MCQs Flashcards
Quality Control - Definition & PCAOB/AICPA
Quality control is a process to provide the firm with reasonable assurance that its personnel comply with the applicable professional standards.
The PCAOB has adopted the AICPA’s quality control standards.
5 quality control elements of a system of quality control
- independence, integrity and objectivity
- personnel management
- acceptance and continuation of clients
- engagement performance
- monitoring
Supervision and Review is a Component of
engagement performance
Basic fundamental concept that underlies the audit process
Risk:
The acceptance by auditors that there is some level of uncertainty in performing the audit function.
Which elements underlie the application of generally accepted auditing standards (particularly the standards of fieldwork and reporting)?
Materiality and Audit Risk
Audit planning involves developing an overall strategy related to collecting and evaluating the Evidence to be obtained.
By testing and understanding Internal Control, the auditors can assess whether it offers assurance that the financial statements will be free from Material errors and fraud.
These assessments enable the auditors to evaluate the Risks of material misstatement of the financial statements.
Three General Standards
TIP
(1) adequate Training and proficiency
(2) Independence of mental attitude
(3) due Professional care
Three Fieldwork Standards
PIE
(1) adequate Planning and supervision
(2) understanding entity/environment incl. Internal control
(3) sufficient appropriate audit Evidence
The auditor’s judgment concerning the overall fairness of the presentation of financial position, results of operations, and changes in cash flow is applied within the framework of
GAAP
Generally Accepted Accounting Principles.
Independence problems - Covered Member, Immediate Family & Close Relatives
The covered member as well as a member of the person’s immediate family (person’s spouse and any dependents):
- cannot have financial interest in the audit client
- can work for the audit client as long as the position is not in a position (such as management) that influences the financial statements
A close relative (parent, sibling, nondependent child) can:
- have a financial interest in an audit client as long as that interest is immaterial to the person
- work for the audit client as long as the position is not in accounting or financial reporting (such as head of payroll accounting)
If the close relative works for the audit firm, the person is not a covered member unless:
- the person works on the engagement team or
- is in a position to influence the members of the engagement team or the audit
Illustration of a liability to clients under common law
client sues auditor for not discovering a theft of assets by an employee
CPA had a duty to perform, which require him/her to exercise ‘due professional care’
the misappropriation of assets by one employee should have been uncovered through an audit program which revealed the lack of separation of duties with regard to the employee
Unmodified audit report for a non-public company
Introductory, paragraph simply identifies the financial statements that were examined.
Other paragraphs outline:
Responsibilities of the parties
Standards that were followed
Nature and scope of an audit
When those charged with governance do not take appropriate remedial action
may consider withdrawal from the engagement, if possible under applicable law/regulation
suspected or identified noncompliance with laws and regulations (initial steps and subsequent procedures)
- understand act/circumstance (consult with mgmt one level above the act, if unsatisfactory info then client arranged consultation with client’s legal counsel)
- evaluate effect on FS
Procedures:
- compare supporting docs with acctg records
- confirm info with third parties
- confirm proper authorization
- apply procedures to identify occurrence of similar transactions
NOT personal misconduct by employees unrelated to business ops
suspected or identified illegal acts (opinion modification, disclosure)
Qualitative - immaterial amount could lead to material
Quantitative - contingencies per noncompliance
Adequacy of disclosure
Implications on reliability of mgmt representations (material)
If material:
- issue qualifiled or adverse depending on materiality
- disclaim if materiality cannot be ascertained due to insufficiency of evidence
- if modifications aren’t accepted, withdraw and communicate reason for w/d in writing to those charged with governance
If immaterial:
- disclose to senior mgmt and those charge with governance
- if no remediation, withdraw
Possible disclosure to third third parties (confidentiality generally precludes, consult with legal counsel):
- under 8K to sec
- under inquires from successor auditor
- under subpoena
- under requirements to funding (governmental) agency
work or findings of specialist
- accept unless determined unreasonable
- additional procedures if materially different than FS assertions
- unresolved, than seek another opinion (still not resolved then issue qualified or disclaimer of opinion)
- only mention specialist if issuing a qualified or adverse opinion AND doing so will assist in understanding the reason for the qualification
Why must opinion pertain to FS taken as a WHOLE?
to prevent misinterpretations regarding degree of auditor’s assumption of responsibility
Client’s rights to working papers (versus work products or or member-prepared records)
Working Papers - belong to member and need not be provided to client unless imposed by state/federal statute, regulations or contractual agreement
Member-prepared records - may only be withheld for fees
Work Products - may be withheld for fees, incompletion, compliance with professional standards, or in light of outstanding litigation (once provided only required to provide again if natural disaster or act of war)
Records and products may be provided in any usable format (if requested exists then provide) and additional fees may be charged.
Requests to change (audit to review/review to compilation)
Reasons:
- change in circumstances
- misunderstanding regarding nature of each engagement type
- restriction on scope (imposed by client or due to circumstances)
Consider:
- reason given, particularly scope limitation implications
- additional effort require to complete original request
- estimated additional cost to complete original request
Do not address change in resulting report
Effect on Ratio of equal decrease in numerator and denominator
If ratio is greater than 1:1, ratio is increased
If ratio is less than 1:1, ratio is decreased
Includes “objective of the engagement”
Auditor’s engagement letter
Negative Assurance
nothing came to our attention that specified matters do not meet specified standards
limited to negative assurance when FS have not been audited
generally not used in opinion on financial statements (never in audit opinion)
used for: comfort letters, special reports, agreed-upon procedures, compliance (laws/regs/contracts)
Procedures required regarding subsequent events (SE)
- read & review interim FS
- inquiries of mgmt/governance re:
a. current status of tentative, preliminary, inconclusive data and
b. any unusual adj since BS date
c. changes in stock, debt, working capital
d. substantial contingent liabilities/commitments - read meeting minutes (SH, BOD, OFF)
- inquiries of legal counsel
- observe SE
- scan records for unusual transactions
- obtain letter of rep on SE
Considerations for Design and Performance of
Further Audit Procedures (responsive to assessed risks of material misstatement RMM at the relevant assertion level)
- significance of risk
- likelihood of material misstatement (MM)
- characteristics of relevant transactions, balance, disclosure
- nature of entity’s specific controls
- whether evidence is expected to determine effectivity of entity controls regarding MM
Restrictions not allowed for Review
Restrictions are not allowed on:
Scope of the Inquiry
Analytical Procedures
Review may be restricted to a single FS like BS
When client presents photocopies in light of misplaced originals
Reevaluate risk of fraud
Design alternative tests for related transactions
Must determine reliability of the internally generated evidence in light of entity controls
Inspect (physically) new additions to PPE
Test management’s assertions of Existence
When comparative FS include prior year by predecessor auditor whose report is not presented
indicate in introductory paragraph of auditor report
include date and type of opinion from predecessor report
not required to obtain representations from predecessor auditor on prior year statements
Exceptions to loans regarding independence of covered members
Grandfathered loans
Auto loans collateralized by auto
Loans collateralized by cash surrender of insurance policy, cash deposits
Credit card or overdraft reserve (current = $10,000 or less)
Not allowed: personal, student, home mortgage
When performing a financial statement audit, auditors are required to explicitly assess the risk of material misstatement due to
Statements on auditing standards, specifically require auditors to assess the risk of material misstatements due to:
fraud
and to consider that assessment in designing the audit procedures to be performed
underlies the application of generally accepted auditing standards, particularly the standards of fieldwork and reporting
materiality and risk
The standards of field work concern evidence accumulation and other activities during the actual conduct of an audit.
