MCQs Flashcards

1
Q

Quality Control - Definition & PCAOB/AICPA

A

Quality control is a process to provide the firm with reasonable assurance that its personnel comply with the applicable professional standards.

The PCAOB has adopted the AICPA’s quality control standards.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

5 quality control elements of a system of quality control

A
  1. independence, integrity and objectivity
  2. personnel management
  3. acceptance and continuation of clients
  4. engagement performance
  5. monitoring

Supervision and Review is a Component of
engagement performance

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Basic fundamental concept that underlies the audit process

A

Risk:

The acceptance by auditors that there is some level of uncertainty in performing the audit function.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Which elements underlie the application of generally accepted auditing standards (particularly the standards of fieldwork and reporting)?

A

Materiality and Audit Risk

Audit planning involves developing an overall strategy related to collecting and evaluating the Evidence to be obtained.

By testing and understanding Internal Control, the auditors can assess whether it offers assurance that the financial statements will be free from Material errors and fraud.

These assessments enable the auditors to evaluate the Risks of material misstatement of the financial statements.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Three General Standards

A

TIP

(1) adequate Training and proficiency
(2) Independence of mental attitude
(3) due Professional care

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Three Fieldwork Standards

A

PIE

(1) adequate Planning and supervision
(2) understanding entity/environment incl. Internal control
(3) sufficient appropriate audit Evidence

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

The auditor’s judgment concerning the overall fairness of the presentation of financial position, results of operations, and changes in cash flow is applied within the framework of

A

GAAP

Generally Accepted Accounting Principles.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Independence problems - Covered Member, Immediate Family & Close Relatives

A

The covered member as well as a member of the person’’s immediate family (person’’s spouse and any dependents):

  1. cannot have financial interest in the audit client
  2. can work for the audit client as long as the position is not in a position (such as management) that influences the financial statements

A close relative (parent, sibling, nondependent child) can:

  1. have a financial interest in an audit client as long as that interest is immaterial to the person
  2. work for the audit client as long as the position is not in accounting or financial reporting (such as head of payroll accounting)

If the close relative works for the audit firm, the person is not a covered member unless:

  1. the person works on the engagement team or
  2. is in a position to influence the members of the engagement team or the audit
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Illustration of a liability to clients under common law

A

client sues auditor for not discovering a theft of assets by an employee

CPA had a duty to perform, which require him/her to exercise ‘due professional care’

the misappropriation of assets by one employee should have been uncovered through an audit program which revealed the lack of separation of duties with regard to the employee

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Unmodified audit report for a non-public company

A

Introductory, paragraph simply identifies the financial statements that were examined.

Other paragraphs outline:
Responsibilities of the parties
Standards that were followed
Nature and scope of an audit

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

When those charged with governance do not take appropriate remedial action

A

may consider withdrawal from the engagement, if possible under applicable law/regulation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

suspected or identified noncompliance with laws and regulations (initial steps and subsequent procedures)

A
  1. understand act/circumstance (consult with mgmt one level above the act, if unsatisfactory info then client arranged consultation with client’s legal counsel)
  2. evaluate effect on FS

Procedures:

  1. compare supporting docs with acctg records
  2. confirm info with third parties
  3. confirm proper authorization
  4. apply procedures to identify occurrence of similar transactions

NOT personal misconduct by employees unrelated to business ops

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

suspected or identified illegal acts (opinion modification, disclosure)

A

Qualitative - immaterial amount could lead to material
Quantitative - contingencies per noncompliance
Adequacy of disclosure
Implications on reliability of mgmt representations (material)

If material:

  1. issue qualifiled or adverse depending on materiality
  2. disclaim if materiality cannot be ascertained due to insufficiency of evidence
  3. if modifications aren’t accepted, withdraw and communicate reason for w/d in writing to those charged with governance

If immaterial:

  1. disclose to senior mgmt and those charge with governance
  2. if no remediation, withdraw

Possible disclosure to third third parties (confidentiality generally precludes, consult with legal counsel):

  1. under 8K to sec
  2. under inquires from successor auditor
  3. under subpoena
  4. under requirements to funding (governmental) agency
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

work or findings of specialist

A
  1. accept unless determined unreasonable
  2. additional procedures if materially different than FS assertions
  3. unresolved, than seek another opinion (still not resolved then issue qualified or disclaimer of opinion)
  4. only mention specialist if issuing a qualified or adverse opinion AND doing so will assist in understanding the reason for the qualification
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Why must opinion pertain to FS taken as a WHOLE?

A

to prevent misinterpretations regarding degree of auditor’s assumption of responsibility

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Client’s rights to working papers (versus work products or or member-prepared records)

A

Working Papers - belong to member and need not be provided to client unless imposed by state/federal statute, regulations or contractual agreement

Member-prepared records - may only be withheld for fees

Work Products - may be withheld for fees, incompletion, compliance with professional standards, or in light of outstanding litigation (once provided only required to provide again if natural disaster or act of war)

Records and products may be provided in any usable format (if requested exists then provide) and additional fees may be charged.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

Requests to change (audit to review/review to compilation)

A

Reasons:

  1. change in circumstances
  2. misunderstanding regarding nature of each engagement type
  3. restriction on scope (imposed by client or due to circumstances)

Consider:

  1. reason given, particularly scope limitation implications
  2. additional effort require to complete original request
  3. estimated additional cost to complete original request

Do not address change in resulting report

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

Effect on Ratio of equal decrease in numerator and denominator

A

If ratio is greater than 1:1, ratio is increased

If ratio is less than 1:1, ratio is decreased

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

Includes “objective of the engagement”

A

Auditor’s engagement letter

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

Negative Assurance

A

nothing came to our attention that specified matters do not meet specified standards

limited to negative assurance when FS have not been audited

generally not used in opinion on financial statements (never in audit opinion)

used for: comfort letters, special reports, agreed-upon procedures, compliance (laws/regs/contracts)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

Procedures required regarding subsequent events (SE)

A
  1. read & review interim FS
  2. inquiries of mgmt/governance re:
    a. current status of tentative, preliminary, inconclusive data and
    b. any unusual adj since BS date
    c. changes in stock, debt, working capital
    d. substantial contingent liabilities/commitments
  3. read meeting minutes (SH, BOD, OFF)
  4. inquiries of legal counsel
  5. observe SE
  6. scan records for unusual transactions
  7. obtain letter of rep on SE
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

Considerations for Design and Performance of

Further Audit Procedures (responsive to assessed risks of material misstatement RMM at the relevant assertion level)

A
  1. significance of risk
  2. likelihood of material misstatement (MM)
  3. characteristics of relevant transactions, balance, disclosure
  4. nature of entity’s specific controls
  5. whether evidence is expected to determine effectivity of entity controls regarding MM
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

Restrictions not allowed for Review

A

Restrictions are not allowed on:
Scope of the Inquiry
Analytical Procedures

Review may be restricted to a single FS like BS

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

When client presents photocopies in light of misplaced originals

A

Reevaluate risk of fraud
Design alternative tests for related transactions

Must determine reliability of the internally generated evidence in light of entity controls

