Audit 6 Flashcards
What does the AICPA Code of Professional Conduct govern?
ANY service that a member of the AICPA performs
A professional code of conduct is..
A distinguishing mark of a profession that accepts a high degree of responsibility toward the public
A member in public practice should be independent in…
FACT and APPEARANCE when providing auditing and other attestation services
Objectivity applies to..
ALL services rendered
Independence is not required for…
compilations and non-attestation services
Independence is impaired if a covered member…
has a direct financial interest (regardless of materiality) or a material indirect interest in an attestation client
Independence is not impaired in a financial institution client by…
- Fully collateralized car loans - Cash advance or credit card balance not exceeding $10,000 - Bank account fully insured by the government - Pasbook loan
Independence is impaired if an individual…
who was formerly employed by the client participates on the engagement team or is in a position to influence the engagement when the engagement covers any period of his or her former employment with the client
Independence is impaired by an immediate family member or close relative’s..
employment with a client in a key position
Independence is impaired if a partner or professional employee…
leaves the firm and is employed by the client in a key position unless the individual is no longer in a position to influence or participate in the firms business decision and amounts due
Independence is impaired if an individual who is a member of the engagement team…
is seeking or discussing potential employment with the client
Independence is impaired if a member…
makes management decisions for an attest client
Independence is impaired with respect to a client…
who is more than one year overdue in the payment of professional fees
Integrity and objectivity rule applies to
CPA, CPA firm, Company employees
Professional competence includes
- the technical qualifications of the CPA and of the CPAs staff - the ability to supervise and evaluate work - and the knowledge of technical subject matter OR the ability to obtain that knowledge by research or consultation
Due professional care requirements
- member must possess same degree of skill commonly possessed by others in the field - member must act as a reasonably prudent accountant would - member must critically review work done by those assisting in the engagement at every level of supervision
Compliance with standards rule measures…
quality of performance
Accounting principles rule
general rule: GAAP should be followed except in unusual circumstances may justify a departure from GAAP
In what situations is a member in public practice required to disclose confidential client information?
- to comply with a validly issued subpoena or summons - as part of a quality review (peer review) - in response to any inquiry either made by ethics division or the trial board of the AICPA or disciplinary body of a state CPA society - your legal defense team (when client is suing you)
Contingent fee is established for performing services when
- no fee is charged unless a specific finding or result is obtained - the fee amount is dependent upon the finding or result obtained
Contingent fees are specifically prohibited for…
audits and reviews of F/S or examinations of prospective financial information
Contingent fees are permitted when..
- when they are fixed by courts - for compilations of F/S expected to be used by third parties only if the member includes a statement that the member is not independent
Acts discreditable include
- failure to return records to a client after demand made - failing to follow standards - negligence in F/S prep - solicitation or disclosure of CPA exam q/a - disclosure of confidential information obtained from a prospective client or non-client without consent
Member in public practice shall not advertise in a manner that is
false, misleading, or deceptive
Member in public practice shall not receive commission when member or firm also performs…
an audit or review for the client, compilation of F/S expected to be used by third parties, or an examination of prospective F/S
Threats to compliance with the fundamental principles
- adverse interest threat - advocacy threat - familiarity threat - management participation threat - self-interest threat - self-review threat - undue influence threat
Adverse interest threat
Threat that a member will not act with objectivity because the member’s interests are opposed to the client’s interest (public practice)/employing organization (members in business)/atttest client (independence)
Advocacy threat
Threat that a member will promote a client’s/employing orgs/attest client’s interests or position to the point that his or her objectivity or independence/objectivity/independence is compromised
Familiarity threat
Threat that, due to a long or close relationship with a client/person or employing org/attest client, a member will become too sympathetic to their interests or too accepting of the work or product/service
Management participation threat
Threat that a member will take on the role of client/attest client management or otherwise assume management responsibilities. Not applicable to members in business
Self-interest threat
Threat that a member could benefit, financially or otherwise, from an interest in, or relationship with a client/employing org/attest client or persons associated with them
Self-review threat
Threat that a member will not appropriately evaluate the results of a previous judgment made or service performed or supervised by the member or an individual in the member’s firm/employing org and that member will rely on that service in forming a judgment as part of another service/attest engagement
Undue influence threat
Threat that a member will subordinate his or her judgment to an individual associated with a client/employing org/attest client or any relevant third party due to that individual’s reputation or expertise, aggressive or dominant personality, or attempts to coerce or exercise excessive influence over the member
Acceptable level of threat occurs when
the threat does not compromise a member’s compliance with the rules
PCAOB
Public Company Accounting Oversight Board – 2 members MUST be CPAs and 3 members CANNOT be CPAs. Subject to oversight by the SEC
What is the PCAOB responsible for?
