Review Flashcards
Section 105
As set forth by Section 105 (Title I) of the Sarbanes-Oxley Act, the Public Company Accounting Oversight Board (PCAOB) may investigate any act or practice, or omission to act, by a registered public accounting firm that may violate any provision of the Sarbanes-Oxley Act, PCAOB rules, securities laws, and professional standards.
Possible disciplinary actions include temporary suspension or permanent revocation of registration; temporary or permanent suspension of persons; temporary or permanent limitation on activities, functions, or operations of the firm; civil monetary penalties; censure; additional professional education or training; and any other sanction provided for in the PCAOB rules. Additionally, the PCAOB will strictly sanction intentional or knowing conduct, including reckless conduct, that results in violations and repeat violations.
Independence
Independence is the cornerstone on which the audit, or attest, function of the accounting profession is based. It is the independence of the auditor that assures the public of the fair presentation of the audited financial statements. The audit opinion is the “Independent Auditor’s Report” (AU-C 600.A98 requires that the word “independent” appear in the title of the report).
The auditor’s independence recognizes the need for fairness—fairness to the owners and managers of the company and also to creditors and those who may rely wholly or in part on the auditor’s report.
Independence is the ability to act with integrity and objectivity and not to compromise one’s judgment or conceal or modify an honest opinion. Auditors (both external and internal) must be capable of acting in an honest, unbiased fashion, maintaining the ability to use judgment free from influence by or subordination to the will, opinion, and judgment of others.
The CPA must be independent not only in fact but also in appearance. This means both that a true conflict must not exist (the fact of independence) and that the appearance, or impression, of conflict must not exist (the appearance of independence). Hence, there must not be a compromise to the perception of the independence of the CPA in the mind of a reasonable observer, no matter how innocent the questionable circumstances may truly be. Any appearance of the lack of independence would erode the public’s confidence in the profession as quickly as the fact of a lack of independence.
The “reasonable person” concept is applicable, i.e., whether or not a reasonable person, having all the facts and the normal strength of character, concludes that a specific relationship is lacking in independence, represents a conflict of interest, or is a threat to a CPA’s integrity or objectivity.
GAO Conceptual Framework for Independence
The Government Accountability Office’s conceptual framework for independence involves identifying, evaluating, and applying safeguards to threats. The GAO has identified seven types of circumstances that could lead to threats of independence:
Self-interest Self-review Bias Familiarity Undue influence Management participation Structural threats
Improper influence
It is prohibited for any issuer’s officer or director to take any action to fraudulently influence, coerce, manipulate, or mislead any independent public or certified accountant engaged in the performance of an audit of the financial statements of that issuer for the purpose of rendering such financial statements materially misleading.
Code of ethics
The International Ethics Standards Board for Accountants (IESBA) Code of Ethics for Professional Accountants includes five principles to apply the conceptual framework:
Integrity Objectivity Professional competence and due care Confidentiality Professional behavior
The Government Accountability Office (GAO) has identified seven types of circumstances that could lead to threats of independence.
The Government Accountability Office (GAO) has identified seven types of circumstances that could lead to threats of independence:
Self-interest Self-review Bias Familiarity Undue influence Management participation Structural threats
Yellow Book
The Government Auditing Standards are issued by the comptroller general of the United States, Government Accountability Office (GAO). They are often called the “Yellow Book.” These are audit standards that must be followed for audits of federal organizations, programs, activities, functions, and funds received by contractors, nonprofit organizations, and other external organizations. These standards are recommended for use in audits of state and local government organizations, programs, activities, and functions.
GAO standards incorporate AICPA GAAS but go further, requiring:
a review for compliance with applicable laws and regulations,
external reporting of instances or indication of fraud, and
reports on the entity’s internal control structure.
These standards also contain guidelines for economy, efficiency, and program results audits.
Authoritative Body
In the preface to the AT section for the Statements on Standards for Attestation Engagements is a notation that indicates, “These statements are issued by the Auditing Standards Board, the Accounting and Review Services Committee, and the Management Consulting Services Executive Committee.” These are units of the American Institute of CPAs.
The FASB and GASB are independent authoritative bodies designated to promulgate financial accounting and reporting standards for business (for-profit) and governmental (and not-for-profit) entities.
The Government Accountability Office (GAO) is the accounting, auditing, and investigating agency of the U.S. Congress. This agency has promulgated “Standards for Audit of Governmental Organizations, Programs, Activities, and Functions” (the “Yellow Book”).
