DIFFERENT TYPES OF ENGAGEMENTS, DIFFERENT FORMS, INTERNAL CONTROLS, AUDIT PROCESS
Expenditures/Disbursements
Objectives of Internal Controls over Purchases and Accounts Payable—The objectives are to provide reasonable assurance that: A. Goods and services are obtained in accordance with management's authorization and based on approved orders—considering quantity, quality, vendors, etc. This is usually handled by a separate "Purchasing Department" to centralize these activities. B. The terms of acquisitions (including prices and quantities) are in accordance with management's authorization. C. All goods and services received are accurately accounted for on a timely basis. D. Adjustments to vendor accounts are made according to management's authorization. E. Only authorized goods and services are accepted and paid for (and payments are timely to take advantage of any cash discounts available for prompt payment). F. Amounts payable for goods and services received are accurately recorded and properly classified. G. Access to purchasing, receiving, and accounts payable records is limited to authorized personnel. Objectives of Internal Controls over Cash Disbursements—The objectives are to provide reasonable assurance that: A. Disbursements are for authorized expenditures as approved by management. B. Disbursements are recorded at the proper amounts and with the appropriate classifications. C. Periodic comparisons are made between the supporting detailed accounting records (including bank reconciliations) and the general ledger control accounts. D. Any adjusting journal entries for cash accounts are in accordance with management's authorization. E. Access to cash and disbursement records is limited to authorized personnel. Audit Considerations (Framed by "SCARE")—The entity's control activities should address the following matters related to the expenditures/disbursement transactions cycle: A. Segregation of Duties 1. A separate purchasing department handles the purchasing activities (after a duly approved request for goods or services has been received from the department making the request). 2. The purchasing personnel (execution function) are independent of those in receiving (custody function) and in accounting (record-keeping function), including the accounts payable personnel. The accounts payable personnel should also be independent of those involved in processing the related cash disbursements. 3. Bank reconciliations are prepared by someone not having other involvement in handling cash receipts, cash disbursements, or record keeping. B. Controls (Physical Controls) 1. There should be appropriate physical control over unused checks to limit access to authorized personnel. 2. Employees with the ability to initiate cash disbursements should be "bonded." 3. Access to cash disbursements or to related documents should be limited to authorized personnel. C. Authorization—The entity's transactions should be executed as authorized by management. 1. All adjusting journal entries should be approved by management. 2. Only authorized personnel should be able to order goods and services on the company's behalf. 3. The department requesting the purchase of goods or services should indicate their acceptance of the goods or services received and approval, before payment is made. D. Reviews (Performance Reviews) 1. An appropriate employee should compare the suppliers' monthly statements with recorded payables. 2. An appropriate employee should compare the purchase order, "receiver," and vendor's invoice for agreement to establish that the invoice is for goods and services received and as authorized. (The invoice should be approved before payment is made and available cash discounts for prompt payment should be taken.) E. EDP/IT (Information Processing) 1. Detailed records should be maintained to support the general ledger payable account. 2. Prenumbered purchase orders should be used (and the numerical sequence accounted for). 3. Prenumbered checks should be used (and the numerical sequence accounted for). 4. The supporting documents (including vendors' invoices) should be canceled as "paid" immediately upon payment to prevent double payments. 5. Two signatures should be required on checks. (Any signature plates should be kept in a secure place to prevent unauthorized use.) F. Note the difference between a "vouchers payable" system and an "accounts payable" system: 1. An accounts payable system keeps track of payables by the name of the vendor. (Hence, payables are identified by the total amount owed to the various individual suppliers.) 2. A vouchers payable system keeps track of individual transactions without summarizing amounts owed in total to individual vendors. (There can be numerous vouchers payable to an individual vendor, but the payables are identified by voucher number, not by vendor name. An entity that uses a vouchers payable system can confirm individual transactions, but cannot confirm the total amount owed to a given vendor, which has implications to the vendor's auditor and how confirmation requests should be designed.)
AUDIT PROCESS
1. Engagement Planning A. Decide whether to accept (or continue) the engagement—Recall the quality control standards regarding client acceptance/continuation issues. B. Perform risk assessment procedures to address the risks of material misstatement, whether due to error or fraud. C. Evaluate requirements for staffing and supervision. D. Prepare the required written audit plan (sometimes called the audit program) that specifies the nature, timing, and extent of auditing procedures for every audit area (which is usually prepared after control risk has been assessed, so that detection risk can be appropriately set in each audit area). 2. Internal Control Considerations A. Obtain an understanding of internal control for planning purposes as required, emphasizing the assessment of the risk of material misstatement in individual audit areas and document the understanding of internal control. B. If contemplating reliance on certain identified internal control strengths as a basis for reducing substantive testing, the auditor must then perform appropriate tests of control to determine that those specific controls are operating effectively, that is, working as intended. 3. Substantive Audit Procedures (Evidence-Gathering Procedures Whose Purpose is to Detect Material Misstatements, if There Are Any)—Note that the word substantive is derived from substantiate, which means to verify. These are evidence-gathering procedures designed to verify the financial statement elements and to detect any material misstatements. A. Analytical Procedures—Those evidence-gathering procedures that suggest reasonableness (or unreasonableness) based upon a comparison to appropriate expectations or benchmarks, such as prior year's financial statements, comparability to industry data (including ratios) or other interrelationships involving financial and/or nonfinancial data. B. Tests of Details—Those evidence-gathering procedures consisting of either of two types: 1. Tests of ending balances—Where the final balance is assessed by testing the composition of the year-end balance (e.g., testing a sample of individual customers' account balances that make up the general ledger accounts receivable control account balance). 2. Tests of transactions—Where the final balance is assessed by examining those debits and credits that caused the balance to change from last year's audited balance to the current year's balance. 4. Reporting—Conclusions are expressed in writing using standardized language to avoid miscommunication.
