MCQs Flashcards
Quality Control - Definition & PCAOB/AICPA
Quality control is a process to provide the firm with reasonable assurance that its personnel comply with the applicable professional standards.
The PCAOB has adopted the AICPA’s quality control standards.
5 quality control elements of a system of quality control
- independence, integrity and objectivity
- personnel management
- acceptance and continuation of clients
- engagement performance
- monitoring
Supervision and Review is a Component of
engagement performance
Basic fundamental concept that underlies the audit process
Risk:
The acceptance by auditors that there is some level of uncertainty in performing the audit function.
Which elements underlie the application of generally accepted auditing standards (particularly the standards of fieldwork and reporting)?
Materiality and Audit Risk
Audit planning involves developing an overall strategy related to collecting and evaluating the Evidence to be obtained.
By testing and understanding Internal Control, the auditors can assess whether it offers assurance that the financial statements will be free from Material errors and fraud.
These assessments enable the auditors to evaluate the Risks of material misstatement of the financial statements.
Three General Standards
TIP
(1) adequate Training and proficiency
(2) Independence of mental attitude
(3) due Professional care
Three Fieldwork Standards
PIE
(1) adequate Planning and supervision
(2) understanding entity/environment incl. Internal control
(3) sufficient appropriate audit Evidence
The auditor’s judgment concerning the overall fairness of the presentation of financial position, results of operations, and changes in cash flow is applied within the framework of
GAAP
Generally Accepted Accounting Principles.
Independence problems - Covered Member, Immediate Family & Close Relatives
The covered member as well as a member of the person’s immediate family (person’s spouse and any dependents):
- cannot have financial interest in the audit client
- can work for the audit client as long as the position is not in a position (such as management) that influences the financial statements
A close relative (parent, sibling, nondependent child) can:
- have a financial interest in an audit client as long as that interest is immaterial to the person
- work for the audit client as long as the position is not in accounting or financial reporting (such as head of payroll accounting)
If the close relative works for the audit firm, the person is not a covered member unless:
- the person works on the engagement team or
- is in a position to influence the members of the engagement team or the audit
Illustration of a liability to clients under common law
client sues auditor for not discovering a theft of assets by an employee
CPA had a duty to perform, which require him/her to exercise ‘due professional care’
the misappropriation of assets by one employee should have been uncovered through an audit program which revealed the lack of separation of duties with regard to the employee
Unmodified audit report for a non-public company
Introductory, paragraph simply identifies the financial statements that were examined.
Other paragraphs outline:
Responsibilities of the parties
Standards that were followed
Nature and scope of an audit
When those charged with governance do not take appropriate remedial action
may consider withdrawal from the engagement, if possible under applicable law/regulation
suspected or identified noncompliance with laws and regulations (initial steps and subsequent procedures)
- understand act/circumstance (consult with mgmt one level above the act, if unsatisfactory info then client arranged consultation with client’s legal counsel)
- evaluate effect on FS
Procedures:
- compare supporting docs with acctg records
- confirm info with third parties
- confirm proper authorization
- apply procedures to identify occurrence of similar transactions
NOT personal misconduct by employees unrelated to business ops
suspected or identified illegal acts (opinion modification, disclosure)
Qualitative - immaterial amount could lead to material
Quantitative - contingencies per noncompliance
Adequacy of disclosure
Implications on reliability of mgmt representations (material)
If material:
- issue qualifiled or adverse depending on materiality
- disclaim if materiality cannot be ascertained due to insufficiency of evidence
- if modifications aren’t accepted, withdraw and communicate reason for w/d in writing to those charged with governance
If immaterial:
- disclose to senior mgmt and those charge with governance
- if no remediation, withdraw
Possible disclosure to third third parties (confidentiality generally precludes, consult with legal counsel):
- under 8K to sec
- under inquires from successor auditor
- under subpoena
- under requirements to funding (governmental) agency
work or findings of specialist
- accept unless determined unreasonable
- additional procedures if materially different than FS assertions
- unresolved, than seek another opinion (still not resolved then issue qualified or disclaimer of opinion)
- only mention specialist if issuing a qualified or adverse opinion AND doing so will assist in understanding the reason for the qualification
Why must opinion pertain to FS taken as a WHOLE?
to prevent misinterpretations regarding degree of auditor’s assumption of responsibility
Client’s rights to working papers (versus work products or or member-prepared records)
Working Papers - belong to member and need not be provided to client unless imposed by state/federal statute, regulations or contractual agreement
Member-prepared records - may only be withheld for fees
Work Products - may be withheld for fees, incompletion, compliance with professional standards, or in light of outstanding litigation (once provided only required to provide again if natural disaster or act of war)
Records and products may be provided in any usable format (if requested exists then provide) and additional fees may be charged.
Requests to change (audit to review/review to compilation)
Reasons:
- change in circumstances
- misunderstanding regarding nature of each engagement type
- restriction on scope (imposed by client or due to circumstances)
Consider:
- reason given, particularly scope limitation implications
- additional effort require to complete original request
- estimated additional cost to complete original request
Do not address change in resulting report
Effect on Ratio of equal decrease in numerator and denominator
If ratio is greater than 1:1, ratio is increased
If ratio is less than 1:1, ratio is decreased
Includes “objective of the engagement”
Auditor’s engagement letter
Negative Assurance
nothing came to our attention that specified matters do not meet specified standards
limited to negative assurance when FS have not been audited
generally not used in opinion on financial statements (never in audit opinion)
used for: comfort letters, special reports, agreed-upon procedures, compliance (laws/regs/contracts)
Procedures required regarding subsequent events (SE)
- read & review interim FS
- inquiries of mgmt/governance re:
a. current status of tentative, preliminary, inconclusive data and
b. any unusual adj since BS date
c. changes in stock, debt, working capital
d. substantial contingent liabilities/commitments - read meeting minutes (SH, BOD, OFF)
- inquiries of legal counsel
- observe SE
- scan records for unusual transactions
- obtain letter of rep on SE
Considerations for Design and Performance of
Further Audit Procedures (responsive to assessed risks of material misstatement RMM at the relevant assertion level)
- significance of risk
- likelihood of material misstatement (MM)
- characteristics of relevant transactions, balance, disclosure
- nature of entity’s specific controls
- whether evidence is expected to determine effectivity of entity controls regarding MM
Restrictions not allowed for Review
Restrictions are not allowed on:
Scope of the Inquiry
Analytical Procedures
Review may be restricted to a single FS like BS
When client presents photocopies in light of misplaced originals
Reevaluate risk of fraud
Design alternative tests for related transactions
Must determine reliability of the internally generated evidence in light of entity controls
Inspect (physically) new additions to PPE
Test management’s assertions of Existence
When comparative FS include prior year by predecessor auditor whose report is not presented
indicate in introductory paragraph of auditor report
include date and type of opinion from predecessor report
not required to obtain representations from predecessor auditor on prior year statements
Exceptions to loans regarding independence of covered members
Grandfathered loans
Auto loans collateralized by auto
Loans collateralized by cash surrender of insurance policy, cash deposits
Credit card or overdraft reserve (current = $10,000 or less)
Not allowed: personal, student, home mortgage
When performing a financial statement audit, auditors are required to explicitly assess the risk of material misstatement due to
Statements on auditing standards, specifically require auditors to assess the risk of material misstatements due to:
fraud
and to consider that assessment in designing the audit procedures to be performed
underlies the application of generally accepted auditing standards, particularly the standards of fieldwork and reporting
materiality and risk
The standards of field work concern evidence accumulation and other activities during the actual conduct of an audit.
It relates to understanding the of the client’s environment which helps the auditor identify significant client business risks and the risk of significant misstatement in the financial statements.
The reporting standards require the auditor to prepare a report on the financial statements, stating whether they are presented in accordance with GAAP.
Decisions about how much and what types of evidence involve making decisions with regard to materiality and risk.
Detection risk & Substantive Procedures
Inversely Related
DR = Risk that the auditor’s procedures will not detect an error in an account when in fact one exists.
Auditor’s assurance that there are no errors in an account balance is increased by the application of substantive procedures (SP), so the auditor’s assessment of detection risk will decrease.
Applying substantive tests as of an interim date rather than as of the year-end potentially increases the risk that misstatements that may exist will not be detected. To decrease detection risk, perform substantive tests at year end.
As the acceptable level of detection risk decreases, the assurance provided from substantive tests should increase, so the amount of audit evidence the auditor accumulates will increase.
Risk Assessment (RA) for financial reporting
RA - identification and analysis of risks relevant to the preparation of financial statements in conformity with GAAP.
Auditor obtains knowledge about management’s risk assessment through procedures performed to obtain an understanding of the Entity and its Environment, including Internal Controls.
Impact on Audit Risk if Inherent Risk or Control Risk is higher than originally anticipated.
Discovery should have no impact on the desired level of Audit Risk
Inherent Risk - the risk that a material misstatement might occur in accounting for a particular account or balance
Control Risk - the risk that a material misstatement that actually occurs will be able to get through the reporting company’s internal control and wind up within the reported financial statements
The two assessments of IR & CR are independent.
Detection Risk - the likelihood that a material misstatement that is created and gets through the internal control systems will also get through the testing by the independent auditor.
If either IR or CR is especially high, then enough substantive testing must be done by the auditor so that DR is reduced to compensate. so that overall audit risk remains unchanged.
IR X CR X DR = AR
Several factors determine the extent to which external users rely on a client’s financial statements
- Concentration of ownership
- Types and amounts of liability
- Client size
Audit Program
A listing of all the things which the auditor will do to gather sufficient, competent evidence
Reliance on the work of another auditor
May choose to do so
Must inquire about their reputation
Contact or visit if necessary to obtain sufficient info
Includes service organizations
Auditor’s concern regarding stock options
proper authorization
trace authorization to BOD vote
If departures from GAAP are discovered in Review of nonissuer
Management should modify FS
If refuse:
modify report to adequately communicate deficiencies
If modification is not sufficient:
withdraw from engagement (cannot just disclaim).
Reporting on Supplementary Information in relation to FS
in relation to FS Whole:
evaluate presentation
is it fairly stated in all material respects
(EOM or separate report)
Restricted and General Use
Restricted use - for one or more specified third parties due to possible misunderstanding when taken out of context for intended use
General use is not restricted to specified parties
Reports in conformity with applicable framework generally aren’t restricted even if OCBOA
Test data and payroll system
discover invalid employee ID numbers
(input invalid numbers to test controls against it)
Tests of approval, check cashing and unclaimed checks tested outside the PR system
Qualified Opinion due to Scope Limitation
insufficiency of evidence
Kiting
When money is moved from one account to another but the deposit and the withdrawal are recorded in different time periods to inflate the amount of cash being reported, the term “kiting” is used to identify that fraud.
The treasurer of a company has stolen $10,000 in cash from the company. At the end of the year, he is afraid that he will be caught so he transfers $10,000 from one company bank account to another. He records the deposit on December 31 of the first year so that $10,000 cash is added. He does not record the withdrawal from the other account until January 1 of the second year. As a result, for one day, the company looks like it has $10,000 more than it really does.
Auditor’s Engagement Letter
- services the auditor will perform
- assistance or restrictions on the audit
- auditor cannot guarantee that all acts of fraud will be discovered
- management is responsible for maintaining effective internal control.
internal controls consist of five interrelated components:
CRIME
- Control activities - policies and procedures that help ensure that management directives are carried out.
- Risk assessment - identification and analysis of relevant risks to achievement of its objectives.
- Information and communication systems - support the identification, capture, and exchange of information in a form and time frame that enable people to carry out their responsibility.
- Monitoring - asseses the quality of internal control performance over time.
- control Environment - sets the tone of the organization.
Procedures for evaluating management identification of accounting estimates that could be material to the financial statements
Assertions embodied in FS
Evaluate information obtained in performing other procedures, such as:
- changes in the entity’s business, operating strategy, industry
- changes in methods of accumulating information
- litigation, claims, assessments, other contingencies
- reading meeting minutes (stockholders, directors, committee)
- regulatory or examination reports, supervisory correspondence, etc. from applicable regulatory agencies
Inquire of management about the existence of circumstances that may indicate the need to make an accounting estimate.
IT application controls.
Input controls
Processing controls
Output controls
IT general controls
- program change controls
- controls that restrict access to programs or data
- controls over the implementation of new releases of packaged software applications
- controls over system software that restrict access to or monitor the use of system utilities that could change financial data or records without leaving an audit trail
Management Representation Letter (Interim?)
Interim: Financial information Internal control Fraud or suspected fraud at the entity Completeness of information Recognition, measurement, and disclosure Related party transactions Subsequent events
Representation letters:
appear on the client’s letterhead
addressed to the auditor
dated as of the date of the auditor’s report
signed by client (responsible officials/president & CFO)
10 generally accepted auditing standards, approved and adopted by the AICPA. Three categories:
(no longer AICPA but PCAOB?)
general standards
standards of fieldwork
standards of reporting
Review Services (SSARS) are not GAAS
A member of a registered public accounting firm that participated on the engagement becomes employed with the client in a significant accounting position (CEO, CFO, controller, CAO, or equivalent position)
Firm is prevented from conducting the audit for a one-year period
The auditor responds to risks of material misstatement due to Fraud in the following three ways:
A response that has an overall effect on how the audit is conducted—that is, a response involving more general considerations apart from the specific procedures otherwise planned
A response to identified risks involving the nature, timing, and extent of the auditing procedures to be performed
A response involving the performance of certain procedures to further address the risk of material misstatement due to fraud involving management override of controls, given the unpredictable ways in which such override could occur
Prior to seeking approval of certain tax services from the audit committee, a registered public accounting firm must:
Describe in writing the scope/fee structure of services
Discuss potential effects on independence
Document substance of the discussion
Public Company Accounting Oversight Board (PCAOB) Rule 3524
SEC Form S-1
Issue new securities
Reasonable assurance regarding professional standards
System of Quality Control
AICPA Statements on QC
Generally Accepted Auditing Standards (GAAS) and Statements on Auditing Standards (SAS)
minimum standards of performance, in exercising due professional care by the auditor, that must be achieved on each audit engagement.
