AUD 6 - Professional Responsibilities, Audit Documentation, Effect of IT, Government Auditing, and Quality Control Standards Flashcards
What governs any service that a member of the AICPA performs, and what two major sections is it divided into?
The AICPA’s Code of Professional Conduct - Principles that provide the basis for the code of conduct and Rules that consists of rule, interpretations, and rulings that govern the specific performance of members. .
What are the 6 principles in the code of conduct?
Responsibilities, public interest, integrity, objectivity and independence, due care, and scope and nature of services.
When is independence not required?
For compilations and nonattestation services (e.g., tax services, consulting services) - must disclose in report.
Independence must be maintained by “covered members.” Who are covered members?
All partners in the office connected with the attest engagement, partners or managers who provide nonattest services to the attest client, all members of the attest engagement team, the firm itself, and any parties who can influence the attest engagement - independence impaired if covered member’s immediate family (spouse and dependents) or close relatives (parents, siblings, and adult kids) have a financial interest in the client.
What are the 11 Rules of the code of conduct, and whom do they apply to?
- Independence
- Integrity and Objectivity
- General Standards
- Compliance with Standards
- Accounting Principles
- Confidential Client Info.
- Contingent Fees
- Acts Discreditable
- Advertising and Other Forms of Solicitation
- Commissions and Referral Fees
- Form of Organization and Name
A.) All 11 Rules apply to members of public practice.
B.) Rules 2, 3, 4, 5, & 8 apply to members in business.
C.) Rule 8 applies to other members (i.e., retired or unemployed).
What are the 7 threats to compliance with the fundamental principles?
- Adverse Interest Threat (objectivity)
- Advocacy Threat (compromised)
- Familiarity Threat (sympathetic)
- Mngt. Participation Threat (acting as mngt.)
- Self-Interest Threat (benefits)
- Self-Review Threat (evaluate your own work)
- Undue Influence Threat (subordinate judgment)
What is the partner rotation rule?
The lead audit partner and the concurring partner of the engagement team must rotate off after 5 years with a 5 year time-out period and other audit partners after 7 years with a 2 year time-out period - otherwise independence is impaired - small accounting firms with fewer than 5 clients who are issuers and have fewer than 10 partners may be exempt.
The US Department of Labor (DOL) has est. guidelines for determining when a qualified public accountant is independent for the purposes for rendering an opinion on an employee benefit plan under what?
The Employee Retirement Income Security Act of 1974 (ERISA).
What are the documentation retention rules and the documentation completion date for nonissuers and issuers.
- SAS rules (nonissuers) 5 years; PCAOB rules (issuers) 7 years.
- SAS rules 60 days following the report release date; PCAOB rules 45 days.
What is CAAT, and what does it consist of?
Computer Assisted Audit Techniques “Auditing through the computer” - emphasis is on input and processing rather than input and output for auditing “around the computer (manual).”
- Transaction Tagging: electronically mark (or “tag”) specific transactions and follow them through the client’s system.
- Embedded Audit Modules: sections of the application program collect transaction data for the auditor.
- Test Data (test deck): uses the application program to process a set of test data, the results of which are already known - system processes auditor’s data (off-line) while still under auditor’s control.
- Integrated Test Facility (ITF): similar to the test data approach except the test data is commingled with live data - system processes auditor’s data on-line.
- Parallel Simulation (reperformance test): auditor reprocesses some or all of the client’s live data and the compares the results with the client’s files.
What are GASP’s?
Generalized Audit Software packages that allow the auditor to preform tests of controls and substantive tests directly on the client’s system.
What is GAGAS?
Generally Accepted Government Auditing Standards (Yellow Book): contains standards for audits of gov’t organizations, programs, activities, and functions and for gov’t assistance received by contractors, not-for-profit organizations, and other nongovernmental organizations; includes designing the audit to provide reasonable assurance of detecting material misstatements resulting from noncompliance.
What are the three types of government engagements?
- Financial audits.
- Attestation engagements (e.g., compliance with specific laws, rules, regulations).
- Performance audits (e.g., evaluations of effectiveness, economy, and efficiency; internal control; compliance).
