Review Flashcards
Section 105
As set forth by Section 105 (Title I) of the Sarbanes-Oxley Act, the Public Company Accounting Oversight Board (PCAOB) may investigate any act or practice, or omission to act, by a registered public accounting firm that may violate any provision of the Sarbanes-Oxley Act, PCAOB rules, securities laws, and professional standards.
Possible disciplinary actions include temporary suspension or permanent revocation of registration; temporary or permanent suspension of persons; temporary or permanent limitation on activities, functions, or operations of the firm; civil monetary penalties; censure; additional professional education or training; and any other sanction provided for in the PCAOB rules. Additionally, the PCAOB will strictly sanction intentional or knowing conduct, including reckless conduct, that results in violations and repeat violations.
Independence
Independence is the cornerstone on which the audit, or attest, function of the accounting profession is based. It is the independence of the auditor that assures the public of the fair presentation of the audited financial statements. The audit opinion is the “Independent Auditor’s Report” (AU-C 600.A98 requires that the word “independent” appear in the title of the report).
The auditor’s independence recognizes the need for fairness—fairness to the owners and managers of the company and also to creditors and those who may rely wholly or in part on the auditor’s report.
Independence is the ability to act with integrity and objectivity and not to compromise one’s judgment or conceal or modify an honest opinion. Auditors (both external and internal) must be capable of acting in an honest, unbiased fashion, maintaining the ability to use judgment free from influence by or subordination to the will, opinion, and judgment of others.
The CPA must be independent not only in fact but also in appearance. This means both that a true conflict must not exist (the fact of independence) and that the appearance, or impression, of conflict must not exist (the appearance of independence). Hence, there must not be a compromise to the perception of the independence of the CPA in the mind of a reasonable observer, no matter how innocent the questionable circumstances may truly be. Any appearance of the lack of independence would erode the public’s confidence in the profession as quickly as the fact of a lack of independence.
The “reasonable person” concept is applicable, i.e., whether or not a reasonable person, having all the facts and the normal strength of character, concludes that a specific relationship is lacking in independence, represents a conflict of interest, or is a threat to a CPA’s integrity or objectivity.
GAO Conceptual Framework for Independence
The Government Accountability Office’s conceptual framework for independence involves identifying, evaluating, and applying safeguards to threats. The GAO has identified seven types of circumstances that could lead to threats of independence:
Self-interest Self-review Bias Familiarity Undue influence Management participation Structural threats
Improper influence
It is prohibited for any issuer’s officer or director to take any action to fraudulently influence, coerce, manipulate, or mislead any independent public or certified accountant engaged in the performance of an audit of the financial statements of that issuer for the purpose of rendering such financial statements materially misleading.
Code of ethics
The International Ethics Standards Board for Accountants (IESBA) Code of Ethics for Professional Accountants includes five principles to apply the conceptual framework:
Integrity Objectivity Professional competence and due care Confidentiality Professional behavior
The Government Accountability Office (GAO) has identified seven types of circumstances that could lead to threats of independence.
The Government Accountability Office (GAO) has identified seven types of circumstances that could lead to threats of independence:
Self-interest Self-review Bias Familiarity Undue influence Management participation Structural threats
Yellow Book
The Government Auditing Standards are issued by the comptroller general of the United States, Government Accountability Office (GAO). They are often called the “Yellow Book.” These are audit standards that must be followed for audits of federal organizations, programs, activities, functions, and funds received by contractors, nonprofit organizations, and other external organizations. These standards are recommended for use in audits of state and local government organizations, programs, activities, and functions.
GAO standards incorporate AICPA GAAS but go further, requiring:
a review for compliance with applicable laws and regulations,
external reporting of instances or indication of fraud, and
reports on the entity’s internal control structure.
These standards also contain guidelines for economy, efficiency, and program results audits.
Authoritative Body
In the preface to the AT section for the Statements on Standards for Attestation Engagements is a notation that indicates, “These statements are issued by the Auditing Standards Board, the Accounting and Review Services Committee, and the Management Consulting Services Executive Committee.” These are units of the American Institute of CPAs.
The FASB and GASB are independent authoritative bodies designated to promulgate financial accounting and reporting standards for business (for-profit) and governmental (and not-for-profit) entities.
The Government Accountability Office (GAO) is the accounting, auditing, and investigating agency of the U.S. Congress. This agency has promulgated “Standards for Audit of Governmental Organizations, Programs, Activities, and Functions” (the “Yellow Book”).
GAS
According to GAS (Government Auditing Standards) 1.14, the ethical principles that guide the work of auditors who conduct audits in accordance with Generally Accepted Government Auditing Standards (GAGAS) are the public interest; integrity; objectivity; proper use of government information, resources and positions; and professional behavior.
The “public interest” is defined in the government standards as “the collective well-being of the community of people and the entities the auditors serve” (GAS 1.15). Integrity includes “auditors conducting their work with an attitude that is objective, fact-based, nonpartisan, and nonideological with regard to audited entities and users of the auditors’ reports” (GAS 1.17). Government information is “to be used for official purposes and not inappropriately for the auditor’s personal gain or in a manner contrary to law or detrimental to the legitimate interests of the audited entity or the audit organization” (GAS 1.20).
Materiality in GAGAS financial audits is considered an “additional consideration” in GAGAS audits (GAS 4.46).
Section 104
Section 104 of the Sarbanes-Oxley Act (SOX) dictates that the Public Company Accounting Oversight Board (PCAOB) has the mandate and authority to conduct compliance inspections of each registered public accounting firm. Firms that audit more than 100 issuers are inspected annually. Firms that audit 100 or fewer issuers are inspected every three years.
This section gives the PCAOB the mandate and authority to conduct compliance inspections of each registered public accounting firm.
a. Those firms that audit more than 100 issuers are inspected annually.
b. Those firms that audit 100 or fewer issuers are inspected every three years.
Members of the AICPA designation
Based on the AICPA’s Code of Professional Conduct, a firm may only designate itself as “Members of the AICPA” when all CPA owners are members.
Services allowed by AICPA but not SEC
The AICPA does not prohibit auditors from assisting in the preparation of financial statements, whereas the SEC does. Both the AICPA and SEC prohibit auditors from preparing source documents and recording transactions.
A CPA should take the following steps when retained to review financial statements of a nonissuer:
Establish an understanding with the entity regarding the review service (an engagement letter).
Determine if the CPA is independent. If not, do not continue.
Acquire the necessary knowledge of the client’s industry accounting principles and practices.
Acquire a general understanding of the nature of the client’s business, including (a) its operating characteristics and (b) the nature of its assets, liabilities, revenues, and expenses (including its products and services).
Apply appropriate inquiry and analytical procedures to obtain a basis for communicating whether the CPA is aware of any material modifications that should be made to the financial statements for them to be in conformity with generally accepted accounting principles.
A review does not involve obtaining an understanding of internal control, assessing control risk (assessing the operating efficiency of the entity’s internal control activities), assessing fraud risks (assessing the risk of material misstatement arising from fraudulent financial reporting and the misappropriation of assets), making preliminary judgments about risk and materiality to determine the scope and nature of the procedures to be performed, or testing accounting records to obtain corroborating evidence. These procedures are performed in an audit.
Analytical procedures
Analytical procedures should be applied at two distinct phases in all audits.
- At the initial planning stages of the audit to assist the auditor in planning the nature, extent, and timing of other auditing procedures
- As an overall review of the financial information in the final review stage of the audit
Analytical procedures may also be used by the auditor as substantive procedures to obtain audit evidence about particular assertions.
Analytical procedures
Analytical procedures used in planning the audit should focus on the following:
a. Enhancing the auditor’s understanding of the client’s business and the transactions and events that have occurred since the last audit data
b. Identifying areas that may represent specific risks relevant to the audit
Analytical procedures
Analytical procedures involve comparisons of recorded amounts, or ratios developed from recorded amounts, to expectations developed by the auditor. Examples of sources of information for developing expectations include the following:
a. Financial information for comparable prior period(s) giving consideration to known changes
b. Anticipated results (e.g., budgets or forecasts including extrapolations from interim or annual data)
c. Relationships among elements of financial information within the period
d. Information regarding the industry in which the client operates (e.g., gross margin information)
e. Relationships of financial information with relevant nonfinancial information
Audit strategy
The audit strategy involves consideration of the expected conduct, organization, and staffing of the audit. It is important to establish the audit strategy prior to developing a detailed audit plan. The audit strategy should involve:
defining the scope of the audit (such as the basis of reporting, any industry-specific reporting requirements, and the locations of the entity);
determining reporting deadlines and key dates for expected communications with those charged with governance (this information helps to determine the timing of the audit); and
considering factors that direct the audit team efforts (such as materiality levels, preliminary identification of risks of material misstatement and material account balances, and recent industry or financial developments affecting the client).
