AC341 Final, SOC, SOC Reports, CHAPTER 6/7, Audit Chapter 25, Auditing Chapter 6, Flashcards, Five components of COSO Internal control framework (CRIME), Cases, ADVANCED AUDITING FINAL PREP, ASC Judgement, Week 2 - Case 4.4: Waste Management Inc., Fl...

Pataasin ang iyong marka sa homework at exams ngayon gamit ang Quizwiz!

SOC 1 Type 2

-mngt is required to provide written assertion -reports on design, implementation, and operating effectiveness of controls for a period of time -may be utilized for control reliance purposes -includes a description of the tests of operating effectiveness results***differentiating factor -comprehensive -requires more internal and external effort -more emphasis on retention of evidential matter throughout the period

using the work of another practitioner

-obtain an understanding of their professional competence before trusting their judgment -make sure they understand and will comply with ethical requirements -if you are going to use their work, you must be involved in the work yourself -evaluate whether their work is adequate

SOC2 reports play an important role in:

-oversight of the organization -vendor management programs -internal corporate governance and risk management processes -regulatory oversight

SOC 1: System Description Overview

-overview of organization -description of control environment -risk assessment -info and communication -monitoring -control obj and related controls -complimentary user entity controls -changes in the service organizations controls that may have occurred since last examination

acceptance of a change in the terms of engagement

-practitoner should not agree to change the terms when no reasonable justification for doing so exists -refers to going from a examination agreement to a review agreement -have to make sure its not too risk to do an examination

assuming responsibility of another practitioner's work or make reference to it

-required to evaluate whether the practitioner's work is adequate for the purpose of the engagement -nature, timing and extent and determined by: -previous experience w the practitioner - knowledge of the other practitioner

SOC 1: Mangements Assertion

-required to provide written assertion about whether: the items in the indep service auditors report are correct as of a specified date -mngt must have a reasonable basis for its assertion

Control (examples)

-risks mitigated -frequency of the them -nature of them -where the evidence of them is kept

SOC1 reports are restricted to:

-the management of the service organization -user entities -user auditors

the auditor should assess whether management has used suitable criteria in:

-whether the system was described appropriately -whether controls were designed appropriately -whether controls have operated effectively

when change in the terms of the engagement is acceptable

-you can't just change from an examination to a review to avoid a modified opinion or disclaimer -a misunderstanding concerning the nature of the engagement originally requested may be reasonable justification

the concept of materiality is not applied when disclosing, in the description of the tests of controls, the results of those tests where deviations have been identified

-you're not worried about numbers, can't decide whether something's material, you just have to report it

implications of ICOs

-you're selling something that doesn't exist yet- paying for a blockchain that hasn't been developed -some are selling securities so the SEC is getting involved

Which of the following is NOT recommended when trying to mitigate the risk of bias attributable to the availability tendency? a. Consider the most unusual case b. Make the opposing case c. Consult with others d. Get objective data

A

what are the 6 steps to run the bitcoin blockchain network?

1. new transactions are broadcast to all nodes 2. each node collects new transactions into a block 3. each node works on finding a difficult proof of work for its block 4. when a node finds proof of work, it broadcasts the block to all nodes 5. nodes accept the block only if all transactions in it are valid and not already spent 6. nodes express their acceptance of the block by working on creating the next block in the chain

preconditions criteria selection

1. specify control objectives 2. identifying the risks that threaten the achievement of the control objectives stated 3. providing a written assertion

AICPA Code of Professional Conduct Section 0.300 and Section 1.100, "Integrity and Objectivity."

1.100 a member shall maintain objectivity and integrity, shall be free of conflicts of interest, and shall not knowingly misrepresent facts or subordinate his or her judgment .300 overall principle of due care: A member should observe the profession's technical and ethical standards, strive continually to improve competence and the quality of services, and discharge professional responsibility to the best of the member's ability.

How much time did Diann serve in prison? Select one: a. 2 years b. 3 years c. 1.5 years d. 1 year

1.5 years

• Kirk Sheldon, CUC's COO, sentenced to

10 years, pay $3,275 billion

• Walter A, Forbes, chairman and CEO of CUC, sentenced to

12 years, seven months, pay $3,275 billion

hash collision

2 files that produced the same hash - you have to just throw it out

asymmetric cryptography

2 keys: 1 public 1 private (only you should have access) if someone gets a hold of your private key, they have access to your bitcoin. so, if you lose your private key, you're SOL

how many "units" are available for transactions

2.1 quadrillion

visa transactions per second

24,000

ethereum

2nd largest blockchain created by Vitalik Buterin

bitcoin transaction speed per second

7 tps

how many decimal places can bitcoins be broken into

8

Illegal Property Flipping

- Usually involves a team of insiders, such as mortgage brokers, real estate agents, appraisers, and settlement agents. How it works: - Insiders use a straw buyer to purchase a home. - Put back on the market at an artificially inflated price that is supported by a fraudulent appraisal. - The house is eventually sold to an unsuspecting home buyer and the insiders pocket the profit.

possible subject matter forms of an attestation agreement

- historical or prospective financial information -physical descriptions (square footage of facilities) -Historical events, i.e. market price of a good -analyses i.e. breakeven analysis -systems/processes i.e. internal controls -behavior/compliance with laws/HR practices

RISK RELATED TO PRECONDITIONS

-management is responsible for identifying risks that threaten the achievement of the control -risks that management identifies also include the risk that controls were not implemented by user entities or subservice organization or that those controls were not operating effectively -management may have a formal or informal process for identifying risks

SOC 2 Report

Sometimes referred to as AT101/performed under standard AT101. Report on Controls at a Service Organization related to compliance or operations and based on Trust Services Principles and Criteria. SOC2 service organization controls must meet the specified Trust Services Principles defined by the AICPA (you can choose one or many), which include: Security Availability Processing Integrity Confidentiality Privacy Reports more on the underlying IT environment

SOC 1 Report key ideas

Sometimes referred to as SSAE16 A report on controls at a service organization which are relevant to user entities' internal control over financial reporting (ICFR) Most applicable when the service provider performs financial transactions processing or supports transaction processing systems Independent assurance that their ____ is being handled in accordance with their expectations. Service organizations determine control objectives and controls to meet the appropriate objectives. Control objectives are defined by the service provider and vary based on the service provided. They are considered restricted use reports and should only be shared with management of the service organization (the company who has the SOC 1 performed), user entities of the service organization (the service organization's clients) and the user entities' financial auditors (user auditors).

Which of the following is a consequence of the housing boom of the 1990s? Select one: a. Home values appreciated rapidly. b. New loan products were being offered to buyers. c. Both A and B d. None of the above

Both A and B

"Due Professional Care in the Performance of Work,

Both AU-C 200 and PCAOB AS 1015 both note that professional skepticism is an attitude that includes a questioning mind and a critical assessment of audit evidence. Professional skepticism requires the auditor to use the knowledge, skill, and ability called for by the profession of public accounting to diligently perform, in good faith and with integrity, the gathering and objective evaluation of evidence

WHAT IS THE SIMILARITY BETWEEN ENRON AND XEROX CASE?

Both Enron and Xerox were large publicly traded companies that were required to restate their financial statements because of massive accounting manipulations. BOTH USED AGGRESIVE ACCOUNTING & COMPLICATED METHODS Both companies were heavily financed with debt obligations and were experiencing significant challenges to their core business operations.

Which of the following is not a step in reframing a situation? a. Challenge the current frame b. Generate alternative frames c. Justify the current frame d. Understand the current frame

C

Which of the following is not a technique to help an auditor mitigate possible bias stemming from use of judgment shortcut? a. Be aware of the bias and when you might be vulnerable to it b. Seek disconfirming evidence c. Seek the advice of someone who agrees with your position d. Identify and acknowledge personal preferences

C

True or False: You cannot teach judgment; either you have it or you don't.

False. Experience is important; however, gaining knowledge and skill relating to exercising good judgment can help elevate and improve judgment maturity.

True or False: It is essential to carefully apply each step in the judgment process in the KPMG Professional Judgment Framework for all judgements.

False. For easy, low-stakes judgments, common sense and quick consideration of one or two steps in the judgment process may be enough to make a good judgment.

True or False: You just cannot teach judgment; either you have it or you do not.

False. While experience is important, gaining knowledge and skill relating to exercising good judgment can help elevate and improve students' and professionals' judgment maturity.

True or False: People are simply hardwired to sue judgment shortcuts, and as such, there is no way to avoid the related biases.

False. While reliance on judgment shortcuts does come naturally, awareness of conditions that can lead to bias provides decision makers the ability to identify logical methods to reduce the bias.

true or false ; People are simply hardwired to use judgment shortcuts, and as such, there is no way to avoid the related biases.

False. While reliance on judgment shortcuts does come naturally, awareness of conditions that can lead to bias provides decision makers the ability to identify logical methods to reduce the bias.

True or False: At the time Cynthia Cooper discovered the accounting fraud, WorldCom had whistleblower hotline process in place

False: At the time Cynthia Cooper discovered the accounting fraud, WorldCom did not have whistleblower hotline process in place

True or False: Mangagement should be involved in the Whistleblower program

False; Management should never be involved

Groves said his fraud scheme was motivated by what? Select one: a. Greed b. Resentment c. Ignorance d. Fear of failing

Fear of failing

SOC1 Type 1 Report

Focuses on the design of the controls - included in the description of a SPECIFIED DATE

___________concentrated on buying loans from savings and loan association institutions a. Fanny Mae b. Freddy Mac

Freddie Mac

An auditor anticipates assessing control risk at a low level in an IT environment. Under these circumstances, on which of the following controls would the auditor initially focus?

General controls.

SOC 3

General use report whose purpose is to report on controls related to compliance or operations (security, availability, processing integrity, confidentiality or privacy)

Why is lack of expression of disagreement a sign of potential problems in group judgment?

Groups tend to do better than individuals because of the different perspectives and insights that are brought up and considered by the group. If expression of disagreement is stifled, one of the key benefits of group judgments is eliminated. The tendency to reach quick consensus is more likely to come into play, bringing with it the dangers of GroupThink.

Groves committed which of the following crimes? Select one: a. Groves wrote unauthorized checks to himself .b. Groves made false statements on loan applications. c. Groves lied on his expense reimbursement report. d. Groves gave himself duplicate pay checks.

Groves made false statements on loan applications.

An entity's IT infrastructure refers to:

Hardware components

Which of the following audit techniques would most likely provide an auditor with the least assurance about the effectiveness of the operation of a control

Inquiry of entity personnel.

Which of the following audit techniques would most likely provide an auditor with the most assurance about the effectiveness of the operation of a control?

Inquiry of entity personnel.

Identify accounts whose balances were likely based on significant management estimation techniques. Why? (continued)

Intangible assets - goodwill, net • Original value of goodwill was directly impacted by estimates of the underlying market values of assets acquired • Annual assessment of goodwill was impaired Accrued expenses • Expenses incurred, but not yet paid • Mainly estimated reserves for environmental clean-up costs Unearned revenues • Estimation of services that may not yet have been performed by the company even though proceeds were already collected from customers Deferrals • Management assumptions and estimates were necessary to establish end-of-period balances

AICPA Code of Professional Conduct Section 0.300 and Section 1.100 deals with

Integrity and Objectivity

ICFR

Internal Control over Financial Reporting

How are SOC reports evaluated?

Inventory -- Inventory existing outsourced vendor relationships to determine whether third-party assurance may be required Assess -- Assess the key financial reporting risks associated with significant outsourced vendors & identify in-scope service organizations Identify -- Identify relevant reports that have been obtained and determine appropriateness. Identify any additional reports or documents needed to complete the assessment (e.g., bridge letter, management's discussion with the service provider, etc.) Test and conclude -- Assess the adequacy of the SSAE 16 report scope and perform review procedures to evaluate the operational effectiveness of controls relied upon at the service organization

Is it appropriate for auditors to trust executives of a client?

It is not appropriate for auditors to trust executives of a client. AU section 230, auditors should exercise "due professional care in the performance of work", hence apply professional skepticism. The auditor should be impartial to the level of management's honesty and pursue factual evidence to support findings and conclusions.

If the client has hired former auditors, would this affect the independence of the existing external auditors?

It would greatly compromise and possibly impair the existing external auditor's ability to remain independent. On top of having knowledge about the auditor's practice, preexisting relationships could cause bias in the audit outcome.

Which conditions, attitudes, and motivations at Phar-Mor created an environment conducive for fraud could have been identified as red flags by the external auditors?

It's Unwillingness to allow the shortfalls to damage Phar-Mor's appearance of success. They have a great motivation on hiding Phar-Mor's cash flow problems, attracting investors, and making the company look profitable. e.g.,Monus and Finn altered Phar-Mor's accounting records to understate costs of goods sold and overstate inventory and income. In addition to the financial statement fraud, internal investigations by the company estimated an embezzlement in excess of $10 million.

CATCH US IN THE EARLY STEPS OF THE JUDGMENT

Judgement Traps

It is a situation when a particular alternative is used to define a problem in place of a well thought out problem.

Judgement Trigger

Which of the following is not a step in reframing a situation?

Justify the current frame

WHO WAS XEROX'S AUDITOR?

KPMG

• The purported accounting manipulations also engulfed -------, Xerox's auditor, in this scandal.

KPMG

The SEC outlines in Accounting and Auditing Enforcement Release No. 2234 its assessment of the Xerox fraud.

KPMG did not conduct its audits in accordance with GAAS and that it subordinated its judgments to the judgments of Xerox management. KPMG should have exercised more professional skepticism and required stronger evidence from the client to support the accounting assumptions and methods used by Xerox. auditors should take a step back from the details of the audit to question whether the accounting assumptions and methods used by a client in totality fairly represent the economic performance of the company. An auditor should not allow clients to employ accounting assumptions and methods that systematically portray a biased representation of the company's economic performance.

What are two common judgment traps?

One of the most common judgment traps is "rush to solve" the tendency to want to immediately solve a problem by making a quick judgment. In addition, judgment triggers; an assumed or inherited issue that can lead the decision maker to skip the crucial early steps in the judgment process.

An audit client has engaged a third-party service organization to host its payroll software package on servers located at the service organization .what options do you have to obtain assurance about the controls embedded in the payroll application?

One option would be for you to visit the service organization to obtain evidence about the design and operating effectiveness of internal controls at the service organization. However, a more efficient option may be for the service organization to engage its auditor to provide a Type 1 report that provides an opinion about the fairness of the description of the service organization's system and opinion about the suitability of the design of the controls in that system. Or, the service organization may engage its auditor to provide a Type 2 report that provides the opinions contained in a Type 1 report, plus an opinion on the operating effectiveness of controls at the service organization.

Unqualified opinion

Opinion issued by a certified public accountant that means the company's financial statements are, in all material respects, in compliance with GAAP; the auditor has no reservations. Contrast with qualified opinion.

Using hindsight, identify factors present at Waste Management that are indicative of each of the three fraud conditions: incentives, opportunities, and attitudes (continued 1)

Opportunities: > Possibility to abuse inherent subjectivity in development of key assumptions to compute depreciation charges • Useful lives & salvage values > Took advantage of judgment-based estimates by failing to reflect known decreases in the value of landfills • Ignored landfill capacity constraints and failed to write-off costs of unsuccessful and abandoned landfill development projects > Took advantage of subjectivity in determination of environmental and other reserve accounts

PCAOB GUIDANCE RELATED TO AUDITOR COMMUNICATION WITH AUDIT COMMITTEES

PCAOB AUDITING STANDARD NO. 1301

Guidance related to auditor communications with audit committees is contained in

PCAOB Auditing Standard No. 1301, "Communication with Audit Committees."

Guidance related to auditor communications with audit committees is contained in PCAOB Auditing Standard.....

PCAOB Auditing Standard No. 1301, "Communication with Audit Committees."

SOC 2 REPORTS

PROVIDES ASSURANCE RELATED TO SECURITY, AVAILABILITY, PROCESSING INTEGRITY, CONFIDENTIALITY AND/OR PRIVACY, TO USERS OF THEIR SERVICES

POSITIVES & NEGATIVES OF SIMPLY STEAMS HUMAN RESOURCE COMPONENT WITHIN CONTROL ENVIRONMENT

Positive Factors •New hires receive immediate training •New employees in operations are assigned to work with experienced employees •Owners and office manager are highly involved in day-to¬day operations Negative Factors •New hires have little or no prior experience •High employee turnover •Workload is heavy •Office employees have to help cover other positions •Confusion on their duties and responsibilities

what type of sampling must be used

RANDOM sampling - using a random number generator

What could be the consequences of whistleblowing?

REPERCUSSION FROM SUPERIORS COMPANY WENT BANKRUPT EMPLOYEES LOST THEIR JOBS EVERYBODY MAD LEGAL ISSUES, MEDIA COULD BE HARDER TO GET FUTURE WORK, DON'T WANT THE ATTENTION TEACH SAYS; IN REALITY MOST WHISTLE BLOWERS WILL LOSE THEIR JOB AND WON'T GET HIRED WITHIN THE SAME INDUSTRY PRESSURE FACED BY WHISTLE BLOWER

Miscalibration

Refers to a behavioral bias that results in overconfidence.

Accounting Standard Codification (ASC) No. 850

Related Party Disclosures - requirements for related party disclosures in financial statements.

SOC 1

Report on controls at a service organization relevant to user entities' internal control over financial reporting ATC 320

Section 201 of the Sarbanes-Oxley Act of 2002:

Statutory insurance company regulatory audits are treated as an audit service, and thus do not require pre-approval.

How did the Sarbanes-Oxley Act of 2002 and related rulings by the PCAOB, SEC or AICPA affect a public company's ability to hire members of its external audit team?

Sarbanes-Oxley Act 2002 limits the ability of corporations to hire employees of their external audit firms. Sox requires a "cooling-off" period of one year, after the audit commencement date, before a member of the auditing team can begin work in a key position with the client.

What Act's procedures were referred to as whistle blowing procedures?

Section 301.4 of The Sarbanes-Oxley Act of 2002

SHA

Secure Hashing Algorithm

AICPA Trust Services Principles

Security Availability Processing integrity Privacy Confidentiality

Toby Groves worked in which of the following industries?

Select one: a. Banking b. Hedge Fund c. Mortgage d. None of the above

If the financial reporting risks for a location are low and the entity has good entity-level controls, management may rely on which of the following for its assessment?

Self-assessment processes in conjunction with entity-level controls.

SOC Report

Service Organization Control Report

SOC Report scope

Services included

What caused Diann Catinni to finally confess to her employer? Select one: a. Diann wanted to set a good example for her new baby. b. She believed the stress from hiding her fraud was causing her to get sick. c. Diann's husband told her it was the right thing to do. d. Diann's boss held an improptu meeting with her because he noticed money was missing.

She believed the stress from hiding her fraud was causing her to get sick

The auditor must report the following to the audit committee or others charged with governance:

Significant deficiencies and material weaknesses.

How do perceptual biases relate to judgment biases?

Similar to how our minds can be deceived by optical illusions or perceptual biases, there are times when our intuitive judgment falls prey to systematic traps and biases.

How did Toby Grove get caught?

Someone blew the whistle on Toby in 2006.

AU-C 330: "Performing Audit Procedures in Response to Assessed Risks and Evaluating the Audit Evidence"

Substantive Procedures (classes of transactions, account balances, and disclosures) *Relevant assertions, external confirmation procedures, especially account receivables, closing process, specific procedures or specific risks *Regardless whether audit evidence appears to be corroborate or contradicting the assertions in the financial statements Test of Controls (operating effectiveness)

TRUE OR FALSE: THE RELATED PARTY TRANSACTIONS were approved by Hollinger International's board of directors. these transactions were disclosed in the financial statements

THE RELATED PARTY TRANSACTIONS were never approved by Hollinger International's board of directors. Many of these transactions were not disclosed in the financial statements and they attempted to disguise these transactions from their auditors, KPMG LLP

Judgment is the process of reaching a decision or drawing a conclusion where there are a number of possible alternative solutions TRUE OR FALSE

TRUE

TRUE OR FALSE: AU-C SECTION 230 AND PCAOB AS 1215 REQUIRE THE AUDIT DOCUMENTATION RECORD WHO PERFORMED THE AUDIT WORK AND THE DATE SUCH WORK WAS COMPLETED AND WHO REVIEWED THE DOCUMENTATION

TRUE

TRUE OR FALSE: FOR EACH TRUST SERVICE PRINCIPAL, THERE IS A SET OF CRITERIA, WHICH SPECIFIES THE ATTRIBUTES THAT THE ENTITY MUST MEET TO BE ABLE TO DEMONSTRATE THAT IT HAS ACHIEVED THE PRINCIPLE. A PRACTITIONER MAY PROVIDE A SOC 2 REPORT RELATED TO A SINGLE PRINCIPLE (EG. AVAILABILITY) OR ALL CRITERIA IN COMBINATION

TRUE

TRUE OR FALSE: SEC WANTED KPMG TO CHANGE AUDITING PRACTICES

TRUE

TRUE OR FALSE; · Some of the members of CUC's financial management team were former auditors for Ernst & Young, LLP.

