AUD 2 Flashcards
“The auditor is required to inform those charged with governance about significant errors discovered by the auditor and subsequently ___________ or ____________ by management
”
corrected or uncorrected
Which of the following matters in a financial statement audit is most appropriate to communicate with those charged with governance?
An overview of the planned scope and timing of the audit
A material weakness is a deficiency, or combination of deficiencies, such that there is a ___________ _____________ that a _______________ misstatement of the entity’s financial statements will not be prevented or detected/corrected.
reasonable possibility
material
An auditor’s communication of internal control related matters noted in an audit usually should be addressed to:
Management and those charged with governance
When communicating internal control related matters noted in a financial statement audit of a nonissuer, an auditor’s report issued on significant deficiencies should indicate that:
the purpose of the audit was to report on the f/s and not to provide assurance on internal control
What is the order from least risk to most risk for control related problems?
Control deficiency
significant deficiency
material weakness
The auditor ____ _______report the absence of significant deficiencies to those charged with governance or management.
May not
The “top-down approach” used during an audit of internal control over financial reporting begins by understanding the overall risks to internal control over financial reporting at the what level?
Financial statement level
Only _________ ____________ result in an adverse opinion on the effectiveness of internal control.
material weakness
In an engagement to audit the effectiveness of an entity’s internal control, the auditor must communicate what to management and those charged with governance?
Significant defiencies and material weaknesses
What does SSAE stand for and when are these used?
Statement on Standards for Attestation Engagements
Agreed upon procedures
Financial Forecast and projections
Pro forma f/s
Compliance attestations
Management’s discussion and analysis
Reporting on controls at a service organization
What does SSARS stand for?
Statements on Standards for Accounting and Review Services
The auditor’s primary concern with related party transaction is what?
That related party transaction are properly disclosed in accordance with GAAP
Analytical procedures can be use in the planning stage of an audit or when carrying out substantive test, when are they required?
Analytical procedures are required to be applied to some extent in planning and in the final review stage.
Who mails A/R confirmations to the customer of the client?
The auditor would mail this because it would make the audit evidence more reliable
Substantive Procedures vs. Controls
Substantive Procedures
Focus on checking the numbers.
Example: Verifying invoices to confirm revenue.
Controls
Focus on preventing or detecting mistakes.
Example: Approving purchases before payment is made.
An auditor concerned with the completeness of dividend income would most likely:
The auditor would likely choose a sample of companies in which the client owns stock, and review dividend record books (such as Moody’s) to determine whether such companies declared dividends during the year under audit.
What are three things to separate in regards to segregation of duties?
Authorization
Custody
Record keeping
Who are the people in charged with governance?
BOD
Audit Committee
What does Corroborate mean?
Corroborate means to confirm or support something with additional evidence or information.
What are the three things that are part of planning an audit in regards to internal controls?
Determining whether controls have been implemented
Understanding the design of controls
Documenting the understanding of internal control
What are the conditions for an auditor to accept and agreed-upon procedure engagement
(I AM SURE)
Independence of the practitioner
Agreement of the parties on what procedures are to be applied, the criteria to be used, etc.
The subject matter must be capable of consistent Measurement
The engaging party (client) takes responsibility for the Sufficiency of the designated procedures
Use of the report can be general or restricted to specified parties
The client (or in some cases a third party) is Responsible for the subject matter
Engagements to perform agreed-upon procedures on prospective financial statements must include a summary of significant assumptions used for the prospective financial statements
a type of attestation engagement in which a practitioner is engaged by a client to perform specific procedures on underlying subject matter or information.
agreed-upon procedures
Agreed-upon procedure engagements provide _________ assurance. Reviews provide ________________ assurance.
no
limited (negative)
What’s the difference between financial projections and financial forecasts?
Financial projections: used for limited use(restricts the use)
Financial forecasts: used for general use
An accountant’s compilation report on a financial forecast should include a statement that:
An accountant’s compilation report on a financial forecast should include a statement that there will usually be differences between forecasted and actual results.
A review of ___________________________________________________ provides limited assurance about the effect of a future or hypothetical event (in this case, a change in capitalization) by showing how it might have affected the historical financial statements if it had occurred at an earlier date.
pro forma financial information
When does an auditor reference the work of an audit specialist?
In the event an audit specialist is used for an audit, and the auditor issues a modified opinion due to the specialist’s findings, then the auditor’s specialist may be referenced in the report with prior permission from the specialist.
reports are primarily aimed at the internal control over financial reporting (ICFR). They are designed for entities (like service organizations) that provide services that could impact their clients’ financial statements.
