Maxwell Review - AUD Flashcards
accepting the client - what is the main goal?
minimize the chance of associating with management lacking integrity
when accepting a new client, what do you need to consider?
-firm’s ability to meet deadlines
-staffing needs
-independence
-group audits
-size and complexity of the company
what are some preconditions to accepting a new client?
-assess whether applicable financial reporting framework (like US GAAP) is acceptable
-get a letter from management that recognizes its responsibilities for the audit
what are management responsibilities during an audit and when accepting a new client?
-preparation and fair presentation of the financial statements in accordance with US GAAP
-design, implementation, and maintenance of internal control relevant to the preparation and fair presentation of the financial statements that are free from material misstatement, whether due to fraud or error
-providing the auditor access to information (like employees and documents)
what are auditor’s responsibilities during an audit?
-conducting an audit in accordance with GAAS
-informing the client of deficiencies in controls
what is an engagement letter?
a document to agree to the terms of the engagement between the auditor and the company’s management
-aka the contract for the audit
what is required to be included in the engagement letter?
-the objective and scope of the audit (aka saying something like “we will audit this year’s financial statements”)
-auditor and management responsibilities
-reasonable assurance (not all material misstatements might be detected)
-identify of the applicable financial reporting framework
-expected reports to be included (like the audited financial statements)
what is optional to be included in the engagement letter?
-fees for the audit
-involvement of other auditors (component auditors or specialists)
-plan to communicate with the predecessor auditor
-any additional communications the auditor will send (like a letter on the control deficiencies)
what should be excluded from the engagement letter?
-materiality
-specific procedures
-anything that would allow the client to manipulate the audit
what is a non issuer?
a private company
what is a issuer?
a public company
what is audit documentation?
-AU C 230
-known as working papers or work papers, which are documents for performing audit test work (like an excel spreadsheet)
-they belong to the auditor, not the client
two main purposes for audit documentation
-evidence for basis of the audit report (not to support financial statements)
-evidence that the audit was conducted according to the standards being followed (like GAAS)
what should be included in the audit documentation?
-the audit documentation should allow an experienced auditor with no previous connection to the audit to understand:
-nature, extent and timing of procedures
-results of procedure and evidence
-findings and issues
-conclusions reached
what information should be included in the working papers?
-who performed the audit work
-when it was performed
-who reviewed the audit work
-when the work was reviewed
what does sufficient documentation mean?
sufficient = enough = quantity
-before the audit opinion, there will be a statement saying “we believe that the audit evidence we have obtained is sufficient AND appropriate to provide a basis for our audit opinion”
what does appropriate documentation mean?
appropriate = relevant = quality
“we believe that the audit evidence we have obtained is sufficient AND appropriate to provide a basis for our audit opinion”
quality of audit evidence includes:
-(BEST) auditor’s direct observation (inventory observation)
-obtained directly from external parties (confirmations)
-prepared by external party then given by company (bank statements)
-(WORST) prepared by the client (trial balance)
what does nature, extent, and timing of procedures mean?
nature = what kind of test?
-ex: to test AP, we are going to perform a search for unrecorded liabilities
extent = how much testing?
-ex: do we need to test 20 invoices or 40?
-it’s possible to over audit a company
timing = should we perform year end test work or interim test work?
-depends on how reliable the company’s accounting system is (the more reliable, the more interim procedures we can perform)
what does it mean when there is a current file for audit documentation?
-documentation that changes every audit (only applies to the current year)
-ex: financial statements, working trial balance, confirmations, representation letters, attorney’s letters, bank statements
what does it mean when there is a permanent file for audit documentation?
-the documentation that applies to multiple years
-ex: debt agreements, company bylaws, stock certificates
what are audit tick marks?
tick marks can save the auditor time and space by explaining procedures performed in one centralized location
-have a legend to show what each symbol means
what is the working trial balance for?
-at the beginning of the audit, the client will give the auditor a TB to show the ending balance of every account and accounting records
-TB given to the auditor will be the unadjusted balance
-while the auditor is going the test work, they will see if they need to do any reclass (changes one balance sheet balance for another balance sheet balance) or adjusting (affects NI and RE) entries
-then we get an adjusted balance that shows up on the year end financial statements
what is the max number of days in which a nonissuer’s auditor should complete the assembly of the final audit file following the report release date?
60 days
what is the max number of days in which an issuer’s auditor should complete the assembly of the final audit file following the report release date?
45 days
quality control key elements (6)
**the extent of quality controls depends on the firm’s size, nature of the practice, and cost-benefit considerations
-HR: competent recruitment, proper job roles, training
-client acceptance: avoid management lacking integrity
-leadership responsibility: tone at the top
-high level of performance: supervising, confidentiality of client info
-monitoring: peer review, wrap-up review, documenting and correcting errors
-ethical behavior: independent in fact and appearance
what is a peer review?
-implemented to check whether auditing firms are performing audits in accordance with auditing standards
-one CPA firm reviews another CPA firm every 3 years (AICPA members)
-after the review, a report is issued with the findings and conclusions
what is an audit strategy?
-a written document that outlines the scope of an audit, the objectives, timing, communications, preliminary materiality, high risk areas, planned resources, deliverables
-this is a high level strategy for the audit, no details
what questions do you ask in an audit strategy?
-do we need any specialists?
-do we need more staff?
-when does the client expect the finalized financial statements?
-should we do year end or interim testing?
-how many hours are we budgeting for the audit?
what is an audit plan?
-outlines the nature, extent, and timing of procedures
-is based off the audit strategy
-detailed plan for the audit
-required to be written
-need to include risk assessment
-need to have a list of the audit procedures and tests of controls
-roadmap for the audit
what are analytical procedures?
-we are required to perform analytical procedures in the planning phase
-part of the risk assessment process
-ex: ratio or trend analysis
understanding the client’s business and it’s industry - an overview definition
-no prior experience with the client’s business (entity) or its industry is required to accept a client
-after accepting, though, the auditor must understand both the client’s business and its industry
ways to understand the client’s business:
-take a tour of the business
-review prior year financial reports of the company
-learn about the client’s accounting approach
-inquire with the client personnel
ways to understand the client’s industry:
-review common industry guidelines
-review revenue recognition standards
how do you understand internal controls?
-for any audit, we are required to obtain an understanding of the company’s internal controls
-helps us to understand the business and perform risk assessment
-involves looking at the design (layout of the system and steps involved) and implementation (is this control actually being followed?) of internal controls
-does not involve testing the internal controls for operating effectiveness
when do we need to test internal controls for their operating effectiveness?
optional but if we want to rely on the controls, then we need to test (set control risk below high is an example of when testing would occur)
how do you document internal controls?
-flowcharts: symbolic charts to show the flow of controls
-questionnaire: a yes/no list with explanation of no answers
-narratives: a written description of the controls
what is the predecessor auditor?
