PCAOB Standard 5 and SASI T 501 Flashcards

1
Q

What is the general objective of IC?

A

To express an opinion on the effectiveness of the company’s IC

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What happens if there is an existence of one or more material weaknesses?

A

IC is not effective

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What is a control objective?

A

A specific target against which to evaluate the effectiveness of controls.

Control objective for IC generally relates to a relevant assertion and states a criterion for evaluating whether the company’s control procedures in a specific area provide reasonable assurance that a misstatement in that relevant assertion is prevented or detected on a timely basis.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What is management’s assessment?

A

The assessment required under provisions of SOX that is included in management’s annual report on internal control over financial reporting

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What is a relevant assertion?

A

A financial statement assertion that has a reasonable possibility of containing misstatements that could cause the financial statements to be materially misstated (determination made without regard to the effect of controls)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What are significant accounts and disclosures?

A

An account or disclosure for which there is a reasonable possibility of material misstatement.

The determination is based on inherent risk, w/o regard to effect of IC

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What is the structure of PCAOB Standard 5?

A
  1. Plan the audit
  2. Use a top-down approach to identify controls to test
  3. Test design and operating effectiveness of controls
  4. Evaluate identified deficiencies
  5. Wrap-up
  6. Report on internal control
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What is the date structure used when assessing an opinion on IC effectiveness?

A

Effective at a point in time (as of) v. time period (entire year)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Compare IC for fraud v. errors risk.

A

Risk that IC will fail to prevent/detect misstatement caused by fraud usually is higher than the risk of failure to prevent or detect errors.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What is scaling?

A

Based on size of company; affects achievement of control objectives; natural extension of risk based approach to audits

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What controls might address risk of fraud and management override?

A
  1. Control over significant, unusual transactions
  2. JE and adjustments made in period end financial reporting process
  3. Related party transactions
  4. Significant management estimates
  5. Incentives/pressures of management
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What are the suggestions for using work of others in IC audit?

A

Assess competence and objectivity and use work in lower risk areas.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What are examples of entity level controls?

A

Controls over tone at the top (indirect effect on likelihood of misstatement)

Controls that monitor the operation of other controls (may monitor effectiveness of controls, but not at a level or precision that would address the assessed risk that misstatements will be prevented or detected)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What is the top-down approach?

A

Begin at financial stm level and used to select controls to test

Financial statements (entity level controls) - signif. accounts and disclosures - relevant assertions - major classes of transactions

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Provide more examples of entity-level controls.

A
  1. Controls related to control environment (management philosophy and operating style); integrity and ethical values
  2. Controls over management override
  3. Company’s risk assessment process
  4. Centralized processing and controls
  5. Controls to monitor results of ops
  6. Controls to monitor other controls (internal audit, audit comm, self-assessment)
  7. Controls over period-end financial reporting process
  8. Policies that address significant business control and risk management practices
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What should the accountant consider in identifying significant accounts and disclosures?

A
  1. Size and composition
  2. Susceptibility to misstatement
  3. Volume of activity, complexity, homogeneity of transactions
  4. Nature of account
  5. Accounting and reporting complexities
  6. Exposure to losses in account
  7. Possibility of significant contingent liabilities
  8. Related party transactions
  9. Changes from prior period accounts or disclosures
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

What are relevant assertions?

A
  1. Existences or occurrence
  2. Completeness
  3. Valuation or allocation
  4. Rights and obligations
  5. Presentation and disclosure
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

What objectives should the auditor achieve to further understand the likely sources of misstatement?

A
  1. Understand flow of transactions
  2. Verify that he or she has identified points at which a material misstatement could arise
  3. Identify controls implemented by management to address potential misstatements
  4. Identify controls to prevent or detect unauthorized acquisition, use or disposition of assets that could result in a material misstatement
19
Q

What is design effectiveness of a control?

A

If operating properly, does it satisfy company’s control objectives and prevent/detect material misstmt

Procedures include inquiry, observation and inspection (IOI)

20
Q

What is operating effectiveness of a control?

A
  1. Determine if control operates as designed and whether person performing it has authority and competence
  2. Procedures include inquiry, observation, inspection, and reperformance (IOIR)
  3. Walkthroughs
21
Q

What are walk-throughs?

A

Following a transaction from origination through company processes until it is reflected in financial stmts

Combo of inquiry, observation, inspection and reperformance (IOIR)

22
Q

What are auditors NOT responsible for in an IC audit?

A

Obtaining sufficient evidence to support an opinion about effectiveness of EACH control; but rather an overall opinion

23
Q

Describe the timing of testing controls.