TRUE

TRUE OR FALSE; • The fraud occurred at CUC prior to its merger

TRUE

TWO TYPES OF SOC

TYPE 1 OPINION ON THE FAIRNESS OF THE SYSTEM OPINION ON THE SUITABILITY OF THE DESIGN CONTROLS LIMITED DISTRIBUTION REPORTS TYPE 2 INFORMATION FROM TYPE 1 REPORT PLUS OPINION ON THE OPERATING EFFECTIVENESS OF THE CONTROLS

indicate one audit procedure the auditor could have used to detect · Delayed recognition of membership cancellations and bank rejection of charges made to members' credit card accounts -

Test year-end bank reconciliations.

Complementary sub service organization controls (CSOCs)

The CSOCs need to be specific to the services provided by the service organization's system. The description of the service organization's system needs to describe the subservice organization's responsibility for implementing CSOCs and indicate that the service organization can only achieve the specific control objectives or applicable trust services criteria if the CSOCs are suitably designed and, in a type 2 examination, operating effectively throughout the period.

Which of the following is a proper reason for not conducting tests of controls for nonpublic companies

The procedures require more audit effort than the projected benefits to be obtained from lowering the control risk.

What is the purpose of MANAGEMENT OVERRIDE OF INTERNAL CONTROLS: The Achilles' Heel of Fraud Prevention document

The purpose of this document is to offer guidance to audit committees in addressing the risk of fraud through management override of internal control over financial reporting.

What type of report might a service organization use as a marketing tool to provide potential customers information about the internal controls related to security at the service organization?

The service organization would engage the accountant to issue an SOC 3 report, Trust Services Report for Service Organizations. The SOC 3 report is intended for wide distribution to current or potential users of the service organization. SOC 3 reports are prepared using the Trust Services principles and criteria shown in Table 25-2. Because an SOC 3 report is a general-use report, the service organization is allowed to share the report to current or prospective customers and use it as a marketing tool to demonstrate they have appropriate controls in place to mitigate risks, such as those related to security or privacy.

Which of the following most likely represents a weakness in internal control of an IT system:

The systems analyst reviews output and controls the distribution of output from the IT department.

Describe the availability tendency in your own words, and give an example of how the tendency could result in auditor bias.

The tendency for decision makers to consider information that is easily retrievable from memory as being more likely, more relevant, and more important for a judgment.

Describe the availability tendency in your own words, and give an example of how the tendency could result in auditor bias.

The tendency for decision makers to consider information that is easily retrievable from memory as being more likely, more relevant, and more important for a judgment. An illustrative example would be: An auditor who identified a significant amount of liabilities not recorded on a prior audit is likely to overestimate the likelihood of unrecorded liabilities on a subsequent audit.

Describe the confirmation tendency in your own words, and give an example of how the tendency could result in auditor bias.

The tendency for people making judgments to seek for, and put more weight on, information that is consistent with their initial beliefs or preferences.

Describe the confirmation tendency in your own words, and give an example of how the tendency could result in auditor bias.

The tendency for people making judgments to seek for, and put more weight on, information that is consistent with their initial beliefs or preferences. An illustrative example would be: If management has taken a particular stance in accounting for a complex transaction, and the authoritative standards are not very clear on the subject, the auditor may be likely to find evidence that supports or "confirms" management's treatment of the transaction.

What two main categories of fraud affect financial reporting?

The two main categories of fraud related to financial reporting are fraudulent financial reporting and misappropriation of assets

Which of the following statements about judgment frames is correct?

There is often no single best frame for a given situation.

What red flags were present during the 1995 through 1997 audits of CUC that may have suggested weaknesses in CUC's control environment?

There were many red flags that an auditor should have noticed. These include irregular charges to reserve account, inaccurate coding of services, and adjusting between deferred revenue accounts and immediate revenue accounts. They also established a reserve liability for construction costs and fictitious recording of revenues. All of these red flags show that the controls put in place were not effective in reducing the risk of fraudulent financial reporting.

What happened when Toby and his company moved into mortgage banking?

They were not prepared for the move · Many of the loans that they wanted to sell on the secondary market had problems, such as missing or incorrect documentation. · The loans could not be sold on the market for a profit.

mortgage brokers became short-term lenders

They would borrow from their warehouse line of credit and fund a mortgage loan for a home buyer, and then sell the loan on the secondary market (e. g., to Fannie Mae) for a profit.

What is the primary purpose of the monograph?

To help readers understand professional judgment and to help them improve their judgment abilities.

What is the primary purpose of the KPMG monograph?

To help readers understand the nature of professional judgment and to give them a head start in developing and improving their own professional judgment abilities.

"Fannie Mae" was created for what purpose? Select one: a. To increase liquidity in the market. b. To provide funding for low-income families. c. To provide funding for young adults with student loan debt. d. To provide funding for home buyers in need of a down payment.

To increase liquidity in the market.

What was Toby's motivation for his fraud?

Toby was motivated by a fear of failing.

An offender does not have a plan to engage in a large-scale criminal offense in a slippery slope offense. Select one: True False

True

Internal control includes monitoring of controls. True or False

True

Most public companies must follow Sarbanes-Oxley requirements. True or False

True

One of the risks associated with internal control from IT is potential loss of data. True or False

True

Predatory lending is defined as having high priced loans being marketed to consumers who typically do not have the educational background knowledge to understand the dangers of these types of loans. Select one: True False

True

The establishment of "Fannie Mae" created the secondary mortgage market. Select one: True False

True

True or False Professional skepticism helps to appropriately frame an auditor's mindset.

True

True or False KPMG Professional Judgment Framework provides a good representation of the process we should follow when applying professional judgment, but o it is not necessarily an accurate representation of the processes people follow consistently.

True

True or False: 14 former Anderson employees worked for Waste Management.

True

True or False: To continue to get loans, Toby also had to rely on other people and companies in the real estate industry to help him falsify documents as he began to create documents to get loans on entirely fictitious homes.

True

When auditing a public company, the auditor must form an opinion on the effectiveness of internal control over financial reporting, or issue a disclaimer in the event of a scope limitation. True or False

True

White-collar crimes are either facilitated or inhibited by particular configurations of social, economic, and regulatory conditions. Select one: True False

True

True or False · Not all white-collar crimes are motivated by a desire for gain.

True: They are often motivated by a desire to avoid a loss.

what exactly is a blockchain

a distributed, append-only ledger of provable signed, sequentially linked, and cryptographically secured transactions that's replicated across a network of computer nodes, with ongoing updates determined by a software-driven consensus."

Hollinger International case dealt with

a newpaper company with related party transactions that were not disclosed

what is blockchain's potential in banking/transfer of money

a peer-to-peer version of electronic cash would allow online payments to be sent from one individual to another without going through a financial institution

Agreed-upon procedures engagement

a practitioner performs procedures on a subject matter and reports the findings without providing an opinion or conclusion on it.

software driven consensus

a program that all the computers run independently sets of certain requirements and incentive for them to behave in a way that systematically guides them to reach agreement of which transactions should or shouldn't be included in each updated version of the replicated ledger

turing complete

a programmable blockchain i.e. you could bet someone 10 ether and hold it - will the browns win or lose? when the game is over, the funds release to the winner

ledger

a record of something- essentially a blockchain is a ledger

a blockchain

a reference to any of the many blockchains now in existence, or even to the underlying technology

Service Auditor Report

a report that communicates information about a service organization's controls. Intent is to address various needs and reporting requirements by service organization and provide valuable information to address user needs.

subservience organization

a service organization used by another service organization to perform some of the services provided to user entities that are likely to be relevant

Why did Groves' scheme end? Select one: a. A whistleblower alerted the FBI. b. He confessed to police due to extreme guilt. c. His wife threatened to divorce him if he didn't turn himself in. d. None of the above

a whistleblower alerted the fbi

Which Company had perpetrated fraud prior to combining with Cedant? a. CUC b. HFS

a. CUC

What tendency is most likely manifest in the following situation? An engagement team performed a substantive analytical procedure over an expense account. When investigating a significant difference, the team was satisfied with limited evidence to support the client's plausible explanation (which was in fact incomplete) for the difference. a. Confirmation tendency b. Limited resources c. Overconfidence tendency d. Time pressure

a. Confirmation tendency

Which of the following is NOT recommended when trying to mitigate the risk of bias attributable to the availability tendency? a. Consider the most unusual case b. Make the opposing case c. Consult with others d. Get objective data

a. Consider the most unusual case

Which of the 5 internal controls includes methods and records established to record, process, summarize, and report transactions and events and maintain accountability for assets, liabilities, and equity a. Information and Communication b. Control Environment c. Risk Assessment d. Monitoring e. Control Activities

a. Information and Communication

Agreed-upon procedures engagement

an engagement in which the procedures to be performed are agreed upon by the CPA, the responsible party making the assertions, and the intended users of the CPA's report; the degree of assurance provided by the CPA will vary based on procedures agreed to and performed

Service organization control (SOC) report

an engagement where a service organization's auditor reports on internal controls at the service organization, with a type 1 report including information about management's description of the service organization's system and the suitability of the design of the organization's controls while the type 2 report also includes information about the operating effectiveness of those controls

attestation agreement definition

an examination/review of agreed upon procedures

reasonable assurance, the auditor can provide:

an opinion

Assessing control risk below high involves all of the following

analyzing the achieved level of control risk after performing tests of controls. Identifying specific controls to rely on. Performing tests of controls.

altcoin

any cryptocurrency that isn't bitcoin

permissionless blockchains

anyone can go be a computer on a the block

how does the IRS treat digital currency

as capital gains, not cash

satoshi interpretation

as technology and processing speeds improved, the proof of work will become harder in response so the same # of blocks are being added to the chain each hour now, new blocks are added every 10 min

SOC 1, Type 2 reports issued by the service organization's auditor typically:

assess whether the service organization's controls are suitably designed and operating effectively.

The most important step in avoiding judgment traps and reducing bias caused by subconscious mental shortcuts or self-interest is

awareness

Control environment

consists of the actions, policies, and procedures that reflect the overall attitudes of top management, directors, and owners of an entity about internal control and its importance.

when assessing the suitability of criteria, we are testing:

control objectives, NOT individual controls -must make sure criteria are consistently applied

a Judgement Trigger can cause people to

create triggers because they are in such a hurry to solve the problem and their judgments are often based on the incomplete facts or understanding. ex. executives clarified the decision problem as "how to get larger quantities of snack products into consumers' homes."

Which of the following is an example of the confirmation bias? a. An auditor improperly concludes on a complex revenue recognition matter without having the appropriate technical accounting background. b.An auditor improperly concludes on the valuation of an investment security by looking at only the most recent sale of the security. c. An auditor improperly concludes on the accounts receivable balance because negative confirmations were sent instead of positive confirmations. d.An auditor improperly concludes a contingent liability is properly stated after examining only the evidence that supported the amount accrued in the financial statements.

d. An auditor improperly concludes a contingent liability is properly stated after examining only the evidence that supported the amount accrued in the financial statements.

WHAT COULD BE THE SOLUTION (CONTROL) for the following risk of Harley Davidson integrating the suppliers into their system: switching to an internet system increases chance of hackers breaking into the system a. · The performance of random audits by outside company to monitor the use of confidential information by suppliers · The implementation of a procedure to discard information after it has been used or to store it securely b. Requiring suppliers to stay up to date on current technology by purchasing and maintaining hardware and software that is compatible with the new supply chain system c. The implementation of a system where every transaction is stored electronically, with backups, in a secure area so transactions are available for later review. d. The use of firewalls and such security measures to protect from those attempting to corrupt the integrity of the system.

d. Control - The use of firewalls and such security measures to protect from those attempting to corrupt the integrity of the system.

What internal control includes management's process to assess the quality of controls a. Information and Communication b. Control Environment c. Risk Assessment d. Monitoring e. Control Activities

d. Monitoring

public blockchains

everyone can see it (all users/nodes)

-approval emails -change tickets -screenshots -reports

evidence documentation includes:

· Subprime mortgages a. Required a certain sized down payment in relation to the value of the loan (called the loan to value rate). b. The interest rate on the loan is adjustable depending on various economic indicators. c. The seller subsidizes the borrower for short period of time. d. Start with low payments that rise over time. e. The payment is less than is needed to pay off the loan over time and so, the loan gradually gets larger over time. f. Loans made to people who would not normally qualify for regular loans because of their inadequate credit.

f. Loans made to people who would not normally qualify for regular loans because of their inadequate credit.

True or False Professional skepticism is synonymous with professional judgment

false; it is an important component or subset of professional judgment.

Which industry suffered the greatest losses according to the 2011 Marquet Report on Embezzlement? Select one: a. nonprofit b. government c. financial d. healthcare

financial

fin tech

financial technology such as bitcoin or blockchain

Which of the following actions did Groves participate in to continue to get loans for himself and his business? Select one: a. Groves falsified documents. b. Groves signed unauthorized checks. c. None of the above d. Groves created shell companies.

groves falsified documents

hashing a transaction

hash is a series of letters/numbers of predetermined length - everything eventually gets "hashed" together

order of chart for solving the nonce

hash of previous block: 0292048 merkle root hash time stamp bits (difficulty) nonce (ie 0394820)

reasonable assurance

high, but not absolute, level of assurance - same level of assurance as a practitioner does in a financial statement audit

double spend problem

how do you know that an asset someone sent you isn't still a file on their computer

when determining the criteria to evaluate whether managements description of the system is fairly presented, the auditor should determine if the criteria include:

how it was designed and how it was implemented

decrypted cypher text

identical to the original data that have been encrypted

Documentation to evidence the Operating Effectiveness of the Controls

identifying whether documentation is maintained to evidence the operating effectiveness of controls

51% attack problem

if 51% of nodes are dishonest, invalid transactions might be recorded

byzantine fault tolerance

if a node tries to introduce a fraudulent transaction, the nonce it produces from the proof of work will not work for any of the other nodes

overpowering the blockchain

if there are more dishonest nodes than honest ones, there is a chance that fraudulent transactions get added to the blockchain

forking

if there is not a consensus among the nodes about which new block is the valid block, it leads to a fork in the blockchain (some computers will accept it, some won't)

backlash

if you accidentally send $ to the wrong person, you can never get it back. its irreversible and you're the only one responsible

problems with security tokens

if you're qualified as a security, you're subject to SEC regulation because its like an investment

when using a sample taken by an internal auditor, what should the practitioner do to ensure accuracy

if you're relying on 10 samples, go in and redo 2 of them and make sure the conclusions are the same

when should a practitioner avoid using an internal audit team

in high risk areas

hashing the data in the block

include a nonce as part of this process until the resulting hash begins with a specified number of 0s (indicates the level of difficulty) finding the nonce serves as proof of work

Waste Management used

incorrect vehicle and container salvage values and useful lives assumptions.

· Known as "Fannie Mae" was designed to · $1 billion in funding · Designed to increase liquidity in the mortgage market. · Created the secondary mortgage market. · Created an efficient, fair, and stable system for home loans that worked well for decades.

increase liquidity in the mortgage market.

SOC 1: Other information Provided by the Service Organization

info provided by service organization that is not part of description of controls and is not covered by auditors opinion

append-only

information can only be added, not removed - you can't go back and destroy/change the past

Information and communication

initiate, record, process, and report the entity's transactions and to maintain accountability for the related assets

Federal Housing Administration (FHA) was created to

insure mortgage lenders against losses from defaults.

when a node finds proof of work, what happens?

it broadcasts the block to all nodes computers do this for the reward *there are also transaction fee rewards to whoever solves the nonce

how does use of evidence in prior years effect testing

just because last years testing went well, doesn't mean you can reduce testing in the current year

how are oracles used

like espy proving that the browns won by 16

The engagement partner is responsible for:

literally everything: -appropriate procedures -compliance with standards and regulatory requirements *they are able to delegate reviews to managers -certifying that the engagement was performed within the attestation standards

Risk assessment

management's assessment of the risk factors related to the preparation of the financial statements in conformity with appropriate accounting standards. 1. Identify factors that may increase risk, (2) estimate the significance of the risk, (3) assess the likelihood of the risk occurring, (4) determine actions necessary to manage the risk

Monitoring

management's ongoing and periodic assessment of the quality of internal control performance to determine whether controls are operating as inteded

rules requiring accounting firms to retain for seven years certain records relevant to their audits and reviews of issuers' financial statements. Records to be retained include an accounting firm's workpapers and certain other documents that contain conclusions, opinions, analyses, or financial data related to the audit or review.

mandated by section 802 of the Sarbanes-Oxley Act of 2002

suitability of criteria with regards to generating info:

manual or automated controls

carve out method

method of addressing the services provided by a subservice organization where managements description identities the nature of the services provided by the subservice organization but excludes them from the scope of the engagement

He applied for the "no income qualifier" loan and

misstated his income

After the investigation, CUC's 95, 96, 97 earnings were reduced by

more than one-third

why blockchain?

no central authority controlling the exchange of assets

Satoshi says _______________ referring to the correct node

nodes always consider the longest chain to be the correct one and will keep working on extending it

How was fraud perpetrated in Hollinger Case

non compete payments paid to Conrad Black & David Radler, part of Hollinger Internationals executive team.

Which is NOT an example of a mortgage fraud? Select one: a. Illegal property flipping b. Predatory lending c. Identity Theft d. None of the above

none of the above

To overcome rush to solve or judgment triggers ask

o "what" and "why" questions. o invest in clarifying the fundamental issues and objectives.

What are the auditor independence issues surrounding the provision of external auditing services, internal auditing services, and management consulting services for the same client? · · Why should auditors NOT be allowed to perform these services?

o Could impair auditor judgment to maintain consulting and/or audit services o Internal audit is best performed by in-house personnel o Multiple viewpoints from different parties will provide benefits to the Company

What are the auditor independence issues surrounding the provision of external auditing services, internal auditing services, and management consulting services for the same client? · Why should auditors be allowed to perform these services for the same client?

o Efficiencies by completing both external and internal audit services o Inefficiencies identified during audit work can be utilized in providing consulting services to improve weaknesses o Familiarity with company policies and procedures

What are "principle-based" accounting standards?

o General guidelines that cover the intent of the standard

In the Rush to Solve Trap

o having a tendency to immediately solve the problem by making a quick judgment. o an individual can sometimes end up in solving the wrong problem. o in rush to solve their problem as soon as possible and often choose the easily available alternative. o settle for a suboptimal outcome because we did not consider a full set of alternatives.

Mindset requires that auditors approach things

o objectively and independently o with inquiring and incisive minds.

The highest-quality and most reliable audit evidence that segregation of duties is properly implemented is obtained by:

observation by the auditor of the employees performing control activities.

key phrase that must hold when evaluating information produced by the entity

obtain evidence about ACCURACY and COMPLETENESS

advantages of bitcoin for peer to peer transactions

offers lower transaction fees than traditional online payment mechanisms - if you accept credit cards as pmt you have to pay a fee. bitcoin you don't have to pay any fees

Judgement Triggers are

one of the biggest traps we run into during the first couple of steps of the judgment process, which is under-investing in defining the fundamental issue

permissioned blockchains

only a group of nodes that have write access are allowed to verify transactions and take pat in the distributed consensus procedure - its a race- everyone tries to solve the block every 10 minutes and is awarded 12.5 bitcoin if you get it right

private blockchain

only certain people can view the ledger and make transactions

SHA1

original algorithm but its too short

service organization

perform data processing/computer/IT services, like payroll processing, for various clients

two primary categories in terms of users right to WRITE new transactions on the blockchain

permissionless blockchains and permission blockchains

what must you do to ensure the reliability of information produced by the entity

physically sit there and watch them download the excel file to make sure they didn't alter anything

Control activities

policies and procedures that help ensure that management directives are carried out. ex: (1) performance reviews, (2) information processing, (3) physical controls, (4) segregation of duties

cryptography

protect data from being accessed by unauthorized people (digital equivalent to locks and safes)

Judgement Frames

provide one view that might be quite different from the view through another window facing a different direction.

Section 201 of the Sarbanes-Oxley Act of 2002:

provides that "a registered public accounting firm may engage in any non-audit service, including tax services," that is not expressly prohibited, after audit committee pre-approval.

what are the two types of blockchains

public blockchains and private blockchains

asymmetric cryptography is also known as:

public-private-key cryptography

nonce

random number (think nonsense)

appropriateness of evidence

refers the the QUALITY of evidence and relevancy and reliability in providing support

sufficiency of evidence

refers to the QUANTITY of evidence

the blockchain

refers to the bitcoin blockchain

ATC 105 .01

refers to the examination, review and agreed upon procedures

SOC 2

relevant to security, availability, processing integrity, confidentiality or privacy ATC 205

SOC Report

reports designed to help service organizations build trust and assurance in their service delivery processes and controls. They are used for when one company outsources some portion of their business or technology to another.

