Reporting on Compliance Flashcards
When an audit firm includes a report on compliance with aspects of contractual agreements in the auditor’s report on the non-issuer’s financial statements, in which paragraph of the audit report should the report on compliance be included?
A. Auditor’s responsibility paragraph.
B. Opinion paragraph.
C. Other-matter paragraph.
D. Emphasis-of-matter paragraph.
The correct answer is (C).
Often, an auditor is requested to report on an entity’s compliance with aspects of contractual agreements or regulatory requirements in connection with an audit of F/S. This report on Compliance may either be a separate report or provided in an other-matter paragraph in the F/S audit report. An other-matter paragraph is a paragraph included in the auditor’s report that refers to a matter other than those presented or disclosed in the financial statements that, in the auditor’s judgment, is relevant to the readers’ understanding of the audit, the auditor’s responsibilities or the auditor’s report. When an audit firm includes a report on compliance with aspects of contractual agreements in their auditor’s report, it should be included in this paragraph.
The auditor’s responsibility paragraph discusses the auditor’s responsibilities for the audit engagement. The opinion paragraph discusses the opinion for the audit engagement. An emphasis-of-matter paragraph is used to emphasize items that are disclosed in the financial statements.
Question # 593 | Blueprint Area: 4 D : Reporting on Compliance
When performing a compliance audit, the auditor’s report on compliance should not include
A. A statement that the compliance audit provides a legal determination of the entity’s compliance.
B. A statement that compliance with the applicable compliance requirements is the responsibility of the entity’s management.
C. Identification of the applicable compliance requirements or a reference to where they can be found.
D. A statement that the compliance audit was conducted in accordance with auditing standards generally accepted in the United States of America, the standards applicable to financial audits contained in Government Auditing Standards, and the governmental audit requirement.
A.
When performing a compliance audit, the auditor’s report on compliance should include a statement that the compliance audit does not provide a legal determination of the entity’s compliance. The report should also include identification of the applicable compliance requirements or a reference to where they can be found, a statement that compliance with the applicable compliance requirements is the responsibility of the entity’s management, and a statement that the compliance audit was conducted in accordance with auditing standards generally accepted in the United States of America, the standards applicable to financial audits contained in Government Auditing Standards, and the governmental audit requirement.
A practitioner has examined a client’s compliance with debt covenants associated with a bank loan and is ready to issue a report. Which of the following standards apply to the report?
A. Internal control standards.
B. Compliance attestation standards.
C. Agreed-upon procedures standards.
D. Auditing standards of fieldwork.
The correct answer is (B).
The practitioner has examined a client’s compliance with debt covenants associated with a bank loan and must use compliance attestation standards for his/her report. Compliance with contractual agreements or regulatory requirements related to the financial statements is generally verified as attestation engagement. Standards for Attestation Engagements apply to engagements in which the practitioner issues an examination, a review, or an agreed-upon procedures report on the subject matter or an assertion about the subject matter, that is the responsibility of another party. In this case, compliance with debt covenants is the responsibility of the management and the practitioner is issuing an examination report on compliance with debt covenants.
The auditor should test the operating effectiveness of controls over each applicable compliance requirement to which the condition applies in a compliance audit under which of the following conditions?
A. The use of audit evidence about the operating effectiveness of controls applied to prior audits
B. Substantive procedures alone do not provide sufficient appropriate audit evidence
C. Tests of controls over compliance are not required by the governmental audit requirement
D. The auditor’s risk assessment includes no expectation of the operating effectiveness of controls over compliance related to the applicable compliance requirements
B.
The auditor should test the operating effectiveness of controls over each applicable compliance requirement to which the conditions apply in each compliance audit if any of the following conditions are met: the auditor’s risk assessment includes an expectation of the operating effectiveness of controls over compliance related to the applicable compliance requirements; substantive procedures alone do not provide sufficient appropriate audit evidence; and such tests of controls over compliance are required by the governmental audit requirement. The use of audit evidence about the operating effectiveness of controls obtained in prior audits is not applicable to a compliance audit.
If the governmental audit requirement requires the auditor to report on internal control over compliance and the auditor combines the auditor’s report on compliance with a report on internal control over compliance, which of the following statements should be added to the report?
A. No material weaknesses in internal control over compliance were identified, if none were
B. The compliance audit provides a legal determination of the entity’s compliance
C. That the auditor is expressing an opinion on internal control over compliance
D. That the auditor’s consideration of the entity’s internal control over compliance was designed to identify all deficiencies in internal control that might be significant deficiencies material weaknesses in internal control over compliance
A.
If the governmental audit requirement requires the auditor to report on internal control over compliance and the auditor combines the auditor’s report on compliance with a report on internal control over compliance, there are a number of elements that should be added to the report, including a statement that no material weaknesses in internal control over compliance were identified, if none were. Other statements would include: that in planning and performing the compliance audit, the auditor considered the entity’s internal control over compliance with the applicable compliance requirements to determine the auditing procedures for the purpose of expressing an opinion on compliance, but not for the purpose of expressing an opinion on the effectiveness of internal control over compliance; that the auditor is not expressing an opinion on internal control over compliance; and that the auditor’s consideration of the entity’s internal control over compliance was not designed to identify all deficiencies in internal control that might be significant deficiencies or material weaknesses in internal control over compliance.