Opening Balances—Initial Audits
1. The predecessor may request a consent and acknowledgment letter from the entity to document the authorization regarding the communication with the auditor. Such a letter is not required, but the SAS provides an example. 2. The predecessor may also request a successor auditor acknowledgment letter to document the auditor's agreement regarding the use of the predecessor auditor's audit documentation before permitting access to it. Such a letter is not required, but the SAS provides an example. 3. The extent to which the predecessor permits access to the audit documentation is a matter of professional judgment. 4. The auditor's use of the predecessor's information is influenced by the auditor's assessment of the predecessor's competence and independence. AICPA Professional Standards require an auditor (the successor) to make several inquiries of the predecessor auditor before accepting the audit engagement. These matters include:(1) information bearing on the integrity of management; (2) disagreements with management about accounting or auditing issues; (3) communications to those charged with governance about fraud and noncompliance with laws and regulations; (4) communications to management and those charged with governance about internal control issues; and (5) the predecessor's understanding for the reasons the entity changed auditors. Sample Report—A sample report follows with a disclaimer of opinion on results of operations and cash flows and an unmodified opinion on financial position (owing to the inability to verify opening inventory such that the effect is deemed to be material and pervasive). A. Modify introductory sentence—"... and were engaged to audit ..." B. Do not change to Management's Responsibility section. C. Modify Auditor's Responsibility section—Modify the first two paragraphs and comment on the "basis for unmodified opinion on financial position" at the end. D. Add a "Basis for Disclaimer" paragraph on results of operations and cash flows. E. Disclaim an opinion on results of operations and cash flows. F. Provide an opinion only on financial position. G. Sample report with a disclaimer of opinion on results of operations and cash flows and an unmodified opinion on financial position (owing to the inability to verify opening inventory)
PCAOB on Evaluating Consistency of Financial Statements
A. Identifies two types of issues related to consistency that might affect the auditor's report: (1) a change in accounting principle; and (2) an adjustment to correct a misstatement in previously issued financial statements (i.e., restatements). B. When Reporting on Two or More Periods —The auditor should evaluate the consistency between those periods and with the prior period, if that prior period is presented along with the financial statements reported on. Changes in Accounting Principle Involving a change from one generally accepted accounting principle to another, including the situation where the accounting principle formerly used is no longer generally accepted. A. GAAP is specified by FASB guidance entitled "Accounting Changes and Error Corrections." The PCAOB auditing standards point out that, when a company uses retrospective application to account for a change in accounting principle, the financial statements generally will be viewed as consistent. (However, the previous years' financial statements will appear different from those that the auditor previously reported on.) B. When There is a Change in Accounting Principle —The auditor should evaluate whether (1) the newly adopted principle is GAAP; (2) the method of accounting for the effect of the change conforms to GAAP; (3) the disclosures related to the change are adequate; and (4) the company has justified that the alternative accounting principle is preferable. 1. When the four criteria have been met —The auditor should add an explanatory paragraph to the auditor's report to identify the inconsistency. 2. When the four criteria have not been met —The auditor should treat the matter as a GAAP departure and modify the audit report appropriately. 3. When an investor uses the "equity method" and the investee has a change in accounting principle that is material to the investor's financial statements —The auditor should add an explanatory paragraph to emphasize the matter. C. When There is a Change in Accounting Estimate Effected by a Change in Accounting Principle —The auditor should evaluate and report on the matter like other changes in accounting principle. D. When There is a Change in the Reporting Entity Resulting from a Transaction or Event, Such as the Purchase or Disposition of a Subsidiary—It does not require recognition in the auditor's report. (However, if there is a change in the reporting entity that does not result from such a transaction or event, then an explanatory paragraph would be required.) Correction of a Material Misstatement in Previously Issued Financial Statements A. The correction of a material misstatement in previously issued financial statements should be recognized in the auditor's report by the addition of an explanatory paragraph. B. Restatements of previously issued financial statements require related disclosures to be made—The auditor should evaluate the adequacy of the company's disclosures. Change in Classification A. Changes in classification in previously issued financial statements normally do not require recognition in the auditor's report (unless the change represents a change in accounting principle or the correction of a material misstatement). B. Accordingly, the auditor should evaluate a material change in financial statement classification (and the related disclosure) to determine whether such a change is also a change in accounting principle or a correction of a material misstatement. The auditing requirements under PCAOB auditing standards are substantially the same as those of the AICPA's Clarified Auditing Standards (specifically, AU 708, "Consistency of Financial Statements." The now-superseded SAS No. 1 (specifically, AU 420, Consistency of Application of [GAAP] ) previously stated that "error correction not involving principle" (e.g., mathematical mistakes, oversight, or misuse of facts) did not have to be identified in the auditor's report. However, the guidance in the Clarified Auditing Standard now treats restatements as an inconsistency that warrants mention in the auditor's report, similar to PCAOB requirements.
