Chapter 18

Question 1

Auditors of public companies should report on what two things?

Answer 1

Financial statements and
Internal control over financial reporting (ICOFR), according to PCAOB No. 5 - the audits of internal control and financial reporting should be viewed as integrated

Question 2

Based on section 404a, all public companies need to:

Answer 2

To include an internal control report when filing its annual report (10-K) with SEC. In this, Management acknowledges responsibility for establishing and maintaining adequate internal control. It also provides an assessment of internal control effectiveness at end of fiscal year, while increasing management’s responsibility for demonstrating that controls are effective

Question 3

Management’s Responsibility for Internal Control under SOX is listed as the following (describe one)

Answer 3

• Accept responsibility for effectiveness of ICOFR
• Evaluate the effectiveness using suitable criteria
• Support the evaluation with sufficient evidence
• Provide a report on internal control

Question 4

Which section of Sarbanes Oxley, 404a or 404b, requires auditors of public companies with market capitalization in excess of $75,000,000 to audit internal control and express an opinion on effectiveness of internal control

Answer 4

404b

Question 5

Flip card to see SEC’s definition of ICOFR

Answer 5

Internal control over financial reporting is a process designed by, or under the supervision of, the company’s principal executive and principal financial officers, or persons performing similar functions, and affected by the company’s board of directors, management, and other personnel, to provide reasonable assurance regarding the reliability of financial reporting and the preparation of financial statements for external purposes in accordance with generally accepted accounting principles and includes those policies and procedures that:

Question 6

What is the Auditor;s Objective when it comes to ICOFR?

Answer 6

Plan and perform the audit to obtain reasonable assurance about whether material weaknesses exist to express an opinion on effectiveness of company’s ICOFR. No material weakness = effective ICOFR. One or more material weaknesses = ineffective ICOFR

.

Question 7

What is the Objective of Management’s Evaluation of ICOFR?

Answer 7

To provide a reasonable basis for its annual assessment as to whether there are any material weaknesses in ICOFR as of year-end

Question 8

What is a Control Deficiency?

Answer 8

design/operation of control does not allow timely prevention/detection of misstatements

Question 9

See slide 8 for levels of control deficiencies

Answer 9

Slide 8

Question 10

Management Assessment of ICOFR includes the following:

Answer 10

• Process of identifying significant controls and testing their design and operating effectiveness
• Management can be assisted by consultants but not by the audit firm conducting financial statement audit
• Evaluation must use an accepted “control framework” such as Internal Control-Integrated Framework created by COSO
• Must understand concepts of control deficiency, significant deficiency, and material weakness
• Must understand SEC’s definition of internal control

Question 11

The report on ICOFR does what? (Name one of the four following)

Answer 11

• State that it is management’s responsibility to establish and maintain adequate internal control
• Identify management’s framework for evaluating internal control
• Include management’s assessment of the effectiveness of the company’s internal control over financial reporting as of the end of the most recent fiscal period, including a statement as to whether internal control over financial reporting is effective
• Include a statement that the company’s auditors have issued an attestation report on management’s assessment

Question 12

What are steps for auditing internl control?

Answer 12

1. Plan the engagement
2. Use a top-down approach to identify controls to test
3. Test and evaluate design effectiveness of internal control
4. Test and evaluate operating effectiveness of internal control
5. Form an opinion on the effectiveness of internal control

Question 13

Explain Planning the Engagmeent - the first step

Answer 13

Efficient planning requires coordination with financial statement audit.
Initial knowledge of ICOFR during planning will vary based on nature of client and experience with client. New auditor – little knowledge/much work on understanding ICOFR for planning. have much knowledge and just need to update this knowledge for planning

Question 14

Auditors should use a top-down approach to identify controls to test. Further elaborate this 2nd step

Answer 14

Starts at the top with financial statement elements and entity-level controls.
Links these to significant accounts, relevant assertions, and major classes of transactions. The goal is to focus on testing most important controls. See slide 16

Question 15

Define Entity-Level Controls

Answer 15

Controls with a pervasive effect on internal control system (as opposed to controls for specific objectives). Often those in control environment or monitoring components of internal control, for example:

• Tone at the top
• Assignment of authority/responsibility
• Corporate code of conduct

Question 16

PCAOB Standard No. 5 emphasizes controls relating to what? (Name one of the three)

Answer 16

• Audit committee effectiveness
• Fraud
• Period-end reporting process (“financial statement close”)

Question 17

Account is considered “significant” if

Answer 17

reasonable possibility that it could contain a misstatement that has a material effect on financial statements (does not consider internal control effectiveness). Auditor should obtain understanding of significant accounts and disclosures

Question 18

See slide 18 for antifraud programs

Answer 18

slide 18

Question 19

Do redundant controls need to be tested?