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
Inspect (physically) new additions to PPE
Test management's assertions of Existence
26
When comparative FS include prior year by predecessor auditor whose report is not presented
indicate in introductory paragraph of auditor report include date and type of opinion from predecessor report not required to obtain representations from predecessor auditor on prior year statements
27
Exceptions to loans regarding independence of covered members
Grandfathered loans Auto loans collateralized by auto Loans collateralized by cash surrender of insurance policy, cash deposits Credit card or overdraft reserve (current = $10,000 or less) Not allowed: personal, student, home mortgage
28
When performing a financial statement audit, auditors are required to explicitly assess the risk of material misstatement due to
Statements on auditing standards, specifically require auditors to assess the risk of material misstatements due to: fraud and to consider that assessment in designing the audit procedures to be performed
29
underlies the application of generally accepted auditing standards, particularly the standards of fieldwork and reporting
materiality and risk The standards of field work concern evidence accumulation and other activities during the actual conduct of an audit. It relates to understanding the of the client's environment which helps the auditor identify significant client business risks and the risk of significant misstatement in the financial statements. The reporting standards require the auditor to prepare a report on the financial statements, stating whether they are presented in accordance with GAAP. Decisions about how much and what types of evidence involve making decisions with regard to materiality and risk.
30
Detection risk & Substantive Procedures
Inversely Related DR = Risk that the auditor's procedures will not detect an error in an account when in fact one exists. Auditor's assurance that there are no errors in an account balance is increased by the application of substantive procedures (SP), so the auditor's assessment of detection risk will decrease. Applying substantive tests as of an interim date rather than as of the year-end potentially increases the risk that misstatements that may exist will not be detected. To decrease detection risk, perform substantive tests at year end. As the acceptable level of detection risk decreases, the assurance provided from substantive tests should increase, so the amount of audit evidence the auditor accumulates will increase.
31
Risk Assessment (RA) for financial reporting
RA - identification and analysis of risks relevant to the preparation of financial statements in conformity with GAAP. Auditor obtains knowledge about management's risk assessment through procedures performed to obtain an understanding of the Entity and its Environment, including Internal Controls.
32
Impact on Audit Risk if Inherent Risk or Control Risk is higher than originally anticipated.
Discovery should have no impact on the desired level of Audit Risk Inherent Risk - the risk that a material misstatement might occur in accounting for a particular account or balance Control Risk - the risk that a material misstatement that actually occurs will be able to get through the reporting company’s internal control and wind up within the reported financial statements The two assessments of IR & CR are independent. Detection Risk - the likelihood that a material misstatement that is created and gets through the internal control systems will also get through the testing by the independent auditor. If either IR or CR is especially high, then enough substantive testing must be done by the auditor so that DR is reduced to compensate. so that overall audit risk remains unchanged. IR X CR X DR = AR
33
Several factors determine the extent to which external users rely on a client's financial statements
1. Concentration of ownership 2. Types and amounts of liability 3. Client size
34
Audit Program
A listing of all the things which the auditor will do to gather sufficient, competent evidence
35
Reliance on the work of another auditor
May choose to do so Must inquire about their reputation Contact or visit if necessary to obtain sufficient info Includes service organizations
36
Auditor's concern regarding stock options
proper authorization trace authorization to BOD vote
37
If departures from GAAP are discovered in Review of nonissuer
Management should modify FS If refuse: modify report to adequately communicate deficiencies If modification is not sufficient: withdraw from engagement (cannot just disclaim).
38
Reporting on Supplementary Information in relation to FS
in relation to FS Whole: evaluate presentation is it fairly stated in all material respects (EOM or separate report)
39
Restricted and General Use
Restricted use - for one or more specified third parties due to possible misunderstanding when taken out of context for intended use General use is not restricted to specified parties Reports in conformity with applicable framework generally aren't restricted even if OCBOA
40
Test data and payroll system
discover invalid employee ID numbers (input invalid numbers to test controls against it) Tests of approval, check cashing and unclaimed checks tested outside the PR system
41
Qualified Opinion due to Scope Limitation
insufficiency of evidence
42
Kiting
When money is moved from one account to another but the deposit and the withdrawal are recorded in different time periods to inflate the amount of cash being reported, the term “kiting” is used to identify that fraud. The treasurer of a company has stolen $10,000 in cash from the company. At the end of the year, he is afraid that he will be caught so he transfers $10,000 from one company bank account to another. He records the deposit on December 31 of the first year so that $10,000 cash is added. He does not record the withdrawal from the other account until January 1 of the second year. As a result, for one day, the company looks like it has $10,000 more than it really does.
43
Auditor's Engagement Letter
1. services the auditor will perform 2. assistance or restrictions on the audit 3. auditor cannot guarantee that all acts of fraud will be discovered 4. management is responsible for maintaining effective internal control.
44
internal controls consist of five interrelated components:
CRIME 1. Control activities - policies and procedures that help ensure that management directives are carried out. 2. Risk assessment - identification and analysis of relevant risks to achievement of its objectives. 3. Information and communication systems - support the identification, capture, and exchange of information in a form and time frame that enable people to carry out their responsibility. 4. Monitoring - asseses the quality of internal control performance over time. 5. control Environment - sets the tone of the organization.
45
Procedures for evaluating management identification of accounting estimates that could be material to the financial statements
Assertions embodied in FS Evaluate information obtained in performing other procedures, such as: 1. changes in the entity's business, operating strategy, industry 2. changes in methods of accumulating information 3. litigation, claims, assessments, other contingencies 4. reading meeting minutes (stockholders, directors, committee) 5. regulatory or examination reports, supervisory correspondence, etc. from applicable regulatory agencies Inquire of management about the existence of circumstances that may indicate the need to make an accounting estimate.
46
IT application controls.
Input controls Processing controls Output controls
47
IT general controls
1. program change controls 2. controls that restrict access to programs or data 3. controls over the implementation of new releases of packaged software applications 4. controls over system software that restrict access to or monitor the use of system utilities that could change financial data or records without leaving an audit trail
48
Management Representation Letter (Interim?)
``` Interim: Financial information Internal control Fraud or suspected fraud at the entity Completeness of information Recognition, measurement, and disclosure Related party transactions Subsequent events ``` Representation letters: appear on the client's letterhead addressed to the auditor dated as of the date of the auditor's report signed by client (responsible officials/president & CFO)
49
10 generally accepted auditing standards, approved and adopted by the AICPA. Three categories: (no longer AICPA but PCAOB?)
general standards standards of fieldwork standards of reporting Review Services (SSARS) are not GAAS
50
A member of a registered public accounting firm that participated on the engagement becomes employed with the client in a significant accounting position (CEO, CFO, controller, CAO, or equivalent position)
Firm is prevented from conducting the audit for a one-year period
51
The auditor responds to risks of material misstatement due to Fraud in the following three ways:
A response that has an overall effect on how the audit is conducted—that is, a response involving more general considerations apart from the specific procedures otherwise planned A response to identified risks involving the nature, timing, and extent of the auditing procedures to be performed A response involving the performance of certain procedures to further address the risk of material misstatement due to fraud involving management override of controls, given the unpredictable ways in which such override could occur
52
Prior to seeking approval of certain tax services from the audit committee, a registered public accounting firm must:
Describe in writing the scope/fee structure of services Discuss potential effects on independence Document substance of the discussion Public Company Accounting Oversight Board (PCAOB) Rule 3524
53
SEC Form S-1
Issue new securities
54
Reasonable assurance regarding professional standards
System of Quality Control | AICPA Statements on QC
55
Generally Accepted Auditing Standards (GAAS) and Statements on Auditing Standards (SAS)
minimum standards of performance, in exercising due professional care by the auditor, that must be achieved on each audit engagement.
56
A CPA firm's quality control procedures pertaining to the acceptance of a prospective audit client would most likely include
Inquiry of third parties, such as the prospective client's bankers and attorneys, about information regarding the prospective client and its management.
57
objective of an operational audit
Specific operating units are functioning efficiently and effectively often performed by internal auditors
58
Transactions selected for testing are not supported by proper documentation
Auditing standards states that if a condition or circumstance differs adversely from the auditor's expectation, the auditor needs to consider the reason for such a difference. consider whether material misstatements exist in an entity's financial statements
59
auditor's responsibility for supplementary information, such as segment information, which is outside the basic financial statements, but required by the FASB
auditor has no responsibility to audit information outside the basic financial statements has some responsibility regarding such information extent varies with the nature of the information Required Supplementary Information (FASB,GASB) - apply certain limited procedures and report deficiencies or omissions not required to test transaction details and balances for material misstatements
60
CPA firms registered with the Public Company Accounting Oversight Board (PCAOB) are subject to periodic inspections
inspection process by the PCAOB takes the place of peer review Firms that audit more than 100 companies are inspected annually The rest inspected every three years.
61
In registering with the Public Company Accounting Oversight Board (PCAOB), a CPA firm must provide significant information
1. List of all audit clients who issue securities 2. Pending criminal actions against the firm 3. Annual fees from each client issuer divided between audit and non-audit services. 4. List of all accountants participating in the audit of each client that is an issuer of securities. 5. Statement on QC policies MORE 3622.02
62
Form 8-K
filed with SEC to report significant events that are of interest to public investors. Include: acquisition or sale of a subsidiary, a change in officers or directors, an additional product line, change in auditors
63
Early appointment of the auditor
enables a more sufficient audit to be planned
64
A covered member
1. any individual on the audit engagement team, 2. anyone who can influence either the engagement or the members of the engagement team, 3. the partners in the office in which the engagement is primarily performed. 4. any individual that provides ten or more hours of non-attest services to the client covered members must abide by specific independence rules toward the audit client
65
independence impaired with respect to client
1. Client is behind on its audit fees 2. Audit client initiates a lawsuit against the auditor 3. Auditor initiates a cross claim against client management No independence problem: 1. covered member receives an unsolicited financial interest, such as the inheritance, if disposes of it within 30 days 2. operating leases and claims against clients for immaterial amounts and related to non-audit matters 3. suit is not against each other or likely to be
66
"grandfathered" loan
Failure to make payments on a loan obtained prior to client audit relationship no longer qualifies as a "grandfathered" loan under the AICPA guidelines.
67
Department of Labor (DOL) guidelines on covered members
sets independence standards for audits of employee benefit programs for US firms stricter than those of the AICPA partner in another office not involved is a "covered" if he participates in benefit plan under audit
68
state board of accountancy
accountants in public practice must adhere to their requirements may revoke his CPA license (not AICPA)
69
must should may might could
unconditional presumptively mandatory (document/justify departure) no requirement
70
Auditing Statements of Position
issued by the AICPA interpretive publications for guidance, not auditing standards with requirements for auditors
71
Public Company Accounting Oversight Board (PCAOB) Auditing Standard No. 7 - Reviewing Partners
must possess the same level of knowledge and competence that would qualify him or her to serve as the audit partner on the engagement under review provide concurring approval of issuance of the audit report only if not aware of a significant engagement deficiency after conducting review in accordance with professional standards firm may only allow clients to use the audit report after reviewing auditor provides concurring approval of issuance during review, focus on evaluating the engagement team's judgments and related conclusions during the audit
72
GAO threats to independence
``` Self Interest (financial/other) Self Review (failure to properly evaluate results) Bias (promote a position) Familiarity (close relationship) Undue Influence Mgmt Participation Structural Threats ```
73
Review of pro forma financial info
Include reference to historical financial info (audited or reviewed FS) from which derived Provided negative assurance regarding pro forma effect of transaction or event to historical FS
74
SOX 2002, Sec 407 financial expert
understands GAAP & FS experience in prep or audit of FS experience with internal accounting controls understand audit committee functions
75
Governmental Audit & Internal Control
Reports on IC Understanding of relevant IC Determined whether IC placed in operation
76
Title IV SOX FS requirements
reflect: all material correcting adjustments material off-BS items nothing untrue and no material omissions on pro forma info
77
required communication with those charged with governance
disagreements with management regardless of whether satisfactorily resolved
78
10 conditions for agreed-upon procedures
independent agreed upon w/specified parties specified parties responsible for sufficiency include summary of significant assumptions criteria (suitable/available to specified parties) agreed upon criteria expectation of reasonably consistent findings expected existence of evidence to provide reasonable basis agreed-upon materiality limits use restricted to specified parties
79
Management assertions with regard to financial reporting are made in relation to three broad areas;
(1) transaction-related events; (2) account-balances; and (3) presentation and disclosure. Management makes no assertions about internal control. Assertions about internal control are made when the CPA has been hired to provide a report on internal control.
80
Public Company Accounting Oversight Board (PCAOB) Rule 3525 requires the registered public accounting firms
1. describe in writing the scope of the services, 2. discuss potential effects on independence, and 3. document the substance of the discussion with the audit committee.
81
Required Supplementary Information (RSI),
The auditor has an obligation to apply limited procedures to and report deficiencies in the required supplementary information (RSI), as the information is considered by the Government Accounting Standards Board (GASB) to be an essential part of the financial reporting package. The CPA should 1. inquire of management and consider if the information is consistent with the audited financials and other information obtained during the audit. 2. consider whether or not the RSI should be covered in the representation letter from management. There is no need to apply substantive tests of transactions to the supplementary information.
82
Under Section 11 of the Securities Act of 1933, a CPA who certifies financial statements will not be liable to a purchaser of the security if
he or she can prove due diligence. Due diligence is the reasonable professional standard of care that would relieve a person of liability under the 1933 Act on a registration statement that contained untrue statements of a material fact or omissions of a material fact.
83
At the minimum, a compilation documentation should include:
1. engagement letter, 2. any significant findings or issues, and 3. communications regarding noncompliance with laws and regulations and fraud that have come to the accountant's attention
84
The auditor's standard report does not include an expression related to the consistent application of an applicable financial reporting framework if
(a) no change in accounting principles has occurred, or (b) there has been a change in accounting principles or the method of their application, but the effect of the change is not material.
85
A review does not contemplate
obtaining an understanding of the entity's internal control; assessing fraud risk; testing accounting records by obtaining sufficient appropriate audit evidence through inspection, observation, confirmation, or the examination of source documents; Materiality or other procedures ordinarily performed in an audit.
86
A review engagement under SSARS requires
1. analytical procedures 2. independence 3. limited assurance that there are no Material Modifications that should be made to the financial statements. (not aware of material modifications to conform with GAAP)
87
When reporting on financial statements of a regulatory entity that are prepared in accordance with the requirements of financial reporting provisions of a government regulatory agency to whose jurisdiction the entity is subject,
the auditor may report on the financial statements as being prepared in accordance with a comprehensive basis of accounting other than generally accepted accounting principles. Reports of this nature, however, should be issued only if the financial statements are intended solely for filing with one or more regulatory agencies.
88
AU-C 450.04 defines misstatement as
“a difference between the amount, classification, presentation, or disclosure of a reported financial statement item and the amount, classification, presentation, or disclosure that is required for the item to be presented fairly in accordance with the applicable financial reporting framework.” (known) and (likely) misstatements.
89
The extent and nature of the risks to internal control associated with IT vary depending on the nature and characteristics of the entity's information system. The auditor should consider