Responsibilities Vary for Different Types of Engagements
A. Understanding with the Client—When associated with financial statement subject matter, AICPA Professional Standards require the CPA to establish an understanding with the entity involved as to the services to be rendered and the parties' respective responsibilities. The CPA must document that understanding in a written engagement letter between the CPA and the client entity. This should not be surprising, since the "public interest" is associated with such financial statement subject matter. B. Levels of Assurance—The level of assurance varies with the type of service involved and should be clearly addressed in the engagement letter between the CPA and the client entity. 1. Audit (under SASs) or Examination (under SSAEs)—An audit or examination conveys a high level of assurance (Statements on Auditing Standards apply to audits of financial statements of "nonissuers"). 2. Review (under SSARSs or SSAEs)—A review conveys a lower (i.e., "moderate") level of assurance known as "negative assurance." 3. Compilation (or preparation engagement)—A compilation or preparation engagement conveys no assurance about the reliability of the financial statements (for a private company under the AICPA's SSARSs).
Reporting on Summary Financial Statements
An auditor's report on condensed financial statements should indicate: 1) the auditor has audited and expressed an opinion on the complete financial statements; 2) the date of the auditor's report on such statements; 3) the type of opinion expressed; and 4) whether the information in the condensed financial statements is consistent, in all material respects, with the audited financial statements. Applied Criteria: The criteria applied by management in the preparation of the summary financial statements. Summary Financial Statements: Historical financial information that is derived from financial statements but that contains less detail than the financial statements, while still providing a structured representation consistent with that provided by the financial statements. Audited financial statements are viewed as readily available if users can obtain them without any further action by the entity. Management's statement that they are available upon request, would not be considered readily available. Only an Unmodified or Adverse Opinion is Permitted—The summary financial statements are either consistent or not consistent with the audited financial statements; accordingly, a qualified opinion is not permitted. 1. Unmodified opinion—When issuing an unmodified opinion on the summary financial statements, the opinion should state that they are consistent, in all material respects, with the audited financial statements from which they have been derived, in accordance with the applied criteria. 2. Adverse opinion—When issuing an adverse opinion on the summary financial statements, the opinion should state that the financial statements are not consistent, in all material respects, with the audited financial statements in accordance with the applied criteria. Adverse Opinion or Disclaimer of Opinion—When the auditor's report on the audited financial statements contains an adverse opinion or a disclaimer of opinion, the auditor should either withdraw from the engagement to report on the summary financial statements (when withdrawal is possible) or disclaim an opinion on the summary financial statements. Auditor's Report on Summary Financial Statements—Include the following elements: A. A title that includes the word independent B. Addressee C. Introductory paragraph that (1) identifies the summary financials; (2) identifies the audited financial statements from which the summary financials were derived; (3) refers to the auditor's report on the financial statements and the date; and (4) states that the summary financials do not include all the disclosures required for complete financial statements D. Description of management's responsibility E. Statement about the auditor's responsibility F. A paragraph that clearly describes an opinionThe auditor's signature, city and state, and date of the report
Adverse Opinion
Effect of an Adverse Opinion on the Auditor's Report A. No effect on the introductory paragraph or management's responsibility section. B. Auditor's responsibility section—modify the last sentence to state, "We believe that the audit evidence we have obtained is sufficient and appropriate to provide a basis for our adverse audit opinion." C. Add a "Basis for Adverse Opinion" paragraph (with such a label) before the opinion paragraph. The auditor should include a description and quantification of the financial effects of the misstatement (when practicable); likewise, the auditor should include the omitted information (when practicable). D. Express the adverse opinion using appropriate language such as: "In our opinion, because of the significance of the matter discussed in the Basis for Adverse Opinion paragraph, the financial statements referred to above do not present fairly . . ." and label the opinion paragraph "Adverse Opinion."
Revenue/Receipts—Cash
Internal Control Objectives—The objectives of internal controls in this area are to provide reasonable assurance that: A. Access to cash receipts records and accounts receivable records is limited to authorized personnel. B. Detailed cash and account balance records are reconciled with control accounts and bank statements at least monthly. C. All cash receipts are correctly recorded in the period received. Audit Considerations (Framed by "SCARE")—The entity's control activities should address the following matters: A. Segregation of Duties 1. listing of cash receipts (sometimes referred to as a remittance listing or log of cash receipts ) is prepared upon opening the mail in the mail room; checks are restrictively endorsed immediately ("for deposit only . . . ") 2. Cash-related activities, which are handled by separate personnel as appropriate are as follows: a. Opening the mail—handling the checks received, and verifying the accuracy of the payment indicated on the enclosed "remittance advice" (the stub returned with the customer's payment on account) b. Making the deposit—deposits should be made daily c. Applying payments received to the appropriate customers' accounts receivable d. Preparing the bank reconciliation on a timely basis Controls (Physical Controls) 1. Employees with access to cash receipts should be "bonded," which is a type of insurance for which the employer pays an insurance premium and which involves background checks on the applicable employees. 2. Receipts should be deposited daily, not accumulated in someone's desk drawer for an occasional deposit. 3. Access to cash receipts (including access to documents) should be limited to those authorized—that includes the appropriate use of passwords. 4. The company might use a lockbox whereby payments from customers are directly received by the bank, thereby avoiding the company's mail room. Authorization—The entity's transactions should be executed as authorized by management. 1. Adjusting journal entries should be approved by management. 2. Bank reconciliations should be appropriately reviewed with the reviewer's approval indicated. Reviews (Performance Reviews) 1. The initial cash receipts listing from the mail room should be compared to the total according to the cash receipts journal, and traced to that day's bank deposit to show that what was received was, in fact, deposited. 2. The cash accounts should be reconciled with the bank statements on a timely basis by someone not involved in handling cash receipts or updating the accounting records. EDP/IT (Information Processing) 1. In general, there should be adequate documentation supporting transactions and account balances (important documents should be prenumbered and the numerical sequence properly accounted for). 2. For cash transactions received on site, there should be adequate point of sale cash registers and use of prenumbered receipts.