GAS
According to GAS (Government Auditing Standards) 1.14, the ethical principles that guide the work of auditors who conduct audits in accordance with Generally Accepted Government Auditing Standards (GAGAS) are the public interest; integrity; objectivity; proper use of government information, resources and positions; and professional behavior.
The “public interest” is defined in the government standards as “the collective well-being of the community of people and the entities the auditors serve” (GAS 1.15). Integrity includes “auditors conducting their work with an attitude that is objective, fact-based, nonpartisan, and nonideological with regard to audited entities and users of the auditors’ reports” (GAS 1.17). Government information is “to be used for official purposes and not inappropriately for the auditor’s personal gain or in a manner contrary to law or detrimental to the legitimate interests of the audited entity or the audit organization” (GAS 1.20).
Materiality in GAGAS financial audits is considered an “additional consideration” in GAGAS audits (GAS 4.46).
Section 104
Section 104 of the Sarbanes-Oxley Act (SOX) dictates that the Public Company Accounting Oversight Board (PCAOB) has the mandate and authority to conduct compliance inspections of each registered public accounting firm. Firms that audit more than 100 issuers are inspected annually. Firms that audit 100 or fewer issuers are inspected every three years.
This section gives the PCAOB the mandate and authority to conduct compliance inspections of each registered public accounting firm.
a. Those firms that audit more than 100 issuers are inspected annually.
b. Those firms that audit 100 or fewer issuers are inspected every three years.
Members of the AICPA designation
Based on the AICPA’s Code of Professional Conduct, a firm may only designate itself as “Members of the AICPA” when all CPA owners are members.
Services allowed by AICPA but not SEC
The AICPA does not prohibit auditors from assisting in the preparation of financial statements, whereas the SEC does. Both the AICPA and SEC prohibit auditors from preparing source documents and recording transactions.
A CPA should take the following steps when retained to review financial statements of a nonissuer:
Establish an understanding with the entity regarding the review service (an engagement letter).
Determine if the CPA is independent. If not, do not continue.
Acquire the necessary knowledge of the client’s industry accounting principles and practices.
Acquire a general understanding of the nature of the client’s business, including (a) its operating characteristics and (b) the nature of its assets, liabilities, revenues, and expenses (including its products and services).
Apply appropriate inquiry and analytical procedures to obtain a basis for communicating whether the CPA is aware of any material modifications that should be made to the financial statements for them to be in conformity with generally accepted accounting principles.
A review does not involve obtaining an understanding of internal control, assessing control risk (assessing the operating efficiency of the entity’s internal control activities), assessing fraud risks (assessing the risk of material misstatement arising from fraudulent financial reporting and the misappropriation of assets), making preliminary judgments about risk and materiality to determine the scope and nature of the procedures to be performed, or testing accounting records to obtain corroborating evidence. These procedures are performed in an audit.
Analytical procedures
Analytical procedures should be applied at two distinct phases in all audits.
- At the initial planning stages of the audit to assist the auditor in planning the nature, extent, and timing of other auditing procedures
- As an overall review of the financial information in the final review stage of the audit
Analytical procedures may also be used by the auditor as substantive procedures to obtain audit evidence about particular assertions.
Analytical procedures
Analytical procedures used in planning the audit should focus on the following:
a. Enhancing the auditor’s understanding of the client’s business and the transactions and events that have occurred since the last audit data
b. Identifying areas that may represent specific risks relevant to the audit
Analytical procedures
Analytical procedures involve comparisons of recorded amounts, or ratios developed from recorded amounts, to expectations developed by the auditor. Examples of sources of information for developing expectations include the following:
a. Financial information for comparable prior period(s) giving consideration to known changes
b. Anticipated results (e.g., budgets or forecasts including extrapolations from interim or annual data)
c. Relationships among elements of financial information within the period
d. Information regarding the industry in which the client operates (e.g., gross margin information)
e. Relationships of financial information with relevant nonfinancial information
Audit strategy
The audit strategy involves consideration of the expected conduct, organization, and staffing of the audit. It is important to establish the audit strategy prior to developing a detailed audit plan. The audit strategy should involve:
defining the scope of the audit (such as the basis of reporting, any industry-specific reporting requirements, and the locations of the entity);
determining reporting deadlines and key dates for expected communications with those charged with governance (this information helps to determine the timing of the audit); and
considering factors that direct the audit team efforts (such as materiality levels, preliminary identification of risks of material misstatement and material account balances, and recent industry or financial developments affecting the client).