The audit strategy assists the auditor in making decisions regarding resources for the audit (how many team members, to which areas they should be assigned, if work should begin at an interim date, and if specialists or other auditors’ work will be used) and how these resources will be managed.
The answer choice “the coordination of the assistance of the client’s personnel in data preparation” describes an issue that will directly affect the auditor’s decisions regarding resources in the audit, and this subject would be part of the overall audit strategy.
Evaluating the entity’s plans to handle adverse economic conditions would be part of understanding the entity and its environment, including its internal control (risk assessment). While an important part of the auditor’s work, this procedure would not be part of the overall audit strategy.
The auditor would not discuss the determination of fraud risk factors or which control weaknesses to include in the audit committee communication with management.
Assertions
This situation is concerned with assertions about account balances at the period-end. Those assertions consist of the following:
Existence: Assets, liabilities, and equity interests exist.
Rights and obligations: The entity holds or controls the rights to assets, and liabilities are the obligations of the entity.
Completeness: All assets, liabilities, and equity interests that should have been recorded have been recorded.
Valuation and allocation: Assets, liabilities, and equity interests are included in the financial statements at appropriate amounts.
By tracing test counts to the client’s inventory listing, you are asserting that all inventory items have been recorded in the inventory listing (completeness assertion).
Work of a specialist
Using the work of a specialist is an important decision, because the auditor is relying on this person to provide audit evidence on complex matters in which the auditor may not be an expert. When the auditor expresses an unmodified opinion on the financial statements, he does not mention the work of the specialist in the audit report.
The auditor should be concerned with the professional credentials, reputation, and experience of the specialist. Knowing that the specialist may have a tendency to produce information in the client’s favor may cause the auditor to apply additional procedures to the specialist’s findings or assumptions. In other words, the auditor should assess the risk that the actuary’s objectivity might be impaired.
The specialist does not need to be independent of the client, and the hiring of a specialist, even one with an existing relationship with the client, is not a significant deficiency. (Remember that a significant deficiency is a deficiency that is considered significant to the design and operation of the internal control structure.)
IT poses many specific risks to an entity’s internal control, including the following:
Reliance on systems or programs that are inaccurately processing data, processing inaccurate data, or both
Unauthorized access to data that may result in destruction of data or improper changes to data
The possibility of IT personnel gaining access privileges beyond those necessary to perform their assigned duties
Unauthorized changes to data in master files
Unauthorized changes to systems or programs
Failure to make necessary changes to systems or programs
Potential loss of data or inability to access data as required
Of the answer choices given, only access controls pose specific risks to the internal controls of an entity. Thus, the auditor would be more concerned with those controls.
Hash totals
Hash totals are an input control. They are a nonsense total; for example, the sum of the digits of an invoice number. A hash total is similar to a control total and is used to verify processing (or output) compared to input.
In this example, the hash total is the sum of the invoice numbers (201 + 202 + 203 + 204).
Code of Ethics Framework
Under the framework of the Code of Ethics for Professional Accountants, all professional accountants are required to identify threats to the fundamental principles and, if there are threats, apply safeguards to ensure that the principles are not compromised. Compliance with the fundamental principles may potentially be threatened by a broad range of circumstances. Many threats fall into the following categories:
a. Self-interest threats, which may occur as a result of financial or other interests that will inappropriately influence the professional accountant’s judgment or behavior
b. Self-review threats, which may occur when a previous judgment needs to be reevaluated by the professional accountant responsible for that judgment
c. Advocacy threats, which may occur when a professional accountant promotes a client’s or employer’s position or opinion to the point that subsequent objectivity may be compromised
d. Familiarity threats, which may occur when, because of a close relationship, a professional accountant becomes too sympathetic to the interests of others
e. Intimidation threats, which may occur when a professional accountant may be deterred from acting objectively by actual or perceived pressures, including attempts to exercise undue influence over the professional accountant
Loans impairment
According to the AICPA Code of Professional Conduct, an automobile loan or lease collateralized by the automobile does not impair the independence rule (ET 1.200.001).
Home mortgage loans, student loans, and personal loans from the client would each be considered an impairment of independence.
The Government Accountability Office (GAO) specifies four interrelated sections with respect to independence:
A conceptual framework
Guidance for audit organizations that are structurally located within the entities they audit
Requirements when performing nonaudit services
Guidance on documentation
Departure from FASB
According to the profession’s ethical standards, in unusual situations a departure from a FASB Accounting Standard may be necessary to keep the financial statements from being misleading. The Code specifically recognizes that accounting principles cannot anticipate all of the circumstances to which the principles may be applied. Examples of such cases include both the passage of new legislation and the evolution of a new form of business transaction. Thus, both of these situations justify such a departure.
Operating effectiveness of internal controls
The evaluation of the operating effectiveness of an internal control is concerned with how the control was applied (whether manual or automated), the consistency with which it was applied, and by whom it was applied. Inspection of documents and reports, and observation and inquiry of client personnel would assist with evaluating operating effectiveness.
Preparation of system flowcharts, however, assists the auditor with understanding the design of the internal control, not the operating effectiveness. Flowcharts would provide the least assurance about the operating effectiveness of an internal control.
Management representation letter
Management, not the accountant, acknowledges its responsibility for the fair presentation in the financial statements of financial position, results of operations, and cash flows in conformity with generally accepted accounting principles.
The accountant need not be in physical receipt of the management representation letter as of the date of the accountant’s review report, provided that management has acknowledged that they will sign the representation letter without modification and it is received prior to the release of the report (which could be after the date of the accountant’s review report). The management representation letter should be addressed to the accountant. The letter should be signed by those members of management whom the accountant believes are responsible for and knowledgeable about (directly or through others in the organization) the matters covered in the representation letter. Normally, the chief executive officer and chief financial officer or others with equivalent positions in the entity should sign the representation letter (AR 90.24).
If current management was not present during all periods covered by the accountant’s report, the accountant should nevertheless obtain written representations from current management for all such periods (AR 90.22).
Regarding significant findings from the audit, the auditor should communicate with those charged with governance the following matters:
a. The auditor’s views about qualitative aspects of the entity’s significant accounting practices, including accounting policies, accounting estimates, and financial statement disclosures
b. Significant difficulties, if any, encountered during the audit
c. Uncorrected misstatements, other than those the auditor believes are trivial, if any
d. Disagreements with management, if any
e. Other findings or issues, if any, arising from the audit that are, in the auditor’s professional judgment, significant and relevant to those charged with governance regarding their oversight of the financial reporting process
Independence in a compilation
AR-C 80.22 states, “When the accountant is not independent with respect to the entity, the accountant should indicate the accountant’s lack of independence in a final paragraph of the accountant’s compilation report.”
A compilation expresses no assurance on the financial statements, so a compilation report with negative assurance would not be issued. The accountant must be independent to perform a review engagement; therefore, the engagement would not be upgraded to a review if the accountant were not independent with respect to the entity.
Specialist
If, as a result of the work performed by the specialist, the auditor decides to add explanatory language, the auditor may refer to the specialist in the auditor’s report. The only time the auditor should refer to the work or findings of a specialist in the audit report would be if reference to the specialist’s findings clarifies an emphasis-of-matter or other-matter paragraph (such as for an unusually important subsequent event) or facilitates an understanding of a departure from an unmodified opinion.
The auditor should not imply that a more thorough audit was performed.
Evidence
Analytical procedures have the highest level of evidence when they use direct predictable relationships within financial statements. The amount of interest expense is directly related to balances and rates of interest bearing accounts and notes payable. Many factors affect the balances of accounts receivable, accounts payable, and travel and entertainment expense, which cannot be predicted with complete accuracy.
