Audit 5 Flashcards
if one out 4 out time sheet missing
would be a deficiency
Tell management
control risk ; moderate
of the 4 employees , 2 did not have signed code of conducts
defiency
tell management
moderate risk
assistant controller did not disclosed investment fv
signifcant weakness
high risk
talk to managment and governace
a/r recs not reconcile
material weakness
high risk
tell managment and board.
woud be an adverse opinion
An engagement to audit the internal control of nonissuer will generally
be more extensive in scope the assessment of control risk made during f/s audit
what is the responsibility of auditor in a nonissurer with multiple units on an integrated audit
he will test control over specific (sample) risk at business units that are material to the com. f/s. would not test all business risk
would an auditor obtain understanding of potential misstatements in an integrated audit using evaluation on IT risk and controls approaching other than the top down apporach
no. top down approach : f/s, level of control , during test on accounts and transactions, is a selected control for integrated audit not necessarlity for IT control
which of the following is not a role of the risk assessment in an integrated audit of non issuer
Does not conclude on the effectiveness of a given control. this happens after the risk assessment.
A cpa is auditing an issurer is he required to audit both i/c and f/s under pcaob
yes
when planning an audit of the effectiness of i/c in an integrative audit for non issurer what is he least likey to consider
evaluating the operating effectiveness on control . this is done after the planning stage
what condition is ncessary for an auditor to accept an engagement to audit and report on non issuerer ic over financial reporting
management must give a written assessment of effectiveness of i/c
is the scope , procedure and purpose test on controls in audit of i/c for non issuer compared to i/c for f/s different
yes. on all those catagories due to more exetnsive on NET auditi procedures.
in an audit of an issurer must both management and auditor must assess report on i/c
yes under pcaob
what is the top down apporach to select controls to test for integrated audit
Top down approach;
- evaluate the overall risks at the f/s level
- consideration of control at the enity level
- evaluation of accounts, disclosures and assertions for which there is a reasonable possibility of material misstatment.
would inadequate design of IT controls not an considered a material weakness
no. it is a designe deficiency weakness
ineffective oversight by governance , fraud committed by senior managment, an d audit id material misstatement are material weaknesses
if a auditor does not recieve written representation letter from management to acknowledge effective i/c would auditor consider
disclaimer due to scope limits with non letter and withdrawal
what are types of testing the design of effective controls and what are testing effecting ops. controls in integrated audit
testing the design of effective controls; inquiry, observation and inspections.
test of effective ops control ; recalculate and reproformance.
would an auditor obtain sufficient evidence to support an opinion about the effectiveness of each individual control or the overall control
the overall control
along with more evidence on greater risk of failure
unpredictable testing
id i/c deviations on the assessment of risk associated with the control
when a service accounting organization is part of the i/c for clients the auditor would
test entity relevant controls over the activities or service organization that the are operating effectively.
when will an auditor of an issuers issue a qualified opinion on i/c
neither scopes limitation of are for disclaimer in i/c
and material weaking are for adverse opinion in i/c
if enitty does not correct weakness and note it would not be cost beneficial the auditor would
disclaim an opinion of cost benefit statement by client.
when there is an interelationship between financial statement audit and i/c audit do auditor only consider material weakness in i/c
no. in both
A5 m2 mcqs; if a co. has took care the the i/c material weaknesses. what is required under SOX
the company must put in writing how it resolved weakness and if accounting was hired add there name in document.
will stock holders get a communciatio of material weakness by pcaob standards
no.
what are the communication protocal for auditors on i/c
communicate all deficiency in i/c to management, and significant deficientcy and material weakness to management and audit committee
is the auditor responsible for subsequent event after the report dates for integrated audit
no. but if subsequent event happen up to the date then he must inquire and take appropriate action.
Are attestation SSAE of a management assertion are the as a review SSARS
No.
what should and should not an auditor do when a subsequent event have before report date
should ; inquire of managment
examine documentation of the event
obtain written representatio letter from mangement on effecitveness of i/c
should not ‘ perform test of control specifically related to subsequent event.
does auditor i/c give an opinion of i/c and management assessment of of i/c
yes to i/c opinion.
no to managment assessment.
is there any restricted language in the report on control deficiency and material weakness
no restricted language.
A5-m3: what statement would best serve management assertions of consistency in a MD&A presentation
nonfinancial information data have been accurately derived from related financial record. MDA must same the same thing as financie reporting.
Is SSAE used in expert witness testifying and compiliation
No SSAE not use in testifying as far as comiling that is SSAR not SSAE.
when should accountant’s attest engagemetn report be restricted to specificed parties
When information is limited to number of aparties
whne reporting directly on subjet matter and a WRITTEN assertion has not been provided: no documention restrict user then.