-the prior auditor (so successor is the current/new auditor)
-if you are new to an audit (successor), then you must attempt communication with the predecessor
-you need to request permission from the client to communicate with the predecessor auditor (they don’t have to respond but you have to attempt communication)
the predecessor auditor should inquire about:
-management integrity
-accounting disagreements with management
-reasons for change
-fraud and noncompliance
-related parties and significant unusual transactions
changing from an audit to a lower level engagement:
-you can change from a audit to a review/compilation, or a review to a compilation
-the key is that you’re moving to a lower level engagement
-before changing, understanding the: reasons for request, effort required, and additional cost
-don’t refer to the original engagement in the audit report
when to consider withdrawing from an engagement:
-withdraw when there is a serious scope limitation
-ex’s: client refuses to allow correspondence with legal counsel, client wants to change level of engagement without a justified reason, client refuses to sign management representation letter
engagement partner responsibilities
-the engagement part is the ultimate person responsible for the audit
-responsible for: planning the audit, compliance with auditing standards, supervising the engagement team members
what should you do during the first year of auditing a company?
-review the predecessor auditor’s audit documentation
-perform specific audit procedures to obtain evidence regarding the opening balances
-beginning balance sheet accounts are important to verify (if beg balance is $10K, verify that to confirm ending balance will be accurate)
using the work of others - internal auditors
-an internal auditor (IA) is a company’s internal employee that performs internal audits
-they help better understand the company and reduces the amount of work the external auditors must perform
-they are not independent
-no judgements or estimates can be shared with IA
-they can help with any part of the audit
-best to use IA for areas with low estimates and complexity
-if the IA helps with a high risk area, the external auditor must not solely rely on their work
-the external auditor should always review work performed by the IA
-external auditor is the ultimate party responsible
-external auditors must test the IA’s competence and objectivity
internal auditor’s competence includes:
-the internal auditor’s abilities
-educational level and professional experience
-reviews the quality of the internal auditor’s working paper documentation
-looks at internal auditor’s compliance with professional standards
internal auditor’s objectivity includes:
-considers the company’s policies and organizational structure that limit internal auditor’s access
-asks the question, who does the internal auditor report to?
using the work of others - a specialist
-someone with special skills
-used when auditor believes that it is desirable or necessary
-the auditor doesn’t refer to the specialist’s work in the auditor’s report
-if the opinion is modified (adverse, qualified) due to the specialist’s work, then it’s optional to include reference to the specialist in the report
-if the auditor mentions the specialist in the auditor’s report, then the auditor must clarify that the specialist’s work does not reduce the auditor’s responsibility
-doesn’t have to be independent (they can have a relationship with the client)
with the work of a specialist, the external auditor should:
-assess the specialist’s experience
-understand the major methods and assumptions
-understand the objectives and scope of the specialist’s work
-evaluate the specialist’s work
using the work of others - IT auditor
-not considered a specialist
-must be independent
-considered a member of the engagement team
-must assess the impact of IT on the entity
-can use an IT auditor at any point during the audit
-work is reviewed by the engagement parter
what is a group audit?
-the audit of financial statements that contain the information of more than one component
-common ex: a parent company with multiple subsidiaries (group = parent, component = subs)
what does the group auditor do for a group audit?
-auditor responsible for the main financial statements
-review the component auditor’s work
-only allowed to mention the component auditor if the group auditor is not is not taking responsibility for the component auditor’s work
-if the group auditor mentioned the component auditor, then the group auditor states the component that was audited by the component auditor, along with the size of the component relative to the overall company
using the work of others - component auditor
-involves group audits and group auditors
-component auditor performs work for a component of an auditor (can be part of the group auditor’s firm or be completely unrelated)
-all auditors must be independent
-must assess the impact of IT on the entity
example of a group audit/component auditors
-parent company: disney –> audited by group auditor and firm with ultimate responsibility (deloitte)
-subsidiary: parks –> audited by a component auditor (EY)
-subsidiary: media –> audited by a component auditor (KPMG)
audit risk formula
inherent risk * control risk * detection risk
risk of material misstatement formula
inherent risk * control risk
what is quantitative risk
numbers
what is qualitative risk
words
inherent risk
-nature of the account or transaction
-the risk of an account before considering any internal controls are implemented
-high risk = more likely to contain a material misstatement
-considers complexity, estimates, volumes of transactions
control risk
-the risk that the company’s controls will not catch the misstatement in a timely manner
-assess as high if there is no operating effectiveness (meaning we test the controls and deem them as ineffective, or, we do not test the controls)
detection risk
-the risk that the auditors will not catch the misstatement
-only area the auditor has control over
-the auditors raise/lover detection risk through altering the nature, extent, and timing of audit procedures
-RMM increases, detection risk decreases (and vise versa)
what is audit risk?
-the risk that a material misstatement makes it onto the financial statements
-the company and auditors don’t detect the errors
financial statement level risks
-risks that apply to the financial statements as a whole
-risks pervasive to the entire company
-ex: management override, hiring a new CFO
assertion level risks
-risks applying to specific transactions, account balances, and disclosures
-transactions –> income statement items
-account balances –> balance sheet items
-disclosures –> footnotes
significant risks
-an item that not only has high inherent risk but is at the highest spectrum of inherent risk
-focuses on probability of a misstatement and whether a misstatement would be material
-every audit has at least one significant risk
-you can have a high inherent risk that is not significant (but can’t have a significant risk that is not high inherent risk)
-communicate significant risks to those charged with governance, verbally or in writing
-require test of details
factors to consider with significant risks
-risk of fraud
-complexity of transactions
-significant related party transactions
-amount of subjectivity
-significant unusual transactions
responses to risk
-each risk requires a response
-the higher the RMM, the greater the nature, extent, or timing of procedures
-substantive analytical procedures offer less assurance than a test of details does
-if an account balance, transaction, or disclosure is material, even if RMM is low, we are required to perform substantive procedures
-if fraud risk is present, test of details is required
-test of controls is necessary is the substantive procedure is not enough to support the audit opinion
fraud risk
-fraud: an intentional act involving deception
-different from an error because it’s intentional
-two types: fraudulent financial reporting, misappropriation of assets
fraudulent financial reporting fraud risk
-intentionally misstating the numbers
-has a larger financial impact than misappropriation of assets
-typically by upper management
misappropriation of assets fraud risk
-theft of assets
-typically by lower level employees
fraud triangle
-incentive: reason to commit fraud
-opportunity: a weak point in the company’s controls
-rationalization: justifying behavior
where is fraud normally mentioned in the auditor’s report?