It relates to understanding the of the client’s environment which helps the auditor identify significant client business risks and the risk of significant misstatement in the financial statements.
The reporting standards require the auditor to prepare a report on the financial statements, stating whether they are presented in accordance with GAAP.
Decisions about how much and what types of evidence involve making decisions with regard to materiality and risk.
Detection risk & Substantive Procedures
Inversely Related
DR = Risk that the auditor’s procedures will not detect an error in an account when in fact one exists.
Auditor’s assurance that there are no errors in an account balance is increased by the application of substantive procedures (SP), so the auditor’s assessment of detection risk will decrease.
Applying substantive tests as of an interim date rather than as of the year-end potentially increases the risk that misstatements that may exist will not be detected. To decrease detection risk, perform substantive tests at year end.
As the acceptable level of detection risk decreases, the assurance provided from substantive tests should increase, so the amount of audit evidence the auditor accumulates will increase.
Risk Assessment (RA) for financial reporting
RA - identification and analysis of risks relevant to the preparation of financial statements in conformity with GAAP.
Auditor obtains knowledge about management’s risk assessment through procedures performed to obtain an understanding of the Entity and its Environment, including Internal Controls.
Impact on Audit Risk if Inherent Risk or Control Risk is higher than originally anticipated.
Discovery should have no impact on the desired level of Audit Risk
Inherent Risk - the risk that a material misstatement might occur in accounting for a particular account or balance
Control Risk - the risk that a material misstatement that actually occurs will be able to get through the reporting company’s internal control and wind up within the reported financial statements
The two assessments of IR & CR are independent.
Detection Risk - the likelihood that a material misstatement that is created and gets through the internal control systems will also get through the testing by the independent auditor.
If either IR or CR is especially high, then enough substantive testing must be done by the auditor so that DR is reduced to compensate. so that overall audit risk remains unchanged.
IR X CR X DR = AR
Several factors determine the extent to which external users rely on a client’s financial statements
- Concentration of ownership
- Types and amounts of liability
- Client size
Audit Program
A listing of all the things which the auditor will do to gather sufficient, competent evidence
Reliance on the work of another auditor
May choose to do so
Must inquire about their reputation
Contact or visit if necessary to obtain sufficient info
Includes service organizations
Auditor’s concern regarding stock options
proper authorization
trace authorization to BOD vote
If departures from GAAP are discovered in Review of nonissuer
Management should modify FS
If refuse:
modify report to adequately communicate deficiencies
If modification is not sufficient:
withdraw from engagement (cannot just disclaim).
Reporting on Supplementary Information in relation to FS
in relation to FS Whole:
evaluate presentation
is it fairly stated in all material respects
(EOM or separate report)
Restricted and General Use
Restricted use - for one or more specified third parties due to possible misunderstanding when taken out of context for intended use
General use is not restricted to specified parties
Reports in conformity with applicable framework generally aren’t restricted even if OCBOA
Test data and payroll system
discover invalid employee ID numbers
(input invalid numbers to test controls against it)
Tests of approval, check cashing and unclaimed checks tested outside the PR system
Qualified Opinion due to Scope Limitation
insufficiency of evidence
Kiting
When money is moved from one account to another but the deposit and the withdrawal are recorded in different time periods to inflate the amount of cash being reported, the term “kiting” is used to identify that fraud.
The treasurer of a company has stolen $10,000 in cash from the company. At the end of the year, he is afraid that he will be caught so he transfers $10,000 from one company bank account to another. He records the deposit on December 31 of the first year so that $10,000 cash is added. He does not record the withdrawal from the other account until January 1 of the second year. As a result, for one day, the company looks like it has $10,000 more than it really does.
Auditor’s Engagement Letter
- services the auditor will perform
- assistance or restrictions on the audit
- auditor cannot guarantee that all acts of fraud will be discovered
- management is responsible for maintaining effective internal control.
internal controls consist of five interrelated components:
CRIME
- Control activities - policies and procedures that help ensure that management directives are carried out.
- Risk assessment - identification and analysis of relevant risks to achievement of its objectives.
- Information and communication systems - support the identification, capture, and exchange of information in a form and time frame that enable people to carry out their responsibility.
- Monitoring - asseses the quality of internal control performance over time.
- control Environment - sets the tone of the organization.
Procedures for evaluating management identification of accounting estimates that could be material to the financial statements
Assertions embodied in FS
Evaluate information obtained in performing other procedures, such as:
- changes in the entity’s business, operating strategy, industry
- changes in methods of accumulating information
- litigation, claims, assessments, other contingencies
- reading meeting minutes (stockholders, directors, committee)
- regulatory or examination reports, supervisory correspondence, etc. from applicable regulatory agencies
Inquire of management about the existence of circumstances that may indicate the need to make an accounting estimate.
IT application controls.
Input controls
Processing controls
Output controls
IT general controls
- program change controls
- controls that restrict access to programs or data
- controls over the implementation of new releases of packaged software applications
- controls over system software that restrict access to or monitor the use of system utilities that could change financial data or records without leaving an audit trail
Management Representation Letter (Interim?)