1. whether the entity has responded adequately to the risks arising from IT by establishing effective controls, including effective general controls upon which application controls depend. 2. controls over IT systems are effective when they maintain the integrity of information and the security of the data such systems process. does not matter if controls are manual or automated
90
Nonroutine transactions
unusual due to size unusual due to nature occur infrequently
91
To understand internal control,
an auditor needs to read or hear a description of the policies and procedures that describe the controls used. Tests of details (substantive tests), such as performing analytical procedures and test counts, will determine the accuracy of account balances but will do little to help an auditor understand an internal control structure concerning inventory balances.
92
A change in accounting principle
“is a change from one accounting principle in accordance with the applicable financial reporting framework to another accounting principle in accordance with the applicable financial reporting framework when (1) two or more accounting principles apply or (2) the accounting principle formerly used is no longer in accordance with the applicable financial reporting framework. A change in the method of applying an accounting principle also is considered a change in accounting principle.” (AU-C 708.A4) Changes in accounting principle having a material effect on the financial statements for an audit require the addition of an Emphasis-of-Matter paragraph in the independent auditor's report. EOM is not required for a compilation or a review. Changes in accounting principles need to be disclosed, but the SSARSs do not directly address any report modifications for them.
93
Attribute sampling
test compliance with the control To determine sample size for attribute sampling: 1. Reliability level (allowable risk of assessing control risk too low). 2. Sampling Table 3. Estimate likely Rate of Deviation (population occurrence rate in percent) 4. Define maximum Tolerable Deviation Rate. DRES
94
The auditor's overall responses to address the assessed risks of material misstatement at the financial statement level may include the following:
1. Emphasizing professional skepticism 2. Assigning more experienced staff or specialists 3. Providing more supervision 4. Incorporating additional elements of unpredictability in the selection of further audit procedures to be performed
95
The auditor's SPECIFIC responses to address the assessed risks of material misstatement at the financial statement level may include the following:
substantive responses further audit procedures test of controls
96
The auditor should obtain a sufficient understanding by performing risk assessment procedures to evaluate the design of controls relevant to an audit of financial statements and to determine whether they have been implemented. The auditor should use such knowledge to:
identify types of potential misstatements, consider factors that affect the risks of material misstatement, and design tests of controls, when applicable, and substantive procedures.
97
content of the representation letter
written representations are considered complementary evidence in support of various assertions but not substitutes for other auditing procedures
98
Audit documentation (working papers)
This documentation: 1. to provide the principal support for the auditor's report and opinion 2. to aid the auditor in both the planning and the supervision of the audit 3. to assist the audit team in proving that the audit was conducted in accordance with generally accepted auditing standards Property of the independent auditor and is not attended to assist the company's management.
99
Appropriate evidence
Relevant and Reliable. The auditor's direct personal knowledge obtained through physical examination, observation, recalculation, reperformance, inspection is more reliable than information obtained indirectly. external > internal
100
A U.S. entity prepares its financial statements in conformity with accounting principles generally accepted in another country. These financial statements will be included in the consolidated financial statements of its non-U.S. parent. Before reporting on the financial statements of the U.S. entity, the auditor practicing in the United States should:
obtain written representations from management of the U.S. entity regarding the purpose and uses of the financial statements
101
On receiving a client's bank cutoff statement, an auditor most likely would trace:
prior-year checks listed in the cutoff statement to the year-end outstanding checklist. A cutoff bank statement is a record of transactions for a specific period (less than the full-month reporting period) that is requested by the auditor from the bank.
102
auditor's required communication with those charged with governance
include management changes in the application of significant accounting policies
103
analytical procedures on the client's operations
Analytical procedures consist of evaluations of financial information made by a study of various relationships among both financial and nonfinancial data to identify unusual transactions, events, amounts, ratios , trends and balances that may indicate a high level of risk for a material misstatement analytical procedures help determine where further investigation is warranted
104
nonfinancial information an auditor considers in performing analytical procedures during the planning phase
analytical procedures are concerned with plausible relationships generally use data aggregated at a high level square footage of selling space to compare retail revenues and expenses to industry figures and prior year performance
105
analytical procedures in the overall review stage
assist the auditor in assessing conclusions reached and in evaluating the overall financial statement presentation. The results of the review may indicate that additional evidence may be needed.
106
Analytical review procedures
Substantive tests | designed to evaluate the reasonableness of financial information
107
example of entity process that facilitates auditor analytical proceures
The use of a standard cost system that produces variance reports allows the auditor the opportunity to compare the output from the standard cost system with the financial information presented by management
108
liabilities significantly lower than expected
Purchases and cash payments affect the liability balance Sales and cash collections unlikely to impact liabilities.
109
increase in the age of accounts receivable
credit terms have been loosened so that customers with less money are able to buy on credit economic times are bad, so peopletend to pay more slowly and the number of bad accounts goes up lapping (money from a customer is stolen), money from a second customer is diverted into the account of the first customer and the age longer if receivables sold (before collected) the age is shorter
110
Decrease in A/R Turnover
Sales/ Accounts Receivable a consignment sale recorded as a sale at the time of shipment instead of when the goods are actually sold Increases both Sales and A/R to decrease ratio turnover ratio larger: customers pay quicker sales figure is increased but not accounts receivable sales stays the same but accounts receivable goes down
111
no record is made of this inventory purchase
goods (and the related debt) cost of goods sold not affected, so gross profit is correct Inventory and accounts payable are too low by the same amount so working capital and current ratio are correct inventory turnover = COGS/average inventory average inventory too low cost of goods sold is correct inventory turnover too high
112
Title IV of Sarbanes-Oxley
requires financial statements reflect all material correcting adjustments material off-balance-sheet transactions, arrangements, obligations, and other relationships any pro forma information does not contain untrue statements or omissions of material facts.
113
Responsibilities of the PCAOB include
1. register public accounting firms. 2. establish or adopt standards relating to the preparation of audit reports for issuers. 3. conduct inspections of registered public accounting firms 4. conduct investigations and disciplinary proceedings 5. promote high professional standards ``` 6. enforce compliance with: Sarbanes-Oxley Act rules of the PCAOB professional standards securities laws ```
114
The Comprehensive Budget Omnibus Reconciliation Act (COBRA)
requires employers to offer former employees continued benefits after they leave a position for a certain period of time employees are normally responsible for the insurance premiums.
115
The auditor should communicate with those charged with governance (the audit committee):
the auditor's responsibilities under generally accepted auditing standards, an overview of the planned scope and timing of the audit, and significant findings from the audit.
116
The significant findings from the audit that should be communicated with audit committee include:
the auditor's view about qualitative aspects of the entity's significant accounting practices, significant difficulties encountered during the audit, uncorrected misstatements (that are not trivial), disagreements with management, other findings or issues that the auditor believes to be significant or relevant to the audit committee's oversight of the financial reporting process, material, corrected misstatements that were brought to the attention of management as a result of audit procedures, representations the auditor is requesting from management, management's consultations with other accountants about accounting and auditing matters, and significant issues arising from the audit that were discussed with management. the effect of significant mgmt policies in emerging areas without authoritative guidance
117
internal auditors
work may affect the nature, timing, and extent of the audit, including: 1. procedures the auditor performs when obtaining an understanding of the entity's internal control 2. procedures the auditor performs when assessing risk 3. substantive procedures the auditor performs
118
Section 403 of Title IV of the Sarbanes-Oxley Act (SOX)
Disclosures of Transactions Involving Management and Principal Stockholders: any person directly or indirectly the beneficial owner of more than 10% of any class of any equity security or is a director or an officer of the issuer must file statements required by SOX and the SEC.
119
Section 402 of Title IV of the Sarbanes-Oxley Act (SOX)
Enhanced Conflict of Interest Provisions: unlawful for any issuer to extend or maintain credit in the form of a personal loan to or for any director or executive officer of that issuer.
120
Section 404 of Title IV of the Sarbanes-Oxley Act (SOX)
Management Assessment of Internal Controls: an internal control report must be filed with each annual report Management must acknowledge responsibility for establishing and maintaining adequate internal control.
121
Section 406 of Title IV of the Sarbanes-Oxley Act (SOX)
Code of Ethics for Senior Financial Officers: requires disclosure of whether or not the issuer had adopted a code of ethics for senior financial officers (and if not, why not) Any change in or waiver of this code requires disclosure as well. Promote: 1. honest/ethical conduct 2. full, fair, accurate, timely, understandable disclosures 3. compliance with applicable gov't rules/regs
122
Controls addressing risks of material misstatements due to fraud and controls identified to address management override should be evaluated. Controls that may address these risks include:
1. controls over significant, unusual transactions, particularly those that result in late or unusual journal entries, 2. controls over journal entries and adjustments made in the period-end financial reporting process, 3. controls over related party transactions, 4. controls related to significant accounting estimates, and 5. controls that mitigate incentives for, and pressures on, management to falsify or inappropriately manage financial results.
123
Prior to accepting an initial engagement pursuant to the standards of the PCAOB, a registered public accounting firm must:
1. describe, in writing, to the audit committee of the issuer, all relationships between the registered public accounting firm or any affiliates of the firm and the potential audit client or persons in financial reporting oversight roles at the potential audit client that, as of the date of the communication, may reasonably be thought to bear on independence; 2. discuss with the audit committee of the issuer the potential effects of the relationships described above on the independence of the registered public accounting firm, should it be appointed the issuer's auditor; and 3. document the substance of its discussion with the audit committee of the issuer.
124
The disclosure of fraudulent activities to parties other than the client's senior management and those charged with governance is not ordinarily part of the auditor's responsibility and would normally not be permitted due to confidentiality. Under certain circumstances, however, the auditor may be required to disclose information to outside parties.
These circumstances could be: 1. to comply with legal and regulatory requirements, 2. to respond to a successor auditor, 3. when subpoenaed, and 4. in accordance with grant requirements when clients receive governmental assistance.
125
Regarding fraud, the auditor should:
1. communicate to those charged with governance all fraud involving senior management and fraud that causes a material misstatement (not inconsequential acts), 2. report to those charged with governance and management any significant deficiencies due to risks of material misstatement due to fraud, and 3. inform the appropriate level of management of evidence that fraud has occurred, even if the matter is inconsequential.
126
The auditor's understanding of the entity and its environment consists of an understanding of the following aspects:
Industry, regulatory, and other external factors Nature of the entity Objectives and strategies and the related business risks that may result in a material misstatement of the financial statements Measurement and review of the entity's financial performance Internal control, which includes the selection and application of accounting policies The relevant industry, regulatory, and other external factors include industry conditions, such as the competitive environment, supplier and customer relationships, and technological developments; the regulatory environment, which encompasses, among other matters, relevant accounting pronouncements, the legal and political environment, and environmental requirements affecting the industry and the entity; and other external factors, such as general economic conditions.
127
According to AU-C 240.17, the auditor should inquire of management about the following regarding fraud:
1. Whether management has knowledge of any fraud or suspected fraud affecting the entity 2. Whether management has a process for identifying, responding to, and monitoring the risks of fraud in the entity, including any specific risks of fraud that management has identified or that have been brought to its attention 3. Management's communication, if any, to those charged with governance regarding its processes for identifying and responding to the risks of fraud 4. Management's communication, if any, to employees regarding its views on business practices and ethical behavior
128
Assertions
not techniques for gathering evidence
129
Techniques for gathering evidence
``` Inquiry Calculation Confirmation Anaylsis Inspection Comparison ```
130
Independence and Compilation
independence not required disclose (reason not required)
131
Objective of Compilation
Present representations of Mgmt in the form of FS without offering any assurance
132
NOT required for Compilation
``` Inquiry of Mgmt* Analytical Procedures* Assurance (not offered/allowed)* Independence* Mgmt Representation Letter* ``` Understanding of Internal Control Assessing Fraud Risk Testing Accounting Records *Required for Review
133
Required for Review
Inquiry of Mgmt (stated) Analytical Procedures (stated) Limited Assurance (not aware of Material Modification to comply with GAAP-stated) Independence Mgmt Representation Letter Due Professional Care General understanding of the nature of entity accounting principles and practices
134
Required for Compilation
``` General understanding of the nature of entity operations (accounting principles and practices): Nature of Transactions Form of Accounting Records Stated Qualifications of Acctg Personnel Acctg Basis Form/Content of FS ```
135
Special Reports
``` FS special purpose/not GAAP specified elements, accounts, items (separate engagement, restricted use) compliance w/contracts or regs prescribed forms/schedules condensed FS application of acctg principles letters for UW ```
136
Notification of 3P if client refuses to disclose new facts/impact
only if FS misleading new info, lack of cooperation, report no longer applicable need not detail specifics of refusal
137
Standard review report not adequate to indicate deficiencies for departures from GAAP
withdraw from engagement | no further services concerning FS
138
The most important purpose in an audit of confirmation
Prove that the balance (and the debtor) actually do exist. Takes considerable time, so performed early in audit unless serious problems are expected Positive confirmations ask for a response in all cases Better testing technique than negative confirmations Used when risk like internal control risk is high Collection of a balance indicates it did exist and is collectible, so auditors review cash collections in the period right after the end of the year
139
Using the work of a specialist in an audit
CPAs cannot be expected to have unlimited knowledge on all possible topics. CPA needs to be well aware of all assumptions and methods used by the specialist in doing the assigned work. Auditor is not capable of reviewing all the work of the specialist or a specialist would not be needed. Specialist does not have to be independent but the CPA’s reliance should be guarded if independence is lacking.
140
Review of the previous audit work papers
is allowed but that cannot be the only procedure carried out to establish the opening balances.
141
1. Quality Control 2. Planning and performance 3. Audit objective
1. QC - leadership, ethical requirements, acceptance/continuance of clients/engagements, human resources, performance, monitoring. 2. P&P - Audit risk, materiality, and statistical sampling techniques 3. AO - opinion on FS (fairness, in all material respects, the financial position, results of operations, and cash flows in conformity with an applicable financial reporting framework), specific per mgmt assertions, compliance with laws and regulations
142
mean-per-unit estimation
Statistical/Variables sampling plan In statistical sampling, quantify relevant factors: 1. Variability increases, the sample size must increase 2. Risk of Incorrect Acceptance (risk that sample supports conclusion that account balance is not materially misstated when it is materially misstated), increase the size of the sample to reduce 3. Nature/Characteristics of population affect sample size Statistical sampling: calculate sampling risk quantitatively. make objective statements about population on the basis of the sample Professional judgment used to determine the sample size, whether statistical or nonstatistical
143
existence of related parties
1. borrowing or lending on an interest-free basis or significantly above or below market rates, 2. selling real estate at a price significantly different from appraised value, 3. exchanging property for similar property in a nonmonetary transaction, or 4. making loans with no scheduled terms for when or how the funds will be repaid.
144
Report issued on Significant Deficiencies/Material Weaknesses relating to an Internal Control observed during a financial statement Audit
1. statement restricting the distribution of the report. 2. statement that auditor's consideration of internal control was to express an opinion on the financial statements and not to provide assurance on the internal control 3. statement that the auditor is not expressing an opinion on the effectiveness of internal control; 4. statement that the auditor's consideration of internal control was not designed to identify all deficiencies in internal control that might be significant deficiencies or material weaknesses; 5. definitions of material weakness and significant deficiency; and 6. identification of matters considered to be significant deficiencies and material weaknesses.