Misstatements
Misstatements can result from errors or fraud and may consist of any of the following:
a. An inaccuracy in gathering or processing data from which financial statements are prepared
b. A difference between the amount, classification, or presentation of a reported financial statement element, account, or item and the amount, classification, or presentation that would have been reported under the applicable reporting framework
c. The omission of a financial statement element, account, or item
d. A financial statement disclosure that is not presented in conformity with the applicable financial reporting framework
e. The omission of information required to be disclosed in conformity with the applicable reporting framework
f. An incorrect accounting estimate arising, for example, from an oversight or misinterpretation of facts
g. Differences between management’s and the auditor’s judgments concerning accounting estimates, or the selection and application of accounting policies that the auditor considers inappropriate
Management representation letter
In addition to requesting management to confirm that it has fulfilled its responsibilities, the auditor also may ask management to reconfirm its acknowledgment and understanding of those responsibilities in written representations. This is common but, in any event, may be particularly appropriate when:
those who signed the terms of the audit engagement on behalf of the entity no longer have the relevant responsibilities,
the terms of the audit engagement were prepared in a previous year,
any indication exists that management misunderstands those responsibilities, or
changes in circumstances make it appropriate to do so.
Consistent with the requirement of section 210, Terms of Engagement, such reconfirmation of management’s acknowledgment and understanding of its responsibilities is unconditional and is not made subject to the best of management’s knowledge and belief (as discussed in paragraph .A6 of this section).
The Public Company Accounting Oversight Board (PCAOB) was established by the Sarbanes-Oxley Act of 2002. Section 101(a) of the Sarbanes-Oxley Act states:
There is established the Public Company Accounting Oversight Board, to oversee the audit of public companies that are subject to the securities laws, and related matters, in order to protect the interests of investors and further the public interest in the preparation of informative, accurate, and independent audit reports for companies the securities of which are sold to, and held by and for, public investors.
SOX Section 204: Auditor Reports to Audit Committees
Section 204 of SOX Title II amends Section 10A of the Securities Exchange Act of 1934 by requiring that each registered public accounting firm that performs an audit of issuer financial statements timely report to the issuer’s audit committee:
a. all critical accounting policies and practices to be used;
b. all alternative treatments of financial information within GAAP that have been discussed with management officials of the issuer, ramifications of the use of such alternative disclosures and treatments, and the treatment preferred by the registered public accounting firm; and
c. other material written communications between the registered public accounting firm and the management of the issuer, such as any management letter or schedule of unadjusted differences.
Attribute sampling
Attribute sampling measures how many times an attribute (e.g., the absence of a required signature on a receiving report) occurs in a sample. Variable sampling measures the variance of dollar amounts in the sample items (e.g., that the extended dollar amount on a receiving report is correctly calculated). Attribute sampling would be used to inspect employee timecards for proper approval by supervisors. Attribute sampling is not appropriate to examine account balances, such as accounts receivable, inventory, or fixed assets; that would require the use of variable sampling.
The successor should inquire of the predecessor regarding the following:
a. Information that might bear on the integrity of management
b. Disagreements with management as to accounting principles, auditing procedures, or other similarly significant matters
c. Communications to those charged with governance regarding fraud and noncompliance with laws or regulations by the entity
d. Communications to management and those charged with governance regarding significant deficiencies and material weaknesses in internal control
e. The predecessor’s understanding as to the reasons for the change of auditors
AICPA Quality Control Standard (QC) 10.27 states:
“The firm should establish policies and procedures for the acceptance and continuance of client relationships and specific engagements, designed to provide the firm with reasonable assurance that it will undertake or continue relationships and engagements only when the firm:
a. is competent to perform the engagement and has the capabilities, including time and resources, to do so;
b. can comply with legal and relevant ethical requirements; and
c. has considered the integrity of the client, and does not have information that would lead it to conclude that the client lacks integrity.”
The accountant should not accept an engagement to be performed in accordance with SSARS if :
a. the accountant has reason to believe that relevant ethical requirements will not be satisfied;
b. the accountant’s preliminary understanding of the engagement circumstances indicate that information needed to perform the engagement is likely to be unavailable or unreliable; or
c. the accountant has cause to doubt management’s integrity such that it is likely to affect the performance of the engagement. (AR-C 60.24).
As a condition for accepting an engagement to be performed in accordance with SSARSs, the accountant should:
a. determine whether preliminary knowledge of the engagement circumstances indicate that ethical requirements regarding professional competence will be satisfied.
b. determine whether the financial reporting framework selected by management to be applied in the preparation of the financial statements is acceptable.
c. obtain the agreement of management that it acknowledges and understands its responsibility.
I. for the selection of the financial reporting framework to be applied in the preparation of financial statements.
II. for the design, implementation, and maintenance of internal control relevant to the preparation and fair presentation of the financial statements that are free from material misstatement, whether due to fraud or error.
III. for preventing and detecting fraud.
IV. for ensuring that the entity complies with laws and regulations applicable to its activities.
V. for the accuracy and completeness of the records, documents, explanations, and other information, including significant judgments provided by management for the preparation of financial statements.
VI. to provide the accountant with:
i. access to all information of which management is aware that is relevant to the preparation and fair presentation of the financial statements, such as records, documentation, and other matters.
ii. additional information that the accountant may request from management for the purpose of the engagement.
iii. unrestricted access to persons within the entity of whom the accountant determines it necessary to make inquiries. (AR-C 60.25)
Misstatements can result from errors or fraud and may consist of any of the following:
a. An inaccuracy in gathering or processing data from which financial statements are prepared
b. A difference between the amount, classification, or presentation of a reported financial statement element, account, or item and the amount, classification, or presentation that would have been reported under the applicable reporting framework
c. The omission of a financial statement element, account, or item
d. A financial statement disclosure that is not presented in conformity with the applicable financial reporting framework
e. The omission of information required to be disclosed in conformity with the applicable reporting framework
f. An incorrect accounting estimate arising, for example, from an oversight or misinterpretation of facts
g. Differences between management’s and the auditor’s judgments concerning accounting estimates, or the selection and application of accounting policies that the auditor considers inappropriate
According to AU-C 240.A19, the auditor should use professional judgment to determine those others within the entity to whom inquiries should be directed and the extent of such inquiries. In making this determination, the auditor should consider whether others within the entity may be able to provide information that will be helpful to the auditor in identifying risks of material misstatement due to fraud.
Examples of individuals within the entity to whom the auditor may wish to direct fraud related inquiries include the following:
Employees with varying levels of authority within the entity, including, for example, entity personnel with whom the auditor comes into contact during the course of the audit in obtaining (a) an understanding of the entity’s systems and internal control, (b) in observing inventory or performing cutoff procedures, or (c) in obtaining explanations for fluctuations noted as a result of analytical procedures
Operating personnel not directly involved in the financial reporting process
Employees involved in initiating, recording, or processing complex or unusual transactions—for example, a sales transaction with multiple elements, or a significant related party transaction
In-house legal counsel
Completion of the audit file
Completion of the audit file under auditing standards generally accepted in the United States of America is required within 60 days following the report release date. Completion of the audit file under PCAOB standards is required within 45 days following the report release date.
Control activities
Control activities are the policies and procedures that help ensure that management directives are carried out and necessary actions are taken to address risks that threaten the achievement of the entity’s objectives. Examples of specific control activities include the following:
a. Authorization
b. Segregation of duties
c. Safeguarding
d. Asset accountability
e. Performance reviews
SOX Section 208: Commission Authority
It is unlawful under Section 208 of SOX Title II for any registered public accounting firm to prepare or issue any audit report with respect to any issuer, if the firm or associated person engages in any activity with respect to that issuer that is prohibited by Section 10A of the Securities Exchange Act of 1934, or any rule or regulation of the SEC or PCAOB.
Audit Committee
Section 10A(m) of the Securities Exchange Act of 1934 prohibits the receipt of “any” consulting, advisory, or compensatory fees from the registrant for services other than as a member of the board.
Members of an issuer’s audit committee:
may establish procedures for employees to anonymously report fraud.
are typically responsible for the compensation of the public accounting firm employed by the registrant to provide an audit report.
may engage independent counsel as deemed necessary to carry out their duties.
Letters of inquiry sent to client’s attorneys
Letters of inquiry are sent to the client’s attorneys to provide the auditor with corroboration of the information furnished by management about litigation, claims, and assessments. The identification, description, and evaluation of asserted claims, assessments, and litigation (pending or threatened) and of probable outcomes are the responsibility of management. The attorney merely confirms this information according to his or her knowledge.
The client’s historical experiences in recent similar litigation are irrelevant; the outcome and the effects for every case must be evaluated independently
The auditor should obtain a sufficient understanding by performing risk assessment procedures to evaluate the design of controls relevant to an audit of financial statements and to determine whether they have been implemented. The auditor should use such knowledge to:
a. identify types of potential misstatements.
b. consider factors that affect the risks of material misstatement.
c. design tests of controls, when applicable, and substantive procedures.
