Ch 18

Question 1

Auditors of large public companies need to report on?

Answer 1

Financial statements and Internal Controls over financial reporting

Question 2

The audits of internal control and financial reporting should be integrated based on the provisions of

Answer 2

PCAOB Standard No. 5

Question 3

Sarbanes - Oxley Act of 2002 what does Section 404(a) detail?

Answer 3

It requires annual report filed w the SEC to include an internal control report by management. This means that management acknowledges responsibility for establishing and maintaining adequate internal control.

Question 4

The report that management makes for internal control provides assessment of internal control effective at

Answer 4

end of fiscal year.

Question 5

404(b) requires CPA firm to

Answer 5

audit internal control and express an opinion on effectiveness of internal control.

Question 6

Which companies are exempt?

Answer 6

Companies w less than $75 million in market capitalization or less than $100 million in revenues in preceding year.

Question 7

What is the SEC definition for internal control?

Answer 7

Internal control over financial reporting is a process designed by, or under the supervision of, the company’s principal executive and principal financial officers, or persons performing similar functions, and affected by the company’s board of directors, management, and other personnel, to provide reasonable assurance regarding the reliability of financial reporting and the preparation of financial statements for external purposes in accordance with generally accepted accounting principles and includes those policies and procedures that:

Question 8

What are the 3 parts that continue the definition/what internal controls are?

Answer 8

Pertain to the maintenance of records that, in reasonable detail, accurately and fairly reflect the transactions and dispositions of the assets of the company;

Provide reasonable assurance that transactions are recorded as necessary to permit preparation of financial statements in accordance with generally accepted accounting principles, and that receipts and expenditures of the company are being made only in accordance with authorizations of management and directors of the company; and

Provide reasonable assurance regarding prevention or timely detection of unauthorized acquisition, use, or disposition of the company’s assets that could have a material effect on the financial statements.

Question 9

What is Management’s responsibility?

Answer 9

• Accept responsibility for effectiveness
• Evaluate the effectiveness of the internal controls using suitable criteria
• Support the evaluation w sufficient evidence (management needs WP)
• Provide a report on internal control

Question 10

Management’s report on internal control must

Answer 10

• state that it’s management’s responsibility to establish and maintain adequate internal control
• identify management’s framework for evaluating internal control
• include management’s assessment of the effective of the company’s internal control over financial reporting as of the end of the most recent fiscal period, including a statement as to whether internal control over financial reporting is effective
• if applicable, include a statement that the company’s auditors have issued an attestation report on management’s assessment

Question 11

Management can be assisted by consultants but not by

Answer 11

The CPA firm that conducts the audit of financial statements

Question 12

Management must understand the definition of internal control

Answer 12

adopted by the SEC

Question 13

Evaluation must use an accepted

Answer 13

“control framework” such as Internal Control-Integrated Framework created by COSO

Question 14

Management must understand concepts of control

Define the 3 issues with control

Answer 14

control deficiency, significant deficiency, and material weakness

Question 15

Components of internal control

Answer 15

The Control Environment.
Risk Assessment.
Control Activities.
Information System Relevant to Financial Reporting and Communication.
Monitoring Activities

Question 16

Control deficiencies

Answer 16

Exists when the design or operation of a control does not allow management or employees, in the normal course of performing their functions, to prevent or detect misstatements on a timely basis.

Question 17

Levels of severity of control deficiencies

Answer 17

Less than a significant deficiency.

Significant deficiency – less severe than material weakness yet important enough to merit attention.

Material weakness – reasonable possibility that a material misstatement will not be prevented or detected.

Question 18

Does Existence of a control deficiency Result in Required Modification of Management’s Assessment and Auditors’ Report? Severity: Not directly considered in definition

Answer 18

Only if it is a material
weakness

Question 19

Does Existence Result in Required Modification of Management’s Assessment and Auditors’ Report?
Severity: Less severe than a material weakness

Answer 19

No

Question 20

Does Existence of material weakness Result in Required Modification of Management’s Assessment and Auditors’ Report? Severity: Reasonable possibility of a material misstatement

Answer 20

Yes

Question 21

What is the objective of Management’s Evaluation of Internal Control?

Answer 21

To provide a reasonable basis for its annual assessment

Question 22

What is the process for the evaluation of internal controls?

Answer 22

Process.
- Evaluate design effectiveness of controls.
- Evaluate operating effectiveness of internal control.
- Document the process.
- Issue the report.

Question 23

What is the auditor’s objective regarding internal controls?

Answer 23

Plan and perform the audit to obtain reasonable assurance about whether material weaknesses exist to express an opinion on company’s internal control over financial reporting.

Question 24

The evidence is gathered for an opinion _____ date?