A CPA firm’s quality control procedures pertaining to the acceptance of a prospective audit client would most likely include
Inquiry of third parties, such as the prospective client’s bankers and attorneys, about information regarding the prospective client and its management.
objective of an operational audit
Specific operating units are functioning efficiently and effectively
often performed by internal auditors
Transactions selected for testing are not supported by proper documentation
Auditing standards states that if a condition or circumstance differs adversely from the auditor’s expectation, the auditor needs to consider the reason for such a difference.
consider whether material misstatements exist in an entity’s financial statements
auditor’s responsibility for supplementary information, such as segment information, which is outside the basic financial statements, but required by the FASB
auditor has no responsibility to audit information outside the basic financial statements
has some responsibility regarding such information
extent varies with the nature of the information
Required Supplementary Information (FASB,GASB) - apply certain limited procedures and report deficiencies or omissions
not required to test transaction details and balances for material misstatements
CPA firms registered with the Public Company Accounting Oversight Board (PCAOB) are subject to periodic inspections
inspection process by the PCAOB takes the place of peer review
Firms that audit more than 100 companies are inspected annually
The rest inspected every three years.
In registering with the Public Company Accounting Oversight Board (PCAOB), a CPA firm must provide significant information
- List of all audit clients who issue securities
- Pending criminal actions against the firm
- Annual fees from each client issuer divided between audit and non-audit services.
- List of all accountants participating in the audit of each client that is an issuer of securities.
- Statement on QC policies
MORE 3622.02
Form 8-K
filed with SEC to report significant events that are of interest to public investors. Include:
acquisition or sale of a subsidiary,
a change in officers or directors,
an additional product line,
change in auditors
Early appointment of the auditor
enables a more sufficient audit to be planned
A covered member
- any individual on the audit engagement team,
- anyone who can influence either the engagement or the members of the engagement team,
- the partners in the office in which the engagement is primarily performed.
- any individual that provides ten or more hours of non-attest services to the client
covered members must abide by specific independence rules toward the audit client
independence impaired with respect to client
- Client is behind on its audit fees
- Audit client initiates a lawsuit against the auditor
- Auditor initiates a cross claim against client management
No independence problem:
- covered member receives an unsolicited financial interest, such as the inheritance, if disposes of it within 30 days
- operating leases and claims against clients for immaterial amounts and related to non-audit matters
- suit is not against each other or likely to be
“grandfathered” loan
Failure to make payments on a loan obtained prior to client audit relationship no longer qualifies as a “grandfathered” loan under the AICPA guidelines.
Department of Labor (DOL) guidelines on covered members
sets independence standards for audits of employee benefit programs for US firms
stricter than those of the AICPA
partner in another office not involved is a “covered” if he participates in benefit plan under audit
state board of accountancy
accountants in public practice must adhere to their requirements
may revoke his CPA license (not AICPA)
must
should
may might could
unconditional
presumptively mandatory (document/justify departure)
no requirement
Auditing Statements of Position
issued by the AICPA
interpretive publications for guidance, not auditing standards with requirements for auditors
Public Company Accounting Oversight Board (PCAOB) Auditing Standard No. 7 - Reviewing Partners
must possess the same level of knowledge and competence that would qualify him or her to serve as the audit partner on the engagement under review
provide concurring approval of issuance of the audit report only if not aware of a significant engagement deficiency after conducting review in accordance with professional standards
firm may only allow clients to use the audit report after reviewing auditor provides concurring approval of issuance
during review, focus on evaluating the engagement team’s judgments and related conclusions during the audit
GAO threats to independence
Self Interest (financial/other) Self Review (failure to properly evaluate results) Bias (promote a position) Familiarity (close relationship) Undue Influence Mgmt Participation Structural Threats
Review of pro forma financial info
Include reference to historical financial info (audited or reviewed FS) from which derived
Provided negative assurance regarding pro forma effect of transaction or event to historical FS
SOX 2002, Sec 407 financial expert
understands GAAP & FS
experience in prep or audit of FS
experience with internal accounting controls
understand audit committee functions
Governmental Audit & Internal Control
Reports on IC
Understanding of relevant IC
Determined whether IC placed in operation
Title IV SOX FS requirements
reflect:
all material correcting adjustments
material off-BS items
nothing untrue and no material omissions on pro forma info
required communication with those charged with governance
disagreements with management regardless of whether satisfactorily resolved
10 conditions for agreed-upon procedures
independent
agreed upon w/specified parties
specified parties responsible for sufficiency
include summary of significant assumptions
criteria (suitable/available to specified parties)
agreed upon criteria
expectation of reasonably consistent findings
expected existence of evidence to provide reasonable basis
agreed-upon materiality limits
use restricted to specified parties
Management assertions with regard to financial reporting are made in relation to three broad areas;
(1) transaction-related events;
(2) account-balances; and
(3) presentation and disclosure.
Management makes no assertions about internal control. Assertions about internal control are made when the CPA has been hired to provide a report on internal control.
Public Company Accounting Oversight Board (PCAOB) Rule 3525 requires the registered public accounting firms
- describe in writing the scope of the services,
- discuss potential effects on independence, and
- document the substance of the discussion with the audit committee.
Required Supplementary Information (RSI),
The auditor has an obligation to apply limited procedures to and report deficiencies in the required supplementary information (RSI), as the information is considered by the Government Accounting Standards Board (GASB) to be an essential part of the financial reporting package.
The CPA should
- inquire of management and consider if the information is consistent with the audited financials and other information obtained during the audit.
- consider whether or not the RSI should be covered in the representation letter from management.
There is no need to apply substantive tests of transactions to the supplementary information.
Under Section 11 of the Securities Act of 1933, a CPA who certifies financial statements will not be liable to a purchaser of the security if
he or she can prove due diligence.
Due diligence is the reasonable professional standard of care that would relieve a person of liability under the 1933 Act on a registration statement that contained untrue statements of a material fact or omissions of a material fact.
At the minimum, a compilation documentation should include:
- engagement letter,
- any significant findings or issues, and
- communications regarding noncompliance with laws and regulations and fraud that have come to the accountant’s attention
The auditor’s standard report does not include an expression related to the consistent application of an applicable financial reporting framework if
(a) no change in accounting principles has occurred, or (b) there has been a change in accounting principles or the method of their application, but the effect of the change is not material.
A review does not contemplate
obtaining an understanding of the entity’s internal control;
assessing fraud risk;
testing accounting records by obtaining sufficient appropriate audit evidence through inspection, observation, confirmation, or the examination of source documents;
Materiality
or other procedures ordinarily performed in an audit.
A review engagement under SSARS requires
- analytical procedures
- independence
- limited assurance that there are no Material Modifications that should be made to the financial statements. (not aware of material modifications to conform with GAAP)
When reporting on financial statements of a regulatory entity that are prepared in accordance with the requirements of financial reporting provisions of a government regulatory agency to whose jurisdiction the entity is subject,
the auditor may report on the financial statements as being prepared in accordance with a comprehensive basis of accounting other than generally accepted accounting principles.
Reports of this nature, however, should be issued only if the financial statements are intended solely for filing with one or more regulatory agencies.
AU-C 450.04 defines misstatement as
“a difference between the amount, classification, presentation, or disclosure of a reported financial statement item and the amount, classification, presentation, or disclosure that is required for the item to be presented fairly in accordance with the applicable financial reporting framework.”
(known) and (likely) misstatements.
The extent and nature of the risks to internal control associated with IT vary depending on the nature and characteristics of the entity’s information system. The auditor should consider
- whether the entity has responded adequately to the risks arising from IT by establishing effective controls, including effective general controls upon which application controls depend.
- controls over IT systems are effective when they maintain the integrity of information and the security of the data such systems process.
does not matter if controls are manual or automated
Nonroutine transactions
unusual due to size
unusual due to nature
occur infrequently
To understand internal control,
an auditor needs to read or hear a description of the policies and procedures that describe the controls used.
Tests of details (substantive tests), such as performing analytical procedures and test counts, will determine the accuracy of account balances but will do little to help an auditor understand an internal control structure concerning inventory balances.
A change in accounting principle
“is a change from one accounting principle in accordance with the applicable financial reporting framework to another accounting principle in accordance with the applicable financial reporting framework when (1) two or more accounting principles apply or (2) the accounting principle formerly used is no longer in accordance with the applicable financial reporting framework. A change in the method of applying an accounting principle also is considered a change in accounting principle.” (AU-C 708.A4)
Changes in accounting principle having a material effect on the financial statements for an audit require the addition of an Emphasis-of-Matter paragraph in the independent auditor’s report.
EOM is not required for a compilation or a review.
Changes in accounting principles need to be disclosed, but the SSARSs do not directly address any report modifications for them.
Attribute sampling
test compliance with the control
To determine sample size for attribute sampling:
- Reliability level (allowable risk of assessing control risk too low).
- Sampling Table
- Estimate likely Rate of Deviation (population occurrence rate in percent)
- Define maximum Tolerable Deviation Rate.
DRES
The auditor’s overall responses to address the assessed risks of material misstatement at the financial statement level may include the following:
- Emphasizing professional skepticism
- Assigning more experienced staff or specialists
- Providing more supervision
- Incorporating additional elements of unpredictability in the selection of further audit procedures to be performed
The auditor’s SPECIFIC responses to address the assessed risks of material misstatement at the financial statement level may include the following:
substantive responses
further audit procedures
test of controls
The auditor should obtain a sufficient understanding by performing risk assessment procedures to evaluate the design of controls relevant to an audit of financial statements and to determine whether they have been implemented. The auditor should use such knowledge to:
identify types of potential misstatements,
consider factors that affect the risks of material misstatement, and
design tests of controls, when applicable, and substantive procedures.
content of the representation letter
written representations are considered complementary evidence in support of various assertions but not substitutes for other auditing procedures
Audit documentation (working papers)
This documentation:
- to provide the principal support for the auditor’s report and opinion
- to aid the auditor in both the planning and the supervision of the audit
- to assist the audit team in proving that the audit was conducted in accordance with generally accepted auditing standards
Property of the independent auditor and is not attended to assist the company’s management.
Appropriate evidence
Relevant and Reliable.
The auditor’s direct personal knowledge obtained through physical examination, observation, recalculation, reperformance, inspection is more reliable than information obtained indirectly.
external > internal
A U.S. entity prepares its financial statements in conformity with accounting principles generally accepted in another country. These financial statements will be included in the consolidated financial statements of its non-U.S. parent. Before reporting on the financial statements of the U.S. entity, the auditor practicing in the United States should:
obtain written representations from management of the U.S. entity regarding the purpose and uses of the financial statements
On receiving a client’s bank cutoff statement, an auditor most likely would trace:
prior-year checks listed in the cutoff statement to the year-end outstanding checklist.
A cutoff bank statement is a record of transactions for a specific period (less than the full-month reporting period) that is requested by the auditor from the bank.
auditor’s required communication with those charged with governance
include management changes in the application of significant accounting policies
analytical procedures on the client’s operations
Analytical procedures consist of
evaluations of financial information
made by a study of various relationships among both financial and nonfinancial data
to identify unusual transactions, events, amounts, ratios , trends and balances
that may indicate a high level of risk for a material misstatement
analytical procedures help determine where further investigation is warranted
nonfinancial information an auditor considers in performing analytical procedures during the planning phase
analytical procedures are concerned with plausible relationships
generally use data aggregated at a high level
square footage of selling space
to compare retail revenues and expenses to industry figures and prior year performance
analytical procedures in the overall review stage
assist the auditor in
assessing conclusions reached and
in evaluating the overall financial statement presentation.
The results of the review may indicate that additional evidence may be needed.
Analytical review procedures
Substantive tests
designed to evaluate the reasonableness of financial information
example of entity process that facilitates auditor analytical proceures
The use of a standard cost system
that produces variance reports
allows the auditor the opportunity to
compare the output from the standard cost system
with the financial information presented by management
liabilities significantly lower than expected
Purchases and cash payments
affect the liability balance
Sales and cash collections
unlikely to impact liabilities.
increase in the age of accounts receivable
credit terms have been loosened so that customers with less money are able to buy on credit
economic times are bad, so peopletend to pay more slowly and the number of bad accounts goes up
lapping (money from a customer is stolen), money from a second customer is diverted into the account of the first customer and the age longer
if receivables sold (before collected) the age is shorter
Decrease in A/R Turnover
Sales/ Accounts Receivable
a consignment sale recorded as a sale at the time of shipment instead of when the goods are actually sold
Increases both Sales and A/R to decrease ratio
turnover ratio larger:
customers pay quicker
sales figure is increased but not accounts receivable
sales stays the same but accounts receivable goes down
no record is made of this inventory purchase
goods (and the related debt)
cost of goods sold not affected, so gross profit is correct
Inventory and accounts payable are too low
by the same amount
so working capital and current ratio are correct
inventory turnover = COGS/average inventory
average inventory too low
cost of goods sold is correct
inventory turnover too high
Title IV of Sarbanes-Oxley
requires
financial statements reflect all material correcting adjustments
material off-balance-sheet transactions, arrangements, obligations, and other relationships
any pro forma information does not contain untrue statements or omissions of material facts.
Responsibilities of the PCAOB include
- register public accounting firms.
- establish or adopt standards relating to the preparation of audit reports for issuers.
- conduct inspections of registered public accounting firms
- conduct investigations and disciplinary proceedings
- promote high professional standards
6. enforce compliance with: Sarbanes-Oxley Act rules of the PCAOB professional standards securities laws
The Comprehensive Budget Omnibus Reconciliation Act (COBRA)
requires employers to offer former employees continued benefits after they leave a position for a certain period of time
employees are normally responsible for the insurance premiums.
The auditor should communicate with those charged with governance (the audit committee):
the auditor’s responsibilities under generally accepted auditing standards,
an overview of the planned scope and timing of the audit, and
significant findings from the audit.