The audit strategy assists the auditor in making decisions regarding resources for the audit (how many team members, to which areas they should be assigned, if work should begin at an interim date, and if specialists or other auditors’ work will be used) and how these resources will be managed.
The answer choice “the coordination of the assistance of the client’s personnel in data preparation” describes an issue that will directly affect the auditor’s decisions regarding resources in the audit, and this subject would be part of the overall audit strategy.
Evaluating the entity’s plans to handle adverse economic conditions would be part of understanding the entity and its environment, including its internal control (risk assessment). While an important part of the auditor’s work, this procedure would not be part of the overall audit strategy.
The auditor would not discuss the determination of fraud risk factors or which control weaknesses to include in the audit committee communication with management.
Assertions
This situation is concerned with assertions about account balances at the period-end. Those assertions consist of the following:
Existence: Assets, liabilities, and equity interests exist.
Rights and obligations: The entity holds or controls the rights to assets, and liabilities are the obligations of the entity.
Completeness: All assets, liabilities, and equity interests that should have been recorded have been recorded.
Valuation and allocation: Assets, liabilities, and equity interests are included in the financial statements at appropriate amounts.
By tracing test counts to the client’s inventory listing, you are asserting that all inventory items have been recorded in the inventory listing (completeness assertion).
Work of a specialist
Using the work of a specialist is an important decision, because the auditor is relying on this person to provide audit evidence on complex matters in which the auditor may not be an expert. When the auditor expresses an unmodified opinion on the financial statements, he does not mention the work of the specialist in the audit report.
The auditor should be concerned with the professional credentials, reputation, and experience of the specialist. Knowing that the specialist may have a tendency to produce information in the client’s favor may cause the auditor to apply additional procedures to the specialist’s findings or assumptions. In other words, the auditor should assess the risk that the actuary’s objectivity might be impaired.
The specialist does not need to be independent of the client, and the hiring of a specialist, even one with an existing relationship with the client, is not a significant deficiency. (Remember that a significant deficiency is a deficiency that is considered significant to the design and operation of the internal control structure.)
IT poses many specific risks to an entity’s internal control, including the following:
Reliance on systems or programs that are inaccurately processing data, processing inaccurate data, or both
Unauthorized access to data that may result in destruction of data or improper changes to data
The possibility of IT personnel gaining access privileges beyond those necessary to perform their assigned duties
Unauthorized changes to data in master files
Unauthorized changes to systems or programs
Failure to make necessary changes to systems or programs
Potential loss of data or inability to access data as required
Of the answer choices given, only access controls pose specific risks to the internal controls of an entity. Thus, the auditor would be more concerned with those controls.
Hash totals
Hash totals are an input control. They are a nonsense total; for example, the sum of the digits of an invoice number. A hash total is similar to a control total and is used to verify processing (or output) compared to input.
In this example, the hash total is the sum of the invoice numbers (201 + 202 + 203 + 204).
Code of Ethics Framework
Under the framework of the Code of Ethics for Professional Accountants, all professional accountants are required to identify threats to the fundamental principles and, if there are threats, apply safeguards to ensure that the principles are not compromised. Compliance with the fundamental principles may potentially be threatened by a broad range of circumstances. Many threats fall into the following categories:
a. Self-interest threats, which may occur as a result of financial or other interests that will inappropriately influence the professional accountant’s judgment or behavior
b. Self-review threats, which may occur when a previous judgment needs to be reevaluated by the professional accountant responsible for that judgment
c. Advocacy threats, which may occur when a professional accountant promotes a client’s or employer’s position or opinion to the point that subsequent objectivity may be compromised
d. Familiarity threats, which may occur when, because of a close relationship, a professional accountant becomes too sympathetic to the interests of others
e. Intimidation threats, which may occur when a professional accountant may be deterred from acting objectively by actual or perceived pressures, including attempts to exercise undue influence over the professional accountant
Loans impairment
According to the AICPA Code of Professional Conduct, an automobile loan or lease collateralized by the automobile does not impair the independence rule (ET 1.200.001).
Home mortgage loans, student loans, and personal loans from the client would each be considered an impairment of independence.
The Government Accountability Office (GAO) specifies four interrelated sections with respect to independence:
A conceptual framework
Guidance for audit organizations that are structurally located within the entities they audit
Requirements when performing nonaudit services
Guidance on documentation