145
Threats to independence - GAO
Apply Safeguards
146
Audit engagement for whichthe acceptable levels of both audit risk and materiality are lower,
the auditor will plan more work on individual accounts in order to find Smaller errors.
147
Analytical procedures have the highest level of evidence when they use direct predictable relationships within financial statements. Example.
The amount of Interest Expense is directly related to balances and rates of interest bearing accounts and notes payable.
148
Misstatements can be caused by
1. Inaccuracy in gathering/processing Data 2. Difference in presentation from GAAP 3. Omission of FS element, account, or item 4. Disclosure that is not in conformity with GAAP 5. Omission of a Disclosure required by GAAP 6. Incorrect accounting Estimate 7. Unreasonable/Inappropriate management Judgment regarding an accounting estimate
149
A normal distribution
is a bell-shaped curve, with the distribution center at the population mean, and requires only knowing the mean and the standard deviation.
150
The standard deviation
is used to measure the extent to which the values of the items are spread about the mean.
151
The mean
is a measure of central tendency obtained by totaling all the values and dividing by the number of items.
152
Materiality
The determination of materiality requires auditor judgment. Quantitative - expressed in number terms (the amount of misstatement that would influence the economic decisions of users) Qualitative - (such as key disclosures or items related to laws and regulations that are less than the material amount)
153
service auditor procedures
1. visiting the service auditor 2. discussing the audit procedures and results, 3. reviewing the audit programs of the service auditor, 4. reviewing the workpapers of the service auditor. Uses for several processes: review report on controls to obtain understanding of controls in place in the operation of services
154
A disclaimer of opinion
expression of no opinion. (AU-C 700.03) A disclaimer of opinion is warranted when Restrictions on the Scope of the audit are so severe, whether client imposed or due to other reasons, that the auditors are unable to obtain Sufficient Appropriate audit Evidence to enable them to form an opinion.
155
risk of material misstatement
1. complexity and subjectivity associated with process, 2. availability and reliability of relevant data, 3. number and significance of assumptions made, and 4. degree of uncertainty associated with assumptions.
156
Committee of Sponsoring Organizations of the Treadway Commission (COSO) published a follow-up study to its 1987 report entitled Fraudulent Financial Reporting: 1987–1997, An Analysis of U.S. Public Companies
outlining year-end testing procedures including: A. tests of transaction cutoffs. B. tests of transaction terms/account valuation for end-of-period accounts. C. tests to ensure a baseline level of internal control.
157
Define Appropriateness of Audit Evidence
Competency both relevant and reliable
158
assertions about classes of transactions and events for the period under audit
Transactions and events that have been recorded have occurred and pertain to the entity. Transactions and events have been recorded in the proper accounts. Amounts and other data related to transactions and events have been recorded appropriately.
159
rules of the AICPA Code of Professional Conduct must be observed even by a member who is not in public practice
In the performance of any professional service, a member shall maintain 1. objectivity and integrity, 2. shall be free of conflicts of interest, and 3. shall not knowingly misrepresent facts or subordinate his or her judgment to others
160
substantive tests of pricing and extensions of perpetual inventory balances consisting of a large number of items when past experience indicated numerous pricing and extension errors - statistical sampling
Ratio estimation sampling based on ratios between audited amounts and recorded amounts. most efficient when the ratio is not equal to one. numerous usable results that would produce the most precise evaluation most effective when calculated audit amounts are approximately proportional to the client's book amounts.
161
For the accounting firm to continue to provide audit service to the client, Title II (Independence Rules) Section 203 SOX states that the lead audit partner must rotate out
Audit Partner Rotation: at least every five years to promote independence of the audit firm
162
Date on reissued report of FS
same as original
163
acceptability of financial reporting framework
purpose users mgmt. determination applicable framework acceptable
164
mitigating factors (going concern)
asset disposal borrow money/restructure debt reduce/delay expenditures increase ownership equity
165
documentation of uncorrected misstatements
1. the amount below which they are trivial 2. all accumulated misstatements and if corrected 3. conclusion as to materiality individually or in the aggregate
166
compilation OCBOA
disclose OCBOA in report
167
Review predecessor auditor working papers related to
internal control | contingencies
168
Possible result of violations of auditing and related professional practice standards
disciplinary proceedings by PCAOB
169
once related party transactions are identified
determine if approved by those charged with governance
170
report OCBOA
standard audit report modified opinion for departures from GAAP additional paragraph regarding conformity with OCBOA
171
service auditor/auditor's report
should not be referenced no division of responsibility since service auditor did not examine client FS
172
report on supplementary information
Other Matter following Opinion | or Separate Report
173
client will not allow inquiry of legal counsel
material scope limitation | disclaimer of opinion
174
compilation documentation
engagement letter significant findings/issues communications of noncompliance and/or fraud
175
CPA firm - entity formation
any form in which CPA's maintain ownership, rights and professional matters
176
addressee for auditor report
company that engaged auditor | stockholders, BOD
177
to express opinion on employee profit participation
must also audit employer FS
178
registered firms and associated persons independence
during professional and audit engagement period
179
Obtain a sufficient understanding by performing risk assessment procedures to evaluate the design of controls relevant to an audit of financial statements and to determine whether they have been implemented to:
1. identify types of potential misstatements, 2. consider factors that affect the risks of material misstatement, and 3. design tests of controls, when applicable, and substantive procedures.
180
underwriter a comfort letter containing comments on data that have not been audited
negative assurance on compliance as to form
181
The understanding with the client regarding services to be performed during an engagement includes
that the objective of the audit is the expression of an opinion on the financial statements. responsibilities of management for: financial statements, adjustments to correct material misstatements establishing and maintaining effective internal control, ensuring that the entity complies with the laws applicable to its activities, making all financial records available to the auditor, providing the auditor with a letter confirming representations made to the auditor during the audit. auditor's responsibilities, including: conducting the audit in accordance with GAAS obtaining understanding of internal control sufficient to plan the audit and determine the nature, timing, and extent of the audit procedures
182
appropriateness of audit evidence
Competency both relevant and reliable
183
When obtaining written client representations, materiality limits do not apply to:
Irregularities in financial statements (intentional misstatements or omissions of amounts or disclosures) Client representation letter states that there have been no irregularities involving management or employees who have significant roles in the internal control structure.
184
audit procedures for estimated contingencies
gather sufficient appropriate evidence to provide reasonable assurance that all estimates material to the financial statements have been made—completeness. consider the consistency of processes and assumptions understand how the estimates were derived gather sufficient appropriate evidence to provide reasonable assurance that such estimates are presented in accordance with US GAAP assess the reasonableness of management's judgments, which would include the determination of whether a contingency is reasonably possible, probable, or remote
185
Audits of entities receiving federal financial assistance usually have the following common elements:
Auditors must follow GAAS and GAS Auditor's consideration of internal control is to include obtaining and documenting an understanding of internal control established to ensure compliance with the laws and regulations applicable to the federal financial assistance. Auditor issues a report on the consideration of internal control. Auditor determines and reports on whether funds are administered in accordance with applicable laws and regulations.
186
Two types of misstatements are relevant to the auditor's consideration of fraud-misstatements
Misstatements arising from: 1. fraudulent financial reporting 2. misappropriation of assets
187
Communicating significant deficiencies in the design of internal control when reporting under Government Auditing Standards.
to specific legislative and regulatory bodies
188
Auditor may be engaged to perform which services in relation to Prospective financial statements expected to be used by a third parties.
examination, compilation, (inquiries re: acctg principles appropriate, or agreed-upon procedure
189
If the client refuses to disclose the newly discovered facts and their impact on the financial statements to persons known to be currently using or likely to use the financial statements, all of the following steps should be taken by the accountant:
(a) notification to the client that the accountant's report must no longer be associated with the financial statements (b) notification to the regulatory agencies having jurisdiction over the client that the accountant's report should no longer be used, and (c) notification to each person known to the accountant to be using the financial statements that the financial statements and the accountant's report should no longer be used.
190
quality control requirement under Government Auditing Standards
provide the CPA's most recent external quality control review report to the party contracting for the audit
191
unable to obtain audited FS of consolidated investee
material scope limitation | qualified opinion
192
prepare FS audit for consolidated non US, non GAAP
Either: modified US style report to comply or report form of non US country
193
Communicate to those charged with governance (IFRS)
auditor responsibilities planned scope and timing significant timing auditor independence
194
UW requests comfort letter
UW must provide required representation letter otherwise no comfort letter (another form of letter may be provided)
195
Entity's risk assessment process
Entity's identification, analysis and management of risks relevant to financial statement presentation
196
Auditor's risk assessment process
Auditor's evaluation of the likelihood that material misstatements in FS could occur.
197
Financial Forecast vs. Projections
Both are prospective standard forecast report: compilation is limited to information that is the management's representation and does not include evaluation of the support of the assumptions underlying the forecast Projections contain one or more hypothetical assumptions Projections are restricted to limited use only while forecasts may be used for general or restricted use.
198
Verify Completeness assertion for inventory
Prenumbered receiving reports | Periodically reconciled
199
Auditor's required compliance with which standards
All standards (GAAP, GAAS, GAGAS) Competence, skills, technical knowledge, experience
200
vouchers payable
match invoice to RR approve voucher via authorized employee indicate asset/expense debits (proper classification) NOT accounting for unused purchase orders and receiving reports
201
Primary supervisory responsibility of auditor with final responsibility
to explain to staff accountants how results of procedures performed should be evaluated
202
Reporting on condensed FS
indicate if fairly stated in all material aspects in relation to complete FS same requirements/guidance as Interim reporting
203
Section 105 of the Sarbanes-Oxley Act (SOX) dictates that the Public Company Accounting Oversight Board (PCAOB)
may investigate any act or practice, or omission to act, by a registered public accounting firm that may violate any provision of the Sarbanes-Oxley Act, PCAOB rules, securities laws, and professional standards. Possible disciplinary actions include: temporary suspension permanent revocation of registration temporary or permanent suspension of persons; temporary or permanent limitation on activities, functions, or operations of the firm; civil monetary penalties; censure; additional professional education or training; and any other sanction provided for in the PCAOB rules. PCAOB will strictly sanction intentional or knowing conduct, including reckless conduct, that results in violations and repeat violations.
204
Engagement letter
objectives of the engagement, responsibilities of management, responsibilities of practitioner, limitations of the engagement, identification of the applicable financial reporting framework, and reference to the expected form and content of any reports to be issued by the auditor. Information about fees and billing may be included but is not required.
205
The Securities Act of 1933:
is concerned with preventing fraud in securities sales.
206
An auditor may provide an issuer client any of the following nonaudit services without impairing independence and without obtaining the preapproval of
nonaudit services with revenues in aggregate of less than 5% of the total revenues paid by the issuer to the auditor during the fiscal year in which the nonaudit services are provided nonaudit services that were promptly brought to the attention of, and approved by, the audit committee prior to the completion of the audit services that the issuer did not recognize as nonaudit services at the time of the engagement all nonaudit services, except those that fall under the de minimis exception, need to be preapproved by the audit committee MAY NOT PROVIDE nonaudit services to perform financial information systems design and implementation
207
The introductory paragraph contains three important facts
1) It states that an audit was conducted and indicates which financial statements are covered in the financial report; 2) It contains a statement that the financial statements are the responsibility of management; and, 3) It identifies the auditor's responsibility to express an opinion on the financial statements.
208
An auditor who performs an audit of a public company must make reference to standards
issued by the Public Company Accounting Oversight Board (PCAOB) in the scope paragraph of the audit report.
209
Pervasiveness
the extent to which the exception affects different elements of the financial statements.
210
PCAOB Auditing Standard No. 5 requires
the audit of internal control over financial reporting to be integrated with the audit of the financial statements.
211
Both disclaimers and adverse opinions are used:
Only when a condition is highly material. Adverse opinion - financial statements do not present fairly the financial position, results of operation, and cash flows of the client in conformity with U.S. GAAP. (result from very material departures from GAAP Disclaimers of opinion - in rare circumstances, auditors issue when a material uncertainty affects the financial statement
212
A material misstatement has been found but it is not so serious as to necessitate an adverse audit opinion.
Thus, the auditor will provide an opinion qualification that indicates that the statements are presented fairly "except for" the problem difference of opinion between the auditor and the client for which the auditor believed an adjustment to the financial statements should be made financial statements, including footnotes, fail to disclose information that is required by GAAP - qualified or adverse qualified - additional paragraph describing the nature of the omitted disclosures, and opinion paragraph includes the phrase "except for the omission of the information discussed in the preceding paragraph."
213
statement required in the scope paragraph of a standard report
"An audit also includes assessing the accounting principles used and the significant estimates made by management..."
214
Date on separate reports based on audits of an issuing company's internal control over financial reporting and its financial statements.
last day of audit responsibility for the CPA. the last day of field work is used for all audit work whether it is on the financial statements or the internal control
215
A company issues audited financial statements under circumstances which require the presentation of a statement of cash flows but refuses to present a statement of cash flows
statement of cash flows is required by U.S. GAAP omission results in a qualified opinion omission of a disclosure (normally auditor must provide) entire statement - auditor not required to create information provided is not wrong as a result of the omission, so an adverse opinion cannot be given
216
basic financial statements
1. balance sheet, and statements of: 2. income, 3. retained earnings, and 4. cash flows
217
A CPA firm is associated with the financial statements of a company but is not independent.
A disclaimer of opinion is issued that states that the firm is not independent and, therefore, has no opinion.
218
The audit report for a company that has publicly traded shares (sometimes known as an "issuer") has several paragraphs.
The first is the introductory paragraph which identifies the financial statements being audited and discloses the responsibilities of both the management and the independent auditor. The second paragraph is the scope paragraph which outlines the work performed by the independent auditor. (planning and performing the audit to obtain reasonable assurance, examining evidence supporting amounts and disclosures, and assessing the accounting principles) The third paragraph is the opinion paragraph which provides the level of assurance being given by the auditor.
219
CPA is aware of a material misstatement, but an audit has not been performed, no opinion can be given.
The nature and extent of the problem must be described in the report and then a disclaimer is rendered.
220
Auditor looks at evidence on a test basis.
items are studied in samples | size of these samples is sufficient to be able to provide the reasonable assurance
221
preparing an unmodified audit report for a company that is privately-held. To whom should the report be addressed:
primary users of the report | board of directors and the stockholders
222
The audit report for a nonissuer must have headings to indicate the purpose of each section and they include
Management’s Responsibility for the Financial Statements Auditor’s Responsibility, and Opinion
223
“Our responsibility is to express an opinion on these financial statements based on our audit.” appears where (public, nonpublic)
The Public Company Accounting Oversight Board sets the standards for public companies and has maintained the traditional audit report where the auditor’s responsibility is stated at the end of the first paragraph. The Auditing Standards Board sets standards for nonpublic companies and has created a new standard report where the auditor’s responsibilities are spelled out at the beginning of the third paragraph.
224
“the acceptable level of detection risk increases.”
more reliance on the entity's internal control requires less assurance from substantive testing allows the nature, timing, and extent of substantive tests to be lessened timing of substantive tests could be shifted from year-end to an interim date.
225
Section 103 of SOX Title I, “Auditing, Quality Control, and Independence Standards and Rules,”