The significant findings from the audit that should be communicated with audit committee include:
the auditor’s view about qualitative aspects of the entity’s significant accounting practices,
significant difficulties encountered during the audit,
uncorrected misstatements (that are not trivial),
disagreements with management,
other findings or issues that the auditor believes to be significant or relevant to the audit committee’s oversight of the financial reporting process,
material, corrected misstatements that were brought to the attention of management as a result of audit procedures,
representations the auditor is requesting from management,
management’s consultations with other accountants about accounting and auditing matters, and
significant issues arising from the audit that were discussed with management.
the effect of significant mgmt policies in emerging areas without authoritative guidance
internal auditors
work may affect the nature, timing, and extent of the audit, including:
- procedures the auditor performs when obtaining an understanding of the entity’s internal control
- procedures the auditor performs when assessing risk
- substantive procedures the auditor performs
Section 403 of Title IV of the Sarbanes-Oxley Act (SOX)
Disclosures of Transactions Involving Management and Principal Stockholders:
any person directly or indirectly the beneficial owner of more than 10% of any class of any equity security
or is a director or an officer of the issuer
must file statements required by SOX and the SEC.
Section 402 of Title IV of the Sarbanes-Oxley Act (SOX)
Enhanced Conflict of Interest Provisions:
unlawful for any issuer to extend or maintain credit in the form of a personal loan to or for any director or executive officer of that issuer.
Section 404 of Title IV of the Sarbanes-Oxley Act (SOX)
Management Assessment of Internal Controls:
an internal control report must be filed with each annual report
Management must acknowledge responsibility for establishing and maintaining adequate internal control.
Section 406 of Title IV of the Sarbanes-Oxley Act (SOX)
Code of Ethics for Senior Financial Officers:
requires disclosure of whether or not the issuer had adopted a code of ethics for senior financial officers (and if not, why not)
Any change in or waiver of this code requires disclosure as well.
Promote:
- honest/ethical conduct
- full, fair, accurate, timely, understandable disclosures
- compliance with applicable gov’t rules/regs
Controls addressing risks of material misstatements due to fraud and controls identified to address management override should be evaluated. Controls that may address these risks include:
- controls over significant, unusual transactions, particularly those that result in late or unusual journal entries,
- controls over journal entries and adjustments made in the period-end financial reporting process,
- controls over related party transactions,
- controls related to significant accounting estimates, and
- controls that mitigate incentives for, and pressures on, management to falsify or inappropriately manage financial results.
Prior to accepting an initial engagement pursuant to the standards of the PCAOB, a registered public accounting firm must:
- describe, in writing, to the audit committee of the issuer, all relationships between the registered public accounting firm or any affiliates of the firm and the potential audit client or persons in financial reporting oversight roles at the potential audit client that, as of the date of the communication, may reasonably be thought to bear on independence;
- discuss with the audit committee of the issuer the potential effects of the relationships described above on the independence of the registered public accounting firm, should it be appointed the issuer’s auditor; and
- document the substance of its discussion with the audit committee of the issuer.
The disclosure of fraudulent activities to parties other than the client’s senior management and those charged with governance is not ordinarily part of the auditor’s responsibility and would normally not be permitted due to confidentiality. Under certain circumstances, however, the auditor may be required to disclose information to outside parties.
These circumstances could be:
- to comply with legal and regulatory requirements,
- to respond to a successor auditor,
- when subpoenaed, and
- in accordance with grant requirements when clients receive governmental assistance.
Regarding fraud, the auditor should:
- communicate to those charged with governance all fraud involving senior management and fraud that causes a material misstatement (not inconsequential acts),
- report to those charged with governance and management any significant deficiencies due to risks of material misstatement due to fraud, and
- inform the appropriate level of management of evidence that fraud has occurred, even if the matter is inconsequential.
The auditor’s understanding of the entity and its environment consists of an understanding of the following aspects:
Industry, regulatory, and other external factors
Nature of the entity
Objectives and strategies and the related business risks that may result in a material misstatement of the financial statements
Measurement and review of the entity’s financial performance
Internal control, which includes the selection and application of accounting policies
The relevant industry, regulatory, and other external factors include
industry conditions, such as the competitive environment,
supplier and customer relationships, and
technological developments;
the regulatory environment, which encompasses, among other matters,
relevant accounting pronouncements,
the legal and political environment, and
environmental requirements affecting the industry and the entity; and
other external factors, such as
general economic conditions.
According to AU-C 240.17, the auditor should inquire of management about the following regarding fraud:
- Whether management has knowledge of any fraud or suspected fraud affecting the entity
- Whether management has a process for identifying, responding to, and monitoring the risks of fraud in the entity, including any specific risks of fraud that management has identified or that have been brought to its attention
- Management’s communication, if any, to those charged with governance regarding its processes for identifying and responding to the risks of fraud
- Management’s communication, if any, to employees regarding its views on business practices and ethical behavior
Assertions
not techniques for gathering evidence
Techniques for gathering evidence
Inquiry Calculation Confirmation Anaylsis Inspection Comparison
Independence and Compilation
independence not required
disclose (reason not required)
Objective of Compilation
Present representations of Mgmt in the form of FS without offering any assurance
NOT required for Compilation
Inquiry of Mgmt* Analytical Procedures* Assurance (not offered/allowed)* Independence* Mgmt Representation Letter*
Understanding of Internal Control
Assessing Fraud Risk
Testing Accounting Records
*Required for Review
Required for Review
Inquiry of Mgmt (stated)
Analytical Procedures (stated)
Limited Assurance (not aware of Material Modification to comply with GAAP-stated)
Independence
Mgmt Representation Letter
Due Professional Care
General understanding of the nature of entity accounting principles and practices
Required for Compilation
General understanding of the nature of entity operations (accounting principles and practices): Nature of Transactions Form of Accounting Records Stated Qualifications of Acctg Personnel Acctg Basis Form/Content of FS
Special Reports
FS special purpose/not GAAP specified elements, accounts, items (separate engagement, restricted use) compliance w/contracts or regs prescribed forms/schedules condensed FS application of acctg principles letters for UW
Notification of 3P if client refuses to disclose new facts/impact
only if FS misleading
new info, lack of cooperation, report no longer applicable
need not detail specifics of refusal
Standard review report not adequate to indicate deficiencies for departures from GAAP
withdraw from engagement
no further services concerning FS
The most important purpose in an audit of confirmation
Prove that the balance (and the debtor) actually do exist.
Takes considerable time, so performed early in audit unless serious problems are expected
Positive confirmations ask for a response in all cases
Better testing technique than negative confirmations
Used when risk like internal control risk is high
Collection of a balance indicates it did exist and is collectible, so auditors review cash collections in the period right after the end of the year
Using the work of a specialist in an audit
CPAs cannot be expected to have unlimited knowledge on all possible topics.
CPA needs to be well aware of all assumptions and methods used by the specialist in doing the assigned work.
Auditor is not capable of reviewing all the work of the specialist or a specialist would not be needed.
Specialist does not have to be independent but the CPA’s reliance should be guarded if independence is lacking.
Review of the previous audit work papers
is allowed but that cannot be the only procedure carried out to establish the opening balances.
- Quality Control
- Planning and performance
- Audit objective
- QC - leadership, ethical requirements,
acceptance/continuance of clients/engagements, human resources, performance, monitoring. - P&P - Audit risk, materiality, and statistical sampling techniques
- AO - opinion on FS (fairness, in all material respects, the financial position, results of operations, and cash flows in conformity with an applicable financial reporting framework), specific per mgmt assertions, compliance with laws and regulations
mean-per-unit estimation
Statistical/Variables sampling plan
In statistical sampling, quantify relevant factors:
- Variability increases, the sample size must increase
- Risk of Incorrect Acceptance (risk that sample supports conclusion that account balance is not materially misstated when it is materially misstated), increase the size of the sample to reduce
- Nature/Characteristics of population affect sample size
Statistical sampling:
calculate sampling risk quantitatively.
make objective statements about population on the basis of the sample
Professional judgment used to determine the sample size, whether statistical or nonstatistical
existence of related parties
- borrowing or lending on an interest-free basis or significantly above or below market rates,
- selling real estate at a price significantly different from appraised value,
- exchanging property for similar property in a nonmonetary transaction, or
- making loans with no scheduled terms for when or how the funds will be repaid.
Report issued on Significant Deficiencies/Material Weaknesses
relating to an Internal Control
observed during a financial statement Audit
- statement restricting the distribution of the report.
- statement that auditor’s consideration of internal control was to express an opinion on the financial statements and not to provide assurance on the internal control
- statement that the auditor is not expressing an opinion on the effectiveness of internal control;
- statement that the auditor’s consideration of internal control was not designed to identify all deficiencies in internal control that might be significant deficiencies or material weaknesses;
- definitions of material weakness and significant deficiency; and
- identification of matters considered to be significant deficiencies and material weaknesses.
Threats to independence - GAO
Apply Safeguards
Audit engagement for whichthe acceptable levels of both audit risk and materiality are lower,
the auditor will plan more work on individual accounts in order to find Smaller errors.
Analytical procedures have the highest level of evidence when they use direct predictable relationships within financial statements. Example.
The amount of Interest Expense is directly related to balances and rates of interest bearing accounts and notes payable.
Misstatements can be caused by
- Inaccuracy in gathering/processing Data
- Difference in presentation from GAAP
- Omission of FS element, account, or item
- Disclosure that is not in conformity with GAAP
- Omission of a Disclosure required by GAAP
- Incorrect accounting Estimate
- Unreasonable/Inappropriate management Judgment regarding an accounting estimate
A normal distribution
is a bell-shaped curve, with the distribution center at the population mean, and requires only knowing the mean and the standard deviation.
The standard deviation
is used to measure the extent to which the values of the items are spread about the mean.
The mean
is a measure of central tendency obtained by totaling all the values and dividing by the number of items.
Materiality
The determination of materiality requires auditor judgment.
Quantitative - expressed in number terms (the amount of misstatement that would influence the economic decisions of users)
Qualitative - (such as key disclosures or items related to laws and regulations that are less than the material amount)
service auditor procedures
- visiting the service auditor
- discussing the audit procedures and results,
- reviewing the audit programs of the service auditor,
- reviewing the workpapers of the service auditor.
Uses for several processes: review report on controls to obtain understanding of controls in place in the operation of services
A disclaimer of opinion
expression of no opinion. (AU-C 700.03)
A disclaimer of opinion is warranted when
Restrictions on the Scope
of the audit are so severe, whether client imposed or due to other reasons, that the auditors are
unable to obtain Sufficient Appropriate audit Evidence to enable them to form an opinion.
risk of material misstatement
- complexity and subjectivity associated with process,
- availability and reliability of relevant data,
- number and significance of assumptions made, and
- degree of uncertainty associated with assumptions.
Committee of Sponsoring Organizations of the Treadway Commission (COSO) published a follow-up study to its 1987 report entitled Fraudulent Financial Reporting: 1987–1997, An Analysis of U.S. Public Companies
outlining year-end testing procedures including:
A. tests of transaction cutoffs.
B. tests of transaction terms/account valuation for end-of-period accounts.
C. tests to ensure a baseline level of internal control.
Define Appropriateness of Audit Evidence
Competency
both relevant and reliable
assertions about classes of transactions and events for the period under audit
Transactions and events that have been recorded have occurred and pertain to the entity.
Transactions and events have been recorded in the proper accounts.
Amounts and other data related to transactions and events have been recorded appropriately.
rules of the AICPA Code of Professional Conduct must be observed even by a member who is not in public practice
In the performance of
any professional service,
a member shall maintain
- objectivity and integrity,
- shall be free of conflicts of interest, and
- shall not knowingly misrepresent facts or subordinate his or her judgment to others
substantive tests of pricing and extensions of perpetual inventory balances consisting of a large number of items when past experience indicated numerous pricing and extension errors - statistical sampling
Ratio estimation sampling
based on ratios between audited amounts and recorded amounts.
most efficient when the ratio is not equal to one.
numerous usable results that would produce the most precise evaluation
most effective when calculated audit amounts are approximately proportional to the client’s book amounts.
For the accounting firm to continue to provide audit service to the client,
Title II (Independence Rules) Section 203 SOX
states that the lead audit partner must rotate out
Audit Partner Rotation:
at least every five years
to promote independence of the audit firm
Date on reissued report of FS
same as original
acceptability of financial reporting framework
purpose
users
mgmt. determination applicable framework acceptable
mitigating factors (going concern)
asset disposal
borrow money/restructure debt
reduce/delay expenditures
increase ownership equity
documentation of uncorrected misstatements
- the amount below which they are trivial
- all accumulated misstatements and if corrected
- conclusion as to materiality individually or in the aggregate
compilation OCBOA
disclose OCBOA in report
Review predecessor auditor working papers related to
internal control
contingencies
Possible result of violations of auditing and related professional practice standards
disciplinary proceedings by PCAOB
once related party transactions are identified
determine if approved by those charged with governance
report OCBOA
standard audit report
modified opinion for departures from GAAP
additional paragraph regarding conformity with OCBOA
service auditor/auditor’s report
should not be referenced
no division of responsibility since service auditor did not examine client FS
report on supplementary information
Other Matter following Opinion
or Separate Report
client will not allow inquiry of legal counsel
material scope limitation
disclaimer of opinion
compilation documentation
engagement letter
significant findings/issues
communications of noncompliance and/or fraud
CPA firm - entity formation
any form in which CPA’s maintain ownership, rights and professional matters
addressee for auditor report
company that engaged auditor
stockholders, BOD
to express opinion on employee profit participation
must also audit employer FS
registered firms and associated persons independence
during professional and audit engagement period
Obtain a sufficient understanding by
performing risk assessment procedures
to evaluate the design of controls
relevant to an audit of financial statements
and to determine whether they have been implemented to:
- identify types of potential misstatements,
- consider factors that affect the risks of material misstatement, and
- design tests of controls, when applicable, and substantive procedures.
underwriter a comfort letter containing comments on data that have not been audited
negative assurance on compliance as to form
The understanding with the client regarding services to be performed during an engagement includes
that the objective of the audit is the expression of an opinion on the financial statements.
responsibilities of management for:
financial statements,
adjustments to correct material misstatements
establishing and maintaining effective internal control,
ensuring that the entity complies with the laws applicable to its activities,
making all financial records available to the auditor,
providing the auditor with a letter confirming representations made to the auditor during the audit.
auditor’s responsibilities, including:
conducting the audit in accordance with GAAS
obtaining understanding of internal control sufficient to plan the audit and
determine the nature, timing, and extent of the audit procedures
appropriateness of audit evidence
Competency
both relevant and reliable
When obtaining written client representations, materiality limits do not apply to:
Irregularities in financial statements
(intentional misstatements or omissions of amounts or disclosures)
Client representation letter states that there have been no irregularities involving management or employees who have significant roles in the internal control structure.
audit procedures for estimated contingencies
gather sufficient appropriate evidence to provide reasonable assurance that all estimates material to the financial statements have been made—completeness.
consider the consistency of processes and assumptions
understand how the estimates were derived
gather sufficient appropriate evidence to provide reasonable assurance that such estimates are presented in accordance with US GAAP
assess the reasonableness of management’s judgments, which would include the determination of whether a contingency is reasonably possible, probable, or remote
Audits of entities receiving federal financial assistance usually have the following common elements:
Auditors must follow GAAS and GAS
Auditor’s consideration of internal control is to include obtaining and documenting an understanding of internal control established to ensure compliance with the laws and regulations applicable to the federal financial assistance.