While a successor accountant is not required to communicate with the predecessor accountant in connection with acceptance of a compilation or review engagement of a nonissuer, under some circumstances it may be beneficial to obtain information from the predecessor that will assist in determining whether to accept the engagement:
a. The information obtained about the prospective client is limited or appears to require special attention.
b. The change in accountants takes place substantially after the end of the accounting period for which statements are to be compiled or reviewed.
c. Frequent changes in accountants have occurred.
In evaluating whether management has identified all accounting estimates that could be material to the financial statements, the auditor considers the circumstances of the industry or industries in which the entity operates, its methods of conducting business, new accounting pronouncements, and other external factors. The auditor should consider performing the following procedures:
Consider assertions embodied in the financial statements to determine the need for estimates.
Evaluate information obtained in performing other procedures, such as the following:
Information about changes made or planned in the entity’s business, including changes in operating strategy, and the industry in which the entity operates that may indicate the need to make an accounting estimate
Changes in the methods of accumulating information
Information concerning identified litigation, claims, and assessments, and other contingencies
Information from reading available minutes of meetings of stockholders, directors, and appropriate committees
Information contained in regulatory or examination reports, supervisory correspondence, and similar materials from applicable regulatory agencies
Inquire of management about the existence of circumstances that may indicate the need to make an accounting estimate.
When financial statements that the accountant has compiled omit substantially all disclosures but are otherwise in conformity with the applicable financial reporting framework, the accountant should include a separate paragraph in the accountant’s compilation report that includes the following elements: (AR-C 80.25)
a. A statement that management has elected to omit substantially all the disclosures (and the statement of cash flows, if applicable) required by the applicable financial reporting framework (or ordinarily included in the financial statements if the financial statements are prepared in accordance with a special purpose framework)
b. A statement that if the omitted disclosures (and the statement of cash flows, if applicable) were included in the financial statements, they might influence the user’s conclusions about the entity’s financial position, results of operations, and cash flows (or the equivalent for presentations other than GAAP)
c. A statement that, accordingly, the financial statements are not designed for those who are not informed about such matters.
Prior period financials audited by predecessor auditor
If the prior-period financials have been audited by a predecessor auditor whose report is not presented, the successor auditor should indicate that fact in the introductory paragraph of the audit report, along with the date and type (qualified, unmodified, etc.) of the predecessor auditor’s report.
Any financial statements presented with the audit report must be mentioned in the audit report for the comparative statements. The auditor does not have the option to ignore the prior year’s financials, even if they were audited by someone else. Any amount of assurance (even limited assurance) expressed by the current auditor regarding the prior year’s statements would require that audit procedures be performed in order to support that opinion. The current auditor is not required to obtain any representations from the predecessor auditor concerning the prior year’s statements.
The internal auditor’s objectivity would evidence if she is impartial and operates free of conflicts of interest. Understanding the organizational status of the director of internal audit would assist the auditor with assessing the internal auditor’s objectivity. To do this, the auditor would look at various factors:
Does the internal auditor report to a person who has the ability to consider and act on the internal auditor’s findings?
Can the internal auditor report directly to those charged with governance, and does he do so regularly?
Do those charged with governance oversee employment decisions regarding the internal auditor?
The professional certifications of the internal audit staff would assist the auditor with assessing the competence of the internal auditors.
The consistency of the internal audit reports with the results of work performed and the appropriateness of internal audit conclusions would assist the auditor with assessing the quality and effectiveness of the internal auditor’s work.
GAAP
Generally accepted accounting principles (GAAP) are not broad guidelines, but the conventions, rules, and procedures (methods of applying the principles and practices) that govern how financial statements are prepared and presented. The principles are dynamic, and updates are regularly published.
GAAP is not just set forth in AICPA rules; GAAP comes from many different sources (including, but not limited to, FASB Statements of Financial Accounting Standards, FASB Interpretations, FASB Staff Positions, AICPA Accounting Research Bulletins, and AICPA Accounting Principles Board Opinions), all of which can be researched through the FASB Codification. Rules and interpretive releases of the Securities and Exchange Commission (SEC) are also sources of authoritative GAAP for SEC registrants.
GAAP represents the established criteria upon which management’s assertions are evaluated by the auditor. The objective of an audit is to state whether the financial statements are presented fairly in conformity with GAAP. The first standard of reporting (for generally accepted auditing standards) requires that the auditor state in the report whether the financial statements are presented in accordance with GAAP. However, the mention of GAAP in the report does not indicate that the audit has been conducted in accordance with GAAS.
Quality Control
In accordance with Statement on Quality Control Standards (SQCS) 7, A Firm’s System of Quality Control, the quality control policies and procedures applicable to a firm’s accounting and auditing practice should encompass the following elements:
Leadership responsibilities for quality within the firm
Relevant ethical requirements
Acceptance and continuance of client relationships and specific engagements
Human resources
Engagement performance
Monitoring
Consideration of the advancement of the audit firm’s personnel would be part of the human resources element of quality control. The consultation procedures are considered in the engagement performance element of quality control.
Work of a specialist
If, as a result of the work performed by the specialist, the auditor decides to add explanatory language, the auditor may refer to the specialist in the auditor’s report. The only time the auditor should refer to the work or findings of a specialist in the audit report would be if reference to the specialist’s findings clarifies an emphasis-of-matter or other-matter paragraph (such as for an unusually important subsequent event) or facilitates an understanding of a departure from an unmodified opinion.
The auditor should not imply that a more thorough audit was performed.
Significant deficiencies restriction
Any report issued on significant deficiencies or material weaknesses should include a statement restricting the distribution of the report. For example, “The communication is intended solely for the information and use of management, those charged with governance, and others within the organization and is not intended to be and should not be used by anyone other than these specified parties.”
The only other items that are required to be included in such a communication are:
a statement that the auditor’s consideration of internal control was to express an opinion on the financial statements and not to provide assurance on the internal control (thus no tests would be performed to search for material weaknesses);
a statement that the auditor is not expressing an opinion on the effectiveness of internal control;
a statement that the auditor’s consideration of internal control was not designed to identify all deficiencies in internal control that might be significant deficiencies or material weaknesses;
the definitions of material weakness and significant deficiency; and
the identification of matters considered to be significant deficiencies and material weaknesses.
Independence CPA
The AICPA Code of Professional Conduct clearly states, “For a member in public practice, the maintenance of objectivity and independence requires a continuing assessment of client relationships and public responsibility” (ET 0.300.050.04). The independence is required in both auditing and other attestation services.
Work of a specialist reference
The auditor may hire a specialist to work with the audit team and then use that specialist’s work as audit evidence to support the auditor’s opinion. The only time the auditor should refer to the work or findings of a specialist in the audit report would be if reference to the specialist’s findings clarifies an emphasis-of-matter or other-matter paragraph (such as for an unusually important subsequent event) or facilitates an understanding of a departure from an unmodified opinion.
The auditor does not want to imply that a more thorough audit was performed (than was performed by an auditor not making reference to a specialist). Moreover, mention of the specialist in the auditor’s report could be confused as a division of responsibility.
Suggestions to management for strengthening internal control would not be placed in the audit report. They would be reported in a separate communication to those charged with governance along with any significant deficiencies or material weaknesses.
OMB Circular A-133 on nonprofit
An auditor reporting in accordance with OMB Circular A-133 in a schedule of findings and questioned costs would not include a disclaimer of opinion as to whether all questioned costs have been reported. Such reporting would significantly alter the purpose of this portion of the auditor’s report.
Disclosure of fraudulent activities
The disclosure of fraudulent activities to parties other than the client’s senior management and those charged with governance is not ordinarily part of the auditor’s responsibility and would normally not be permitted due to confidentiality. Under certain circumstances, however, the auditor may be required to disclose information to outside parties. These circumstances could be to comply with legal and regulatory requirements, to respond to a successor auditor, when subpoenaed, and in accordance with grant requirements when clients receive governmental assistance.
The auditor should:
communicate to those charged with governance all fraud involving senior management and fraud that causes a material misstatement (not inconsequential acts),
report to those charged with governance and management any significant deficiencies due to risks of material misstatement due to fraud, and
inform the appropriate level of management of evidence that fraud has occurred, even if the matter is inconsequential.
When comparative statements are presented (20X1 and 20X2), the accountant should select the appropriate reporting option. Alternatives available are:
reissue the previous report on the 20X1 statements.
make reference (by adding an additional paragraph to the 20X2 report) to the previously issued 20X1 report and describe the degree of responsibility assumed for the 20X1 statements in the 20X2 report.
update the 20X1 report.