What are the objectives of compliance audits?
- Forming an opinion on whether the entity complied, in all material respects, with compliance requirements.
- Reporting at the level specified by the audit requirement.
- Identifying audit and reporting requirements supplementary to GAAS and GAGAS (e.g., Single Audit Requirements) and addressing those requirements.
What is the audit risk of noncompliance model?
- Comprised of the risk that material noncompliance exists and the risk that the auditor will not detect such noncompliance (detection risk).
- = risk of material noncompliance (assessed by the auditor) * detection risk (controlled by the auditor).
- Inverse relationship: as risk of noncompliance increases, CPA should decrease acceptable level of detection risk (= more audit work; assurance provided by tests of details should increase).
- Risk of material noncompliance (client’s system) consists of two elements: (1) Inherent risk: the susceptibility of a compliance requirement to noncompliance that could be material, assuming there are no related controls (exists independent of the audit); (2) Control risk: the risk that noncompliance with a compliance requirement that could be material will not be prevented or detected on a timely basis by an entity’s internal control (exists independent of the audit) - the stronger the system of controls over compliance, the greater the reliance that may be placed on the controls, and the fewer the tests of details (or the lower the quality of evidence) required.
What documentation must the auditor prepare?
- Risk assessment.
- Responses to the risk assessment (e.g., planned and executed tests).
- Basis for materiality levels.
- Compliance with supplemental requirements.
What are the ethical principles of GAGAS?
- Serving the public interest
- Integrity
- Objectivity
- Proper use of governmental info., resources, and positions
- Professional behavior
What are the general standards under GAGAS?
- Independence
- Professional judgment
- Competence
- Quality control and assurance
What are the standards for financial audits: additional GAGAS requirements for performing financial audits?
- Previous audits and attestation engagements.
- Fraud, noncompliance, and abuse.
- Developing a finding (criteria, condition, cause, effect or potential effect).
- Audit documentation.
What are the standards for financial audits: additional GAGAS requirements for reporting on financial audits?
- Auditor’s compliance with GAGAS.
- Report on IC and compliance with provisions of laws, regulations, contracts, and grant agreements.
- Communicate deficiencies in IC, fraud, and noncompliance.
- Report views of responsible officials.
- Reporting confidential or sensitive info.
- Distribute reports.
- Additional GAGAS considerations for financial audits (materiality thresholds and early communication of deficiencies).
What are the required features of an opinion on f/s and supplementary schedule of federal awards prepared in accordance with GAAS and GAGAS?
- Introductory paragraph
- Scope paragraph
- Opinion paragraph
- Disclosure paragraph regarding additional reports for GAGAS (report on IC over financial reporting and on the tests of the audited entity’s compliance with laws, regulations, contracts, and grants)
- Opinion on additional schedules required by the Single Audit Act (Schedule of Expenditures and Federal Awards)
What highly tested report is required by GAGAS but not GAAS, and what does it include?
A report on the auditor’s understanding of IC and the assessment of control risk in all audits (not just when there are significant deficiencies). It includes:
- The assertion that evaluating compliance with laws, rules, and regulations with a direct and material effect on the f/s is part of developing an opinion on f/s .
- The assertion that specific controls relating to finical reporting are considered.
- An indication either no weaknesses were found or that significant deficiencies (reportable conditions) were found, and an indication whether those deficiencies were material.
What is the Single Audit Act?
Governed by provisions of federal regulations in 2 CFR 200.500-521, part of regulations included in what is commonly know as the “Super Circular.” It requires entities that expend total federal assistance equal to or in excess of $750,000 in a fiscal year to have an audit preformed in accordance with the act. Allows for either a single or program-specific audit (awards are expended under a single federal program and no audit of f/s is required).
What are the objectives and the materiality determinations of a single audit?
- To audit the entity’s f/s and a compliance audit.
- Includes a separate evaluation for materiality for each major program selected, not just to f/s taken as a whole - usually considered major if expend above $750,000 unless considered high-risk.
(For low-risk auditees the auditor must test 20% of the total federal awards expended; for high-risk, 40%).
