Chapter 20

Question 1

Define Assurance Services

Answer 1

are independent professional services that improve the quality of information or its context for decision makers

Question 2

AICPA’s Assurance Standards Executive Committee does what?

Answer 2

Identifies emerging trends and market needs for assurance

Develops related assurance methodology guidance and tools

Question 3

Assurance services are less broader when compared to attestation services. True or False?

Answer 3

False -
Assurance services encompass attestation services but can be broader than attestation services, sometimes involving analyzing data/putting them in a form to facilitate decision making

Question 4

Define attestation services

Answer 4

Attestation services are engagements to issue an examination, review, or agreed-upon procedures report on the subject matter asserted by another party against some suitable criteria

Question 5

All assurance services must issue a report

Answer 5

Assurance services may/may not issue report

Question 6

What new assurance services are currently being developed?

Answer 6

• Continuous auditing

- Assurance on system reliability

Question 7

Why is there demand for assurance services?

Answer 7

Reduce information risk for outside parties and enable the company to contract at more favorable terms/reduce contracting costs. Also, Information technology has created a broad range of instantaneous online information, significantly increasing certain demands and changing expectations of information users

Question 8

See slide 5 for Selected Characteristics of Assurance Services

Answer 8

Slide 5 picture

Question 9

What are most assurance services performed in accordance with?

Answer 9

Most are performed in accordance with AICPA’s Statements on Standards for Attestation Services

Question 10

Define an Attestation Service

Answer 10

Engagements to issue an examination, review, or agreed-upon procedures report on subject matter, or an assertion about subject matter, that is the responsibility of another party based on some suitable criteria

Question 11

What are examples of “subject matter”?

Answer 11

historical or prospective performance or condition, physical characteristics, historical events, analyses, systems or processes, or behavior

Question 12

See slide 3 for relationship between Assurance and Attestation services

Answer 12

slide 3

Question 13

Suitable criteria on attestation services should be

Answer 13

Suitable Criteria should be objective, complete, relevant, and permit reasonably consistent measurements. May come from regulatory agencies, management/industry groups, contract terms – but must be clear and have these characteristics

Question 14

The report from an attestation servicecan be on either

Answer 14

• The subject matter itself (In our opinion, management has maintained effective ICOFR based on COSO), or
• The assertion about the subject matter (In our opinion, management’s assertion that it maintained ICOFR appears reasonable based on COSO)

Question 15

See slide 7 for Relationships Among Terms Used in Attestation Engagements

Answer 15

Slide 7

Question 16

What is an Assertion?

Answer 16

declaration about whether the subject matter is presented in accordance with suitable criteria

Question 17

Basic characteristic of Examinations, a type of attestation engagement:

Answer 17

• Select from all available procedures to gather evidence
• Highest level of assurance CPAs provide (positive assurance)
• Attestation risk at low level
• General-use report (unless criteria are agreed upon or only available to specified parties)

Question 18

Materiality May be difficult to determine as subject matter may not be financial
To determine, one should try to

Answer 18

-Analyze likely needs of intended users,

Consider the extent and nature of misstatements of the subject matter that would be significant to user decisions

-May use quantitative and/or qualitative factors

Question 19

the risk that practitioners will unknowingly fail to appropriately modify their report on subject matter that is materially misstated (like audit risk)
is known as

Answer 19

Attestation Risk.

Like audit risk, it consists of:

• Inherent risk
• Control risk
• Detection risk

Question 20

Basic characteristic of Agreed-Upon procedures, a type of attestation engagement:

Answer 20

Procedures agreed upon by specified parties

List of procedures and related findings

Restricted-use reports

Question 21

When it coms to Assurance on Internal Control over Financial Reporting, who is required to have internal controls audited by Federal Deposit Insurance Corporation (FDIC)?

Answer 21

Financial Institutions with over $500 million in assets

Question 22

True or False? For public companies, the assurance on ICOFR is optional for an integrated audit.

Answer 22

False - Public companies—Required as a part of the integrated audit covering financial statements and internal control

Nonpublic Companies—Have the option of having a similar integrated audit

Question 23

Basic characteristic of Reviews, a type of attestation engagement:

Answer 23

0Limited procedures (inquiries and analytics)

• Limited/negative assurance
• Attestation risk at moderate level
• General-use report (unless criteria are agreed upon or only available to specified parties)

Question 24

What are two types of Prospective Financials?

Answer 24

Financial Forecasts and Financial Projections

Question 25

Difference between Financial Forecasts and Projections.

Answer 25

Forecasts: Present entity’s expected results based on current assumptions. for general use

Projections: Present expected results, given one or more hypothetical assumptions. Use should be restricted to the party with whom company is negotiating

CPAs may be engaged to perform an examination or agreed-upon procedures, but not a review!

Question 26

Steps for Examinations of Prospective Financial Statements

Answer 26

1. Practitioners gather evidence relating to the client’s procedures for preparation of the statements
2. Evaluate the underlying assumptions
3. Obtain a written representation letter from the client
4. Evaluate whether statements are in conformity with AICPA guidelines

Question 27

Whilst Reporting on Prospective Financial Statements,

Answer 27

• Report on subject matter
• States whether the statements are presented in conformity with AICPA guidelines
• Whether underlying assumptions provide a reasonable basis for the statements
• Does not vouch for the achievability of the forecast or projection
• In a projection report, must also add restricted use paragraph and explicitly state the hypothetical assumptions in the opinion

Question 28

Management required to provide narrative explanation of financial results as part of 10-K and 10-Q - True or false?

