PCAOB Standard 5 and SASI T 501

Question 1

What is the general objective of IC?

Answer 1

To express an opinion on the effectiveness of the company’s IC

Question 2

What happens if there is an existence of one or more material weaknesses?

Answer 2

IC is not effective

Question 3

What is a control objective?

Answer 3

A specific target against which to evaluate the effectiveness of controls.

Control objective for IC generally relates to a relevant assertion and states a criterion for evaluating whether the company’s control procedures in a specific area provide reasonable assurance that a misstatement in that relevant assertion is prevented or detected on a timely basis.

Question 4

What is management’s assessment?

Answer 4

The assessment required under provisions of SOX that is included in management’s annual report on internal control over financial reporting

Question 5

What is a relevant assertion?

Answer 5

A financial statement assertion that has a reasonable possibility of containing misstatements that could cause the financial statements to be materially misstated (determination made without regard to the effect of controls)

Question 6

What are significant accounts and disclosures?

Answer 6

An account or disclosure for which there is a reasonable possibility of material misstatement.

The determination is based on inherent risk, w/o regard to effect of IC

Question 7

What is the structure of PCAOB Standard 5?

Answer 7

1. Plan the audit
2. Use a top-down approach to identify controls to test
3. Test design and operating effectiveness of controls
4. Evaluate identified deficiencies
5. Wrap-up
6. Report on internal control

Question 8

What is the date structure used when assessing an opinion on IC effectiveness?

Answer 8

Effective at a point in time (as of) v. time period (entire year)

Question 9

Compare IC for fraud v. errors risk.

Answer 9

Risk that IC will fail to prevent/detect misstatement caused by fraud usually is higher than the risk of failure to prevent or detect errors.

Question 10

What is scaling?

Answer 10

Based on size of company; affects achievement of control objectives; natural extension of risk based approach to audits

Question 11

What controls might address risk of fraud and management override?

Answer 11

1. Control over significant, unusual transactions
2. JE and adjustments made in period end financial reporting process
3. Related party transactions
4. Significant management estimates
5. Incentives/pressures of management

Question 12

What are the suggestions for using work of others in IC audit?

Answer 12

Assess competence and objectivity and use work in lower risk areas.

Question 13

What are examples of entity level controls?

Answer 13

Controls over tone at the top (indirect effect on likelihood of misstatement)

Controls that monitor the operation of other controls (may monitor effectiveness of controls, but not at a level or precision that would address the assessed risk that misstatements will be prevented or detected)

Question 14

What is the top-down approach?

Answer 14

Begin at financial stm level and used to select controls to test

Financial statements (entity level controls) - signif. accounts and disclosures - relevant assertions - major classes of transactions

Question 15

Provide more examples of entity-level controls.

Answer 15

1. Controls related to control environment (management philosophy and operating style); integrity and ethical values
2. Controls over management override
3. Company’s risk assessment process
4. Centralized processing and controls
5. Controls to monitor results of ops
6. Controls to monitor other controls (internal audit, audit comm, self-assessment)
7. Controls over period-end financial reporting process
8. Policies that address significant business control and risk management practices

Question 16

What should the accountant consider in identifying significant accounts and disclosures?

Answer 16

1. Size and composition
2. Susceptibility to misstatement
3. Volume of activity, complexity, homogeneity of transactions
4. Nature of account
5. Accounting and reporting complexities
6. Exposure to losses in account
7. Possibility of significant contingent liabilities
8. Related party transactions
9. Changes from prior period accounts or disclosures

Question 17

What are relevant assertions?

Answer 17

1. Existences or occurrence
2. Completeness
3. Valuation or allocation
4. Rights and obligations
5. Presentation and disclosure

Question 18

What objectives should the auditor achieve to further understand the likely sources of misstatement?

Answer 18

1. Understand flow of transactions
2. Verify that he or she has identified points at which a material misstatement could arise
3. Identify controls implemented by management to address potential misstatements
4. Identify controls to prevent or detect unauthorized acquisition, use or disposition of assets that could result in a material misstatement

Question 19

What is design effectiveness of a control?

Answer 19

If operating properly, does it satisfy company’s control objectives and prevent/detect material misstmt

Procedures include inquiry, observation and inspection (IOI)

Question 20

What is operating effectiveness of a control?

Answer 20

1. Determine if control operates as designed and whether person performing it has authority and competence
2. Procedures include inquiry, observation, inspection, and reperformance (IOIR)
3. Walkthroughs

Question 21

What are walk-throughs?

Answer 21

Following a transaction from origination through company processes until it is reflected in financial stmts

Combo of inquiry, observation, inspection and reperformance (IOIR)

Question 22

What are auditors NOT responsible for in an IC audit?

Answer 22

Obtaining sufficient evidence to support an opinion about effectiveness of EACH control; but rather an overall opinion

Question 23

Describe the timing of testing controls.