Auditor issues a report on the consideration of internal control.
Auditor determines and reports on whether funds are administered in accordance with applicable laws and regulations.
Two types of misstatements are relevant to the auditor’s consideration of fraud-misstatements
Misstatements arising from:
- fraudulent financial reporting
- misappropriation of assets
Communicating significant deficiencies in the design of internal control when reporting under Government Auditing Standards.
to specific legislative and regulatory bodies
Auditor may be engaged to perform which services in relation to Prospective financial statements expected to be used by a third parties.
examination,
compilation, (inquiries re: acctg principles appropriate, or
agreed-upon procedure
If the client refuses to disclose the newly discovered facts and their impact on the financial statements to persons known to be currently using or likely to use the financial statements, all of the following steps should be taken by the accountant:
(a) notification to the client that the accountant’s report must no longer be associated with the financial statements
(b) notification to the regulatory agencies having jurisdiction over the client that the accountant’s report should no longer be used, and
(c) notification to each person known to the accountant to be using the financial statements that the financial statements and the accountant’s report should no longer be used.
quality control requirement under Government Auditing Standards
provide the CPA’s most recent external quality control review report to the party contracting for the audit
unable to obtain audited FS of consolidated investee
material scope limitation
qualified opinion
prepare FS audit for consolidated non US, non GAAP
Either:
modified US style report to comply or
report form of non US country
Communicate to those charged with governance (IFRS)
auditor responsibilities
planned scope and timing
significant timing
auditor independence
UW requests comfort letter
UW must provide required representation letter
otherwise no comfort letter
(another form of letter may be provided)
Entity’s risk assessment process
Entity’s identification, analysis and management of risks relevant to financial statement presentation
Auditor’s risk assessment process
Auditor’s evaluation of the likelihood that material misstatements in FS could occur.
Financial Forecast vs. Projections
Both are prospective
standard forecast report: compilation is limited to information that is the management’s representation and does not include evaluation of the support of the assumptions underlying the forecast
Projections contain one or more hypothetical assumptions
Projections are restricted to limited use only while forecasts may be used for general or restricted use.
Verify Completeness assertion for inventory
Prenumbered receiving reports
Periodically reconciled
Auditor’s required compliance with which standards
All standards (GAAP, GAAS, GAGAS)
Competence, skills, technical knowledge, experience
vouchers payable
match invoice to RR
approve voucher via authorized employee
indicate asset/expense debits (proper classification)
NOT accounting for unused purchase orders and receiving reports
Primary supervisory responsibility of auditor with final responsibility
to explain to staff accountants how results of procedures performed should be evaluated
Reporting on condensed FS
indicate if fairly stated in all material aspects in relation to complete FS
same requirements/guidance as Interim reporting
Section 105 of the Sarbanes-Oxley Act (SOX) dictates that the Public Company Accounting Oversight Board (PCAOB)
may investigate
any act or practice, or omission to act, by a registered public accounting firm that may violate any provision of the Sarbanes-Oxley Act, PCAOB rules, securities laws, and professional standards.
Possible disciplinary actions include:
temporary suspension
permanent revocation of registration
temporary or permanent suspension of persons; temporary or permanent limitation on activities, functions, or operations of the firm;
civil monetary penalties;
censure;
additional professional education or training; and
any other sanction provided for in the PCAOB rules.
PCAOB will strictly sanction intentional or knowing conduct, including reckless conduct, that results in violations and repeat violations.
Engagement letter
objectives of the engagement,
responsibilities of management,
responsibilities of practitioner,
limitations of the engagement,
identification of the applicable financial reporting framework, and
reference to the expected form and content of any reports to be issued by the auditor.
Information about fees and billing may be included but is not required.
The Securities Act of 1933:
is concerned with preventing fraud in securities sales.
An auditor may provide an issuer client any of the following nonaudit services without impairing independence and without obtaining the preapproval of
nonaudit services with revenues in aggregate of less than 5% of the total revenues paid by the issuer to the auditor during the fiscal year in which the nonaudit services are provided
nonaudit services that were promptly brought to the attention of, and approved by, the audit committee prior to the completion of the audit
services that the issuer did not recognize as nonaudit services at the time of the engagement
all nonaudit services, except those that fall under the de minimis exception, need to be preapproved by the audit committee
MAY NOT PROVIDE nonaudit services to perform financial information systems design and implementation
The introductory paragraph contains three important facts
1) It states that an audit was conducted and indicates which financial statements are covered in the financial report;
2) It contains a statement that the financial statements are the responsibility of management; and,
3) It identifies the auditor’s responsibility to express an opinion on the financial statements.
An auditor who performs an audit of a public company must make reference to standards
issued by the Public Company Accounting Oversight Board (PCAOB) in the scope paragraph of the audit report.
Pervasiveness
the extent to which the exception affects different elements of the financial statements.
PCAOB Auditing Standard No. 5 requires
the audit of internal control over financial reporting to be integrated with the audit of the financial statements.
Both disclaimers and adverse opinions are used:
Only when a condition is highly material.
Adverse opinion - financial statements do not present fairly the financial position, results of operation, and cash flows of the client in conformity with U.S. GAAP. (result from very material departures from GAAP
Disclaimers of opinion - in rare circumstances, auditors issue when a material uncertainty affects the financial statement
A material misstatement has been found but it is not so serious as to necessitate an adverse audit opinion.
Thus, the auditor will provide
an opinion
qualification
that indicates that the statements are presented fairly “except for” the problem
difference of opinion between the auditor and the client for which the auditor believed an adjustment to the financial statements should be made
financial statements, including footnotes, fail to disclose information that is required by GAAP - qualified or adverse
qualified - additional paragraph describing the nature of the omitted disclosures, and opinion paragraph includes the phrase “except for the omission of the information discussed in the preceding paragraph.”
statement required in the scope paragraph of a standard report
“An audit also includes
assessing the accounting principles used and
the significant estimates made
by management…”
Date on separate reports based on audits of an issuing company’s internal control over financial reporting and its financial statements.
last day of audit responsibility for the CPA.
the last day of field work is used for all audit work whether it is on the financial statements or the internal control
A company issues audited financial statements under circumstances which require the presentation of a statement of cash flows but refuses to present a statement of cash flows
statement of cash flows is required by U.S. GAAP
omission results in a qualified opinion
omission of a disclosure (normally auditor must provide)
entire statement - auditor not required to create
information provided is not wrong as a result of the omission, so an adverse opinion cannot be given
basic financial statements
- balance sheet, and
statements of:
- income,
- retained earnings, and
- cash flows
A CPA firm is associated with the financial statements of a company but is not independent.
A disclaimer of opinion is issued that states that the firm is not independent and, therefore, has no opinion.
The audit report for a company that has publicly traded shares (sometimes known as an “issuer”) has several paragraphs.
The first is the introductory paragraph which identifies the financial statements being audited and discloses the responsibilities of both the management and the independent auditor.
The second paragraph is the scope paragraph which outlines the work performed by the independent auditor. (planning and performing the audit to obtain reasonable assurance, examining evidence supporting amounts and disclosures, and assessing the accounting principles)
The third paragraph is the opinion paragraph which provides the level of assurance being given by the auditor.
CPA is aware of a material misstatement, but an audit has not been performed, no opinion can be given.
The nature and extent of the problem must be described in the report and then a disclaimer is rendered.
Auditor looks at evidence on a test basis.
items are studied in samples
size of these samples is sufficient to be able to provide the reasonable assurance
preparing an unmodified audit report for a company that is privately-held. To whom should the report be addressed:
primary users of the report
board of directors and the stockholders
The audit report for a nonissuer must have headings to indicate the purpose of each section and they include
Management’s Responsibility for the Financial Statements
Auditor’s Responsibility, and Opinion
“Our responsibility is to express an opinion on these financial statements based on our audit.” appears where (public, nonpublic)
The Public Company Accounting Oversight Board sets the standards for public companies and has maintained the traditional audit report where the auditor’s responsibility is stated at the end of the first paragraph.
The Auditing Standards Board sets standards for nonpublic companies and has created a new standard report where the auditor’s responsibilities are spelled out at the beginning of the third paragraph.
“the acceptable level of detection risk increases.”
more reliance on the entity’s internal control
requires less assurance from substantive testing
allows the nature, timing, and extent of substantive tests to be lessened
timing of substantive tests could be shifted from year-end to an interim date.
Section 103 of SOX Title I, “Auditing, Quality Control, and Independence Standards and Rules,”
(PCAOB) has the authority to set, amend, update, and modify auditing, quality control, and ethics standards.
When there is a departure from GAAP,
the auditor must decide whether to issue either a qualified opinion or an adverse opinion.
Unexpected relationships still exist at the review stages of an audit
additional tests of details are required
understanding of control activities
utilized to determine areas that need attention
establish quality control policies to provide assurance related to agreed-upon procedures engagements - Standards for Attestation Engagements (SSAE),
independent from the client and other specified parties
an auditor can verify the reliable operation of programmed controls by:
manually comparing detail transaction files used by an edit program to the program’s generated error listings to determine that errors were properly identified by the edit program.
constructing a processing system for accounting applications and processing actual data from throughout the period through both the client’s program and the auditor’s program.
periodically submitting auditor-prepared test data to the same computer process and evaluating the results.
CANNOT manually re-perform, as of a point in time, the processing of input data and compare the simulated results to the actual results.
Obtain sufficient knowledge of the communication component to understand how the entity communicates financial reporting roles and responsibilities and significant matters relating to financial reporting.
This component of internal control involves communication:
- with personnel regarding their roles and responsibilities in the internal control structure,
- with personnel about how their activities in the financial reporting system relate to others,
- with personnel about how and to whom to report financial reporting exceptions, and
- between management and those charged with governance, as well as third parties such as regulatory authorities.
allowance for sampling risk
the difference between
the upper precision limit and
the sample deviation rate
Requirements of GAGAS
The Government Accountability Office (GAO) requires auditors who spend 20% or more of their time performing government audits to have 80 hours of CPE every two years directly related to government auditing (also called “Yellow Book” hours).
A firm must have a system of quality control in place to assure compliance with professional standards and legal and ethical requirements.
The quality control system should address, among other areas, human resources policies and procedures.
An external peer review is required at least once every three years.
The risk of material misstatement of accounting estimates increases with increases in the:
- complexity and subjectivity of the estimation process,
- lack of availability and reliability of relevant data,
- number and significance of the assumptions that are made, and
- degree of uncertainty associated with the assumptions.
The primary responsibility for the prevention and detection of fraud
is given primarily to those charged with governance and management.
Management, with the oversight of those charged with governance, must place an emphasis on fraud prevention.
The internal auditor’s responsibility comes into play for the detection of fraud, not its prevention.
AU-C 210.09
states that the auditor should establish an understanding with the client regarding the services to be performed for each engagement and should document the understanding through a written communication with the client.
AU-C 210.10
states that these matters should be communicated in the form of an engagement letter.
AU-C 315.33
states that the auditor should document the significant risks identified and related controls evaluated.
Single Audit Act Amendments of 1996,
Under the “percentage of coverage rule”, select and test major programs (account for at least 50% of the federal funding spent by that entity)
When an entity qualifies as low risk, the scope of audits under the “percentage of coverage” can be reduced to as low as 25% of the federal funding spent by the entity.
auditor considers materiality in relation to each major federal financial assistance program
consider the nature of the noncompliance and the amount affected by the noncompliance in relation to the nature and amount of the major federal financial assistance program under audit
permanent workpaper files
items that remain relatively unchanged year to year
includes analysis of capital stock and owner’s equity
Predecessor auditor reissues compilation
- read current FS and successor’s current year report
- compare prior to current
- obtain letter regarding any material matter he is aware of regarding prior
Date on audit report
no earlier than date of sufficient evidence
(no longer last date of fieldwork)
close to report release date
Engagement to audit only one FS
acceptable
limited reporting objectives
(access to all information underlying all basic FS?)