Since a previously issued report that is not appropriate for the current status of the entity should not be reissued or referred to in the report of the financial statements of the current period, the auditor in this problem should select the update alternative and change the previously issued opinion on the prior year’s financial statements because they are restated to conform with an applicable financial reporting framework.
Financial experts are persons who:
have an understanding of GAAP and financial statements,
are experienced in the preparation or auditing of financial statements and the application of accounting principles,
are experienced with internal accounting controls, and
have an understanding of audit committee functions.
Scope limitation
When an auditor is unable to obtain sufficient appropriate audit evidence about a significant item in the financial statements, he has a scope limitation. Scope limitations result in the issuance of a qualified opinion or a disclaimer of opinion.
In a compilation of a financial forecast, the CPA would assemble the financial statements based on management’s assumptions, perform compilation procedures and consider whether the financial statements are presented according to AICPA guidelines, and issue a compilation report. A compilation provides no assurance on the financial statements or on the assumptions underlying the statements.
The compilation report should:
identify the prospective financial statements,
state that the compilation was performed in accordance with attestation standards established by the American Institute of Certified Public Accountants (AICPA),
state that the compilation is limited in scope and that the CPA does not issue an opinion or any assurance on the financial statements,
contain the statement that forecasted results may not be achieved (there will usually be differences between the forecasted and actual results),
explain that the CPA assumes no responsibility to update the report for future events and circumstances occurring after the date of the report, and
be dated and signed by the practitioner’s firm.
The compilation report will not explain the differences between a financial forecast and a financial projection, state that the accountant’s responsibility to update the report is limited to one year (the CPA has no such responsibility), or provide a disclaimer of opinion on the reliability of the entity’s internal controls (a compilation does not provide any opinion, and internal controls are not considered in a compilation).
Compilation report
For nonissuers, a compilation report does not need to be issued unless the accountant has been specifically engaged to perform a compilation engagement. This is true whether prepared financial statements are intended to be used by management or third parties.
Going concern
Examples of conditions or events that might alert an auditor to the identification of substantial doubt include the following:
a. Negative trends (e.g., recurring operating losses)
b. Other indications of possible financial difficulties (e.g., default on loan or similar agreements)
c. Internal matters (e.g., work stoppages or other labor difficulties)
d. External matters that have occurred (e.g., legal proceedings, legislation, or similar matters that might jeopardize an entity’s ability to operate)
Independence
Public Company Accounting Oversight Board (PCAOB) Rule 3524 requires the registered public accounting firm to describe in writing the scope and fee structure of the services, discuss potential effects on independence, and document the substance of the discussion with the audit committee.
Audit documentation retained
PCAOB Auditing Standard 3, paragraph 14, states that “the auditor must retain audit documentation for seven years from the date the auditor grants permission to use the auditor’s report in connection with the issuance of the company’s financial statements (report release date), unless a longer period of time is required by law. If a report is not issued in connection with an engagement, then the audit documentation must be retained for seven years from the date that fieldwork was substantially completed. If the auditor was unable to complete the engagement, then the audit documentation must be retained for seven years from the date the engagement ceased.”
Significant deficiencies
An auditor’s report on significant deficiencies should include a restriction on the distribution of the report. The report is limited to the audit committee, management, others within the organization, and to specified governmental regulatory authorities (if required).
A significant deficiency previously communicated during the prior year’s audit that remains uncorrected is a new significant deficiency. Even if management acknowledges the existence of the condition and accepts the risk, the auditor’s responsibility to communicate significant deficiencies and material weaknesses still exists. The auditor, however, may refer to these previously communicated deficiencies by referring, in writing, to the previously issued written communication.
The performance and results of tests of controls and substantive tests are ways that an auditor becomes aware of significant deficiencies. The auditor may communicate significant deficiencies at any time during fieldwork or after the completion of the audit.
Yellow book
Financial audits performed under generally accepted government auditing standards (GAGAS) require, along with the audit of the financial statements, reports on internal control, compliance with laws and regulations, and provisions of contracts and grant agreements as they relate to financial transactions, systems, and processes.
Auditors may report on the entity’s internal control over financial reporting and compliance with laws and regulations and provisions of contracts or grant agreements in the report on the financial statements, or in a separate report (which may be bound in the same document with the report on the financial statements). If the auditor issues a separate report, he/she should include a reference to the separate report in the financial statement audit report and also state that the reports are an integral part of a GAGAS audit and important for assessing the results of the audit.
The auditor should plan and perform substantive procedures to be responsive to the related assessment of a risk of material misstatement. Below is a partial list of audit procedures:
Inspection of records or documents (internal or external, in paper form, electronic form, or other media)
Physical inspection of tangible assets
Observation (looking at a process or procedure being performed by others)
Inquiry (seeking information of knowledgeable persons, both financial and nonfinancial, inside or outside the entity)
Recalculation (verifying the mathematical accuracy of documents or records)
Specifically, as of the balance sheet date, the auditor should observe the inventory count and, through tests and inquiries, be satisfied with the effectiveness of the methods of inventory taking and the measure of reliance which may be placed upon the client’s representations about the quantities and physical condition of the inventories. The observation should be coupled with inspection of the records of any client’s counts and procedures relating to the physical inventory on which the balance sheet inventory is based.
Merely reviewing client control procedures, applying analytical procedures, and performing counts throughout the year is not sufficient to adequately address the risk of a material misstatement; the inventory must be physically verified at year-end.
The auditor is required to perform audit procedures to discover if any subsequent events may exist. These procedures do not entail examining the effectiveness of or retesting internal controls. The auditor would not need to recompute depreciation charges. The auditor would:
closely examine cutoff procedures;
look at changes in assets and liabilities since the balance sheet date;
read any interim financial statements;
inquire of officers regarding:
substantial contingent liabilities,
significant changes in capital stock, long-term debt, or working capital from the balance sheet date to the date of inquiry,
any changes in reported items that were based on preliminary data, and
any unusual adjustments since the balance sheet date;
read minutes of board or stockholders’ meetings;
observe events in the subsequent period and scan the records for unusual transactions;
extend the legal counsel inquiry to the date of the financial statements; and
ask management to include specific mention of subsequent events in the representation letter (dated no earlier than the auditor’s report date).
Inspection of public accounting firms
Section 104 of the Sarbanes-Oxley Act (SOX) dictates that the Public Company Accounting Oversight Board (PCAOB) has the mandate and authority to conduct compliance inspections of each registered public accounting firm. Firms that audit more than 100 issuers are inspected annually. Firms that audit 100 or fewer issuers are inspected every three years.
Ratio estimation
Ratio estimation sampling is based on ratios between audited amounts and recorded amounts. This approach is most efficient when the ratio is not equal to one.
Since there are numerous errors in pricing and extensions in this case, ratio estimation would result in numerous usable results that would produce the most precise evaluation.
Qualified or adverse opinion
If there are inadequately disclosed conditions that cause the auditor to have substantial doubt about the entity’s ability to continue as a going concern, the auditor must determine whether to issue a qualified or adverse opinion. When there is a departure from GAAP, the auditor must decide whether to issue either a qualified opinion or an adverse opinion.
Sales transaction substantive procedures
One of the substantive procedures to test for sales transactions is to reconcile subsidiary ledgers to control accounts. To test for the completeness assertion, the auditor would determine if all information in the individual customer accounts is reflected in the control accounts. All shipping documents should be accompanied by a sale. By comparing the shipping documents that have not been recorded in the sales journal, an auditor can determine if the completeness of sale transactions has occurred or not and make the necessary appropriate adjusting journal entries, if necessary.
An auditor may perform an examination of internal control only if the following conditions are met:
Management accepts responsibility for the effectiveness of the entity’s internal control.
Management evaluates the effectiveness of the entity’s internal control using suitable and available criteria.
Management supports its assertion about the effectiveness of the entity’s internal control with sufficient appropriate evidence…
Management provides its assertion about the effectiveness of the entity’s internal control in a report that accompanies the auditor’s report.
(Emphasis added)
Staff auditor disagreement
AU-C 220.A20 explains, “Members of the engagement team have a professional responsibility to bring to the attention of appropriate personnel matters that, in their professional judgment, are difficult or contentious and may require consultation” that might arise with respect to audit issues. In addition, each assistant has a right to document the disagreement if the assistant believes it is necessary to be disassociated from the resolution of the matter.