Internal Controls for Sales
Internal Control Objectives—The objectives of internal controls in this area are to provide reasonable assurance that: A. Goods and services are provided in accordance with management's authorization (and based on approved orders). B. Terms of sale (including prices and any discounts) are in accordance with management's authorization. C. Credit terms and limits are properly established (as authorized). D. Deliveries of goods and services result in accurate and timely billings. E. Any sales-related discounts and adjustments (including returns) are in accordance with management's authorization. Segregation of duties—Separate the execution (authorization), record-keeping (accounting), and custody (access) functions. 1. Credit to customers should be granted by an independent department (separate from sales staff which may be paid on commission and which may have an incentive to view everyone as creditworthy). 2. An independent employee should review the statements to customers. 3. Returns should be accounted for by an independent clerk in the shipping/receiving area. Controls (Physical Controls) 1. Computer passwords should be used to limit unauthorized access to the accounting systems. 2. Any inventory involved should be secured with access limited to authorized personnel. Authorization—The entity's transactions should be executed as authorized by management. 1. Management should review the terms of sales transactions and indicate that approval on the sales invoice (billing). 2. Management should usually establish general approvals of transactions within specified limits and specifically approve transactions outside of those prescribed limits. 3. Management should approve the entity's adjusting journal entries. Reviews (Performance Reviews) 1. The entity's recorded sales should be compared to appropriate budgets and forecasts. 2. Related accounting documents should be compared on a timely basis—for example, sales invoices and shipping documents should be compared to verify that the sales transactions were recorded in the proper period, which is referred to as proper cutoff. EDP/IT (Information Processing)—The auditor should agree the financial statement amount(s) to the applicable general ledger account(s). 1. Important accounting documents (e.g., shipping documents and sales invoices) should be prenumbered and the numerical sequence should be accounted for. 2. An aged trial balance for accounts receivable should be agreed (or reconciled) to the general ledger control account; the aging provides important information about the quality of the receivables and the need for follow-up audit procedures.
Disclaimer of Opinion
Modified Opinion: A qualified opinion, an adverse opinion, or a disclaimer of opinion. Pervasive: (a) Effects that are not confined to specific elements, accounts, or items of the financial statements; (b) effects that, if so confined, represent or could represent a substantial proportion of the financial statements; or (c) regarding disclosures, are fundamental to users' understanding of the financial statements. Disclaimer of Opinion—The auditor should express a disclaimer of opinion when the auditor is unable to obtain sufficient appropriate audit evidence, and the auditor concludes that the possible effect on the financial statements, if any, could be material and pervasive. Effect of a Disclaimer of Opinion on the Auditor's Report A. Minor effect on the introductory paragraph ("We were engaged to audit ...") and no effect on the management's responsibility section. B. Auditor's responsibility section—Revise this section to consist of the following two sentences: "Our responsibility is to express an opinion on these financial statements based on conducting the audit in accordance with auditing standards generally accepted in the United States of America. Because of the matter described in the Basis for Disclaimer of Opinion paragraph, however, we were not able to obtain sufficient appropriate audit evidence to provide a basis for an audit opinion." C. Add a "Basis for Disclaimer of Opinion" paragraph (with such a label) before the opinion paragraph. D. Disclaim an opinion using appropriate language such as: "Because of the significance of the matter described in the Basis for Disclaimer of Opinion paragraph, we have not been able to obtain sufficient appropriate audit evidence to provide a basis for an audit opinion. Accordingly, we do not express an opinion on these financial statements." Add an appropriate title preceding the paragraph, such as "Disclaimer of Opinion."
Qualified for Scope Limitation
Modified opinion: A qualified opinion, an adverse opinion, or a disclaimer of opinion. Pervasive: (a) Effects that are not confined to specific elements, accounts or items of the financial statements; (b) effects that, if so confined, represent or could represent a substantial proportion of the financial statements; or (c) regarding disclosures, are fundamental to users' understanding of the financial statements. Qualified Opinion—The auditor should express a qualified opinion when the auditor is unable to obtain sufficient appropriate audit evidence, and the auditor concludes that the possible effect on the financial statements, if any, could be material, but not pervasive. (This lesson focuses on the qualified opinion in connection with a scope limitation.) Disclaimer of Opinion—The auditor should express a disclaimer of opinion when the auditor is unable to obtain sufficient appropriate audit evidence, and the auditor concludes that the possible effect on the financial statements, if any, could be material and pervasive. (A separate lesson focuses on the disclaimer of opinion.) Effect of a Qualification for a Scope Limitation on the Auditor's Report A. No effect on the introductory paragraph or management's responsibility section. B. Auditor's responsibility section—Modify the last sentence to state, "We believe that the audit evidence we have obtained is sufficient and appropriate to provide a basis for our qualified audit opinion." C. Add a "Basis for Qualified Opinion" paragraph (with such a label) before the opinion paragraph. D. Qualify the opinion using appropriate language such as: "In our opinion, except for the possible effects of the matter described in the Basis for Qualified Opinion paragraph, the financial statements referred to above present fairly . . ." and label the opinion paragraph "Qualified Opinion."