SOX 201
Services outside scope of auditors:
- bookkeeping
- financial information system design
- appraisal/valuation/fairness/contribution-in-kind
- actuarial
- internal audit
- mgmt/hr
- broker/dealer, investment advisor/banking
- legal/expert
- others by reg
Tax planning is allowed
SOX 202
Preapproval Requirements
audit/nonaudit services
by audit committee
approval waiver if ALL are true:
total annual rev <= 5% total rev issuer pd to auditor
not recognized as nonaudit at engagement
promptly approved
auditor lacks independence
no opinion may be expressed
disclaim
FASB and material departures from GAAP
not allowed under any circumstances
must modify opinion
still allowable under GASB and FASAB
(justified = unmodified/explanatory paragraph)
Management refusal to acknowledge responsibility for fair presentation of FS in conformity with GAAP
Scope limitation
Sufficient to preclude unmodified opinion
Must modify (qualified/adverse)
Qualified opinion resulting from scope limitation
explanatory paragraph preceding opinion paragraph
reference explanatory paragraph in scope and opinion paragraph
attorney’s response
limited to matters to which attorney has given substantive attention in the form of legal representation
Substantial client-imposed scope restrictions
disclaimer of opinion when materiality is in question
Report on Agreed-Upon Procedures
- statement on restriction for use by specified parties
- disclaimer on sufficiency of procedures (responsibility of specified parties)
- not an examination so no opinion
Independence & GAS
- conceptual framework
- guidance for audit orgs located w/in audited entity
- nonaudit requirements
- guidance on documentation
responsibilities for specialist
- obtain understanding of methods/assumptions
- tests of data per control risk assessment
- evaluate findings and support of FS assertions
OCBOA and Review
permissible
review report communicates use of OCBOA
FS include:
- description of OCBOA (summary of sig policies, differences from GAAP)
- disclosures
Mgmt does not need to justify use of OCBOA in rep letter
Risk Assessment prodecures
obtain audit evidence re design/implementation of controls:
Inquiry (not sufficient on its own)
Observation
Inspection
Tracing
going concern
Auditing standards require that the auditor evaluate whether a substantial doubt exists about the client’s ability to continue as a going concern for a period of time not to exceed one year from the date of the financial statements being audited.
If that degree of uncertainty exists, a qualified opinion is not appropriate. Instead, an extra paragraph is added after the opinion paragraph to alert readers to the problem.
Auditors are not required to perform procedures specifically designed to test the going concern assumption.
If entity’s disclosures regarding its ability to continue as a going concern are inadequate, misleading, or depart from U.S. GAAP, a qualified or adverse opinion should be issued.
indicators of going concern issues
recurring operating losses,
working capital deficiencies,
negative cash flows from operating activities, and/or
adverse key financial ratios
information about litigation, claims, and assessments that could possibly cause the entity to cease to exist
denial of usual trade credit from suppliers
Auditor, as a result of the report or findings of a specialist, decides to add explanatory language to the auditor’s report regarding a going concern issue,
may refer to and identify the specialist in that auditor’s report.
Substantial doubt about the entity’s ability to continue as a going concern. Auditor’s considerations relating to management’s plans for dealing with the adverse effects
plans to dispose of assets,
reduce expenditures,
restructure debt, and
increase ownership equity
If EOM, extra paragraph is added at the end of the audit report to emphasize a matter of importance,
no related change is made in the wording of any of the other three paragraphs
EOM vs OM
emphasis-of-a-matter - information about some aspect of the financial information included within the statements.
other-matter - information about some aspect of the financial information that is not explicitly included in the financial statements
examples of nonroutine or nonsystemic transactions
intercompany transactions
large revenue transactions at period-end
may indicate a risk of material misstatement
planning an integrated audit, the auditor should evaluate the following matters:
Prior knowledge of the company’s internal control
Industry reporting, economic, laws/regs, tech changes
Business organization, operating characteristics, capital
Extent of any recent company, operations, or IC changes
Preliminary judgments about materiality, risk
Control deficiencies previously communicated
Legal or regulatory matters of which company is aware
Type and extent of available evidence
Preliminary judgments about effectiveness of IC
Relevant public information
Risks evaluated as part of client acceptance/retention
Relative complexity of the company’s operations
Entity-level controls include:
controls related to the control environment,
controls over management override,
the company’s risk assessment process,
centralized processing/controls (shared service enviro),
controls to monitor results of operations,
controls to monitor controls, internal audit, committee,
controls over the period-end financial reporting process,
policies that address sig business control/risk mgmt
Title III, Section 303 of SOX
Civil Proceedings
deals with any action taken to fraudulently coerce, manipulate, or mislead the auditor.
prohibits any director or officer from acting in this manner, as well as anyone acting under their direction.
Refusal to answer auditor questions honestly could be considered an attempt to mislead the auditor.
Stale and Aged Checks appear in Bank Reconciliation
Potential Issue
Analytical Procedures
Indicate areas of potential problems
Results affect NATURE of further procedures
Material Weakness in Internal Control
Adverse Opinion on IC
No assurance from mgmt on IC but test reveal no material weakness
Unqualified Opinion on IC
Communication that 1) no significant deficiencies or 2) material weaknesses were identified?
1) not allowed
2) allowed
Compilation Report
- compiled FS
- in accordance with SSARS
- limited to presenting FS - the representation of mgmt
- not audited or reviewed
- no opinion/assurances
mgmt responsible DIM for IC relevant to fp of FS
objective to assist mgmt to present FS
w/o assurance that no mat mod should be made to FS
mgmt may elect no disclosures
then disclose:
lack of independence (not reason), last paragraph
BOA must then be disclosed in report
PPS Sampling
Reliability Factor (chart - Risk of Incorrect Acceptance, # Errors allowed)
Sample Size = Pop BV x RF/TE - #E
Sampling Interval = Pop BV/Sample Size
Reference made in the opinion rendered by the auditor of the group financial statements to work of component auditor
Division of the work between the auditor of the group financial statements and the work performed by the component auditor
Mentions the report of the other auditor in the auditor’s Responsibility paragraph (amount of the division) and the Opinion paragraph
OR
Assume full responsibility, no reference is made to the component auditor
Successor auditor to publish comparative financial statements
Intro paragraph:
- identify previous FS
- previous opinion
- date of previous report
NOT
name of predecessor auditor
Add extra paragraph to end of otherwise standard report
EOM/EM
substantial doubt as to gc
change from one allowable GAAP matter to another
Before reissuing an auditor report, predecessor auditor should
obtain a letter of representations from the successor auditor
Group FS GAAP, but chooses to reference subsidiary audit of financial statements prepared according to IFRS
must be converted to US GAAP for consolidation purposes.
auditor of the group statements must disclose its responsibility for evaluating that conversion process
The auditor of the group financial statements is required to
set materiality levels and determine risk (assessment)
for all components that go into creating the reported financial statements.
Component
a piece of a company that maintains its own separate financial information:
one account (inventory, for example, or accounts receivable)
a single operation or
a subsidiary
auditing procedures can be separated from the remainder of the group financial statements
Group Audit Engagement Team
Partners, including group engagement partner, and staff
- establish the overall group audit strategy,
- communicate with component auditors,
- perform work on the consolidation process, and
- evaluate the conclusions drawn from the audit evidence as the basis for forming an opinion on the group financial statements.
Any auditors who are involved with the client but do not meet the definition of a member of the group engagement team are considered to be Component Auditors.
CA frequently work with other auditing firms but can be members of the same firm as the group audit engagement team.
Other CPA firm not acting as an auditor but rather carrying out one particular procedure.
Reference can only be made to work done by a component auditor when an audit is performed.
Reader of the audit report cannot be expected to understand the division of responsibility if only specific procedures are performed.
two types of reports that a service organization may request from its auditor
type 1 report: report on management’s description of a service organization’s system and the suitability of the Design of controls
type 2 report: report on management’s description of a service organization’s system and the suitability of the Design and Operating effectiveness of controls
type 1 - disclaim an opinion on the operating effectiveness of controls. (no test for reasonable assurance that control objectives achieved during the period under audit)
Review report and supplementary info
- state the other data was subjected to the inquiry and analytical procedures applied in the review of the basic financial statements and provide the same negative assurance as the basic financial statements
or
- state that the other data has not been subjected to those procedures but has been compiled from information that is the representation of management and the accountant does not express an opinion or provide any assurance on the data
Internal Auditor:
- Objectivity
- Competence
- Quality/Effectiveness (of work)
- impartial/operates free of conflicts of interest
Understand the organizational status:
a. reports to one with ability to consider/act upon findings
b. reports directly/regularly to those charged w/governance
c. those charged w/governance oversee employment decisions regarding IA
- professional certifications
- consistency of reports with results of work performed and appropriateness of conclusions
in-house legal counsel may relay information pertaining to such matters as
litigation,
compliance with laws and regulations,
knowledge of fraud/suspected fraud affecting the entity,
warranties,
post-sales obligations,
arrangements (such as joint ventures) w/partners, and
meaning of contract terms
Sec 11(a) Securities Act of 1933
Shifts burden from investor to CPA who audits FS associated with registration statement and sued by acquirer of securities
misstatement immaterial
not misleading
due diligence re: audit
Section 409 of Title IV of the Sarbanes-Oxley Act (SOX)
Real Time Issuer Disclosures
disclose to the public on rapid/current basis additional information on material changes in financial condition or operations
Providing Access to or Copies of Audit Documentation to a Regulator
Federal Agencies (FDIC. OTS, HUD, Labor, REA)
State insurance/utilities
Health care authorities
NOT IRS
IFAC
International Federation of Accountants
standards/guidance
organizations, firms, practices
promote value of accountants
public interest issues
To accept an engagement to examine MD & A,
Statements on Standards for Attestation Engagements:
CPA,
audited the FS to which the MD & A applies,
understand the required elements of the rules and regulations adopted by the SEC in relation to the MD&A (includes adopted elements/not conformity )
MD&A
narrative explanation of the financial results as reported in the financial statements filed with the SEC
compensating balance arrangements and nonmonetary transactions
obscure the forms of transactions,
suspect in regards to related party transactions
after identifying related party transactions,
obtain an understanding of the business purpose of the transactions
note states that a particular related party transaction occurred on terms equivalent to those that would have prevailed in an arm’s-length transaction
qualified or adverse opinion
unsubstantiated disclosure
generally not possible to determine whether a particular transaction was consummated on terms equivalent to those with unrelated parties
high risk of material misstatement
expand substantive testing or
select more effective substantive tests
NOT increase of tests of controls
information from marketing, sales, or production personnel
changes in the entity’s marketing strategies,
sales trends,
production strategies, or
contractual arrangements with the entity’s customers
materiality levels
are generally considered in terms of
the smallest aggregate level of misstatement
that could be considered material
to any one of the financial statements.
Compilation (OCBOA & No disclosures)
may compile financial statements that omit all footnote disclosures
footnotes to the financial statements disclose the basis of accounting in preparing the financial statements
CPA must then disclose the basis of accounting followed in the compilation report
Failure by the client’s management to provide a representation letter covering all of the periods under review
precludes the completion of a review
may issue a compilation report
Special reports,
special purpose
include:
OCBOA FS (cash/tax/contractual/regulatory)
specified elements, accounts, items of a financial statement; compliance (contractual agreements/regulatory requirements; financial information presented in prescribed forms/schedules
emphasis-of-a-matter paragraph
include a paragraph that states the basis of presentation and refers to the note in the financial statements that discusses the basis of presentation and describes how that basis differs from GAAP
Reports on preprinted forms
type of special report
GAAS - not satisfied with the wording, it should be reworded
When an auditor is engaged to report on selected financial data that are included in a client-prepared document that contains audited financial statements,
report limited to data derived from audited financial statements.
If also derived from other information, the auditor’s report should specifically identify the data on which he/she is reporting
cash-basis financial statements
Assets and liabilities arising from cash transactions, and
revenue collected and expenses paid
“Balance Sheet,” “Income Statement,” etc. - terms associated with GAAP
report on agreed-upon procedures
include:
procedures performed
related findings
Form 8-K.
reportable disagreement
make a report to the SEC relating to noncompliance with laws and regulations that has a material effect on the financial statements.
may be necessary if the auditor withdraws from the engagement because the board of directors has not taken appropriate remedial action.
expression related to the consistent application of an applicable financial reporting framework
The auditor’s standard report does not include if
(a) no change in accounting principles has occurred, or
(b) there has been a change in accounting principles or the method of their application, but the effect of the change is not material
When the auditor reissues a report of the financial statements,
the independent auditor has no responsibility to make further investigation or inquiry as to events which may have occurred during the period between the original report date and the date of the release of additional reports.
third party use of prospective financial statements is expected, an accountant may not accept an engagement to
Perform a review.
AR 100.41 states, Each page of the financial statements reviewed by the accountant should include a reference, such as,
“See Accountant’s Review Report.”
The accountant performing a review is required to obtain
a letter of representation from members of management who the accountant believes are responsible for and knowledgeable, directly or through others in the organization, about the matters covered in the representation letter.
Normally, the CEO and the CFO sign the representation letter.
A representation letter is not required for a compilation engagement.
Inquiries and analytical procedures ordinarily performed during a review of a nonpublic company’s financial statements include
inquiries concerning the company’s procedures for recording and summarizing transactions.
NOT include
obtaining corroborating audit evidence,
management’s assertions about continued existence, or
company’s attorney’s opinion concerning contingencies
For a review, to draw attention to any material departure from U.S. GAAP
CPAs are required to include an extra explanatory paragraph in their report
According to the AICPA’s SSARSs, engagement planning should include
- establishing an understanding with management in an engagement letter,
- obtaining an understanding of the client and its industry, and
- considering the scope of the engagement in meeting the client’s needs.
Review procedures primarily consist of inquiry and analytical procedures, not detailed tests of transactions and balances.
SAS retention period for audit documentation
not less than 5 years
to express opinion on A/R balance when disclaimer or modified opinion on FS
present A/R report separately
special report not a piecemeal opinion
supplementary info in compilation or review
refer to the data in FS report or issue separate report on it
Planning a review of an audit client’s interim financial statements
Read documentation of preceding year’s audit/reviews of prior current year interim period(s) and corresponding prior year interim period(s)
Read most recent annual and comparable prior interim period financial information
Considering the results of any audit procedures performed with respect to the current year’s financial statements
Inquire of management about changes in the entity’s business activities, the identity/nature of related party transactions and whether significant changes in internal control have occurred subsequent to the preceding annual audit or prior review of interim financial information
Application controls
performed by IT (automated) or
by individuals
When performed by people interacting with IT, they may be referred to as user controls.
designed to achieve specific control objectives related to specific accounting tasks.
pertain to the processing of individual applications.
are manual or automated procedures that operate at a business process level
The auditor should develop auditing procedures based on the auditor’s understanding of the entity and its environment, including
the composition of revenues,
specific attributes of the revenue transactions, and
unique industry considerations.