-management’s responsibility for the financial statement
-auditor’s responsibility
auditing for fraud (AU-C 240)
-as auditors, theyre only concerned with how the fraud affects the financial statements
-any fraud is considered material
-auditors should always maintain an attitude of professional skepticism
-always considered a significant risk (management override of controls, overstatement of revenue)
-responding to risk of management override of controls (look at JE, review accounting estimates, review significant unusual transactions)
-auditors should inquire with the management and other employees (conduct fraud interviews)
-analytical procedures help to identify fraud risks
-report fraud one level above where the issue is
substantive procedures
-any kind of audit procedure that is not a test of controls
-includes both the test of details and analytical procedure
confirmations - type of test of details
-confirming a client’s assets
-ex: sending bank confirmations
observation - type of test of details
-viewing a process
-ex: observing a client’s inventory count
recalculation - type of test of details
-verifying that the auditor’s amount agrees to the client’s amounts
-ex: gain recalculation
reperformance - type of test of details
-reperforming a process to ensure the client performed it correctly
-ex: reperforming a bank rec
inspect assets - type of test of details
-looking at a client’s assets
-ex: inspecting a client’s fixed assets
inspect documents - type of test of details
-looking at a client’s documents
-ex: inspecting invoices for AP
substantive analytical procedure - type of substantive procedure
-using analytical procedures as a substantive procedure
-consider both financial and non financial data
-set expectations and compare that to actual results
analytical procedures
-ratio analysis, trend analysis, etc
-three parts: 1. required in pre audit phase: preliminary analytics in the planning phase; 2. optional in the audit test work: substantive analytical procedures; 3. required in the post audit phase: overall review analytics
test of details
-looks at the source of a balance
-how can I verify/corroborate what the client tells me?
-confirming, observing, recalc/reperform, inspecting
tracing vs vouching
-tracing/matching documents: tests for completeness (source document to financial records)
-vouching: tests for existence (financial records to source documents)
test of controls
-must understand a company’s internal controls (design and implementation)
-test controls to evaluate their operating effectiveness so we can rely on controls
-test to decrease control risk and increase detection risk
-test when substantive procedures don’t properly address a risk of material misstatement
four types of test of controls
-reperformance
-inspection
-inquiry
-observation
-once tests are over, the auditor will either rely (when effective) or not rely (not effective = high control risk) on the controls
materiality
-looking for a material misstatement, which are misstatements that will influence users of the financial statements (owners, investors, creditors)
-def. by FASB: the omission or misstatement of an item in a financial report is material if, in light of surrounding circumstances, the magnitude of the item is such that it is probable that the judgment of a reasonable person relying upon the report would have been changed or influenced by the inclusion or correction of the item
-establish materiality in planning phase, yet we can raise or lower it through the audit (considering both quantitative and qualitative factors)
materiality at two levels
-financial statements as a whole
-transactions, account balances, and disclosures
materiality benchmarks
% of revenue
% of total assets
-they track the size of a company and how much activity it has
factual - type of misstatement
-no doubt about the misstatement
-supporting documentation is available
-ex: the company omitted an invoice from its AP balance
judgmental - type of misstatement
-misstatement due to judgments (accounting estimates)
-ex: the company’s allowance for doubtful accounts balance is too low
projected - type of misstatement
-projecting the errors in a sample onto the population
-ex: we selected 10 invoices out of 100 and discovered a $10,000 misstatement; therefore, we project that in the entire population there is a $10,000 misstatement
performance materiality
-we provide reasonable assurance, not absolute
-we aren’t testing 100% of the company
-amount less then overall materiality (materiality at the financial statement level)
-to reduce the chances that the aggregate of the misstatements we haven’t detected exceeds materially as a whole, calculate 50-75% of overall materiality
-for a low risk client, choose a higher threshold (high risk, low threshold)
tolerable misstatement
-materiality for each area of a company
-calculated by applying a % of performance materiality (usually 10, 15, or 20%)
-high risk (AP) = low threshold (low risk (fixed A) = high threshold)
trival/unimportant misstatement
-misstatements that are so small, we do not care about them
-found by taking a % of overall materiality
-we will not add up trival misstatements (no JE, not additional documentation)
management assertions
-claims of what is true
existence (BS) and occurrence (IS) assertion
-claim that everything is real/exists
-the balances exist; the transactions have actually occurred
-important for asset accounts
completeness assertion
-claim that everything that should have been recorded has been recorded
-nothing is left out of the financial statements
-important for liability accounts
classification assertion
-is it recorded in the correct account?
rights (A) and obligations (L) assertion
-who does it belong to?
-the company has the rights to the assets, and is required is pay obligations
cutoff assertion
-events have been recorded in the correct accounting period
-important for transactions occurring near year end
valuation, allocation, and accuracy assertion
-is it recorded for the correct amount?
understandability and presentation assertion
-are the footnotes clear enough?
what type of audit is performed for a public company (issuer)?
integrated audit (as a result of SOX)
what does an integrated audit include?
-auditing (expressing an opinion) the financial statements
-auditing (expressing an opinion) the operating effectiveness of internal control over financial reporting
what two audit repots are issued for integrated audits
-report of financial statements
-report on internal control over financial reporting
what auditing and accounting standards do issuers use
PCAOB for auditing standards
GAAP for accounting standards
when testing the controls for an issuer, what date do you use
specific date; date of audited financial statements
in a public audit, should all deficiencies be in writing?