Interim: Financial information Internal control Fraud or suspected fraud at the entity Completeness of information Recognition, measurement, and disclosure Related party transactions Subsequent events
Representation letters:
appear on the client’s letterhead
addressed to the auditor
dated as of the date of the auditor’s report
signed by client (responsible officials/president & CFO)
10 generally accepted auditing standards, approved and adopted by the AICPA. Three categories:
(no longer AICPA but PCAOB?)
general standards
standards of fieldwork
standards of reporting
Review Services (SSARS) are not GAAS
A member of a registered public accounting firm that participated on the engagement becomes employed with the client in a significant accounting position (CEO, CFO, controller, CAO, or equivalent position)
Firm is prevented from conducting the audit for a one-year period
The auditor responds to risks of material misstatement due to Fraud in the following three ways:
A response that has an overall effect on how the audit is conducted—that is, a response involving more general considerations apart from the specific procedures otherwise planned
A response to identified risks involving the nature, timing, and extent of the auditing procedures to be performed
A response involving the performance of certain procedures to further address the risk of material misstatement due to fraud involving management override of controls, given the unpredictable ways in which such override could occur
Prior to seeking approval of certain tax services from the audit committee, a registered public accounting firm must:
Describe in writing the scope/fee structure of services
Discuss potential effects on independence
Document substance of the discussion
Public Company Accounting Oversight Board (PCAOB) Rule 3524
SEC Form S-1
Issue new securities
Reasonable assurance regarding professional standards
System of Quality Control
AICPA Statements on QC
Generally Accepted Auditing Standards (GAAS) and Statements on Auditing Standards (SAS)
minimum standards of performance, in exercising due professional care by the auditor, that must be achieved on each audit engagement.
A CPA firm’s quality control procedures pertaining to the acceptance of a prospective audit client would most likely include
Inquiry of third parties, such as the prospective client’s bankers and attorneys, about information regarding the prospective client and its management.
objective of an operational audit
Specific operating units are functioning efficiently and effectively
often performed by internal auditors
Transactions selected for testing are not supported by proper documentation
Auditing standards states that if a condition or circumstance differs adversely from the auditor’s expectation, the auditor needs to consider the reason for such a difference.
consider whether material misstatements exist in an entity’s financial statements
auditor’s responsibility for supplementary information, such as segment information, which is outside the basic financial statements, but required by the FASB
auditor has no responsibility to audit information outside the basic financial statements
has some responsibility regarding such information
extent varies with the nature of the information
Required Supplementary Information (FASB,GASB) - apply certain limited procedures and report deficiencies or omissions
not required to test transaction details and balances for material misstatements
CPA firms registered with the Public Company Accounting Oversight Board (PCAOB) are subject to periodic inspections
inspection process by the PCAOB takes the place of peer review
Firms that audit more than 100 companies are inspected annually
The rest inspected every three years.
In registering with the Public Company Accounting Oversight Board (PCAOB), a CPA firm must provide significant information
- List of all audit clients who issue securities
- Pending criminal actions against the firm
- Annual fees from each client issuer divided between audit and non-audit services.
- List of all accountants participating in the audit of each client that is an issuer of securities.
- Statement on QC policies
MORE 3622.02
Form 8-K
filed with SEC to report significant events that are of interest to public investors. Include:
acquisition or sale of a subsidiary,
a change in officers or directors,
an additional product line,
change in auditors
Early appointment of the auditor
enables a more sufficient audit to be planned
A covered member
- any individual on the audit engagement team,
- anyone who can influence either the engagement or the members of the engagement team,
- the partners in the office in which the engagement is primarily performed.
- any individual that provides ten or more hours of non-attest services to the client
covered members must abide by specific independence rules toward the audit client
independence impaired with respect to client
- Client is behind on its audit fees
- Audit client initiates a lawsuit against the auditor
- Auditor initiates a cross claim against client management
No independence problem:
- covered member receives an unsolicited financial interest, such as the inheritance, if disposes of it within 30 days
- operating leases and claims against clients for immaterial amounts and related to non-audit matters
- suit is not against each other or likely to be
“grandfathered” loan
Failure to make payments on a loan obtained prior to client audit relationship no longer qualifies as a “grandfathered” loan under the AICPA guidelines.
Department of Labor (DOL) guidelines on covered members
sets independence standards for audits of employee benefit programs for US firms
stricter than those of the AICPA
partner in another office not involved is a “covered” if he participates in benefit plan under audit
state board of accountancy
accountants in public practice must adhere to their requirements
may revoke his CPA license (not AICPA)
must
should
may might could
unconditional
presumptively mandatory (document/justify departure)
no requirement
Auditing Statements of Position
issued by the AICPA
interpretive publications for guidance, not auditing standards with requirements for auditors
Public Company Accounting Oversight Board (PCAOB) Auditing Standard No. 7 - Reviewing Partners
must possess the same level of knowledge and competence that would qualify him or her to serve as the audit partner on the engagement under review
provide concurring approval of issuance of the audit report only if not aware of a significant engagement deficiency after conducting review in accordance with professional standards
firm may only allow clients to use the audit report after reviewing auditor provides concurring approval of issuance
during review, focus on evaluating the engagement team’s judgments and related conclusions during the audit
GAO threats to independence
Self Interest (financial/other) Self Review (failure to properly evaluate results) Bias (promote a position) Familiarity (close relationship) Undue Influence Mgmt Participation Structural Threats
Review of pro forma financial info
Include reference to historical financial info (audited or reviewed FS) from which derived
Provided negative assurance regarding pro forma effect of transaction or event to historical FS
SOX 2002, Sec 407 financial expert
understands GAAP & FS
experience in prep or audit of FS
experience with internal accounting controls
understand audit committee functions
Governmental Audit & Internal Control
Reports on IC
Understanding of relevant IC
Determined whether IC placed in operation
Title IV SOX FS requirements
reflect:
all material correcting adjustments
material off-BS items
nothing untrue and no material omissions on pro forma info
required communication with those charged with governance
disagreements with management regardless of whether satisfactorily resolved
10 conditions for agreed-upon procedures
independent
agreed upon w/specified parties
specified parties responsible for sufficiency
include summary of significant assumptions
criteria (suitable/available to specified parties)
agreed upon criteria
expectation of reasonably consistent findings
expected existence of evidence to provide reasonable basis
agreed-upon materiality limits
use restricted to specified parties
Management assertions with regard to financial reporting are made in relation to three broad areas;
(1) transaction-related events;
(2) account-balances; and
(3) presentation and disclosure.