- Registering public accounting firms that audit issuers - establishing rules relating to the prep of audits of issuers - conducting inspections, investigations, and disciplinary proceedings concerning registered public accounting firms
Each registered firm must
- Maintain audit documentation for 7 years - provide a concurring or second partner review of each audit report - describe the scope of testing of the issuer’s I/C structure and procedures in audit reports
When auditing an issuer, the following other services are prohibited
- bookkeeping - financial information systems design and control - appraisal/valuation - actuarial - mgt functions or human resources - internal audit outsourcing activities - services as a broker/dealer/investment advisor/investment banker - legal services - expert services unrelated to audit
When auditing an issuer, what service is permissible?
Tax services, if preapproved by the audit committee
The lead audit or coordinating partner and the reviewing partner must
rotate off the audit every five years
Registered firms must report the following to the audit committee
- critical accounting policies and practices to be used - alternative accounting treatments discussed with the corps mgt - material written communications between the audit firm and mgt
“cool off” period
audit firm cannot have employed the issuer’s CEO/CFO/Controller/CAO for a one-year period preceding the audit
SOX required enhanced financial reports
- must reflect all material adjustments - must disclose all material off-balance sheet transactions - must disclose related parties - must include an internal control report stating mgts responsibility and an assessment of the effectiveness - must disclose whether code of ethics exists for senior financial officers - must disclose whether the audit committee has at least one member who is a financial expert
“time out” period
lead and concurring partners are subject to a 5-year “time out” period before returning to an engagement
Preapproval is not required for
Non-audit services that do not exceed 5% of total revenues from the audit client during the fiscal year provided, so long as non-audit services are promptly brought to the attention of the audit committee before completion
PCAOB independence standards
-Responsibility to not knowingly or recklessly contribute to violations - Auditor Independence - Contingent fees - Tax transactions - Tax services for persons in financial reporting oversight roles - audit committee preapproval of certain tax services - audit committee preapproval of non-audit services related to I/C over financial reporting - communication with the audit committee concerning independence
Employee benefit plan: impairment of independence
- any direct financial interest or a material indirect financial interest in the plan or the plan sponsor - connection to the plan or the plan sponsor - records maintained by accountant or member of accounting firm
State boards of accountancy: sole power to license
statutes in all 50 states grant to state boards of accountancy the sole power to license CPA
Categories of misconduct
- while performing accounting services - outside scope of accounting services - criminal conviction
Audit documentation
“working papers” is the principal record of audit procedures performed, evidence obtained, and conclusions reached
Audit documentation should
- assist in planning/conducting/supervising audit - show that accounting records reconcile with the F/S - be prepared in enough detail so that an “experienced auditor” who has no previous connection with the audit can understand: NET, results, significant findings, conclusions reached
Nonissuers must retain audit documentation for
5 years
All documentation must be assembled within
60 days of the report release date (nonissuers) and 45 days of the report release date (issuers)
Permanent file
includes documentation that has a continuing interest from year-to-year
Current file
contains audit documentation applicable to the year under audit
COPAL
- Control Team - Operators - Programmer - Analyst - Librarian
How does IT affect audit testing?
Audit tests should be performed on a continuous basis
How may the auditor gather evidence in a heavy IT audit?
- manual audit procedures (“auditing around the computer”) - computer-assisted audit techniques (CAAT “auditing through the computer”)
What types of audit testing should be done in a highly computerized system?
Substantive testing AND tests of controls (to assess control risk)
How does an auditor “audit around the computer”
Auditor tests the input data, processes the data independently, and then compares the results of both
When are manual audit procedures appropriate?
For simple bath systems with a good audit trail
What are the risks of auditing around the computer?
insufficient, paper-based evidence and insufficient audit procedures
How does an auditor “audit through the computer”
-Transaction tagging -Embedded Audit Modules -Test Data -Integrated Test Facility -Parallel Simulation
What are the sources of standards for governmental audits?
GAAS and GAGAS
GAGAS contains standards for audits of…
-Gov’t orgs, programs, activities, and functions -Gov’t assistance received by contractors, NFP orgs, and other nongovernmental orgs
What reasonable assurance does GAGAS include designing the audit to detect?