SOC 1 (Service Organization Control 1)
: Evaluates the suitability of the design of controls at a specific point in time.
SOC 1 Type 1report
Assesses the effectiveness of those controls over a period, usually 6 to 12 months.
SOC 1 Type II report
reports focus on controls related to security, availability, processing integrity, confidentiality, and privacy of a system. These are based on the Trust Services Criteria.
SOC 2 Engagements
Reports on the fairness of the presentation of management’s description of the system and the suitability of the design of controls.
SOC 2 Type I report
Provides the same as Type I and evaluates the operating effectiveness of these controls over a certain period.
SOC 2 Type II report
What does SOC stand for?
Service Organization control
Who are the parties in the SOC questions?
Service organization(provides service)
service auditor
User (uses the service of the service organization, like sales or payroll processing)
User auditor
In order for an auditor to issue a report on a client’s compliance in connection with a financial statement audit, the auditor must have audited the client’s financial statements and expressed an ____________ or ___________ opinion. The auditor may only issue ____________ assurance on compliance in this situation.
unmodified
qualified
negative
Statements on Auditing Standards (SAS) require the final audit documentation file to be assembled by the auditor within _______ days following the report release date.
60
The PCAOB rules, which apply to issuers only, require that audit documentation be complete within _______ days following the report release date.
45
occurs when a necessary control is missing or when an existing control does not achieve the desired objective.
control deficiency in design
occurs when a properly designed control does not operate as designed, or is performed by an inappropriate person.
control deficiency in operation
What’s the difference between pro forma and projected financial statements?
Pro Forma: Focuses on “what-if” events (e.g., merger impact). It’s scenario-based.
Projected: Focuses on expected future performance based on current plans and trends. It’s forecast-based.
indicates that the requirement must be followed in all cases where the requirement is relevant, except in rare circumstances in which auditors and audit organizations determine it is necessary to depart from the ______________________________________
presumptively mandatory requirement(should be followed)
indicates that the requirement must be followed in all cases where the requirement is relevant. Generally accepted government auditing standards use the word “must” to indicate
unconditional requirement
Government Auditing Standards published by the United States Government Accountability Office define standards associated with the following types of engagements:
Financial audits
attest engagements
performance audits
When auditing an entity’s financial statements in accordance with Government Auditing Standards (the Yellow Book), an auditor is required to report on:
Report on Internal Control
Compliance with Provisions of laws, regulations, contracts, grant agreements, and federal awards
Government auditing standards require a written report on internal control when?
in every audit
While conducting an audit in accordance with Government Auditing Standards (the Yellow Book), an auditor determines that fraud has been committed in one of the client’s government contracts. The auditor reports the fraud to the client’s audit committee, which takes no action to report the fraud to appropriate parties. To which of the following entities is the auditor required to report this situation?
The counterparty to the contract
When testing controls sometimes the actual misstatement rate could be _________ than the control deviation rate.
different
If a change in accounting principle, such as a change in accounting for inventory, does not have a material effect on the financial statements in the current year but the change is expected to have a material effect in later years, the auditor is not required to recognize the change in the auditor’s report in the current year. How should this change the auditor’s opinion?
Therefore, the auditor should issue an unmodified opinion and does not need to describe the change in an emphasis-of-matter paragraph or other matter paragraph
expands the auditor’s responsibilities to include procedures designed to test and report on compliance matters having a direct and material effect on major federal award programs.
2 CFR 200 single audit
2 CFR 200 single audit allows auditors to use ______________________________ to determine major grants.
a risk-based approach
Under the single audit act, how is materiality determined?
materiality is determined separately for each major federal financial assistance program.
What are the three key words to know when SSARS are used?
Statement on standards for accounting and review services
Prepare f/s
Compile f/s
Review f/s
When an accountant performs more than one level of service (for example, a compilation and a review, or a compilation and an audit) concerning the financial statements of a nonissuer, the accountant generally should issue the report that is appropriate for:
the highest level of service rendered
An accountant is reviewing the financial statements of a nonpublic entity in accordance with Statements on Standards for Accounting and Review Services (SSARS). The accountant most likely would perform which of the following procedures?
Make inquiries about subsequent events
What’s the difference between preparing, compiling, reviewing, and auditing financial statements?
Preparing F/S:
Creates financial statements based on client-provided data.
No assurance provided.
Compiling F/S:
Presents financial statements without verifying accuracy.
Minimal engagement—no assurance provided but includes a report.
Reviewing F/S:
Performs limited procedures (inquiries & analytical reviews).
Provides limited assurance that no material modifications are needed.