yes, even if it’s not significant or a material weakness
audit report for issuers
-opinion
-basis for opinion
-critical audit matters
what are critical audit matters
-requirement for an issuer’s audit report
-similar to key audit matters for a private company
-use for areas that are material to the financial statements and involve challenging, subjective, complex judgements
what’s the explanatory paragraph
-any paragraph we add to the basic audit report
-there is NOT an emphasis of matter or other matters paragraphs for issuers
audit report for internal control over financial reporting
-opinion
-basis for opinion
-definition and limitation of internal control over financial reporting
modifications of opinions for internal control audit
-no qualified opinions
-a material weakness requires the auditor to issue an adverse opinion
-major scope limitations cause either disclaimer of opinion or withdrawing from the engagement
what is an interim review for a public company
-the SEC requires issuers to issue a reviewed quarterly financial statement (10Q)
-review is conducted under PCAOB and includes an evaluation of internal controls
-each page of the financials need to include the wording “unaudited”
what is an interim review for a private company
-optional review
-covered by GAAS standards
-no need to evaluate internal controls
does SOX apply to public or private companies
mainly public
what is SOX sec 404
requires public companies to have their internal controls audited
what is an audit committee
-specifically dedicated to the company’s audit process
-consists of individuals already on the board of directors
-must include at least one financial expert
-members must be independent, cannot receive consulting fees
requirements to be a financial expert (need to meet one)
-experience in internal controls
-experience in GAAP
-experience on other audit committees
-experience auditing financial statements
definition of the PCAOB
a non profit corporation that is responsible for overseeing the auditing process of public companies
what does the PCAOB do
-set new accounting standards
-inspects audits performed by public accounting firms
-provides accountability for the auditing industry
-SEC has authority over the PCAOB
governmental audits
-follows GAGAS (generally accepted government auditing standards; yellow book)
-must follow both GAAS (private) and GAGAS (government)
-accountability is important for governments
governmental audit elements
-financial statements (test and express opinion)
-internal control over financial reporting (just test, no opinion)
-compliance with laws and regulations (test and express opinion)
-internal control over compliance (just test, no opinion)
governmental audit details
-for the internal control over financial reporting testing, we present the results of the tests
-when looking at compliance issues, we may need to communicate with outside parties
-we are required to describe the scope of the auditor’s testing of compliance with laws and regulations and internal control over financial reporting
single audits
-an audit for recipients of federal financial assistance (>$750,000)
-determined by the single audit act and 2 CFR 200
-must conform to both GAAS and GAGAS, plus additional requirements
-called “single” because we have to consider every single major program and report on it (and then set unique materiality levels for each major program)
single audit procedures
-compliance audit of federal awards for each major program (test and express opinion)
-we provide a schedule of findings and questioned costs
cash assertions when auditing cash
-existence (most important), rights and obligations, valuation allocation and accuracy, cutoff
cash risks when auditing cash
-typically a high fraud risk
-cash is stolen (misappropriation of assets)
-cash is intentionally overstated (why existence assertion is important)
-not all cash accounts are on the GL (completeness assertion)
-cash is misstated due to errors in the bank rec (valuation allocation and accuracy)
-two fraud opportunities: lapping and kiting
lapping
-misappropriation of assets (theft)
-when an employee takes a customer’s payment, then covers it up with the next customer’s payment
-steal from customer 1, use customer 2’s payment to pay off customer 1’s AR balance
-safeguards against lapping (use a lockbox, make employees take regular vacations)
kiting
-fraudulent financial reporting (misstating accounting records)
-cash is recorded in two bank accounts at once
-at the end of the year, we transfer $5,000 from account A or account B (for A, we dont record the cash disbursement and for B, we don’t record a deposit in transit) –> balance shown in two places
-safeguard against kiting by creating a bank transfer schedule
procedures for auditing cash
cash confirmations, bank recs, bank transfer schedule
cash confirmations
-assertions that confirmations test: existence, rights and obligations, valuation allocation and accuracy, completeness
-requirements for resending confirmations: send 1st confirmation, if no reply then send 2nd confirmation, if still no reply then perform alternative procedures
testing the bank rec
making sure that:
-the deposits in transit and outstanding checks clear the bank account in the next period
-there are not any old outstanding checks
-the ending cash bal is accurately calculated
steps for the bank rec
-footing the bank rec and list of outstandinf checks (does it all add up?)
-agreeing the beginning rec bal should agree to the bank statement
-verifying that the deposits in transit and outstanding checks cleared in the next month’s statement
-bank confirmation agrees to the bank statement baalnce
cash disclosures
-cash and cash equivalents
-compensating balances: bank requires the company to maintain a certain level of cash
-footnote: “we classify all highly liquid instruments with an original maturity of three months or less as cash equivalents”
directional risks with assets and liabilities
assets: tend to be overstated (higher the assets = better the company looks to investors)
liabilities: tend to be understated (lower looks better for investors)
AR and revenue assertions
-existence and occurrence, accuracy allocation and valuation, rights and obligations, cutoff
AR and revenue risks
-overstating rev is always assumed to be a fraud risk
-overstating AR
-understating allowance for doubtful accounts (this would make AR look better because this is what decreases AR bal)
-improper revenue recognition
AR and revenue procedures
-AR confirmations
-scan AR aging
-subsequent collections testing
-review uncollectibles calculation
subsequent collections testing
-for items we don’t send confirmations for or dont receive confirmation responses for
-ask for cash receipts between jan 1 of subsequent year and the audit date
-were testing whether the client received payment for AR balances or not
AR positive confirmation
-we want you to reply whether everythings correct or not
-more reliable then negative confirmations
-best for high risk, material balances
AR negative confirmation
-we only want you to respond if theres an issue
-we could assume non response is correct when there is an actual error
-best for low risk, immaterial balances
AR blank confirmations
-a type of positive confirmation
-no balance included so the recipient fills out the balance
-best for when customers may not investigate the balance if we included it
AR requirements for resending confirmations
-send 1st confirmation, if no reply then
-send 2nd confirmation, if no reply then
-perform alternative procedures
AR and revenue footnote disclosures
-rev recognition policies: how the company recognizes rev, what is included and whats excluded
-customer concentration: includes major concentrations of the companies revenues (major customers)
revenue cycle (from the perspective of the vendor - company selling the product) WATCH MAXWELL Part 2 Video - Part 2 in Section 3 whenever you see this card
- receive the PO from the customer
- convert the PO into a sales order
- approve the customer for credit (authorization function), the create the approved sales order
- the shipping department (custody function) ships the goods and creates a bill of lading
- send the invoice to the customer
- make the JE for the sales and update the master AR file (debit AR credit rev)
- review the JE and post them to the GL
cash receipts cycle
- front desk employee receives the check and remittance advice from the customer (custody function). stamp the check as “for deposit only.” send the check to the cashier and the remittance advice to the accounting department
- the cashier (custody function) creates a check listing and makes the deposit. the bank generates the bank deposit summary
- the accounting department (recording function) matches all the documents and records the JE (debt cash credit AR)
- approve the customer for credit (authorization function), then create the approved sales order
- the shipping department (custody function) ships the goods and creates a bill of lading
- send invoice to customer
- make JE for the sales and update the master AR file (debit AR credit rev)
- review the JE and post them to the GL
expenditures and cash disbursement cycle (from perspective of the customer)
- purchasing manager (authorization function) identifies the goods the company needs to purchase and negotiate terms of the purchase. the purchasing manager signs off on the purchase requisition
- create a PO from the purchase requisition and send it to vendor
- the receiving department ensures that we received what we actually ordered by creating a receiving report
- the AP department (recording function) matches the purchase requisition, the PO, the receiving report, and the invoice. they then send the voucher package to the treasurer
- the treasurer (custody function) reviews the voucher package. then they sign and send the check to the vendor, along with the remittance advice
purchase order
sent from the customer to the vendor
-shows the quantity of goods to order, the purchase price, and when theyre expected to be received
sales order
vendors format for the clients PO (number of goods, price for the goods, etc)
approved sales order
the sales order after the vendor has approved the customer to make the purchase on credit
bill of lading
a document that outlines the terms of shipment between the vendor and the carrier
invoice
the amount the client owes the vendor
-only send after shipping the goods
master AR file
a summary file that lists all the vendors customers and the amounts they owe the company
remittance advice
shows the invoices that the customer is paying for with their check
check listing
lists out all the checks received from customers
bank deposit summary
shows all the checks deposited by the bank, generated by the bank
purchase requisition
the companys internal request form to make a purchase
receiving report
to record the number of goods received
voucher package
the documents packed together to support the payment
-purchase requisition, PO, receiving report and invoice
FOB destination
the vendor is responsible until the product reaches the customer
perpetual inventory
inventory is continually updated
periodic inventory
inventory is periodically updated
inventory tags
barcodes on the inventory
inventory for manufacturing companies
-WIP: items started but not finished (RM, DL, OH)
-FG: inventory completed but not sold
-COGS: recorded when sold
inventory assertions
-existence, accuracy allocation and valuation, cutoff, rights and obligations, completeness
inventory risks
-client reports inventory that doesnt exist
-client leaves out inventory from the financials (completeness)
-inventory is not valued correctly (impairment, obsolete inventory)
-employees accidentally miscount inventory
-consignment inventory is improperly accounted for
inventory audit procedures
-inventory observation
-analytical procedures
-inquire about companies inventory policies (FIFO or LIFO)
-send inventory confirmations
-inquire about any pledged inventory
inventory observation
-required unless impractical or immaterial
-we observe the company’s employees counting inventory
-the employees count the inventory, not the auditors
-can we trust in their processes for counting inventory?
