Audit Flashcards
opinion paragraph summary
The opinion paragraph includes the auditors opinion and indicates the applicable financial framework and its origin
What does the opinion paragraph state
- the nature of the engagement,
- the F/S covered in the audit,
- name of the company being audited
- dates covered for each F/S
What does the emphasis of matter paragraph state
- Used when required by SAS or when Auditors believes they are needed
- Used when referring to a matter correctly disclosed in F/S and is very important to the users of the F/S so the auditor wants to make sure the user is aware
Disclosure requirement for unmodified opinion
An unmodified opinion means that the F/S are presented fairly in all material respects, therefore, no disclosure is required for immaterial adjustments proposed by auditors
What section is the Auditors responsibility located?
The auditor’s responsibility to express an opinion on the F/S under U.S. auditing standards is explicitly represented in the first sentence of the Auditor’s Responsibility section of the non-issuer audit report.
Is consistency implicit in the auditor’s report?
Consistency is implicit in the auditor’s report, and will be explicitly mentioned in an emphasis-of-a-matter paragraph only if there are issues with consistency.
Within the Auditor’s Responsibility section of the report, the following statement is explicitly made:
“Such procedures include examining, on a test basis, evidence regarding the amounts and disclosures in the financial statements.”
Which of the following best describes the earliest date for an auditor’s report?
The date the auditor has obtained sufficient appropriate audit evidence to support the opinion.
Are specific risk factors included in report on F/S
The CPA’s report on audited F/S DOES NOT include matters related to the auditor’s assessment of specific risk factors.
Which of the following items is explicitly included in an audit report expressing an unmodified opinion?
“We identify and assess the risks of material misstatement of the financial statements, whether due to fraud or error, and design and perform audit procedures responsive to those risks.”
What section of the report refers to GAAP?
audit report for an issuer should refer to GAAP in the Opinion section and Managements responsibility section
What is a Critical audit matter (CAM)
A critical audit matter is a matter that was communicated or is required to be communicated to the audit committee and involves an especially challenging judgment made by the auditor.
What does the Basis of Opinion Section include?
- references GAAS
- auditor independence
- states whether or not the auditor believes sufficient appropriate evidence was obtained to provide a basis for the auditor’s opinion.
Review Engagement
A review engagement provides LIMITED (negative) ASSURANCE that there are no material modifications that should be made to the F/S. This is mainly done through analytics procedures and inquires
What is the name for a perfect opinion for a non public company? (NonIssuer)
Unmodified Opinion
What is the name for a perfect opinion for a public company? (Issuer)
Unqualified Opinion
Unmodified/Unqualified Opinion
This type of opinion is given when the F/S are found to be fairly stated in all material aspects
What are the different types of modified opinions?
Qualified opinion
Adverse opinion
Disclaimer of opinion
What is a qualified opinion
There is a misstatement or the auditor is unable to obtain sufficient appropriate evidence and the problem is material BUT NOT pervasive
Adverse opinion (GAAP)
There is a misstatement that is both material and pervasive which affects the F/S as a whole
Disclaimer of opinion (GAAS)
The auditor is unable to obtain sufficient appropriate evidence and the issue is both material and pervasive
Type of opinion for scope limitation (not getting access to certain info)
Scope limitation = Qualified Opinion (for missing disclosure) or Disclaimer Opinion (for something more serious GAAS related )
Adverse Opinion Language (GAAP)
An adverse opinion would include the phrase, “In our opinion, because of the significance of the matter discussed in the Basis for Adverse Opinion section of our report, the accompanying consolidated financial statements do not present fairly the financial position…”
Basis for Adverse (GAAP) Opinion section
The substantive reasons for the financial statements being incorrect or misleading are discussed in the Basis for Adverse Opinion section, NOT the Opinion section.
Examples of When to Issue Disclaimers (GASS) of Opinions
Management’s refusal to furnish a client representation letter
When the auditor is NOT independent
When the F/S are NOT audited
When an auditor is unable to obtain audited financial statements or other evidence supporting an entity’s investment in a subsidiary (foreign or domestic), the auditor should issue a qualified or disclaimer of opinion depending on the materiality of the investment in the subsidiary
Order of Opinion Sections
Opinion section and then Basis for Opinion section
Example of Adverse (GAAP) opinion
Inadequate disclosure of material information is a departure from GAAP and a financial statement issue. This scenario may lead to a qualified or adverse opinion, but not a disclaimer of opinion.
Opinion for substantial doubt about the entity’s ability to continue as a going concern
If there is substantial doubt about the entity’s ability to continue as a going concern, the auditor could issue an unmodified opinion.