(PCAOB) has the authority to set, amend, update, and modify auditing, quality control, and ethics standards.
226
When there is a departure from GAAP,
the auditor must decide whether to issue either a qualified opinion or an adverse opinion.
227
Unexpected relationships still exist at the review stages of an audit
additional tests of details are required
228
understanding of control activities
utilized to determine areas that need attention
229
establish quality control policies to provide assurance related to agreed-upon procedures engagements - Standards for Attestation Engagements (SSAE),
independent from the client and other specified parties
230
an auditor can verify the reliable operation of programmed controls by:
manually comparing detail transaction files used by an edit program to the program's generated error listings to determine that errors were properly identified by the edit program. constructing a processing system for accounting applications and processing actual data from throughout the period through both the client's program and the auditor's program. periodically submitting auditor-prepared test data to the same computer process and evaluating the results. CANNOT manually re-perform, as of a point in time, the processing of input data and compare the simulated results to the actual results.
231
Obtain sufficient knowledge of the communication component to understand how the entity communicates financial reporting roles and responsibilities and significant matters relating to financial reporting.
This component of internal control involves communication: 1. with personnel regarding their roles and responsibilities in the internal control structure, 2. with personnel about how their activities in the financial reporting system relate to others, 3. with personnel about how and to whom to report financial reporting exceptions, and 4. between management and those charged with governance, as well as third parties such as regulatory authorities.
232
allowance for sampling risk
the difference between the upper precision limit and the sample deviation rate
233
Requirements of GAGAS
The Government Accountability Office (GAO) requires auditors who spend 20% or more of their time performing government audits to have 80 hours of CPE every two years directly related to government auditing (also called “Yellow Book” hours). A firm must have a system of quality control in place to assure compliance with professional standards and legal and ethical requirements. The quality control system should address, among other areas, human resources policies and procedures. An external peer review is required at least once every three years.
234
The risk of material misstatement of accounting estimates increases with increases in the:
1. complexity and subjectivity of the estimation process, 2. lack of availability and reliability of relevant data, 3. number and significance of the assumptions that are made, and 4. degree of uncertainty associated with the assumptions.
235
The primary responsibility for the prevention and detection of fraud
is given primarily to those charged with governance and management. Management, with the oversight of those charged with governance, must place an emphasis on fraud prevention. The internal auditor's responsibility comes into play for the detection of fraud, not its prevention.
236
AU-C 210.09
states that the auditor should establish an understanding with the client regarding the services to be performed for each engagement and should document the understanding through a written communication with the client.
237
AU-C 210.10
states that these matters should be communicated in the form of an engagement letter.
238
AU-C 315.33
states that the auditor should document the significant risks identified and related controls evaluated.
239
Single Audit Act Amendments of 1996,
Under the “percentage of coverage rule”, select and test major programs (account for at least 50% of the federal funding spent by that entity) When an entity qualifies as low risk, the scope of audits under the “percentage of coverage” can be reduced to as low as 25% of the federal funding spent by the entity. auditor considers materiality in relation to each major federal financial assistance program consider the nature of the noncompliance and the amount affected by the noncompliance in relation to the nature and amount of the major federal financial assistance program under audit
240
permanent workpaper files
items that remain relatively unchanged year to year includes analysis of capital stock and owner's equity
241
Predecessor auditor reissues compilation
1. read current FS and successor's current year report 2. compare prior to current 3. obtain letter regarding any material matter he is aware of regarding prior
242
Date on audit report
no earlier than date of sufficient evidence (no longer last date of fieldwork) close to report release date
243
Engagement to audit only one FS
acceptable limited reporting objectives (access to all information underlying all basic FS?)
244
SOX 201
Services outside scope of auditors: 1. bookkeeping 2. financial information system design 3. appraisal/valuation/fairness/contribution-in-kind 4. actuarial 5. internal audit 6. mgmt/hr 7. broker/dealer, investment advisor/banking 8. legal/expert 9. others by reg Tax planning is allowed
245
SOX 202
Preapproval Requirements audit/nonaudit services by audit committee approval waiver if ALL are true: total annual rev <= 5% total rev issuer pd to auditor not recognized as nonaudit at engagement promptly approved
246
auditor lacks independence
no opinion may be expressed disclaim
247
FASB and material departures from GAAP
not allowed under any circumstances must modify opinion still allowable under GASB and FASAB (justified = unmodified/explanatory paragraph)
248
Management refusal to acknowledge responsibility for fair presentation of FS in conformity with GAAP
Scope limitation Sufficient to preclude unmodified opinion Must modify (qualified/adverse)
249
Qualified opinion resulting from scope limitation
explanatory paragraph preceding opinion paragraph reference explanatory paragraph in scope and opinion paragraph
250
attorney's response
limited to matters to which attorney has given substantive attention in the form of legal representation
251
Substantial client-imposed scope restrictions
disclaimer of opinion when materiality is in question
252
Report on Agreed-Upon Procedures
1. statement on restriction for use by specified parties 2. disclaimer on sufficiency of procedures (responsibility of specified parties) 3. not an examination so no opinion
253
Independence & GAS
1. conceptual framework 2. guidance for audit orgs located w/in audited entity 3. nonaudit requirements 4. guidance on documentation
254
responsibilities for specialist
1. obtain understanding of methods/assumptions 2. tests of data per control risk assessment 3. evaluate findings and support of FS assertions
255
OCBOA and Review
permissible review report communicates use of OCBOA FS include: 1. description of OCBOA (summary of sig policies, differences from GAAP) 2. disclosures Mgmt does not need to justify use of OCBOA in rep letter
256
Risk Assessment prodecures
obtain audit evidence re design/implementation of controls: Inquiry (not sufficient on its own) Observation Inspection Tracing
257
going concern
Auditing standards require that the auditor evaluate whether a substantial doubt exists about the client's ability to continue as a going concern for a period of time not to exceed one year from the date of the financial statements being audited. If that degree of uncertainty exists, a qualified opinion is not appropriate. Instead, an extra paragraph is added after the opinion paragraph to alert readers to the problem. Auditors are not required to perform procedures specifically designed to test the going concern assumption. If entity's disclosures regarding its ability to continue as a going concern are inadequate, misleading, or depart from U.S. GAAP, a qualified or adverse opinion should be issued.
258
indicators of going concern issues
recurring operating losses, working capital deficiencies, negative cash flows from operating activities, and/or adverse key financial ratios information about litigation, claims, and assessments that could possibly cause the entity to cease to exist denial of usual trade credit from suppliers
259
Auditor, as a result of the report or findings of a specialist, decides to add explanatory language to the auditor's report regarding a going concern issue,
may refer to and identify the specialist in that auditor's report.
260
Substantial doubt about the entity's ability to continue as a going concern. Auditor's considerations relating to management's plans for dealing with the adverse effects
plans to dispose of assets, reduce expenditures, restructure debt, and increase ownership equity
261
If EOM, extra paragraph is added at the end of the audit report to emphasize a matter of importance,
no related change is made in the wording of any of the other three paragraphs
262
EOM vs OM
emphasis-of-a-matter - information about some aspect of the financial information included within the statements. other-matter - information about some aspect of the financial information that is not explicitly included in the financial statements
263
examples of nonroutine or nonsystemic transactions
intercompany transactions large revenue transactions at period-end may indicate a risk of material misstatement
264
planning an integrated audit, the auditor should evaluate the following matters:
Prior knowledge of the company's internal control Industry reporting, economic, laws/regs, tech changes Business organization, operating characteristics, capital Extent of any recent company, operations, or IC changes Preliminary judgments about materiality, risk Control deficiencies previously communicated Legal or regulatory matters of which company is aware Type and extent of available evidence Preliminary judgments about effectiveness of IC Relevant public information Risks evaluated as part of client acceptance/retention Relative complexity of the company's operations
265
Entity-level controls include:
controls related to the control environment, controls over management override, the company's risk assessment process, centralized processing/controls (shared service enviro), controls to monitor results of operations, controls to monitor controls, internal audit, committee, controls over the period-end financial reporting process, policies that address sig business control/risk mgmt
266
Title III, Section 303 of SOX
Civil Proceedings deals with any action taken to fraudulently coerce, manipulate, or mislead the auditor. prohibits any director or officer from acting in this manner, as well as anyone acting under their direction. Refusal to answer auditor questions honestly could be considered an attempt to mislead the auditor.
267
Stale and Aged Checks appear in Bank Reconciliation
Potential Issue
268
Analytical Procedures
Indicate areas of potential problems Results affect NATURE of further procedures
269
Material Weakness in Internal Control
Adverse Opinion on IC
270
No assurance from mgmt on IC but test reveal no material weakness
Unqualified Opinion on IC
271
Communication that 1) no significant deficiencies or 2) material weaknesses were identified?
1) not allowed | 2) allowed
272
Compilation Report
1. compiled FS 2. in accordance with SSARS 3. limited to presenting FS - the representation of mgmt 4. not audited or reviewed 5. no opinion/assurances mgmt responsible DIM for IC relevant to fp of FS objective to assist mgmt to present FS w/o assurance that no mat mod should be made to FS mgmt may elect no disclosures then disclose: lack of independence (not reason), last paragraph BOA must then be disclosed in report
273
PPS Sampling
Reliability Factor (chart - Risk of Incorrect Acceptance, # Errors allowed) Sample Size = Pop BV x RF/TE - #E Sampling Interval = Pop BV/Sample Size
274
Reference made in the opinion rendered by the auditor of the group financial statements to work of component auditor
Division of the work between the auditor of the group financial statements and the work performed by the component auditor Mentions the report of the other auditor in the auditor's Responsibility paragraph (amount of the division) and the Opinion paragraph OR Assume full responsibility, no reference is made to the component auditor
275
Successor auditor to publish comparative financial statements
Intro paragraph: 1. identify previous FS 2. previous opinion 3. date of previous report NOT name of predecessor auditor
276
Add extra paragraph to end of otherwise standard report
EOM/EM substantial doubt as to gc change from one allowable GAAP matter to another
277
Before reissuing an auditor report, predecessor auditor should
obtain a letter of representations from the successor auditor
278
Group FS GAAP, but chooses to reference subsidiary audit of financial statements prepared according to IFRS
must be converted to US GAAP for consolidation purposes. auditor of the group statements must disclose its responsibility for evaluating that conversion process
279
The auditor of the group financial statements is required to
set materiality levels and determine risk (assessment) for all components that go into creating the reported financial statements.
280
Component
a piece of a company that maintains its own separate financial information: one account (inventory, for example, or accounts receivable) a single operation or a subsidiary auditing procedures can be separated from the remainder of the group financial statements
281
Group Audit Engagement Team
Partners, including group engagement partner, and staff 1. establish the overall group audit strategy, 2. communicate with component auditors, 3. perform work on the consolidation process, and 4. evaluate the conclusions drawn from the audit evidence as the basis for forming an opinion on the group financial statements. Any auditors who are involved with the client but do not meet the definition of a member of the group engagement team are considered to be Component Auditors. CA frequently work with other auditing firms but can be members of the same firm as the group audit engagement team.
282
Other CPA firm not acting as an auditor but rather carrying out one particular procedure.
Reference can only be made to work done by a component auditor when an audit is performed. Reader of the audit report cannot be expected to understand the division of responsibility if only specific procedures are performed.
283
two types of reports that a service organization may request from its auditor
type 1 report: report on management's description of a service organization's system and the suitability of the Design of controls type 2 report: report on management's description of a service organization's system and the suitability of the Design and Operating effectiveness of controls type 1 - disclaim an opinion on the operating effectiveness of controls. (no test for reasonable assurance that control objectives achieved during the period under audit)
284
Review report and supplementary info
1. state the other data was subjected to the inquiry and analytical procedures applied in the review of the basic financial statements and provide the same negative assurance as the basic financial statements or 2. state that the other data has not been subjected to those procedures but has been compiled from information that is the representation of management and the accountant does not express an opinion or provide any assurance on the data
285
Internal Auditor: 1. Objectivity 2. Competence 3. Quality/Effectiveness (of work)
1. impartial/operates free of conflicts of interest Understand the organizational status: a. reports to one with ability to consider/act upon findings b. reports directly/regularly to those charged w/governance c. those charged w/governance oversee employment decisions regarding IA 2. professional certifications 3. consistency of reports with results of work performed and appropriateness of conclusions
286
in-house legal counsel may relay information pertaining to such matters as
litigation, compliance with laws and regulations, knowledge of fraud/suspected fraud affecting the entity, warranties, post-sales obligations, arrangements (such as joint ventures) w/partners, and meaning of contract terms
287
Sec 11(a) Securities Act of 1933
Shifts burden from investor to CPA who audits FS associated with registration statement and sued by acquirer of securities misstatement immaterial not misleading due diligence re: audit
288
Section 409 of Title IV of the Sarbanes-Oxley Act (SOX)
Real Time Issuer Disclosures disclose to the public on rapid/current basis additional information on material changes in financial condition or operations
289
Providing Access to or Copies of Audit Documentation to a Regulator
Federal Agencies (FDIC. OTS, HUD, Labor, REA) State insurance/utilities Health care authorities NOT IRS
290
IFAC
International Federation of Accountants standards/guidance organizations, firms, practices promote value of accountants public interest issues
291
To accept an engagement to examine MD & A,
Statements on Standards for Attestation Engagements: CPA, audited the FS to which the MD & A applies, understand the required elements of the rules and regulations adopted by the SEC in relation to the MD&A (includes adopted elements/not conformity )
292
MD&A
narrative explanation of the financial results as reported in the financial statements filed with the SEC
293
compensating balance arrangements and nonmonetary transactions
obscure the forms of transactions, suspect in regards to related party transactions
294
after identifying related party transactions,
obtain an understanding of the business purpose of the transactions
295
note states that a particular related party transaction occurred on terms equivalent to those that would have prevailed in an arm's-length transaction
qualified or adverse opinion unsubstantiated disclosure generally not possible to determine whether a particular transaction was consummated on terms equivalent to those with unrelated parties
296
high risk of material misstatement
expand substantive testing or select more effective substantive tests NOT increase of tests of controls
297
information from marketing, sales, or production personnel
changes in the entity's marketing strategies, sales trends, production strategies, or contractual arrangements with the entity's customers
298
materiality levels
are generally considered in terms of the smallest aggregate level of misstatement that could be considered material to any one of the financial statements.
299
Compilation (OCBOA & No disclosures)
may compile financial statements that omit all footnote disclosures footnotes to the financial statements disclose the basis of accounting in preparing the financial statements CPA must then disclose the basis of accounting followed in the compilation report
300
Failure by the client's management to provide a representation letter covering all of the periods under review
precludes the completion of a review may issue a compilation report
301
Special reports,
special purpose include: OCBOA FS (cash/tax/contractual/regulatory) specified elements, accounts, items of a financial statement; compliance (contractual agreements/regulatory requirements; financial information presented in prescribed forms/schedules emphasis-of-a-matter paragraph include a paragraph that states the basis of presentation and refers to the note in the financial statements that discusses the basis of presentation and describes how that basis differs from GAAP
302
Reports on preprinted forms
type of special report GAAS - not satisfied with the wording, it should be reworded
303
When an auditor is engaged to report on selected financial data that are included in a client-prepared document that contains audited financial statements,
report limited to data derived from audited financial statements. If also derived from other information, the auditor's report should specifically identify the data on which he/she is reporting
304
cash-basis financial statements
Assets and liabilities arising from cash transactions, and revenue collected and expenses paid "Balance Sheet," "Income Statement," etc. - terms associated with GAAP
305
report on agreed-upon procedures
include: procedures performed related findings
306
Form 8-K.
