Test 1 (Ch. 1-5) Flashcards
What is External Auditing
Performing an audit in accordance to to principles and standards (GAAP and GAAS). It is independent of the entity being audited and is primarily interested in the reliability of financial reporting.
What does a Financial Statement Audit provide?
assurance on the reliability of the financial statement; they are free from material misstatement
What does an Integrated Audit provide?
assurance on internal control effectiveness
In auditing, what does ‘independence’ require?
objectivity and freedom from bias
Who are the users of audited financial statements? What are their jobs?
- Management: review performance, make operational decisions, and report results to capital markets
- Stockholders: buy or sell stock
- Bondholders: buy or sell bonds
- Financial Institutions: evaluate loan decisions considering interest rates, terms and risks
What is a financial statement audit?
examination of an entity’s financial statements and accompanying disclosures to add credibility to the reported financial position and performance of a business
What is a risk with financial statement auditing?
there are limitations and an auditor will not be able to go through all documents in their entirety
What are some skills of an external auditor?
- understand accounting and auditing literature
- develop industry and client-specific knowledge
- evaluate internal controls
- assess and respond to fraud risks
Why do auditors obtain a CPA license?
to let the public know that they have the appropriate knowledge and skills to conduct an audit
What does AICPA stand for?
American Institution of Certified Public Accountants
What is the job of the AICPA?
- develop standards for audits for nonpublic companies
- prepares and administers the CPA exam
What authoritative audit body is the Code of Professional Conduct under?
AICPA
What does the Code of Professional Conduct do?
aids auditors in conducting a quality audit
What PRINCIPLES of professional conduct does the Code of Professional Conduct consist of?
- Responsibilities: members exercise sensitive professional judgements in all their activities
- Public Interests: members accept the obligation to act in a way that will serve the public interest
- Integrity: members perform all professional responsibilities with he highest sense of integrity
- Objectivity and Independence: members maintain objectivity and be free of conflicts in discharging professional responsibilities
- Due Care: members observe the profession’s technical and ethical standards
- Scope and Nature of Services: members observe the principals of the code in deterring the scope and nature of services being provided
What RULES of professional conduct does the Code of Professional Conduct consist of?
- Integrity and Objectivity
- Independence
- General Standards
- Member shall comply with:
- Professional Competence
- Due Professionals Care
- Planning and Supervision
- Sufficient Relevant Data - Compliance with Standards
- Accounting Principles
- Acts Discreditable
- Contingent Fees
- Commissions and Referral Fees
- Advertising and Other Forms of Solicitation
- Form of Organization and Name
What does SEC stand for?
Securities and Exchange Commissions
What is the job of SEC?
- regulate the capital market system
- oversee responsibilities for the PCAOB and all public companies that are traded on US stock exchanges
- establish GAAP for companies whose stock is publicly traded
- prosecute public companies and their auditors for violating SEC laws (including fraud)
What does PCAOB stand for?
Public Company Accounting Oversight Board
What is the job of PCAOB?
- oversee auditors of public companies
- protect the interests of investors
- further the public interest in the preparation of informative, fair, and independent audit reports
Firms that provide audits of US public companies must register with….
the PCAOB
How many board members is PCAOB comprised of? How many of those members may be CPAs, why?
- comprised of 5 members
- no more than 2 members can be a CPA
- it helps to ensure members of the external auditing profession do not dominate the board
Why might management want an independent audit of its financial statements?
- to prove reliability of their statements
- show that they are following GAAP
- show that there is no internal influence
What must a company consider when determining if they want an audit from a large audit firm or a local firm?
- experience of the firm
- fees of the auditing firm
- how fast the audit is needed
What is fraud?
intentional act involving the use of deception that results in a misstatement of the financial statements
What are the 2 types of misstatements?
Misstatements arising from:
- misappropriation of assets - fraudulent financial reporting
What distinguishes fraud from errors?
intent to deceive
Is it the auditor’s job to find fraud?
NO
What happens if the auditor detects fraud?
- auditor reports detection to the client
- the client takes necessary steps to address the issue
- in no action is taken by the client, the auditor must withdraw from the audit
What is the Fraud Triangle?
model that recognizes that incentives, opportunities, and rationalization are elements typically associated with fraud
What are the 3 elements of the Fraud Triangle?
- incentive to commit the fraud
- opportunity to commit and conceal the fraud
- rationalization to justify committing the fraud
Fraud Triangle - Explain Incentive; give examples
- the reason for a fraudster to commit fraud
- compensation schemes
- financial pressures of improved earnings in firm
- debt covenants
Fraud Triangle - Explain Opportunity; give examples
- internal control weaknesses that enable the fraudster to commit and conceal the fraud
- industry position
- management’s inconsistency involving assets
Fraud Triangle - Explain Rationalization; give examples
- the mindset of the fraudster; mental process that fraudsters employ to ‘live with themselves’ as they try to convince themselves what they are doing is justifiable
- “I will lose everything if I don’t take the money”
- “this is a one time thing”
What are red flags?
risk factors suggesting an increased risk of fraud
What happens if there are a lot of red flags?
the auditor may have to increase their fees
What happened in the Enron Fraud?