Section 302 of the Sarbanes-Oxley Act of 2002 requires

requires a CEO and CFO to certify in each annual and quarterly financial statement report filed with the SEC

SOC 1

restricted use report whose purpose is to report on controls for F/S audits

SOC 2

restricted use report whose purpose is to report on controls related to compliance or operations (security, availability, processing integrity, confidentiality or privacy)

During the three-year period ending December 31, 1996, consolidated _______ were increasing , consolidated _____________ was decreasing in both dollar and percentage terms.

revenues, net income

Bright Line Rules are

rule based

SEC Release No. 33-8180 ''Retention of Records Relevant to Audits and Reviews."

rules requiring accounting firms to retain for seven years certain records relevant to their audits and reviews of issuers' financial statements. Records to be retained include an accounting firm's workpapers and certain other documents that contain conclusions, opinions, analyses, or financial data related to the audit or review.

hashing

running a computer algorithm over any content file - result is a string of alpha numeric characters that can't be computed back to original content -via the hash, the original file content has essentially been encoded into the blockchain

Preventive Controls

segregation of duties

SOC 1: Independent Service Auditors' Report

service auditors opinion about whether: -mngt description of service organization system is fairly presented -controls included in the description are suitably designed and implemented

Significant deficiencies and material weaknesses must be communicated to an entity's audit committee because they represent

significant deficiencies in the design or operation of internal control.

Significant deficiencies are matters that come to an auditor's attention that should be communicated to an entity's audit committee because they represent:

significant deficiencies in the design or operation of the internal control.

proof of work

solving a hash puzzle, and the difficulty of the puzzle is determined based on the number of leading zeros required in the hash of that block - requires a guessing game on the part of nodes to identify the nonce to solve the puzzle

peer-to-peer network

special kind of distributed systems. consist of individual computers (nodes) which make their computational resources (bandwidth, capacity, data, network) directly available to all other members of the network without any central point of coordination -the nodes are equal concerning their rights and roles in the system

What are control activities?

specific policies and procedures established by management

Regardless of the assessed level of control risk, an auditor would perform some:

substantive procedures to restrict detection risk for significant transaction classes.

SHA512

super long, most secure, but it stores way more data/takes up a lot of space

what types of sampling are not sufficient

systematic sampling (2 samples per month) haphazard sampling (just blindly picking out numbers)

SOC 1 Type 2 report

tests suitability of the design and operating effectiveness throughout a SPECIFIED PERIOD

What did President Roosevelt established as a result of the Great Depression.

the Federal Housing Administration (FHA)

control objectives

the aim or purpose of the controls - they address risks that controls are intended to mitigate -within each control objective there's an internal control i.e. remove ppl who have been fired from access list

ASB's Auditing Standards (AU-C) Section 540 and the PCAOB's AS 2501

the auditor is responsible for evaluating the reasonableness of accounting estimates made by management in the context of the financial statements taken as a whole.

PCAOBS AS 2410 describes

the auditor's responsibilities with respect to identifying related party relationships and transactions.

How did Author Anderson aid in the Waste Management fraud?

the auditors who secretly signed an agreement with company management to cover the fraudulent actions over time

what is the bitcoin blockchain?

the bitcoin blockchain is the public ledger of all bitcoin transactions that have ever been executed. It is constantly growing as miners add new blocks to it every 10 minutes

Why did Waste Management perpetrate fraud?

the company was feeling pressure from the effects of changes that were occurring in its markets and in the environmental industry. intense competition, primarily in the pricing and rendering of services

documentation completion date

the date which the practitioner assembled for retention a complete and final set of documentation in the engagement file

report release date

the date which the practitioner grants the engaging party permission to use the report

Management philosophy and operating style most likely would have a significant influence on an entity's control environment when:

the entity does not have sound personnel policies for hiring, training, and evaluating competent individuals.

By 1970, there was a concern about lack of competition in the mortgage industry, so..

the federal government created the Federal Home Loan Mortgage Corporation (Freddie Mac) to provide for more competition in the secondary mortgage market.

where is the value in the blockchain

the history because it proves that transactions haven't already been spent

Service Organization

the host of companies that provide critical, third-party outsourcing services to other companies

What is management override of internal controls

the intervention by managers in the approval and/or processing of transactions that is contrary to an entity's internal control system.

distributed

the ledger does not reside in one place, but in many - each node is independently responsible for updating in accordance with others

replicated

the ledger is copied across participating nodes

the practitioner should prepare engagement documentation that is sufficient to determine:

the nature, timing and extent

in what language/manner should documentation be prepared

the papers should be written so that another auditor that isn't on that client can understand what you did

Professional Skepticism

the practitioner may accept items as genuine unless they are given a reason to believe they may not be

examination agreement

the practitioner obtains reasonable assurance that subject matter is in accordance with criteria in all material respects

review engagement

the practitioner only obtains limited assurance

Initial coin offering (ICO)

the sale of digital assets providing access to an early-stage project or concept (kinda like IPOs)

complementary user entity controls

the user entity needs to have internal controls to make sure our service works - who has access to user file

genesis block

the very first transactions every executed

3 risks for cash collection process

theft of cash receipts - manual entry errors unauthorized access

sequentially linked and cryptographically secured

theres a sequential list of things happening that can't be deleted

changes in documentation may only be made during the final assemble process if:

they are administrative in nature i.e. -deleting superseded info -sorting/cross referencing work papers -signing off on completion checklists

how may user auditor viewpoints differ from service auditor viewpoints

they may have different opinions on materiality -from the viewpoint of a service auditor, a control is suitably designed if it provides reasonable assurance that the control objective stated in the description is achieved

why might an internal auditor omit information?

they might not report things they find because they're scared of getting fired i.e. not reporting to the audit committee

what is the procedure if something is sampled incorrectly

throw everything away and start over

what is the use of a merkle tree

to hash the transactions in to a root hash *if the hash stays the same over time, then nothing in the file has changed and you can prove it.*

What is auditor's objective when evaluating accounting estimates under (AU-C) Section 540 and the PCAOB's AS 2501

to obtain sufficient appropriate evidential matter to provide reasonable assurance that: 1. All accounting estimates that could be material to the financial statements have been developed. 2. Those accounting estimates are reasonable in the circumstances. 3. The accounting estimates are presented in conformity with applicable accounting principles and are properly disclosed.

security tokens

tokens with security characteristics (debt, equity or derivatives) with income generating component - not yet common

asset-backed tokens

tokes that provide underlying exposure to real world assets i.e. gold, diamonds, cash (tied to something stable in the real world) i. e. tether - there are actually dollars in a bank account

A walkthrough is one procedure used by an auditor as part of the internal control audit. A walkthrough requires an auditor to:

trace a transaction from each major class of transactions from origination through the entity's information system until it is reflected in the entity's financial reports.

In order to help his business, Groves applied for a "no income qualifier" loan when he started losing his clients' money. Select one: True False

true

In order to help his business, Groves applied for a "no income qualifier" loan when he started losing his clients' money. Select one:True or False

true

true or false: Toby Groves was Founder and president of Groves Funding Corp

true

before testing control operating effectiveness, a practitioner must ___________

understand the design of the controls/how they work before proceeding to test operating effectiveness

An auditor's flowchart of an entity's accounting system is a diagrammatic representation that depicts the auditor's:

understanding of the system.

SOC 1 Type 2*

user entities requesting which type of SOC report as the industry norm

3 risks for purchasing

vendor fraud - reconcile purchase order, packing slip, receiving report loss of inventory - install security system inappropriate purchasing access - limit user access

CUC

was a direct marketing company with shopping, travel, automobile, and entertainment clubs serving over 68 million members worldwide.

HFS

was a franchisor of hotel, rental car, and real estate franchises such as Ramada, Days Inn, Avis, and Century 21.

• WHO RAISED Concerns about the XEROX accounting manipulations

were raised internally by Xerox managers and KPMG.

Asset misappropriation fraud happens

when people who are entrusted to manage the assets of an organization steal from it.

"Fannie Mae"

with $1 billion in funding, Fannie Mae, created an efficient, fair, and stable system for home loans that worked well for decades.

The Professional Judgment Framework depicts constraints, influences, and biases that threaten good judgment with

with the box on the outer rim of the Framework labeled "Environment" and the triangle at the top labeled "Influences/Biases."

.A12 independence of each user entity

you can be an auditor on both sides... i.e. if EY audits JPMC, they can also audit wells fargo, pnc, etc even if those corporations are connected

issue with pseudo-anonymous transactions

you can't let people hold a bank account if you don't know who they are. this challenges US laws on anti-money-laundering, know-your-customer

what happens if a change is made to a control half way through a reporting period

you have to get coverage for the entire year and test both

what to do if fraud is identified by service organization personnel

you need to go back and reevaluate

utility token

you pay to be able to use their blockchain to store data i.e. ether (from ethereum)

In the 1800s-1900s, home buyers were required to put down what percent of the cost of a home, which many could not afford a. 25% b. 33% c. 50% d. 80%

c. 50%

Which of the following best describes a judgment trigger? a. An alternative stated in terms of a judgment objective b.A technique for making effective judgments quickly c. An issue/problem stated in terms of a particular alternative d.A technique for more effectively evaluating another's judgment

c. An issue/problem stated in terms of a particular alternative

WHAT COULD BE THE SOLUTION (CONTROL) for the following risk of Harley Davidson integrating the suppliers into their system: The risk of fraudulent transactions may increase as a result of switching from a paper based supply chain system to an electronic system. Hiding fraudulent transactions may be easier since there is no paper trail of transactions to be reviewed by internal or external auditors. a. · The performance of random audits by outside company to monitor the use of confidential information by suppliers · The implementation of a procedure to discard information after it has been used or to store it securely b. Requiring suppliers to stay up to date on current technology by purchasing and maintaining hardware and software that is compatible with the new supply chain system c. The implementation of a system where every transaction is stored electronically, with backups, in a secure area so transactions are available for later review. d. The use of firewalls and such security measures to protect from those attempting to corrupt the integrity of the system.

c. Control - The implementation of a system where every transaction is stored electronically, with backups, in a secure area so transactions are available for later review.

Which of the following is NOT a step in reframing a situation? a. Challenge the current frame b. Generate alternative frames c. Justify the current frame d. Understand the current frame

c. Justify the current frame

What is the process used by management to identify, analyze, and manage risks relevant to the preparation of the financial statements a. Information and Communication b. Control Environment c. Risk Assessment d. Monitoring e. Control Activities

c. Risk Assessment

Which of the following is not a technique to help an auditor mitigate possible bias stemming from use of a judgment shortcut? a. Be aware of the bias and when you might be vulnerable to it b. Seek disconfirming evidence c. Seek the advice of someone who agrees with your position d. Identify and acknowledge personal preferences

c. Seek the advice of someone who agrees with your position

· Buy-downs a. Required a certain sized down payment in relation to the value of the loan (called the loan to value rate). b. The interest rate on the loan is adjustable depending on various economic indicators. c. The seller subsidizes the borrower for short period of time. d. Start with low payments that rise over time. e. The payment is less than is needed to pay off the loan over time and so, the loan gradually gets larger over time. f. Loans made to people who would not normally qualify for regular loans because of their inadequate credit.

c. The seller subsidizes the borrower for short period of time.

substantive procedures to restrict detection risk for significant transaction classes.

concluding that controls are ineffective.

AICPA Code of Professional Conduct Section 0.300 and Section 1.100,

"Integrity and Objectivity."

ET 0.300.040 and ET 2.100,

"Integrity and Objectivity."

What does Section 201 of the Sarbanes-Oxley Act of 2002 state

"It shall be 'unlawful' for a registered public accounting firm to provide any non-audit service to an issuer contemporaneously with the audit

AU-C 330:

"Performing Audit Procedures in Response to Assessed Risks and Evaluating the Audit Evidence"

AU-C Section 260,

"The Auditor's Communication with Those Charged with Governance,"

·***AS 2301,

"The Auditor's Response to the Risks of Material Misstatement."

a distinguishing characteristic of professionals who consistently exercise sound judgment is that they recognize the judgment frame they are using, and they are able to consider the situation through different frames, or what KPMG professionals refer to as a

"fresh lens."

Professional skepticism helps to frame our

"mindset."

At the very center of the KPMG framework is

"mindset." · It is important that auditors approach matters o objectively and independently o with inquiring and incisive minds.

Toby decided to apply for a _________ loan for himself using his __________________

"no income qualifier";warehouse line of credit.

what does the bitcoin community refer to the 8th decimal place as

"satoshi"

Toby's situation became a _________________________

"slippery slope offense".

to obtain reasonable assurance, the practitioner should obtain ___________

"sufficient appropriate evidence"

Xerox's earningS were reportedly overstated by ________ while Enron's earnings were reportedly overstated by __________.

$1.5 billion, 0.5 billion

HOW MUCH DID DIANN EMBEZZLE AND OVER WHAT TIME FRAME

$500,000 OVER 3 YEARS

a practitioner may obtain reasonable assurance about whether, in all material aspects, based on the criteria:

1. Narrative - managements description of the system 2. Design - description of whether the controls were suitably designed 3. Operation Effectiveness - did the controls operate effectively to provide reasonable assurance

SOC1/SOC2 5 sections:

1. management assertion on controls 2. services auditors report on controls (auditor opinion) 3. description of the system 4. service auditor's test of controls (detail testing) 5. other info provided by the organization that is not covered by the auditors report

IMPORTANT!!! What are the primary accounting requirements for related parties described in ASC 850? What types of information should be included in financial statements?

- The nature of the relationship(s) involved. - A description of the transactions, including transactions to which no amounts or nominal amounts were ascribed, for each of the periods for which income statements are presented, and such other information deemed necessary to understand the effects of the transactions on the financial statements. - The effects of any change in the method of establishing the terms. - Amounts due from or to related parties as of the date of each balance sheet presented and, if not otherwise apparent, the terms and manner of settlement.

AICPA ASB Standards: AU-C 240

"Consideration of Fraud in a Financial Statement Audit,"

PCAOB AS 1015

"Due Professional Care in the Performance of Work,"

The government established the Federal National Mortgage Association (FNMA) in 1938, also known as

"Fannie Mae"

PCAOB Standards: AS 2110

"Identifying and Assessing Risks of Material Misstatement."

AICPA Code of Professional Conduct 1.200

"Independence,"

PCAOB AS 1005

"Independence,"

AICPA Code of Professional Conduction Section 1.100

"Integrity and Objectivity,"

PCAOB AS 1101

"Audit Risk,"

The auditors considered Phar-Mor to be an inherently "high risk" client. List several factors at Phar-Mor that would have contributed to a high inherent risk assessment?

(a) Some of the factors that would have contributed to a high inherent risk assessment include the following: ●The accounting system was not keeping pace with the rapid expanding of Phar-Mor stores. Phar-mor is expanding in size continuously. However, the internal control system is not keeping up with the expansion. ●The management system was in lack of regulation but it is highly motivated to maintain the rapid growth on account. ●The complexity of the related parties involved with Phar-Mor made detection of improprieties and fraudulent activity difficult. During its investigation, the federal fraud examiner identified 91 related parties. It adds on the complexity to the transaction records

engagement documentation

*document everything* -assemble an engagement file and complete the admin. process of assembling the final engagement file no later than 60 days after the the report release date -after completion, the practitioner can not discard or delete any info

Section 301.4 of The Sarbanes-Oxley Act of 2002 set up requirements of internal control procedures. They are

- Audit committees of a public company are required to establish procedures for the receipt, retention, and treatment of complaints received by the company regarding accounting, internal controls, or auditing matters. - The audit committee is required to establish procedures for those complaints to be treated confidentially, and for the submission process to be anonymous for employees submitting the complaints about accounting or auditing matters. These procedures are often referred to as "whistleblowing" procedures.

Why did the Andersen partners allegedly allow Waste Management executives to avoid recording the identified accounting errors? How could this be prevented?

- Auditing is a competitive industry - Auditors might want to avoid conflicts to keep clients happy - High non-audits might compromise independence

Identity Theft

- Criminals obtain someone's personal information and use it to take mortgage financing on the victim's home. - After getting their money, the criminals then default on the loan.

Predatory Lending to Subprime Borrowers

- High-priced loans are forced on consumers who are not sophisticated enough to understand what they are getting. - Mortgage brokers and lenders conceal the true cost of the loans to the borrower. - Homebuyers were tricked into taking on loans that they could not afford and for more expensive homes than they needed.

Based on your review of the transcript about the audit committee meeting, describe whether you believe KPMG exercised due professional care in pursuing this issue with Hollinger international's Audit Committee. Did KPMG accomplish the intent of auditing standards? What could KPMG have done differently with respect to this issue during this meeting?

- KPMG did not explicitly inquire of the Audit Committee. - One might question whether KPMG exercised due professional care in pursing resolution of the non-compete payments with the Audit Committee during its meeting with them on Feb.20, 2002. - Ms. Stitt noted and interpreted " their silence as meaning that they had- they had - considered them before and they had been approved." KPMG Should have obtained audit evidence that they were approved - Au-C Section 200, "Overall Objectives of the independent Auditor and the Conduct of an Audit in Accordance with GAAS". - "Due Professional Care in the Performance of Work," both note that professional skepticism is an attitude that includes a questioning mind and a critical assessment of audit evidence. Professional skepticism requires the auditor to use the knowledge, skill, and ability called for by the profession of public accounting to diligently perform, in good faith and with integrity, the gathering and objective evaluation of evidence. KPMG's reliance on "silence" as evidence does not appear to be consistent with concepts of a questioning mind and critical evaluation of audit evidence described in AU-C 200 and in PCAOB AS 1015.

Based on your review of the transcript about the audit committee meeting, describe whether you believe KPMG exercised due professional care in pursuing this issue with Hollinger international's Audit Committee. Did KPMG accomplish the intent of auditing standards? What could KPMG have done differently with respect to this issue during this meeting?

- KPMG did not explicitly inquire of the Audit Committee. - One might question whether KPMG exercised due professional care in pursing resolution of the non-compete payments with the Audit Committee during its meeting with them on Feb.20, 2002. - Ms. Stitt noted and interpreted " their silence as meaning that they had- they had - considered them before and they had been approved." ■ Should have obtained audit evidence that they were approved - Au-C Section 200, "Overall Objectives of the independent Auditor and the Conduct of an Audit in Accordance with GAAS". - "Due Professional Care in the Performance of Work," both note that professional skepticism is an attitude that includes a questioning mind and a critical assessment of audit evidence. Professional skepticism requires the auditor to use the knowledge, skill, and ability called for by the profession of public accounting to diligently perform, in good faith and with integrity, the gathering and objective evaluation of evidence. KPMG's reliance on "silence" as evidence does not appear to be consistent with concepts of a questioning mind and critical evaluation of audit evidence described in AU-C 200 and in PCAOB AS 1015.

How did Enron used SPEs to hide large amounts of company debt?

- SPEs were created to sell low performing assets Thereby recording a cash inflow and removing the assets and any related liabilities from the balance sheet. - Transactions were legal so long as an outside investment of at least 3% of the value of the assets was secured. Enron pledged company stock to the outside SPE investors to remove the risk in the case that the assets were sold for a loss. The obligations were not revealed until Enron's stock began to perform poorly, making it unable to cover the losses with shares of stock. "Chewco" "LJM2" and "Whitewing" were three of Enron's most prominent SPEs.

Identify accounts whose balances were likely based on significant management estimation techniques. Why?

- Short-term investments • Accounting treatment (available-for-sale / trading security) contingent on management's assumptions about intended holding period • Market valuations (for mark-to-market) may depend on management's estimation of market values - Accounts receivable, net • Influenced by estimation of allowance for doubtful accounts - Employee receivables • Influenced by estimation of allowance for uncollectible employee receivables - Costs + Estimated Earnings in Excess of Billings • Estimation of anticipated earnings (net of billings) on uncompleted waste management services contracts - Property & Equipment • Estimation of useful lives and salvage values

Sub-service organizations

--A third party provider used by the primary providers to outsource processes and controls --They can be part of transaction processing or the IT environment --They are identified by the service organization in their assertion and by the service auditor in their opinion REVIEWING --Evaluation of internal controls should include the impact of all identified sub-service providers --Assess the impact of sub service providers to the company's internal control over financial reporting --Identify and evaluate all sub-service providers used by in scope service organizations as part of the SSAE 16 review procedures --For in-scope sub-service providers, formally document the review of the sub-service providers' SOC report, if applicable

SOC 1 scope, systems and control domains covered

--Classes of transactions --Procedures for processing and reporting transactions --Accounting records of the system --Handling of significant events and conditions other than transactions --Report preparation for users --Other aspects relevant to processing and reporting user transactions --Transaction processing controls --Supporting information technology general controls

SOC 2 scope, systems and control domains covered

--Infrastructure --Software --Procedures --People --Data --Security --Availability --Confidentiality --Processing integrity --Privacy

Control Objectives, Control Activities and Tests Performed

--Presents the control objectives and related control activities performed by the service organization --Presents the test procedures performed and the results of control testing performed by the service auditors --Shows the exceptions or deviations noted by the service auditors --Shows management's response to the exceptions noted EVALUATING CONTROL EXCEPTIONS --Consider performing a self-assessment of the service auditor's test adequacy of the test procedures performed --Review the responses provided by the service organization and determining whether the responses are satisfactory. Management may also consider discussing the nature of the exceptions with the service auditors. --Evaluate all relevant exceptions, which include: -Exceptions relevant to control objectives that mitigate the financial reporting risks. -Exceptions related to information technology general controls (ITGC) supporting relevant applications that mitigate the financial reporting risks.