The report would be updated to include either a separate going concern section or an optional emphasis-of-matter (explanatory) paragraph depending on the circumstances regarding management’s plans to alleviate and the appropriateness of F/S disclosures.
Opinion Paragraph for Qualified opinion due to scope limitation
When an auditor qualifies his opinion because of a scope limitation, the wording in the opinion paragraph should indicate that the qualification pertains to the possible effects on the F/S and not to the scope limitation itself.
Example of needing Emphasis of matter paragraph
“When an auditor concurs with a change in accounting principle, an emphasis-of-matter paragraph discussing the change should be included in the audit report.
Needed when there is an item that affects consistency
Do not disclose internal control weakness in emphasis of matter paragraph”
example of an appropriate emphasis-of-matter paragraph
“As discussed in Note X to the financial statements, the company changed its method of accounting for income taxes in X2.”
Other-matter paragraphs
refers to matters other than those presented or disclosed in the financial statements that are relevant to the users’ understanding.
If the auditor has been engaged to report on more than one set of financial statements that have been prepared in accordance with different report frameworks, the other-matter paragraph may be necessary.
Before reissuing the prior year’s auditor’s report on the F/S of a former client, the auditor should
1) read the F/S of the current period,
2) compare the prior-period information that the auditor reported on with the F/s to be presented for comparative purposes,
3) obtain a letter of representation from the successor auditor, and
4) obtain a letter of representation from the former client’s management. The representation letter from the successor auditor will state whether the successor’s audit revealed any issues of a material nature that might affect the previous financial statements.
The representation letter from the former client’s management will indicate whether its previous representations are still accurate and whether there have been any subsequent events affecting the previous financial statements.”
When a predecessor auditor’s report is not presented, the successor auditor should indicate the following items:
- That the statements were audited by a predecessor auditor. The predecessor auditors should not be named unless the practice of the predecessors was acquired by or merged with that of the successor.
- The type of opinion expressed by the predecessor auditor and, if the opinion was modified, the reason for the modification.
- The nature of any emphasis-of-matter, other-matter, or explanatory paragraph included in the predecessor auditor’s report.
- The date of the predecessor auditor’s report.
What section does division of responsibility affect?
A division of responsibility affects the Opinion section of the report, but does not impact any other report section.
What is a dual dated Audit report?
When an auditor issues a report that is dual dated for a subsequent event occurring after the original date of the auditor’s report, but before issuance of the related F/S, the auditor’s responsibility for events occurring subsequent to the original report date is limited to the specific event referenced.
what is an auditor’s responsibility for supplementary information?
The auditor should perform limited procedures on required supplementary information accompanying the F/S.
In addition, the auditor’s report on the F/S should include a separate section with the heading, “Supplementary Information.”
An auditors report on F/S prepared under a special purpose framework (OCBOA) should include what?
An auditor’s special report on F/S prepared in conformity with a special purpose framework should include an emphasis-of-matter paragraph that refers to the note to the F/S that describes the basis of accounting.
Where to disclose difference between OCBOA and GAAP
A description of how the special purpose framework differs from GAAP should be included in the notes to the F/S.
‘Other Information” included in documents containing audited F/S?
“The auditor should add a separate section with the heading ““Other Information,”“which includes a disclaimer of opinion on other information, in the audit report on the F/S.
Disclaimer of opinion means to deny providing an opinion. The sectionwill include the statement, “we do not express an opinion..”
What is a management letter?
A management letter (also known as a letter of recommendations, or a constructive services letter) is usually delivered by the auditor at the end of the audit. It identifies areas of weakness and provides recommended solutions.
What is an engagement letter?
An engagement letter, which is a presumptively mandatory requirement, sets forth the scope and nature of an auditor’s contractual obligation to a client.
When there is a reasonable justification to change the audit to a review, the review report should….
should not include reference to the original engagement, to any auditing procedures that may have been performed, or to the scope limitation that resulted in the changed engagement.
What are the quality control elements? (HELP ME)
Human Resources
Engagement/Client acceptance
Leadership Responsibilities
Performance of the Engagement
Monitoring
Ethical Requirements
Under the provisions of the Sarbanes-Oxley Act of 2002, registered public accounting firms are required to prepare and maintain audit work papers and other information related to any audit report for a period of:
7 years
Which best describes the documentation completion date?
14 days from the report release date, based on PCAOB standards.
What is the maximum number of days in which a NONissuer’s auditor should complete the assembly of the final audit file following the report release date?
60 days
What is the maximum number of days in which a Issuer’s auditor should complete the assembly of the final audit file following the report release date?