Management makes no assertions about internal control. Assertions about internal control are made when the CPA has been hired to provide a report on internal control.
Public Company Accounting Oversight Board (PCAOB) Rule 3525 requires the registered public accounting firms
- describe in writing the scope of the services,
- discuss potential effects on independence, and
- document the substance of the discussion with the audit committee.
Required Supplementary Information (RSI),
The auditor has an obligation to apply limited procedures to and report deficiencies in the required supplementary information (RSI), as the information is considered by the Government Accounting Standards Board (GASB) to be an essential part of the financial reporting package.
The CPA should
- inquire of management and consider if the information is consistent with the audited financials and other information obtained during the audit.
- consider whether or not the RSI should be covered in the representation letter from management.
There is no need to apply substantive tests of transactions to the supplementary information.
Under Section 11 of the Securities Act of 1933, a CPA who certifies financial statements will not be liable to a purchaser of the security if
he or she can prove due diligence.
Due diligence is the reasonable professional standard of care that would relieve a person of liability under the 1933 Act on a registration statement that contained untrue statements of a material fact or omissions of a material fact.
At the minimum, a compilation documentation should include:
- engagement letter,
- any significant findings or issues, and
- communications regarding noncompliance with laws and regulations and fraud that have come to the accountant’s attention
The auditor’s standard report does not include an expression related to the consistent application of an applicable financial reporting framework if
(a) no change in accounting principles has occurred, or (b) there has been a change in accounting principles or the method of their application, but the effect of the change is not material.
A review does not contemplate
obtaining an understanding of the entity’s internal control;
assessing fraud risk;
testing accounting records by obtaining sufficient appropriate audit evidence through inspection, observation, confirmation, or the examination of source documents;
Materiality
or other procedures ordinarily performed in an audit.
A review engagement under SSARS requires
- analytical procedures
- independence
- limited assurance that there are no Material Modifications that should be made to the financial statements. (not aware of material modifications to conform with GAAP)
When reporting on financial statements of a regulatory entity that are prepared in accordance with the requirements of financial reporting provisions of a government regulatory agency to whose jurisdiction the entity is subject,
the auditor may report on the financial statements as being prepared in accordance with a comprehensive basis of accounting other than generally accepted accounting principles.
Reports of this nature, however, should be issued only if the financial statements are intended solely for filing with one or more regulatory agencies.
AU-C 450.04 defines misstatement as
“a difference between the amount, classification, presentation, or disclosure of a reported financial statement item and the amount, classification, presentation, or disclosure that is required for the item to be presented fairly in accordance with the applicable financial reporting framework.”
(known) and (likely) misstatements.
The extent and nature of the risks to internal control associated with IT vary depending on the nature and characteristics of the entity’s information system. The auditor should consider
- whether the entity has responded adequately to the risks arising from IT by establishing effective controls, including effective general controls upon which application controls depend.
- controls over IT systems are effective when they maintain the integrity of information and the security of the data such systems process.
does not matter if controls are manual or automated
Nonroutine transactions
unusual due to size
unusual due to nature
occur infrequently
To understand internal control,
an auditor needs to read or hear a description of the policies and procedures that describe the controls used.
Tests of details (substantive tests), such as performing analytical procedures and test counts, will determine the accuracy of account balances but will do little to help an auditor understand an internal control structure concerning inventory balances.
A change in accounting principle
“is a change from one accounting principle in accordance with the applicable financial reporting framework to another accounting principle in accordance with the applicable financial reporting framework when (1) two or more accounting principles apply or (2) the accounting principle formerly used is no longer in accordance with the applicable financial reporting framework. A change in the method of applying an accounting principle also is considered a change in accounting principle.” (AU-C 708.A4)
Changes in accounting principle having a material effect on the financial statements for an audit require the addition of an Emphasis-of-Matter paragraph in the independent auditor’s report.
EOM is not required for a compilation or a review.
Changes in accounting principles need to be disclosed, but the SSARSs do not directly address any report modifications for them.
Attribute sampling
test compliance with the control
To determine sample size for attribute sampling:
- Reliability level (allowable risk of assessing control risk too low).
- Sampling Table
- Estimate likely Rate of Deviation (population occurrence rate in percent)
- Define maximum Tolerable Deviation Rate.
DRES
The auditor’s overall responses to address the assessed risks of material misstatement at the financial statement level may include the following:
- Emphasizing professional skepticism
- Assigning more experienced staff or specialists
- Providing more supervision
- Incorporating additional elements of unpredictability in the selection of further audit procedures to be performed
The auditor’s SPECIFIC responses to address the assessed risks of material misstatement at the financial statement level may include the following:
substantive responses
further audit procedures
test of controls
The auditor should obtain a sufficient understanding by performing risk assessment procedures to evaluate the design of controls relevant to an audit of financial statements and to determine whether they have been implemented. The auditor should use such knowledge to:
identify types of potential misstatements,
consider factors that affect the risks of material misstatement, and
design tests of controls, when applicable, and substantive procedures.
content of the representation letter
written representations are considered complementary evidence in support of various assertions but not substitutes for other auditing procedures
Audit documentation (working papers)
This documentation:
- to provide the principal support for the auditor’s report and opinion
- to aid the auditor in both the planning and the supervision of the audit
- to assist the audit team in proving that the audit was conducted in accordance with generally accepted auditing standards
Property of the independent auditor and is not attended to assist the company’s management.
Appropriate evidence
Relevant and Reliable.
The auditor’s direct personal knowledge obtained through physical examination, observation, recalculation, reperformance, inspection is more reliable than information obtained indirectly.
external > internal
A U.S. entity prepares its financial statements in conformity with accounting principles generally accepted in another country. These financial statements will be included in the consolidated financial statements of its non-U.S. parent. Before reporting on the financial statements of the U.S. entity, the auditor practicing in the United States should:
obtain written representations from management of the U.S. entity regarding the purpose and uses of the financial statements
On receiving a client’s bank cutoff statement, an auditor most likely would trace:
prior-year checks listed in the cutoff statement to the year-end outstanding checklist.