Payroll Cycle
Objectives of Internal Controls over Payroll—The objectives are to provide reasonable assurance that: A. Payroll withholdings and deductions are based on appropriate supporting authorizations. B. Compensation is made only to valid employees at authorized rates and for services actually rendered. C. Gross pay, withholdings, deductions, and net pay are correctly computed. D. Payroll costs and liabilities are appropriately classified and summarized in the proper periods. E. Appropriate comparisons are made of personnel, payroll, and work records at reasonable intervals. F. Net pay and related withholdings are remitted to the appropriate employees and agencies. G. Access to sensitive personnel files and payroll records is limited to authorized personnel. Audit Considerations (Framed by "SCARE")—The entity's control activities should address the following matters: A. Segregation of Duties 1. The following activities should be performed by different personnel when circumstances permit: a. Establishing and maintaining employee files in the personnel department b. Timekeeping c. Payroll preparation and updating the accounting records d. Check distribution e. Reconciling the payroll bank account with the general ledger account 2. The treasurer should typically sign the payroll checks. 3. An appropriate departmental supervisor should distribute the payroll checks to employees in that department. 4. Unclaimed checks should be controlled. That is, they should be returned to treasury, secured, and eventually destroyed, if not claimed within an appropriate time. B. Controls (Physical Controls) 1. Access to personnel files (containing sensitive information) should be limited to authorized personnel. 2. Access to payroll checks should be limited to authorized personnel. 3. Personnel with access to payroll checks should be bonded. C. Authorization—The entity's transactions should be executed as authorized by management. 1. Payroll should be authorized by a responsible official. 2. Payroll computations should be verified by an independent person. 3. Overtime payments should be approved by management. 4. Payroll for management should also be appropriately reviewed and approved. D. Reviews (Performance Reviews) 1. A company should maintain current and accurate payroll information (which should be periodically matched with information in the personnel files). 2. The payroll checks written should be reconciled to the payroll register, serving as the supporting accounting record for each payroll period. 3. Other appropriate reconciliations should be made on a timely basis: for example, in a manufacturing environment, someone should reconcile the job cost time sheets to time clock cards. (For strict internal control purposes, a company should use time clocks where possible.) E. EDP/IT (Information Processing) 1. Payroll checks should be prenumbered (and the numerical sequence accounted for). 2. A company should maintain a separate checking account specifically for payroll transactions to establish more accountability and control over these important transactions.
Audits of Group Financial Statements
Reference Image Component: An entity for which group or component management prepares financial information that is required by the applicable financial reporting framework to be included in the group financial statements. Component Auditor: An auditor who performs work on the financial information of a component that will be used as audit evidence for the group audit. (A component auditor may be part of the group engagement partner's firm, a network-affiliated firm, or another unrelated firm.) Group: All the components whose financial information is included in the group financial statements. A group always has more than one component. Group Financial Statements: Financial statements that include the financial information of more than one component. This term also refers to combined financial statements aggregating the financial information prepared by components that are under common control. Group-Wide Controls: Controls designed, implemented, and maintained by group management over group financial reporting. Significant Component: A component identified by the group engagement team that (a) is of individual financial significance to the group; or (b) due to its specific nature, is likely to include significant risks of material misstatement of the group financial statements.
Qualified for Misstatement
Opinion Choice for a Misstatement (Including Inadequate Disclosure) Involves Judgment A. Qualified Opinion—The auditor should express a qualified opinion when the auditor concludes that misstatements are material, but not pervasive to the financial statements. B. Adverse Opinion—The auditor should express an adverse opinion when the auditor concludes that misstatements are material, and pervasive to the financial statements. (A separate lesson focuses on the adverse opinion.) Effect of a Qualification for a Misstatement on the Auditor's Report A. No effect on the introductory paragraph or management's responsibility section B. Auditor's Responsibility Section—Modify the last sentence to state, "We believe that the audit evidence we have obtained is sufficient and appropriate to provide a basis for our qualified audit opinion. C. "Add a "Basis for Qualified Opinion" paragraph (with such a label) before the opinion paragraph. The auditor should include a description and quantification of the financial effects of the misstatement (when practicable); likewise, the auditor should include the omitted information (when practicable). D. Qualify the opinion using appropriate language such as: "In our opinion, except for the effects of the matter described in the Basis for Qualified Opinion paragraph, the financial statements referred to above present fairly . . ." and label the opinion paragraph "Qualified Opinion."