14 days
The three categories of entity objectives include….
the reliability of financial reporting
the effectiveness and efficiency of operations
compliance with laws and regulations
5 components of internal control: (CRIME)
Control Environment
Risk Assessment
Information and Communication Systems
Monitoring
Existing Control Activities
What is the audit plan? (NET)
outlines the nature, extent, and timing of the audit procedures that will be performed by the auditors on an engagement.
The audit strategy would include:
Preliminary assessment of materiality and tolerable misstatement for the current audit
Providing for the scope of the audit
Outlining reporting objectives
In order to detect material misstatements, the auditor would use which audit procedures?
Substantive procedures - include test of details and analytical procedures.
What are the 6 F/S assertions (COVEUP)
Completeness
Cutoff
Occurrence/Existence
Valuation, Allocation, Accuracy
Understandability and presentation and Classification
The earlier in the year that the auditor performs substantive testing…..
the greater the incremental risk the auditor accepts regarding the year-end financial statements.
Which type of audit procedures would an auditor use to test a client’s F/S assertions at the account, transaction, or disclosure level?
The auditor uses substantive procedures and tests of controls at the relevant assertion level to test a client’s significant account balances, transaction classes, and disclosure items in the F/S.
Completeness
All account balances, transactions, and disclosures that should have been recorded and included in the F/S
Cutoff
Transactions have been recorded in the correct/proper period
Valuation, allocation, accuracy
All account balances, transactions, and disclosures are recorded and described fairly and measured at appropriate amounts, and any resulting valuation or allocation adjustments are recorded
Existence and Occurrence
Account balances exist and transactions that have been recorded and disclosed have occurred and pertain to the entity
Rights and Obligations
The entity holds or controls the rights to assets, and liabilities are the obligations of the entity
Understandability of presentation and classification
Financial info is appropriately presented and described and disclosures are clearly expressed and understandable with regard to the financial framework. I.e. transactions have been recorded in the right accounts
An auditor of a NONissuer intends to reference the work of an auditor’s external specialist in the audit report because the reference was relevant to understanding a modification to the auditor’s opinion. In this case, the auditor should indicate in the report that:
The reference to the auditor’s external specialist does not reduce the auditor’s responsibility for that opinion.
What is Attribute Sampling?
Sampling for errors (or some other attribute). The auditor determines whether the attribute appears or not, but does not try to estimate a numerical measurement of the population.
ONLY USED FOR TEST of CONTROLS
What type of relationship does detection risk have to the risk of material misstatement?
Detection risk is inversely related to the risk of material misstatement.
An increase in the risk of material misstatement would cause a decrease in allowable detection risk.
What does the auditor use the assessed risk of material misstatement for?
The auditor uses the assessed risk of material misstatement (combined assessments of inherent and control risks) to determine the acceptable level of detection risk,
which is then used to determine the nature, extent, and timing (NET) of substantive tests.
Inherent risk exists independently of the audit and cannot be changed by the auditor.
What is control risk?
the risk that a material misstatement will not be prevented or detected by the entity’s controls.
What is inherent risk?
The risk that a material misstatement may occur due to complex calculations, faulty estimates, or high volume transactions.
What is the relationship between Detection risk and substantive tests?
The acceptable level of detection risk is inversely related to the assurance provided by substantive tests.
If the acceptable level of detection risk decreases, more assurance is required from substantive tests.
A reduction in control risk would result in
a lower substantive testing sample size.
How can a CPA firm make sure to offer services that meet professional standards?
Maintaining a comprehensive system of QUALITY CONTROL that is suitably designed in relation to its organizational structure
Which of the following groups should the auditor approach to inquire about the risks of fraud within the entity?
Management, internal audit, and audit committee
What procedures would a CPA most likely perform in the planning stage of a financial statement audit?
The planning process should include application of analytical procedures, such as comparison of the financial statements with budgeted or anticipated results.
What is the order of sections in a standard Auditor’s Report?
- Intro Paragraph
- Management’s Responsibility
- Auditor’s Responsibility
- Opinion
- Basis for Opinion
- Critical Auditing Matters
- Emphasis of Matter (If any)
- Other Matter (If any)
What are general controls?
Policies and procedures that relate to many applications and support the effective functioning and proper operation of the information system.
General controls include procedures to ensure appropriate systems software acquisition
Is an auditor required to obtain knowledge about the operating effectiveness of controls?
NO - An auditor is only required to assess the operating effectiveness of controls if they plan procedures assuming that controls are operating effectively or when substantive procedures alone are considered insufficient
(e.g., extensive use of IT)
What are substantive procedures?