A cutoff bank statement is a record of transactions for a specific period (less than the full-month reporting period) that is requested by the auditor from the bank.
auditor’s required communication with those charged with governance
include management changes in the application of significant accounting policies
analytical procedures on the client’s operations
Analytical procedures consist of
evaluations of financial information
made by a study of various relationships among both financial and nonfinancial data
to identify unusual transactions, events, amounts, ratios , trends and balances
that may indicate a high level of risk for a material misstatement
analytical procedures help determine where further investigation is warranted
nonfinancial information an auditor considers in performing analytical procedures during the planning phase
analytical procedures are concerned with plausible relationships
generally use data aggregated at a high level
square footage of selling space
to compare retail revenues and expenses to industry figures and prior year performance
analytical procedures in the overall review stage
assist the auditor in
assessing conclusions reached and
in evaluating the overall financial statement presentation.
The results of the review may indicate that additional evidence may be needed.
Analytical review procedures
Substantive tests
designed to evaluate the reasonableness of financial information
example of entity process that facilitates auditor analytical proceures
The use of a standard cost system
that produces variance reports
allows the auditor the opportunity to
compare the output from the standard cost system
with the financial information presented by management
liabilities significantly lower than expected
Purchases and cash payments
affect the liability balance
Sales and cash collections
unlikely to impact liabilities.
increase in the age of accounts receivable
credit terms have been loosened so that customers with less money are able to buy on credit
economic times are bad, so peopletend to pay more slowly and the number of bad accounts goes up
lapping (money from a customer is stolen), money from a second customer is diverted into the account of the first customer and the age longer
if receivables sold (before collected) the age is shorter
Decrease in A/R Turnover
Sales/ Accounts Receivable
a consignment sale recorded as a sale at the time of shipment instead of when the goods are actually sold
Increases both Sales and A/R to decrease ratio
turnover ratio larger:
customers pay quicker
sales figure is increased but not accounts receivable
sales stays the same but accounts receivable goes down
no record is made of this inventory purchase
goods (and the related debt)
cost of goods sold not affected, so gross profit is correct
Inventory and accounts payable are too low
by the same amount
so working capital and current ratio are correct
inventory turnover = COGS/average inventory
average inventory too low
cost of goods sold is correct
inventory turnover too high
Title IV of Sarbanes-Oxley
requires
financial statements reflect all material correcting adjustments
material off-balance-sheet transactions, arrangements, obligations, and other relationships
any pro forma information does not contain untrue statements or omissions of material facts.
Responsibilities of the PCAOB include
- register public accounting firms.
- establish or adopt standards relating to the preparation of audit reports for issuers.
- conduct inspections of registered public accounting firms
- conduct investigations and disciplinary proceedings
- promote high professional standards
6. enforce compliance with: Sarbanes-Oxley Act rules of the PCAOB professional standards securities laws
The Comprehensive Budget Omnibus Reconciliation Act (COBRA)
requires employers to offer former employees continued benefits after they leave a position for a certain period of time
employees are normally responsible for the insurance premiums.
The auditor should communicate with those charged with governance (the audit committee):
the auditor’s responsibilities under generally accepted auditing standards,
an overview of the planned scope and timing of the audit, and
significant findings from the audit.
The significant findings from the audit that should be communicated with audit committee include:
the auditor’s view about qualitative aspects of the entity’s significant accounting practices,
significant difficulties encountered during the audit,
uncorrected misstatements (that are not trivial),
disagreements with management,
other findings or issues that the auditor believes to be significant or relevant to the audit committee’s oversight of the financial reporting process,
material, corrected misstatements that were brought to the attention of management as a result of audit procedures,
representations the auditor is requesting from management,
management’s consultations with other accountants about accounting and auditing matters, and
significant issues arising from the audit that were discussed with management.
the effect of significant mgmt policies in emerging areas without authoritative guidance
internal auditors
work may affect the nature, timing, and extent of the audit, including:
- procedures the auditor performs when obtaining an understanding of the entity’s internal control
- procedures the auditor performs when assessing risk
- substantive procedures the auditor performs
Section 403 of Title IV of the Sarbanes-Oxley Act (SOX)
Disclosures of Transactions Involving Management and Principal Stockholders:
any person directly or indirectly the beneficial owner of more than 10% of any class of any equity security
or is a director or an officer of the issuer
must file statements required by SOX and the SEC.
Section 402 of Title IV of the Sarbanes-Oxley Act (SOX)
Enhanced Conflict of Interest Provisions:
unlawful for any issuer to extend or maintain credit in the form of a personal loan to or for any director or executive officer of that issuer.
Section 404 of Title IV of the Sarbanes-Oxley Act (SOX)
Management Assessment of Internal Controls:
an internal control report must be filed with each annual report
Management must acknowledge responsibility for establishing and maintaining adequate internal control.
Section 406 of Title IV of the Sarbanes-Oxley Act (SOX)
Code of Ethics for Senior Financial Officers:
requires disclosure of whether or not the issuer had adopted a code of ethics for senior financial officers (and if not, why not)
Any change in or waiver of this code requires disclosure as well.
Promote:
- honest/ethical conduct
- full, fair, accurate, timely, understandable disclosures
- compliance with applicable gov’t rules/regs
Controls addressing risks of material misstatements due to fraud and controls identified to address management override should be evaluated. Controls that may address these risks include:
- controls over significant, unusual transactions, particularly those that result in late or unusual journal entries,
- controls over journal entries and adjustments made in the period-end financial reporting process,
- controls over related party transactions,
- controls related to significant accounting estimates, and
- controls that mitigate incentives for, and pressures on, management to falsify or inappropriately manage financial results.
Prior to accepting an initial engagement pursuant to the standards of the PCAOB, a registered public accounting firm must:
- describe, in writing, to the audit committee of the issuer, all relationships between the registered public accounting firm or any affiliates of the firm and the potential audit client or persons in financial reporting oversight roles at the potential audit client that, as of the date of the communication, may reasonably be thought to bear on independence;
- discuss with the audit committee of the issuer the potential effects of the relationships described above on the independence of the registered public accounting firm, should it be appointed the issuer’s auditor; and
- document the substance of its discussion with the audit committee of the issuer.