Answer 24

as of the date specified in management’s assessment – normally the last day of the company’s fiscal year.

Question 25

List out the 5 audit steps

Answer 25

1. Plan the engagement
2. Use a top-down approach to identify controls to test
   (financial statements and entity level controls {e.g. corporate code of conduct, audit committee effectiveness, IT controls over program development, the financial statement close process})
   Then test certain key controls that may affect a specific account (for example—shipping documents related to accounts receivable billing)
3. Test and evaluate design effectiveness of internal control
4. Test and evaluate operating effectiveness of internal control
5. Form an opinion on the effectiveness of internal control

Question 26

When planning the engagement, what matters do auditors need to consider?

Answer 26

Client’s industry.
Regulatory matters.
Client’s business.
Recent changes in the client’s operations.

Question 27

What is the difference between audit of internal control and audit of financial statements?

Answer 27

Time period:
- Audit of internal control – as of date.
- Audit of financial statements: entire financial statement period.

Question 28

What’s the difference between small and large clients? In regards to internal control and difference of financial statement audits.

Answer 28

Degree of complexity of operations.

Question 29

What is the goal of the top down approach?

Answer 29

Goal is to focus on testing those controls that are most important to auditor’s conclusion on internal control, avoiding those that are less important.

Question 30

For top down approach, it starts at top. What are entity level controls and what do they emphasize? What effect do they have?

Answer 30

• Entity-level controls – those in control environment or monitoring components of internal control.
• Emphasize those relating to audit committee effectiveness, fraud, and period-end process.
• Direct or indirect effect.

Question 31

Just read thru

Answer 31

Management accountability

Senior management conducts ineffective oversight of antifraud programs and controls.

Audit committee

Audit committee passively conducts oversight. It does not actively engage the topic of fraud.

Internal audit

Inadequate scope of activities. Inadequate communication, involvement, and inter-action with the audit committee.

Code of conduct/ethics

Nonexistent code or code that fails to address conflicts of interest, related party transactions, illegal acts, and monitoring by management and the board.
Ineffective communication to all covered persons.

“Whistleblower” program*

No program for anonymous submissions.
Inadequate process for responding to allegations of suspicions of fraud.
Whistleblower program significantly defective in design or operation.

Hiring and promotion procedures

Failure to perform substantive background investigations for individuals being considered for employment or promotion to a position of trust.

Remediation

Failure to take appropriate and consistent remedial actions with regard to identified significant deficiencies, material weaknesses, actual fraud, or suspected fraud.

Question 32

An account is significant if there is a reasonable possibility that it could contain ____. Also what are the factors? Generally name them.

Answer 32

a misstatement that individually or in aggregate has a material effect on financial statements.
Factors:
Size and composition.
Susceptibility of loss due to errors or fraud.
Volume of activity, complexity, and homogeneity of individual transactions.
Nature of the account.
Accounting and reporting complexity.
Exposure to losses.
Possibility of significant contingent liabilities.
Existence of related party transactions.
Changes from the prior period.

Question 33

Define relevant assertions. What are the assertions, name them.

Answer 33

Relevant assertions are those that have meaningful bearing on whether account is presented fairly. Recall that the relevant assertions about accounts and classes of transactions are:
existence or occurrence;
completeness;
valuation or allocation;
rights and obligations; and/or
presentation and disclosure.

Question 34

In evaluating the design effectiveness of the company’s internal control, the auditors ask themselves, if the controls are operating effectively, are internal controls effective?
In evaluating design effectiveness, the auditors often consider the nature of the transactions making up the account. Transactions are classified as:

Answer 34

Routine transactions are for recurring activities,
Examples: sales, purchases, cash receipts and disbursements, and payroll.

Nonroutine transactions occur only periodically; they generally are not part of the routine flow of transactions.
Examples: transactions such as counting and pricing inventory, calculating depreciation expense, or determining prepaid expenses.

Accounting estimates are activities involving management’s judgments or assumptions,
Examples: determining the allowance for doubtful accounts, estimating warranty reserves, and assessing assets for impairment.

Question 35

Define walk-through

Answer 35

Tracing a transaction from its origination through the company’s information system until it is reflected in the company’s financial reports.

Question 36

Walk-through provides evidence to:

Answer 36

Provide evidence to:
Verify that the auditors have identified points at which a significant risk of misstatement to a relevant assertion exists.
Verify their understanding of the design of controls, including those related to the prevention or detection of fraud.
Evaluate the effectiveness of the design of controls.
Confirm whether controls have been placed in operation (implemented).