Material misstatement resulting from noncompliance
Audits of recipients of federal financial assistance should be conducted in accordance with
GAAS and GAGAS
Types of government audits
- Financial Audits - Attestation Engagements - Performance Audits
GAS basis F/S audits incorporate GAAS to determine
whether the F/S present fairly the financial position, results of operations, and if applicable, cash flows in accordance with GAAP
Attestation engagements performed in conformity with GAS, incorporate AICPA standards for
examinations, reviews, and agreed-upon procedures by reference and include expanded requirements
Performance audits under GAGAS have what three objectives?
- Effectiveness, economy, and efficiency - Internal Control - Compliance
Under GAGAS, mgt responsibility includes
- Identification of applicable laws/regs with compliances requirements - Establishment of internal controls - Preparation of supplementary financial reports - Obtaining an audit that satisfies relevant legal/regulatory/or contractual requirements
Under GAGAS, auditor responsibility includes
- Obtaining reasonable assurance that the F/S are free of material misstatements resulting from violations of laws/regs that have a DIRECT and MATERIAL effect on the determination of F/S amounts - Assessing whether mgt has identified laws/regs that have a DIRECT and MATERIAL effect on the determination of amounts in the entity’s F/S - Obtaining understanding of possible effects of laws/regs on F/S identified by mgt and those identified by auditors
GAGAS, objective of compliance audits
To obtain sufficient evidence to form an opinion on whether the entity complied, in all material respects, with the compliance requirements applicable to its programs
GAAS assumes that mgt will re:compliance audits
- Identify gov’t programs and understand/comply with requirements - Maintain effective controls - Conduct ongoing evaluation and monitor compliance requirements - Take appropriate corrective action on audit findings
Overall standards for compliance audits
- Perform a risk assessment 2. Design responses to the risk assessment 3. Determine if supplementary audit requirements exist 4. Obtain written representations from mgt 5. Prepare reports 6. Prepare required documentation
Audit risk of noncompliance model
audit risk of noncompliance = risk of material noncompliance * detection risk
Inherent risk of noncompliance
Susceptibility of a compliance requirement to noncompliance that could be material, assuming that there are no related controls. Exists independent of the audit.
Control risk of noncompliance
The risk that noncompliance with a compliance requirement that could be material will not be prevented or detected on a timely basis by an entity’s internal control. Exists independent of the audit.
Detection risk of noncompliance
The risk that the auditor will not detect material noncompliance that exists. Detection risks relates to the auditor’s procedures.
Tests of the operating effectiveness may be required if…
- Risk assessment includes an expectation of the operating effectiveness of controls over compliance - Substantive procedures do not provide enough evidence to support a conclusion - Tests of controls are required by the applicable governmental audit requirements
Auditor may prepare a report several different ways such as..
- Opinion on compliance - Report on I/C over compliance - Combined report on compliance and I/C control over compliance
Required documentation re:compliance audits
- Assessed risk of material noncompliance (procedures performed/documentation of I/C) - Responses to the risk assessment (procedures to test compliance/results of procedures and test of controls) - Basis or rationale for materiality levels - Compliance with supplemental requirements
Government auditing standards – ethical standards
- Serving the public interest - Integrity - Objectivity - Proper use of gov’t info, resources, and positions - Professional behavior
Government auditing standards – general standards
- Independence of mind and appearance - Professional judgment - Competence - Quality control and assurance (peer review every 3 yrs)
GAGAS requirements for reporting on financial audits
- Auditor’s compliance with GAGAS - Report on I/C and compliance with laws/regs/contracts/grant agreements - Deficiencies in I/C fraud/noncompliance - Report views of responsible officials - Reporting confidential or sensitive information - Distribute reports - Additional GAGAS considerations for financial audits
GAGAS reporting fraud and illegal acts
Similar to GAAS, required to report all illegal or possible illegal acts.
GAGAS threats to independence
- Self-interest - Self-review - Bias - Familiarity - Undue influence - Mgt participation - Structural
Single Audits are required when
An entity that expends total federal assistance equal to or in excess of $750,000 in a fiscal year to have an audit performed in accordance with the single audit act
Objectives of a single audit
- Audit of the entity’s F/S and report on a separate schedule of expenditures of federal awards in relation to those F/S - Compliance audit of federal awards expended during the year as a basis for issuing additional reports on compliance related to major programs and on I/C over compliance
Single audit – materiality
Considered separately in relation to each major program NOT in relation to F/S as a whole
Elements of quality control
- Human resources - Engagement/client acceptance and continuance - Leadership responsibilities - Performances of the engagement - Monitoring - Ethical requirements
Objective of quality control standards for an engagement
To provide reasonable assurance that the audit complies with professional standards and applicable legal and regulatory requirements and that the auditor issues a report that is appropriate