The auditor is required to communicate certain matters to those charged with governance. (audit committee) including:
auditor’s responsibility under GAAS
auditor’s views about significant accounting policies
mgmt judgments/process for significant estimates,
significant adjustments (material, corrected mistmts),
uncorrected, nontrivial misstatements/effect on opinion,
other mgmt info included in FS,
disagreements with management (resolved or not),
mgmt consultation with other accountants,
major retention RMM issues discussed with management,
difficulties encountered caused by management.
audit strategy
determines the characteristics of the engagement,
defines its scope,
allows the auditor to determine key dates/objectives, and
considers materiality, areas of higher RMM
audit strategy helps the auditor assign resources
audit plan
more detailed than the audit strategy
includes the nature, timing, and extent of procedures
to be performed by audit team members
to obtain sufficient appropriate audit evidence
to reduce audit risk to an acceptably low level
Audit evidence about control risk is obtained by
performing tests of controls that evaluate the effectiveness of specific controls
Methods of determining the effectiveness of the design and operation of a control include: inquiry, inspection, observation, reperformance
substantive tests include
analytical procedures (planning, substantive testing, final review,
calculations by the auditor, and
confirmation process (highly reliable evidence obtained from external, independent third parties)
An examination of prospective financial statements involves:
evaluating the preparation
evaluating the support underlying the assumptions,
evaluating the presentation for conformity with AICPA
issuing an examination report.
In designing a written audit plan, specific audit objectives should be established. Audit objectives are related primarily to
financial statement assertions,
which can be classified according to categories:
Occurrence Completeness Accuracy Cutoff Classification Existence Rights and obligations Valuation and allocation AU-C 315.A114
Audit procedures that will achieve the audit objectives are detailed in the audit plan.
Timing of audit procedures and the cost-benefit of gathering evidence are considered in audit planning.
Audit techniques are selected in performing the audit work.
why perform a walkthrough of transactions
understand the full process
determine effectiveness of the control
NOT to verify accuracy regarding single transaction type
NOT in a Review
inquiry as to integrity of mgmt/control procedures
permission to contact predecessor auditor
assess risk of material misstatement
Significant deficiencies in the design or operation of the internal control structure that come to the auditor’s attention (reportable conditions) and Government Auditing Standards
require that these deficiencies be reported
to the auditee
and
to the appropriate officials of the organizations requiring or arranging for the audits, including legislative and regulatory bodies
When the auditor has noted reportable conditions in a financial statement audit conducted in accordance with Government Auditing Standards,
the auditor’s report on the internal control structure should contain:
a description of the scope of the auditor’s work,
stating that the auditor obtained an understanding of the design of relevant policies and procedures, determined whether these policies and procedures have been placed in operation, and assessed control risk
The audit of recipients of federal financial assistance conducted under Governmental Auditing Standards auditor responsibility to audit and report on compliance
recipient has a legal obligation to spend monies in accordance with applicable laws and regulations,
the auditor has the responsibility to audit and report on compliance including material instances of fraud and illegal acts that were discovered
assess whether management has identified laws and regulations that have a direct and material effect on the entity’s financial statements
determines whether the federal financial assistance has been administered in accordance with applicable laws and regulations
Government auditing standards and quality control
each audit organization conducting government audits should have an appropriate internal quality control system in place and participate in an external quality control review program
CPA seeking to enter into a contract to perform an audit subject to government auditing standards should provide the CPA’s most recent external quality review report to the party contracting for the audit
issues Government Auditing Standards
GAO
sometimes referred to as the “Yellow Book.”
GAO: 3 types of threats to independence
organizational (same reporting unit as an audited entity)
external
personal (connection to or interest in the audited entity)
GAO presumption of independence
federal employee auditing a state government program
legislative auditor auditing a judicial branch program
head audit organization elected by voters
Government Auditing Standards require regarding internal controls that auditor “include in their report on the financial statements either:
(1) description of the scope of the auditors’ testing of internal control
s and the results of those tests or an opinion, if sufficient work was performed, or
(2) reference to a separate report(s) containing that information…”
detect whether payroll data was altered during processing
Use test data to verify the performance of edit routines
working trial balance resembling the financial statements
begins with the client’s unadjusted balances
contains columns for reclassifications and adjustments as a result of the audit
indicates the adjusted ending balances
format provides a transaction trail from the client’s account balances to the audited financial statements
Low assessment of risk associated with other relevant substantive procedures and sample size
smaller
Smaller expected value of misstatements and sample size
smaller
accountant issues to an underwriter a comfort letter containing comments on data that have not been audited
Negative assurance on the capsule information
The objective of pro forma financial information
to show what the significant effects on historical financial information might have been had a consummated or proposed transaction occurred at an earlier date
In a review report, the accountant should
- identify the pro forma information,
- refer to the financial statements from which the historical information is derived and
- state whether such financial statements were audited or reviewed,
- state that the review was in accordance with AICPA standards,
- explain the objective of pro forma information and its limitations, and
- provide negative assurance regarding the pro forma information
An examination of prospective financial statements (PFS) is a professional service that involves
(1) evaluating the preparation of the prospective financial statements,
(2) evaluating the support underlying the assumptions,
(3) evaluating the presentation of the prospective financial statements for conformity with AICPA presentation guidelines, and
(4) issuing an examination report,
NOT a compilation report
The standard report on the examination of prospective financial statements includes:
(1) n identification of the prospective financial statements presented,
(2) a caveat that the prospective results may not be achieved and
(3) a statement that the accountant assumes no responsibility to update the report for events and circumstances occurring after the date of the report.
NOT an audit, (no reference to GAAS)
Statements on Standards for Accountants’ Services on Prospective Financial Information
forecasts take the form of historical financial statements
- caveat as to the ultimate attainment of the forecasted results
- statement that the CPA assumes no responsibility to update the report for events occurring after the date of the report.
- opinion as to whether the forecast is fairly presented.
(no need to explain what the information is since the forecast represents financial statements)
financial forecasts or other prospective financial statements
An accountant may be engaged to
examine,
compile, or
apply agreed-upon procedures
An examination of a financial forecast involves
evaluating:
preparation of the forecasted statements,
support underlying the assumptions
presentation for conformity with AICPA guidelines
and issuing an examination report
pro forma financial statements
historical statements that have been changed to show the impact that would have occurred as a result of a proposed event
A report on the Operating Effectiveness of internal controls
- opinion that the description of the controls is a fair presentation of the system in place
- opinion that the controls tested operated effectively throughout the period
- opinion that the controls were designed suitably to provide reasonable assurance that control objectives would be achieved if such controls were operating effectively
A report on the Adequacy of the Design of internal controls
I. statement that the distribution of the report should be restricted to the service organization, user firms, and the independent auditors of user firms
IV. A disclaimer of opinion on the operating effectiveness of the internal controls
Rule 302 of the AICPA Code of Professional Conduct
prohibits contingent fees that are based on the findings of the work of a CPA.
Contingent fees are allowed in certain types of tax matters such as an IRS examination where the final outcome is set by an independent party. The work is not being performed for the benefit of the public in any way but rather the final judgment is made by the IRS, a party that is unrelated to the reporting company and does not care whether the CPA is independent.
AU-C 320.09 states that performance materiality is
“the amount or amounts set by the auditor at less than materiality for the financial statements as a whole to reduce to an appropriately low level the probability that the aggregate of uncorrected and undetected misstatements exceeds materiality for the financial statements as a whole.”
After the auditor assesses control risk, the auditor may desire a further reduction in the assessed level of control risk for some assertions.
- The auditor would then decide if it is likely that additional evidential matter could be obtained to support a lower assessed level of control risk for these assertions.
- If yes, and it is likely to be efficient to obtain such evidential matter, the auditor would then perform additional tests of controls.
- Next, whether the auditor performed additional tests of controls or not, the auditor would document the basis for conclusions about the assessed level of control risk and design substantive tests.
primary emphasis by auditors when assessing internal control
internal control over Classes of Transactions
(NOT Account Balances because accuracy of these accounting system outputs depends heavily on the accuracy of inputs and processing )
obtain an understanding of a client’s internal control structure, including knowledge about the design of relevant policies, procedures and records and whether they have been placed in operation by the entity
to identify types of material misstatements,
consider factors that affect the risk of material misstatements, and design substantive tests
reasonable assurance
the cost of an entity’s internal control should not exceed the benefits derived
According to the Comittee of Sponsored Organizations (COSO) framework, the seven factors of the control environment are:
I see ham bone. I (I) see (C) ham (HAM) bone (BO)
I - Integrity and ethical values
C - Commitment to competence
H - Human resource policies and practices
A - Assignment of authority and responsibility
M - Management’s philosophy and operating style
B - Board of directors or audit committee participation
O - Organization
Even the best-designed internal control systems are subject to failure due to:
human error,
faulty judgment,
collusion,
management override
When financial statements are submitted for the use of management only,
not required to (may choose to) issue compilation report
each page of the financial statements should include a reference restricting their use
(e.g., “Restricted for Management’s Use Only”).
Financial statements can be projected into future years if certain assumptions are made.
perform procedures to evaluate assumptions
NOT: explain the differences between historical and projected, refer to the auditor’s report or include an opinion on going concern
Per ISA 260, objectives of an auditor when communicating to those charged with governance.
communicate responsibilities of the auditor in relation to the audit, and planned scope/timing
obtain information relevant to the audit
provide timely observations significant and relevant to their responsibility to oversee the financial reporting
process
NOT providing pay rate and estimation information which is part of engagement
The Committee of Sponsoring Organizations of the Treadway Commission (COSO) published a follow-up study to its 1987 report entitled Fraudulent Financial Reporting: 1987–1997, An Analysis of U.S. Public Companies, outlining year-end testing procedures of particular importance, including:
tests of transaction cutoffs.
tests of transaction terms and account valuation for end-of-period accounts
tests to ensure a baseline level of internal control
Parallel simulation
auditor uses client data and
auditor-controlled software to
obtain output and
compare to the client output.
Differences indicate potential weaknesses or problems with the client’s software.
Sample size can be greatly expanded with minimal additional colst
Test data
introduced into the client’s computer system using the same program to operate the application being tested
not under the auditor’s control, as it uses the client’s actual program
review of program logic
provide information about the design of the automated controls
does NOT assist the auditor with testing the operating controls of the computer system
integrated test facility
introduces a fictitious entity (such as a fake employee or customer) with real entries in the master files of the client’s computer system.
The auditor then compares the processing of data through the fictitious entity with what should be there in order to test that the data processing is reliable. Like the test data (or test deck) approach, an integrated test facility uses the client’s system and is not under the auditor’s control.
use in determining the auditor’s preliminary judgment about materiality
financial statements of the prior year
engaged to review financial statements becomes aware of a departure from GAAP
disclose the departure in a separate paragraph of the review report
standard report on a compilation of prospective financial statements does include:
statement that compilation of projection is limited in scope
disclaimer of responsibility to update the report for events occurring after report date
separate paragraph describing limitations on usefulness
NOT limited assurance that the results may be achieved
Discovery sampling
used when the auditor believes that the population occurrence rate is near zero
meant to find at least one occurrence when the auditor expects none
a special case of attribute sampling
Input controls relate most appropriately to
rejection, correction, and resubmission of data that was initially incorrect.
There are four basic categories of input to be controlled:
transaction entries,
file maintenance transactions,
inquiry transaction entries, and
error correction transactions
Edit checks on transaction entries
type of input control
test transactions prior to processing and are designed to ensure that invalid inputs are rejected.
A file of all rejected sales transactions is the only output pertaining to input controls.
All of the other alternatives are examples of processing controls.
design and perform further audit procedures that are responsive to the assessed risks of material misstatement at the relevant assertion level
consider
significance of the risk,
likelihood that a material misstatement will occur,
characteristics of the relevant class of transactions, account balance, or disclosure involved,
nature of the specific controls used by the entity and whether they are manual or automated, and
whether the auditor expects to obtain audit evidence to determine if the entity’s controls are effective in preventing and detecting material misstatements.
voucher ordinarily replaced by another voucher in the random sample if voided voucher
has been properly voided.
design deficiency
necessary control is missing or not properly designed
Risk assessment
consider threats to organization’s objectives in the areas of:
operations,
financial reporting and
compliance with laws and regulations
procedures:
Inquiries of management and others within the entity.
Analytical procedures.
Observation and inspection
The auditor uses the assessed level of control risk to
determine the acceptable level of detection risk for financial statement assertions
substantive tests
Auditing procedures designed to detect misstatements
include tests of details and analytical procedures
prevent fictitious employees and/or fictitious salary rates
new hires,
terminations of employees, and
salary rates
approved by the personnel department,
who informs the payroll department/employee supervisor
timely basis
to reduce scope of tests of asset acquisitions
internal audit procedure:
periodic inspection of physical equipment and
comparison to what is recorded
internal control and “information and communication”
ability of the accounting system to generate reliable information and convey it in a timely manner to those parties within the organization that need it
understanding of the design of the controls:
techniques
questionnaire, flowchart, or narrative
only one is necessary although sometimes the techniques are grouped together if the system is particularly complex
A CPA has no need to test the operating efficiency of an internal control unless
it is well designed.
Based on this preliminary assessment, the auditor wants to rely on the control so that control risk can be assessed at a lower level and the necessary amount of substantive testing is reduced.
There is no potential benefit unless the control risk is well designed so only in that case will the auditor move on to do the testing for operating efficiency.