reportable disagreement make a report to the SEC relating to noncompliance with laws and regulations that has a material effect on the financial statements. may be necessary if the auditor withdraws from the engagement because the board of directors has not taken appropriate remedial action.
307
expression related to the consistent application of an applicable financial reporting framework
The auditor's standard report does not include if (a) no change in accounting principles has occurred, or (b) there has been a change in accounting principles or the method of their application, but the effect of the change is not material
308
When the auditor reissues a report of the financial statements,
the independent auditor has no responsibility to make further investigation or inquiry as to events which may have occurred during the period between the original report date and the date of the release of additional reports.
309
third party use of prospective financial statements is expected, an accountant may not accept an engagement to
Perform a review.
310
AR 100.41 states, Each page of the financial statements reviewed by the accountant should include a reference, such as,
"See Accountant's Review Report."
311
The accountant performing a review is required to obtain
a letter of representation from members of management who the accountant believes are responsible for and knowledgeable, directly or through others in the organization, about the matters covered in the representation letter. Normally, the CEO and the CFO sign the representation letter. A representation letter is not required for a compilation engagement.
312
Inquiries and analytical procedures ordinarily performed during a review of a nonpublic company's financial statements include
inquiries concerning the company's procedures for recording and summarizing transactions. NOT include obtaining corroborating audit evidence, management's assertions about continued existence, or company's attorney's opinion concerning contingencies
313
For a review, to draw attention to any material departure from U.S. GAAP
CPAs are required to include an extra explanatory paragraph in their report
314
According to the AICPA's SSARSs, engagement planning should include
1. establishing an understanding with management in an engagement letter, 2. obtaining an understanding of the client and its industry, and 3. considering the scope of the engagement in meeting the client's needs. Review procedures primarily consist of inquiry and analytical procedures, not detailed tests of transactions and balances.
315
SAS retention period for audit documentation
not less than 5 years
316
to express opinion on A/R balance when disclaimer or modified opinion on FS
present A/R report separately special report not a piecemeal opinion
317
supplementary info in compilation or review
refer to the data in FS report or issue separate report on it
318
Planning a review of an audit client's interim financial statements
Read documentation of preceding year's audit/reviews of prior current year interim period(s) and corresponding prior year interim period(s) Read most recent annual and comparable prior interim period financial information Considering the results of any audit procedures performed with respect to the current year's financial statements Inquire of management about changes in the entity's business activities, the identity/nature of related party transactions and whether significant changes in internal control have occurred subsequent to the preceding annual audit or prior review of interim financial information
319
Application controls
performed by IT (automated) or by individuals When performed by people interacting with IT, they may be referred to as user controls. designed to achieve specific control objectives related to specific accounting tasks. pertain to the processing of individual applications. are manual or automated procedures that operate at a business process level
320
The auditor should develop auditing procedures based on the auditor's understanding of the entity and its environment, including
the composition of revenues, specific attributes of the revenue transactions, and unique industry considerations.
321
The auditor is required to communicate certain matters to those charged with governance. (audit committee) including:
auditor's responsibility under GAAS auditor's views about significant accounting policies mgmt judgments/process for significant estimates, significant adjustments (material, corrected mistmts), uncorrected, nontrivial misstatements/effect on opinion, other mgmt info included in FS, disagreements with management (resolved or not), mgmt consultation with other accountants, major retention RMM issues discussed with management, difficulties encountered caused by management.
322
audit strategy
determines the characteristics of the engagement, defines its scope, allows the auditor to determine key dates/objectives, and considers materiality, areas of higher RMM audit strategy helps the auditor assign resources
323
audit plan
more detailed than the audit strategy includes the nature, timing, and extent of procedures to be performed by audit team members to obtain sufficient appropriate audit evidence to reduce audit risk to an acceptably low level
324
Audit evidence about control risk is obtained by
performing tests of controls that evaluate the effectiveness of specific controls ``` Methods of determining the effectiveness of the design and operation of a control include: inquiry, inspection, observation, reperformance ```
325
substantive tests include
analytical procedures (planning, substantive testing, final review, calculations by the auditor, and confirmation process (highly reliable evidence obtained from external, independent third parties)
326
An examination of prospective financial statements involves:
evaluating the preparation evaluating the support underlying the assumptions, evaluating the presentation for conformity with AICPA issuing an examination report.
327
In designing a written audit plan, specific audit objectives should be established. Audit objectives are related primarily to
financial statement assertions, which can be classified according to categories: ``` Occurrence Completeness Accuracy Cutoff Classification Existence Rights and obligations Valuation and allocation AU-C 315.A114 ``` Audit procedures that will achieve the audit objectives are detailed in the audit plan. Timing of audit procedures and the cost-benefit of gathering evidence are considered in audit planning. Audit techniques are selected in performing the audit work.
328
why perform a walkthrough of transactions
understand the full process determine effectiveness of the control NOT to verify accuracy regarding single transaction type
329
NOT in a Review
inquiry as to integrity of mgmt/control procedures permission to contact predecessor auditor assess risk of material misstatement
330
Significant deficiencies in the design or operation of the internal control structure that come to the auditor's attention (reportable conditions) and Government Auditing Standards
require that these deficiencies be reported to the auditee and to the appropriate officials of the organizations requiring or arranging for the audits, including legislative and regulatory bodies
331
When the auditor has noted reportable conditions in a financial statement audit conducted in accordance with Government Auditing Standards,
the auditor's report on the internal control structure should contain: a description of the scope of the auditor's work, stating that the auditor obtained an understanding of the design of relevant policies and procedures, determined whether these policies and procedures have been placed in operation, and assessed control risk
332
The audit of recipients of federal financial assistance conducted under Governmental Auditing Standards auditor responsibility to audit and report on compliance
recipient has a legal obligation to spend monies in accordance with applicable laws and regulations, the auditor has the responsibility to audit and report on compliance including material instances of fraud and illegal acts that were discovered assess whether management has identified laws and regulations that have a direct and material effect on the entity's financial statements determines whether the federal financial assistance has been administered in accordance with applicable laws and regulations
333
Government auditing standards and quality control
each audit organization conducting government audits should have an appropriate internal quality control system in place and participate in an external quality control review program CPA seeking to enter into a contract to perform an audit subject to government auditing standards should provide the CPA's most recent external quality review report to the party contracting for the audit
334
issues Government Auditing Standards
GAO sometimes referred to as the “Yellow Book.”
335
GAO: 3 types of threats to independence
organizational (same reporting unit as an audited entity) external personal (connection to or interest in the audited entity)
336
GAO presumption of independence
federal employee auditing a state government program legislative auditor auditing a judicial branch program head audit organization elected by voters
337
Government Auditing Standards require regarding internal controls that auditor "include in their report on the financial statements either:
(1) description of the scope of the auditors' testing of internal control…s and the results of those tests or an opinion, if sufficient work was performed, or (2) reference to a separate report(s) containing that information..."
338
detect whether payroll data was altered during processing
Use test data to verify the performance of edit routines
339
working trial balance resembling the financial statements
begins with the client's unadjusted balances contains columns for reclassifications and adjustments as a result of the audit indicates the adjusted ending balances format provides a transaction trail from the client's account balances to the audited financial statements
340
Low assessment of risk associated with other relevant substantive procedures and sample size
smaller
341
Smaller expected value of misstatements and sample size
smaller
342
accountant issues to an underwriter a comfort letter containing comments on data that have not been audited
Negative assurance on the capsule information
343
The objective of pro forma financial information
to show what the significant effects on historical financial information might have been had a consummated or proposed transaction occurred at an earlier date In a review report, the accountant should 1. identify the pro forma information, 2. refer to the financial statements from which the historical information is derived and 3. state whether such financial statements were audited or reviewed, 4. state that the review was in accordance with AICPA standards, 5. explain the objective of pro forma information and its limitations, and 6. provide negative assurance regarding the pro forma information
344
An examination of prospective financial statements (PFS) is a professional service that involves
(1) evaluating the preparation of the prospective financial statements, (2) evaluating the support underlying the assumptions, (3) evaluating the presentation of the prospective financial statements for conformity with AICPA presentation guidelines, and (4) issuing an examination report, NOT a compilation report
345
The standard report on the examination of prospective financial statements includes:
(1) n identification of the prospective financial statements presented, (2) a caveat that the prospective results may not be achieved and (3) a statement that the accountant assumes no responsibility to update the report for events and circumstances occurring after the date of the report. NOT an audit, (no reference to GAAS)
346
Statements on Standards for Accountants' Services on Prospective Financial Information
forecasts take the form of historical financial statements 1. caveat as to the ultimate attainment of the forecasted results 2. statement that the CPA assumes no responsibility to update the report for events occurring after the date of the report. 3. opinion as to whether the forecast is fairly presented. (no need to explain what the information is since the forecast represents financial statements)
347
financial forecasts or other prospective financial statements
An accountant may be engaged to examine, compile, or apply agreed-upon procedures
348
An examination of a financial forecast involves
evaluating: preparation of the forecasted statements, support underlying the assumptions presentation for conformity with AICPA guidelines and issuing an examination report
349
pro forma financial statements
historical statements that have been changed to show the impact that would have occurred as a result of a proposed event
350
A report on the Operating Effectiveness of internal controls
1. opinion that the description of the controls is a fair presentation of the system in place 2. opinion that the controls tested operated effectively throughout the period 3. opinion that the controls were designed suitably to provide reasonable assurance that control objectives would be achieved if such controls were operating effectively
351
A report on the Adequacy of the Design of internal controls
I. statement that the distribution of the report should be restricted to the service organization, user firms, and the independent auditors of user firms IV. A disclaimer of opinion on the operating effectiveness of the internal controls
352
Rule 302 of the AICPA Code of Professional Conduct
prohibits contingent fees that are based on the findings of the work of a CPA. Contingent fees are allowed in certain types of tax matters such as an IRS examination where the final outcome is set by an independent party. The work is not being performed for the benefit of the public in any way but rather the final judgment is made by the IRS, a party that is unrelated to the reporting company and does not care whether the CPA is independent.
353
AU-C 320.09 states that performance materiality is
“the amount or amounts set by the auditor at less than materiality for the financial statements as a whole to reduce to an appropriately low level the probability that the aggregate of uncorrected and undetected misstatements exceeds materiality for the financial statements as a whole.”
354
After the auditor assesses control risk, the auditor may desire a further reduction in the assessed level of control risk for some assertions.
1. The auditor would then decide if it is likely that additional evidential matter could be obtained to support a lower assessed level of control risk for these assertions. 2. If yes, and it is likely to be efficient to obtain such evidential matter, the auditor would then perform additional tests of controls. 3. Next, whether the auditor performed additional tests of controls or not, the auditor would document the basis for conclusions about the assessed level of control risk and design substantive tests.
355
primary emphasis by auditors when assessing internal control
internal control over Classes of Transactions (NOT Account Balances because accuracy of these accounting system outputs depends heavily on the accuracy of inputs and processing )
356
obtain an understanding of a client's internal control structure, including knowledge about the design of relevant policies, procedures and records and whether they have been placed in operation by the entity
to identify types of material misstatements, | consider factors that affect the risk of material misstatements, and design substantive tests
357
reasonable assurance
the cost of an entity's internal control should not exceed the benefits derived
358
According to the Comittee of Sponsored Organizations (COSO) framework, the seven factors of the control environment are:
I see ham bone. I (I) see (C) ham (HAM) bone (BO) I - Integrity and ethical values C - Commitment to competence H - Human resource policies and practices A - Assignment of authority and responsibility M - Management's philosophy and operating style B - Board of directors or audit committee participation O - Organization
359
Even the best-designed internal control systems are subject to failure due to:
human error, faulty judgment, collusion, management override
360
When financial statements are submitted for the use of management only,
not required to (may choose to) issue compilation report each page of the financial statements should include a reference restricting their use (e.g., “Restricted for Management's Use Only”).
361
Financial statements can be projected into future years if certain assumptions are made.
perform procedures to evaluate assumptions NOT: explain the differences between historical and projected, refer to the auditor's report or include an opinion on going concern
362
Per ISA 260, objectives of an auditor when communicating to those charged with governance.
communicate responsibilities of the auditor in relation to the audit, and planned scope/timing obtain information relevant to the audit provide timely observations significant and relevant to their responsibility to oversee the financial reporting process NOT providing pay rate and estimation information which is part of engagement
363
The Committee of Sponsoring Organizations of the Treadway Commission (COSO) published a follow-up study to its 1987 report entitled Fraudulent Financial Reporting: 1987–1997, An Analysis of U.S. Public Companies, outlining year-end testing procedures of particular importance, including:
tests of transaction cutoffs. tests of transaction terms and account valuation for end-of-period accounts tests to ensure a baseline level of internal control
364
Parallel simulation
auditor uses client data and auditor-controlled software to obtain output and compare to the client output. Differences indicate potential weaknesses or problems with the client's software. Sample size can be greatly expanded with minimal additional colst
365
Test data
introduced into the client's computer system using the same program to operate the application being tested not under the auditor's control, as it uses the client's actual program
366
review of program logic
provide information about the design of the automated controls does NOT assist the auditor with testing the operating controls of the computer system
367
integrated test facility
introduces a fictitious entity (such as a fake employee or customer) with real entries in the master files of the client's computer system. The auditor then compares the processing of data through the fictitious entity with what should be there in order to test that the data processing is reliable. Like the test data (or test deck) approach, an integrated test facility uses the client's system and is not under the auditor's control.
368
use in determining the auditor's preliminary judgment about materiality
financial statements of the prior year
369
engaged to review financial statements becomes aware of a departure from GAAP
disclose the departure in a separate paragraph of the review report
370
standard report on a compilation of prospective financial statements does include:
statement that compilation of projection is limited in scope disclaimer of responsibility to update the report for events occurring after report date separate paragraph describing limitations on usefulness NOT limited assurance that the results may be achieved
371
Discovery sampling
used when the auditor believes that the population occurrence rate is near zero meant to find at least one occurrence when the auditor expects none a special case of attribute sampling
372
Input controls relate most appropriately to
rejection, correction, and resubmission of data that was initially incorrect.
373
There are four basic categories of input to be controlled:
transaction entries, file maintenance transactions, inquiry transaction entries, and error correction transactions
374
Edit checks on transaction entries
type of input control test transactions prior to processing and are designed to ensure that invalid inputs are rejected. A file of all rejected sales transactions is the only output pertaining to input controls. All of the other alternatives are examples of processing controls.
375
design and perform further audit procedures that are responsive to the assessed risks of material misstatement at the relevant assertion level