Answer 19

No.

Redundant controls – those that duplicate other controls (do not need to test if duplicate control is tested)

Question 20

Accounting estimates - involve management’s judgments or assumptions (e.g., determining the allowance for doubtful accounts, estimating warranty reserves, assessing assets for impairment). True or false?

Answer 20

True

Question 21

Once determinec significant accounts and disclosures, auditor must determine which of the assertions are relevant:

Answer 21

(1) existence or occurrence;
(2) completeness;
(3) valuation or allocation;
(4) rights and obligations; and/or
(5) presentation and disclosure.

Relevant assertions are those that have meaningful bearing on whether account is presented fairly (e.g., valuation may be very relevant to accounts receivable but not for cash)

Question 22

Name one of the factors to determine significance of account:

Answer 22

• Size and composition.
• Susceptibility of loss due to errors or fraud.
• Volume of activity, complexity, and homogeneity of individual transactions.
• Nature of the account.
• Accounting and reporting complexity.
• Exposure to losses.
• Possibility of significant contingent liabilities.
• Existence of related party transactions.
• Changes from the prior period.

Question 23

What are complementary controls?

Answer 23

work together to achieve particular control objective (both should be tested)

Question 24

difference betwen preventive and detective controls

Answer 24

preventive – prevent error/fraud from occurring
Detective – detect errors or fraud that has already occurred
Auditor generally tests combination of both for relevant assertions

Question 25

Tracing a transaction from its origination through the company’s information system until it is reflected in the company’s financial reports in known as a

Answer 25

Walk-Through. Frequently the most effective way to obtain an understanding of classes of transactions and likely sources of misstatement

Question 26

When testing Operating Effectiveness, auditors consider Nature, Timing, and Extend. Define Timing

Answer 26

Sufficient period of time to determine effectiveness as of management internal control report date

Question 27

Tests of Design Effectiveness of ICOFR are used to understand internal control design to determine whether controls, if operating properly, can prevent/detect material misstatements. They may be a combination of which four tests? (name one)

Answer 27

• Inquiries
• Observations
• Walk-throughs
• Document inspection

Question 28

Evidence of effectiveness leads to (increased/decreased) scope of substantive procedures

Answer 28

Decreased (due to decreased control risk allowing increase of detection risk)

Review Risk model if necessary

Question 29

When testing Operating Effectiveness, auditors consider Nature, Timing, and Extend. Define Extent

Answer 29

Depend on frequency of control activity (the more frequent, the more it should be tested) and importance of control (the more important, the more it should be tested)

Question 30

Difference betwee the Financial Statement Audit’s objective and the ICOFR statement’s audit.

Answer 30

ICOFR: provide opinion on effectiveness of ICOFR

Financial Statement: assess control risk and test controls for any assessment below maximum risk

Question 31

The (ICOFR/Financial Statement) Audit must test effectiveness of controls for the entire period they are being relied upon.

Answer 31

Financial Statement audit. For ICOFR Audits, Auditors must test effectiveness of controls over all relevant assertions for all significant accounts and disclosures as of management’s ICOFR report date.

Question 32

With ICOFR report requirement, auditors now tend to rely (more/less) heavily on internal control in performing financial statement audit

Answer 32

More

Question 33

Define an Integrated Audit

Answer 33

Testing spread throughout the year to satisfy both objectives of ICOFR and Financial Statement audits

Question 34

When testing Operating Effectiveness, auditors consider Nature, Timing, and Extend. Define Timing

Answer 34

Sufficient period of time to determine effectiveness as of management internal control report date

Question 35

A Disclaimer or Withdrawal from engagement (depending on extent) would lead to what to be included with the auditor’s opinion?

Answer 35

Scope limitation = Disclaimer or Withdrawal from engagement (depending on extent)

Question 36

If management corrects material weakness with enough time for auditor to test, may issue unqualified report. True or false?

Answer 36

True.

Question 37

When Forming an Opinion on Effectiveness of ICOFR, Auditors evaluate all evidence, including (name one)

Answer 37

1. The results of their evaluation of the design of controls,
   
   2. The results of tests of the operating effectiveness of controls,
   3. Negative results of substantive procedures performed during the financial statement audit, and
   4. Any identified control deficiencies.