Question 37

Once the auditors understand entity-control controls and the flow of transactions, the auditors are in a position to:

Answer 37

Verify points within the company’s processes at which a misstatement could arise that could be material;
Identify the controls management has implemented to address these potential misstatements; and
Identify the controls management has implemented to prevent or detect on a timely basis unauthorized acquisition, use, or disposition of the company’s assets that could result in a material misstatement.

Question 38

It’s not ________ to perform perform tests of all controls

Answer 38

necessary

Question 39

Like redundant controls, don’t need to _____ if duplicate control is tested

Answer 39

test

Question 40

Design tests for

Answer 40

Preventive and/or detective controls

Question 41

Complementary controls, what should be tested?

Answer 41

Both should be tested. Preventive and/or detective controls.

Question 42

What should you test to test the operating effectiveness of internal controls?

Look at/test to test the operating effectiveness

Answer 42

Nature: Inquiries, inspections, observations, and reperformance. Vary the tests when possible (make them unpredictable).

Timing:
Sufficient period of time.
Periodic controls – may have to wait to after report date.

Extent:
Depend on frequency of control.

Question 43

Tests of controls are the same for _____ and ____

Answer 43

Same for internal control audit and financial statement audit.

Question 44

Evidence from internal control audit can be used for

Answer 44

financial statement audit

Question 45

How are the objectives between audits different?

Answer 45

Financial statement audit – assess level of control risk
Internal control audit – obtain evidence about effectiveness of controls

Question 46

In an integrated audit, testing should be _______ to satisfy both objectives.

give time period

Answer 46

spread through the year to satisfy both objective. (but must test some items near AS OF date to determine effectiveness as of report date)

Question 47

Integrated audit requires tests of controls for all

Answer 47

major account and relevant assertions

Question 48

Integrated audit and internal controls being good can lead to

Answer 48

Will lead to decreased scope of substantive procedures.
However, significant deficiencies or material weaknesses could lead to more substantive procedures.
Not acceptable to omit substantive procedures completely.

Question 49

Findings from substantive procedures may affect audit of internal control:

Answer 49

Could provide evidence of effectiveness or ineffectiveness of internal control over financial reporting.
Example: Identification of material misstatement in financial statements is indicative of at least a significant deficiency in internal control.

Question 50

To form an opinion, auditors have to evaluate

Answer 50

1. The results of their evaluation of the design,
2. The results of tests of the operating effectiveness of controls,
3. Negative results of substantive procedures performed during the financial statement audit, and
4. Any identified control deficiencies. (there may be other controls that mitigate the risk of potential misstatement to reduce deficiency to less than “material weakness”)

Question 51

What is a combined report?

Answer 51

The auditors may also issue a combined report on control over financial reporting and the financial statements.
The reports includes the components of both of the separate reports.

Question 52

Material Weakness Exists
Material Weakness Existed during Year, System Changed
Prior to the As of Date

Answer 52

Adverse

Question 53

Auditors test new system and material weakness eliminated

Answer 53

Unqualified

Question 54

Auditors do not have sufficient time to test new system

Answer 54

Treat as scope restriction

Question 55

Scope Restriction* Management’s Report on Internal Control Is Incomplete or Improperly Presented

Answer 55

Disclaimer or Withdraw from Engagement

Question 56

Report does not acknowledge a material weakness identified by the auditor

Answer 56

Adverse

Question 57

Other Issues

Answer 57

Unqualified (but with an explanatory paragraph)

Question 58

If the auditors intend to issue a disclaimer of opinion, yet know of a material weakness,

Answer 58

the material weakness should be described in the report.

Question 59

Reporting on Whether a Previously Reported Material Weakness Continues to Exist:

Answer 59

Management believes material weakness has been eliminated.

Auditor engaged to report on whether material weakness continues to exist.

Engagement focused on evidence regarding material weakness.

Question 60

Communicate in writing to management:

Answer 60

All control deficiencies regardless of severity.

Question 61

To audit committee:

Answer 61

Material weaknesses, significant deficiencies and that all other deficiencies have been communicated to management.

Question 62

To board of directors

When do you them written communication?

Answer 62

If conclude oversight of financial reporting and internal control is ineffective.

Question 63

While a material weakness in internal control can arise in a wide variety of situations, PCAOBStandard No.5 provides the following indicators of material weaknesses:

Answer 63

Identification of fraud, whether or not material, on the part of senior management.

Restatement of previously issued financial statements to reflect the correction of a material misstatement.

Identification by the auditors of a material misstatement in circumstances that indicate that the misstatement would not have been detected by the company’s internal control.

Ineffective oversight of the company’s external financial reporting and internal control by the company’s audit committee.

Question 64

Can you have an adverse opinion on internal control over financial reporting and still be able to issue an unqualified opinion on the company’s financial statements?

Answer 64

YES—as long as you increase your procedures to take the control weakness into consideration