Reviewing coverage of the SOC report

--To rely on SOC reports for SOX 404, the report must generally cover at least the first nine months of the audit period --Obtain a bridge letter if there is a gap between the SOC report date and the Company's year-end date --Review the bridge letters and the evaluate the impact of changes in the service organization's controls if any --If the report coverage is less than nine months and/or there is a gap larger than three months, Management must document how it became comfortable with the small coverage period and/or gap in the reporting period

SOC 1 Type 1

-MNGT is required to provide written assertion -SOC 1 looks at design of controls (not operating effectiveness) -SOC 1 is considered only for info purpose in planning a financial statement audit -not considered significant use for purposes of reliance by user auditors -most often performed only in first year client has SOC 1

Section 404 of Sarbanes Oxley

-accept responsibility for effectiveness of company's internal control over financial reporting -evaluate the effectiveness of company's internal control over financial reporting using good control criteria -supporting its evaluation with sufficient evidence, including documentation -presenting a written assessment about the effectiveness of the company's internal control over financial reporting as of the end of the company's most recent fiscal year; managers are now responsible for their internal controls -before this rule, management was not responsible for their internal controls over financial reporting (ICFR) provides assurance regarding the reliability of financial reporting and preparation of external financial statements (includes evidential matter, documentation, to provide reasonable support for assessment of the system) -done because of ENRON and WorldComp; government said it was not an accurate defense to plead ignorance and not knowing, executives need to make sure the statements are accurate cannot get out of it if they are not accountants

Control Activities (Examples)

-approvals and signs -verification functions -reconciliation procedures -segregation of duties

if a practitioner identified deviations in the control, they must:

-assess whether the report was good enough to assess risk or whether additional tests are needed -potential risk of misstatement

preconditions on ongoing monitoring

-constant evaluations are required as well as continuous monitoring to maintain assurance that controls work -management can't rely on an audit team to test their controls and make sure they work, they have to understand the controls themselves as well.

risk assessment procedures: important points

-designing and performing procedures -evaluating evidence, including the reasonableness of the written representations received by the practitioner

when using the work of an internal auditor, what precautions must be taken

-dont trust work they already did (ever) -treat them like a first year auditor on the engagement -determine the level of competence of the internal audit function

examples where professional skepticism is imperative

-evidence contradicts other evidence obtained -info that brings into question reliability of documents -circumstances that may indicate fraud

blockchain concerns

-if your private key is lost, so are your assets -no fraud protection -transactions are irreversible (if you accidentally send the wrong person tokens, its gone forever) -transactions on some blockchains are pseudo-anonyomous

key exceptions where documentation isn't required

-it isn't necessary or practical to document every single matter considered/professional judgement made -superseded drafts of work papers, notes that reflect incomplete or preliminary ideas don't needed to be included in the engagement file

SOC3 Reports are:

-limited in scope -contain less sensitive info -freely distributed

SOC 1: List of Control Objectives and Controls

-list of control objectives and control activities -this info will be provided by the service organization and validated by auditors

• AS 1105:

.01 This standard explains what constitutes audit evidence and establishes requirements regarding designing and performing audit procedures to obtain sufficient appropriate audit evidence. .02 Audit evidence is all the information, whether obtained from audit procedures or other sources, that is used by the auditor in arriving at the conclusions on which the auditor's opinion is based. Audit evidence consists of both information that supports and corroborates management's assertions regarding the financial statements or internal control over financial reporting and information that contradicts such assertions. Objective .03 The objective of the auditor is to plan and perform the audit to obtain appropriate audit evidence that is sufficient to support the opinion expressed in the auditor's report.1it Evidence

In the areas of auditing and accounting, judgment is typically exercised in three broad areas:

1) Evaluation of evidence (e.g., does the evidence obtained from confirmations, combined with other audit evidence, provide sufficient appropriate audit evidence to determine whether accounts receivable is fairly stated) 2) Estimating probabilities (e.g, determining whether the probability-weighted cash flows used by a company to determine the recoverability of long-lived assets are reasonable) 3) Deciding between options (e.g., audit procedure choices, such as inquiry of management, inspection, or confirmation)

KPMG Professional Judgement Framework

1) Identify the problem 2) Consider all of the alternatives 3) Gather & evaluate information 4) Reach conclusion 5) Articulate & document rationale

What are the five steps in the judgment process?

1. Clarify Issues and Objectives 2. Consider Alternatives 3. Gather and Evaluate Information 4. Reach Conclusion 5. Articulate and Document Rationale

What are the five steps in the judgment process?

1. Clarify Issues and Objectives 2. Consider Alternatives 3. Gather and Evaluate Information 4. Research Conclusion 5. Articulate & Document Rationale

What are the five steps in the judgment process?

1. Clarify Issues and Objectives, 2. Consider Alternatives 3. Gather and Evaluate Information 4. Reach Conclusion 5. Articulate and Document Rationale.

What are the five interrelated components of an entity's internal controls

1. Control Environment 2. Risk Assessment 3. Control Activities 4. Information and Communication 5. Monitoring

Professional standards indicate that an entity's internal controls consist of five interrelated components.

1. Control environment 2. Risk Assessment 3. Information & Communication 4. Monitoring 5. Control Activities

TWO MAIN CATAGORIES OF FRAUD MISTATEMENTS THAT AFFECT FINANCIAL REPORTING ARE CALLED:

1. FRUADULENT FINANCIAL REPORTING -FINANCIAL STATEMENT MISSTATEMENTS OR OMMISSIONS INTENDED TO DECEIVE USERS 2. MISAPPROPRIATION OF ASSETS -THEFTS OF ENTITY ASSETS REPORTED IN THE FINANCIAL STATEMENTS

The three potential ways to mitigate the effects of biases are

1. First way to mitigate is to make actively questioning of assumption which can include seeking more complete information. 2. Consulting with others can also help in mitigating the biases as it provides the different viewpoints that one can have. 3. One can also mitigate the effects of bias by objectively evaluate the pros and cons for each alternative as this will help an individual to consider all the possible arenas of an alternative.

What are the 6 Types of Mortgages

1. Fixed term mortgages 2. Adjustable Rate Mortgages (ARMs) 3. Buy-downs 4. Graduated Payment Mortgages 5. Negative Amortization Loans 6. Subprime mortgages

WHAT ARE THE CONTROL ENVIRONMENT COMPONENTS WITHIN INTERNAL CONTROLS?

1. INTEGRITY AND ETHICAL VALUES 2. BOARD OF DIRECTORS 3. MANAGEMENT'S PHILOSOPHY & OPERATING STYLE 4. ORGANIZATIONAL STRUCTURE 5. FINANCIAL REPORTING COMPETENCIES 6. AUTHORITY AND RESPONSIBILITY 7. HUMAN RESOURCES

WHITE COLLAR CRIME

1. LEGITIMATE ACCESS TO THE TARGET OF THEIR ILLEGAL ACTIVITIES 2. HAVE SUPERFICIAL APPEARANCE OF LEGITIMACY 3. OFTEN SPACIALLY SEPERATED FROM THEIR VICTIMS

Toby's ability to continue his offense for several months was facilitated by two factors:

1. Little to no oversight of his actions. Neither the bank holding his warehouse credit line nor his auditors were diligent in checking the facts underlying his applications or his general financial situation. 2. Willing cooperation of others in the industry. Toby also benefited from the cooperation of people in his company and people in other companies in the real estate industry to help him prepare the supporting documents that he needed to support his applications. Because the real estate and mortgage industries were undergoing such rapid growth and change, and because shady dealings were commonplace, Toby's actions may not have appeared to be out of the ordinary.

XEROX OPPORTUNITY TO MANIPULATE BY

1. RECOGNIZED REVENUE IMMEDIATELY BY APPLYING TO EQUIPMENT, INSTEAD OF INCLUDING SERVICE AND FINANCE WHICH SHOULD HAVE BEEN DEFERRED 2. INCREASED THE RESIDUAL VALUE OF THE EQUIPMENT WHICH INCREASED REVENUE · ACCELERATION FROM REVENUE FROM RENTAL LEASE AND DIDN'T REPORT · IF LEASE NEGOTIATION INCREASES, YOU RECOGNIZE IT OVER LIFE OF LEASE BUT THEY RECOGNIZED IMMEDIATELY 3. DIDN'T RECOGNIZE TAX IN YEAR OCCURRED 4. MANIPULATED TAX INTEREST INCOME 5. DID NOT DISCLOSE FACTORING TRANSACTIONS 6. MANIPULATED RESERVES ACCOUNT 7. OTHER MISC EXPENSE INTO RESERVE SO EXPENSES WERE DEFERRED AND SO INCREASE EARNINGS

in evaluating the reasonableness of management's estimates, according to AU-C Section 540 and PCAOB AS 2501,

1. Review and test the process used by management to develop the estimate. 2. Develop an independent expectation of the estimate to corroborate the reasonableness of management's estimate. 3. Review subsequent events or transactions occurring up through the audit report date.

Two common judgment traps that can affect our judgement are

1. Rush to Solve & 2. Judgment triggers

What are two common judgment traps?

1. Rush to Solve and 2. Judgment Triggers

What are some examples of judgment traps and tendencies that likely affected the auditor's judgment when auditing CUC's financial statements?

1. Rush-to-solve - Pressure to complete the audit timely 2. Confirmation Tendency - It is likely that the auditors started with the belief that the amounts reported by the CUC were correct • Thus accepting the supporting information provided by the client as correct and used that information to "confirm" the amounts reported in the financial statements instead of considering or seeking potentially disconfirming evidence 3. Anchoring Theory - The auditors were presented with management's estimated amounts related to merger reserves, service revenues, and customer nonpayment or cancellation of services • The auditors may have anchored to those amounts and thus failed to evaluate whether other amounts were more reasonable

· Why would a company want to hire a member of its external audit team?

1. The auditor is familiar with the company; 2. The auditor is perceived as being highly motivated and competent with relevant accounting experience 3. Management has developed a strong working relationship with the auditor as a result of the audit.

1. What is fundamental to exercising professional skepticism?

1. The fundamental to professional skepticism is the attitude of the auditor to approach issues in an objective, and critical nature. Therefore assessing evidence as such, before making judgments. "The [skeptic] promotes risk awareness and is inherently an enemy of fraud." (KPMG Ch. 3 PG16) The concept of judgment framing is important because appropriately questioning management's perspective by viewing the situation through other frames is fundamental to professional skepticism. challenging management's existing frames, which is the essence of professional skepticism.

What are some key facts of the WASTE MANAGEMENT case?

1. Waste Management, Inc. provides solid waste management services consisting of collection, transfer, resource recovery, and disposal services for commercial, industrial, municipal, and residential customers 2. The company was formed in the late 1960s and had grown to be a leader in waste management services 3. Despite the success, by 1996 the company was feeling pressures from the effects of changes occurring in its markets and the environmental industry.

What are WHITE COLLAR CRIME CHARACTERISTICS?

1. White-collar offenders have legitimate access to the target of their illegal activities because of their occupational positions. - because of Toby's role as a mortgage banker with a warehouse line of credit, it was easy for Toby to submit a fraudulent application for a loan. 2. The illegal actions of a white-collar offender have a superficial appearance of legitimacy. -Because of his occupational position and his experience with the mortgage banking and loan application process, Toby could prepare an application that looked normal and legitimate 3. White-collar offenders are often spatially separated from their victims. - the victim was the bank that held Toby's warehouse line of credit, and Toby never had to meet with the owners of the bank to get his loan.

if a practitioner finds it necessary to amend existing engagement documentation or add additional doc. they must:

1. document the specific reasons for making amendments/additions 2. when and by whom they were made/reviewed

3 types of attestation agreement

1. examination agreement 2. review agreement 3.agreed upon procedures agreement

if the service auditor identifies deviations, there are 3 ways to determine what to do

1. if deviations are within expected rate of deviation and are acceptable - the control works 2. Additional testing is necessary to reach a conclusion 3. the testing that has been performed includes enough evidence to determine that the control doesn't work / is ineffective

what impedes professional judgement?

1. in a world of pressure, time constraints, and limited capacity, there are a number of judgment traps we can fall into. 2. In addition, we can be subject to biases caused by self-interest or by unknowingly applying mental shortcuts.

4 things you have to do when assessing internal controls

1. inquire 2. observe 3. examination 4. re-performance

4 types of procedures auditor's perform to obtain understanding

1. inquire 2. observe 3. inspect 4. reperform application of control (one or more of these may be accomplished through a walkthrough)

What tendency is most likely manifest in the following situation? An engagement team performed a substantive analytical procedure over an expense account. When investigating a significant difference, the team was satisfied with limited evidence to support the client's plausible explanation (which was in fact incomplete) for the difference. a. Confirmation tendency b. Limited resources c. Overconfidence tendency d. Time pressure

A

Why would a company want to hire a member of its external audit team?

A company could gain insight into the auditor's process and better devise methods of hiding fraud.

What is a white knight?

A friendly investor that acquires a corporation at a fair consideration with support from the corporation's board of directors and management.

Ethical Fading

A process by which a person does not realize that the decision he or she is making has ethical implications.

Qualified opinion

A report issued when the auditor believes that the overall financial statements are fairly stated but that either the scope of the audit was limited or the financial data indicated a failure to follow GAAP

SOC 1 Report

A report on controls at a service organization which are relevant to user entities' internal control over financial reporting. An example of a service organization that may need a SOC 1 report is a company that provides payroll processing services to user entities. User entities that use the payroll processing company realize the material impact of payroll on their financial statements and request some independent assurance that their payroll is being handled in accordance with their expectations. A SOC 1 report provides user entities of the payroll processing company reasonable assurance that the internal controls of the payroll processing company are suitably designed (Type I report) or suitably designed and operating effectively (Type II report) to provide the payroll services. Because SOC 1 reports may contain sensitive information about service organizations, they are considered restricted use reports and should only be shared with management of the service organization (the company who has the SOC 1 performed), user entities of the service organization (the service organization's clients) and the user entities' financial auditors (user auditors). The report can assist the user entities' financial auditors with laws and regulations like the Sarbanes-Oxley Act. There are numerous service organizations that may receive SOC 1 reports. The common theme between the service organizations should be the potential impact on user entities' internal controls over financial reporting (ICFR). Some examples of organizations who may receive SOC 1 reports include: Payroll processors Medical claims processors Loan servicing companies Data center companies Software-as-a-Service (SaaS)

Type 1 Report

A report on the design and implementation of a service organization's controls and their suitability

Type 2 Reports

A report that documents a service organization's controls and documents their suitability and effectiveness

Detective Controls

A requirement to prepare bank reconciliations

a warehouse line of credit is

A revolving line of credit used by mortgage brokers in order to fund loans

Sub service organizations

A subservice organization is an entity that is used by the service organization to perform some of the services provided to customers (user entities). An example of a common service provided by a subservice organization would be a company that offers their data center to a cloud provider (the service organization). The service organization relies on processes and controls implemented at the subservice organization to meet the Control Objectives or Trust Services Principles of the SOC report. When a subservice organization is utilized by the service organization, there are two methods for reporting on the processes and controls at the subservice organization. --First, the processes and controls can be included as a part of the report. --This is the Inclusive method. --Second, the processes and controls can be excluded from the report. --This is the Carve Out method. Each method requires that the service organization take steps to determine whether controls are in place and operating effectively to meet the needs of the end user (customer).

Which are characteristics of subprime loans? Select one: a They are more expensive than prime loans. b. They pose a greater risk for default. c. They are designed to be made to borrowers who could not qualify for regular loans. d. All of the above

All of the above

According to Oliver Halle, what is an example of an internal pressure that causes people people to commit fraud? Select one: a. Drug addiction b. Underemployment c. Gambling addiction d. All of the above.

All of the above.

Complementary user entity controls (CUECs)

AKA User Control Considerations (UCCs) Controls that the vendor has included within its system and rely on the user entity (you) to implement in order to achieve the vendor's control objectives. In most cases, the control objectives stated in the description can be achieved only if these complementary user entity controls are suitably designed and operating effectively (by you), combined with the controls at the service organization (the vendor). **Common Placement of Complementary User Entity Controls in a SOC Report** --Specific subsection of the description - You can often find the CUECs listed out in the service description section with details on how exactly they relate to the control objectives laid out in the report. --As part of the tested controls section - You can also find the CUECs right in the testing section. They're usually documented along with the control objectives they align with. **Common Examples of CUECs in a SOC Report** --Logical Access: Account provisioning General IT controls and policies Account management --Separation Procedures: Timely account removal Regular assessment of accounts --Authorization Policies and Procedures: Policies and procedures that ensure transactions are appropriately authorized and transactions are secure, timely and complete --Data Transmission Policies and Procedures: When sending data, it must be protected by appropriate methods such as encryption Knowing about CUECs still isn't enough. As part of your vendor risk management process, you have to map them back to your own policies and procedures to ensure that you have controls in place that properly align with your vendor's expectations. Part of comprehending a vendor's value in providing a product or service is making sure you can effectively execute your responsibilities.

Bridge letter

AKA a gap letter --Obtain a bridge letter if there is a gap between the SOC report date and the Company's year-end date --Review the bridge letters and the evaluate the impact of changes in the service organization's controls if any

SOC 1, Type 1

AKA point in time report Type 1 reports test the design of a service organization's controls, but not the operating effectiveness. As of a particular date, includes a description of a service organization's system as well as tests to help determine whether a service organization's controls are designed appropriately.

DIANN CANTTANI EMBEZZLED BY: a. ABUSING EXPENSE REIMBURSEMENT POLICIES: Submitting personal expense; ski trips as business expense; misclassifying expense; personal dinner as business b. Altered her salary by duplicating bonus checks c. duplicating expenses; turned in her CC statement & receipt; reimbursed for both d. Creating dummy vendors e. A & C f. all of the above

ALL OF THE ABOVE

ETHICALLY BOUNDED

AN INDIVIDUAL'S MORALITY IS OFTER CONSTRAINED IN WAYS THAT FAVOR SELF-SERVING PERCEPTIONS THAT CAN RESULT IN BEHAVIORS THAT CONTRADICT OUR INTENDED EHTICAL STANDARDS

WHY DID KPMG STILL HERE AND ANDERSON GONE

ANDERSON HAD MORE PREVILENT FRUAD THEN KPMG MOST OF ANDERSONS WERE HIGH PROFILE CASES

OVERALL OBJECTIVES OF THE INDEPENDENT AUDITOR & THE CONDUCT OF AN AUDIT IN ACCORDANCE WITH GAAS

AU-C SECTION 200, DUE PROFESSIONAL CARE

Based on requirements in auditing standards related to auditor documentation why must auditors prepare audit documentation?

AU-C Section 230 and PCAOB AS 1215 require that the audit documentation record who performed the audit work and the date such work was completed and who reviewed specific audit documentation and the date of such review. Each working paper does not need to include specific evidence of review. But, it should be clear from the audit documentation who reviewed specified elements of the audit work

WHAT RESPONSIBILITY DOES AN AUDITOR HAVE TO DETECT MATERIAL MISTATEMENTS DUE TO ERRORS AND FRAUD?

AUDITORS ARE REQUIRED TO PLAN AND PERFORM AUDIT ENGAGEMENTS TO PROVIDE REASONABLE ASSURANCE THAT THE FINANCIAL STATEMENTS ARE FREE OF MATERIAL MISSTATEMENT, WHETHER THE RESULT OF ERROR OR FRAUD. THE AUDITOR PROVIDES REASONABLE ASSURANCE OF DETECTING FRAUDS LEADING TO MATERIAL MISSTATEMENTS BY EVALUATING THE LIKELYHOOD OF FRAUD AND EXPANDING AUDIT TESTS WHEN THERE IS A HIGHER LIKELYHOOD OF FRAUD.

Should auditors have equal responsibility to detect material misstatements due to errors and fraud?

According to the PCAOB AU110.02 and 03 "The auditor has no responsibility to plan and perform the audit to obtain reasonable assurance that misstatements, whether caused by errors or fraud, that are not material to the financial statements are detected." However, The auditor has a responsibility to plan and perform the audit to obtain reasonable assurance about whether the financial statements are free of material misstatement, whether caused by error or fraud.

Q2) Describe why accounts involving significant management estimation are generally viewed as inherently risky

Accounting estimates needed if: 1. the measurement of some amounts or the valuation of some accounts is uncertain, pending the outcome of future events; or 2. relevant data concerning events that have already occurred cannot be accumulated on a timely, cost-effective basis Risk of material misstatement varies with: - Complexity, subjectivity, availability and reliability of relevant data, number of assumptions required, and degree of uncertainty associated with those assumptions

"Overall Objectives of the Independent Auditor and the Conduct of an Audit in Accordance with GAAS".

Au-C Section 200,

Distinguish the 3 types of service organization reports.