Question 38

No material weaknesses as of year-end and no scope restrictions = Adverse Opinion. True or False?

Answer 38

False - No material weaknesses as of year-end and no scope restrictions = Unqualified opinion.

One or more material weaknesses = Adverse opinion

Question 39

If a material weakness was corrected by management prior to year-end but without enough time to test, adverse opinion is still necessary. True or false?

Answer 39

False. If corrected prior to year-end but without enough time to test, scope restriction may force a disclaimer or withdrawal

Question 40

Significant deficiencies or material weaknesses will lead to (increased/decreased) scope of substantive procedures

Answer 40

Increased (due to increased control risk requiring decreased detection risk)

Question 41

If Management’s Internal Control Report is Incomplete or Improperly Presented, auditor should

Answer 41

Auditor should modify report to include explanatory paragraph describing inadequacy/improper presentation

Question 42

If management fixes a critcal weakness after year-end, may issue unqualified report. True or false?

Answer 42

False -

If correct after year-end, adverse report necessary

Question 43

If management does not disclose a material weakness in its report, auditor must:

Answer 43

• Include explanatory paragraph in auditor’s already adverse report
• Required to communicate this lack of disclosure in writing to audit committee

Question 44

All control deficiencies, regardless of severity must be Communicated in writing to management, Prior to issuance of auditor report on ICOFR. True or False?

Answer 44

True, this is an extra requirement of PCAOB #5.

Other requirements include making sure the Material weaknesses, significant deficiencies, and all deficiencies have been communicated to management in writing.

Also, After auditors conclude ICOFR is ineffective, Communicate in writing to board of directors The reasons for this conclusion

Question 45

A nonpublic company may choose to have an integrated audit of its financial statements and its internal control. True or false?

Answer 45

True, see image from slide 33

Question 46

When management believes material weakness has been eliminated, can they engage auditor to report on whether material weakness continues to exist?

Answer 46

Sure. Adverse internal control opinion motivates management to correct material weakness as quickly as possible

Question 47

A significant deficiency is less severe than a material weakness - true or false

Answer 47

true!

Question 48

Significant deficiencies discovered by the auditors should be communicated to the body charged with oversight of financial reporting and internal control of the organization. True or false?

Answer 48

True

Question 49

ection 404 of the Sarbanes-Oxley Act of 2002 emphasizes that investors must understand that financial statements and audit reports provide only limited, and not reasonable assurance. True or false?

Answer 49

False

Question 50

True or false:

PCAOB Standard No. 5 considers the audits of financial statements and internal control as being integrated.

Answer 50

True - duh

Question 51

The lack of effective anti fraud programs is considered at least a significant deficiency. True or false

Answer 51

true fosho

Question 52

n an integrated audit, tests of controls need only be performed to determine that internal control is effective as of year-end for both the audit of the financial statements and the audit of internal control. True or False

Answer 52

False - Duh

Question 53

The “as of” date relating to an audit of internal control is the date on which audit procedures are completed. True or false?

Answer 53

Falsey

Question 54

A required part of management’s assessment process is appropriate documentation of internal control through flowcharts and walk-throughs. - True or false?

Answer 54

False

Question 55

A control deficiency that is less severe than a material weakness yet important enough to merit attention by those responsible for oversight of the financial reporting process is:

Answer 55

significant deficiency.

Question 56

Effective internal control ordinarily involves a combination of both preventive and detective controls. - true or false?

Answer 56

truth

Question 57

Tests of design effectiveness ordinarily do not include reperformance of the application of controls.

Answer 57

True

Question 58

Walk throughs must be performed each year for each major classification of transactions. True or Falsizzy?

Answer 58

Falsizzy

Question 59

A material weakness involves more than a remote likelihood that what size misstatement will not be prevented or detected?

Answer 59

material - dug

Question 60

The internal control provisions of the Sarbanes-Oxley Act of 2002 apply to which companies in the United States:

Answer 60

SEC registrants.

Question 61

Which is correct concerning the level of assistance auditors may provide in helping management with its assessment of internal control?

Answer 61

Only very limited assistance may be provided.

Question 62

Walk-throughs provide evidence that helps auditors to:

Answer 62

evaluate design effectiveness of controls.

Question 63

Reconciliation of cash accounts by a competent individual otherwise independent of the cash function might make the likelihood of a significant misstatement due to a control deficiency being detected to be remote. Reconciliation may be referred to as what type of control?

Answer 63

Compensating

Question 64

An account is significant if there is at least a

Answer 64

remote likelihood that it could contain more than inconsequential misstatements.