Answer 23

Testing controls over greater period of time provides more evidence of effectiveness of control
Testing performed closer to date of management’s assessment provides more testing than early testing

Question 24

What are roll forward procedures?

Answer 24

Procedures obtain evidence about operating effectiveness at an interim date and should determine what additional evidence is needed for remaining period

Question 25

What does needed additional evidence when work is performed at an interim period depend on?

Answer 25

1. Details of the control itself and results of tests performed
2. Sufficiency of evidence of effectiveness obtained at interim date
3. Length of remaining period
4. Possibility of significant changes in IC since interim date

Question 26

What is the IC audit designed to identify?

Answer 26

Material weakness not deficiencies

Question 27

What does the severity of a deficiency depend on?

Answer 27

1. Whether there is a reasonable possibility that the control will fail to prevent or detect a misstatement
2. Magnitude of the potential misstmt

Question 28

What are the factors affecting the magnitude of evaluation of deficiencies?

Answer 28

1. Financial stmt amounts or total transactions exposed to the deficiency
2. Volume of activity exposed to the deficiency in the current period

Question 29

What is the maximum amount that an account balance can be overstated?

Answer 29

Generally the recorded amount and understatements can be larger.

Question 30

What are the indicators of material weakness?

Answer 30

1. Identification of fraud, whether or not material, on the part of senior management
2. Restatement of previously issued financial stms to reflect a correction of a misstatement
3. Identification by auditor of a material misstatement that would not have been detected by company’s IC
4. Ineffective oversight of external reporting and IC by audit committee

Question 31

How should material weaknesses be communicated?

Answer 31

Communicate in writing, to management and the audit committee prior to issuing the auditor’s report on IC

If oversight by the audit committee of external financial reporting or IC is ineffective, the auditor should communicate in writing to BOD

Question 32

How should significant deficiencies be communicated?

Answer 32

Communicate in writing to management and audit committee?

Question 33

How should significant deficiencies and non material weaknesses deficiencies be communicated?

Answer 33

Communicate in writing to management and inform audit committee when such comm has been made

Question 34

How should significant deficiencies not corrected but previously communicated to management in writing?

Answer 34

Need not be repeated to management.

Question 35

How should significant deficiencies not corrected but previously communicated to audit committee?

Answer 35

Should be re-communicated.

Question 36

What type of report is issued if no significant deficiencies or deficiencies were found?

Answer 36

No report!

Question 37

What must a report on internal control include?

Answer 37

1. Title with word independent
2. Statement that management is responsible for IC
3. Identification of management’s report on IC
4. Statement that auditor’s responsibility is to express an opinion on IC
5. Definition of IC
6. Audit conducted in accordance with PCAOB standards
7. Standards of PCAOB require auditor to plan and perform audit to obtain reasonable assurance
8. Audit includes obtaining an understanding of IC, assessing risk that a material weakness exists, testing and evaluating the design and operating effectiveness of IC and performin other procedures
9. Auditor believes that audit provides reasonable basis for opinion
10. Paragraph on inherent limitation of IC
11. Audit opinion on whether IC effective
12. Manual or printed signature of firm
13. City and state of firm
14. Date of report

Question 38

What type of report results when there are material weaknesses?

Answer 38

Adverse opinion report

Question 39

What happens if there is scope limitation

Answer 39

Withdrawal from engagement or disclaimer of opinion.

Question 40

What happens if management’s report on IC includes info beyond what is normally presented?

Answer 40

Auditor should disclaim an opinion on that info

Question 41

What are the differences between PCAOB Standard 5 and AT 501 (Statements on Attestation/Auditing Standards)

Answer 41

• PCAOB: audit; AT 501: examination
• structured at point in time (as of) for PCAOB; but AT 501 also allows to examine for a period of time
• AT 501 allows for reporting on management’s assertion; when material weakness exists in AT 501 engagement, audit should report on subject matter
• AT 501 requires that no such report be issued stating that no material weaknesses were identified during that examination
• stage referred to as wrapping up by PCAOB 5 is referred to as concluding procedures
• PCAOB 5 states audit was conducted in accordance with standards of PCAOB while AT 501 states that examination was conducted in accordance with attestation standards established by AICPA

Question 42

What is PCAOB Standard 4?

Answer 42

Reporting on whether a previously reported material weakness continues to exist

Report issued indicates the auditor’s opinion that the material weakness no longer exists or exists

Question 43

What type of report results when there is a material weakness?

Answer 43

An adverse opinion report.

Question 44

What is the overall approach of PCAOB Standard 4?

Answer 44

Management gathers evidence, including documentation that the material weakness no longer exists and then prepares a written report indicating so.

The report issued indicates the auditor’s opinion that the material weakness no longer exists or exists as of the date of management’s assertion.