Other Information Along with Financial Statements
Other Information: Information other than the financial statements and the auditor's report that is included in a document containing audited financial statements and the auditor's report (can be financial and nonfinancial information, but excludes required supplementary information). Inconsistency: Other information that conflicts with information contained in the audited financial statements (may raise doubt about the auditor's conclusions and the basis for the auditor's opinion). Misstatement of Fact: Other information that is unrelated to matters appearing in the audited financial statements that is incorrectly presented (may undermine the credibility of the document containing the audited financial statements). 1. Examples of other information—Financial summaries or highlights, management reports on operations, employment data, financial ratios, selected quarterly data, names of officers/directors, etc. 2. Other information does not include press releases, cover letters accompanying documents containing the audited financial statements, information in analyst briefings, or information posted to the entity's Web site. Material Inconsistencies Identified Prior to the Report Release Date 1. Request that management make appropriate revision. 2. If management refuses—Inform those charged with governance and (a) include an other-matter paragraph to the auditor's report, (b) withhold the auditor's report, or (c) withdraw from the engagement (when permitted). Material Inconsistencies Identified After the Report Release Date 1. If management agrees to make the revision—The auditor may review steps taken by management to ensure that users of the financial statements and other information are informed of the need for revision. 2. If management refuses—Inform those charged with governance and take appropriate action (such as seeking advice from the auditor's legal counsel). Material Misstatements of Fact—The auditor should discuss the matter with management and, if there is a material misstatement of fact, the auditor should request management to consult with a qualified third party (such as the entity's legal counsel). If management refuses to correct a material misstatement of fact, the auditor should communicate the matter to those charged with governance.
Financial Statements Using Another Country's Framework
Performance of the Engagement Use Solely Outside the U.S.—When auditing financial statements intended for use solely outside the U.S., the auditor should comply with GAAS, except for requirements related to the form and content of the auditor's report. The auditor should obtain an understanding of the entity's selection and application of accounting policies. Consultation with Others—The auditor may wish to consult with others having expertise in applying that country's reporting framework. Summary of the Differences in the Audit Reporting Language Relative to U.S. Form. 1. The first sentence would be changed as follows: ... financial statements, which, as described in note X to the financial statements, have been prepared on the basis of (specify the financial reporting framework generally accepted) in (name of the country)." 2. The sentence describing management's responsibilities would be changed as follows: "Management is responsible for the preparation and fair presentation of these financial statements in accordance with (specify the financial reporting framework generally accepted ) in (name of country );" 3. The second sentence in the section on the auditor's responsibility would be changed as follows: "We conducted our audit in accordance with auditing standards generally accepted in the United States of America (and [in name of country])." 4. The opinion would be changed as follows: "In our opinion, the financial statements referred to above present fairly, in all material respects, ... in accordance with (specify the financial reporting framework generally accepted) in (name of country)."
Miscellaneous Cycles
Production/Manufacturing Inventory A. The Major Objectives of Internal Controls—In this area, the primary objectives are to provide reasonable assurance that: 1. The resources obtained and used in production (including raw materials, work-in-process, and finished goods) are accurately recorded on a timely basis. 2. Transfers of finished products to customers or others are accurately recorded. 3. Related expenditures are appropriately classified. 4. Access to all categories of inventory (and inventory-related documents) is limited to authorized personnel. 5. Comparisons of actual inventory on hand are made to recorded amounts at least annually. B. Audit Considerations (Framed by "SCARE")—The entity's control activities should address the following matters: 1. Segregation of duties a. To the extent possible, the company should separate the authorization of inventory- related transactions, the custody of (or access to) inventory, and the accounting record keeping activities. b. Sales returns (inventory) should be immediately counted by the receiving clerk and a receiver (i.e., a receiving document) prepared to verify the quantity and condition of the goods received. 2. Controls (physical controls) a. Access to the inventory should be limited to authorized personnel (the inventory should be physically secured with access restricted to personnel having authorized keys or passcodes). b. Access to the important accounting documents, including applicable shipping documents, should be limited to authorized personnel. 3. Authorization—The entity's transactions should be executed as authorized by management. a. The acquisition and distribution of inventory should be consistent with management's authorization. b. Management should establish general approvals of transactions within specified limits, and specifically approve transactions above those limits. c. Any adjusting journal entries (including sales returns and allowances, or adjustments to inventory, such as write-downs) should be approved by management. 4. Reviews (performance reviews) a. Actual inventory should be compared periodically to recorded inventory (and any unusual differences should be investigated). b. In a manufacturing context, appropriate reconciliations should be made of underlying accounting records (including applicable job order cost sheets or process cost worksheets) to the applicable inventory-related general ledger accounts. 5. EDP/IT (information processing) a. The company should use prenumbered purchase orders for raw materials and components of production, along with prenumbered receivers, the receiving document. (The numerical sequence of these documents should be properly accounted for.) b. The company should consider using a perpetual inventory system for items with high cost per unit. c. The company should maintain adequate support for related general ledger control accounts. Fixed Assets Cycle—The major objectives of internal controls in this area are to provide reasonable assurance that: A. Transactions involving property, plant, and equipment are accurately recorded and classified; and are in accordance with management's authorization. B. Estimates used in the determination of depreciation, depletion, and amortization of the assets' cost basis are reasonable and consistent over time; any changes should be properly approved. C. Fixed assets are reasonably secure from loss with appropriate property insurance in force. D. Supporting detailed records are maintained and periodically compared to the assets on hand. E. Any adjusting journal entries related to fixed assets are approved by the management. Investing/Financing Cycle—The major objectives of internal controls in this area are to provide reasonable assurance that: A. Transactions involving investments and financing are accurately recorded and classified on a timely basis; and as authorized by management. 1. Investing—As used here, this refers to decisions related to the composition of the company's portfolio of investment assets, both current and noncurrent. 2. Financing—This refers to decisions related to the structure of the company's noncurrent liabilities and stockholders' equity sections of the balance sheet. B. Investment assets should be reasonably secure from loss with procedures established to monitor the associated risks. Access should be limited to authorized personnel with appropriate segregation of duties. C. Supporting detailed records should be maintained and compared periodically to actual investment-related assets of the company. D. Any adjusting journal entries related to investment-related assets, liabilities, or stockholders' equity are approved by management.