Sampling - probability proportional to size
Probability-proportional-to-size (PPS) sampling excludes zero and negative balances in its sample selections and in evaluating results. Therefore, classical variables sampling would have an advantage over PPS sampling because variables sampling does not require special design considerations for inclusion of zero and negative balances. That is, PPS sampling would require a special design to include negative and zero balances while variables sampling would not.
Accounts receivable
The audit procedure, “Review the accounts receivable trial balance for amounts due from officers and employees,” is used to satisfy the audit objective that accounts receivable are properly described and presented in the financial statements (which supports the assertion about presentation) because it provides evidence about transactions with related parties, which must be separately disclosed.
Accounting and review services committee (ARSC)
The ARSC is the Accounting and Review Services Committee. This committee issues the Statements on Standards for Accounting and Review Services (SSARSs), which govern the performance of compilation and review engagements.
In addition, AICPA members who perform compilation and review engagements are governed by the AICPA’s Code of Professional Conduct and the Statements of Quality Control Standards (SQCSs), which establish standards and provide guidance on a firm’s system of quality control.
Overall responses to address the assessed risk of material misstatement include the following:
Emphasizing to the audit team the need to maintain professional skepticism
Assigning more experienced staff or those with specialized skills
Providing more supervision
Incorporating more elements of unpredictability
Making general changes to the nature, timing, or extent of audit procedures
When there is a heightened assessed level of risk of material misstatement, the auditor would want more experienced staff on the job.
Securities Act of 1933
The Securities Act of 1933 exists to provide information to investors about securities offered for sale. It requires all those firms who are not exempt to register before selling their securities, and for those associated with the registration statement to take responsibility for the accuracy of the registration. Full and fair disclosure is meant to prevent misrepresentation or fraud associated with the sale of securities.
The Securities Exchange Act of 1934 created the SEC.
AU-C 725.03 states that the objective of the auditor, when engaged to report on supplementary information in relation to the financial statements as a whole, is
(a) to evaluate the presentation of the supplementary information in relation to the financial statements as a whole and (b) to report on whether the supplementary information is fairly stated, in all material respects, in relation to the financial statements taken as a whole.
Securities act of 1933
Under Section 11 of the Securities Act of 1933, a CPA who certifies financial statements will not be liable to a purchaser of the security if he or she can prove due diligence. Due diligence is the reasonable professional standard of care that would relieve a person of liability under the 1933 Act on a registration statement that contained untrue statements of a material fact or omissions of a material fact.
The Securities Act of 1933 regulates public offerings of securities through the mails or in interstate commerce.
The Securities Act of 1933 requires the filing of a registration statement with the SEC prior to the sale of securities. The act requires disclosure of all material facts concerning the securities to be sold.
Section 11(A) of the Securities Act of 1933 provides the following:
a. Any person who acquires securities may sue the CPA who audited the statements that accompanied the registration.
b. Plaintiff may sue if the financial statements contain an untrue statement of a material fact or omit a material fact.
c. Plaintiff does not have the burden of proving that the CPA was negligent or fraudulent.
d. Plaintiff does not have to prove reliance on untrue financial statements or that financial statements were the proximate cause of any loss.
e. CPA has the burden of proof to establish innocence or that the cause of the plaintiff’s loss was something other than the untrue financial statement.
Section 11(A) of the Securities Act of 1933 expands liability as follows:
a. Privity of contract is not a necessary element.
b. Burden of proof, beyond proving material misstatement, is shifted from the plaintiff to the CPA.
c. The CPA owes third-party due diligence standard of care.
d. The Plaintiff does not have to prove fraud or deceit—simple negligence is enough.
e. The Plaintiff does not have to prove reliance.
Defenses under Section 11(A) of the Securities Act of 1933 are the following:
a. The financial statements are true and not misleading.
b. The misstatement is immaterial.
c. The plaintiff purchased securities after issuance of a generally available earnings statement and did not rely on registration statement (usually a generally available earnings statement is published 12 months after effective date of registration).
d. The CPA exercised due diligence (i.e., that after a reasonable investigation the CPA had reason to believe that the representations contained in the financial statements were true and complete).
e. The damage does not relate to misstatement by CPA.
f. The plaintiff had prior knowledge of falsity.
CPA non public practice rules of conduct
CPAs are required to maintain integrity and objectivity, even if they are not in public practice. Those in public practice are required to be independent in the performance of attest services.
The rules concerning contingent fees and commissions apply to CPAs in public practice.
Rules of conduct public practice
Objectivity and Independence (ET section 0.300.050):“A member should maintain objectivity and be free of conflicts of interest in discharging professional responsibilities. A member in public practice should be independent in fact and appearance when providing auditing and other attestation services.”
a. Objectivity is a state of mind, a quality that lends value to a member’s services. It is a distinguishing feature of a profession. Objectivity imposes the obligation to be impartial, intellectually honest, and free of conflicts of interest. Independence precludes relationships that may appear to impair a member’s objectivity in rendering attestation services.
b. Members often serve multiple interests in many different capacities and must demonstrate their objectivity in varying circumstances. Members in public practice render attest, tax, and management advisory services. Other members prepare financial statements in the employment of others, perform internal auditing services, and serve in financial and management capacities in industry, education, and government. They also educate and train those who aspire to admission into the profession. Regardless of service or capacity, members should protect the integrity of their work, maintain objectivity, and avoid any subordination of their judgment.
c. For a member in public practice, the maintenance of objectivity and independence requires a continuing assessment of client relationships and public responsibility. A member who provides auditing and other attestation services should be independent in fact and appearance. In providing all other services, a member should maintain objectivity and avoid conflicts of interest.
d. Although members not in public practice cannot maintain the appearance of independence, they nevertheless have the responsibility to maintain objectivity in rendering professional services. Members employed by others to prepare financial statements or to perform auditing, tax, or consulting services are charged with the same responsibility for objectivity as members in public practice. They must be scrupulous in their application of generally accepted accounting principles and candid in all their dealings with members in public practice.
Related party
The objectives of the auditor are to:
obtain an understanding of related party relationships and transactions sufficient to recognize fraud risk factors from related party transactions and relationships, and conclude whether the financial statements achieve fair presentation.
obtain sufficient audit evidence about whether related party relationships and transactions have been appropriately identified, accounted for, and disclosed in the financial statements.
Related parties of a reporting entity consist of the following (per the FASB ASC Glossary):
a. Its affiliates
b. Entities for which investments are accounted for under the equity method
c. Trusts for the benefit of its employees that are managed by entity management
d. Its principal owners and immediate family
e. Its management and immediate family
f. Any other party with which the reporting entity may deal when one party controls or has the ability to significantly influence the management or operating policies of the other
g. Any other party that can significantly influence the management or operating policies of the transacting parties or have ownership interest in one of the transacting parties and can significantly influence the other where one might be prevented from fully pursuing its own
Risk assessment
An entity’s risk assessment for financial reporting purposes is its identification, analysis, and management of risks relevant to the preparation of financial statements that are fairly presented in conformity with generally accepted accounting principles. For example, risk assessment may address how the entity considers the possibility of unrecorded transactions or identifies and analyzes significant estimates recorded in the financial statements. Risks relevant to reliable financial reporting also relate to specific events or transactions.
The auditor’s assessment of risk, however, relates to the possibility that the financial statements may be materially misstated.
In evaluating the design of the entity’s control environment, the auditor should consider the following elements and how they have been incorporated into the entity’s processes:
a. Communication and enforcement of integrity and ethical values
b. Commitment to competence
c. Participation of those charged with governance
d. Management’s philosophy and operating style
e. Organizational structure
f. Assignment of authority and responsibility
g. Human resource policies and practices
Employment laws
CPAs should be knowledgeable about laws affecting employment since they often are consultants and employers, or provide other services requiring an understanding of employment laws and issues. As such, CPAs should be familiar with laws administered and enforced by the Department of Labor (DOL). Currently, there are more than 180 federal laws.