- energy trades went bad
- management covered up financial problems by:
- shifting debt to off-balance sheet special entities
- sold assets to special purpose entities that they controlled to recognize revenue
- engaged in round trip trades where assets were recognized as sales and ended back up at Enron
How do auditors begin an audit?
a brainstorming session focusing on how and where fraud can occur at the client
What did the Sarbanes-Oxley Act of 2002 bring about?
- new standard setting for audits of public companies
- new standards for corporate governance
What was the Sarbanes-Oxley Act of 2002 a response to?
the bankruptcy of Enron and the subsequent collapse of its auditing firm
Who does the Sarbanes-Oxley Act of 2002 apply to?
publicly traded companies
Audit committees must….
- be responsible for the appointment, compensation, and oversight of the work of audit firms
- be independent
- provide adequate funding for audit committees
Responsibilities of audit committees….
- obtain an annual report by the external auditor that addresses:
- company’s internal control procedures
- quality-control of regulatory problems
- relationships that might threaten the independence of the external auditor
Audit committees have the authority to….
- hire and fire the head of the internal audit function
- set the budget for internal audit activity
- review the internal audit plan
- discuss all internal audit results
What is the purpose of internal control?
- protect the assets
- keep the honest people honest
What are some limitations on internal control?
- faulty human judgement
- breakdowns because of mistakes
- circumventing controls by collision of multiple people
- management’s ability to override control
What are the 5 components of an effective internal control system?
- control environment
- risk assessment
- control activities
- information and communication
- monitoring
How do you know when you have a good internal control system?
the auditor can follow the trail
What is a transaction trail?
the auditor can trace a transaction from its origination through its final disposition (trial balance –> general ledger –> journal entry –> document)
What does COSO stand for?
Committee of Sponsoring Organizations
What is the job of COSO?
- assists in the development, implementation, and maintaining of an effective system of internal controls
What are Entity-Wide Controls?
- controls that operate across an entity and affect multiple processes, transactions, accounts, and assertions
What are Transaction Controls?
controls that provide assurance that all transactions that occurred are recorded in an accurate and timely manner and that only valid transactions are recorded
- they do not have an entity wide effect
What is the purpose of a control environment?
establish the tone regarding the importance of internal control and expected standards of conduct
Why is a strong control environment important? Give an example of a strong control environment.
- important line of defense against the risks related to financial statement reliability
- ex: organizations hold individuals accountable for their internal control responsibilities in the pursuit of objectives
What is a weak internal control environment associated with? Give an example of a weak control environment.
- associated with financial frauds
- ex: personnel who do not have the competencies to carry out their assigned tasks
What is authorization and why can it be an issue?
- when more than 1 person works within a company
- issue: unknown who has the authority to make the decisions
What is the main key in documentation procedures?
DO NOT record any transactions without proper documentation
What is a risk assessment?
possibility that an event will adversely affect the organization’s achievement of its objectives of reliable financial reporting
What are some internal risk examples?
- changes in management responsibilities
- changes in information technology
- poorly conceived business model
What are some external risk examples?
- economic recessions
- increases in competition
- development of substitute products or services
- changes in regulation
What happens when organizations ignore risks?
they put their organization and its auditors at risk for potential bankruptcy or litigation
What are control activities? Give examples.
- actions established through policies and procedures that help ensure that management’s directives regarding controls are accomplished
- ex: segregation of duties and physical control over assets
What are segregation of duties?
control activity that is designed to protect against the risk that an individual could both perpetrate and cover up the fraud
How can you implement segregation of duties?
- do not have 1 person doing everything
- have at least 2 employees be involved in processing transactions
What is physical control over assets?
control activity designed to safeguard assets from accidental or intentional destruction and theft
How can you implement physical control over assets?
- everything should be accounted for after hours
- periodic count and recording of all physical assets
What does information and communication refer to?
the process of identifying, capturing, and exchanging information in a timely fashion to enable accomplishment of the organization’s objectives
What is monitoring?
- process that provides feedback on the effectiveness of each of the 5 components of internal control
- requires deficiencies in internal control be communicated to appropriate personnel and follow-up action be taken
What is material misstatement?
when information in the financial statement is incorrect to the point where it impacts economic decisions
What is a control deficiency?
shortcoming in internal controls such that the objective of reliable financial reporting may not be achieved
What is audit failure? What is an appropriate response to audit failure?
- an audit firms issues an inaccurate audit opinion and fails to comply with the auditing standards
- litigation is an appropriate response
What is deep-pocket theory?
suing another party not based on the level of their true fault in a legal action, but based instead on the perceived ability of that party to pay damages
What is contract law?
contract indicates that an auditor will perform the services in accordance with professional auditing standards an in a timely manner
How are contract laws expressed?
through an engagement letter
What is an engagement letter entail?