Emphasis-of-Matter Paragraphs and Other-Matter Paragraphs
Reference Image Emphasis-of-Matter Paragraph: A paragraph that refers to a matter appropriately presented or disclosed in the financial statements that, in the auditor's judgment, is of such importance that it is fundamental to users' understanding of the financial statements. Other-Matter Paragraph: A paragraph that refers to a matter other than those presented or disclosed in the financial statements that, in the auditor's judgment, is relevant to users' understanding of the audit, the auditor's responsibilities, or the auditor's report. Emphasis-of-Matter Paragraph Matters for which an emphasis-of-matter paragraph is required: 1. When the auditor has substantial doubt about the entity's ability to continue as a going concern 2. When there is an inconsistency in accounting principles used 3. When the financial statements are prepared in accordance with special purpose frameworks. (This topic will be discussed in another lesson.) Other-Matter Paragraph Circumstances for which an Auditor May Consider it Necessary to Add an Other-Matter Paragraph: 1. Relevant to users' understanding of the audit—In rare situations, the auditor may add an other-matter paragraph to explain why it was not possible for the auditor to withdraw from an engagement in which a scope limitation that was pervasive resulted in a disclaimer of opinion. 2. Relevant to users' understanding of the auditor's responsibilities or the auditor's report—For example, when the opinion expressed on the prior year's financial statements is different than the opinion previously expressed (as a result of management's correction of a material departure from the applicable financial reporting framework).
PCAOB on Audit Reports
Reference image for report Qualified opinion—Such a report should also include communication of CAMs, if applicable. Adverse opinion—Such a report should not include any communication of CAMs, since the reason for the adverse opinion is most important. Disclaimer of opinion—Such a report should not include any communication of CAMs, since the reason for the disclaimer is most important.
Required Supplementary Information
Required supplementary information: Information that a designated accounting standard setter requires to accompany an entity's basic financial statements (the information is not part of the basic financial statements, but authoritative guidelines for measurement and presentation have been established). Designated accounting standard setter: A body designated by the AICPA council to establish GAAP pursuant to the Rule of Conduct on Compliance Standards. Procedures to Be Performed by the Auditor A. Inquire of management about the methods used to prepare the information, including (1) whether it is measured and presented in accordance with prescribed guidelines; (2) whether the methods of measurement or presentation have been changed relative to prior period; and (3) whether any significant assumptions affect the measurement or presentation of it. B. Compare the information for consistency with (1) management's responses to the auditor's inquiries; (2) the basic financial statements; and (3) other knowledge obtained during the audit of the basic financial statements. Reporting Implications A. The auditor should include an other-matter paragraph in the auditor's report commenting appropriately on the required supplementary information. The supplementary information cannot affect the auditor's opinion on the financial statements, since it is outside of those financial statements. B. The specific language to be used depends upon the particular circumstances. 1. Whether the required supplementary information is included and the auditor has applied the procedures described above (no material departures); 2. Whether the required supplementary information is omitted; 3. Whether some required supplementary information is missing and some is presented in accordance with prescribed guidelines; 4. Whether the auditor has identified any material departures from prescribed guidelines; 5. Whether the auditor is unable to complete required procedures; or 6. Whether the auditor has unresolved doubts as to whether the required supplementary information is presented in accordance with prescribed guidelines.
PCAOB on Auditing Supplemental Information
Supplemental Information: "Refers to the following information when it accompanies audited financial statements: a. Supporting schedules that brokers and dealers are required to file pursuant to Rule 17a-5 under the Securities Exchange Act of 1934; b. Supplemental information (i) required to be presented pursuant to the rules and regulations of a regulatory authority and (ii) covered by an independent public accountant's report on that information in relation to financial statements that are audited in accordance with PCAOB standards; or c. Information that is (i) ancillary to the audited financial statements, (ii) derived from the company's accounting books and records, and (iii) covered by an independent public accountant's report on that information in relation to the financial statements that are audited in accordance with PCAOB standards."