Answer 28

True. Practitioner must have audited the most recent financial year to which MD&A applies. Practitioner may examine or review

Question 29

Type 1 and 2 assurance differences:

Answer 29

1. Attesting to an entity’s compliance with specified requirements of laws, regulations, rules, contracts, or grants
2. Attesting to the effectiveness of an entity’s internal control over compliance with specified requirements

Once again, CPAs may be engaged to perform an examination or agreed-upon procedures, but not a review!

Question 30

IT has created great reliance on technology-enabled systems (e.g., to maintain information, to produce products and services, to interact with customers and suppliers, to run portions of the business) – as a result, system reliability is a major concern to all stakeholders. In response, CPAs have developed a set of Trust Services:

Answer 30

• Jointly developed by the AICPA and the Canadian Institute of Chartered Accountants (CICA)
• Set of professional attestation and advisory services to address risks and opportunities of IT-enabled systems and privacy programs
• Intended to address user and preparer needs regarding issues of security, availability, processing integrity, online privacy, and confidentiality within e-commerce and other systems
• Help companies differentiate themselves and emphasize their awareness and addressing of IT risks
• Practitioner examines system controls and attests to system reliability
• Many future opportunities for the profession along this path

Question 31

What two things does the practitionaer do in trust services?

Answer 31

1.

Question 32

Objective of an examination or review of MDA is to see if

Answer 32

1) the presentation includes, in all material respects, the required elements of the rules and regulations adopted by the SEC;
(2) the historical financial amounts included in the presentation have been accurately derived, in all material respects, from the entity’s financial statements; and
(3) the underlying information, determinations, estimates, and assumptions of the entity provide a reasonable basis for the disclosures contained in the presentation.

Question 33

What two things does a practitioner do when performing trust services?

Answer 33

1. performs procedures to determine that management’s description of the system is fairly stated, and
2. obtains evidence that the controls over the system are designed and operating effectively to meet the Trust Services Principles and Criteria—the suitable criteria required for an attest engagement

Question 34

Principles and Criteria used in Trust Services

Answer 34

Principles:

1. Security
2. Availability
3. Processing Integrity
4. Confidentiality
5. Privacy

Criteria for each principle:

1. Policies
2. Communications
3. Procedures
4. Monitoring

Question 35

Similarities between webtrust and systrust

Answer 35

• assurance is provided on management’s assertion relating to the principles
• Designed to incorporate a seal management process. Seal (logo) included on a client’s website as electronic representation of the report. Engagement must be updated at least annually to use the seal. Initial reporting period must include at least two months

Question 36

Difference between WebTrust and SysTrust

Answer 36

WebTrust - Assurance on electronic commerce systems

SysTrust - Assurance on any system

Question 37

A future assurnt service may be

Health Care Performance Measurement. Further explain.

Answer 37

health care recipients and employers increasingly concerned about quality and availability of health care services. This service provides assurance over the effectiveness of health care services provided by health maintenance organizations, hospitals, doctors, and other providers

Question 38

What are SOC Reports?

Answer 38

Service Organization Control (SOC) Reports - Service Organizations provide outsourced data processing services (e.g., cloud computing services, payroll processing services, information security services, information system services)

Question 39

SOC 1,2, and 3 arethree different CPA Reports on Service Organization Controls (SOC). Define SOC 1

Answer 39

Restricted use reports on controls at a service organization that are relevant to a user entity’s internal control over financial reporting.

Question 40

A future assurance service may be continuous auditing. What is this?

Answer 40

Demand is increasing for assurance beyond a quarterly and annual financial statement basis, especially as companies provide more and more up-to-date/real time information on their websites. This would rovides assurance using a series of reports provided simultaneously or shortly after the related information is released.
These services are anticipated to be grow dramatically in the coming years

Question 41

SOC 1,2, and 3 arethree different CPA Reports on Service Organization Controls (SOC). Define SOC 3

Answer 41

General use SysTrust reports related to security, availability, processing integrity, and/or privacy to meet Trust Services criteria

Question 42

With increasing age 65+ individuals, the AICPA and CICA developed these services with the goal of helping older senior citizens maintain their lifestyle and financial independence for as long as possible

Answer 42

PrimePlus/ElderCare Services.

Target markets are
Older clients of CPAs,
Children of older adults, and
Other professionals that deal with older adults (e.g., lawyers, health care professionals)

Question 43

SOC 1,2, and 3 arethree different CPA Reports on Service Organization Controls (SOC). Define SOC 2

Answer 43

Restricted use reports on controls at a service organization that related to security, availibilty, processing integrity, privacy, and/or confidentiality.

Question 44

What is XBRL, one of the more prominet future assurance services?

Answer 44

XBRL (eXtensible Business Reporting Language)

• International information format designed for business information
• Assigns unique electronically readable tags to all individual disclosure items within business reports
• Major benefits in preparation, analysis, and communication of business information in a cost-effective, reliable manner
• AICPA’s XBRL Assurance Task Force is in process of developing guidance for CPAs to provide assurance on XBRL-Related Documents

Question 45

Financial PrimePlus/ElderCare Services include

Answer 45

Goal setting, funding analysis, cost management, and needs assessment. Nonfinancial would be Interpersonal and relationship management,
Management of interaction between service providers and client

Question 46

Basic summations of SOCs

Answer 46

SOC 1 - Controls related to ICOFR

SOC 2 - Controls related to security/privacy/integrity/etc

SOC 3 - Systrust reports