Chapter 6: Professional Responsibilities, Audit Documentation, IT Audit, and Government Auditing Flashcards

1
Q

what are six principles of the AICPA code of professional conduct?

A

The 6 principles (articles) of the Code of Conduct are:

  1. Responsibilities
  2. Public interest
  3. Integrity
  4. Objectivity and independence
  5. Due care
  6. Scope and nature of services
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Under the AICPA Code of Professional Conduct, Rule 101, independence is impaired:

A
  1. if a member has a DIRECT financial interest with attestation clients without regard to materiality
  2. if a member has a material INDIRECT financial interest in the client
  3. if a member or a member’s immediate family member has a loan to or from the client
  4. if a members accepts more than a token gift
  5. if a member is an employee of or makes management decisions on behalf of the client
  6. if the client is overdue more than one year in the payment of professional fees to the member
  7. if there is actual or threatened litigation between the member and the client
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

According to AICPA Code of Professional Conduct, Rule 203, a departure from GAAP may be justified under what circumstance?

A

a departure from GAAP may be justified only if compliance with GAAP would cause the financial statements to be misleading

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Under Rule 301, in what circumstances must a CPA disclose confidential client information without the consent of the client?

A

A CPA must disclose confidential information without client consent under the following circumstances:

  • It is necessary to comply with a valid subpoena or summons
  • As part of a quality review of the CPA’s professional practices authorized by the AICPA
  • in response to any inquiry made by the ethics division or the trial board of the AICPA, or by a duly-constituted investigative body of a state CPA society
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

When are contingent fees prohibited under Rule 302?

A

Contingent fees are prohibited for:

  • audits of financial statements
  • reviews of FS
  • examination of prospective financial information
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

what is an “issuer” and what group establishes standards for audit reports of issuers?

A
an issuer is an entity subject to the rules of the SEC (this would include primarily public companies)
The PCAOB (Public Company Accounting Oversight Board) establishes standards for audit reports of issuers.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Title I of the Sarbanes-Oxley Act of 2002 (SOX) requires that registered firms must adhere to what auditing standards?

A
  • Audit workpapers must be maintained for seven years
  • A concurring or second partner review is required for each audit report
  • the audit report must describe the scope of the testing of the issuer’s internal controls
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Under SOX Title II, what services must be preapproved by the auditor committee and what services may not be provided to an audit client?

A

all auditing services and permitted non-audit services (including tax services) must be pre-approved by the audit committee.

Prohibited services include:
bookkeeping
financial information systems design and implementation
appraisal and valuation services
actuarial services
management functions and HR functions
internal audit outsourcing services
investment-related services
Legal services
expert services unrelated to the audit
(SEC Regulation S-X contains same rules)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

what are the audit partner rotation rules under SOX Title II and SEC Regulation S-X?

A
  • both SOX and Regulation S-X require the lead and concurring partner to rotate off the audit every five years
  • regulation S-X further requires other partners to rotate off every seven years. Lead and concurring partners are subject to a five-year “time out” and other partners are subject to a two-year “time out”
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

what must be reported by the auditor to the audit committee under SOX Title II and SEC Regulation S-X?

A
  • critical accounting policies and procedures used
  • alternative accounting treatments discussed with management, the ramifications of alternatives, and the treatment preferred by the auditor
  • material written communications between the auditor and management
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

what is the required cooling-off period under SOX Title II and SEC Regulation S-X?

A

the audit firm cannot have employed an issuer’s CEO, CFO, controller, CAO, or other employee in a financial reporting oversight role during the one year preceding the audit

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

what is the required content of management’s internal control report under SOX Title IV?

A
  • management’s responsibility for establishing an adequate internal control structure for financial reporting
  • an assessment of the effectiveness of the current year’s control structure
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

what are the PCAOB’s tax-related independence rules?

A
  • registered firms may not provide confidential or aggressive tax transactions to audit clients
  • registered firms may not provide tax service to corporate officers of audit clients or their immediate family members
  • audit committee must pre-approve tax services and related fees
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

under the SEC’s principles of independence, a client relationship or a service provided to an audit client would create independence issues if it:

A
  • creates a mutual or conflicting interest between the auditor and client
  • results in the auditor acting as management or an employee of the audit client
  • places the auditor in a position of auditing his or her own work
  • makes the auditor an advocate for the audit client
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Explain the conceptual framework approach under IFAC’s Code of Ethics and identify threats to compliance with its fundamental principles

A

IFAC’s Code is based on a conceptual framework (versus a set of rules) that requires entities to identify, evaluate, and address threats to compliance with its fundamental principles. These threats include:

  • Self-interest threat
  • self-review threat
  • advocacy threat
  • familiarity threat
  • intimidation threat
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

How long must audit documentation be retained for issuers and nonissuers?