Integrated test facility
create a small subsystem within the regular EDP system
Dummy files and records are appended to existing client files and fictitious test transactions, specifically coded to correspond with the dummy files and records, are introduced into a system together with actual transactions.
General accounting dept.
responsible for journalizing and posting all summary transactions
General accounting serves as the last check on accounting records; it has no connection to assets or transactions.
Auditors obtain information about internal control by
inquiry of appropriate personnel,
observing control activities and operations as they are performed, and
inspecting various entity documents and records
general control policies and procedures
automatic reorder points
establishment of requirements to be met in determining a customer’s credit limits
establishment of sales prices
Inventory turnover ratio =
Cost of goods sold/Average inventory
According to AU 325, significant deficiencies and material weaknesses in internal control of a public company must be communicated
in writing
to the audit committee of the board of directors. -
Significant deficiencies
adversely affect a company’s ability to perform its accounting functions and
result in more than a remote likelihood that a misstatement that is more than inconsequential will not be prevented or detected and rather flow through to the financial statements.
Ex: lack of objectivity by those responsible for accounting decisions would affect management’s ability to produce financial statement free from material errors
AU 380 requires that when the auditor is aware of such consultation with another CPA,
the auditor should discuss with the audit committee his/her views about significant matters that were the subject of such consultation.
two possible types of control deficiencies in an audit of a company’s internal control in connection with its financial reporting under the standards of the Public Company Accounting Oversight Board (PCAOB)
Design
way by which the system with its policies and procedures was designed
did not accomplish what it was supposed to accomplish.
Control
operation of one or more controls
people may be performing their tasks in a deficient manner
A practitioner may examine and report on management’s assertion about the effectiveness of an entity’s internal control structure if
Management
accepts responsibility for the effectiveness of the entity’s internal control structure,
evaluates the effectiveness of the entity’s internal control structure,
presents its written assertion about the effectiveness of the entity’s internal control structure
monitoring a firm’s accounting and auditing practice,
consider:
firm’s management,
environment in which the firm practices, and
environment in which the client operates
AU-C 725.03 states that the objective of the auditor, when engaged to report on supplementary information in relation to the financial statements as a whole,
(a) evaluate the presentation of the supplementary information in relation to the financial statements as a whole and
(b) report on whether the supplementary information is fairly stated, in all material respects, in relation to the financial statements taken as a whole.
AU-C 450.12 states that the auditor should include in the audit documentation:
amount below which misstatements would be regarded as clearly trivial;
all misstatements accumulated during the audit and whether they have been corrected; and
conclusion about whether uncorrected misstatements are material, individually or in aggregate
NOT the size and nature of the misstatement
A standard compilation report implies
that substantially all disclosures required by GAAP are included in the financial statements
The standard compilation report explicitly states
accountant has not reviewed or audited the financial statements
financial statements may be used to obtain credit if a standard compilation report is issued.
limitation to presenting information that is the representation of management (“Management is responsible for the preparation and fair presentation of the financial statements…”)
Probability-proportional-to-size (PPS) sampling
excludes zero and negative balances in its sample selections and in evaluating results.
classical variables sampling would have an advantage over PPS sampling because
variables sampling does not require special design considerations for inclusion of zero and negative balances
PPS sampling would require a special design to include negative and zero balances
Statistical sampling
based on the laws of probability,
quantitatively (mathematically) measure the sampling risk
provide the auditor with an objective basis for evaluating sample results
nonstatistical sampling does not quantify sample risk.
Projecting error rates based on sample results
relates more to tests of controls than to analytical procedures
In estimation sampling for attributes, what must be known to evaluate the sample results?
- an estimation of the population misstatement
based upon the number of misstatements in the sample, - average misstatement size,
- individual misstatements in the sample and
- sample size
In a test of controls,
the auditor takes a sample,
determines the sample deviation rate,
compares this rate to the maximum rate he can tolerate and still rely on the control, and
decides whether to rely on the control as planned or not
Increasing the estimated occurrence rate
will directly increase the sample size (all other factors remaining the same)
rate of occurrence of errors is 3%
error rate in the population is
Probably about 3%
considered in determining the sample size for a test of controls
Tolerable rate.
Acceptable risk.
Expected population deviation rate.
NOT Population size (little or no effect except for very small populations)
An increase in the tolerable rate of deviation
would allow a reduction in sample size.
As the likely rate of deviation decreases,
the auditor may decrease the planned sample size.
The allowable risk of assessing control risk too low
has an inverse effect on sample size.
Variables sampling
used when an amount (such as a dollar figure) is being estimated.
Mean-per-unit and probability-proportional-to-size sampling are specific types of variables sampling.
attribute sampling estimates
a percentage,
often an error rate
for sample for substantive test of details, consider
relationship of sample to audit objective
preliminary estimates of materiality levels
allowable risk of incorrect acceptance
characteristics of the population (items comprising balance or class of transaction)
The initial sample size for audit sampling is determined by four factors:
population size;
the tolerable exception rate;
the auditor’s measure of sampling risk, defined as the acceptable risk of assessing control risk too low (ARACR);
and the estimated population exception rate.
Population size is not nearly as significant a factor as the others and typically can be ignored, especially for large populations.
The risk of incorrect acceptance and the risk of assessing control risk too low relate to
the effectiveness of an audit
in detecting an existing material misstatement
allowance for sampling risk
difference between:
deviation rate of the sample and
possible upper rate for the population
upper deviation rate of the population is lower than the auditor’s tolerable deviation rate
control risk appears to be acceptably low
Statistical sampling techniques indicate
the possible upper rate of deviation of the population
basis for a statistical sampling test
Judgments
such as the expected error rate and the maximum tolerable rate
If an error rate is being estimated,
this testing falls under sampling for attributes.
Sampling for variables
attempts to estimate a total such as an account balance.
Sample size varies directly with
the expected error rate.
Thus, the more expected errors, the larger the sample size, and the less expected errors, the smaller the sample size.
Sample size varies inversely with
the tolerable error rate.
The larger the rate that you can tolerate, the smaller the sample size will be. The smaller the rate you can tolerate, the larger the sample size will be.
Ratio estimation sampling technique is based on
comparing:
the ratio of the book value
to the audited value of the sampled items;
method can not be used when there is no book value with which to make the comparison
The use of ratio estimation sampling technique is most effective when
the calculated audit amounts are approximately proportional to the client’s book amounts
When audit differences are approximately proportional to account size, the standard deviation of the ratio is small and this results in a relatively small required sample size.
stratified sampling techniques to be most applicable to
accounts receivable
customers will have a great deal of variation in amounts,
minimize the effect on sample size of the variation within the population.
emphasize the larger account balances by stratifying the population
dividing a population into several smaller populations based on dollar amounts reduces the variability of each of these smaller populations so that the overall sampling size can be smaller saving time and cost
Monetary unit sampling is the most commonly used statistical method of sampling for tests of details of balances because
it has the statistical simplicity of attribute sampling yet provides a statistical result expressed in dollars
reduces the cost bc several sample items are tested at once
increases the likelihood of selecting high dollar items from the population being audited
determine the projected error of misstatement of a PPS (dollar unit sampling) sample
When an account recorded amount exceeds the sampling error and
recorded amount is in excess of the sampling interval,
the projected error equals the actual misstatement
When using probability-proportional-to-size (PPS) sampling, the auditor controls the risk of incorrect acceptance by
specifying a risk level when planning the sample
when the sampling interval exceeds the account’s recorded amount, t
the projected error is determined , first by dividing the amount of misstatement by the recorded amount
[($5,000-$4,000) /$5,000 = 0.2]
The result times the sampling interval is the projected error.
[0.2 x$10000 = $2,000]
Embedded audit modules
coded into a client’s application to collect data for the auditor.
Snapshot applications
capture screen images.
Integrated data checks and test data generators
involve auditor-controlled fictitious data.
generalized computer audit program
allows the auditor to independently process and verify client electronic data processing records
test data approach
validates the processing of accounting data by the client’s EDP equipment.
a known outcome is compared with the processing outcome to validate the processing of data.
data control group and systems analyst
DCG - review output and control its distribution
SAD - designs and evaluates systems and prepares program specifications for programmers.
These two functions should be separated.
Control over access to electronic data processing (EDP) programs
a general control
test control over access by examining client records documenting the use of EDP programs
Systems development and data processing
separate functions reporting to a single manager
system development includes: systems analysis, systems programming, applications programming and database administration
data processing includes: data preparation, operations, data library and data control
physical access controls
Clamps or chains to prevent removal of hard disks or internal boards,
regular backup and
control over access from outside
prevent damage or other loss including: theft, unauthorized access, by disgruntled employees or others NOT online or electronic fraud
examples of IT controls
Requiring applications to be adequately tested before use, backup of files, control access to appropriate users, adequate documentation, and application controls
NOT
Printer logs,
decision trees and
local area networks
Processing Integrity
principle of the AICPA’s Trust Services Framework
requires that the system processing is: complete, accurate, timely and authorized
information systems department - two distinct functions
systems development
data processing
systems analyst
analyzes the user environment
and requirements
and may recommend changes to the current system, the purchase of a new system or design a new system
responsible for ensuring programming and end user needs are met
systems flowchart is a tool or diagram used by the systems analyst to define system requirements
systems programmer
responsible for:
implementing,
modifying and
debugging
the software required to interface with the hardware.
Examples include:
operating systems,
telecommunications monitoring and
database management systems
Operator
responsible for daily computer operations of both the hardware and software mounts tapes, supervises operations on a console, accepts inputs and distributes outputs
has documentation available to run programs but is not responsible for detailed program information
Applications Programmer
responsible for
writing
testing and
debugging
applications software
Database Administrator or DBA
responsible for
maintaining the database and
restricting access to the database to authorized users only.
End User
responsible for the data
NOT programs that run the data
At a minimum, an attempt should be made to segregate what three IT functions?
programming, operations and data library (POD)
Ideally, also: analysis, design database administration help desk
smaller systems
a firm may purchase
auditor may be familiar with purchased software
“exception reports” may be standard and well tested
larger systems
may develop their own
auditor may not be familiar with “in house” developed software
although exception reports may exist, controls should be tested to a greater extent
audit trail
record left by the accounting information system of movements in individual transaction data that provides a trail of the processing of transactions and other events
allows for means to trace back to individual business events from the general ledger
may start from the moment data about the event is entered into the system until the final entry is made in the financial statements.
may enable the tracing of the movement in data from the time the order is placed by the customer until the time the payment data is entered in the general ledger accounts
discover fraud
acts as a deterrent to perpetration of such acts.
monitor system and data produced, and
answer queries by tracking a specific transaction through the accounting records or tracing a transaction back to the original source and observing how it is processed
Three main types of system documentation used by auditors and analysts
(a) Data Flow Diagrams (DFDs) that illustrate the system components and functions, data flows among the components and sources, destinations and storage of the data
(b) System Flowcharts that illustrate Informational Processes (such as logic flows, inputs, outputs, data storage), Operational Processes (such as physical flows) and
(c) Entity Relationship Diagrams that illustrate the system’s key entities and the relationships among those entities
input validation or edit controls include
Preprinted forms, check digits, control., batch and proof totals; hash totals, record counts limit or reasonable tests menu driven input, field and validity checks, missing data and field size checks logic checks redundant data checks and closed loop verification
NOT
segregation controls,
physical access controls and
hardware and software access controls
output control activities
Checks of computer output against source documents, control totals or other input
Reviewing computer logs
Policies and procedures that document authorized users and receipients of data
Limit test
high and low barriers
hash total
any mathematical summation of a piece of information that would not otherwise be computed except for control purposes
Nonprofit organizations are required to have a single or program-specific audit under OMB Circular No. A-133 if the organization expends
$500,000 or more in a year in federal awards
A CPA provides an entity with controllership or other management services that include the submission of financial statements.
The CPA is required to follow the provisions of Statements on Standards for Accounting and Review Services when:
the CPA is not a stockholder, partner, director, officer, or employee of the entity.
The Government Accountability Office (GAO) specifies four interrelated sections with respect to independence:
- A conceptual framework
- Guidance for audit organizations that are structurally located within the entities they audit
- Requirements when performing nonaudit services
- Guidance on documentation
overall responses to address the assessed risks of material misstatement
Emphasizing the need to maintain professional skepticism in gathering and evaluating audit evidence
Assigning more experienced staff or those with specialized skills such as specialists
Providing more supervision
Incorporating additional elements of unpredictability in the selection of further audit procedures
Specific responses: substantive, further audit procedures, and test of controls
Significant risks
require special audit consideration,
a matter for the auditor’s professional judgment
Include:
estimates identified as having high estimation uncertainty
unusual, infrequent, or sizable transactions
changes in inventory
significant related party transactions
related to recent economic/accounting, developments,
risk related to judgmental matters
manual intervention for data collection/processing, or when the calculation is complex
Calculate Projected Error using PPS
Compare each Recorded Amt to each Audited Amt
If Recorded Value < Sampling Interval
Tainting % = (Recorded Amt - Audited Amt)/Rec Amt
Tainting % x Sampling Interval = Projected Error
If Recorded Value > Sampling Interval
Tainting % = 0
Actual Misstatement = Projected Error
Total Projected Error = Sum of individual Projected Errors
auditor required to determine acceptability of financial reporting framework applied to special-purpose financial statements by
obtaining understanding of:
purpose of FS
intended users
mgmt’s determination of applicable framework
Adjustments are only recorded for
items equal to or exceeding materiality.