An auditor should not accept an engagement to report separately on summary financial statements unless
A. The auditor’s report on the financial statements from which the summary financial statements are derived contains an unmodified opinion.
B. The auditor has been engaged to conduct an audit in accordance with US GAAS of the financial statements from which the summary financial statements are derived.
C. The auditor’s report on the financial statements from which the summary financial statements are derived was released less than six months previous to the start of the engagement to report on the summary financial statements.
D. Management agrees not to distribute the report or statements outside the entity.
B.
The auditor should not accept an engagement to report separately on summary financial statements unless the auditor has been engaged to conduct an audit in accordance with US GAAS of the financial statements from which the summary financial statements are derived. Regarding incorrect answer a., when the auditor’s report on the audited financial statements contains an adverse opinion or a disclaimer of opinion, the auditor should withdraw from the engagement to report on the summary financial statements, when withdrawal is possible under applicable law or regulation; however, the auditor may accept an engagement if a qualified opinion was expressed on the audited financial statements. Regarding incorrect answer c., there is no constraint related to engagement acceptance based on the report release date of the audited financial statements. Regarding incorrect answer d., the audit report on summary financial statements is not required to be restricted.
When the auditor reports on compliance with aspects of contractual agreements or regulatory requirements, in connection with the audit of financial statements, in a separate report, the report should
A. Be a general-use report
B. Be dated the same date as the audit report on the financial statements
C. Not reference the audit report on the financial statements
D. Not include negative assurance
B.
The date of the report on compliance should be the same date as the audit report on the related financial statements. Regarding incorrect answer a., the use of report should be restricted. Regarding incorrect answer c., the report should state that the report is being provided in connection with the audit of the financial statements.Regarding incorrect answer d., if the auditor has not identified any instances of noncompliance the report should include a statement that nothing came to the auditor’s attention [negative assurance] that caused the auditor to believe that the entity failed to comply with specified aspects of the contractual agreements or regulatory requirements, insofar as they relate to accounting matters,but only when(1) the audit report on the related financial statements contains an unmodified or qualified opinion and (2) the the applicable covenants or regulatory requirements relate to accounting matters that have been subjected to the audit procedures applied in the audit of financial statements.
Editor Note: When the auditor has expressed an adverse opinion or disclaimed an opinion on the financial statements, the auditor should issue a report on compliance only when instances of non compliance are identified.
The risk that material noncompliance exists prior to a compliance audit consists of
Control risk of noncompliance
Detection risk of noncompliance
Inherent risk of noncompliance
A. I only
B. II only
C. Both I and III
D. I, II, and III
The correct answer is (C).
The risk that material noncompliance exists prior to a compliance audit consists of two components, Inherent Risk of noncompliance and Control Risk of noncompliance.
Inherent Risk of noncompliance is the susceptibility of a compliance requirement to noncompliance that could be material, either individually or when aggregated with other instances of noncompliance, before consideration of any related controls over compliance.
Control Risk of noncompliance is the risk that noncompliance with a compliance requirement that could occur and that could be material, either individually or when aggregated with other instances of noncompliance, will not be prevented, or detected and corrected, on a timely basis by the entity’s internal control over compliance.
Detection Risk of noncompliance is the risk that the procedures performed by the auditor to reduce audit risk of noncompliance to an acceptably low level will not detect noncompliance that exists and that could be material, either individually or when aggregated with other instances of noncompliance.
Detection Risk does not exist prior to a compliance audit. Prior to the audit, the risk of material noncompliance is the aggregate of the Control Risk and the Inherent Risk of noncompliance.
During a compliance audit, the auditor should request written representations from management that are tailored to the entity and the governmental audit requirement
A. Stating that management is responsible for taking corrective action on audit findings of the compliance audit
B. Stating that management has disclosed to the appropriate government authority all known noncompliance with the applicable compliance requirements or stating that there was no such noncompliance
C. Describing management’s interpretation of all applicable compliance requirements
D. Acknowledging management’s responsibility for establishing and maintaining controls that provide absolute assurance that the entity administers government programs in accordance with the compliance requirements
A.
Written representations from management should include a statement that management is responsible for taking corrective action on audit findings of the compliance audit. They should also include a statement that management has disclosed to the auditor (not the appropriate government authority) all known noncompliance with the applicable compliance requirements or stating that there was no such noncompliance. Management need only identify their interpretation of any applicable compliance requirements that are subject to varying interpretations. Management should acknowledge their responsibility for establishing and maintaining controls that provide reasonable (not absolute) assurance that the entity administers government programs in accordance with the compliance requirements.