Auditing F/S:
Involves in-depth procedures (tests of controls, substantive testing).
Provides reasonable assurance that F/S are free from material misstatements.
A CPA is not required to make a determination of whether the CPA is independent of the client for a ________________ engagement because it is a nonattest service.
preparation
Each page of the financial statements in a preparation engagement should include a statement about what?
A statement indicating that no assurance is provided.
An accountant is required to read the financial statements and consider whether such financial statements appear to be free from obvious material errors before issuing a _____________ report under SSARS.
compilation
An accountant was asked by a potential client to perform a compilation of its financial statements. The accountant is not familiar with the industry in which the client operates. In this situation, which of the following actions is the accountant most likely to take?
An accountant can accept a compilation engagement with no previous experience in the client’s industry. The accountant is then responsible for acquiring an adequate level of knowledge of the industry’s accounting principles and practices.
What are some major key characteristics of a compilation engagement?
No assurance is provided
Mangement is responsible for the f/s
An accountant does not express a report of findings, an opinion, a conclusion, or any form of assurance on the financial statements
The accountant does not have to be independent of the client
For compilation engagements if the accountant is not independent, he should specifically disclose the lack of independence. Otherwise, independence is ______________.
implied
include controls related to the control environment and period-end financial reporting. Depending on the specific control, the control could be classified as either preventive or detective.
entity-level controls
The terms GAAS, SAS, and AS all refer to standards in the field of auditing, but they serve different purposes:
GAAS are broad principles that apply to all audits.
SAS provide specific guidance on applying GAAS, mainly for non-public entities.
AS apply to public company audits and are issued by the PCAOB, catering to SEC regulatory requirements.
Providing more supervision during an audit of a non-issuer in response to assessed risks of material misstatement at the financial statement level is an example of:
an overall response
In the event the client refuses to prepare a letter of inquiry to be sent by the auditor to the client’s outside attorneys, what should the auditor do?
There is a scope limitation, if the client refuses to prepare or permit a letter of inquiry, the audit firm should either issue a disclaimer of opinion or withdraw from the audit engagement.
refers to the auditor performing both a test of controls and a substantive procedure.
combined approach
Financial statements reviewed by an accountant should be accompanied by a report stating that a review is what?
Substantially less in scope than an audit
Generally there is no consideration of ____________ _____________ in a review engagement performed in accordance with SSARS.
internal control
What are the steps of a review engagement?
Obtain knowledge of the accounting principles and practices of the client’s industry.
Obtain knowledge of the client.
Make inquiries of the client’s management about accounting procedures, the consistent application of generally accepted accounting principles (GAAP) in the preparation of the financial statements, and actions taken at meetings of stockholders and the board of directors.
Perform analytical procedures.
Obtain a letter of representation from management.
Each page of a non-issuer’s financial statements reviewed by an accountant should include the following reference:
See Independent Accountant’s Review Report.
After the issuance of restricted-use review reports, what is an accountant’s responsibility with regard to controlling the client’s distribution of those reports?
An accountant has no responsibility for controlling a client’s distribution of a restricted-use report.
When unaudited financial statements are presented in comparative form with audited financial statements in documents filed with the SEC, such statements should be clearly marked as ___________
unaudited
A review of the interim financial information of a publicly held company is conduct in accordance with _________ and for a non-public company is conducted in accordance with ___________.
PCAOB
Statements on Auditing Standards
Inquiry of the entity’s lawyer regarding litigation, claims, and assessments generally is not required during a _______________ of interim financial information but may be appropriate in certain circumstances.
review
When an independent accountant’s report based on a review of interim financial information is presented in a registration statement, a prospectus should include a statement about the accountant’s involvement. This statement should clarify that the:
Accountant’s review report is not a “part” of the registration statement within the meaning of the Securities Act of 1933.
Smith, CPA, has been asked to issue a review report on the balance sheet of Cone Company, a non-issuer, and not on the other related financial statements. Smith may do so only if:
“The scope of Smith’s inquiry and analytical procedures is not restricted.
”
Who establishes the audit committee?
The BOD
Who oversees the work of the auditor?
The audit committee
Internal controls should be evaluated for effectiveness within __________ prior tot the annual report by the CEO and CFO?
three months
Issuers must disclose whether the issuer has adopted a code of conduct for who under SOX?
Senior officers, but not for other employees of the issuer
How long must auditors of issuers retain all audit and review Workpapers for under SOX?
seven years
Synonym for promulgate
promote
What type of engagements require a CPA to be independent from the client?
audits
special reports
examinations
agreed upon procedures
reviews
A CPA must always be ___________; however, a CPA need not be __________________, except when engaged in public practice.
objective
independent
The principle of due care in the AICPA Code of Professional Conduct relates to which of the following professional requirements?