-auditors can perform test counts of inventory to ensure the employees counted it correctly
-counting inventory then tracing to inventory listing, tests for completeness
-inspecting the inventory listing then vouch to the inventory, tests for existence
-we need to look at purchase documents to test valuation and rights and obligations
pledged inventory
-pledging inventory as collateral
-need to disclosure in footnotes
inventory on consignment
-sending your inventory to another company to sell for you
-consignor: sends inventory to consignee
-consignee: sells inventory for consignor
-the inventory stays on the consignors books
-helps test the rights and obligations assertion
segregation of duties for inventory
-purchasing inventory: authorization
-receiving the inventory: custody
-shipping inventory to customers: custody
-recording JE for inventory: recording
inventory disclosures
-inventory policies
-inventory summary
-pledged inventory
auditing investments: two main types
-stocks: owning a % of a company
-bond: owning debt in a company
investment assertions
-existence, accuracy allocation and valuation, rights and obligations, completeness, cutoff, classification, understandability and presentation
**every assertion is relevant here
investment risks
-improperly valuation of investments
-theft of investments
-recording investments that do not exist
stock % ownership
-0 to 20%: adjusted cost method (no investment income recorded until dividends paid)
-20 to 50%: equity method (investment income recorded as % of investee’s net income
-50% +: consolidation method (consolidated financial statements)
investment audit procedures
-confirm investments with 3rd party custodian
-recalc div income and bond interest income
-verify year end investment balance (published stock quotations)
-scan investment activity before and after year end
fair value hierarchy
-level 1: identical assets in an active market
-level 2: identical assets in an inactive market or similar assets in an active market
-level 3: unobservable management input
key roles for investments
-registrar/transfer agent: maintains record of number of shares issued and outstanding and who owns the stock
-custodian: holds the actual stock/bond certificates for the client and auditor sends confirmations to custodian
bond recalc
-discounts/premiums are amortized throughout the life of the bond
-recalc bond interest income for reasonableness
-ex: the company invests in a bond with a face value of $100,000. the bond has a stated rate of 7%. we expect the company to report bond interest income of $7,000 per year
stock dividend recalc
if we own $100,000 of stock and the company declares a 5% dividend, we expect dividend income to be $5,000
segregation of duties for investments
-purchase and sale of investments: board of directors; authorization
-holding the investment: custodian; custody
-JE for the investments: accountant; recording
elements of fixed assets
-large portion of balance sheet
-low inherent risk
fixed assets risks
-company reports assets that arent real
-theft of fixed assets
-depreciation improperly calculated
-the g/l on sale of fixed assets is improperly calculated
-prop is improperly expensed
-repairs and maintenance expenses are improperly capitalized
-impairment of fixed assets not recorded
-company sells a fixed asset yet doesnt remove it from books
fixed asset assertions
-existence, classification, rights and obligations, completeness, cutoff, accuracy allocation and valuation
capitalize vs repairs and maintenance expense (fixed assets)
-management establishes a capitalization policy
-does the cost enhance the asset or make it last longer? yes = capitalize; no = expense
segregation of duties for fixed assets
-acquisition/disposition of fixed assets: authorization
-physical security of fixed assets: custody
-JE for fixed assets: recording
payable assertions
-completeness, cutoff, rights and obligations, classification, accuracy allocation and valuation, existence
payable risks
-understating payables
-creation of fake vendors
-recording payable for improper amount
payable procedures
-search for unrecorded liabilities
-analytical procedures
-scan the AP aging
-send confirmations for payables
elements of debt
-large portion of liabilities
-we need to make sure the company doesnt understate its debt
debt assertions
-completeness, classification, rights and obligations, accuracy allocation and valuation, cutoff, existence
debt risks
-debt improperly classified
-principal and interest payments not correctly recorded
-leases not recorded on balance sheet
debt procedures
-perform debt rollforward schedules
-analyze debt ratios
-send confirmations of debt
-test classification of debt
-compare year end GL balances to amortization schedule
-review minutes of board meetings
-examine note agreements
-search for loan covenants
debt documents
-debt agreement
-amortization schedule
-debt rollforward schedule
segregation of duties for debt
-approval of new debt: board of directors; authorization
-JE for debt: accountant; recording
auditing payroll
-large expense for a company
-potential for fraud
payroll assertions
-completeness, cutoff, occurrence, classification, accuracy allocation and valuation
payroll risks
-understating payroll expense
-improper amount accrued at year end
-creation of fake employees
payroll documents
-payroll register
-time card
segregation of duties for payroll
-authorization: HR personnel –> hiring and firing employees, pay raises
-recording: accountant –> making JE for payroll, calculating pay
-custody: treasurer –> signs and distributes payroll checks
accounts included in equity
-RE, CS, PS, treasury stock, accumulated other comprehensive income, noncontrolling interests
equity risks
-overstating equity accounts
-improperly calculating equity balances
-excluding equity transactions from equity accounts
equity assertions
-existence and occurrence, rights and obligations, classifications, completeness, accuracy allocation and valuation, understandability and presentation, cutoff
recalc RE
beg RE + NI - div = end RE
scanning board meeting minutes
-issuing stock
-declaring div
-treasury stock repurchases
segregation of duties for equity
-authorization: BOD –> issuing stock, declaring div, treasury stock repurchase
-recording: accountant –> make JE for equity
-custody: registrar maintains records of stocks
registrar/transfer agent
-maintains record of number of shares issued and outstanding and who owns the stock
-we would send confirmations to verify the number of shares issued and outstanding
authorized shares
-max number of shares a company is allowed to issue
-stated in the company’s articles of incorporation
issued shares
number of shares issued (sold) to investors
outstanding shares
all issued shares minus treasury shares
equity disclosures
-number of authorized, issued, and outstanding shares
-appropriation of RE
-stock options plans
what is sampling?