When rporting on a AUP engagment
No restriicted
reporting on an asserton about the subject matter instead of reporting directly on the subject matter. there is no resticted requirment.
when is SSAE required
Providing assurance on a speciific financial information that is not audited f/s.
negative information can be used in an attestation on a
review of management assertion attestaion such as compiling ; SSAR
Opinion attestation on management assertions ar done with which attestation
SSAE
Examination of a report via attestation SSAE should provide a positive or negative respose
Positive
What information should be in an AUP reporting done by an auditor with no finding and the report was issued Sept 30, y6
Title
To; The requestors of the AUP
1st sentence… which were agreed to by The requestors, on the accounting records of The co. the we are doing the AUP, as of june 30, ye. The co. management is resonsible for the accounting records. The sufficiency of these procedures is solely the responsibilty of the Requestor agreed for the AUP.
Give information of what auditors did = footed a/r
Give the result of the AUP; no exceptions were found as a result of applying these procedures. no opinion on aup
Give the auditor does not express opinion due to AUP and not and audit.
This report is intended solely for the information and uses Requestors.
Signed by auditor
city, state where cpa firm is domiciled
date report issued sept 30, yr6
A5 M4:What is least likely to be included in an examination report related to a financial projections
examinaton reports related to financial projection would only AUP and not examination. Strange but true.
What is true regarding prospective f/s
All reports that are prosective f/s requires a statement indicating the prosepective results may not be achieved
what are prospective f/s
Prospective financial statements encompass financial forecasts and financial projections. … Financial forecasts are prospective financial statements that present, to the best of the responsible party’s knowledge and belief, an entity’s expected financial position, results of operations, and cash flows.
what component is appropriate in a practitioner report on the results of applying AUP
A list of procedures peformed, as agreed to by the specified parties indentified in the AUP report.
Are pro forma statements the same as prospective statements
Does compilation of prospective require independent accountant
Do compilation and examination reports on forecast require report for limited use of special parties
No. pro forma give historical information.
No for compilations
No compil and exam on forecast does not require limited use to specified parties. Projections does.
Forecast = General uses such as potential stockholders
Projections = specific users such as a bank with which the entity is negotiating a loan
when a cpa examine a client’s projected f/s the report should include
a statment include the f/s were examined and evalulated. “included such procedures as we considered necessary to evaluate both the assumption used by management and the preparation and presentation of the projection.
shoud financial compilation reports include a hypothetical assumptions uses in the projection when reasonable in circumstance
No. does not include a statement.
what should a compilation report on a financial forecast include in a statement
that compilation report should include a statement the prospective results may not be achieved. because there is a difference between the forecast and actual results
Are projected f/s use for general uses
no. not for all stockholders as of the report date.
Should proforma statement include all the direct and indirect affects attributed to related transations
just direct.
what is the examination of financial forecast criterial
- for general uses
- evaluating the preparation of the prospective f/s
evaluating the support underlying the assumption
- evaluating the presentation of the prospective f/s in comfomity with AICPA guidelines
- Issuing an examination repor
When a client wants an accountant to do a compilation of a financial projection the client will not get an
opinion or assurance on the projections of f/s or related assumptions
Are projections hypothetical assumptions.
yes. and include a document with historical audited f/s
updating the projections is the responsibility of managment and not the accountant
prospective f/s should be all significant assumptions or assertions
Assumptions
remember when a question of prospective f/s say any type of prospective statement would normal be appropriate of limited or general . the correct is
limited use.
when there is a compilation report on the projection f/s , it is a
limited on the usefullness on the projection because the result may not be achieved.
If a prospective f/s is presented in a format of historical financial statement that omits GP or NI it is a
Partial presentation: would omit.Sales of gross rev, GP or COAS, unusal or infrequent occuring items, provision of income taxes, discontinuance of ops or extra ordinary items, income from continuing ops, NI, EPS, significant changes in financial positions.
Are examination of financial projection done under PCAOB or AICPA
AICPA guidelines
A5 M5: Service organizaton and I/c
A5 m5: report of controls at a service organization: outsource ; ADP, accounting firm., IT, . Service audit report. Type 1: test i/c or Type 2 audit report ; design of i/c and gives and opinion on the operating effective of service organization i/c. Client get i/c report on services organization and then the client the i/c report to client gives to their auditors.
Service organizaton i/c audit
If service corp received a unmodified opinion on there type 2 i/c payroll. this meand payrolls controll risk are low
The RMM would be low be control low.
If it were a type i design i/c , it would not moderate to hign because nothing was tested.
If it when from a type 1 to type to audit procedures would decrease due to higher control low = increase detection.
Is there a reference made in audit report about service organizatin i/c audit. no. service org is not a component accountant jsut a services to organization.