An SOC 1 report, Report on Controls at a Service Organization Relevant to User Entities' Internal Control Over Financial Reporting, is intended to meet the needs of entities (known as user entities) that use service organizations and their auditors, who are responsible for understanding internal controls over financial reporting at service organizations. SOC 1 reports are used to plan and perform audits of the user entity's financial statements by their auditors, who are referred to as user auditors. There are two types of reports on controls at the service organization relevant to user entities' internal control over financial reporting: 1. Report on management's description of a service organization's system and the suitability of the design of controls (referred to as a Type 1 report). 2. Report on management's description of a service organization's system and the suitability of the design and operating effectiveness of controls (referred to as a Type 2 report). An SOC 2 report, Report on Controls at a Service Organization Relevant to Security, Availability, Processing Integrity, Confidentiality, or Privacy, is intended to meet the needs of a broad range of users who need information and assurance about controls at a service organization that affect the security, availability, and processing integrity of the systems the service organization uses to process users' data and the confidentiality and privacy of the information processed by these systems. For example, customers of a service organization may seek an SOC 2 report as part of their vendor risk management considerations. Similar to SOC 1 reports, there are two types of reports (Type 1 and Type 2). Use of these reports is generally restricted to specified parties, such as management of user entities, customers of the service organizations, regulators, suppliers, and business partners. An SOC 3 report, Trust Services Report for Service Organizations, is similar to an SOC 2 report except that the SOC 3 report is intended for wide distribution to current or potential users of the service organization. SOC 3 reports are prepared using the Trust Services principles and criteria shown in Table 25-2. While the distribution of an SOC 2 report is generally restricted, an SOC 3 report is a general-use report, which allows the service organization to share the report to current or prospective customers or to use it as a marketing tool demonstrating that they have appropriate controls in place to mitigate risks, such as those related to security or privacy.

One component of internal control is the entity's control environment. What factors should an auditor consider when evaluating the control environment?

An auditor should consider the culture of the firm. This includes the role played by upper management, in order to ascertain if pressure is being placed on low level employees. An auditor must also identify incentives and opportunities that management has to commit fraud, such as relationship with auditing practices and the audit committee.

Which of the following best describes a judgment trigger?

An issue/problem stated in terms of a particular alternative

Describe how reflection applies to the KPMG Professional Judgment Framework.

Answer: Reflection is often the best way to identify whether a judgment has been influenced by a judgment trap or bias, like a judgment trigger that could have led the decision maker down a "garden path" toward a narrow set of alternatives.

Diann's theft from her company is an example of what kind of workplace crime? Select one: a. Corporate b. Fraud triangle c. Pro-organizational d. Anti-organizational

Anti-organizational

Stakeholders

Anyone who has a responsibility for, an expectation from or some other interest in the enterprise.

An auditor will use the IT test data method in order to gain certain assurances with respect to the

Application controls contained within the program.

Who served as WorldCom's external auditor and who replaced them

Arthur Andersen, LLP, served as WorldCom's external auditor until June 2002 replaced by KPMG after the Enron Scandal Author Anderson was part of

What are the risks associated with allowing former auditors to work for a client in key accounting positions?

Associated risks: - Familiarity with nature and timing of audit procedures - Potential to influence audit procedures - Potential to mislead auditors - Potential to influence the likelihood that auditors follow up on detected misstatements

Using hindsight, identify factors present at Waste Management that are indicative of each of the three fraud conditions: incentives, opportunities, and attitudes (continued 2)

Attitude: > Management not concerned with quality of financial reporting as evidenced by refusal to make adjustments suggested by auditor > Secret agreement with auditor to write off accumulated errors in future periods

What makes the intentional misstatement of inventory difficult to detect? How was Phar-Mor successful in fooling Coopers & Lybrand for several years with overstated inventory?

Auditors are in Lack of experience For inventory checking, only small samples was tested It was hard to detect the fraud because the high level management were involved. They have the common interest on hiding the loss. Also, Phar More is a subsidiary under the Giant Eagle. The inventory could be transferred flexibly within the corporation among different subsidiaries. When auditors prepare the financial statements for the corporation, they normally do not pay close attention to the inventory reports of the individual firm

What responsibility does an auditor have to detect material misstatements due to errors and fraud?

Auditors are required to plan and perform audit engagements to provide reasonable assurance that the financial statements are free of material misstatement, whether the result of error or fraud.

What responsibility does an auditor have to detect material misstatements due to errors and fraud?

Auditors maintain a responsibility to provide reasonable assurance that financial statements are free of material misstatement due to fraud or errors. The auditors must maintain an attitude of professional skepticism throughout an audit, while maintaining independence in appearance and in fact. However, auditors cannot guarantee there will be no material misstatements but they do provide reasonable assurance

an example of the confirmation bias

Auditors may be prone to over rely on management's explanation for a significant difference between the auditors expectation and managements recorded value, even when the clients explanation is inadequate

What types of factors should auditors consider when assessing the likelihood of material misstatements due to fraud?

Auditors must take two main things into account: the inherent risks of the client, and the control risks. Inherent risks are those directly related to the business and business operations, while control risk is what the company puts in place to reduce errors and fraud.

What is the most important factor in avoiding traps or reducing bias?

Awareness of potential traps and conditions that lead to bias is the most important factor.

True or False

Awareness, coupled with the terminology to identify and label the potential traps and biases, is key to improving judgment.

The confirmation bias is a subconscious tendency to do which of the following? a. Seek evidence that confirms a biased judgment b. Seek evidence that confirms a previously held view c. Underutilize confirmations in the testing of accounts receivable d. Seek evidence that disconfirms a previously held view

B

What best describes the relationship between diversity of thought and group judgments? a. Differences in opinions indicate internal conflict, which team members should avoid. b. Diversity in thought should be fostered in group judgment and typically improves judgment quality. c. Team members should always work together to reach an early consensus. d. GroupThink is a pitfall that teams may fall into as a result of encouraging expression of different ideas within the group.

B

Which of the following best describes a technique to mitigate the confirmation bias? a. Consider the most unusual case b. Make the opposing case c. Consult with others d. Get objective data

B

Which of the following best describes the relationship between professional skepticism and professional judgment? a. Professional skepticism is an attitude that includes a questioning mind and a critical assessment of audit evidence that is separate and apart from the process of exercising professional judgment. b. Professional skepticism is an attitude that includes a questioning mind and a critical assessment of audit evidence that is part of the process in forming professional judgments. c. Professional skepticism is synonymous with professional judgment. d. There is no relationship between professional skepticism and professional judgment.

B

Which of the following is on of the keys for effectively preparing for a brainstorming session? a. The engagement team should participate in a pre-meeting to assess the objectivity of the participants attending the meeting in order to avoid bias. b. The individual team members should generate ideas before the meeting with an understanding their ideas will be shared. c. The leader should send out an agenda of important topics and preliminary conclusions for the participants to consider before the meeting in order to expedite the process. d. The purpose of the meeting should not be communicated prior to the meeting in order to avoid individual pitfalls and biases.

B

Which of the following statements about judgment frames is correct? a. A situation cannot have more than one appropriate frame. b. There is often no single best frame for a given situation. c. Frames are not used by risk averse individuals. d. Professionals should eliminate the use of frames from their judgment processes.

B

"rule-based" accounting standards are

Based on specific and detailed rules

THIS COULD BE ON EXAM!!!!! SATYAM LIKE 53 MILLION DOLLOR QUESTION BOTH MADE

BANK ACCOUNTS

Which of the following is considered a general control

Back up and disaster recovery controls. Password protection on the central server. Requiring change authorization forms on all program software.

(a) how was Enron Corporation's situation similar or dissimilar to Xerox's situation? (b) How did the financial and business sectors react to the two situations when the accounting issues became public? (c) If the financial or business sectors reacted differently, why did they react differently?

Both companies were heavily financed with debt obligations and were experiencing significant challenges to their core business operations. The major difference is in the nature of their core business. At the time of the restatement, Enron was predominately a speculative energy and commodity trading company while Xerox was the producer of copier and printing devices. At the end, Enron no longer had physical products it produced and sold. Rather, Enron acted as an intermediary service provider between producers and buyers. Buyers and sellers were no longer interested in using Enron's services when the integrity of management was brought into question, causing its business to basically disappear over night. Xerox on the other hand, was still perceived to produce quality products it could sell to its customers.

Diann Canttini graduated from which university? Select one: a. University of Southern California b. UCLA c. Utah State University d. Brigham Young University

Brigham Young University

FASB Accounting Standard Codification (ASC) 805

Business Combinations

Which of the following best describes a judgment trigger? a. An alternative stated in terms of a judgment objective b. A technique for making effective judgments quickly c. An issue/problem stated in terms of a particular alternative d. A technique for more effectively evaluating another's judgment

C

Diann rationalized her fraud by saying that she needed money to care for a sick child. True or False

False

5 major components of internal control

Control environment Communication Risk Assessment Control Activities Monitoring

Which of the following controls would most likely be tested during an interim period?

Controls that operate on a continuous basis.

Entity-level controls can have a pervasive effect on the entity's ability to meet the control criteria. Which one of the following is not an entity-level control?

Controls to monitor the inventory taking process.

CUC + HFS COMBINED TO CREATE

CEDANT CORPORATION

Finally wrapping around "mindset" in the Framework is

CONSULTATION which includes with o engagement team members, o specialists, or other professionals

Which is NOT one of the three elements of the fraud triangle? Select one: a. Consequences b. Opportunity c. Motivation/Pressure d. Rationalization

Consequences

FASB Accounting Standard Codification (ASC) 810

Consolidation

The most important Internal Control is

Control Environment

The home mortgage industry experienced a decrease in white-collar crime during the housing boom of the 1990s. Select one: True False

False

"Fannie Mae"

Created the secondary mortgage market.

Who reported WordComs fraud and what was their position?

Cynthia Cooper from their internal audit staff

In December 2002, Time magazine named WorldCom's ___________ as one of its "Persons of the Year" along with two other whistleblowers: _____________of Enron and _________ of the FBI.

Cynthia Coopers, Sherron Watkins & Colen Rowley

Which of the following describes how the availability tendency is most likely to affect auditors? a. Auditors may first consider different potential causes for an observed fluctuation before seeking the client's explanation with regards to analytical procedures. b. Auditors may rely on information provided by client staff who is most knowledgeable about an audit area rather than the staff most easily accessible. c. Auditors may seek evidence that supports their belief of how a transaction should be accounted for. d. Auditors may weigh more heavily the information that was received most recently from a client relative to information received earlier during the audit.

D

Which of the following is an example of the confirmation bias? a. An auditor improperly concludes on a complex revenue recognition matter without having the appropriate technical accounting background. b. An auditor improperly concludes on the valuation of an investment security by looking at only the most recent sale of the security. c. An auditor improperly concludes on the accounts receivable balance because negative confirmations were sent instead of positive confirmations. d. An auditor improperly concludes a contingent liability is properly stated after examining only the evidence that supported the amount accrued in the financial statements.

D

Which of the following is true with respect to the overconfidence bias? a. Overconfidence is always a conscious bias. b. Overconfidence could result in the consideration of too many alternatives. c. Overconfidence usually decreases with experience. d. Overconfidence could result in engagement team members performing audit procedures that are beyond their skill sets.

D

Which of the following statements is false regarding group judgment? a. Good judgment principles are similar for individuals and groups. b. Groups can fall into judgment traps and biases. c. Groups are prone to making quick decisions in order to avoid conflict. d. Groups are not prone to judgment traps and biases.

D

Internal control is a process designed to provide reasonable assurance regarding the achievement of which objective

Effectiveness and efficiency of operations.; Reliability of financial reporting; Compliance with applicable laws and regulations.

ACCODING TO AU-C SECTION 230 AND PCAOB AS 1215 EACH WORKING PAPER DOES

DOES NOT NEED TO INCLUDE SPECIFIC EVIDENCE OF REVIEW. BUT SHOULD BE CLEAR FROM THE DOCUMENTATION WHO REVIEWED SPECIFIC ELEMENTS OF THE AUDIT WORK PERFORMED AND WHEN

Independent service auditor's report

Describes the scope, service organization's responsibilities, service auditor's responsibilities, inherent limitations, opinion, description of test of controls, restricted use. It also describes the service auditor's opinion of management's presentation of its system of internal control, the suitability of the design of the system, the opinion on the operating effectiveness of the controls (Type II reports only). REVIEWING THIS SECTION --Verify the report coverage is adequate, if it is insufficient or the date does not coincide with the client's year end, verify how management was able to gain acceptance of the coverage exceptions. --Verify the type of report issued and whether it is appropriate for use --Verify whether service providers are being used by the service organization and determine whether the service auditor's evaluation included sub-service providers --Determine the type of opinion issued

Who was the White Knight in the Enron Case?

Dynegy

Which company engaged in aggressive accounting approaches, including SPEs, to move debt off the balance sheet and enhance profits.

ENRON

(d) How was KPMG's situation similar or dissimilar to Andersen's situation?

Enron's restatement of its financial statements had a much more profound effect on Andersen than did Xerox's restatements of its financial statements on KPMG. The number of high profile fraud cases Andersen was involved with (Waste Management, Global Crossing, Sunbeam, Qwest Communications, and Enron) helped it to quickly lose its credibility with the investment markets and federal government. More importantly, Andersen's criminal conviction for document shredding in the midst of an SEC investigation forced Andersen to stop performing audits of public companies. In the end, Andersen's loss of public trust rendered its services useless. KPMG fortunately, has not been involved in as many high profile fraud cases. Nevertheless, the demise of Andersen has brought about a significant re-evaluation and re-structuring of all public accounting firms to prevent similar situations in the future.

What could Diann's company have done to best safeguard itself from fraud? Select one: a. Ensured segregation of duties. b. Performed a background check on Diann. c. Implement more internal controls. d. Both A and C.

Ensure segregation of duties & implement more internal controls

Who was CUC's auditor prior to Cedant

Ernst & Young

SOC 3 Report

Established as a general use report alternative to the SOC 2 report, a summary that can be provided to the public. An examination on controls relevant to the applicable Trust Services Principles The report includes only the auditor's opinion and limited description of controls (narrative)

How can considering multiple judgment frames enhance an auditor's professional skepticism? Explain and give an example.

Evaluating issues and objectives from different frames, or what we at KPMG would call looking at an issue through a "fresh lens," can help auditors to understand a variety of different perspectives. Considering multiple frames can bring additional insights or ways to understand a situation.

indicate one audit procedure the auditor could have used to detect False coding of services sold to customers

Examine documents supporting cash receipts.

Which fraud scheme is described in the Diann Cantinni case as one of the easiest fraud schemes to commit against a company? Select one: a. Forging management signatures b. Duplicating checks c. Expense reimbursement d. Sneaking office supplies

Expense reimbursement

TRUE OR FALSE DIANN'S HUSBAND WAS ALSO IMPLICATED IN THE FRAUD

FALSE

TRUE OR FALSE; ACCORDING TO AU-C SECTION 230 AND PCAOB AS 1215 EACH WORKING PAPER NEEDS TO INCLUDE SPECIFIC EVIDENCE OF REVIEW.

FALSE: ACCORDING TO AU-C SECTION 230 AND PCAOB AS 1215 EACH WORKING PAPER DOES NOT NEED TO INCLUDE SPECIFIC EVIDENCE OF REVIEW. BUT SHOULD BE CLEAR FROM THE DOCUMENTATION WHO REVIEWED SPECIFIC ELEMENTS OF THE AUDIT WORK PERFORMED AND WHEN

AU SECTION 240

FRAUD TRIANGLE

A reliance strategy is used when control risk has been set at high. True or False

False

Why did the Andersen partners allegedly allow Waste Management executives to avoid recording the identified accounting errors? How could this be prevented? (continued)

How to prevent this? - Keep focus on public's interest - Assess performance evaluation: focus on quality instead of fee revenues - Require national level approval for local office partners to sign off on complex or aggressive accounting positions - Strengthen position audit committee

Review professional auditing standards to describe the auditor's responsibilities for examining management-generated estimates.

ISA 540: Auditing Accounting Estimates (Par 9) The auditor shall evaluate, based on the audit procedures performed and the audit evidence obtained, whether the accounting estimates and related disclosures are reasonable in the context of the applicable financial reporting framework, or are misstated.

HARLEY DAVIDSON CASE

Identifying eBusiness Risks and Related Assurance Services for the eBusiness Marketplace

Describe the key difference between a type 1 and type 2 SOC 1 report.

In a Type 1 SOC 1 report, the accountant provides an opinion about the fairness of the description of the service organization's system and opinion about the suitability of the design of the controls in that system. In a Type 2 report, the accountant provides the opinions contained in a Type 1 report, plus an opinion on the operating effectiveness of controls at the service organization.

CONTROL ENVIRONMENT: Integrity and Ethical Values

In evaluating this component, consider whether: · there appears to be sufficient integrity on the part of management and employees · management articulates ethical values to all levels of the organization, processes are in place to monitor adherence to ethical values, and deviations from ethical values are identified and addressed in an appropriate and timely manner

Using hindsight, identify factors present at Waste Management that are indicative of each of the three fraud conditions: incentives, opportunities, and attitudes

Incentives: > Pressure on management to maintain company's reputation and stature in the industry > Internal pressure from CEO on other members of the management team to find ways to reach the targets > Greed and desire to retain corporate positions and status in the business and social communities > Bonuses based on company performance

Service organization's description of the system

Includes the service organization's explanation of the system and descriptions of: --Services provided --Entity-level controls relating to the control environment, risk assessment processes, monitoring activities and information and communication processes --Procedures by which services are provided and transactions are accounted for, and related accounting records --Significant events other than transactions --Report preparation processes --Control objectives and related control activities --Complementary user entities controls --Description of sub-service provider controls REVIEWING --Verify the services provided are consistent with the services received --Understand if there are any significant events that impact the services relied upon

KPMG encourages experienced professionals to take time to coach less experienced professionals through the process of making critical judgments rather than just making those judgments themselves, even though it may take more time to do so. Why is this important?

KPMG takes seriously the development of our people, and on-the-job coaching and mentoring is an essential part of developing the professional judgment of less experienced people. Walking through critical judgments with less experienced professionals enables the less experienced professionals to better understand the elements of a judgment process and how they are applied in difficult accounting and auditing contexts. The KPMG Professional Judgment Framework provides a shared conceptual understanding of good judgment and it facilitates coaching and mentoring and training by providing a common understanding and vocabulary relating to the elements of good judgment as well as the traps and biases that can threaten good judgment.

Hollinger's external audit team was

KPMG, MARYLYN STIT

WHAT CAN WE DO TO DETECT XEROX FRUADULENT ACTIVITIES/HOW DO I KNOW IF CLASSIFIED CORRECTLY

LOOK AT ASSETS AND MAKE SURE THEY HAVE RIGHT DOCUMENTS A SCHEDULE? HOW RECORDED LEASES IN PREVIOUS YEARS AND COMPARE OUTSIDE RESOURCE; LOOK AT HOW A THIRD-PARTY HANDLES LEASES

What is meant by the term level of assurance? How does the level of assurance differ for an audit of historical financial statements, a review, a compilation, and a preparation engagement?

Levels of assurance represent the degree of certainty the practitioner has attained, and wishes to convey, that the conclusions stated in his or her report are correct. Audits of historical financial statements prepared in accordance with accounting standards are one type of examination. They are governed by auditing standards. An audit results in a conclusion that is in a positive form. In this type of report, the practitioner makes a direct statement as to whether the presentation of the assertions, taken as a whole, conforms to the applicable criteria. The level of assurance is high. In a review, the practitioner provides a conclusion in the form of a negative assurance. In this form, the practitioner's report states whether any information came to the practitioner's attention to indicate that the assertions are not presented in all material respects in conformity with the applicable criteria. The level of assurance is limited. A compilation is defined in SSARS as presenting, in the form of financial statements, information that is the representation of management without undertaking to express any assurance on the statements. A preparation engagement is defined in SSARS as a service where the CPA is engaged by the client to prepare or assist in preparing financial statements, but the CPA does not provide any assurance on the financial statements or issue a report, even if the financial statements are expected to be used by, or provided to, a third party.

How can considering multiple judgment frames enhance an auditor's professional skepticism? Explain and give an example.

Looking at an issue through a fresh lens gives auditors the opportunity to look at a situation from a different perspective.

Corrective Control

Maintaining backups of data

Management's written assertion

Management's assertion may be in a separate section of the report or included in the section containing the description of the system. Management's written assertion covers: --The fair presentation of the description of the system --The suitability of the design of controls and verification that they were implemented as of a specific date (type 1) or throughout the period (type 2) --The operating effectiveness of the controls throughout the period (Type II) --The relevant changes to the system throughout the period (Type 2) REVIEWING --Verify management's written assertion in this section mirrors the service auditor's opinion --Verify that there are no qualification in the assertions/modification in the language (i.e., use of "except for" or other exclusionary language --Verify that there are no omissions in description criteria outlined by the aicpa relative to the services provided

What is the name of the mayor who pled guilty to stealing $201,000 from her town? Select one: a. Mary Ella Hixon b. Jane Lewis c. Roberta Green d. Margo Reed

Mary Ella Hixon

Name two other high profile cases where a company has committed fraud by misstating inventory.

McKesson & Robbins Company. There was an non-existing inventory recorded on the financial statement because the auditors did not physically count the inventory on-site. . Crazy Eddie Company.The company went bankrupt because of the overestimation on inventory

What role do metaphors and analogies play in judgment framing, and how can they be used to improve your ability to examine issues through multiple frames?

Metaphors and analogies both play a powerful role in judgment framing. General Barry McCaffrey; general in the united states army, successfully changed the tone toward drug trafficking from changing the metaphor "The War on Drugs" to "Drugs are the Cancer to the Nation." The first metaphor creates a different frame which denotes the combat against drugs; while "drugs are the cancer to the nation" suggest that the drug problem in america is a sickness. This creates a different attitude and hence, different frame.

How can considering multiple judgment frames enhance an auditor's professional skepticism? Explain and give an example.