-not testing 100% of a population
-ex: 100 invoices in entire population of AP. we test 10 invoices (the sample), the make assumptions about the other 90 invoiced we didnt test
variable sampling
-looks at $ amounts
-searches for material misstatements
-applies test of details
risks for variable sampling
-incorrectly believe there to be material misstatement in the population when there isnt one (effectiveness)
-incorrectly believe there is not a material misstatement in the population when there is one (efficiency)
attribute sampling
-does the document have a specific attribute? Y/N
-ex: 100 invoices in the population. you test 10 invoices to check for the stamp paid on the check
-looks at rate of occurrence, expressed as a %
-applies test of controls
risks for attribute sampling
-incorrectly assess control risk as high when it should be low (efficiency)
-incorrectly assess control risk as low when it should be high (effectiveness)
non sampling risks
-all other audit risks apart from sampling risk
-ex: the auditor choosing the wrong procedures or failing to notice misstatements in the documents inspected
statistical sampling
-uses calculations to select sample
-random selection of sample items
-more objective than non statistical sampling
-each item has an equally likely chance to be chosen
-used more often for large populations
non statistical sampling
-not determined mathematically
-uses judgment
-more subjective than statistical method
-used more often when the population is small
probability proportion to size (PSS) sampling
-using intervals to select items to test
-advantage: larger amounts are more likely to be tested
-for variable sampling
-treats each dollar as a sampling unit
-better for testing overstatements than understatements
steps for PSS sampling
- determine the sampling interval
- choose random place to start for first item
- choose every additional invoice by adding the sampling interval to the first item chosen
- project the misstatement to the population
PSS sampling example
-the auditor is examining AR, which has a. recorded amount of $150,000 and consists of 50 invoices
-the auditors chooses a sampling interval of $10,000
-a random number between $1 and $10,000 is chosen for the first invoice –> $3,000
-then go up by $10,000 until you have the amount of chosen invoices wanted
sampling interval formula
tolerable misstatement / reliability factor
sample size formula
population amount / sampling interval
SOC reports
help us to rely on the test work already performed by another auditor
-can be SOC1 type 1 or 2 or SOC2 type 1 or 2
SOC 1
controls affecting the company’s financial information are operating correctly
SOC 2
controls affecting the company’s customer data protection are operating correctly
SOC reporting type 1
management’s description of internal controls as of a specific date
-not testing for operating effectiveness
SOC reporting type 2
management’s description of internal controls over a period of time
-testing operating effectiveness of controls
tracing for cycles
-refers to starting an earlier step in the process then following the process through to a later process
-ex: tracing shipping documents (step 4 of rev cycle) to invoices we created (step 5 of rev cycle) to help test that we didnt fail to create any invoices (completeness assertion)
vouching for cycles
-refers to starting at a later step and going back to an earlier step
-ex: vouching the invoices (step 5 of rev cycle) back to the shipping documents (step 4 of the rev cycle) to help ensure that we invoiced customers for the items we actually shipped them (existence assertion)
mean per unit estimation
-add up audited amounts of all items tested, then divide by number of items
-you then multiple that average by total number of invoices
difference estimation
-add up all the variances (as positive numbers)
-divide by the number of items tested to find average variance
-multiply by total invoices to get the amount of adjustment
ratio estimation
-add up all items
-find average variance (audited total - recorded total / recorded total)
-then multiply average variance by whole population to find misstatement
sample deviation rate
-the % of sample items that have an error
allowance for sampling risk
-the chance that our sample results are not representative of the population
upper deviation rate
sample deviation rate + allowance for sampling risk
tolerable deviation rate
max deviation rate we are willing to accept before deciding not to rely on controls
-if upper < tolerable –> rely
-if upper > tolerable –> do not rely
stratified sample
-separating the population into different homogenous groups
-typically used when the amounts of the population widely vary
determining the sample size for a test of controls
-three factors contribute: expected deviation rate, tolerable deviation rate, sampling risk
-population size does NOT affect sampling size
audit data analytics
we can use audit data analytics in any part of the audit phase
descriptive audit data analytics
what happened
diagnostic audit data analytics
why did it happen
predictive audit data analytics
what will happen
prescriptive audit data analytics
how can we achieve a certain result in the future
five steps of data analytics
- plan the audit data analytics
- access and obtain the data
- review and analyze the relevance and reliability of data
- perform the audit data analytics
- evaluate the outcome of the event and any necessary modifications to the audit data analytics
subsequent events
-events happening between the end of the financial statement date and the issuance of the financial statements
-ex: we are auditing a company’s 2021 accounting year (1/1/21 - 12/31/21); we issue the financial statements on 4/1/22; subsequent events happen between 1/1/22 and 4/1/22
disclose and/or accruing subsequent events
-did the condition of the item exist as of year end? Yes = disclose and accrue; No = disclose but don’t accrue
-auditors have no responsibility for events occurring after the financial statements are issued
how to discover subsequent events
-inquire with management
-send a legal inquiry letter to the clients attorney
-read the companies meeting minutes
-look at interim financials
quality control review - “2nd partner review”
-required for public company audits
-partner outside of engagement team
-discussing the significant findings with the engagement partner
-reading the financial statements
-reviewing audit documentation related to significant judgments and conclusions
who are those charged with governance?
-highest level of authority at an org
-BOD
-audit committee
communication to those charged with governance includes
-disagreements with management during the audit
-noncompliance and illegal acts
-significant accounting policies adopted or changed by management
-adjusting JE
-uncorrected misstatements
-significant difficulties during audit
-planned scope and timing of the audit
-significant deficiencies and material weaknesses of internal control
what are the three levels of deficiencies
-material weakness: most serious
-significant deficiency
-deficiency: least serious
material weakness definition
a deficiency, or a combination of deficiencies, in internal control, such that there is a reasonable possibility that a material misstatement of the entity’s financial statements will not be prevented or detected and corrected, on a timely basis
to be a material weakness, it must meet two requirements:
-is there a reasonable possibility that a misstatement could occur?
-could the misstatement be material?
significant deficiency definition
a deficiency, or a combination of deficiencies, in internal control that is less severe than a material weakness yet important enough to merit attention by those charged with governance
do significant deficiencies and material weaknesses have to be in writing?
yes
-all other deficiencies can be verbally provided
management rep letter
-written confirmation of the client’s rep made throughout the audit
-created by the auditing firm
-printed on company letterhead and signed by company (CEO and CFO)
-occurs at the end of the audit
-covers periods all the way through the audit report date
what is included in a management rep letter
-management’s responsibility for: financial statements (prep and fair presentation), design implementation and maintenance of internal controls
-management has not left anything out of the financial statements
-management has communicated to the auditor: instances of fraud, noncompliance, all litigation, all subsequent events
-management’s claim that uncorrected misstatements are immaterial (with a list of them)
-management believes accounting estimates are reasonable
-management has identified and accounted for related party transactions
what do you do if you dont get a management rep letter?