Supplemental information
When supplementary information accompanies financial statements and the accountant’s compilation report thereon, the accountant should clearly indicate the degree of responsibility, if any, the accountant is taking with respect to such information in either
a. an other-matter paragraph in the accountant’s compilation report on the financial statements or
b. a separate report on the supplementary information (AR-C 80.31
The reporting accountant’s written report should be addressed to the requesting entity (for example, management or the board of directors of the entity) and should ordinarily include the following:
a. A brief description of the nature of the engagement and a statement that the engagement was performed in accordance with applicable AICPA standards
b. Identification of the specific entity, a description of the transaction(s); a statement of the relevant facts, circumstances, and assumptions; and a statement about the source of the information
c. A statement describing the appropriate accounting principle(s) (including the country of origin) to be applied or type of opinion that may be rendered on the entity’s financial statements and, if appropriate, a description of the reasons for the reporting accountant’s conclusion
d. A statement that the responsibility for the proper accounting treatment rests with the preparers of the financial statements, who should consult with their continuing accountant
e. A statement that any difference in the facts, circumstances, or assumptions presented may change the report
f. A separate paragraph at the end of the report that includes the following elements:
(1) A statement indicating that the report is intended solely for the information and use of the specified parties
(2) An identification of the specified parties to whom use is restricted
(3) A statement that the report is not intended to be and should not be used by anyone other than the specified parties
If the other information contains a material inconsistency, and management refuses to modify the other information, the auditor should inform those charged with governance and:
a. include an other-matter paragraph in the auditor’s report,
b. withhold the auditor’s report, or
c. withdraw from the engagement if possible.
A lack of consistency
A lack of consistency caused by a change in accounting principle would be reported in an emphasis-of-matter paragraph after the opinion paragraph. Under these circumstances, the auditor issues a modified opinion. The other answer choices are incorrect because the proper treatment of a lack of consistency is to add an emphasis-of-matter paragraph after the opinion paragraph.
A subsequent discovery
The auditor would most likely make further inquiries about the previously issued financial statements if she discovers new information concerning undisclosed related party transactions of the prior year after the issuance of the auditor’s report. This event is an example of a subsequent discovery.
A subsequent discovery:
occurs after the financial statements have been issued,
involves facts that existed but were not known to the auditor at the date of the audit report, and
should be handled by:
consulting with an attorney and
determining if the facts are reliable and material to the report.
Each of the other choices would be incorrect because the circumstances (the resolution of the lawsuit, the technological development, and the sale of a subsidiary) did not exist at the date of the audit report.
Special-purpose framework
The title of a special-purpose framework report should be “Independent Auditor’s Report.”
The management of the company is responsible for the financial statements, not the auditor. Because the auditor is preparing the auditor’s report under a special-purpose framework, he or she would sign the report (not the company controller). The financial statements are prepared using a special-purpose framework. The audit report would state that the audit was conducted in accordance with auditing standards generally accepted in the United States of America.
Uncertainties in the financial markets and the current economic environment may create questions about which of the following?
Recent events in the financial markets and the current economic environment may affect companies’ operations and financial reporting and, in turn, may have implications for audits of financial statements and internal control over financial reporting. Audit risks that may have been identified previously may become more significant or new risks may exist due to current events (e.g., those affecting the economy, credit, and liquidity). Among other things, the current uncertainties in the market and economy may create questions about the valuation, impairment, or recoverability of certain assets and the completeness or valuation of certain liabilities reflected in financial statements.
(Emphasis added)
International ethics standards board of accountants
The International Ethics Standards Board for Accountants (IESBA) Code of Ethics for Professional Accountants only establishes a conceptual framework. They have not issued Rules or Interpretations (or Rulings). The conceptual framework promotes compliance with five fundamental principles of professional ethics: integrity, objectivity, professional competence and due care, confidentiality, and professional behavior.
IT poses specific risks to an entity’s internal control, including the following:
Reliance on systems or programs that are inaccurately processing data, processing inaccurate data, or both
Unauthorized access to data, including the recording of unauthorized or nonexistent transaction or inaccurate recording of transactions
Possibility of IT personnel gaining access privileges beyond those necessary to perform assigned duties
Unauthorized changes to data in master file
Unauthorized changes to systems or programs
Failure to make necessary changes to systems
Inappropriate manual intervention
Potential loss of data or inability to access data
Encryption performed by physically secure hardware devices is more secure than encryption performed by software, and helps prevent unauthorized access to data and the possibility of IT personnel gaining access privileges.
AU-C 560.16 specifies that if management revises the financial statements, and the auditor reissues a report of the financial statements, the date of the reissued report should be the same as the original report. If the auditor’s opinion on the revised financial statements differs from the opinion the auditor previously expressed, the auditor should disclose the following matters in an emphasis-of-matter or other-matter paragraph:
The date of the auditor’s previous report
The type of opinion previously expressed
The substantive reasons for the different opinion
That the auditor’s opinion on the revised financial statements is different from the auditor’s previous opinion
Use of the original report date in a reissued report removes any implication that records, transactions, or events after that date have been examined or reviewed.
Audit program
The auditor should obtain an understanding of the five components of internal control sufficient to assess the risk of material misstatement of the financial statements whether due to error or fraud, and to design the nature, timing, and extent of further audit procedures.
The audit program usually cannot be finalized until the consideration of the entity’s internal control has been completed. An audit program should reflect the results of planning considerations and procedures. To reflect those results, such considerations must be complete. In planning the audit, the CPA should consider the anticipated reliance on internal control.
The engagement letter, communicating material weaknesses, and searching for unrecorded liabilities are all necessary to finalize the audit report.
Financial projection
The practitioner’s standard report on a compilation of prospective financial statements should include a statement that a compilation is limited in scope and does not enable the practitioner to express an opinion or any other form of assurance on the prospective financial statements or the assumptions.
The projection may be included in a document with audited historical financial statements. The practitioner does not have a responsibility to update the projection for future events and circumstances limited to one year. A financial forecast, not a projection, omits all hypothetical assumptions and presents the most likely future financial position.
The acceptable level of detection risk is inversely related to the:
AU-C 200.A46–.A48 notes that detection risk is a function of the effectiveness of an auditing procedure and of its application by the auditor. Thus, the acceptable level of detection risk relates to the auditing procedures applied through substantive tests. As the assurance provided by substantive tests becomes or is expected to become higher, the acceptable level of detection risk decreases, or vice versa. Thus detection risk is inversely related to the assurance provided by substantive tests.
The role/position of an individual is not considered. Rather, the following attributes would be considered:
The type of risk that may exist; that is, whether it involves fraudulent financial reporting or misappropriation of assets
The significance of the risk; that is, whether it is of a magnitude that could lead to result in a possible material misstatement of the financial statements
The likelihood of the risk; that is, the likelihood that it will result in a material misstatement in the financial statements
The pervasiveness of the risk; that is, whether the potential risk is pervasive to the financial statements as a whole or specifically related to a particular assertion, account, or class of transactions
Performing risk assessment procedures, the auditor should document the following:
The discussion among the audit team regarding the susceptibility of the entity’s financial statements to material misstatement due to error or fraud, including how and when the discussion occurred, the subject matter discussed, the audit team members who participated, and significant decisions reached concerning planned responses at the financial statement and relevant assertion levels
Key elements of the understanding obtained regarding each of the aspects of the entity and its environment, including each of the components of internal control identified to assess the risks of material misstatement of the financial statements; the sources of information from which the understanding was obtained; and the risk assessment procedures
The assessment of the risks of material misstatement both at the financial statement level and at the relevant assertion level and the basis for the assessment
The risks identified and related controls evaluated
Although analytical procedures are required to be documented in the overall review phase they are not part of the documentation requirements for assessing risks.
Control risks
If control risk (or the risk of material misstatement) is assessed at the maximum level, it means that the auditor cannot rely on the controls. This assessment should be documented, as it helps the auditor to determine the nature, timing, and extent of further audit procedures (most likely performing more, rather than fewer, substantive tests of details in order to lower audit risk).
The control structure should be documented thoroughly as part of obtaining the understanding of the entity and its environment, including its internal control. Documenting it more extensively will do nothing to reduce the control risk. Likewise, performing more tests of controls will not assist the auditor if he or she knows that the controls cannot be relied upon.
Risk assessment indirect relationship
In making risk assessments, the auditor should identify and document the controls that are likely to prevent or detect and correct material misstatements in specific relevant assertions. Controls can either be directly or indirectly related to an assertion. The more indirect the relationship, the less effective that control may be in preventing or detecting and correcting misstatements in that assertion.
Due to a scope limitation, an auditor disclaimed an opinion on the financial statements taken as a whole, but the auditor’s report included a statement that the current asset portion of the entity’s balance sheet was fairly stated. The inclusion of this statement is:
It is not appropriate to provide an opinion that current assets are fairly stated and disclaim an opinion on the financial statements taken as a whole due to a scope limitation because it may tend to overshadow the auditor’s disclaimer of opinion. This practice is referred to as making a “piecemeal opinion” and is prohibited per AU-C 705.15. An auditor may express an opinion on only one basic financial statement, such as the balance sheet.