If a service organization provide process for clients sales orders. what information would be relevant in gathering data for the report on service organization i/c
Since service organization is processing data, it must be on the IT side such as; system calculating a/r balances, initiating, executing, processing or reporting of a user company’s transactions.
Service organization process payroll. Cpa firm of service organization is engaged to express an opinion of desciption of serv org. i/c placed in op. . the controls are relevant to their clients i/c and clients audit will used in client audit f/s. does service auditor issue a disclaimer on ops effectiveness of serv org controls
yes. type 1. when controls on report of controls placed in operation,the disclamier.
When control on report of controls placed on operation and test ofops effecting . then no disclaimer.
Also service org is not required to disclose the assess level of control risk for the service organization.
Also, if service auditor is audit based on type design, he can not give assurance to achieve i/c.
what is service org auditor responsibilty with regard to other information presented in a document containing managment description of it systems.
to read other info and id. material inconsistency or misstatment.
when service auditor doing a efficent on i/c this is a
type 2 operating effecicny i/c
clients auditor will rely on service audit report on i.c and their ops effeciency.
a5- m6 compliance report
M5 A6 Compliance Report Aup engagement
Compliance = bylaws
Report content;
Title ; report of independent accountants on applied aup
Address to ; requestor or specified party
Management is responsible
Rules being audited
Accountant is id
Responsible for the procedure ; management
Aup= what we did and what we found
On rev and exp
Who is the reported restricted to specified parties
Who is responsibe for procedures management
Which party agreed aup; specified parties
Give a schedule of rev and exp.
Footnotes the back up the aup like debt owed
there are three types of compliance audits
f/s
examination
aup
give an example of each and level of assurance
when it say our in connection with our audit, it is an audited f/s.
level of asssurance; when it is an in connection with audit and nothing came to our attention, has to be a negative level of assurance because we can’t give assurance on compliance.
We have performed the procedures enumerated below; this a aup we did a list of stuff. does not provide assurance = none level of assurance
Our responsibilty is to express an opinion on ABC com compliance with specified requirements on our examination; this is an examination;
level of assurance; reasonable assurance because it is just like an audit
the sufficiency of theses procedures is soley the responsibilty of those parties speicfied in this report; aup
level of assurance ; none for aup
our engagement does not provide legal determination of abc entity compliance with specified requirements; this is not a f/s audit because were are not audited f/s. its not an aup . it is an examination. auditor just give their opinion and are not lawyers.
level of assurance ; reasonalbe due to it like a f/s audit.
In a contractual agreement in connection with audited f/s in accordance with Statement on Auditing Standard, would an audit render an opinion or an appropriate opinion with negative assurance
when there is a contractural agreement on the audited f/s, audit does not issue an opinion just a negative assurance.
when auditor is engaged to examine an entitys compliance with special rules of SSAE what will he do
should assess the attestation which is the control risk, inherant risk and detection risk. for purpose of complance examination, control risk represents the risk that material noncompliance will not be prevented or detected on a timely basis by entitys controls.
Audit design for intentional an non intentional non compliance.
An examination report on compliance governed by SSAE would include a
an opinion on whether the entity compiled, in all material respect, with the applicable compliance requirements. remember examination are like an audit.
detection is inversly related to
Risk of noncompliance
As Risk of noncompliance increase > risk of detection decrease to reach a desired audit risk
IR - CR - DR are all directly related to = AR
where would the contract agreement of report of comliance go in the audit report
in the OM paragrah.
an auditor conducting compliance audit will design and perform additional procedures in response to the assess risk of material noncompliance. the test of control if
test of operating effectiveness of controls may require if one of the following exist
- risk assessement includes an explanation of the operating effectiveness of controls over comppliance
- substantive procedures do not provided enough evidence to support a conclusion or
- test of controls are required by applicable government audit requirements.
a5- m7 government audits; when GAGAS used. whatr should be included in the reporting of compliance with laws and regs. in a audited f/s
auditors reports either asserts that there are no findings or ref. a separate schedule of findings, which includes disclosure of material instances of fraud and illegal acts.
Government auditing standards require
a report on i/c in every audit
in a government aud standard should the auditor compliance and i/c over compliance include the scope of auditors testing and uncorrected misstatements that were determined by management to be immaterial
scope of audit test on i/c tests.
misstatemement that are immaterial; no. but can be braught to managment attention.