disclaimer of opinion or withdraw
unmodified opinion
-best opinion possible
-“unqualified” for public companies
-key phrase is “present fairly, in all material respects”
GAAP departures
-company didn’t follow GAAP requirements
-non pervasive: qualified; pervasive: adverse
-ex: misstated a balance, excluded important footnote disclosures from the financials
scope limitation
-couldn’t obtain enough audit evidence
-don’t know if the company made an accounting mistake
-non pervasive: qualified; pervasive: adverse
-ex: weren’t able to observe inventory count or perform alternative procedures, couldn’t send a legal inquiry letter, didn’t receive a management rep letter
qualified opinion
-GAAP departure (non pervasive) or scope limitation (pervasive)
-key phrase is “except for”
adverse opinion
-GAAP departure that is pervasive
-key phrase is “do not present fairly”
disclaimer of opinion
-we do not express an opinion
-scope limitation but it’s pervasive
structure of audit report
- auditors opinion: types of reports, name of company, opinion, GAAO
- basis for opinion: GAAS, auditors responsibility, sufficient appropriate audit evidence
- management responsibility: preparation and fair presentation of financial statements, DIM of internal controls, GAAP
- auditors responsibility: reasonable assurance, obtaining understanding of internal control, GAAS
additional paragraphs in the audit report
-key audit reports
-emphasis of matter
-other matters
**these do not modify the audit opinion
key audit matters
-those matters that, in the auditors professional judgment, were of most significance in the audit of the financial statements of the current period
-selected from matters communicated with those charged with governance
-areas of higher risk of material misstatement
-involve significant judgment, estimates, and uncertainty
-not a required paragraph
emphasis of matter paragraph
-used to emphasize information included in the financial statements
-paragraph included in the auditors report that is required by GAAS, or is included at the auditors discretion, and that refers to a matter appropriately presented or disclosed in the financial statements that, in the auditors professional judgment, is of such importance that it is fundamental to users understanding of the financial statements
topics required for an emphasis of matter paragraph
-justified change in accounting principle
-financials were prepared using a special purpose framework
-change in accounting opinion due to important subsequent events
topics optional for emphasis of matter paragraph
-significant related party transactions
-lack of consistent application of accounting principles
-uncertainty regarding the outcome of pending litigation
-going concern when substantial doubt is alleviated
whats included in the emphasis of matter paragraph
-where in the financial statement the item is reported
-clarifying statement that this paragraph does not cause the opinion to be modified
other matters paragraph
-used to address information not included in the financial statements
-a paragraph included in the auditor’s report that is required by GAAS, or is included at the auditors discretion, and that refers to a matter other than those presented or disclosed in the financial statements that, in the auditors professional judgment, is relevant to users understanding of the audit, and the auditors responsibilities, or the auditors report
topics required for an other matters paragraph
-restricting the use of the auditors report
-financial statements of the prior year were audited by the predecessor auditor
-prior year financials were reviewed or compiled
-report on compliance is included in the auditors report
-change in accounting opinion due to important subsequent events
predecessor auditor: comparative financial statements
-when the predecessor auditor audited prior year financials and we (the successor auditor) audited the current year financials
-our audit report covers both years, since the financials are both years (so we are saying, for example, 2020 and 2021 financials are correct)
-this is known as reissuing a report
-before reissuing, the predecessor auditor should obtain a rep letter from both management and the successor auditors
-they should also read the financials to see how they compare to prior year financials
-if not, then we add other matter paragraph to describe the opinion the predecessor auditor provided
annual reports
-often, companies want to add their audited financials to a larger document (ex: adding the financials to the companies annual report)
-including a MD&A section
-the auditor does not need to audit the other information apart from the financials
-the auditor needs to read through the other information to make sure it agrees with the audited financials
supplementary info
-info presented that is not part of the basic financials (ex: detail of G&A expense)
-unless specified, the auditor isnt required to audit this info
-supplementary info must be directly related and based on the financials
-auditors should add a “supplementary info” paragraph in the auditors report to explain the added info, and include a disclaimer of opinion
required supplementary info
-required to be presented that is not part of the basic financials (ex: construction companies including a schedule for all completed and uncompleted construction projects)
-the auditor should apply limited procedures to the required supplementary info
auditing a public company (issuers)
-required to perform an integrated audit –> auditing (expressing an opinion) on the financials and auditing (expressing an opinion) on the operating effectiveness of internal control over financial reporting
-issuing two audit reports: report on financials and report on internal control over financial reporting
-refer to PCAOB for auditing standards
-test the controls as of a specific date (date of audited financials)
-all deficiencies should be in writing
audit report for public companies
- opinion
- basis for opinion
- critical audit matters
**still refer to PCAOB for auditing standards and GAAP for accounting standards
critical audit matters
-always required in public companies audit report
-similar to key audit matters for a private company
-even if no critical matters are identified, you still need this
-critical audit matters exist when items are material to the financial statements or involve challenging, subjective, complex judgements
explanatory paragraph
-any paragraph we add the basic audit report
-use this for public companies since we cant use emphasis of matter or other matter paragraphs
audit report on internal control over financial reporting
- opinion
- basis for opinion
- definition and limitation of internal control over financial reporting
modifications of opinions for internal control audit
-no qualified opinions
-a material weakness requires the auditor to issue an adverse opinion
-major scope limitations cause either disclaimer of opinion or withdrawing from the engagement
SSARS engagements
-statements of standards for accounting and review services
-applies to reviews, compilations, and preparations
review engagements
-substantially less in scope than an audit
-review engagements only use analytics and inquiry
-provide negative (limited) assurance
-“we are note aware of any material modifications that should be made to the financial statements”
-express a conclusions, not an opinion
what we do in a review
-understand the entity and its environment
-need a management rep letter
-need to be independent
-assess management’s judgement about ability to continue as going concern
-inquire about related party transactions
-inquire about subsequent events
-still need an engagement letter
what we dont do in review
-dont perform risk assessment
-no audit risk formula
-no fraud risk assessment
-we dont have to understand a company’s internal controls
-no tests of details
compilation engagements
-covered by SSARS standards
-using accounting expertise to assist management with preparing financial statements
-we are not required to verify the info in the financial statements
-we do not perform any substantive procedures
-we provide no assurance
whats included in a compilation
-understand the entity and its environment
-read the financial statements for any obvious errors
-issue a compilation report with the financial statements
-we always provide a disclaimer of opinion
-still need an engagement letter
-each page of the financial statements should say “see accountant’s compilation report”
whats not included in a compilation
-dont perform risk assessment
-no audit risk formula
-no fraud risk assessment
-dont have to understand a company’s internal controls
-no tests of details, inquiry or analytics
-no need for a management rep letter because we are not giving assurance
-no need to be independent, but state if you arent independent in the report
-dont assess management’s judgment about ability to continue as a going concern
-no assurance
-no modifications of opinions
preparation engagements
-engagement to prepare financial statements
-no report, so the accountant’s name is nowhere on the financial statements
attestation engagements
-covered by statements on standards for attestation engagements (SSAE)
-catch all set of standards
-any engagement thats not for historical financial statements
what is not included in attestation enagements
-audit of historical financials
-review of historical financials
-compilation of historical financials
-preparation of historical financials
-consulting a client
-preparing a clients taxes
what is included in attestation engagemenets
-financial forecasts and projections (prospective financials)
-pro forma financials (would would our financials have looked like if ___ had happened?)