Multiple judgment frames enhance an auditor's professional skepticism because better judgments can be made from considering the fact that other frames exist; different points of view. "For example, doctors and patients tend to select riskier treatment options when a condition is framed in terms of the odds of dying than when the identical situation is framed in terms of the likelihood of surviving—same situation, but different frames." (KPMG Ch. 3 PG17) If we consider both frames, the odds of dying vs the odds of surviving we can make a better judgment. Hence, the importance of multiple frames.

ENRON STARTED AS A

NATURAL GAS PIPELINE COMPANY

Did KPMG do their Due Diligence when auditing Hollinger International?

NO, however the did minimum requirement

Which of the following statements regarding auditor documentation of the entity's internal control is correct

No one particular form of documentation is necessary, and the extent of documentation may vary. Correct

MISCALCULATION

OVERESTIMATING THE EXTENT TO WHICH THEY WOULD ENGAGE IN SOCIALLY DESIRABLE BEHAVIORS.

Summarize the key ways to enhance the effectiveness of groups in the context of a fraud risk assessment meeting.

Participants should be asked to prepare ahead of the meeting by generating their own ideas, with the expectation that they will be asked to share their ideas at the meeting.To enhance participation and a sharing of ideas, group members present the ideas they have prepared prior to the meeting with little or no discussion. There should be little or no criticism or evaluation of ideas at this point. Once the ideas are on the table, an open discussion should be facilitated, encouraging those with different or opposing viewpoints to speak up.

Which of the following was NOT one of Diann Canttini's "hobby" jobs after graduating college? Select one: a. Managing a bike shop b. Testing snow skis c. Pet sitting d. Both A and B

Pet sitting

A reliance strategy is chosen when the auditor:

Plans on conducting tests of controls and Has set the control risk at a lower level.

How did Conrad & Radler commit fraud?

Portions of the proceeds due to the Hollinger International shareholders were diverted to Black and Radler through their actions without explicit approval of the board and shareholders.

POSITIVES & NEGATIVES OF SIMPLY STEAMS Financial Reporting Competencies

Positive Factors · Employees seem to receive sufficient training and appear to understand their responsibility · Office staff are largely made up of college accounting students. Negative Factors · Most employees have little or no previous experience · Office staff experience confusion regarding their job duties

POSITIVES AND NEGATIVES OF SIMPLY STEAM'S Management's Philosophy and Operating Style COMPONENT OF CONTROL ENVIRONMENT

Positive Factors •"Open door policy" •Employees are encouraged to express their concerns to management •Owners are the only employees authorized to sign checks •Focused & well run organization •Engagement of CPAs Desire to produce fair financials, to enhance control, monitor business risk and to continuously improve.

SIMPLY STEAM Board of Directors POSITIVE AND NEGATIVES

Positive Factors •An active board •Members are knowledgeable about the business and industry · Flexibility to meet when needed Negative Factors •Meet only once a year •No board members independent of management

POSITIVES AND NEGATIVES OF SIMPLY STEAM'S Style COMPONENT OF CONTROL ENVIRONMENT

Positive Factors •Owners and managers are highly involved •Responsibilities and authorities of owners and office managers are clearly established •Office manager directly supervises data processing •Policies and procedures are determined by owners and office manager Negative Factors •Sales people are paid on commission and can negotiate special pricing •Office manager is paid a percent of total sales •No formal job descriptions have been developed

SIMPLY STEAMS Integrity and Ethical Values

Positive Factors •Owners are highly involved and appeared to be people of integrity •Strong growth through word-of-mouth advertising which could imply the firm operates ethically and delivers a valuable service Negative Factors •High Employee turnover •Sales people are paid on commission and can negotiate special pricing

POSITIVES & NEGATIVES OF SIMPLY STEAMS Authority and Responsibility WITHIN CONTROL ENVIRONMENT

Positive Factors •Owners are highly involved in day-to-day operations •Office manager approves all sales •Exception reports are generated for specially priced sales •Computer system and sales process is re-evaluated every eight weeks Negative Factors •Computer system was developed by office manager •No user manual or other system documentation exists for computer system •Frequent changes to the system •Office employees experience confusion on their job duties anD responsibilities

List OTHER MORTGAGE RELATED CRIMES

Predatory Lending to Subprime Borrowers Illegal Property Flipping Identity Theft

► Are there dangers in removing "bright-line" rules? What difficulties might be associated with such a change?

Problems. Human judgment and discretion are involved.

Within an auditing context, what is professional judgment?

Professional judgment is the process of using relevant training, knowledge, and experience to reach a decision or draw a conclusion in evaluating evidence, estimating probabilities, or selecting between options.

Which of the following statements is true with respect to judgment framing?

Professional skepticism can be seen in terms of challenging a client's judgment frame

Which of the following best describes the relationship between professional skepticism and professional judgment?

Professional skepticism is an attitude that includes a questioning mind and a critical assessment of audit evidence that is part of the process in forming professional judgments.

What are possible reasons why the Andersen partners allegedly allowed Waste Management executives to avoid recording the identified accounting errors.

Public accounting is a highly competitive service-oriented business. - partners may sometimes feel pressure to avoid taking tough stands on a client's accounting choices. - Making a lot of money and want to please their clients , - risk of losing clients to other accounting firms.

PCAOB: AS 14 "EVALUATING AUDIT RESULTS"

QUALITATIVE ASPECTS MANAGEMENT BIAS: SELECTIVE CORRECTIONS OF MISSTATEMENTS, EXTRA ADJUSTMENT ENTRIES, BIAS IN THE ACCOUNTING SELECTION OF ACCOUNTING PRINCIPLES AND ESTIMATES.

R4 Process

R1. control objectives R2. address individual risks R3. appropriate access to files the objective is that only certain people have access to files

How could Arthur Andersen assess the reasonableness of those estimates used to create Waste Management's financial statements.

Request information about the sources of data and factors that management used to form assumptions about salvage values and useful lives • Estimate reasonableness of those assumptions Compare information about the useful lives for depreciating classes of assets to similar estimates used by competitors in the waste management industry Analyze disposed assets • Verify if management's estimates of salvage values and useful lives were realistic Rely on judgments by independent experts

Section 404 of Sarbanes Oxley

Requires an SEC reporting company and its internal auditor to test the internal controls that are relevant to its financial reporting. Ie. Stress test

What are some key facts of the WASTE MANAGEMENT case?

Restatements principally related to the calculation of vehicle, equipment, and container depreciation expense and capitalized interest costs related to landfills

indicate one audit procedure the auditor could have used to detect Irregular charges against merger reserves

Review for unusual journal entries and obtain related support

THE 53 MILLION DOLLAR QUESTION

Rita Crundwell

What are two common judgment traps?

Rush to Solve and Judgment Triggers

HOW DID THE COMPANY FIND OUT ABOUT DIANN'S FRAUD

SHE TOLD THEM

1. Independent Service Auditors' Report 2. Management Assertion 3. System Description Overview 4. List of Control Objectives and Controls 5. Other information provided by service organiztion

SOC 1: 5 sections

WHAT TRUST SERVICES PRINCIPLES ARE EXAMINED IN A SOC 2 ENGAGEMENT?

SOC 2 ENGAGEMENTS USE THE FOLLOWING FIVE TRUST SERVICE PRINCIPALS TO EVALUATE WHETHER A SYSTEM IS 1. RELIABLE 2. AVAILABILITY 3. PROCESSING INTEGRITY 4. CONFIDENTIALITY 5. PRIVACY

TYPE 1 and TYPE 2, SOC 2 REPORT

SOC 2, TYPE 1 SAME AS SOC1 TYPE 1, PROVIDES OPINION ON THE SYSTEM AND DESIGN OF CONTROLS THAT MAY AFFECT USERS SECURITY, AVAILABILITY, PROCESSING INTEGRITY, CONFIDENITALITY AND/OR PRIVACY SOC 2, TYPE 2, INCLUDES TYPE 1 INFORMATION AS WELL A DESCRIPTION OF THE AUDITORS TEST OF CONTROLS AND RESULTS (IE INCLUDES THE OPERATING EFFECTIVENESS OF CONTROLS)

SOC 1 Report Structure

The Opinion Letter (SOC 1 Qualified Opinion vs. Unqualified) --The first section contains the opinion letter (aka Independent Auditor's Report). The opinion letter outlines the scope of the report (services included), test period (Type 2), or report as-of-date (Type 1) and type of opinion being issued. Management's Assertion --The second section contains an assertion written by management of the service organization that makes a number of management statements including the following: 1) An assertion that the description of the system fairly presents the system 2) The control objectives were suitably designed (Type 1) or suitably designed and operating effectively (Type 2) 3) Discussion of the criteria used to make the assertion. Description of the System --The description of a service organization's system is a description of the services provided that are relevant to user entities ICFR (Internal Control Over Financial Reporting). --The description includes the supporting processes, policies, procedures, personnel, and operational activities that constitute the service organization's services that are relevant to user entities. Description of Tests of Controls and Results of Testing --This is the section that a SOC auditor uses to describe the controls that were tested as part of the examination, the test procedures used for testing the controls and the results of testing. --When reviewing a SOC 1 report, the opinion and the results of testing sections contain the key information necessary to determine whether a service organization's system of internal controls is suitably designed and operating effectively to provide the services. Other Information --Some SOC 1 reports include a section used by service organizations to provide additional information about relevant processes that were not tested within the report such as disaster recovery and business continuity information. The SOC auditor will not express an opinion on the statements made by management within this section.

The tendency of decision makers to make assessments by starting from an initial numerical value and then to adjust insufficiently away from that initial value in forming a final judgment.

The anchoring tendency

service auditor

The auditor of a service organization.

Which of the following statements concerning control deficiencies is true?

The auditor should communicate to management, in writing, all control deficiencies in internal control identified during the audit.

Which of the following is not true?

The auditor should not communicate with management until the audit of internal control over financial reporting is finished.

The Sarbanes-Oxley Act of 2002 requires management to include a report on the effectiveness of ICFR in the entity's annual report. It also requires auditors to report on the effectiveness of ICFR. Which of the following statements concerning these requirements is false?

The auditor should provide recommendations for improving internal control in the audit report.

The tendency for decision makers to consider information that is easily retrievable from memory as being more likely, more relevant, and more important for a judgment.

The availability tendency

What was the goal of Toby's mortgage lending business?

The business made loans to home buyers with the goal of selling the closed loans at a profit on the secondary mortgage market.

What factors in the auditor-client relationship can put the client in a more powerful position than the auditor?

The client can be in a more powerful position than the auditor in the auditor-client relationship if the auditor is trying to sell the client additional services

Who was the external auditor for WASTEMANAGEMENT

The company's financial statements were audited by Arthur Andersen.

What is fundamental to exercising professional skepticism?

The concept of judgment framing or appropriately questioning a client's perspective by viewing the situation through other frames is fundamental to exercising professional skepticism.

The tendency for decision makers to seek for and put more weight on information that is consistent with their initial beliefs or preferences.

The confirmation tendency · once people have adopted a preference or an opinion, they tend to consider and gather information that supports and agrees with their preference. · people tend to seek confirmatory evidence, rather than looking for something inconsistent with their opinions or preferences.

Which of the following statements about internal control is correct

The cost-benefit relationship is a primary criterion that should be considered in designing an internal control system.

Which of the following statements about internal control is correct?

The cost-benefit relationship is a primary criterion that should be considered in designing an internal control system.

Which factors existed during the 1995 through 1997 audits of CUC that created an environment conducive for fraud?

The ethics of upper management played a crucial role in creating an environment of fraud. The CFO, Cosmo Corigliano, believed that the fraudulent way they operated was just what they did in their business, while lower level accountants believed they were simply doing their jobs. The executives also put pressure on employees to maintain earnings and growth to keep stock prices high. Upper level executives were also intimately involved in the reporting process, which allowed them to bypass controls in order to report fraudulent information.

To help prevent or detect the overstatement of inventory, what are some audit procedures that could be effectively employed?

The external audit team should file a physical count report on the inventory. The audit team should have conduct an analytical procedure on the reasonability of the inventory reported. The sample size should be properly adjusted.

Which of the following is not a factor that might affect the likelihood that a control deficiency could result in a misstatement in an account balance?

The financial statement amounts exposed to the deficiency.

What are the risks associated with allowing former auditors to work for a client in key accounting positions? (continued)

The firm shall ensure that no significant connection remains between the firm or a network firm and: a) a former partner who has joined an audit client of the firm; or b) a former audit team member who has joined the audit client if either has joined the audit client as: (i) a director or officer; (ii) an employee in a position to exert significant influence over the preparation of the client's accounting records or the financial statements on which the firm will express an opinion

Describe the 5 Trust Services principals.

The five Trust Services principles include the following: 1. Security - Security practices ensuring that the system is protected against authorized access (both physical and logical). 2. Availability - Availability practices, ensuring that the system is available for operation and use as committed or agreed. 3. Processing Integrity - Processing integrity, ensuring that system processing is complete, accurate, timely, and authorized. 4. Online Privacy - Online privacy practices, ensuring that personal information obtained as a result of e-commerce is collected, used, disclosed, and retained as committed or agreed. 5. Confidentiality - Confidentiality practices, ensuring that information designated as confidential is protected as committed or agreed

What responsibility does an auditor have related to each of these five components?

The five components related to internal controls are: control environment, risk assessment, control activities, information and communications, and monitoring activities. Auditors cannot directly change the control environment, however, they can maintain ethics and values which will show management that they intend to audit correctly, which may scare management straight. Auditors play a large role in risk assessment by identifying inherent and control risks associated with the business. Through this assessment, they decide the nature, extent, and timing of audit activities. Auditors must test control activities to ensure they exist and work in the proper way. Auditors must document extensively throughout an audit, and ensure engagement team members are in constant communication to ensure a complete audit. The auditors must also constantly monitor activities, such as journal entry recording and valuation processes, while communicating deficiencies with upper management.

How did WorldCom perpetrate their fraud?

The fraud at WorldCom involved the erroneous capitalization of billions of dollars of network expenses as assets. · Normal lease operating expenses related to fees paid by WorldCom to local telephone companies for use of their telephone networks were capitalized on the balance sheet.

Monitoring is a major component of the COSO Internal Control—Integrated Framework. Which of the following is not correct in how the company can implement the monitoring component

The independent auditor can serve as part of the entity's control environment and continuous monitoring.

Monitoring is a major component of the COSO Internal Control—Integrated Framework. Which of the following is not correct in how the company can implement the monitoring component?

The independent auditor can serve as part of the entity's control environment and continuous monitoring.

Description of the System

The narrative which includes: -identifying the control environment factors -identifying sub-service providers -identifying user entity control considerations

AU-C 330: "Performing Audit Procedures in Response to Assessed Risks and Evaluating the Audit Evidence"

The objective of the auditor is to obtain sufficient appropriate audit evidence regarding the assessed risks of material misstatement through designing and implementing appropriate responses to those risks

The tendency for decision makers to overestimate their own abilities to perform tasks or to make accurate diagnoses or other judgments and decisions.

The overconfidence tendency

Control Activities

The policies and procedures that help ensure management directives are carried out (to achieve the defined control objectives)

SOC3

Trust services criteria for general report ATC 105

Soc 1, Type 2

Type 2 reports cover a period of time (usually 12 months), include a description of the service organization's system, and test the design and operating effectiveness of key internal controls over a period of time.

•***AU-C 315:

Understanding the Entity and Its Environment and Assessing the Risks of Material Misstatement

The SEC outlines in Accounting and Auditing Enforcement Release No. 2234 five "undertakings" for KPMG to alter or amend its audit practices.

Undertaking 1 - Oversight of Engagement Partner Changes. Undertaking 2 - Whistle-blowing" Channels of Communication. Undertaking 3 - Consultation Documentation. Undertaking 4 - Audit Evidence Training. Undertaking 5 - Reassessing Departures from GAAP.

Carve out method

Used for sub-service organizations, the process and controls are excluded from the report. The following considerations must be evaluated: --What services are performed by the subservice organization that are relevant to the services offered to the customer? Normally, these services are explained briefly as part of the carve out language within the SOC report. --Does the subservice organization issue a SOC report on the services not included as part of the service organization report? --Does the service organization report or the subservice organization reports contain any exceptions in it? If so, what compensating or mitigating controls are in place to eliminate or reduce the risk associated with the exception? --Have you reviewed the service organization CUEC's to determine whether there are controls within the subservice organization report that address the CUEC's? If not, what additional controls are in place at the user entity (customer) that would mitigate the absence of controls for all of the CUEC's?

Inclusive method

Used for sub-service organizations, the processes and controls are included as part of the report The following considerations must be evaluated: --Is the subservice organization assertion letter included along with the service organization assertion letter? --Are there any exceptions noted within the report? If so, what compensating or mitigating controls are in place to eliminate or reduce the risk associated with the exception?

THE DISTINGUISHING FEATURE BETWEEN ERRORS AND FRAUD IS

WHETHER THE MISSTATEMENT IS INTENTIONAL OR UNINTENTIONAL. ERRORS ARE UNINTENTIONAL MISSTATEMENTS WHILE FRAUDS ARE INTENTIONAL MISTATEMENTS.

What company used depreciation expense to commit fraud

Waste Management

Author Andersen's failure was a result of the firm's loss of reputation as a result of a long string of audit failures. Which companies in our cases was AA the auditor

Waste Management, Enron, and World Com

What role do metaphors and analogies play in judgment framing, and how can they be used to improve your ability to examine issues through multiple frames?

We adopt metaphors or analogies as part of our judgment frames to help us make sense of complex situations. For example: "the war on drugs" versus "a cancer on the nation." Identifying these helps us recognize the frames we are processing our perspectives and judgments in. After understanding our current frame, we can consider alternative frames.

Control Objective

What the service organization wants to achieve

What makes white collar crime difficult to detect and control

White-collar crimes are almost always based in or part of legitimate business activities.

Which company was Bernie Ebbers from who was convinced for his role in the fraud and sentenced to over 20 years in prison. Currently, he is appealing his verdict.

WorldCom

which company had the largest bankruptcy in U.S. history.

WorldCom

What company was a Mississippi- based telecommunications company that grew through aggressive mergers and acquisitions

WorldCom Inc.

which companies used the fraud tactic of capitalizing expenses

WorldCom,

WHY DID ENRON GO BANKRUPT BUT XEROX SURVIVED

XEROX DID NOT LOSE A LOT OF CLIENTS LIKE ENRON DID (THEY DID DIFFERENT TYPE OF BUSINESS)

HOW WAS XEROX FRAUD DETECTED?

XEROX MANIPULATED EARNINGS 1997.1998, 1999. AFTER MANIPULATED 3 YEARS, THEY DIDN'T HAVE RESOURCES FOR PROFIT AFTER THREE YEARS & IN 2000 HAD TO REPORT A LOSS

The accounting manipulations for Xerox centered around its accounting for __________________________ while Enron's centered around its accounting for ______________________________.

XEROX;lease transactions (specifically its estimates of lease revenues), ENRON; investment transactions (specifically its accounting for Special Purpose Entities)

Is Ms. Stitt's testimony about initialing working papers is consistent with the spirit of AU-C 230 and PCAOB AS 1215

Yes, she performed minimum requirement. As Mr. Stitts noted, a reviewer should not initial a working paper until that person is comfortable with the work performed and conclusions reached as documented on the working paper.

DO YOU THINK IF AN ACCOUNTING FIRM PROVIDES AUDIT SERVICE, CAN THEY PROVIDE TECH SERVICE

Yes, they can

SOC2 reports are intended to meet:

a broad range of users that detail information and assurance about the controls at a service organization relevant to security, availability and processing integrity

what is a node

a computer operating on the blockchain

limited assurance, the auditor can provide:

a conclusion

stablecoins

a cryptocurrency that is tied to a stable asset such as gold or a US dollar

Within an auditing context, what is professional judgment? a. Professional judgment is the process of using relevant training, knowledge, and experience to reach a decision or draw a conclusion in evaluating evidence, estimating probabilities, or selecting between options. b. Professional judgment is professional skepticism, which is an attitude that includes a questioning mind and a critical assessment of audit evidence. c. Professional judgment is the application of one's experience to make a judgment in the absence of supporting evidence, based on the facts and circumstances of the audit engagement. d. Professional judgment is the construction of a logical justification to support an outcome or conclusion that is otherwise not supported by the available evidence.

a. Professional judgment is the process of using relevant training, knowledge, and experience to reach a decision or draw a conclusion in evaluating evidence, estimating probabilities, or selecting between options.

Fixed Term Mortgages a. Required a certain sized down payment in relation to the value of the loan (called the loan to value rate). b. The interest rate on the loan is adjustable depending on various economic indicators. c. The seller subsidizes the borrower for short period of time. d. Start with low payments that rise over time. e. The payment is less than is needed to pay off the loan over time and so, the loan gradually gets larger over time. f. Loans made to people who would not normally qualify for regular loans because of their inadequate credit.

a. Required a certain sized down payment in relation to the value of the loan (called the loan to value rate).

step 3- each node works on finding a difficult proof of work for its block key steps for this to work:

a. hash transactions into a root hash b. hash the data in the block and include a nonce as part of this process until the resulting hash begins with a specified number of zero's FINDING THE APPROPRIATE NONCE SERVES AS PROOF OF WORK

KPMG Professional Judgment Framework includes a. mindset, b. consultation, c. knowledge and professional standards, d. influences and biases, e. refection & coaching f. all above

a. mindset, b. consultation, c. knowledge and professional standards, d. influences and biases, e. reflection & coaching f. all above

Toby Groves expanded into a. mortgage lender b. mortgage broker

a. mortgage lending.