In management written representaion to the auditor in connection with governmental audit would most likely include
management’s interpretation of compliance requirements that are subject to different interpretation.
what is the auditors objective in a compliance audit of a governmental entity
form an opinion on whether the government complied in all material respect with applicable compliance and then report at the levle specified by the government audit requirement,
does the entity f/s in accordance to GAGAS or yellow book, is the auditor required to report; recommendation for actions to improve ops.
the scope of the auditor tests of compliance with laws and reg
just the scope of auditors test of compliance.
when auditor IDENTIFIED potential fruad what is his first response
first step is to extend the audit procedures as necessary to determine whether fraud has occured. if results are correct discuss with senior partner, that management and audit committee
when audit determined that fraud has been committed and client committee takes no actions. under GAGAs what entity should auditor report next to
the counterparty to the contract could be a government agency
under GAGAS yellow book what category would an auditor describe as using professional judgement fall under
presumptively mandatory requirement; called a should
unconditional is a requirement MUST follow
conditional no such requirement
explanatory conditional ; not used but explanatory material is used but does not impose professional judgement for performance.
if a entity with fed fund is audited and client does not have adequate documentation of expenses the support fed fund is called
question cost of $xxx for operating expenses have been id. by auditor.
it would not be ; $xxx in ops not appoved
or not required or summitted unauthorized fund. becasue all these were done just dont’t ahve the documentation.
if an auditor is engaged in a GAGAS audit of a government entity. they do not require
concurrent opinion on the financial statement take as a whole. just one opinion needed
what documentation is require in accordance to GAGAS
audit documentation should contain sufficient informaiton so that supplementary oral explanation are not required.
in GAGAS is management to acknowledge it responsibilty for correcting instances of fraud, abuse and waste or or taking corrective action on fraud abuse and waste
taking corrective action on fraud abuse and waste
Also there are no statement that contain the word caveat in GAGAS
for f/s audits, GAGAS incorporates the SAS that are issued by the AICPA. GAGAS presribes addtional standards on
Direct reporting of illegal acts and reporting on i/c
a5-m8 mcqs; under 2-cfr 200 single audtit what approach are auditors to use
they are to use a risk base approach to determine major programs
which cognizant agency is most likely to be assigned to an auditee
the federal awarding agency that provides the most federal fundiung to non federal entitys
how does title 2 of 200 cfr define a subrecipient
a non federal agency that expends federal awards received from another entity to carry out the federal programs
A5 MCQ test study questions; SSAE a procudure is a “should or must” consider how do i handle. lets say it is on audit procedures, carrying out and actions
Should;: this means that the procedure is presumptively required as far as audit procedures and carryout and action is not required. in some cases a practitioner will depart from a should and use professional judgement.. this is rare circumstances
Where as Must. requirement is done in all cases.
is there an interelationship between f/s audit and an audit of i/c when auditor consider material weakness found during the audit of i/c when determining the ET of substance tes in f/s audit.
no.audit of i/c, should consider any control deficiencies in NET
during an integrative audit, the mangement written rep letter should and should provide
should’; a statement on mangement performed eval o the effectiveness of i/c
description of key employee fraud
an affirmation that management did not rely on auditor procedures
statement that there were no significant changes to i/c after the as of date of i/c
should not
statement that there were no significant changes to i/c before the as of date of i/c
a cpa’s report on agreed upon procedures on management assertions on entitys compliance wiht sprecified requirements should contain
aup are used for the soley use of specifed parties and the statement should include a limitation on the use of the report.
when performining an audit in accordance to GAGAS an auditor is required to report on the entitys compliance with law and regs. the report give
the basic elements of a report on compliance includes a statement that the audit should be planned to obtain reasonable assurance about whether noncompliance could have a material effect on the program audited.
it does not provide ;
opinion
describe laws and regs
does not give negative assurance on legal determination.
a practitioner may perform a aup on prospective f/s provided that which of the following is met
it includes a summary of significant assumptions in the f/s
when doing a sim on the report on i/c over financial reporting these are the steps that i should follow
Step go to the authoritative literatrure and find aicpa for non issuerer and pcaob for issuer go to advance search and type in;illustrative report internal controls auc 940 .a154. or look at the unmodied opinion report it is simular. make sure to review unmodied opinion report before exam. it is tested on cpa audit exam.
When i see we have issued 2013 framework, this is coso
Remember when obtaining evidence, it is “sufficient and appropriate”
a5 document review of pcaob integrative audit
under pcaob, auditor “must” do audit of fair presentation of f/s and report on operating effectiveness of i/c.
the title for issuer is ; Report of registered independent public accounting firm
when determining opinion for qualified or adverse, you must define materiality based on materiality ( look at schedle or lead sheet) set by auditor and judgment. it is one piece of equipement is set at fv instead of nvv then qualifed. if it were a significant or all equipment then adverse and pervasive. and f/s are useless.
f/s are done through GAAP
not sure of state look up in authoritative literatrue under pcaob for issuers. 2201 paragrap 87
if there is a material weakness, it is adverse, qualied or disclaimer
in the definition section i/c are done through gaap