A

PCAOB rules require that auditors retain audit documentation of public companies (issuers) for 7 years from the report release date

SAS rules require that auditors keep audit documentation for nonissuers for at least 5 years from the report release date

the report release date is the date on which the auditor gives the client permission to use the report (often the date the report is delivered to client)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

What are the advantages and disadvantages of auditing with a computer?

A

Disadvantages:
- audit documentation may not contain readily-observable details of calculations

Advantages:

  • less math errors due to automatic performance of math on all documents
  • automatic cross-referencing of amounts by linking each lead schedule to the working trial balance and financial statements
  • automatic preparation of financial statements, tax return schedules, and consolidating schedules
  • reduction in required supervisory review time
  • automatic performance of certain analytical review procedures
  • enhanced client service
  • Improved morale and productivity for audit team
18
Q

Describe “auditing around the computer” and identify when it is appropriate and not appropriate

A

when auditing around the computer, the auditor does not directly test the application program, but instead tests the input data, processes the data independently, and then compares the independent results to the program results

This method is appropriate for simple batch systems that have a good audit trail. Auditing around the computer is not appropriate when there is insufficient paper-based evidence

19
Q

List and briefly define the types of computer assisted audit techniques (CAATs) that may be used

A
  • Transaction tagging - electronically marks specific transactions
  • Embedded audit modules - sections of program code collect data for the auditor
  • Test data - use of the client’s system to process the auditor’s data off-line
  • Integrated test facility - use the client’s system to process auditor’s data, online
  • Parallel simulation - use of the auditor’s system to reprocess client data
20
Q

in conducting an audit of an organization receiving federal financial assistance, what additional audit procedures must be performed in addition to the general requirements of GAAS and GAGAS?

A

Those procedures performed under GAAS and GAGAS plus:

  • the auditor should obtain and document an understanding of internal control established to ensure compliance with the laws and regulations applicable to the federal financial assistance
  • in some instances, tests of controls are mandated to evaluate the effectiveness of such controls.
21
Q

audits of governmental entities may draw on up to 3 sets of standards or supplementary requirements. What are they and what are the circumstances that surround their application?

A

Generally Accepted Auditing Standards (all audits)

Generally Accepted Government Auditing Standards (Yellow Book audits): auditee is a government, or receives financial assistance from the government

OMB Circular A-133 (Single Audits of Federal Financial Assistance): an entity expending more than $500K in federal financial assistance annually

22
Q

Identify the additional auditor responsibilities associated with government audits under GAGAS

A
  • Obtaining an understanding of how laws, rules, and regulations relate to financial statement amounts
  • assessing the degree to which management has identified laws, rules, and regulations that have a material impact on financial statement amounts
  • obtaining reasonable assurance that financial statements are free from material misstatements resulting from violations of laws, rules, and regulations associated with the determination of financial statement amounts
  • communication to management, as appropriate, that GAAS procedures alone will not fulfill additional audit requirements related to an audit of a government or of governmental assistance.
23
Q

identify the 3 types of governmental audits/engagement normally undertaken by CPAs

A
  1. Financial audits: engagements primarily designed to determine the fair presentation of financial statements in conformity with GAAP or an OCBOA. Financial audits also include audits of specified elements of the financial statements
  2. Attestation engagements: examinations, reviews, and agreed upon procedures, etc.
  3. Performance audits: effectiveness, economy and efficiency audits, internal control and compliance audits
24
Q

in concluding an audit of an organization under GAGAS, what audit documentation, in addition to that required by GAAS, must also be included?

A

Internal control documentation must include:

  • Consideration of procedures that ensure the auditee’s compliance with laws, rules, and regulations
  • written representations from management with regard to management’s identification of material laws, rules, and regulations; management’s responsibility for ensuring compliance with laws, rules, and regulations; and management’s knowledge of any violations that should be disclosed or recorded
25
Q

when reporting on a client’s internal control deficiencies and weaknesses under GAGAS, the auditor is required to perform which procedures?

A

When reporting on a client’s internal controls, the auditor must:

  • obtain an understanding of the design of relevant controls and determine whether they have been implemented;
  • communicate all significant deficiencies noted during the audit, even those that do not result in material weaknesses;
  • prepare a written report on the auditor’s understanding of the client’s internal control and assessment of control risk; (not GAAS, GAGAS only)
  • report significant deficiencies to specific legislative and regulatory bodies
26
Q

how does materiality under the Single Audit Act differ from materiality under both GAAS and GAGAS?