WHAT COULD BE THE SOLUTION (CONTROL) for the following risk of Harley Davidson integrating the suppliers into their system: Suppliers may manipulate the system and take advantage of their increased access to Harley D's purchasing schedules, including increased chance of fraud by suppliers. a. · The performance of random audits by outside company to monitor the use of confidential information by suppliers · The implementation of a procedure to discard information after it has been used or to store it securely b. Requiring suppliers to stay up to date on current technology by purchasing and maintainina. · The performance of random audits by outside company to monitor the use of confidential information by suppliers · The implementation of a procedure to discard information after it has been used or to store it securely b. Requiring suppliers to stay up to date on current technology by purchasing and maintaining hardware and software that is compatible with the new supply chain system that is compatible with the new supply chain system c. The implementation of a system where every transaction is stored electronically, with backups, in a secure area so transactions are available for later review. d. The use of firewalls and such security measures to protect from those attempting to corrupt the integrity of the system.

a. · The performance of random audits by outside company to monitor the use of confidential information by suppliers · The implementation of a procedure to discard information after it has been used or to store it securely

A primary advantage of using generalized audit software packages to audit the financial statements of an entity that uses an IT system is that the auditor may:

access information stored on computer files while having a limited understanding of the entity's hardware and software features.

If auditors conduct substantive procedures as of 10/31 for an entity with a 12/31 year-end:

additional tests likely will be performed in the remaining period.

inclusive method

addresses services provided by a subservice organization where management's description of the service of the service organization's system includes of the nature of the services provided by the subservice organization

An auditor's primary consideration regarding an entity's internal controls is whether they:

affect the financial statement assertions

An auditor's primary consideration regarding an entity's internal controls is whether they:

affect the financial statement assertions.

what happens if there is a fraudulent nonce

all of the nodes will reject it, providing consensus

What measures has and/or can the profession take to reduce the potential consequences of this power imbalance?

b) SOX prohibits external auditors from providing certain services to clients including: • bookkeeping or other services relating to the accounting records or financial statements of the audit client; • financial information systems design and implementation; • appraisal or valuation services, fairness opinions or contribution-in-kind reports; • actuarial services; • internal audit outsourcing services; • management functions or human resources; • broker or dealer, investment advisor, or investment banking services; • legal services and expert services unrelated to the audit;

Rita Crundwell held the position of ____________ Select one: a. Governor b. City comptroller c. Mayor d. City commissioner

b. City comptroller

Which sets the tone of the organization towards controls? a. Information and Communication b. Control Environment c. Risk Assessment d. Monitoring e. Control Activities

b. Control Environment

Which of the following best describes a technique to mitigate the confirmation bias? a. Consider the most unusual case b. Make the opposing case c. Consult with others d. Get objective data

b. Make the opposing case

Which of the following best describes the relationship between professional skepticism and professional judgment? a. Professional skepticism is an attitude that includes a questioning mind and a critical assessment of audit evidence that is separate and apart from the process of exercising professional judgment. b. Professional skepticism is an attitude that includes a questioning mind and a critical assessment of audit evidence that is part of the process in forming professional judgments. c. Professional skepticism is synonymous with professional judgment.

b. Professional skepticism is an attitude that includes a questioning mind and a critical assessment of audit evidence that is part of the process in forming professional judgments.

WHAT COULD BE THE SOLUTION (CONTROL) for the following risk of Harley Davidson integrating the suppliers into their system: · Suppliers may lack the necessary hardware/software tools to be compatible with HD's system · Suppliers may not know how to operate the system · The suppliers system may lack integrity or quality and may provide inaccurate info to hd's system a. · The performance of random audits by outside company to monitor the use of confidential information by suppliers · The implementation of a procedure to discard information after it has been used or to store it securely b. Requiring suppliers to stay up to date on current technology by purchasing and maintaining hardware and software that is compatible with the new supply chain system c. The implementation of a system where every transaction is stored electronically, with backups, in a secure area so transactions are available for later review. d. The use of firewalls and such security measures to protect from those attempting to corrupt the integrity of the system.

b. Requiring suppliers to stay up to date on current technology by purchasing and maintaining hardware and software that is compatible with the new supply chain system

The confirmation bias is a subconscious tendency to do which of the following? a. Seek evidence that confirms a biased judgment b. Seek evidence that confirms a previously held view c. Underutilize confirmations in the testing of accounts receivable d. Seek evidence that disconfirms a previously held view

b. Seek evidence that confirms a previously held view

· Adjustable Rate Mortgages (ARMs) a. Required a certain sized down payment in relation to the value of the loan (called the loan to value rate). b. The interest rate on the loan is adjustable depending on various economic indicators. c. The seller subsidizes the borrower for short period of time. d. Start with low payments that rise over time. e. The payment is less than is needed to pay off the loan over time and so, the loan gradually gets larger over time. f. Loans made to people who would not normally qualify for regular loans because of their inadequate credit.

b. The interest rate on the loan is adjustable depending on various economic indicators.

Toby began working as a a. mortgage lender b. mortgage broker

b. mortgage broker.

cryptocurrency

basically online money i.e. bitcoin

obtaining evidence regarding operating effectiveness - automated controls

because of the consistency of IT processing performing procedures to determine the design, you only have to test once. It should execute the same way every time, -for this to work you have to have good ITGCs

After obtaining an understanding of an entity's internal control system, an auditor may set control risk at high for some assertions because the auditor

believes the internal controls are unlikely to be effective.

After obtaining an understanding of an entity's internal control system, an auditor may set control risk at high for some assertions because the auditor:

believes the internal controls are unlikely to be effective.

SHA256

bitcoin and ethereum

provably signed

blockchains use the public key infrastructure (PKI) encryption methodology for sharing and controlling information

For any related-party transaction that is required to be disclosed or that is determined to be a significant risk, PCAOB auditing standards dealing with related party issues require the auditor to do each of the following, EXCEPT for a. Evaluating the financial capability of the related parties with respect to their significant responsibilities in connection with the transaction. b. ascertaining that the transaction has been authorized and approved in accordance with the company's established policies. c. Reading applicable underlying documents for consistency with explanations about the business purpose obtained from inquiries and other procedures performed. d. Obtaining a written representation for the company's lawyer that the related-party transaction complies with all applicable laws and regulations.

d. Obtaining a written representation for the company's lawyer that the related-party transaction complies with all applicable laws and regulations.

Which of the following is true with respect to the overconfidence bias? a. Overconfidence is always a conscious bias. b. Overconfidence could result in the consideration of too many alternatives. c. Overconfidence usually decreases with experience. d. Overconfidence could result in engagement team members performing audit procedures that are beyond their skill sets.

d. Overconfidence could result in engagement team members performing audit procedures that are beyond their skill sets.

· Graduated Payment Mortgages a. Required a certain sized down payment in relation to the value of the loan (called the loan to value rate). b. The interest rate on the loan is adjustable depending on various economic indicators. c. The seller subsidizes the borrower for short period of time. d. Start with low payments that rise over time. e. The payment is less than is needed to pay off the loan over time and so, the loan gradually gets larger over time. f. Loans made to people who would not normally qualify for regular loans because of their inadequate credit.

d. Start with low payments that rise over time.

Which of the following describes how the availability tendency is most likely to affect auditors? a. Auditors may first consider different potential causes for an observed fluctuation before seeking the client's explanation with regards to analytical procedures. b.Auditors may rely on information provided by client staff who is most knowledgeable about an audit area rather than the staff most easily accessible. c. Auditors may seek evidence that supports their belief of how a transaction should be accounted for. d.Auditors may weigh more heavily the information that was received most recently from a client relative to information received earlier during the audit.

d.Auditors may weigh more heavily the information that was received most recently from a client relative to information received earlier during the audit.

A control deviation caused by an employee performing a control procedure that he or she is not authorized to perform is always considered a:

deficiency in operation.

what are the criteria for deciding whether to accept or continue an engagement? (preconditions)

determine whether it is too risky to have your name associated with it, if you're hired to do an engagement that's very small, think about whether its even useful or beneficial information

encryption

digital equivalent to closing a lock

decryption

digital equivalent to opening a lock

is blockchain centralized, decentralized, or distributed

distributed

how should a practitioner handle documenting

document EVERYTHING *if it isn't documented, it never happened*

· Negative Amortization Loans a. Required a certain sized down payment in relation to the value of the loan (called the loan to value rate). b. The interest rate on the loan is adjustable depending on various economic indicators. c. The seller subsidizes the borrower for short period of time. d. Start with low payments that rise over time. e. The payment is less than is needed to pay off the loan over time and so, the loan gradually gets larger over time. f. Loans made to people who would not normally qualify for regular loans because of their inadequate credit.

e. The payment is less than is needed to pay off the loan over time and so, the loan gradually gets larger over time.

what is the incentive for nodes to participate in supporting the blockchain

each new block has a token tied to it transaction fees can also be used as incentives to solve a hash puzzle t add new blocks to the blockchain

cypher text

encrypted data

Au-C Section 200, "Overall Objectives of the Independent Auditor and the Conduct of an Audit in Accordance with GAAS" requires

· "Due Professional Care in the Performance of Work," both note that professional skepticism is an attitude that includes a questioning mind and a critical assessment of audit evidence. Professional skepticism requires the auditor to use the knowledge, skill, and ability called for by the profession of public accounting to diligently perform, in good faith and with integrity, the gathering and objective evaluation of evidence. KPMG's reliance on "'silence" as evidence does not appear to be consistent with concepts of a questioning mind and critical evaluation of audit evidence described in AU-C200 and in PCAOB AS 1015.

Based on your understanding of the concept of "related transactions" why would the non-compete payments describe in the Hollinger case be considered a "related party transaction ?"

· ASC No. 850 includes an entity's management as a related party. - Conrad Black's service as Chairman and Chief Executive Officer of Hollinger International and David Radler's service as Chief Operating Officer mean that both Black and Radler would be considered related parties.

Based on your review of requirements in auditing standards related to auditor documentation why must auditors prepare audit documentation ?

· AU-C Section 230 and PCAOB AS 1215 require that the audit documentation record who performed the audit work and the date such work was completed and who reviewed specific audit documentation and the date of such review. Each working paper does not need to include specific evidence of review. But, it should be clear from the audit documentation who reviewed specified elements of the audit work performed and when. · Ms. Stitt's testimony about initialing working papers is consistent with the spirit of AU-C 230 and PCAOB AS 1215. As she noted, a reviewer should not initial a working paper until that person is comfortable with the work performed and conclusions reached as documented on the working paper.

What changes should the profession make to eliminate these obstacles of auditor making tough decisions that may be contrary to their clients position?

· Auditors need to be committed to putting the public interest first. · Need to be upfront with each client. · Reformulate their performance evaluation and compensation practices. · Require national approval for complex or aggressive accounting positions. · SOX 2002 prohibits non-audit service.

Section 201 of the Sarbanes-Oxley Act of 2002 makes it 'unlawful' for a registered public accounting firm to provide any non-audit service to an issuer contemporaneously with the audit including:

· BOOKING OR OTHER SERVICE RELATED TO THE ACCOUNTING RECORDS OR FINANCIAL STATEMENTS OF THE AUDIT CLIENT · FINANCIAL INFORMATION SYSTEMS DESIGN AND IMPLEMENTATION · APPAISAL OR VALUATION SERVICES, FAIRNESS OPINIONS OR CONTRIBUTION IN KIND REPORTS · ACTUARIAL SERVICES · INTERNAL AUDIT OUTSOURCING SERVICES · MANAGEMENT FUNCTIONS OR HUMAN RESOURCES · INTERNAL AUDIT OUTSOURCING SERVICES · LEGAL SERVICES AND EXPERT SERVICES UNRELATED TO THE AUDIT

GIVEN THE TECHNOLOGY LINKAGES BETWEEN BUSINESS PARTNERS IN EBUSINESS SYSTEMS, HOW MIGHT AN EBUSINESS SYSTEM LIKE HD'S INCREASE BUSINESS RISKS FOR ITS BUSINESS PARTNERS?

· COSTS TO BE A PARTNER MAY MAKE DOING BUSINESS WITH HD LESS PROFITABLE · INFORMATION FROM HD MAY NOT PROVIDE RELIABLE FORCASTS FOR SUPPLIERS TO MANAGE THEIR INVENTORIES EFFICIANTLY · HD MAY TAKE ADVANTAGE OF ITS DOMINANCE IN THE NEGOTIATION POSITION AND THE INTERNET ARRANGEMENT MAY INCREASE COMPETITIVE PRESSURES ON SUPPLIERS · BUSINESS RELATIONSHIPS WITH OTHER CUSTOMERS MAY SUFFER DUE TO LACK OF RESOURCES (TIME, ENERGY & RESOURCES FOCUSED ON MEETING HD'S REQUIREMENTS o DEPENDANCE ON HD AS A KEY CUSTOMER-LESS DIVERSIFIED CUSTOMER BASE · COULD LOSE SOME AUTONOMY AND FREEDOM AS HD MAY EXCERCIZE INFLUENCE OVER THEIR BUSINESS DECISIONS o SPECIALIZING IN HD PARTS MAY CREATE THE NEED FOR BUSINESS PARTNERS TO DEPART FROM BUSINESS PLANS AND STRATAGIES THAT WERE ONCE SUCESSFUL o PARTNERS MAY FIND THE NEED TO SPECIALIZE AND DROP SOME LINES OF BUSINESS IN ORDER TO PRODUCE THE QUANTITY OF PARTS NEEDED BY HD

If the client has hired former auditors, how might this affect the independence of the existing external auditors?

· Close personal relationship between former and current auditor · Current auditors may rely too much on the representations made by their former colleague · Former auditor will be intimately familiar with audit procedures and approaches • Increases the potential for successfully hiding an accounting fraud or mismanagement of funds

• ***AU-C 240: Consideration of Fraud in a Financial Statement Audit

· Fraud definition · Fraud risk factors (incentive to perpetrate , opportunity, rationalization to justify) · Basic requirement: professional skepticism (identify & assess the risk of material misstatement, obtain sufficient evidence, respond appropriately to fraud)

How did Toby's company lose money that belonged to his clients.

· Funds that had been placed into escrow to cover insurance premiums and taxes was being used to cover ordinary business expenses. · Resulted in approximately $250,000 losses to the clients.

For each misstatement identified in CUC, indicate one management assertion that was violated.

· Irregular charges against merger reserves - Occurrence or accuracy of revenues, Completeness or accuracy of expenses, Valuation or existence of merger reserves. · False coding of services sold to customers - Classification of revenues Valuation of deferred revenues. · Delayed recognition of membership cancellations and bank rejection of charges made to members' credit card accounts - Occurrence of revenues Existence or valuation of cash.

what is run on the bank? Did this occur with Enron and Arthur Anderson?

· It occurs when customers/institutions panic that their bank will go bankrupt, losing the funds they deposited. As a result, many customers will withdraw their savings within a very narrow time frame resulting in the bank becoming insolvent. Yes

Based on your review of the transcript about the audit committee meeting, describe whether you believe KPMG exercised due professional care in pursuing this issue with Hollinger International's Audit Committee. Did KPMG accomplish the intent of auditing standards? What could KPMG have done differently with respect to this issue during this meeting?

· KPMG did not explicitly inquire of the Audit Committee. · One might question whether KPMG exercised due professional care in pursing resolution of the non-compete payments with the Audit Committee during its meeting with them on Feb.20, 2002. · Ms. Stitt noted and interpreted " their silence as meaning that they had- they had - considered them before and they had been approved." o Should have obtained audit evidence that they were approved

LIST OF KPMG'S FAILURES IN XEROX CASE

· KPMG failed to inform Xerox's Board of Directors or its Audit Committee about illegal acts that had or may have occurred or that otherwise came to its attention. · KPMG's U.S. audit partners received warnings from member KPMG firms in Europe, Brazil, Canada, and Japan that some of the accounting assumptions and methods used by Xerox were not based on adequate evidentiary support. KPMG also received warnings from KPMG's Rochester, NewYork office. · KPMG recommended that Xerox test the accounting assumptions underlying the recording of sales- type leases but Xerox management did not test and KPMG did not require Xerox management to test the underlying assumptions. · KPMG did not require Xerox management to provide competent corroborating evidence to support the assumptions used to record the sales-type leases. · KPMG did not adequately test the assumptions underlying the sales-type leases recorded by Xerox's management. · KPMG did not identify as a material internal control deficiency Xerox management's inability to estimate the fair value of its products for sales-type leases. · KPMG did not require Xerox management to disclose material changes in accounting estimates used to report sales-type leases. · The discount rates used by Xerox management to calculate fair value of sales-type leases were not supported by market rates. · KPMG partners concluded Xerox's margin normalization method was not consistent with GAAP and that there was not adequate corroborative evidence to support the margin normalization approach. · KPMG partners concluded that Xerox management used the margin normalization method to engage in quarter-end transactions to "bridge the gap" (between reported earnings and analyst earnings expectations) and made last minute adjustments to the normalization method to limit KPMG's ability to review and test changes. · Xerox management had imposed restrictions on the discussions that KPMG staff could have with Brazil and Europe managers regarding the margin normalization method. · KPMG partners knew that Xerox management had reduced the non-GAAP revenue recognition of lease price increases and extensions to below materiality for the consolidated statements for 1999 and allowed Xerox management to recognize revenue for the non-GAAP application in prior years because it was "an immaterial misapplication of GAAP."

• What red flags were present during the 1995 through 1997 audits of CUC that may have suggested weaknesses in CUC's control environment?

· Lack of appropriate board oversight. · The aggressive management philosophy and operating style. o Aggressive accounting practices o Emphasis on meeting analyst expectations

AU-C-450: EVALUATION OF MISSTATEMENTS IDENTIFIED DURING THE AUDIT

· MISSTATEMENTS, UNCORRECTED MISTATEMENTS (NATURE OF THE MISSTATEMENT AND THE POTENTIAL IDENTIFIED MISSTATEMENTS) · TIMELY COMMUNICATIONS WITH THE MANAGEMENT, REQUEST CORRECTIONS · ADDITIONAL AUDIT AFTER CORRECTIONS · IF REFUSED BY MANAGEMENT, THEN OBTAINING REASONS, AND EVALUATE THE EFFECT OF THE MISSTATEMENTS ON THE WHOLE FINANCIAL STATEMENT

When assessing the likelihood fraud the auditor should consider:

· Management's incentives/PRESSURE (are there industry conditions or operating characteristics putting pressure on management to perpetuate a fraud?) THIS IS INSIDE FACTOR · Management's opportunity (are there significant accounts requiring subjective estimates, is the control environment weak, are controls inadequate?) · Management's attitude (is or has management exhibited questionable behavior in the past?) - UPPER LEVEL BUSINESS INCENTIVES BASED ON REVENUE - CREDIT IMPORTANT - OUTSIDE PRESSURE TO MAINTAIN

IMPORTANT!!! SUMMARIZE THE PRIMARY AUDITOR RESPONSIBILITIES IN THE PCAOB'S AS 2410 REGARDING THE AUDITORS RESPONSIBILITIES WITH REPECT TO IDENTIFYING RELATED PARTY RELATIONSHIPS AND TRANSACTIONS.

· OBTAINING AN UNDERSTANDING OF THE COMPANY'S PROCESS FOR IDENTIFYING, AUTHORIZING, APPROVING, ACCOUNTING FOR AND DISCLOSING RELATED PARTY TRANSACTIONS · PERFORMING INQUIRIES OF MANAGEMENT REGARDING THE NAMES OF RELATED PARTIES AND THEIR KNOWLEDGE OF THE EXISTENCE OF RELATIONSHIPS AND TRANSACTIONS WITH RELATED PARTIES · COMMUNICATING WITH THE AUDIT ENGAGEMENT TEAM AND OTHER AUDITORS ABOUT INFORMATION CONCERNING RELATED PARTIES AND THE NATURE OF RELATIONSHIPS WITH RELATED PARTIES TRANSACTIONS WITH THOSE PARTIES.

What is the overall purpose of an auditor's communications with those charged with governance?

· Obtain certain information from the audit committee relevant to the audit · Establish an understanding of the terms of the audit engagement with the audit committee and to record that understanding in an engagement letter.

What is the overall purpose of an auditor's communications with those charged with governance?

· Obtain certain information from the audit committee relevant to the audit. · Establish an understanding of the terms of the audit engagement with the audit committee and to record that understanding in an engagement letter. · Encourage two-way communication between the auditors and the audit committee.

What are the auditor's responsibilities with respect to identifying related party relationships and transactions according to AS 2410?

· Obtaining an understanding of the company's process for identifying, authorizing, approving, accounting for and disclosing related party relationships and related party transactions. · Performing inquires of management regarding the names of related parties and their knowledge of the existence of relationships and transactions with related parties. · Communicating with the audit engagement team and other auditors about information concerning related parties and the nature of relationships with related parties and transactions with those parties.

Why do audit partners struggle with making tough decisions that may be contrary to their client's position on an issue?

· Public accounting is a highly competitive, service-oriented business. · In the business of making money.