consider significance of the risk, likelihood that a material misstatement will occur, characteristics of the relevant class of transactions, account balance, or disclosure involved, nature of the specific controls used by the entity and whether they are manual or automated, and whether the auditor expects to obtain audit evidence to determine if the entity's controls are effective in preventing and detecting material misstatements.
376
voucher ordinarily replaced by another voucher in the random sample if voided voucher
has been properly voided.
377
design deficiency
necessary control is missing or not properly designed
378
Risk assessment
consider threats to organization's objectives in the areas of: operations, financial reporting and compliance with laws and regulations procedures: Inquiries of management and others within the entity. Analytical procedures. Observation and inspection
379
The auditor uses the assessed level of control risk to
determine the acceptable level of detection risk for financial statement assertions
380
substantive tests
Auditing procedures designed to detect misstatements include tests of details and analytical procedures
381
prevent fictitious employees and/or fictitious salary rates
new hires, terminations of employees, and salary rates approved by the personnel department, who informs the payroll department/employee supervisor timely basis
382
to reduce scope of tests of asset acquisitions
internal audit procedure: periodic inspection of physical equipment and comparison to what is recorded
383
internal control and “information and communication"
``` ability of the accounting system to generate reliable information and convey it in a timely manner to those parties within the organization that need it ```
384
understanding of the design of the controls: | techniques
questionnaire, flowchart, or narrative only one is necessary although sometimes the techniques are grouped together if the system is particularly complex
385
A CPA has no need to test the operating efficiency of an internal control unless
it is well designed. Based on this preliminary assessment, the auditor wants to rely on the control so that control risk can be assessed at a lower level and the necessary amount of substantive testing is reduced. There is no potential benefit unless the control risk is well designed so only in that case will the auditor move on to do the testing for operating efficiency.
386
Integrated test facility
create a small subsystem within the regular EDP system Dummy files and records are appended to existing client files and fictitious test transactions, specifically coded to correspond with the dummy files and records, are introduced into a system together with actual transactions.
387
General accounting dept.
responsible for journalizing and posting all summary transactions General accounting serves as the last check on accounting records; it has no connection to assets or transactions.
388
Auditors obtain information about internal control by
inquiry of appropriate personnel, observing control activities and operations as they are performed, and inspecting various entity documents and records
389
general control policies and procedures
automatic reorder points establishment of requirements to be met in determining a customer's credit limits establishment of sales prices
390
Inventory turnover ratio =
Cost of goods sold/Average inventory
391
According to AU 325, significant deficiencies and material weaknesses in internal control of a public company must be communicated
in writing | to the audit committee of the board of directors. -
392
Significant deficiencies
adversely affect a company's ability to perform its accounting functions and result in more than a remote likelihood that a misstatement that is more than inconsequential will not be prevented or detected and rather flow through to the financial statements. Ex: lack of objectivity by those responsible for accounting decisions would affect management's ability to produce financial statement free from material errors
393
AU 380 requires that when the auditor is aware of such consultation with another CPA,
the auditor should discuss with the audit committee his/her views about significant matters that were the subject of such consultation.
394
two possible types of control deficiencies in an audit of a company's internal control in connection with its financial reporting under the standards of the Public Company Accounting Oversight Board (PCAOB)
Design way by which the system with its policies and procedures was designed did not accomplish what it was supposed to accomplish. Control operation of one or more controls people may be performing their tasks in a deficient manner
395
A practitioner may examine and report on management's assertion about the effectiveness of an entity's internal control structure if
Management accepts responsibility for the effectiveness of the entity's internal control structure, evaluates the effectiveness of the entity's internal control structure, presents its written assertion about the effectiveness of the entity's internal control structure
396
monitoring a firm's accounting and auditing practice,
consider: firm's management, environment in which the firm practices, and environment in which the client operates
397
AU-C 725.03 states that the objective of the auditor, when engaged to report on supplementary information in relation to the financial statements as a whole,
(a) evaluate the presentation of the supplementary information in relation to the financial statements as a whole and (b) report on whether the supplementary information is fairly stated, in all material respects, in relation to the financial statements taken as a whole.
398
AU-C 450.12 states that the auditor should include in the audit documentation:
amount below which misstatements would be regarded as clearly trivial; all misstatements accumulated during the audit and whether they have been corrected; and conclusion about whether uncorrected misstatements are material, individually or in aggregate NOT the size and nature of the misstatement
399
A standard compilation report implies
that substantially all disclosures required by GAAP are included in the financial statements
400
The standard compilation report explicitly states
accountant has not reviewed or audited the financial statements financial statements may be used to obtain credit if a standard compilation report is issued. limitation to presenting information that is the representation of management (“Management is responsible for the preparation and fair presentation of the financial statements…”)
401
Probability-proportional-to-size (PPS) sampling
excludes zero and negative balances in its sample selections and in evaluating results.
402
classical variables sampling would have an advantage over PPS sampling because
variables sampling does not require special design considerations for inclusion of zero and negative balances PPS sampling would require a special design to include negative and zero balances
403
Statistical sampling
based on the laws of probability, quantitatively (mathematically) measure the sampling risk provide the auditor with an objective basis for evaluating sample results nonstatistical sampling does not quantify sample risk.
404
Projecting error rates based on sample results
relates more to tests of controls than to analytical procedures
405
In estimation sampling for attributes, what must be known to evaluate the sample results?
1. an estimation of the population misstatement based upon the number of misstatements in the sample, 2. average misstatement size, 3. individual misstatements in the sample and 4. sample size
406
In a test of controls,
the auditor takes a sample, determines the sample deviation rate, compares this rate to the maximum rate he can tolerate and still rely on the control, and decides whether to rely on the control as planned or not
407
Increasing the estimated occurrence rate
will directly increase the sample size (all other factors remaining the same)
408
rate of occurrence of errors is 3% error rate in the population is
Probably about 3%
409
considered in determining the sample size for a test of controls
Tolerable rate. Acceptable risk. Expected population deviation rate. NOT Population size (little or no effect except for very small populations)
410
An increase in the tolerable rate of deviation
would allow a reduction in sample size.
411
As the likely rate of deviation decreases,
the auditor may decrease the planned sample size.
412
The allowable risk of assessing control risk too low
has an inverse effect on sample size.
413
Variables sampling
used when an amount (such as a dollar figure) is being estimated. Mean-per-unit and probability-proportional-to-size sampling are specific types of variables sampling.
414
attribute sampling estimates
a percentage, often an error rate
415
for sample for substantive test of details, consider
relationship of sample to audit objective preliminary estimates of materiality levels allowable risk of incorrect acceptance characteristics of the population (items comprising balance or class of transaction)
416
The initial sample size for audit sampling is determined by four factors:
population size; the tolerable exception rate; the auditor's measure of sampling risk, defined as the acceptable risk of assessing control risk too low (ARACR); and the estimated population exception rate. Population size is not nearly as significant a factor as the others and typically can be ignored, especially for large populations.
417
The risk of incorrect acceptance and the risk of assessing control risk too low relate to
the effectiveness of an audit | in detecting an existing material misstatement
418
allowance for sampling risk
difference between: deviation rate of the sample and possible upper rate for the population
419
upper deviation rate of the population is lower than the auditor’s tolerable deviation rate
control risk appears to be acceptably low
420
Statistical sampling techniques indicate
the possible upper rate of deviation of the population
421
basis for a statistical sampling test
Judgments such as the expected error rate and the maximum tolerable rate
422
If an error rate is being estimated,
this testing falls under sampling for attributes.
423
Sampling for variables
attempts to estimate a total such as an account balance.
424
Sample size varies directly with
the expected error rate. Thus, the more expected errors, the larger the sample size, and the less expected errors, the smaller the sample size.
425
Sample size varies inversely with
the tolerable error rate. The larger the rate that you can tolerate, the smaller the sample size will be. The smaller the rate you can tolerate, the larger the sample size will be.
426
Ratio estimation sampling technique is based on
comparing: the ratio of the book value to the audited value of the sampled items; method can not be used when there is no book value with which to make the comparison
427
The use of ratio estimation sampling technique is most effective when
the calculated audit amounts are approximately proportional to the client's book amounts When audit differences are approximately proportional to account size, the standard deviation of the ratio is small and this results in a relatively small required sample size.
428
stratified sampling techniques to be most applicable to
accounts receivable customers will have a great deal of variation in amounts, minimize the effect on sample size of the variation within the population. emphasize the larger account balances by stratifying the population dividing a population into several smaller populations based on dollar amounts reduces the variability of each of these smaller populations so that the overall sampling size can be smaller saving time and cost
429
Monetary unit sampling is the most commonly used statistical method of sampling for tests of details of balances because
it has the statistical simplicity of attribute sampling yet provides a statistical result expressed in dollars reduces the cost bc several sample items are tested at once increases the likelihood of selecting high dollar items from the population being audited
430
determine the projected error of misstatement of a PPS (dollar unit sampling) sample
When an account recorded amount exceeds the sampling error and recorded amount is in excess of the sampling interval, the projected error equals the actual misstatement
431
When using probability-proportional-to-size (PPS) sampling, the auditor controls the risk of incorrect acceptance by
specifying a risk level when planning the sample
432
when the sampling interval exceeds the account's recorded amount, t
the projected error is determined , first by dividing the amount of misstatement by the recorded amount [($5,000-$4,000) /$5,000 = 0.2] The result times the sampling interval is the projected error. [0.2 x$10000 = $2,000]
433
Embedded audit modules
coded into a client's application to collect data for the auditor.
434
Snapshot applications
capture screen images.
435
Integrated data checks and test data generators
involve auditor-controlled fictitious data.
436
generalized computer audit program
allows the auditor to independently process and verify client electronic data processing records
437
test data approach
validates the processing of accounting data by the client's EDP equipment. a known outcome is compared with the processing outcome to validate the processing of data.
438
data control group and systems analyst
DCG - review output and control its distribution SAD - designs and evaluates systems and prepares program specifications for programmers. These two functions should be separated.
439
Control over access to electronic data processing (EDP) programs
a general control test control over access by examining client records documenting the use of EDP programs
440
Systems development and data processing
separate functions reporting to a single manager ``` system development includes: systems analysis, systems programming, applications programming and database administration ``` ``` data processing includes: data preparation, operations, data library and data control ```
441
physical access controls
Clamps or chains to prevent removal of hard disks or internal boards, regular backup and control over access from outside ``` prevent damage or other loss including: theft, unauthorized access, by disgruntled employees or others NOT online or electronic fraud ```
442
examples of IT controls
``` Requiring applications to be adequately tested before use, backup of files, control access to appropriate users, adequate documentation, and application controls ``` NOT Printer logs, decision trees and local area networks
443
Processing Integrity
principle of the AICPA's Trust Services Framework ``` requires that the system processing is: complete, accurate, timely and authorized ```
444
information systems department - two distinct functions
systems development data processing
445
systems analyst
analyzes the user environment and requirements and may recommend changes to the current system, the purchase of a new system or design a new system responsible for ensuring programming and end user needs are met systems flowchart is a tool or diagram used by the systems analyst to define system requirements
446
systems programmer
responsible for: implementing, modifying and debugging the software required to interface with the hardware. Examples include: operating systems, telecommunications monitoring and database management systems
447
Operator
``` responsible for daily computer operations of both the hardware and software mounts tapes, supervises operations on a console, accepts inputs and distributes outputs ``` has documentation available to run programs but is not responsible for detailed program information
448
Applications Programmer
responsible for writing testing and debugging applications software
449
Database Administrator or DBA
responsible for maintaining the database and restricting access to the database to authorized users only.
450
End User
responsible for the data NOT programs that run the data
451
At a minimum, an attempt should be made to segregate what three IT functions?
programming, operations and data library (POD) ``` Ideally, also: analysis, design database administration help desk ```
452
smaller systems
a firm may purchase auditor may be familiar with purchased software "exception reports" may be standard and well tested
453
larger systems
may develop their own auditor may not be familiar with "in house" developed software although exception reports may exist, controls should be tested to a greater extent
454
audit trail
record left by the accounting information system of movements in individual transaction data that provides a trail of the processing of transactions and other events allows for means to trace back to individual business events from the general ledger may start from the moment data about the event is entered into the system until the final entry is made in the financial statements. may enable the tracing of the movement in data from the time the order is placed by the customer until the time the payment data is entered in the general ledger accounts discover fraud acts as a deterrent to perpetration of such acts. monitor system and data produced, and answer queries by tracking a specific transaction through the accounting records or tracing a transaction back to the original source and observing how it is processed
455
Three main types of system documentation used by auditors and analysts
(a) Data Flow Diagrams (DFDs) that illustrate the system components and functions, data flows among the components and sources, destinations and storage of the data (b) System Flowcharts that illustrate Informational Processes (such as logic flows, inputs, outputs, data storage), Operational Processes (such as physical flows) and (c) Entity Relationship Diagrams that illustrate the system's key entities and the relationships among those entities
456
input validation or edit controls include
``` Preprinted forms, check digits, control., batch and proof totals; hash totals, record counts limit or reasonable tests menu driven input, field and validity checks, missing data and field size checks logic checks redundant data checks and closed loop verification ``` NOT segregation controls, physical access controls and hardware and software access controls
457
output control activities
Checks of computer output against source documents, control totals or other input Reviewing computer logs Policies and procedures that document authorized users and receipients of data
458
Limit test
high and low barriers
459
hash total
any mathematical summation of a piece of information that would not otherwise be computed except for control purposes
460
Nonprofit organizations are required to have a single or program-specific audit under OMB Circular No. A-133 if the organization expends
$500,000 or more in a year in federal awards
461
A CPA provides an entity with controllership or other management services that include the submission of financial statements. The CPA is required to follow the provisions of Statements on Standards for Accounting and Review Services when:
the CPA is not a stockholder, partner, director, officer, or employee of the entity.
462
The Government Accountability Office (GAO) specifies four interrelated sections with respect to independence:
1. A conceptual framework 2. Guidance for audit organizations that are structurally located within the entities they audit 3. Requirements when performing nonaudit services 4. Guidance on documentation
463
overall responses to address the assessed risks of material misstatement
Emphasizing the need to maintain professional skepticism in gathering and evaluating audit evidence Assigning more experienced staff or those with specialized skills such as specialists Providing more supervision Incorporating additional elements of unpredictability in the selection of further audit procedures Specific responses: substantive, further audit procedures, and test of controls
464
Significant risks
require special audit consideration, a matter for the auditor’s professional judgment Include: estimates identified as having high estimation uncertainty unusual, infrequent, or sizable transactions changes in inventory significant related party transactions related to recent economic/accounting, developments, risk related to judgmental matters manual intervention for data collection/processing, or when the calculation is complex
465
Calculate Projected Error using PPS