The disclosure of fraudulent activities to parties other than the client’s senior management and those charged with governance is not ordinarily part of the auditor’s responsibility and would normally not be permitted due to confidentiality. Under certain circumstances, however, the auditor may be required to disclose information to outside parties.
These circumstances could be:
- to comply with legal and regulatory requirements,
- to respond to a successor auditor,
- when subpoenaed, and
- in accordance with grant requirements when clients receive governmental assistance.
Regarding fraud, the auditor should:
- communicate to those charged with governance all fraud involving senior management and fraud that causes a material misstatement (not inconsequential acts),
- report to those charged with governance and management any significant deficiencies due to risks of material misstatement due to fraud, and
- inform the appropriate level of management of evidence that fraud has occurred, even if the matter is inconsequential.
The auditor’s understanding of the entity and its environment consists of an understanding of the following aspects:
Industry, regulatory, and other external factors
Nature of the entity
Objectives and strategies and the related business risks that may result in a material misstatement of the financial statements
Measurement and review of the entity’s financial performance
Internal control, which includes the selection and application of accounting policies
The relevant industry, regulatory, and other external factors include
industry conditions, such as the competitive environment,
supplier and customer relationships, and
technological developments;
the regulatory environment, which encompasses, among other matters,
relevant accounting pronouncements,
the legal and political environment, and
environmental requirements affecting the industry and the entity; and
other external factors, such as
general economic conditions.
According to AU-C 240.17, the auditor should inquire of management about the following regarding fraud:
- Whether management has knowledge of any fraud or suspected fraud affecting the entity
- Whether management has a process for identifying, responding to, and monitoring the risks of fraud in the entity, including any specific risks of fraud that management has identified or that have been brought to its attention
- Management’s communication, if any, to those charged with governance regarding its processes for identifying and responding to the risks of fraud
- Management’s communication, if any, to employees regarding its views on business practices and ethical behavior
Assertions
not techniques for gathering evidence
Techniques for gathering evidence
Inquiry Calculation Confirmation Anaylsis Inspection Comparison
Independence and Compilation
independence not required
disclose (reason not required)
Objective of Compilation
Present representations of Mgmt in the form of FS without offering any assurance
NOT required for Compilation
Inquiry of Mgmt* Analytical Procedures* Assurance (not offered/allowed)* Independence* Mgmt Representation Letter*
Understanding of Internal Control
Assessing Fraud Risk
Testing Accounting Records
*Required for Review
Required for Review
Inquiry of Mgmt (stated)
Analytical Procedures (stated)
Limited Assurance (not aware of Material Modification to comply with GAAP-stated)
Independence
Mgmt Representation Letter
Due Professional Care
General understanding of the nature of entity accounting principles and practices
Required for Compilation
General understanding of the nature of entity operations (accounting principles and practices): Nature of Transactions Form of Accounting Records Stated Qualifications of Acctg Personnel Acctg Basis Form/Content of FS
Special Reports
FS special purpose/not GAAP specified elements, accounts, items (separate engagement, restricted use) compliance w/contracts or regs prescribed forms/schedules condensed FS application of acctg principles letters for UW
Notification of 3P if client refuses to disclose new facts/impact
only if FS misleading
new info, lack of cooperation, report no longer applicable
need not detail specifics of refusal
Standard review report not adequate to indicate deficiencies for departures from GAAP
withdraw from engagement
no further services concerning FS
The most important purpose in an audit of confirmation
Prove that the balance (and the debtor) actually do exist.
Takes considerable time, so performed early in audit unless serious problems are expected
Positive confirmations ask for a response in all cases
Better testing technique than negative confirmations
Used when risk like internal control risk is high
Collection of a balance indicates it did exist and is collectible, so auditors review cash collections in the period right after the end of the year
Using the work of a specialist in an audit
CPAs cannot be expected to have unlimited knowledge on all possible topics.
CPA needs to be well aware of all assumptions and methods used by the specialist in doing the assigned work.
Auditor is not capable of reviewing all the work of the specialist or a specialist would not be needed.
Specialist does not have to be independent but the CPA’s reliance should be guarded if independence is lacking.
Review of the previous audit work papers
is allowed but that cannot be the only procedure carried out to establish the opening balances.
- Quality Control
- Planning and performance
- Audit objective
- QC - leadership, ethical requirements,
acceptance/continuance of clients/engagements, human resources, performance, monitoring. - P&P - Audit risk, materiality, and statistical sampling techniques
- AO - opinion on FS (fairness, in all material respects, the financial position, results of operations, and cash flows in conformity with an applicable financial reporting framework), specific per mgmt assertions, compliance with laws and regulations
mean-per-unit estimation
Statistical/Variables sampling plan
In statistical sampling, quantify relevant factors:
- Variability increases, the sample size must increase
- Risk of Incorrect Acceptance (risk that sample supports conclusion that account balance is not materially misstated when it is materially misstated), increase the size of the sample to reduce
- Nature/Characteristics of population affect sample size
Statistical sampling:
calculate sampling risk quantitatively.
make objective statements about population on the basis of the sample
Professional judgment used to determine the sample size, whether statistical or nonstatistical
existence of related parties
- borrowing or lending on an interest-free basis or significantly above or below market rates,
- selling real estate at a price significantly different from appraised value,
- exchanging property for similar property in a nonmonetary transaction, or
- making loans with no scheduled terms for when or how the funds will be repaid.
Report issued on Significant Deficiencies/Material Weaknesses
relating to an Internal Control
observed during a financial statement Audit
- statement restricting the distribution of the report.
- statement that auditor’s consideration of internal control was to express an opinion on the financial statements and not to provide assurance on the internal control
- statement that the auditor is not expressing an opinion on the effectiveness of internal control;
- statement that the auditor’s consideration of internal control was not designed to identify all deficiencies in internal control that might be significant deficiencies or material weaknesses;
- definitions of material weakness and significant deficiency; and
- identification of matters considered to be significant deficiencies and material weaknesses.
Threats to independence - GAO
Apply Safeguards
Audit engagement for whichthe acceptable levels of both audit risk and materiality are lower,
the auditor will plan more work on individual accounts in order to find Smaller errors.