A

Testing controls over greater period of time provides more evidence of effectiveness of control
Testing performed closer to date of management’s assessment provides more testing than early testing

24
Q

What are roll forward procedures?

A

Procedures obtain evidence about operating effectiveness at an interim date and should determine what additional evidence is needed for remaining period

25
Q

What does needed additional evidence when work is performed at an interim period depend on?

A
  1. Details of the control itself and results of tests performed
  2. Sufficiency of evidence of effectiveness obtained at interim date
  3. Length of remaining period
  4. Possibility of significant changes in IC since interim date
26
Q

What is the IC audit designed to identify?

A

Material weakness not deficiencies

27
Q

What does the severity of a deficiency depend on?

A
  1. Whether there is a reasonable possibility that the control will fail to prevent or detect a misstatement
  2. Magnitude of the potential misstmt
28
Q

What are the factors affecting the magnitude of evaluation of deficiencies?

A
  1. Financial stmt amounts or total transactions exposed to the deficiency
  2. Volume of activity exposed to the deficiency in the current period
29
Q

What is the maximum amount that an account balance can be overstated?

A

Generally the recorded amount and understatements can be larger.

30
Q

What are the indicators of material weakness?

A
  1. Identification of fraud, whether or not material, on the part of senior management
  2. Restatement of previously issued financial stms to reflect a correction of a misstatement
  3. Identification by auditor of a material misstatement that would not have been detected by company’s IC
  4. Ineffective oversight of external reporting and IC by audit committee
31
Q

How should material weaknesses be communicated?

A

Communicate in writing, to management and the audit committee prior to issuing the auditor’s report on IC

If oversight by the audit committee of external financial reporting or IC is ineffective, the auditor should communicate in writing to BOD

32
Q

How should significant deficiencies be communicated?

A

Communicate in writing to management and audit committee?

33
Q

How should significant deficiencies and non material weaknesses deficiencies be communicated?

A

Communicate in writing to management and inform audit committee when such comm has been made

34
Q

How should significant deficiencies not corrected but previously communicated to management in writing?

A

Need not be repeated to management.

35
Q

How should significant deficiencies not corrected but previously communicated to audit committee?

A

Should be re-communicated.

36
Q

What type of report is issued if no significant deficiencies or deficiencies were found?

A

No report!

37
Q

What must a report on internal control include?

A
  1. Title with word independent
  2. Statement that management is responsible for IC
  3. Identification of management’s report on IC
  4. Statement that auditor’s responsibility is to express an opinion on IC
  5. Definition of IC
  6. Audit conducted in accordance with PCAOB standards
  7. Standards of PCAOB require auditor to plan and perform audit to obtain reasonable assurance
  8. Audit includes obtaining an understanding of IC, assessing risk that a material weakness exists, testing and evaluating the design and operating effectiveness of IC and performin other procedures
  9. Auditor believes that audit provides reasonable basis for opinion
  10. Paragraph on inherent limitation of IC
  11. Audit opinion on whether IC effective
  12. Manual or printed signature of firm
  13. City and state of firm
  14. Date of report
38
Q

What type of report results when there are material weaknesses?

A

Adverse opinion report

39
Q

What happens if there is scope limitation

A

Withdrawal from engagement or disclaimer of opinion.

40
Q

What happens if management’s report on IC includes info beyond what is normally presented?

A

Auditor should disclaim an opinion on that info

41
Q

What are the differences between PCAOB Standard 5 and AT 501 (Statements on Attestation/Auditing Standards)

A
  • PCAOB: audit; AT 501: examination
  • structured at point in time (as of) for PCAOB; but AT 501 also allows to examine for a period of time
  • AT 501 allows for reporting on management’s assertion; when material weakness exists in AT 501 engagement, audit should report on subject matter
  • AT 501 requires that no such report be issued stating that no material weaknesses were identified during that examination
  • stage referred to as wrapping up by PCAOB 5 is referred to as concluding procedures
  • PCAOB 5 states audit was conducted in accordance with standards of PCAOB while AT 501 states that examination was conducted in accordance with attestation standards established by AICPA
42
Q

What is PCAOB Standard 4?

A

Reporting on whether a previously reported material weakness continues to exist

Report issued indicates the auditor’s opinion that the material weakness no longer exists or exists

43
Q

What type of report results when there is a material weakness?

A

An adverse opinion report.

44
Q

What is the overall approach of PCAOB Standard 4?

A

Management gathers evidence, including documentation that the material weakness no longer exists and then prepares a written report indicating so.

The report issued indicates the auditor’s opinion that the material weakness no longer exists or exists as of the date of management’s assertion.