A

Under the Single Audit Act, materiality is considered in relation to each major program, not simply in relation to the financial statements

27
Q

what are the 2 types of requirements surrounding federal financial assistance programs?

A
  1. General requirements: involve national policy and apply to most federal financial assistance programs
  2. Specific requirements: apply to a particular federal program and generally arise from statutory requirements
28
Q

Material instances of noncompliance include:

A
  • failure to follow requirements

- violations of rules contained in statutes, regulations, contracts, or grants

29
Q

Discovery of illegal acts requires specific written communication under different circumstances.
Which parties may be notified?

A

Any of the following may be notified of illegal acts:

  • top officials of entity
  • appropriate oversight/governance bodies
  • officials of the entity’s audit organization
30
Q

Under what circumstances must discovered instances of fraud or other illegal acts be communicated directly to the applicable federal Inspector General?

A
  • Management fails to disclose the discovered illegal action to the grantor
  • Management does not take appropriate remedial action
31
Q

what are the 4 reports recommended under the Single Audit Act?

A
  1. Opinion on financial statements and supplementary schedule of expenditures of federal awards
  2. Report on compliance and on internal control over financial reporting based on a financial statement audit
  3. Report on compliance and on internal control over compliance applicable to each major program
  4. Schedule of findings and questioned costs
32
Q

which laws and regulations need to be considered by the auditor in a government audit?

A

the auditor must consider the effects of laws and regulations that have a direct and material effect on the determination of amounts in the entity’s financial statements

33
Q

what are the specific requirements for an auditing firm relative to quality reviews of their government audits?

A

external quality reviews must be conducted every 3 years and a copy of the review report must be provided to the auditee

34
Q

identify the additional management responsibilities associated with government audits

A
  • Identification of applicable laws and regulations with compliance requirements
  • establishment of internal controls to provide reasonable assurance that the entity complies with those laws and regulations
  • preparation of supplementary financial reports, including a “Schedule of Expenditures of Federal Awards”
  • obtaining an audit that satisfies relevant legal, regulatory, or contractual requirements
35
Q

what are the objectives of a single audit?

A
  • audit of the entity’s financial statements and reporting on a separate schedule of expenditures of federal awards
  • compliance audit of federal awards expended during the year, as a basis for issuing additional reports on compliance and on internal control over compliance for major programs
36
Q

Control evaluations made for purposes of performing an audit in accordance with the Single Audit Act are made in relation to individual compliance areas applicable to each major program. Such evaluations are limited to compliance requirements that could have a direct and material impact on major programs and include what requirements?

A
  1. Tests of controls must be performed to evlauate the effectiveness of the internal control (unless the control is deemed to be ineffective)
  2. Controls deemed to be ineffective result in expanded procedures including:
    a. Assessment of control risk at the maximum
    b. consideration of the impact of weak controls on substantive compliance testing
    c. reporting a significant deficiency (reportable condition) or material weakness as an audit finding
37
Q

material noncompliance with the requirements of major federal financial assistance programs results in what type of opinion on compliance?

A

Qualified (except for) or adverse opinions on compliance will be rendered in the event of discovery of material reportable instances of non compliance

38
Q

List the ethical principles under GAGAS

A
  1. serving the public interest
  2. integrity
  3. objectivity
  4. proper use of governmental information, resources, and positions
  5. professional behavior
39
Q

list the 2 general characteristics of independence under GAGAS

A
  1. Independence of mind

2. Independence in appearance

40
Q

what are the 4 steps in the evlautation of auditor independence under GAGAS?

A
  1. identification of threats to independence
  2. evaluation of the significance of threats identified both individually and in the aggregate
  3. application of safeguards necessary to eliminate threats to reduce them to an acceptable level
  4. conclude if safeguards are adequate to eliminate or appropriately reduce threats
41
Q

List the seven different threats to auditor independence under GAGAS

A
  1. Selft-interest threat
  2. self-review threat
  3. bias threat
  4. familiarity threat
  5. undue influence threat
  6. management participation threat
  7. structural threat
42
Q

Under GAGAS, the critical feature in determining whether a nonaudit service is a threat to independence is:

A

consideration of management’s ability to effectively oversee the nonaudit service to be performed. The auditor should determine:

  1. that the audited entity has designated an individual who possesses suitable skill, knowledge, or experience; and
  2. that the individual understands the services to be performed sufficiently to oversee them