Compare each Recorded Amt to each Audited Amt If Recorded Value < Sampling Interval Tainting % = (Recorded Amt - Audited Amt)/Rec Amt Tainting % x Sampling Interval = Projected Error If Recorded Value > Sampling Interval Tainting % = 0 Actual Misstatement = Projected Error Total Projected Error = Sum of individual Projected Errors
466
auditor required to determine acceptability of financial reporting framework applied to special-purpose financial statements by
obtaining understanding of: purpose of FS intended users mgmt's determination of applicable framework
467
Adjustments are only recorded for
items equal to or exceeding materiality.
468
PPS - Sample Size
(Pop Book Value x Reliability Factor)/ | Tolerable Error-Expected Misstatement
469
PPS - Sampling Interval
Pop Book Value/ | Sample Size
470
Change in auditing procedure brought about as a result of the 1136 Tenants Corp. case
engagement letters between the CPA and client were strongly recommended for all engagements, especially unaudited engagements clearly define the intent of the engagement, the CPA's responsibilities, and any restrictions imposed on the CPA
471
independent auditor is required to create
``` written documentation that includes specified information about an upcoming audit engagement to ensure that both parties understand the nature of the work to be performed, the assurance to be given, and the responsibilities of both parties ``` NO specific format (contract or engagement letter) is required
472
PCAOB entity type/funding
private-sector, non-profit corporation, created by the Sarbanes-Oxley Act not a government agency self-funded from charges to the companies being regulated PCAOB is under the oversight and the enforcement authority of the SEC (appropriate gov't control)
473
Inspections by PCAOB
takes the place of peer review which was not working Firms that audit: > 100 issuers = inspected annually < = 100 = inspected every three years
474
Per PCAOB, management responsibility of issuers for the effectiveness of the company’s internal control over its financial reporting
accept responsibility for internal control evaluate it each year, documenting the results prepare a written assessment of the internal control NOT provide a written plan each year for updating the internal control over the financial reporting process
475
Per PCAOB, dates on report on internal control and report on FS
last day of audit responsibility for the CPA Consequently, the LAST DAY OF FIELD WORK is used for ALL audit work whether it is on the financial statements or the internal control.
476
Per PCAOB, two possible types of control deficiencies
Design - relates to the way by which the system with its policies and procedures was designed (may not accomplish what it was supposed to) Operations - deficiency in the operation of one or more controls. (people may be performing their tasks in a deficient manner)
477
auditor uncovers a material weakness in internal control that cannot be rectified before the end of the audit work
adverse opinion should be rendered to properly alert all parties interested in the financial statements of the issuing company
478
(PCAOB) definition of a material weakness in internal control
Paragraph number 10 of PCAOB Standard 2 A significant deficiency (or a combination of significant deficiencies) in internal control that results in more than a remote likelihood that a material misstatement in the annual or interim financial statements will not be prevented or detected
479
Auditor is prohibited from performing all of the following services for issuer audit clients
Valuation services to support litigation of the firm that is unrelated to the audit Actuarial services on the firm's defined benefit pension plan Design services for the firm's accounting information system Tax advisory services ALLOWABLE
480
Per Sarbanes-Oxley Act, both the lead audit partner and reviewing partners are required to be rotated off of a public company audit
at least once every five years. There is not currently a requirement for CPA firms themselves to rotate off of a public company audit.
481
Per PCAOB, the reviewing partner
is required to possess the level of knowledge and competence related to accounting, auditing, and financial reporting that would be required to serve as the audit partner on the audit under review evaluate the engagement team's judgments and related conclusions during the audit may only allow clients to use the audit report after providing concurring approval of issuance provide concurring approval of issuance of the audit report only if not aware of a significant engagement deficiency after conducting review in accordance with professional standards
482
When determining a sample size for a test of controls, the auditor should consider
tolerable rate of deviation from the controls (%), likely rate of deviations (%), and allowable risk of assessing control risk too low (reliability level).
483
The auditor's standard report states that
``` financial statements present fairly, in all material respects, an entity's financial position, results of operations, and cash flows in conformity with generally accepted accounting principles accepted in the United States of America. ``` identifies the financial statements audited in an opening paragraph, describes the nature of an audit, and expresses the auditor's opinion in a separate opinion paragraph.
484
For an unmodified opinion, each of the following items must be satisfied:
A title must include the word “independent.” Financial statements identified were audited. Financial statements are the responsibility of the company's management. Auditor responsible for expression of an opinion on financial statements. Audit conducted in accordance with GAAS and should identify the United States of America as the country of origin of those standards. Audit includes examining evidence, assessing principles and significant estimates, and evaluating overall statement presentation. An opinion about whether the financial statements are presented fairly, in all material respects, in conformity with GAAP.
485
Section 408 of the Sarbanes-Oxley Act (SOX)
“Enhanced Review of Periodic Disclosures by Issuers” dictatesSEC to review disclosures w/ special attn to those who: issue material restatements of FS experience significant volatility in stock price, have largest market capitalization, are emerging companies w/ disparities in P to E ratios, have operations that significantly affect material sector
486
Section 208 of the Sarbanes-Oxley Act
prevents public accounting firms in violation of SEC or Public Company Accounting Oversight Board (PCAOB) rules from preparing or issuing any audit report with respect to that issuer.
487
(GAGAS) - must have a system of quality control, including external peer reviews to occur
at least every three years
488
Per IFRS ISA 260, four matters must be communicated to those in charge of governance:
The auditor's responsibilities in relation to the financial statement audit The planned scope and timing of the audit Significant timing of the audit Auditor independence
489
Before applying principal substantive tests to the details of accounts at an interim date
consider whether the amounts of the year-end balances selected for interim testing are reasonably predictable.
490
basic fundamental concept that underlies the audit process
Risk It is the acceptance by auditors that there is some level of uncertainty in performing the audit function.
491
The International Ethics Standards Board for Accountants (IAESB) operates within
the International Federation of Accountants (IFAC)
492
threats to the fundamental principles contained in the IFAC Code of Ethics' conceptual framework
familiarity threat, self-interest threat, and intimidation threat Financial-interest threat is NOT included within this conceptual framework.
493
Under the IFAC Code of Ethics, a Professional Accountant in Business/PAB must
consider safeguards to threats to the fundamental principles that should be upheld by accountants report accurately only further a firm's legitimate interests
494
materiality and schedules presented as accompanying information
accompanying information schedules would not affect how materiality is measured.
495
exceptions that would not impair independence.in performing tax services for persons in financial accounting oversight roles
the person is only in the oversight role because they serve on the board of directors. the person's relationship to the audit client is through an affiliate, and the financial statements of the affiliate are not material to the consolidated financial statements. the person in the financial accounting role is not in that role prior to a hiring, promotion, or change in employment event.
496
IFAC's mission is to serve the public interest by
contributing to the development, adoption, and implementation of high-quality standards and guidance; facilitating the adoption and implementation of high-quality standards and guidance; contributing to the development of strong professional accountancy organizations and accounting firms, and to high-quality practices by professional accountants; promoting the value of professional accountants worldwide; and speaking out on public interest issues.
497
Performance materiality
amount or amounts set by the auditor at less than materiality for the financial statements as a whole to reduce to an appropriately low level the probability that the aggregate of uncorrected and undetected misstatements exceeds materiality for the financial statements as a whole also refers to the amount or amounts set by the auditor at less than the materiality level or levels for particular classes of transactions, account balances, or disclosures.
498
test the operating effectiveness of controls
inquiry combined with inspection, recalculation, or reperformance
499
internal control is a process effected by
those charged with governance, management, and other personnel
500
form and extent of documentation related to risks identified and controls are influenced by
the nature, size, and complexity of the entity and its environment, including its internal control; the availability of information from the entity; and the specific audit methodology and technology used in the course of the audit The timing of the audit does NOT change the form or extent of controls-related documentation
501
Based on Rule 3521 of the Public Company Accounting Oversight Board,
contingent fees and commission will result in a lack of independence for the registered public accounting firm.
502
auditor's report under OMB Circular A-133 on nonprofit organizations expending federal awards, would include
significant deficiencies. material noncompliance with the provisions of laws, regulations, contracts, or grant agreements. known questioned costs when likely questioned costs are greater than $10,000 for a type of compliance requirement for a major program. NOT a disclaimer of opinion about whether all questioned costs have been reported.
503
detection risk is inversely related to
the assurance provided by substantive tests detection risk is a function of the effectiveness of an auditing procedure and of its application
504
Effective internal control provides
more assurance about the reliability of audit evidence.
505
Audit evidence is usually
persuasive (influencing or causing a person to believe by appealing to understanding), rather than convincing (a concept of criminal law: “beyond a reasonable doubt”). Thus professional judgment is required in the evaluation of the reliability and sufficiency of audit evidence.
506
A large number of bearer bonds on hand
represents the highest risk of a misstatement arising from misappropriations of assets.
507
Section 104 of SOX Title I,
“Inspections of Registered Public Accounting Firms,” PCAOB) has the mandate and authority to conduct compliance inspections of each registered public accounting firm. Firms that audit more than 100 issuers are inspected annually. Firms that audit 100 or fewer issuers are inspected every three years.
508
attest engagement in which a CPA assesses a client's commercial Internet site for predefined criteria that are designed to measure transaction integrity, information protection, and disclosure of business practices
WebTrust
509
CPA can disclose confidential information is with the client's consent. The exceptions to client's consent are:
a peer review by a state CPA society or state board of accountancy. a subpoena or court summons to release confidential information. an inquiry that is made by a recognized investigatory body. NOT a letter to the client from the IRS
510
examination of long-term debt
Examination of bond trust indenture rights and obligations and presentation and disclosure verifies the obligation as it is shown, its validity, and that either none of the covenants are violated or proper disclosure has been made
511
five different circumstances under which the auditor's report would be designated a special report:
1. Financial statements that are prepared in conformity with a comprehensive basis of accounting other than generally accepted accounting principles 2. Specified elements, accounts, or items of a financial statement 3. Compliance with aspects of contractual agreements or regulatory requirements related to audited financial statements 4. Financial representations to comply with contractual agreements or regulatory provisions 5. Financial information presented in prescribed forms or schedules that require a prescribed form of auditor's report
512
company's stock record books are maintained by an outside registrar or transfer agent
transfer agent would have evidence of shares issued and outstanding, and names of those persons who own stock. The outside registrar would not have records on dividends, stock subscriptions receivable, or stock rights and warrants.
513
report for a performance audit of a governmental entity in accordance with Government Auditing Standards
the objectives, scope, and methodology of the audit, the audit results, including findings, conclusions, and recommendations, as appropriate, a reference to compliance with generally accepted government auditing standards, the views of responsible officials, and if applicable, the nature of any privileged and confidential information omitted. A concurrent opinion on the historical financial statements is NOT the objective of the performance audit and is NOT required.
514
An entity must have a single audit in any year when:
the entity spends more than $500,000 in federal awards, grants, or funds, the entity spends funds from one or more than one federal program, and if the entity only expends funds from one program, it “may” be eligible for a program audit versus a single audit.
515
An embedded audit module
enables continuous monitoring and analysis of transaction processing, including the functioning of processing controls.
516
Mapping
is a technique for determining whether a computer program contains any unexecuted code that should be examined.
517
Retrieval and analysis programs such as generalized audit software
offer the features and flexibility suitable for verifying the correctness of information on a computer file.
518
The snapshot method
is a technique utilized to capture and print all data pertinent to the analysis of a specific moment in the processing cycle.
519
The objective of tests of details of transactions performed as tests of controls
is the same as that of any test of controls: to evaluate whether controls operated effectively.
520
The objective of tests of details of transactions performed as substantive tests
is to detect material misstatements in the account balances of the financial statements.
521
bank cut-off statement
If the checks do not clear in a reasonable period of time, it means the payment was recorded but possibly was not sent to the recipient. The company gets to reduce its liability balance so that it reports a lower amount of liabilities without actually losing any of its cash.
522
Management must represent (regarding uncorrected misstatements)
no uncorrected misstatements are included in the financial statements and the effects of any uncorrected misstatements aggregated by the auditor during the engagement are immaterial to the financial statements.
523
The auditor should test the design effectiveness of IT controls by
determining whether the controls, if they are operated as prescribed, satisfy the company's control objectives and can effectively prevent or detect errors or fraud that could result in material misstatements in the financial statements.
524
It is not appropriate to provide an opinion that current assets are fairly stated and disclaim an opinion on the financial statements taken as a whole due to a scope limitation because
it may tend to overshadow the auditor's disclaimer of opinion.
525
The auditor must identify the relevant assertions by determining the source of likely potential misstatements in each
significant class of transactions, account balance, and presentation and disclosure.
526
Because the income statement covers a time period and the balance sheet covers a specific point in time, relationships involving income statement items
are much more predictable.
527
precision
possible error in either direction in variables sampling calculated using the point estimate of the population and a formula involving the standard deviation and confidence level desired to derive a plus and minus interval from the point estimate interval is called a precision interval
528
In statistical audit sampling, the precision is
the allowance for sampling risk or sampling error, the risk that when testing is restricted to a sample, the conclusion derived from the sample differs from the conclusion that would have been reached if the entire population had been tested a measure of the difference between a sample estimate and the corresponding population characteristic at a specified sampling risk. usually measured using a table or software and is based on sample size and sample results at the auditor's specified risk of assessing control risks too low. cannot be measured in nonstatistical sampling
529
Analytical procedures
assist the auditor in planning the nature, timing, and extent of other auditing procedures, do NOT assist with the preliminary judgment about materiality.
530
When making the decision of whether to apply analytical procedures or tests of details to a certain account balance or class of transactions, the auditor should consider the:
nature of the assertion, plausibility and predictability of the relationship, availability and reliability of data, and precision of the expectation. The availability of documentary evidence (for example, if it is available only for a short period of time) would cause the auditor to change the timing of substantive tests instead of the nature of the tests. Each account balance or class of transactions should be addressed individually when determining the nature of the tests to be performed, rather than making the decision based on the overall number of estimates in the financial statements or on the number of transactions before or after year-end.
531
AU-C 230 requires the auditor to document
who performed the audit work and the date such work was completed, who reviewed specific audit documentation and the date of such review, and the identifying characteristics of specific items tested when performing tests of operating effectiveness or substantial tests of details does NOT require the auditor to include copies of client invoices
532
a standard cost system is
a budgeted unit cost system designed to alert management when actual costs of production differ from expected costs, the plausible relationshipsof analytical procedures have been established, and variances from them would alert the auditor to potential problems
533
Inquire of management to obtain evidence about the occurrence of subsequent events
Whether any substantial contingent liabilities or commitments existed at the date of the balance sheet being reported on or at the date of inquiry Whether there was any significant change to the date of inquiry in the capital stock, long-term debt, or working capital The current status of items, in the financial statements being reported on, that were accounted for on the basis of tentative, preliminary, or inconclusive data Whether any unusual adjustments had been made during the period from the balance sheet date to the date of inquiry
534
Kiting
receipt date per bank is | recorded in the accounting period before the disbursement date