- expresses an opinion
- documents and confirms:
- auditor’s acceptance of the appointment
- objective and scope of the audit
- extent of the auditor’s responsibilities to the client
When does liability occur?
when there is a breach of contract
Who is a contract normally between?
external auditor and the client
When can auditors be held liable to clients in contract laws?
- breach of contract
- ordinary negligence
- gross negligence
- fraud
What is breach of contract?
when there is non-performance of a contractual duty
What is ordinary negligence?
failure to exercise reasonable care proven by immediate user, causing harm to another or to property
What is gross negligence? Is it easy to prove?
- failure to use even minimal care or evidence of activities that show recklessness or carelessness disregard for the truth
- it is harder to prove because evidence may not be present
What is fraud?
- must be proven intentional
- intentional concealment of material fact with the intent to deceive another person
What is common law?
liability concepts are developed through court decisions based on negligence, gross negligence, or fraud
To win a claim against the auditor, third parties suing under common law must generally prove that:
- They suffered a loss
- The loss was due to reliance on misleading financial statements
- The auditor knew, or should have known, that the financial statements were misleading
Defenses available to auditors for third party lawsuits under common law include:
- The auditor did not have a duty to perform the service
- The auditor exercised due professional care
- Losses were not caused by the auditor’s actions
What is a tort?
a civil wrong based on negligence, constructive fraud, or fraud
What is a foreseeable user
individually unknown third party who the auditor can foresee will use the statements
What is statutory law?
laws developed through legislation
- ex: The Securities Act of 1933 and The Securities Exchange Act of 1934
What is the Securities Act of 1933?
Requires companies to file registration statements with the SEC before they may issue new securities to the public
The Securities Act of 1933 and the Securities Exchange Act of 1934 are….
- two important federal statutes affecting auditor liability for public clients
- help assure that investors in public companies have access to full and adequate disclosure of relevant information
The registration statement of the Securities Act of 1933 contains…
- Information about the company
- Lists of its officers and major stockholders
- Plans for using the proceeds from the new securities issue
- Audited financial statements
What does the Securities Exchange Act of 1934 regulate?
- the trading of securities after their initial issuance
- companies are required to file periodic reports with the SEC and stockholders
The Securities Exchange Act of 1934 explicitly makes it unlawful to…
- Make any untrue statement of a material fact
- Omit to state a material fact that is necessary for understanding the financial statements
The AICPA and the IAASB are…
standard setters
How is an audit prepared?
breaking it into cycles
What is an accounting cycle?
recording and processing transactions that affect a group of related accounts
When does the accounting cycle begin? End?
- begins when a transaction occurs
- ends when it is recorded in the financial statements
What are the 5 characteristics that should be implemented when presenting fairly?
- existence
- completeness
- rights and obligations
- valuation
- presentation and disclosure
What is existence? When is it most relevant?
- All assets and liabilities recorded in the financial statements exist or have occurred
- Most relevant for accounts where the auditor is concerned that management has an incentive to overstate the ending balance
What is completeness? When is it most relevant?
- All purchases of PPE are fully recorded in the financial statements
- Most relevant for accounts where the auditor is concerned that management has an incentive to understate the ending balance
What are rights and obligations? When is the auditor most concerned?
- The organization owns the PPE and has title to the equipment
- Auditor is concerned that management may have an incentive to improperly claim that they have a right to a revenue or asset
- While the inventory does physically exist, it is not actually owned by the organization
What is valuation? When is the auditor most concerned?
- Accounts have been included in the financial statements at appropriate amounts
- Auditor is concerned that management may have an incentive to improperly value revenues, expenses, assets, and liabilities
- Undervalue bad debt to show a more favorable net accounts receivable
What is presentation and disclosure? What is the auditor concerned about?
- Components of the financial statements are properly classified, described, and disclosed
- Auditor is concerned that:
- Liabilities will mature within a year
- The organization’s presentation on the face of the balance sheet does not conform with GAAP requirements - Auditor will test the disclosure assertion by examining:
- The footnotes to the financial statements for the long-term liability balance
- The relevance and appropriateness of management’s disclosures
What 3 categories do audit procedures fall in?
- Risk Assessment Procedures
- Test of Controls
- Substantive Procedures
What are risk assessment procedures?
Procedures performed by the auditor to obtain information for identifying and assessing the risks of material misstatement in the financial statements whether due to error or fraud
What are test of controls?
Designed to evaluate the operating effectiveness of controls in preventing (or detecting and correcting) material misstatements
What are substantive procedures?
- Designed to detect material misstatements
- Comprise tests of details and substantive analytical procedures
What does a substantive test do?
takes the amount on the balance sheet and asks bank if they agree with that amount