-MD&A
-reporting on controls at a service org (soc 1, soc 2)
-compliance
three levels of attestation engagements
-must be independent for all three engagements
-examination, review, agreed upon procedures
examination level for attestation enagements
-positive assurance
-an audit provides positive assurance on historical financial statements while an examination provides positive assurance on non historical financial statements
-examination risk = audit risk
-key phrase is “we have examined”
review level of an attestation engagement
-limited assurance
-a review covered by SSARS provides limited assurance on historical financial information while a review under SSAE provides limited assurance on non historical financial information
-we cant perform a review for prospective financial statements, compliance testing, or SOC reports
agreed upon procedures level of attestation engagements
-no assurance provided, list out the results of our testing
-any engagement to perform procedures and present findings on a specific area of the company
-ex: counting the company’s inventory balances
-the client and the practitioner agree on the procedures to be performed
-the client is responsible for establishing the sufficiency of the procedures performed
prospective financial statements (forecast vs projection)
forecast: based on past events, how the company is expected to perform
projection: how is a company expected to perform in the future assuming a hypothetical situation; report must be restricted for limited use only
agreed upon procedures report
-title includes independent
-management agreement to the sufficiency of the procedures
-description of procedures performed and findings
type 1 of compliance engagements: auditing compliance when connected to financial statements
-covered by GAAS standards (AICPA)
-report on contractual agreements (like loan covenants)
-report on regulatory requirements
-auditor must have audited the client’s financials
-may only issue negative assurance on them
-allowed to give an unmodified opinion when: no identified instances of noncompliance or audit has expressed unmodified or qualified opinion
-if the auditors identify even one instance of noncompliance, they must explain it
-report can be included in the audit report or as a separate report
type 2 of compliance engagements: agreed upon procedures for compliance
-covered by SSAE attestation standards
-no assurance provided
type 3 of compliance engagements: examination procedures for compliance
-covered by SSAE attestation standards
-positive assurance provided
-must perform risk assessment (which is a risk of material noncompliance)
ethics requirement
-follow AICPA code of professional conduct
-covers ethical requirements for all engagements
-applies to audit, review, compilation, preparation, attestation engagements
6 guiding principles for the AICPA framework
- responsibilities: members should always exercise moral and professional judgment during their work
- public interest: members should act in ways that will serve the public interest and maintain public trust
- integrity: members should perform all professional responsibilities with the highest sense of integrity
- objectivity and independence: a member should maintain objectivity and be free of conflicts of interest in discharging professional responsibilities. a member in public practice should be independent in fact and appearance when providing auditing and other attestation services
- due care: a member should observe the profession’s technical and ethical standards, strive continually to improve competence and the quality of services, and discharge professional responsibility to the best of the members ability
- scope and nature of services: when providing services to clients, member should evaluate whether those services can be carried out while adhering to the professional standards above. if they cant, the services should not be included in the scope of the work
objectivity vs independence
-objectivity does not equal independence
-objectivity applies to all engagements
-independence applies to engagement where we provide assurance
who must be independent
covered members
who are covered members
-individuals on the engagement team
-partner giving 10+ hours on non attest services to the client
-individual in position to influence the engagement
-any partner when the lead engagement partner is in that office
-covered members spouse and dependents
1/6 ways independence can be impaired: direct financial interest (immaterial or material) or indirect financial interest (material) in the client
-direct financial interest: owning stock in a company
-indirect financial interest: owning a mutual fund that owns stock in a company
-if covered members receive stock, they must dispose of it within 30 days
2/6 ways independence can be impaired: having a loan from a client
-exceptions: a bank account full insured by the government (like the FDIC), CC balances less than $10,000, car loans that are fully collaterialized
-to avoid impairing independence, the accountant should pay off the loan before the engagement begins
3/6 ways independence can be impaired: accepting a gift from the client
-except a token gift
-taking a client out for dinner is acceptable
4/6 ways independence can be impaired: serving as a ______
trustee, executor, or administrator of a trust of an estate that has a direct or material indirect financial interest in the client
5/6 ways independence can be impaired: material joint closely held investments with an _____
attest client, officers or directors of an attest client, or stockholders of such client who can exercise significant influence over the client
6/6 ways independence can be impaired: when the client owns the auditing firm over ____ year of unpaid fees
1
changing employment - what happens if you worked for a CPA firm then are hired by one of the firms clients?
-cooling off period: public companies
-for auditors changing from CPA firm to client, cant work on the audit for at least one year
changing employment - what if you worked for a CPA firms client then change employment to work at the CPA firm?
cant work on engagements that cover the period that you worked at the company
family members with auditing
-immediate family members and close relatives cant work in key positions (CEO, controller, etc) at a company youre auditing
acts discreditable to the profession
-not returning the clients documents
-solicitation or disclosure of CPA exam questions/answers
-negligence in preparing financial records
undue influence threat
excessive, aggressive behavior to force a company to comply
familiarity threat
long term relationships with clients cause the parties to become too sympathetic
management participation threat
the client taking the role of management (like hiring employees)
self review threat
the accounting firm does not properly review its own work
advocacy threat
the accounting firm promotes the clients interests
self interest threat
the accountant will somehow benefit from the engagement
adverse interest threat
the accountant’s outcomes are opposed to the clients interests
rules on contingent fees
-“if __ happens, ill pay you ___”
-cant have contingent fees for an audit, review, compilation, examination, or tax return
-we are allowed contingent fees when they involve a legal proceeding
rules on advertising
this rule allows CPA to advertise, but the advertising must not be false, misleading or deceptive
rules on confidentiality
-this rule establishes that independent accountants owe a high degree of confidentiality to their clients
-need the clients permission
-this rule prohibits auditors from disclosing illegal acts unless there is a legal requirement to do so
-the accountant should not disclose the clients personal documents unless a subpoena is issued or its for a peer review
major sections of the code
-members in public practice (AICPA members)
-member in business: dont have independence rules, confidential info rules, contingent fee rules
-other members (retired or unemployed): only applicable rules are acts discreditable to the profession
public company ethical rules
-SOX created PCAOB
-PCAOB sets stricter standards for independence
-public companies cant perform: bookkeeping, legal services, preparing the clients financials
-must ask permission from audit committee to prepare the companies tax returns
-any other non audit services need to be approved
PCAOB inspects public auditing firms every
-1 year if the firm provides > 100 audits annually
-3 years if the firm provides < 100 audits annually
government accountability office (GAO)
-sets GAGAS standards
-stricter than AICPA
-ethical principles: serving the public interest, objectivity, integrity, proper use of government, resources, and positions, and professional behavior
-bias threat: the auditor takes an unobjectively position due to personal benefits
department of labor (DOL)
-sets GAGAS standards
-stricter than AICPA