PPS - Sample Size
(Pop Book Value x Reliability Factor)/
Tolerable Error-Expected Misstatement
PPS - Sampling Interval
Pop Book Value/
Sample Size
Change in auditing procedure brought about as a result of the 1136 Tenants Corp. case
engagement letters between the CPA and client were strongly recommended for all engagements,
especially unaudited engagements
clearly define the intent of the engagement, the CPA’s responsibilities, and any restrictions imposed on the CPA
independent auditor is required to create
written documentation that includes specified information about an upcoming audit engagement to ensure that both parties understand the nature of the work to be performed, the assurance to be given, and the responsibilities of both parties
NO specific format (contract or engagement letter) is required
PCAOB entity type/funding
private-sector, non-profit corporation, created by the Sarbanes-Oxley Act
not a government agency
self-funded from charges to the companies being regulated
PCAOB is under the oversight and the enforcement authority of the SEC (appropriate gov’t control)
Inspections by PCAOB
takes the place of peer review which was not working
Firms that audit:
> 100 issuers = inspected annually
< = 100 = inspected every three years
Per PCAOB, management responsibility of issuers for the effectiveness of the company’s internal control over its financial reporting
accept responsibility for internal control
evaluate it each year, documenting the results
prepare a written assessment of the internal control
NOT provide a written plan each year for updating the internal control over the financial reporting process
Per PCAOB, dates on report on internal control and report on FS
last day of audit responsibility for the CPA
Consequently, the LAST DAY OF FIELD WORK is used for ALL audit work whether it is on the financial statements or the internal control.
Per PCAOB, two possible types of control deficiencies
Design - relates to the way by which the system with its policies and procedures was designed (may not accomplish what it was supposed to)
Operations - deficiency in the operation of one or more controls. (people may be performing their tasks in a deficient manner)
auditor uncovers a material weakness in internal control that cannot be rectified before the end of the audit work
adverse opinion should be rendered to properly alert all parties interested in the financial statements of the issuing company
(PCAOB) definition of a material weakness in internal control
Paragraph number 10 of PCAOB Standard 2
A significant deficiency
(or a combination of significant deficiencies)
in internal control
that results in more than a remote likelihood
that a material misstatement
in the annual or interim financial statements
will not be prevented or detected
Auditor is prohibited from performing all of the following services for issuer audit clients
Valuation services to support litigation of the firm that is unrelated to the audit
Actuarial services on the firm’s defined benefit pension plan
Design services for the firm’s accounting information system
Tax advisory services ALLOWABLE
Per Sarbanes-Oxley Act, both the lead audit partner and reviewing partners are required to be rotated off of a public company audit
at least once every five years.
There is not currently a requirement for CPA firms themselves to rotate off of a public company audit.
Per PCAOB, the reviewing partner
is required to possess
the level of knowledge and competence
related to accounting, auditing, and financial reporting
that would be required to serve as the audit partner on the audit under review
evaluate the engagement team’s judgments and related conclusions during the audit
may only allow clients to use the audit report after providing concurring approval of issuance
provide concurring approval of issuance of the audit report only if not aware of a significant engagement deficiency after conducting review in accordance with professional standards
When determining a sample size for a test of controls, the auditor should consider
tolerable rate of deviation from the controls (%),
likely rate of deviations (%), and
allowable risk of assessing control risk too low (reliability level).
The auditor’s standard report states that
financial statements present fairly, in all material respects, an entity's financial position, results of operations, and cash flows in conformity with generally accepted accounting principles accepted in the United States of America.
identifies the financial statements audited in an opening paragraph,
describes the nature of an audit, and
expresses the auditor’s opinion in a separate opinion paragraph.
For an unmodified opinion, each of the following items must be satisfied:
A title must include the word “independent.”
Financial statements identified were audited.
Financial statements are the responsibility of the company’s management.
Auditor responsible for expression of an opinion on financial statements.
Audit conducted in accordance with GAAS and should identify the United States of America as the country of origin of those standards.
Audit includes examining evidence, assessing principles and significant estimates, and evaluating overall statement presentation.
An opinion about whether the financial statements are presented fairly, in all material respects, in conformity with GAAP.
Section 408 of the Sarbanes-Oxley Act (SOX)
“Enhanced Review of Periodic Disclosures by Issuers”
dictatesSEC to review disclosures w/ special attn to those who:
issue material restatements of FS
experience significant volatility in stock price,
have largest market capitalization,
are emerging companies w/ disparities in P to E ratios,
have operations that significantly affect material sector
Section 208 of the Sarbanes-Oxley Act
prevents public accounting firms in violation of SEC or Public Company Accounting Oversight Board (PCAOB) rules
from preparing or issuing any audit report with respect to that issuer.
(GAGAS) - must have a system of quality control, including external peer reviews to occur
at least every three years
Per IFRS ISA 260, four matters must be communicated to those in charge of governance:
The auditor’s responsibilities in relation to the financial statement audit
The planned scope and timing of the audit
Significant timing of the audit
Auditor independence
Before applying principal substantive tests to the details of accounts at an interim date
consider whether the amounts of the year-end balances selected for interim testing are reasonably predictable.
basic fundamental concept that underlies the audit process
Risk
It is the acceptance by auditors that there is some level of uncertainty in performing the audit function.
The International Ethics Standards Board for Accountants (IAESB) operates within
the International Federation of Accountants (IFAC)
threats to the fundamental principles contained in the IFAC Code of Ethics’ conceptual framework
familiarity threat,
self-interest threat, and
intimidation threat
Financial-interest threat is NOT included within this conceptual framework.
Under the IFAC Code of Ethics, a Professional Accountant in Business/PAB must
consider safeguards to threats to the fundamental principles that should be upheld by accountants
report accurately
only further a firm’s legitimate interests
materiality and schedules presented as accompanying information
accompanying information schedules would not affect how materiality is measured.
exceptions that would not impair independence.in performing tax services for persons in financial accounting oversight roles
the person is only in the oversight role because they serve on the board of directors.
the person’s relationship to the audit client is through an affiliate, and the financial statements of the affiliate are not material to the consolidated financial statements.
the person in the financial accounting role is not in that role prior to a hiring, promotion, or change in employment event.
IFAC’s mission is to serve the public interest by
contributing to the development, adoption, and implementation of high-quality standards and guidance;
facilitating the adoption and implementation of high-quality standards and guidance;
contributing to the development of strong professional accountancy organizations and accounting firms, and to high-quality practices by professional accountants;
promoting the value of professional accountants worldwide; and
speaking out on public interest issues.
Performance materiality
amount or amounts set by the auditor at less than materiality for the financial statements as a whole
to reduce to an appropriately low level the probability that the aggregate of uncorrected and undetected misstatements exceeds materiality for the financial statements as a whole
also refers to the amount or amounts set by the auditor at less than the materiality level or levels for particular classes of transactions, account balances, or disclosures.
test the operating effectiveness of controls
inquiry combined with inspection, recalculation, or reperformance
internal control is a process effected by
those charged with governance,
management, and
other personnel
form and extent of documentation related to risks identified and controls are influenced by
the nature, size, and complexity of the entity and its environment,
including its internal control;
the availability of information from the entity; and
the specific audit methodology and technology used in the course of the audit
The timing of the audit does NOT change the form or extent of controls-related documentation
Based on Rule 3521 of the Public Company Accounting Oversight Board,
contingent fees and commission will result in a lack of independence for the registered public accounting firm.
auditor’s report under OMB Circular A-133 on nonprofit organizations expending federal awards, would include
significant deficiencies.
material noncompliance with the provisions of laws, regulations, contracts, or grant agreements.
known questioned costs when likely questioned costs are greater than $10,000 for a type of compliance requirement for a major program.
NOT a disclaimer of opinion about whether all questioned costs have been reported.
detection risk is inversely related to
the assurance provided by substantive tests
detection risk is a function of the effectiveness of an auditing procedure and of its application
Effective internal control provides
more assurance about the reliability of audit evidence.
Audit evidence is usually
persuasive (influencing or causing a person to believe by appealing to understanding),
rather than convincing (a concept of criminal law: “beyond a reasonable doubt”).
Thus professional judgment is required in the evaluation of the reliability and sufficiency of audit evidence.
A large number of bearer bonds on hand
represents the highest risk of a misstatement arising from misappropriations of assets.
Section 104 of SOX Title I,
“Inspections of Registered Public Accounting Firms,”
PCAOB) has the mandate and authority to conduct compliance inspections of each registered public accounting firm.
Firms that audit more than 100 issuers are inspected annually.
Firms that audit 100 or fewer issuers are inspected every three years.
attest engagement in which a CPA assesses a client’s commercial Internet site for predefined criteria that are designed to measure transaction integrity, information protection, and disclosure of business practices
WebTrust
CPA can disclose confidential information is with the client’s consent. The exceptions to client’s consent are:
a peer review by a state CPA society or state board of accountancy.
a subpoena or court summons to release confidential information.
an inquiry that is made by a recognized investigatory body.
NOT a letter to the client from the IRS
examination of long-term debt
Examination of bond trust indenture
rights and obligations and
presentation and disclosure
verifies the obligation as it is shown, its validity, and that either none of the covenants are violated or proper disclosure has been made
five different circumstances under which the auditor’s report would be designated a special report:
- Financial statements that are prepared in conformity with a comprehensive basis of accounting other than generally accepted accounting principles
- Specified elements, accounts, or items of a financial statement
- Compliance with aspects of contractual agreements or regulatory requirements related to audited financial statements
- Financial representations to comply with contractual agreements or regulatory provisions
- Financial information presented in prescribed forms or schedules that require a prescribed form of auditor’s report
company’s stock record books are maintained by an outside registrar or transfer agent
transfer agent would have
evidence of shares issued and outstanding, and
names of those persons who own stock.
The outside registrar would not have records on
dividends,
stock subscriptions receivable, or
stock rights and warrants.
report for a performance audit of a governmental entity in accordance with Government Auditing Standards
the objectives, scope, and methodology of the audit,
the audit results, including findings, conclusions, and recommendations, as appropriate,
a reference to compliance with generally accepted government auditing standards,
the views of responsible officials, and
if applicable, the nature of any privileged and confidential information omitted.
A concurrent opinion on the historical financial statements is NOT the objective of the performance audit and is NOT required.
An entity must have a single audit in any year when:
the entity spends more than $500,000 in federal awards, grants, or funds,
the entity spends funds from one or more than one federal program, and
if the entity only expends funds from one program, it “may” be eligible for a program audit versus a single audit.
An embedded audit module
enables continuous monitoring and analysis of transaction processing, including the functioning of processing controls.
Mapping
is a technique for determining whether a computer program contains any unexecuted code that should be examined.
Retrieval and analysis programs such as generalized audit software
offer the features and flexibility suitable for verifying the correctness of information on a computer file.
The snapshot method
is a technique utilized to capture and print all data pertinent to the analysis of a specific moment in the processing cycle.
The objective of tests of details of transactions performed as tests of controls
is the same as that of any test of controls: to evaluate whether controls operated effectively.
The objective of tests of details of transactions performed as substantive tests
is to detect material misstatements in the account balances of the financial statements.
bank cut-off statement
If the checks do not clear in a reasonable period of time, it means the payment was recorded but possibly was not sent to the recipient.
The company gets to reduce its liability balance so that it reports a lower amount of liabilities without actually losing any of its cash.
Management must represent (regarding uncorrected misstatements)
no uncorrected misstatements are included in the financial statements and
the effects of any uncorrected misstatements aggregated by the auditor during the engagement are immaterial to the financial statements.
The auditor should test the design effectiveness of IT controls by
determining whether the controls,
if they are operated as prescribed,
satisfy the company’s control objectives and
can effectively prevent or detect errors or fraud that could result in material misstatements in the financial statements.
It is not appropriate to provide an opinion that current assets are fairly stated and disclaim an opinion on the financial statements taken as a whole due to a scope limitation because
it may tend to overshadow the auditor’s disclaimer of opinion.
The auditor must identify the relevant assertions by determining the source of likely potential misstatements in each
significant class of transactions,
account balance, and
presentation and disclosure.
Because the income statement covers a time period and the balance sheet covers a specific point in time, relationships involving income statement items
are much more predictable.
precision
possible error in either direction in variables sampling
calculated using the point estimate of the population and a formula involving the standard deviation and confidence level desired to derive a plus and minus interval from the point estimate
interval is called a precision interval
In statistical audit sampling, the precision is
the allowance for sampling risk or sampling error,
the risk that when testing is restricted to a sample, the conclusion derived from the sample differs from the conclusion that would have been reached if the entire population had been tested
a measure of the difference between a sample estimate and the corresponding population characteristic at a specified sampling risk.
usually measured using a table or software and is based on sample size and sample results at the auditor’s specified risk of assessing control risks too low.
cannot be measured in nonstatistical sampling
Analytical procedures
assist the auditor in planning the nature, timing, and extent of other auditing procedures,
do NOT assist with the preliminary judgment about materiality.
When making the decision of whether to apply analytical procedures or tests of details to a certain account balance or class of transactions, the auditor should consider the:
nature of the assertion,
plausibility and predictability of the relationship,
availability and reliability of data, and
precision of the expectation.
The availability of documentary evidence (for example, if it is available only for a short period of time) would cause the auditor to change the timing of substantive tests instead of the nature of the tests.
Each account balance or class of transactions should be addressed individually when determining the nature of the tests to be performed, rather than making the decision based on the overall number of estimates in the financial statements or on the number of transactions before or after year-end.
AU-C 230 requires the auditor to document
who performed the audit work and
the date such work was completed,
who reviewed specific audit documentation and
the date of such review, and
the identifying characteristics of specific items tested when performing tests of operating effectiveness or substantial tests of details
does NOT require the auditor to include copies of client invoices
a standard cost system is
a budgeted unit cost system
designed to alert management
when actual costs of production differ from expected costs,
the plausible relationshipsof analytical procedures have been established, and variances from them would alert the auditor to potential problems
Inquire of management to obtain evidence about the occurrence of subsequent events
Whether any substantial contingent liabilities or commitments existed at the date of the balance sheet being reported on or at the date of inquiry
Whether there was any significant change to the date of inquiry in the
capital stock,
long-term debt, or
working capital
The current status of items, in the financial statements being reported on, that were accounted for on the basis of tentative, preliminary, or inconclusive data
Whether any unusual adjustments had been made during the period from the balance sheet date to the date of inquiry
Kiting
receipt date per bank is
recorded in the accounting period before the disbursement date