Providing services with competence and diligence
According to the AIPCA Code of Professional conduct a close relative is defined as what?
Parent
Sibling
nondependent child
_________________________ automobile loans made within the normal course of business by a financial institution are specifically permitted and do not impair independence.
collateralized
Fees from prior work must be paid _______________ before the issuance of a report on the following year’s work.
in full
A ___________ threat arises from a long or close relationship with a client. The concern is that because of the close personal relationship, the auditor may become too sympathetic to the local government or accounting manager’s interest.
familiarity
What are examples of the Acts Discreditable violation?
Not filing or paying personal/firm taxes.
Misusing or failing to return client records.
Engaging in discrimination or harassment.
At a minimum, the PCAOB must conduct an inspection once every _________ years for registered public accounting firms that issue ___________ or fewer audit reports.
three
100
What is the makeup of the PCAOB in terms of CPA:Non-CPAs
two CPAs
three non-CPAs
The Sarbanes-Oxley Act requires the PCAOB to perform an _______________ inspection of each registered public accounting firm that regularly provides audit reports for more than ______ issuers.
annual
100
Registered public accounting firms are required to maintain audit work papers and supporting documentation for a period of how many years?
seven years
To impose a disincentive to fraud, an audit team member may not accept employment as a chief executive, chief financial or chief accounting officer, or controller of an audit client that files reports with the Securities and Exchange Commission for how many years?
one year
Most services that audit firms previously provided to publicly traded clients have been prohibited by the Sarbanes-Oxley Act of 2002, except for what?
Approved tax services
Under the Sarbanes-Oxley Act of 2002, which of the following statements is correct regarding an issuer’s audit committee financial expert?
If an issuer does not have an audit committee financial expert, the issuer must disclose the reason why the role is not filled.
the penalty for intentionally destroying documents to impede, obstruct, or influence an investigation will be what?
A fine, imprisonment for not more than 20 years
If, due to an unexpected event, an external auditor (or the auditor’s immediate family) receives a financial interest (such as shares of the audit client’s stock), there is an exemption to the independence rules as long as the external auditor meets the following criteria:
The phrase “financial interest was unsolicited” typically refers to a situation where an individual or organization has a financial interest or investment proposition that was not actively sought after or requested by the recipient.
The auditor disposes of the interest as soon as practicable but no later than 30 days after the auditor becomes aware of it and has the right to dispose of the interest.
Which of the following services do not need to be pre-approved by the audit committee of an issuer?
Non-audit services that are less than five percent of total revenues from the audit client
_______ services related to contingent fee arrangements, confidential tax transactions, and certain aggressive tax transactions are expressly prohibited.
tax
What types of tax services are permitted so that PCAOB doesn’t rule there is an independence issue?
Tax compliance
Tax planning
Tax advice
includes an auditor’s honest effort in the performance of professional services in accordance with the relevant technical and professional standards.
professional behavior
includes auditors conducting their work with an attitude that is objective, fact-based, nonpartisan, and non-ideological with regard to the audited entities and users of the auditor’s reports.
integrity
the threat that results from an auditor’s taking on the role of management or otherwise performing management functions on behalf of the entity undergoing an audit.
management participation threat
Under DOL rules, independence is impaired when?
When an auditor also serves as an investment advisor to the employee benefit plan
This is the date the audit team concludes its fieldwork and finalizes the audit report internally. All audit procedures are complete, the evidence has been evaluated, the financial statements have been reviewed and any necessary adjustments made, and the auditor’s report is written and signed by the audit team. This date is often not publicly disclosed, but it’s an important internal milestone. The team may still be addressing minor issues or formatting the report after this date, but the substantive work is considered done.
Document completion date
This is the date the audit report is formally released to the public. For publicly traded companies (issuers), this often means the date the report is filed with the Securities and Exchange Commission (SEC) and becomes publicly available on the EDGAR database. It’s the date the audit opinion is officially considered effective and available to investors and other stakeholders. There might be a short delay between the document completion date and the report release date, allowing for final review and regulatory filings.
Report release date
Because the primary purpose of a ___________ is to prevent unauthorized access to a network, requiring all users to have a password helps to minimize vulnerability.
firewall
How should significant deficiency and material weaknesses be reported?
required to be reported in writing to management and those charged with governance by the report release date, with a window extending 60 days beyond the report date being acceptable.