Analytical procedures have the highest level of evidence when they use direct predictable relationships within financial statements. Example.
The amount of Interest Expense is directly related to balances and rates of interest bearing accounts and notes payable.
Misstatements can be caused by
- Inaccuracy in gathering/processing Data
- Difference in presentation from GAAP
- Omission of FS element, account, or item
- Disclosure that is not in conformity with GAAP
- Omission of a Disclosure required by GAAP
- Incorrect accounting Estimate
- Unreasonable/Inappropriate management Judgment regarding an accounting estimate
A normal distribution
is a bell-shaped curve, with the distribution center at the population mean, and requires only knowing the mean and the standard deviation.
The standard deviation
is used to measure the extent to which the values of the items are spread about the mean.
The mean
is a measure of central tendency obtained by totaling all the values and dividing by the number of items.
Materiality
The determination of materiality requires auditor judgment.
Quantitative - expressed in number terms (the amount of misstatement that would influence the economic decisions of users)
Qualitative - (such as key disclosures or items related to laws and regulations that are less than the material amount)
service auditor procedures
- visiting the service auditor
- discussing the audit procedures and results,
- reviewing the audit programs of the service auditor,
- reviewing the workpapers of the service auditor.
Uses for several processes: review report on controls to obtain understanding of controls in place in the operation of services
A disclaimer of opinion
expression of no opinion. (AU-C 700.03)
A disclaimer of opinion is warranted when
Restrictions on the Scope
of the audit are so severe, whether client imposed or due to other reasons, that the auditors are
unable to obtain Sufficient Appropriate audit Evidence to enable them to form an opinion.
risk of material misstatement
- complexity and subjectivity associated with process,
- availability and reliability of relevant data,
- number and significance of assumptions made, and
- degree of uncertainty associated with assumptions.
Committee of Sponsoring Organizations of the Treadway Commission (COSO) published a follow-up study to its 1987 report entitled Fraudulent Financial Reporting: 1987–1997, An Analysis of U.S. Public Companies
outlining year-end testing procedures including:
A. tests of transaction cutoffs.
B. tests of transaction terms/account valuation for end-of-period accounts.
C. tests to ensure a baseline level of internal control.
Define Appropriateness of Audit Evidence
Competency
both relevant and reliable
assertions about classes of transactions and events for the period under audit
Transactions and events that have been recorded have occurred and pertain to the entity.
Transactions and events have been recorded in the proper accounts.
Amounts and other data related to transactions and events have been recorded appropriately.
rules of the AICPA Code of Professional Conduct must be observed even by a member who is not in public practice
In the performance of
any professional service,
a member shall maintain
- objectivity and integrity,
- shall be free of conflicts of interest, and
- shall not knowingly misrepresent facts or subordinate his or her judgment to others
substantive tests of pricing and extensions of perpetual inventory balances consisting of a large number of items when past experience indicated numerous pricing and extension errors - statistical sampling
Ratio estimation sampling
based on ratios between audited amounts and recorded amounts.
most efficient when the ratio is not equal to one.
numerous usable results that would produce the most precise evaluation
most effective when calculated audit amounts are approximately proportional to the client’s book amounts.
For the accounting firm to continue to provide audit service to the client,
Title II (Independence Rules) Section 203 SOX
states that the lead audit partner must rotate out
Audit Partner Rotation:
at least every five years
to promote independence of the audit firm
Date on reissued report of FS
same as original
acceptability of financial reporting framework
purpose
users
mgmt. determination applicable framework acceptable
mitigating factors (going concern)
asset disposal
borrow money/restructure debt
reduce/delay expenditures
increase ownership equity
documentation of uncorrected misstatements
- the amount below which they are trivial
- all accumulated misstatements and if corrected
- conclusion as to materiality individually or in the aggregate
compilation OCBOA
disclose OCBOA in report
Review predecessor auditor working papers related to
internal control
contingencies
Possible result of violations of auditing and related professional practice standards
disciplinary proceedings by PCAOB
once related party transactions are identified
determine if approved by those charged with governance
report OCBOA
standard audit report
modified opinion for departures from GAAP
additional paragraph regarding conformity with OCBOA
service auditor/auditor’s report
should not be referenced
no division of responsibility since service auditor did not examine client FS
report on supplementary information
Other Matter following Opinion
or Separate Report
client will not allow inquiry of legal counsel
material scope limitation
disclaimer of opinion
compilation documentation
engagement letter
significant findings/issues
communications of noncompliance and/or fraud
CPA firm - entity formation
any form in which CPA’s maintain ownership, rights and professional matters
addressee for auditor report
company that engaged auditor
stockholders, BOD
to express opinion on employee profit participation
must also audit employer FS
registered firms and associated persons independence
during professional and audit engagement period
Obtain a sufficient understanding by
performing risk assessment procedures
to evaluate the design of controls
relevant to an audit of financial statements
and to determine whether they have been implemented to:
- identify types of potential misstatements,
- consider factors that affect the risks of material misstatement, and
- design tests of controls, when applicable, and substantive procedures.
underwriter a comfort letter containing comments on data that have not been audited
negative assurance on compliance as to form
The understanding with the client regarding services to be performed during an engagement includes
that the objective of the audit is the expression of an opinion on the financial statements.
responsibilities of management for:
financial statements,
adjustments to correct material misstatements
establishing and maintaining effective internal control,
ensuring that the entity complies with the laws applicable to its activities,
making all financial records available to the auditor,
providing the auditor with a letter confirming representations made to the auditor during the audit.
auditor’s responsibilities, including:
conducting the audit in accordance with GAAS
obtaining understanding of internal control sufficient to plan the audit and
determine the nature, timing, and extent of the audit procedures
appropriateness of audit evidence
Competency
both relevant and reliable
When obtaining written client representations, materiality limits do not apply to:
Irregularities in financial statements
(intentional misstatements or omissions of amounts or disclosures)
Client representation letter states that there have been no irregularities involving management or employees who have significant roles in the internal control structure.
audit procedures for estimated contingencies
gather sufficient appropriate evidence to provide reasonable assurance that all estimates material to the financial statements have been made—completeness.
consider the consistency of processes and assumptions
understand how the estimates were derived
gather sufficient appropriate evidence to provide reasonable assurance that such estimates are presented in accordance with US GAAP
assess the reasonableness of management’s judgments, which would include the determination of whether a contingency is reasonably possible, probable, or remote
Audits of entities receiving federal financial assistance usually have the following common elements:
Auditors must follow GAAS and GAS
Auditor’s consideration of internal control is to include obtaining and documenting an understanding of internal control established to ensure compliance with the laws and regulations applicable to the federal financial assistance.