Include substantive analytical procedures and tests of details. These types of procedures are performed in a F/S audit but not in the audit of internal control.
What are analytical procedures?
Analytical procedures are used for planning purposes, as substantive tests, and as an overall final review to provide evidence about the dollar balance of an account,
Involve the comparison of recorded values with expectations developed by the auditor
but they do not provide evidence about control risk
What is Discovery Sampling?
It is used when the expected occurrence rate of serious errors is very low.
If there is substantial doubt about an entity’s ability to continue as a going concern for a reasonable period of time, does the report need a separate section?
If the auditor concludes that there is substantial doubt, the auditor should include a separation section of the auditor’s report with the heading ““Substantial Doubt About the Entity’s Ability to Continue as a Going Concern”” that includes the terms ““substantial doubt”” and going concern.
The time period is not mentioned in the auditor’sreport.
What does going concern mean?
The term”going concern”refers to the assumption that an entity will continue its operations into the foreseeable future and has no intention or need to liquidate or significantly curtail its operations.
Which of the following conditions or events most likely would cause an auditor to have substantial doubt about an entity’s ability to continue as a going concern?
“Negative cash flows
Default on loans
Loss of major customers
Legal proceedings”
What is Haphazard sampling?
Haphazard sampling is used when there is no significant variability in the population and no specific risk factors that would make other methods more suitable
What is Monetary Sampling
Monetary Sampling is used in substantive testing and gives a higher probability of selecting higher value items, such as high value transactions.
When testing for existence/occurrence the auditor should trace…
Transactions the accounting records (sales journal) to the source documents (sales order, shipping docs, etc)
When testing for the completeness the auditor should trace…
Transactions from the source docs to the accounting records
What is incorrect rejection?
Incorrectly concluding that an account balance is materially misstated what it is actually is not materially misstated
When an auditor assess control risk LOW/MEDIUM what is the relationship between deviation rate and tolerable rate AND are controls operating effectively?
Deviation rate < tolerable rate = controls operating effectively
When an auditor assess control risk HIGH what is the relationship between deviation rate and tolerable rate AND are controls operating effectively?
Deviation rate > tolerable rate = controls are NOT operating effectively
What is sampling risk?
the possibility that, when a substantive test is restricted to a sample, conclusions might be different than if the auditor had tested each item in the population.
What is NONsampling risk?
Nonsampling risk includes all aspects of audit risk that are NOT due to sampling. It is always present and cannot be measured; the auditor can only attempt to reduce this risk to a very low level through adequate planning and supervision of the audit and quality control of all firm practices.
What is the relationship between the tolerable deviation rate and the sample size?
Inverse relationahip - As the tolerable deviation rate increases, the sample size will decrease
What is the upper deviation rate?
the sample rate of deviation plus the allowance for sampling risk
What should the auditor do if the upper deviation rate exceeds the tolerable rate?
the auditor should reduce the planned reliance on the prescribed control.
What is stratification?
“When the Auditor separates the population into similar groups which then generally results in a smaller sample size
Commonly used when a population has a highly variable recorded amounts because it will result in a smaller sample size”
What is the relationship between sample size and expected misstatement?
Direct relationship
What is the relationship between sample size and standard deviation?
Direct relationship
What is probability proportional to sample size (PPS sampling)
PPS sampling is a method designed to estimate overstatement errors in dollars.
What are the inputs for PPS?
Tolerable misstatement
Risk of incorrect acceptance (reliability factor)
Recorded amount of the population being samples
How to calculate Mean per Unit?
Average audited value * # of items in population
Avg audited value = Total audited value / sample size
How to calculate Ratio Estimation?
(Audited value of sample / book value of sample) * total book value
How to calculate difference estimation?
Step 1: Calculate projected error = ((book value of sample - audited value of sample) / Sample Size) * population of items
Step 2: Calculate point system = Total book value of population - Projected error (step 1)
How to calculate sampling interval?
Tolerable Misstatement / Reliability factor
How to calculate sample size?
Total book amount / sampling interval
How to calculate the tainting?
(book amount - audited amount)/book amount
What are descriptive analytics?
Descriptive analytics describe what happened within the data.
What is variables sampling
Variables sampling is used to estimate a numerical measurement of a population, such as the dollar value or the dollar value of errors in the population.
Used in SUBSTANTIVE TESTING ONLY
When testing liability accounts, what assertion would an auditor most likely focus on?
Completeness
When testing asset accounts, what assertion would an auditor most likely focus on?
Existence
what is check kiting?