If requested to perform a review engagement for a nonpublic entity in which an accountant has an immaterial direct financial interest, the accountant is:
To issue a review report, an accountant must be independent. Independence will be impaired if, during the period of the professional engagement or at the time of expressing an opinion, the CPA or firm had or was committed to acquire any direct or material indirect financial interest in the client. The fact that the client was a nonpublic entity is irrelevant. The immaterial nature of the interest is also irrelevant.
Inquiries or perform other procedures after report
uditor has no obligation to perform any further audit procedures after the report date, but new information may come to the auditor’s attention. If this happens, the auditor should (1) consult with an attorney and (2) determine if the subsequently discovered information:
a. is reliable,
b. existed at the date of the report,
c. is material to the report (would or might change opinion), and
d. is applicable to the report that is still being relied on.
Supplementary information
The auditor should report on supplementary information either:
a. in an other-matter paragraph in the auditor’s report on the financial statements or
b. in a separate report on the supplementary information.
Communication with those charged with governance
Regarding significant findings from the audit, the auditor should communicate with those charged with governance the following matters:
a. The auditor’s views about qualitative aspects of the entity’s significant accounting practices, including accounting policies, accounting estimates, and financial statement disclosures
b. Significant difficulties, if any, encountered during the audit
c. Uncorrected misstatements, other than those the auditor believes are trivial, if any
d. Disagreements with management, if any
e. Other findings or issues, if any, arising from the audit that are, in the auditor’s professional judgment, significant and relevant to those charged with governance regarding their oversight of the financial reporting process
Engagement independence
Rule 3520 of the Public Company Accounting Oversight Board requires that registered public accounting firms and their associated persons must be independent during the professional and audit engagement period. There are currently no requirements to be independent prior to the engagement period.
Under the Private Securities Litigation Reform Act of 1995, Baker, CPA, reported certain uncorrected noncompliance under applicable law or regulations to Supermart’s audit committee. Baker believed that failure to take remedial action would warrant a qualified audit opinion because the noncompliance under applicable law or regulations had a material effect on Supermart’s financial statements. Supermart failed to take appropriate remedial action and the audit committee refused to inform the SEC that it had received such notification from Baker. Under these circumstances, Baker is required to:
deliver a report concerning the noncompliance under applicable law or regulations to the SEC within one business day
If the financial statements of a prior period have been audited by a predecessor auditor whose report is not presented, the successor auditor should indicate the following in the introductory paragraph of the report (AU-C 700.54):
a. That the financial statements of the prior period were audited by another auditor
b. The date of the report
c. The type of report issued by the predecessor auditor and, if the opinion was modified, the reasons therefore
d. If the report was other than a standard report, the substantive reasons therefore
The “financial expert” for an issuer is not required to have significant audit experience. However, the Sarbanes-Oxley Act does require that the “expert” is a person that has, through education and experience:
an understanding of GAAP and financial statements,
experience in:
the preparation or auditing of financial statements of generally comparable issuers and
the application of such principles in connection with the accounting for estimates, accruals, and reserves,
experience with internal accounting controls, and
an understanding of audit committee functions.
An auditor notes significant deficiencies in a financial statement audit conducted in accordance with Government Auditing Standards. In reporting on internal control, the auditor should state that:
For audits of governmental entities, the auditor reports on internal control by stating that an understanding of the design of relevant internal controls has been obtained and that it has been determined whether they have been placed in operation. This requirement is in addition to communication of significant deficiencies noted (same as GAAS), and the identification of those constituting material weaknesses.
A disclaimer of opinion
A disclaimer of opinion is issued when a significant (sufficiently material or client-imposed) scope limitation prevents the auditor from forming an opinion on the financial statements. A disclaimer is a report that states the auditor does not express an opinion. If an auditor is unable to observe the physical inventory count (and the inventory is material to the financial statements) and cannot perform alternate procedures to verify the accounting assertions associated with the inventory account balance, then the auditor should issue a disclaimer of opinion.
An unmodified opinion
An unmodified opinion is a clean opinion. It states that the financial statements present fairly, in all material respects, the financial position, results of operations, and cash flow of the company. The auditor would be precluded from issuing an unmodified opinion in this circumstance.
A qualified opinion
A qualified opinion has an “except for” paragraph which highlights any material scope limitations or departures from an applicable financial reporting framework. These are items that are material, but not sufficiently material as to require a disclaimer or adverse opinion. Excepting the items mentioned in the report, the financial statements present fairly, in all material respects, the financial position, results of operations, and cash flow of the company.
An adverse opinion
An adverse opinion states that the financial statements do not present fairly the financial position or the results of operations or cash flow in conformity with an applicable financial reporting framework. Adverse opinions result from a sufficiently material departure from an applicable financial reporting framework. The auditor must disclose the reason(s) for the adverse opinion.
Engagements that are not attest engagements include the following:
Management consulting engagements in which the accountant provides advice or recommendations
Engagements in which the accountant is engaged to advocate the client’s position (e.g., IRS review of tax returns)
Tax engagements to prepare tax returns or provide tax advice
Engagements solely to assist the client
Testifying as an expert witness
Attestation standards (Statements on Standards for Attestation Engagements, or SSAEs) supplement the Statements on Auditing Standards (SASs) and Statements on Standards for Accounting and Review Services (SSARSs).
Attest functions
An attest engagement is an engagement that requires independence as defined in the AICPA Professional Standards (ET 0.400.04).
Attest functions have evolved into services beyond the expression of an opinion on the historical financial statements based on a GAAS (generally accepted auditing standards) audit.
Reports on the following:
The internal control structure
Compliance with statutory, regulatory, and contractual requirements
Investment performance statistics
Information supplementary to the financial statements
The Government Accountability Office (GAO) has identified several types of circumstances that could lead to threats of independence, including the following:
Self-interest—the threat that a financial or other interest will inappropriately influence judgment
Self-review—the threat that an auditor will not properly evaluate the results
Bias—the threat that an auditor will promote a position where objectivity is compromised
Familiarity—the threat that a close relationship will impact objectivity
Assessing control risk too high
The risk of assessing control risk too high is the risk that the assessed level of control risk based on the sample is greater than the true operating effectiveness of the control. In other words, the sample tested by the auditor has a higher rate of deviation than the full population does. Based on the testing, the auditor assesses control risk higher than he or she would if the auditor had tested the whole population.
Audit evidence
The reliability of audit evidence is influenced by its source and by its nature and is dependent on the individual circumstances under which it is obtained. Generalizations about the reliability of various kinds of audit evidence can be made; however, such generalizations are subject to important exceptions. While recognizing that exceptions may exist, the following generalizations about the reliability of audit evidence may be useful:
a. Audit evidence is more reliable when it is obtained from knowledgeable independent sources outside the entity.
b. Audit evidence that is generated internally is more reliable when the related controls imposed by the entity are effective.
c. Audit evidence obtained directly by the auditor (for example, observation of the application of a control) is more reliable than audit evidence obtained indirectly or by inference (for example, inquiry about the application of a control).
d. Audit evidence is more reliable when it exists in documentary form, whether paper, electronic, or other medium (written records are superior to oral representations).
In evaluating the reasonableness of an estimate, the auditor normally concentrates on key factors and assumptions that are:
significant to the accounting estimate,
sensitive to variations,
deviations from historical patterns, and
subject and susceptible to misstatement and bias.
The auditor should consider the historical experience of the entity in making past estimates, as well as the auditor’s experience in the industry.
Control risk
Control risk is the risk that a material misstatement that could occur in an assertion about a class of transaction, account balance, or disclosure will not be prevented or detected and corrected on a timely basis by the entity’s internal control.
Inherent risk
Inherent risk is the susceptibility of an assertion about a class of transaction, account balance, or disclosure to a misstatement that could be material, either individually or when aggregated with other misstatements, before consideration of any related controls.
Inherent risk exists as an inseparable part of certain assertions and/or account balances or classes (e.g., cash, complex calculations, and accounts dependent on accounting estimates).
Inherent risk may also arise from external factors (e.g., technological obsolescence) or internal factors (e.g., lack of sufficient working capital).
Auditor’s engagement letter
the basis of the auditor’s fee,
the objective of the engagement and additional work to be performed such as management advisory services, and
the fact that management is responsible for the entity’s financial statements.