Auditor issues a report on the consideration of internal control.
Auditor determines and reports on whether funds are administered in accordance with applicable laws and regulations.
Two types of misstatements are relevant to the auditor’s consideration of fraud-misstatements
Misstatements arising from:
- fraudulent financial reporting
- misappropriation of assets
Communicating significant deficiencies in the design of internal control when reporting under Government Auditing Standards.
to specific legislative and regulatory bodies
Auditor may be engaged to perform which services in relation to Prospective financial statements expected to be used by a third parties.
examination,
compilation, (inquiries re: acctg principles appropriate, or
agreed-upon procedure
If the client refuses to disclose the newly discovered facts and their impact on the financial statements to persons known to be currently using or likely to use the financial statements, all of the following steps should be taken by the accountant:
(a) notification to the client that the accountant’s report must no longer be associated with the financial statements
(b) notification to the regulatory agencies having jurisdiction over the client that the accountant’s report should no longer be used, and
(c) notification to each person known to the accountant to be using the financial statements that the financial statements and the accountant’s report should no longer be used.
quality control requirement under Government Auditing Standards
provide the CPA’s most recent external quality control review report to the party contracting for the audit
unable to obtain audited FS of consolidated investee
material scope limitation
qualified opinion
prepare FS audit for consolidated non US, non GAAP
Either:
modified US style report to comply or
report form of non US country
Communicate to those charged with governance (IFRS)
auditor responsibilities
planned scope and timing
significant timing
auditor independence
UW requests comfort letter
UW must provide required representation letter
otherwise no comfort letter
(another form of letter may be provided)
Entity’s risk assessment process
Entity’s identification, analysis and management of risks relevant to financial statement presentation
Auditor’s risk assessment process
Auditor’s evaluation of the likelihood that material misstatements in FS could occur.
Financial Forecast vs. Projections
Both are prospective
standard forecast report: compilation is limited to information that is the management’s representation and does not include evaluation of the support of the assumptions underlying the forecast
Projections contain one or more hypothetical assumptions
Projections are restricted to limited use only while forecasts may be used for general or restricted use.
Verify Completeness assertion for inventory
Prenumbered receiving reports
Periodically reconciled
Auditor’s required compliance with which standards
All standards (GAAP, GAAS, GAGAS)
Competence, skills, technical knowledge, experience
vouchers payable
match invoice to RR
approve voucher via authorized employee
indicate asset/expense debits (proper classification)
NOT accounting for unused purchase orders and receiving reports
Primary supervisory responsibility of auditor with final responsibility
to explain to staff accountants how results of procedures performed should be evaluated
Reporting on condensed FS
indicate if fairly stated in all material aspects in relation to complete FS
same requirements/guidance as Interim reporting
Section 105 of the Sarbanes-Oxley Act (SOX) dictates that the Public Company Accounting Oversight Board (PCAOB)
may investigate
any act or practice, or omission to act, by a registered public accounting firm that may violate any provision of the Sarbanes-Oxley Act, PCAOB rules, securities laws, and professional standards.
Possible disciplinary actions include:
temporary suspension
permanent revocation of registration
temporary or permanent suspension of persons; temporary or permanent limitation on activities, functions, or operations of the firm;
civil monetary penalties;
censure;
additional professional education or training; and
any other sanction provided for in the PCAOB rules.
PCAOB will strictly sanction intentional or knowing conduct, including reckless conduct, that results in violations and repeat violations.
Engagement letter
objectives of the engagement,
responsibilities of management,
responsibilities of practitioner,
limitations of the engagement,
identification of the applicable financial reporting framework, and
reference to the expected form and content of any reports to be issued by the auditor.
Information about fees and billing may be included but is not required.
The Securities Act of 1933:
is concerned with preventing fraud in securities sales.
An auditor may provide an issuer client any of the following nonaudit services without impairing independence and without obtaining the preapproval of
nonaudit services with revenues in aggregate of less than 5% of the total revenues paid by the issuer to the auditor during the fiscal year in which the nonaudit services are provided
nonaudit services that were promptly brought to the attention of, and approved by, the audit committee prior to the completion of the audit
services that the issuer did not recognize as nonaudit services at the time of the engagement
all nonaudit services, except those that fall under the de minimis exception, need to be preapproved by the audit committee
MAY NOT PROVIDE nonaudit services to perform financial information systems design and implementation
The introductory paragraph contains three important facts
1) It states that an audit was conducted and indicates which financial statements are covered in the financial report;
2) It contains a statement that the financial statements are the responsibility of management; and,
3) It identifies the auditor’s responsibility to express an opinion on the financial statements.
An auditor who performs an audit of a public company must make reference to standards
issued by the Public Company Accounting Oversight Board (PCAOB) in the scope paragraph of the audit report.
Pervasiveness
the extent to which the exception affects different elements of the financial statements.
PCAOB Auditing Standard No. 5 requires
the audit of internal control over financial reporting to be integrated with the audit of the financial statements.
Both disclaimers and adverse opinions are used:
Only when a condition is highly material.
Adverse opinion - financial statements do not present fairly the financial position, results of operation, and cash flows of the client in conformity with U.S. GAAP. (result from very material departures from GAAP
Disclaimers of opinion - in rare circumstances, auditors issue when a material uncertainty affects the financial statement
A material misstatement has been found but it is not so serious as to necessitate an adverse audit opinion.
Thus, the auditor will provide
an opinion
qualification
that indicates that the statements are presented fairly “except for” the problem
difference of opinion between the auditor and the client for which the auditor believed an adjustment to the financial statements should be made
financial statements, including footnotes, fail to disclose information that is required by GAAP - qualified or adverse
qualified - additional paragraph describing the nature of the omitted disclosures, and opinion paragraph includes the phrase “except for the omission of the information discussed in the preceding paragraph.”
statement required in the scope paragraph of a standard report
“An audit also includes
assessing the accounting principles used and
the significant estimates made
by management…”