Supplementary Information Related to Financial Statements
The auditor should determine whether: 1. The supplementary information was derived from (or directly related to) the underlying records used to prepare the financial statements. 2. The supplementary information relates to the same period as the financial statements. 3. The auditor served as the auditor of the financial statements. 4. Either an unmodified or qualified opinion was expressed on the financial statements (must not have issued an adverse opinion or disclaimer of opinion). 5. The supplementary information will either accompany the entity's audited financial statements or the audited financial statements will be made readily available by the entity. (Note: Readily available means without further action by the entity. Being available upon the user's request is not considered readily available ). Reporting on Supplementary Information in Relation to Audited Financial Statements A. Form of Report—The auditor may issue a separate report on the supplementary information (in addition to the report on the audited financial statements) or combine the report on the supplementary information with the report on the financial statements. (If the latter, then add an other-matter paragraph regarding the supplementary information.) B. If the auditor expressed an adverse opinion or a disclaimer of opinion on the financial statements, the auditor is prohibited from reporting on the supplementary information. C. If the supplementary information is materially misstated in relation to the financial statements, the auditor should discuss the matter with management and propose appropriate revision. If management does not revise the supplementary information, the auditor should either appropriately modify the opinion on the supplementary information or withhold the separate report on it. D. Sample other-matter paragraph when the auditor expresses an unmodified opinion on the financial statements and on the supplementary information in a combined report:
Interim Financial Information
The relevant AICPA guidance is provided by AU 930: Interim Financial Information. The standard states that the auditor's objective is to obtain a basis for reporting whether the auditor is aware of any material modifications that should be made to the interim financial information for it to be in accordance with the applicable financial reporting framework through performing limited procedures. Interim Financial Information: Financial information prepared and presented in accordance with an applicable financial reporting framework that comprises either a complete or condensed set of financial statements covering a period(s) less than one full year or covering a 12-month period ending on a date other than the entity's fiscal year end. Reporting on a Review of Interim Financial Information A. Form of the Review Report—The report should be in writing and include the following: 1. Title 2. Addressee 3. An introductory paragraph 4. A section on "Management's Responsibility for the Financial Statements" 5. A section on "Auditor's Responsibility" 6. A concluding section that expresses conclusions (negative assurance) 7. The signature, city and state, and date of the review report B. Each page of the interim financial information should be clearly marked unaudited. C. If Comparative Information is Presented that has not Been Reviewed—The report should indicate that the auditor assumes no responsibility for it. D. Modification of the Auditor's Review Report—When the interim financial information has not been prepared in accordance with the applicable financial reporting framework in all material respects, the auditor should consider whether modification of the review report is sufficient to address the matter. 1. If modification is sufficient—The auditor should modify the review report by describing the nature of the departure, and stating the effects on the interim financial information (or providing the appropriate information when disclosure is inadequate), if practicable. 2. If modification is not sufficient—The auditor should withdraw from the review engagement. E. Interim Financial Information Accompanying Audited Financial Statements—The auditor should include an other-matter paragraph in the report on audited financial statements when the following conditions exist: 1. The interim financial information that has been reviewed is included in a document containing the audited financial statements. 2. The interim information accompanying the audited financial statements does not appear to be presented in accordance with the applicable financial reporting framework. 3. The auditor's separate review report, which refers to the departure, is not presented with the interim financial information. Auditor's Consent: A statement signed and dated by the auditor giving consent to use the auditor's report in a registration statement. Awareness Letter: A letter signed and dated by the auditor to acknowledge the auditor's awareness that the review report on interim financial information is being used in a registration statement (also known as an acknowledgment letter). Effective Date of the Registration: The date on which the registration statement becomes effective for purposes of evaluating the auditor's liability under Section 11 of the Securities Act of 1933.
ICPA's Statements on Standards for Accounting and Review Services (SSARSs)
These are applicable when the CPA is associated with the financial statements of a private company, but that association is something less than a full-scope audit engagement. Compilation—When the CPA is engaged simply to assemble into financial statement format the financial records of a private company and issue a compilation report, without expressing any degree of assurance on the reliability of those financial statements. Preparation engagement—When the CPA is engaged to prepare the financial statements of a private company without issuing any report on those financial statements or expressing any form of assurance. Review—When the CPA is engaged to provide a lower level of assurance (relative to that of an audit) on financial statements of a private company by performing limited procedures, including performing analytical procedures, and making appropriate inquiries of client personnel. The conclusion is known as "negative assurance" that the practitioner is unaware of a need for material modification.
AICPA's Statements on Standards for Attestation Engagements (SSAEs)
These are applicable when the CPA provides assurance about written representations or subject matter other than historical financial statements (e.g., management may make representations about its superior product performance that may be made more reliable by the CPA's independent verification and report). Examination—When the CPA is engaged to provide an opinion (that is positive assurance) on subject matter or an assertion of a responsible party that involves something other than historical financial statements. Review—When the CPA is engaged to provide negative assurance on subject matter or an assertion of a responsible party that involves something other than historical financial statements. Agreed-Upon Procedures Engagement—When the CPA is engaged to provide assurance in the form of "procedures and findings" on subject matter or an assertion of a responsible party that involves something other than historical financial statements.
Alert to Restrict Report
Using an Alert to Restrict the Use of the Auditor's Report—Such an alert should be included as a separate paragraph of the report when: The subject matter is based on criteria that are only suitable for (or available to) a limited number of users; or The matters are presented in a by-product report that is not the primary objective of the engagement. Including an Alert—The auditor is not prohibited from including such an alert in any other auditor's report or written communication. Purpose of the Alert—The purpose of the alert is to restrict the use of the auditor's written communication because of the potential for misunderstanding if taken out of the context for which the written communication is intended. Content of the Alert—The auditor should state that the written communication is intended solely for the use of the specified parties (and either identify or refer to those parties). Adding Other Specified Parties—The auditor should obtain acknowledgment in writing from such other parties as to their understanding of the nature of the engagement, the criteria used, and the auditor's written communication. They can be added after the release of the auditor's written communication (by amending the written communication to add them, but without changing the original date of the auditor's written communication). Distribution of the Auditor's Written Communication—The auditor is not responsible for enforcing the distribution of the auditor's written communication after its release. The purpose of the alert is to appropriately communicate such restricted distribution.