When a check drawn on one bank is deposited in another bank and no record is made of the disbursement in the balance of the first bank. This makes both accounts inflated for short period of time
What is check lapping?
When an employee steals cash from a customer payment and covers the theft with a larger payment
What terms are associated with the Understandability of presentation and classification of the F/S with respect to inventory
Confirming inventories pledged under loan agreements.
What are the common procedures for testing Existence/Occurrence
Inspection and Examination
Observation
Vouching
What are the common procedures for testing Valuation/Allocation/Accuracy
Independent Recalcs/Estimates
Review of subsequent events
What are the common procedures for testing Rights/Obligations
Confirmation
Inspection and Examination
Review of Subsequent Events
What are the common procedures for testing Understandability of Presentation and Classification
Review of Subsequent events
Inquiry
What are the common procedures for testing Cutoff?
Cutoff Procedures
Inspection and Examination
What are the common procedures for testing Completeness?
Tracing
Review of Subsequent events (EX: searching for unrecorded liabilities)
What is a material weakness?
A material weakness is a deficiency or combo of deficiencies where there is a REASONABLE possibility that a MATERIAL misstatement of the entities F/S will NOT be prevented/detected
What standards are relevant for audit of internal control of a NONissuer
Statements of Auditing Standards
What organization is relevant for audit of internal control of a Issuer
PCAOB
What methods can be used to test design effectiveness of controls
Inquiry, observation, inspection
What methods can be used to test operating effectiveness of controls
Recalculation and reperformance
What standards provide guidance on attestation engagements?
SSAE
What standards do preparation, compilation, reviews of F/S follow for NONissuers
SSARS
What standards do agreed upon procedures follow?
SSAE established by the AICPA (NO assurance, requires independence)
When there is a reasonable justification to change an audit to agreed upon procedures, the report should..
NOT reference the original engagement but may include a reference to procedures that have already been done (exception when changed to agreed upon procedures)
When should a report be restricted
when they contain financial projections
What is a SOC 1 Type 1 report?
Provides auditor with assurance AT A SPECIFIC DATE about the design and implementation of internal controls at a service org.
DOES NOT include the testing of operating effectiveness
What is a SOC 1 Type 2 report?
Provides auditor with assurance about the design and implementation of internal controls at a service org.
INCLUDES the testing of operating effectiveness
What is a SOC 2 Type 1 report?
Provides assurance over the design and implementation of controls in place at a service organization related to security, availability, processing integrity, confidentiality, and privacy.
DOES NOT include the testing of operating effectiveness
What is a SOC 2 Type 2 report?
Provides assurance over the design and implementation of controls in place at a service organization related to security, availability, processing integrity, confidentiality, and privacy.
INCLUDES the testing of operating effectiveness
When does SSARs not apply?
Preparation of personal F/S for inclusion in written personal financial plans
Soley for submitting to tax authorities
In conjunction with litigation
In conjunction with business valuation services
How often does the PCAOB inspect a Firm that audits 50 issuers?
If a Firm normally audits 50 Issuers, PCAOB must inspect every THREE Years
How often does the PCAOB inspect a Firm that audits more than 100 issuers?
If a Firm normally audits more than 100 Issuers, PCAOB must inspect ANNUALLY
What do Control Activities pertain to?
Includes things like deployment of policies/procedures and selection/development of IT
Compilation Engagements (Assurance? Independence? Management Rep Letter? Understanding Internal Control?)
NO assurance expressed
Independence NOT required (Indicate in report last paragraph)
NO written management letter required
NO need to obtain understanding of internal control
Overstatement of assets relates to …. assertion
Understatement of expense relate to….. assertion
overstatement of assets = Existence
Understatement of expenses = completeness
Factors that effect EFFICIENCY of the audit
Incorrect Rejection
Risk of assessing control risk too HIGH
actors that effect EFFECTIVENESS of the audit
Incorrect acceptance
Risk of assessing control risk too LOW
What standards apply to examination engagement?
SSAE
Responsibility is of the other party
How long does the AICPA (NONissuers) require the retention of audit documentation
FIVE years
How long does the PCAOB (issuers) require retention of documentation?
SEVEN years
Examination Engagements (Assurance? Independence? Management Rep Letter? Understanding Internal Control?)
Examination is MORE COMPREHENSIVE than review
Reasonable assurance
Requires independence
Requires management rep letter
Understand design/implementation of internal control
What are the three types of engagements governed by government auditing standards?
- Financial audits
- Attest engagements
- Performance audits
Entity level controls include…
Control environment
risk assessment process
policies over risk management practices
