Sarbanes-Oxley Act of 2002 and the PCAOB Flashcards
What interim standards were adopted by the Public Company Accounting Oversight Board (PCAOB)?
PCAOB adopted the American Institute of Certified Public Accountants’ (AICPA) auditing standards in existence on April 16, 2003, as “interim standards, on an initial, transitional basis.”
How frequently is the Public Company Accounting Oversight Board (PCAOB) required to conduct inspections of registered public accounting firms?
The frequency of inspection depends on the number of issuers that a firm audits.
Firms that provide audit reports for at least 100 issuers - PCAOB must inspect annually;
Firms that provide audit reports for fewer than 100 issuers - PCAOB must inspect every three years.
What is the audit committee’s responsibility regarding nonaudit services not specifically prohibited by Title II of the Sarbanes-Oxley Act?
The issuer’s audit committee is required to approve any nonaudit services, including tax services, that are not specifically prohibited by Title II.
The Sarbanes-Oxley Act of 2002 consists of 11 “Titles,” the first four of which are directly applicable to auditors. What is the purpose of Title IV?
To address a variety of “enhanced financial disclosures,” the most well-known of which deals with required internal control reporting (Section 404), among other matters.
The Sarbanes-Oxley Act of 2002 consists of 11 “Titles,” the first four of which are directly applicable to auditors. What is the purpose of Title III?
It established requirements related to “corporate responsibility” to make executives take responsibility for the accuracy of financial reporting (including a requirement for certification by the entity’s “principal officers”) and to make it illegal for management to improperly influence the conduct of an audit.
The Sarbanes-Oxley Act of 2002 consists of 11 “Titles,” the first four of which are directly applicable to auditors. What is the purpose of Title II?
It established independence requirements for external auditors, which addressed perceived conflicts of interest [limiting nonaudit services, establishing a five year rotation for the audit partner and review partner, and restricting members of the audit firm from taking key management positions (including CEO, CFO, controller, or chief accounting officer) during the one year period preceding the audit engagement].
The Sarbanes-Oxley Act of 2002 consists of 11 “Titles,” the first four of which are directly applicable to auditors. What is the purpose of Title I?
It establishes the PCAOB, gives standard-setting authority to the PCAOB regarding auditing, quality control, and independence standards, and creates its role in overseeing the accounting firms required to register with the PCAOB.
What is the purpose of the Sarbanes-Oxley Act of 2002?
The purpose is to address a series of perceived corporate misconduct and alleged audit failures (including Enron, Tyco, and WorldCom, among others) and to strengthen investor confidence in the integrity of the U.S. capital markets.
List the standard setting responsibilities of the Public Company Accounting Oversight Board (PCAOB).
Auditing and related attestation, quality control, ethics and independence standards.
List the five primary responsibilities of the PCAOB.
Registration of public accounting firms; Inspection of registered public accounting firms; Standard setting; Enforcement; Funding.
List the 2 primary revenue sources through which the Public Company Accounting Oversight Board’s (PCAOB) budget is funded.
Registration and annual fees from public accounting firms; and
An annual “accounting support fee” assessed on issuers based on their relative monthly market capitalization.
List the 5 conditions required for an engagement to report whether a previously reported material weakness continues to exist under the Public Company Accounting Oversight Board’s (PCAOB) Auditing Standard No. 4.
1) Management accepts responsibility for internal control over financial reporting; 2) Management evaluates the effectiveness of the specific controls that address the material weakness; 3) Management provides an assertion that the specific control is effective; 4) Management supports its assertion with evidence; and 5) Management provides a written report to accompany the auditor’s report.
What is meant by the term “stated control objective” in the Public Company Accounting Oversight Board’s (PCAOB) Auditing Standard No. 4?
The specific control objective identified by management that, if achieved, would result in the material weakness no longer existing.
What opinion choices does an auditor have when engaged to report on whether a previously reported material weakness continues to exist under the Public Company Accounting Oversight Board’s (PCAOB) Auditing Standard No. 4?
The auditor may either express (1) an unqualified opinion or (2) a disclaimer of opinion. A qualified opinion is not permitted.
What is the engagement objective as prescribed under the Public Company Accounting Oversight Board’s (PCAOB) Auditing Standard No. 4?
To express an opinion as to whether a previously reported material weakness (one or more) in internal control continues to exist as of a specified date.
Such an engagement is strictly voluntary, because PCAOB standards do not require reporting on whether a previously reported material weakness continues to exist.