Provide an example where management override occurred in the Cendant fraud.

· Recording irregular charges against merger reserves. · Recording cash received from customers for deferred revenue recognition programs as cash received from customers for immediate revenue recognition programs. · Delaying the recording of membership cancellations and bank rejection of charges made to customer's credit cards.

What has been done, and what more do you believe should be done to restore the public trust in the auditing profession and in the nation's financial reporting system?

· SOX 2002 Act. Attempts to restore confidence. · PCAOB creation. End self-regulation. Audit auditors. · NYSE and NASDAQ instituted several reforms to strengthen corporate government.

Financial Reporting Competencies In evaluating this CONTROL ENVIRONMENT component, consider whether:

· management has specified the competence level needed for particular skills and translated the desired levels of competence into requisite knowledge and skills · evidence exists indicating that employees appear to have the requisite knowledge and skills · management provides training for employees to review and improve competencies

Judgment Frames are

· mental structures that we use, · usually subconsciously, · to simplify, organize, and · guide our understanding of a situation. They shape our perspectives and determine the information that we will see as relevant or irrelevant, important or unimportant.

What are the four common judgment tendencies that are most applicable and important for audit professionals:

· the availability tendency, · the confirmation tendency, · the overconfidence tendency, and · the anchoring tendency.

WHAT ARE SOME NEW BUSINESS RISKS FACING HARLEY DAVIDSON AS A RESULT OF INTEGRATING EBUSINESS INTO ITS SUPPLY CHAIN MANAGEMENT SYSTEM AND BY ALLOWING SUPPLIERS TO HAVE ACCESS TO THE COMPANY'S INTRANET?

· SUPPLIERS MAY VIOLATE CONFIDENTIALITY AGREEMENTS AND LEAK INFORMATION TO COMPETITORS · SUPPLIERS MAY NOT EFFECTIVELY INTERPRET THE INFORMATION BEING PROVIDED TO PROPERLY SCHEDULE THE DELIVERY OF PARTS · AN EMPLOYEE OF ONE OF THE SUPPLIERS MAY HAVE CONFLICTING JOB RESPONSIBILITIES THAT CREATE AN INCENTIVE TO COMMIT FRAUD · SUPPLIERS MAY MANIPULATE THE SYSTEM AND TAKE ADVANTAGE OF THE INCREASED ACCESS TO HD'S PURCHASING SCHEDULES, INCLUDING INCREASED POSSIBILITY OF FAUDULENT ACTIONS BY SUPPLIERS · SUPPLIERS MAY NOT BE UP TO PAR IN TERMS OF BEING COMPATIBLE WITH HD'S INTERNET BASED SYSTEM (THEY MAY LACK THE NECESSARY HARDWARE & SOFTWARE TOOLS. IN ADDITION, SUPPLIERS MAY NOT HAVE THE "KNOW HOW" TO OPERATE THE SYSTEM. FINALLY, A SUPPLIERS SYSTEM MAY LACK INTERGRITY & QUALITY, AND MAY PROVIDE INACCURATE INFORMATION TO HD'S SYSTEM · THE RISK OF FRAUDULENT TRANSACTIONS MAY INCREASE AS A RESULT OF SWITCHING FROM A PAPER BASED SUPPLY CHAIN MANAGEMENT SYSTEM TO AN ELECTRONIC SYSTEM. HIDING SUCH TRANSACTIONSMAY BECOME EASIER SINCE THERE IS NO PAPER BASED AUDIT TRAIL OF TRANSACTIONS TO BE REVIEWED BY INTERNAL OR EXTERNAL AUDITORS · SWITCHING TO AN INTERNET BASED SYSTEM INCREASES THE RISK OF HACKERS BREAKING INTO THE SYSTEM

Based on your overview of the auditor's communication responsibilities, why was it appropriate for KPMG to discuss related party transaction with Hollinger International's Audit Committee?

· Significant event (involving CEO & COO) · Material transactions (more than $85 million) · Disagreement between Hollinger International's management team and KPMG as to whether the transactions constituted related party transactions.

Based on your overview of the auditor's communication responsibilities, why was it appropriate for KPMG to discuss the related party transactions with Hollinger International's Audit Committee?

· Significant event (involving CEO & COO) · Material transactions (more than $85 million) · Disagreement between Hollinger International's management team and KPMG as to whether the transactions constituted related party transactions.

What does PCAOB AS 2410, Related Parties, say about communications with audit committees?

· The identification of related parties or relationships or transactions with related parties that were previously undisclosed to the auditor · The identification of significant related party transactions that ha ve not been authorized or approved in accordance with the company's established policies or procedures. · The identification of significant related party transactions for which exceptions to the company's established policies or procedures were granted. · The inclusion of a statement in the financial statements that a transaction with a related party was conducted on terms equivalent to those prevailing in an arm's length transaction and the evidence obtained by the auditor to support or contradict such an assertion · The identification of significant related party transactions that appear to lack a business purpose.

In the "slippery slope offense"

· The offender does not have a grand plan to engage in a large scale criminal offense. · The initial offense is viewed as a temporary and short term solution to a crisis that the offender is experiencing.

WHAT KIND OF ITEMS DID XEROX USE TO CREATE FRAUD

· USED LEASE TO MANIPULATE RECOGNITION · USING LEASING BUNDLES AND RECOGNIZING THE SERVICE AND FINANCE RECOGNIZE UP FRONT TO INCREASE REVENUES UP FRONT o LEASES ARE MORE COMPLICATED/ RULES KEEP CHANING SO EASIER TO MANIPULATE · BECAUSE OF COMPLICATION OF RULES, MANAGERS CAN MANIPULATE THE LEASE

Describe areas in which the CUC EXTERNAL auditors needed to exercise professional judgment?

· Whether they had sufficient and appropriate evidence in regards to: Recognition of charges against merger reserves Recognition of revenues related to services purchased by customers Recognition of customer nonpayment or cancellation of services Type of future expenditures included in a merger reserve Time frame that should be used to recognize different types of service revenues · The level of reserve needed at year-end related to customer service cancellation or nonpayment.

Who should oversee Whistleblower programs and how it is handled?

· Whistleblowers programs should be overseen by the board's audit committee. Confidentiality and trust. e.g., culture: valuable contribution · Submission of complaints are automatically and directly submitted to the audit committee. Role of third-party vendors to administer the whistleblowing program. o Can provide telephone or internet-based hotline for reporting complaints • Internal audit is an effective monitor of the whistleblower program

In evaluating BOARD OF DIRECTORS COMPONENT OF CONTROL ENVIRONMENT, consider whether:

· a board of directors and audit committee exists and is sufficient in membership to deal with important issues adequately · directors or audit committee members have sufficient knowledge, industry experience and time to serve effectively · some directors or audit committee members are independent of management · frequency and timeliness with which meetings are held with accounting officers and external auditors · the board oversees and takes action as needed · tone at the top is set by the board and management

Professional skepticism is

· an objective attitude that includes a questioning mind and · a critical assessment of audit evidence.

Authority and Responsibility In evaluating this CONTROL ENVIRONMENT component, consider whether:

· appropriate policies for acceptable business practices, conflicts of interest, and codes of conduct have been established and have been communicated to employees · individuals are evaluated and held accountable for their internal control responsibilities · Incentives, rewards and pressures are aligned with internal control goals and responsibilities · there is a clear assignment of responsibility and delegation of authority for goals and objectives, operating functions, and regulatory requirements · computer system documentation clearly indicates the procedures for authorizing transactions and for approving system changes · data processing policies and procedures are adequately documented

At the bottom of the Professional Judgment Framework, you will see Knowledge and Professional Standards,

· as these factors are foundational to quality judgments.

Which of the following statements about judgment frames is correct? · a. A situation cannot have more than one appropriate frame. · b. There is often no single best frame for a given situation. · c. Frames are not used by risk averse individuals. · d. Professionals should eliminate the use of frames from their judgment processes.

· b. There is often no single best frame for a given situation.

Organizational Structure In evaluating this component OF CONTROL ENVIRONMENT, consider whether:

· the organization's lines of authority and responsibility are clearly · defined · operating policies are determined centrally by senior management · transaction policies and procedures are clearly established and strictly followed · the organization is adequately structured given its complexity and size · management is actively involved in the supervision of data processing · employee job responsibilities and specific duties are clearly established and communicated · job descriptions and organizational charts are maintained and periodically updated

Could the board of directors at Enron-especially the audit committee—have prevented the fall of Enron through Corporate Governance

·yes Board of Directors take steps to: o Strengthen Oversight o Strengthen Independence

• AU-C 500: Audit Evidence Attributes:

• AU-C 500: Audit Evidence Attributes: * Accounting Records * Appropriateness (Relevance/Reliability) * Info. Other than accounting records * Management's specialist * Sufficiency (quantity & quality)

ASC 805/810: Business combinations

• Acquisition method • Identifiable assets & liabilities, non-controlling interest • Gain/goodwill from a bargain purchase • Reverse acquisition • Common control • Taxation issues

► ASC 805/810: Business combinations

• Acquisition method • Identifiable assets & liabilities, non-controlling interest • Gain/goodwill from a bargain purchase • Reverse acquisition • Common control • Taxation issues

Would the provisions of Section 302 of the Sarbanes-Oxley Act of 2002 have deterred the actions of Scott Sullivan, CFO at WorldCom?

• Alerted senior management to the importance of the financial reporting process. • The penalties issued by the SEC in its final rules issued to implement the provisions of Section 302 significantly extend the criminal penalties associated with violating the provisions of Section 302.

Under Section 302 of the Sarbanes-Oxley Act of 2002, The signing officers are required to disclose to its auditors and the audit committee:

• All significant deficiencies in the design or operation of internal controls and all material weaknesses identified • Any fraud, whether or not material, that involves management or other employees who have a significant role in the company's internal controls. The signing officers have indicated in the report whether there were any significant changes in internal controls that could significantly affect internal controls subsequent to the date of their evaluation.

Section 406/407 of Sarbanes Oxley: code of ethics

• At least one "audit committee financial expert" serving on its audit committee, whether she is independent from the management team • Whether it has adopted a code of ethics that applies to primary executive

• What responsibility does an auditor have to detect material misstatements due to errors and fraud?

• Auditors are required to plan and perform audit engagements to provide reasonable assurance that the financial statements are free of material misstatement, whether the result of error or fraud.

HOW DID CUC PERPETRATE THE FRAUD

• CUC inflated their earnings by recording fictitious revenues and reducing expenses • CUC made irregular charges against merger reserves, falsely coded cash, delayed recognition of membership cancellations and credit card rejections • CUC encouraged employees to conceal information from the auditors

Factors that existed during the 1997 through 2000 audits of Xerox that created an environment conducive to fraud include:

• Changing business environment for document processing products (transition to color documents, digital technology, network connected devices, and electronic documents), • Increasing competition from foreign competitors, • Investment climate of the 1990s for public companies to continuously report revenues and earning growth, • Need for Xerox to maintain high credit rating to obtain the funds necessary to internally finance customer purchases, • Linkage of senior management compensation to increasing revenues and earnings, • Negative operating cash flows. • Complexity and subjectivity of accounting related to lease transactions. • Management's use of aggressive accounting practices to increase revenues and earnings, • Senior management's view of accounting manipulations as accounting opportunities, • Senior management's disregard for accounting concerns raised by non-senior managers.

Steps to Strengthen Independence include

• Director independence. Outside director free of material financial ties to the company. • Audit committees. Oversee financial statements and accounting practices and hire and fire the outside auditor. • Auditors. Prohibit external auditors providing non-audit services.

WHO DISCOVERED THE FRAUD BY CUC?

• Discovered by HFS personnel early in 1998

What obstacles do Whistleblowers face as a result of bringing the inappropriate actions of others to light

• Doubt as to whether their claims are accurate. • Disgruntled individuals responding to an emotional reaction • Consequences of whistleblowing • Personal losses • Legal issues

What are the things to consider when thinking of bringing forward a potential fraud?

• Ensure a clear understanding of the facts give rise to the concern. Avoid premature "claims". • Gather evidence. • Consider approaching his or her superiors for a chance of additional information. • Follow established company procedure. • If necessary, outside legal counsel

Which factors existed during the 1995 through 1997 audits of CUC that created an environment conducive for fraud?

• Excessive emphasis of CUC management on meeting analyst expectations. • Management's focus on maintaining a strong stock price • Provide opportunities to use CUC stock to acquire and merge with other companies. • The use of overly aggressive accounting practices. • CUC's rapid growth • Lack of board oversight because of the close financial ties of four of the directors with Walter Forbes, chairman and chief executive officer.

Describe techniques Andersen auditors could have used to assess the reasonableness of those estimates used to create Waste Management's financial statements.

• First, the auditors could have requested information about the sources of data and factors that management used to form the assumptions about salvage values and useful lives to evaluate the reasonableness of those assumptions. • Second, the auditors could have compared information about the useful lives for depreciating classes of assets to similar estimates of useful lives used by competitors in the waste management industry. • Third, the auditors could have performed an analysis of recent property and equipment disposals to determine whether asset disposals were consistently occurring within time periods shorter than the estimated useful lives and at disposal amounts less than salvage value assumptions. Such a retrospective analysis of management's estimates of salvage values and useful lives may have identified a consistent bias in management's assumptions of those items. • Fourth, given the specialized nature of many of the property and equipment items used in the waste management industry, the auditors may have benefited from the judgments of independent specialists knowledgeable of those kinds of assets.

What two main categories of fraud affect financial reporting?

• Fraudulent financial reporting • Misappropriation of assets.

What factors should an auditor consider when evaluating the control environment?

• Integrity and ethical values • Commitment to competence • Board of directors and audit committee participation • Management's philosophy and operating style • Organizational structure • Assignment of authority and responsibility • Human resource policies and practices

According to professional standards, what are the organizational reporting lines of authority appropriate for an effective internal audit function within an organization?

• International Standards for the Professional Practice of Internal Auditing issued by The Institute of Internal Auditors (www.theiaa.org, section 1110): "The chief audit executive should report to a level within the organization that allows the internal audit activity to fulfill its responsibilities. The chief audit executive must confirm to the board, at least annually, the organizational independence of the internal audit activity" (see Section 1110 of those standards). Those standards note in the Interpretation of Section 1110 that "Organizational independence is effectively achieved when the chief audit executive reports functionally to the board." • Most recommend that internal audit report directly to the audit committee of the board of directors. Because of its independence from top management, the audit committee can effectively ensure that internal audit's scope is not restricted by top management and that the findings are addressed appropriately by top management. While internal audit reports functionally to the audit committee on matters related to audit scope and findings, often internal audit reports administratively to the CEO.

What are Pitfalls of a whistleblower hotline?

• Occur whenever the perception of confidentiality or anonymity is breached. • Employees don't believe that appropriate follow-up actions will be taken. • Management's over-involvement in the process.

WHO PARTICIPATED IN THE CUC FRAUD?

• Over twenty CUC employees participated in the fraud including Cosmo Corigliano, CFO and Anne Pember, controller

Steps to Strengthen Oversight include;

• Prohibit high risk accounting practices. • Prohibit off-the books activity. • Prevent excessive executive compensation. • Prohibit external auditors to provide internal auditing or consulting services.

Section 404 of Sarbanes Oxley requires the following reporting on Internal Controls

• Scope & adequacy of internal control structure, procedures • Assessment on the effectiveness of them • In the same report, auditor(s) attest and report on their assessment of internal control structure and procedure

SOX section 802: Criminal penalties for altering documents

• Seven years record (workpapers, conclusions, opinions, analyses, financial data) • Fines and/or up to 20 years jail time

HOW DID XEROX PERPETRATE FRAUD?

• The accounting manipulations used by Xerox centered primarily around its lease transactions. XEROX overstated revenues by $3 billion and pre-tax earnings by $1.5 billion over the reporting period 1997 through 2000.

What are the (AU)240 Section procedures required by auditors to further address the risk of management override of internal controls?

• The three mandated procedures required by (AU) Section 240. 1. Examine journal entries and other adjustments for evidence of possible material misstatement due to fraud. 2. Review accounting estimates for biases that could result in material misstatement due to fraud. 3. Evaluate the business rationale for significant unusual transactions to determine whether the transactions may have been entered into to engage in fraudulent financial reporting.

Under Section 302 of the Sarbanes-Oxley Act of 2002, the CEO & CFO must

• They have reviewed the report • That, based on the signing officer's knowledge, the report does not contain any untrue statements of material fact or omit any material fact necessary to make the report misleading. • The financial statements, based on the officer's knowledge, are fairly presented. • The signing officers: • Are responsible for establishing and maintaining internal controls • Have designed such internal controls to ensure that material information related to the company and its subsidiaries is made known to those officers by others in the entity. • Have evaluated the effectiveness of internal controls as of a date within 90 days prior to the report • Have presented in the report their conclusions about the effectiveness of their internal controls based on their evaluation as of that date.

What are the required auditor responses to further address the risk of management override of internal controls?

• Three mandated procedures required by (AU) Section 240. 1. Examine journal entries and other adjustments for evidence of possible material misstatement due to fraud. 2. Review accounting estimates for biases that could result in material misstatement due to fraud. 3. Evaluate the business rationale for significant unusual transactions to determine whether the transactions may have been entered into to engage in fraudulent financial reporting.

WHAT WAS HAPPENING IN XEROX INDUSTRY?

• Xerox was experiencing significant technological change in the document industry (including changes from black and white to color capable devices, from stand alone to network-connected devices, from light- lens and analog technology to digital technology, and from paper to electronic documents.) • Xerox was experiencing increased competition from foreign competitors. • The investment market exuberance of 1990s created high expectations for all companies to report revenue and earnings growth. • The credit market and Xerox's compensation system was creating pressure to report revenues and earning growth.

ASC850 defines related parties as:

■ Affiliates of the enterprise ■ Entities for which investments are accounted for by the equity method by the enterprise ■ Trusts for the benefit of employees, such as pension and profit-sharing trusts that are managed by or under the trusteeship of management ■ Principal owners of the enterprise; its management; members of the immediate families of principal owners of the enterprise and its management; and other parties with which the enterprise may deal if one party controls or can significantly influence the management or operating policies of the other to an extent that one of the transacting parties might be prevented from fully pursuing its own separate interests. ■ Another party is also is related party if it can significantly influence the management or operating policies of the transacting parties or if it has an ownership interest in one of the transacting parties and can significantly influence the other to an extent that one or more of the transacting parties might be prevented from fully pursuing its own separate interests.

How did Waste Management commit fraud?

■ Avoided depreciation expenses on their garbage trucks by both assigning unsupported and inflated salvage values and extending their useful lives, ■ Assigned arbitrary salvage values to other assets that previously had no salvage value, ■ Failed to record expenses for decreases in the 'value of landfills as they were filled with waste, ■ Refused to record expenses necessary to write off the costs of unsuccessful and abandoned landfill development projects, ■ Established inflated environmental reserves (liabilities) in connection with acquisitions so that the excess reserves could be used to avoid recording unrelated operating expenses, ■ Improperly capitalized a variety of expenses, and ■ Failed to establish sufficient reserves (liabilities) to pay for income taxes and other expenses.

In evaluating Management's Philosophy and Operating Style COMPONENT OF CONTROL ENVIRONMENT, CONSIDER

■business risks are adequately monitored ■management is willing to undertake relatively low levels of business risk ■management places a high priority on internal control ■management explicitly attempts to reduce the risk of misstatements

HUMAN RESOURCES In evaluating this component OF CONTROL ENVIRONMENT, consider whether:

■employees have the background and experience necessary for their job duties ■employees understand the duties and procedures applicable to their jobs ■the organization provides for adequate training of new personnel • the workloads of accounting personnel permit them to adequately control the quality of their work ■the turnover rate of accounting personnel is low ■the turnover rate of non-accounting personnel is low ■organization maintains and periodically updates position descriptions as well as policies and procedures

What are the responsibilities of a company's board of directors?

► Ensure a firm's management act in the best interest of the firm's owners. ► As such, directors can be held liable by shareholders and others if they are negligent in their duties.

What was the impact of business risks on Enron's financial statements?

► Many deals including SPEs depended on a high and rising stock price because the company had guaranteed its obligations with stock. ► Nature of business required the confidence to meet its future obligations; otherwise, partners might begin to question the company's ability to meet its obligations. ► Pressure to report healthy financial results

What were the business risks Enron faced, and how did those risks increase the Likelyhood of material misstatements in Enron's financial Statements?

► Risk by energy company. Price instability and foreign currency risks. ► Enron as a broker of speculative energy futures magnified price risks. ► It offered financial hedges, exposing risk of interest rate and amplified foreign exchange risks. ► Transacted over the Internet, risk of technological failure. ► Change of business

What is an SPE?

► SPEs are separate legal entities set up to accomplish specific company objectives


Kaugnay na mga set ng pag-aaral

5.1 Developmental Issues, Prenatal Development, and the Newborn

View Set

Chapter 6: Entrepreneurship and Starting a Small Business

View Set

Molecular and Cellular Physiology of Vascular Smooth Muscle Cells

View Set

Chapter 6 Toes- Foot: Image Analysis

View Set

Atoms & Elements study island 8th grade

View Set

joint mobilization techniques - therex

View Set

Chapter 13: Physical and Cognitive Development in Emerging and Early Adulthood

View Set