If a required __________ ___________ __________ has not yet been conducted, the audit engagement partner should not issue the report until such review has been completed.
quality control review
If a major customer files for bankruptcy, a loss is both probable and estimable, and therefore should be recorded. Bad debt expense should be recognized, and the allowance should be increased to reduce receivables to estimated net realizable value:
DR: Operating expenses (bad debt expense)
CR: AFDA
The accountant may report on agreed-upon procedures applied to specified elements, accounts, or items of financial statements:
the accountant must be the following:
independent
No opinion provided
SSARS apply when?
preparation/compilation/ review of historical f/s for non-issuers
Which of the following standards should a CPA firm apply in a review of Management Discussion and Analysis?
Statements on Standards for Attestation Engagements (SSAE)
Both financial forecasts and financial projected are _______ in use. Financial forecasts are further ___________ and financial projections are __________.
Limited
restricted or non-restricted
restricted or non-restricted
What level of assurance to agreed upon procedures provide?
Yes, that’s correct. An agreed-upon procedures (AUP) engagement does not provide any assurance. The report only states that the specified procedures were performed and the results of those procedures; it does not express an opinion on the fairness of the presentation of the subject matter.
What’s the difference between pro forma f/s, projected f/s, and forecasted f/s?
Pro Forma Financial Statements: These present what the financial statements would have looked like if a specific past or hypothetical transaction (e.g., a merger, acquisition, or restructuring) had already occurred. They are based on historical data adjusted for the hypothetical event.
Projected Financial Statements: These are often internally generated, making predictions about future performance based on a business plan. They offer a view of what might happen if certain assumptions are met.
Forecasted Financial Statements: These also predict future performance, often with a broader, more general view of several potential outcomes. They usually involve more assumptions and projections.
What are differences between compilation and preparation of f/s?
The main practical difference is often the level of involvement of the accountant in assembling the information. A compilation might involve simply reviewing and formatting information provided by management, while a preparation might involve more active participation in the compilation of data from various sources. However, neither provides any assurance. Both are considered non-attestation services.
How does an auditor know when to issue a qualified or disclaimer of opinion due to a scope limitation?
Qualified opinion: This is issued when the scope limitation is not pervasive but does affect a material amount. The auditor is able to obtain sufficient appropriate audit evidence for the rest of the financial statements. The qualified opinion explains the nature of the scope limitation and its impact.
Disclaimer of Opinion: This is issued when the scope limitation is so pervasive that it prevents the auditor from obtaining sufficient appropriate audit evidence to form an opinion on the financial statements. The auditor essentially states they cannot express an opinion because the limitation is too significant.
Which of the following procedures generally would not be performed in a review of a public entity’s interim financial statements?
Inquire of the client’s attorney
Overdue audit fees only impair independence if they are overdue by more than ______________________.
one year
The conflict of interest provisions of SOX Title II apply to who and for how long?
CEO
CFO
Controller
Chief Accounting Officer
Has to be greater than one year
Under the Department of Labor’s independence guidelines, ___________________________________________ in the plan impairs independence.
direct financial interest
According to the AICPA Code of Professional Conduct, which of the following financial interests in the client during the period of the engagement impairs a CPA’s independence?
Only direct and material indirect financial interest
What is the auditor’s responsibility about events before versus after the auditor’s report date?
Before: Inquire of management and appropriate actions
After: No responsibility of it
Per Sarbanes-Oxley, an issuer’s board must establish an _______ ____________ composed entirely of members who are independent and not influenced by management.
audit committee
What are some key takeaways regarding the covered member TBS on impairment of independence?
Direct financial interest impair independence
Indirect financial interest impair independence if they are material
Direct financial interest is when anyone in your immediate family or you, yourself owns stock in a client
might be a partner or professional employee of an audit firm who has a responsibility to uphold professional standards and ethics.
covered member
For financial statement audits performed in accordance with generally accepted government auditing standards, auditors should report which of the following?
the auditor should report significant deficiencies in internal control.
Auditors should report identified or suspected noncompliance with provisions of laws, regulations, contracts, or grant agreements that have a material effect on the financial statements.
Which of the following parties should an auditor notify first when discovering an immaterial fraud is committed by an accounting clerk?
An appropriate level of management
Before reissuing the prior year’s auditor’s report on the financial statements of a former client, the auditor should do what?
Read the f/s of current period
Compare preior period information that the auditor reported on with the f/s to be presented for comparative purposes
Obtain letter of representation from successor auditor and former client’s MGMT
When you have a GAAS issue, what opinion would you issue and how does that change the following: Auditor’s Responsibility, Opinion Section, Basis for Opinion Section
Qualified: no change, modify, modify
Disclaimer of opinion, modify, modify, modify
