating effectiveness of controls required if: expectation of operating effectiveness of controls over compliance, substantive procedures don’t provide enough evidence to support conclusion, or tests of controls required by applicable govt audit requirements

40
Q

Compliance Audit: Mgt Representation Letter

A

-mgt responsibility for understanding/fulfilling compliance requirements, responsibility for controls over compliance, disclosed all programs to CPA, all relevant documents made available to CPA, disclosed known noncompliance or no noncompliance exists, believes entity complied w/ requirements, interprets compliance requirements subject to varying interpretations

41
Q

Compliance Audit Report

A

-scope of testing of compliance, no legal determination of compliance, opinion that materially compliance w/ requirements, mgt responsibility for internal controls over compliance, disclaim opinion on effectiveness of internal controls, define deficiency and material weakness, limit on internal control testing, restricted use

42
Q

GAGAS Ethical Standards

A
  • serving the public interest: well-being of people/ entities served by CPA
  • integrity: objectivity, nonpartisan, nonideological
  • objectivity: independence, intellectual honesty, free of conflicts of interest
  • proper use of gov’t info/resources/positions
  • professional behavior: performance of services in accordance w/ professional standards, avoid brining discredit to auditor’s work
  • quality control: external peer review every 3 years
43
Q

GAGAS: Performing Financial Audits

A
  • evaluate if corrective actions taken to address issues from previous engagements
  • consider compliance w/ agreements in addition to laws and regulations
  • consider occurrence of abuse (not required to detect abuse); if aware of material abuse add’l testing required
  • develop finding: criteria (expectation of program or operation), condition (situation/status existing), cause (reason for condition or deviation from criteria), effect/potential effect (clear link between condition and deviation from criteria)
44
Q

GAGAS: Reporting on Financial Audits

A
  • include in report statement that CPA complied w/ GAGAS
  • report on internal controls and compliance with laws/agreements: description of scope of testing of internal controls, whether or not sufficient evidence to provide opinion on effectiveness of controls
  • communicate to org: fraud/noncompliance w/ material effect on F/S, material abuse
  • list of findings and mgt responses included in report on internal control and compliance OR separate in schedule of findings
  • report findings to outside parties if mgt fails to satisfy legal requirements or take steps to respond to known/likely fraud/noncompliance/abuse
  • may exclude confidential/sensitive info: disclose exclusion, may issue separate full report limited to those authorized to receive the info
  • reports should be distributed to board/officials/ oversight and regulatory bodies
45
Q

GAGAS: written reps from management

A

-include: no violations or possible violations of laws/regulations, mgt responsible for compliance w/ applicable laws/regulations, mgt identified and disclosed on laws/regulations w/ direct material effect on F/S

46
Q

GAGAS: Opinion on F/S and Supplementary Schedule of Expenditures of Federal Awards

A
  • scope: GAAS and GAGAS
  • opinion on F/S
  • disclosure regarding add’l GAGAS requirements: issued report on internal controls over F/S and on tests of entity’s compliance w/ laws/contracts
  • opinion on add’l schedules required by Single Audit Act: schedule presented and is NOT part of basic F/S, info audited as part of procedures applied to basic F/S, whether schedule fairly stated in relation to F/S
47
Q

GAGAS: Reporting Fraud and Illegal Acts

A
  • report all nontrivial instances of fraud/illegal acts/ violations of agreements/abuse that could have material effect on F/S
  • report all illegal acts/possible illegal acts to top client official, oversight bodies
  • may report directly to federal inspector general if mgt fails to disclose acts to grantor or fails to take remedial action
48
Q

GAGAS: Reporting Internal Control

A
  • obtain understanding of internal controls, communicate all significant deficiencies
  • written report on understanding of controls and assessment of control risk (even if no significant deficiencies noted)
49
Q

GAGAS Independence Framework

A
  • threats to independence: self-interest (financial interest), self-review (we did non-audit services), bias (strong opinion), familiarity (long-term client, lack professional skepticism), undue influence (pressure), management participation (CPA acts for mgt), structural (org’l structure)
  • safeguards: controls to eliminate/reduce threats (consult independent 3rd party, review of audit team’s work, remove individual from audit team), no safeguards against management participation
  • evaluation of nonaudit services: consider mgt’s ability to oversee nonaudit services (document this assessment)
  • documentation: threats to independence, safeguards, consideration of/understanding w/ client over nonaudit services
50
Q

Single Audit Act/OMB Circular A-133

A
  • entities spending federal assistance of at least 500K
  • program specific audit: no audit of/report on F/S
  • single audit: (i) audit of F/S and reporting on schedule of expenditures of federal awards and (ii) compliance audit of federal awards spent to issue reports on compliance related to major programs and on internal control over compliance
  • materiality: considered separately w/ respect to each major program
  • major program: risk-based approach, generally those spending 300K or more
51
Q

Single Audit: Compliance

A
  • obtain understanding of controls over compliance concerning major programs
  • tests effectiveness of controls assumed to be effective; if deemed ineffective, report deficiency
  • material compliance concerning major program: qualified or adverse report
52
Q

Single Audit: Report on Compliance and Controls over Compliance

A
  • compliance: introduction (audited for compliance w/ Single Audit Act, mgt responsibility for compliance), scope (in according w/ GAAS, GAGAS and OMB Circular A-133, audit performed to obtain reasonable assurance whether noncompliance has direct material effect on major programs, define audit as examining evidence on test basis and doing other procedures, not legal determination of compliance), opinion (identifies & summarizes any noncompliance, asserts material compliance other than noted noncompliance)
  • internal control: introduction (mgt responsible for controls over compliance, considered controls to develop opinion on compliance), opinion (identify significant deficiencies or material weaknesses, define significant deficiencies and material weaknesses, limits on control testing, would not disclose all weaknesses, disclaim opinion on internal controls)
  • final paragraph: restrict use of report
53
Q

Single Audit: Schedule of Findings and Questioned Costs

A

Summary of Auditor’s Results: F/S audit opinion type, identification of material weaknesses in controls over financial reporting or material noncompliance, identification of material weaknesses of controls over major programs, compliance audit type, identification of deficiencies in controls over major programs/ material noncompliance/questioned costs, identification of major programs
Financial Statement Findings: findings (including material fraud/illegal acts), CPA recommendations, mgt responses
Federal Award Findings and Questioned Costs: findings, CPA recommendations, mgt responses