List the 3 general documentation requirements under Public Company Accounting Oversight Board (PCAOB) Auditing Standard No. 3.
Demonstrate the auditor’s compliance with PCAOB standards;
Support the basis for the auditor’s conclusions regarding every relevant financial statement assertion; and
Demonstrate that the underlying accounting records agree to or reconcile with the financial statement elements.
Describe the level of detail in the audit documentation required by Public Company Accounting Oversight Board (PCAOB) Auditing Standard No. 3.
The documentation should be prepared in sufficient detail to permit an experienced auditor without prior connection to the engagement to understand the procedures performed and the conclusions reached and to determine who performed the work and on what date.
What are deemed “significant findings or issues” that must be documented by the auditor?
1) Issues involving the application of accounting principles; 2) Circumstances causing modification of planned audit procedures; 3) Matters that could result in modification of the auditor’s; 4) Material misstatements; 5) Significant deficiencies or material weaknesses in internal control; 6) Difficulties in applying auditing procedures; and 7) Disagreements among members of audit team.
Describe the limited changes in audit documentation that are permitted after the documentation completion date.
No documentation can be deleted; but
Documentation can be added - must indicate the date the information was added, the name of the person preparing the additional documentation, and the reason for adding it.
Differentiate between the American Institute of Certified Public Accountants’ (AICPA) and the Public Company Accounting Oversight Board’s (PCAOB) requirements regarding the documentation completion date.
AICPA: A complete and final set of audit documentation should be assembled no later than 60 days after the report release date for audits of “nonissuers.”
PCAOB: A complete and final set of audit documentation should be assembled no later than 45 days after the report release date for audits of “issuers.”
Differentiate between the American Institute of Certified Public Accountants’ (AICPA) and the Public Company Accounting Oversight Board’s (PCAOB) requirements regarding “retention” of audit documentation.
AICPA: requires retention of audit documentation for five years for audits of “nonissuers;”
PCAOB: requires retention of audit documentation for seven years for audits of “issuers.”
Define “report release date.”
The date when the auditor grants permission to use the auditor’s report in connection with the issuance of the entity’s financial statements. This date must be documented by the auditor.
In what circumstance is the Public Company Accounting Oversight Board’s (PCAOB) Auditing Standard No. 5 applicable?
When engaged to “perform an audit of management’s assessment of the effectiveness of internal control over financial reporting” (ICFR) - the objective of such an engagement is to express an opinion on the effectiveness of ICFR.
Define “control deficiency.”
A weakness that exists when the design or operation of a control does not allow management or employees, in the normal course of performing their assigned functions, to prevent or detect misstatements on a timely basis.
Define “significant deficiency.”
A deficiency, or a combination of deficiencies, in internal control over financial reporting that is less severe than a material weakness, yet important enough to merit attention by those responsible for oversight of the company’s financial reporting.
Describe the top-down approach.
A risk-based approach to auditing that begins at the financial statement level and with the auditor’s understanding of the overall risks to internal controls over financial reporting (ICFR). The auditor then focuses on “entity-level” controls and works down to significant accounts and disclosures and their relevant assertions.
Define “material weakness” in internal control.
A deficiency, or combination of deficiencies, in internal control over financial reporting, that creates a reasonable possibility that a material misstatement of the financial statements will not be prevented or detected on a timely basis.
List the 4 procedures associated with testing operating effectiveness of internal controls.
Inquiry, observation, inspection, re-performance.
List the 3 procedures associated with testing design effectiveness of internal controls.
Inquiry, observation, inspection.
Define “walkthrough.”
The process of following a transaction from origination through the company’s processes until reflected in the financial records.
What type of opinion is required on internal control over financial reporting when a material weakness exists?
Adverse opinion.
List the 2 categories of control deficiency.
(1) Deficiency in design and (2) deficiency in operation.
Define “deficiency in design.”
A deficiency that exists when a control necessary to meet the control objective is missing or when an existing control is not properly designed so that, even if the control operates as designed, the control objective is not always met.
Define “deficiency in operation.”
A deficiency that exists when a properly designed control does not operate as designed or when the person performing the control does not possess the necessary authority or qualifications to perform the control effectively.
Define “entity-level controls.”
Controls related to the control environment, controls over management override, the company’s risk assessment process, controls to monitor results of operations or other controls, controls over the period-end financial reporting process; and policies that address significant business control and risk management practices.