AC565 Midterm
Role of Auditors
-give opinion on fairness of the presentation of financial statements -do not comment on attractiveness of investment in the company.
COSO's 5 Components of Internal Control
1. Control Activities: the actions that have been established by policies and procedures. Help ensure that the management's directives regarding internal control are carried out. 2. Risk Assessment: The process for identifying and assessing the risks that may affect an organization from achieving its objectives. 3. Information and Communication: gathering and sharing of information. whistleblowing encouraged 4. Monitoring - always check to make sure controls are operating. internal audit committee (also part of control environment) 5. Control Environment- the tone at the top of the company. is management in favor of internal controls?
Common Control Activities
1. Segregation of Duties 2. Authorization Process 3. Adequate Documentation 4. Physical Controls 5. Reconciliations
Sarbanes-Oxley Act of 2002
1. increased auditor independence by not allowing auditors to provide consulting services for their public audit clients 2. audit hired and fired by audit committee (subcommittee of BOD) rather than by management 3. required public company reporting on internal control effectiveness. LARGE public company must have internal controls audited. (integrated audit) 4. created the PCAOB
Rule 101 - AICPA Code of Professional Conduct
1. independent when providing audit services 2. applies to covered members. individuals on the audit team, those who influence the audit team, and all partners in the office where the lead partner practices. Included immediate family. 3. No stock or debt security directly or indirectly. No material indirect financial interest. must have 5% or less ownership in a mutual fund 4.people not on audit team in firm cannot have more than 5% of the stock. 5. cannot work for the audit client, family members cannot be in key positions (CEO, CFO, BOD) 6. cannot have family member with key position with the audit client or has a financial interest in the client that the covered member is aware of, or holds financial interest that permitted significant influence over a client 7. dont borrow money from audit client. different rules if client is a bank 8. no major gifts from clients
PCAOB responsibilities
1. registers audit firms that audit public companies 2. periodically inspects registered audit firms 3. established AUDIT STANDARDS for PUBLIC companies 4. investigates and disciplines registered audit firms for violations of relevant laws and standards 5. the first act of the PCAOB was to adopt all of the AICPA's audit standards board standards that were in effect on 4/16/03
three ways auditor documents understanding of controls
1. system flowcharts 2. questionnaires (50 yes no questions) 3. narrative, written description of all controls in company. 1 and 3 are preferred methods
Which of the following statements is correct? As a result of SOX act of 2002, a. public companies must report on the quality of their internal controls b. CPA firms cannot provide consulting services to any public company c. CPA firms can provide tax services only to nonpublic companies d. Accounting standards are set by the PCAOB
A. Public companies must report on the quality of their internal controls
which of the following is not a SOX requirement of audit committees of public companies? A. the audit committee must be chaired by the chair of the board of directors B. Audit committee members must be financially literate C. Audit Committee must be outside directors D. The audit committee should view itself as the "client" of the external auditor
A. the audit committee does not need to be chaired by the chair of the BOD
The audit committee of the board of directors of a company is responsible for a. hiring the auditor b. preparing the financial statements c. the audit workpapers d. independence and obtaining evidence
A. they are responsible for hiring the auditor
Completeness
All assets have been recorded nothing omitted
presentation and disclosure
Assets are properly classified. current/noncurrent, footnotes
valuation
Assets are recorded at proper amounts.
which organization issued the internal control, integrated framework which serves as the primary criterion for evaluating the quality of a company's internal controls system: A. PCAOB B. COSO C. AICPA D. GAO
B. COSO
All of the following are true of the PCAOB except: A. No more than 2 members can be a CPA B. It sets auditing standards for all CPA's engaged in the practice of auditing throughout the US C.It sets standards for the audits of internal control of public companies D. It is responsible for quality reviews of all CPA firms that audit public companies
B. The AICPA is the organization that sets auditing standards for all CPA's in the audit practice, not the PCAOB
To satisfy the valuation assertion when auditing an investment accounted for by the equity method, an auditor most likely would A. Inspect the stock certificates evidencing the investment. B. Examine the audited financial statements of the investee company. C. Review the broker's advice or canceled check for the investment's acquisition. D. Obtain market quotations from financial newspapers or periodicals.
B. examine the audited financial statements of the investee company
Auditing is a systematic process that includes all of the following except: A. communicating results to users B. procuring and evaluating evidence C. Providing important managerial decisions for a client D. Comparing evidence regarding assertions to certain established criteria
C. The process of consulting is not included in an audit
an auditor engaged to audit the financial statements of a client obtains a sufficient understanding of the clients internal controls for all of the following reasons EXCEPT: A. understanding the entity's internal control is a requirement of GAAS B. The auditor must use the information to asses the risk of material misstatements arising from the lack of internal control C. It is the primary basis for the audit report D. It assists the auditor in designing the nature, timing and extent of further audit procedures
C. it is NOT the primary basis for the audit report.
When in the auditors judgement, the financial statements are not presented fairly in conformity with GAAP the audit will issue a(n) a. qualified opinion b. special report c. disclaimer of opinion d. adverse opinion
D. Adverse Opinion, everything is all wrong
Which of the following are correct regarding the setting of auditing standards in the united states? A. The AICPA is responsible for setting of audit standards only for audits of nonpublic companies B. the GAO is responsible for setting audit standard for audits of governmental entities C. The PCAOB is responsible for setting audit standards for audits of public companies D. All of the above
D. All of the above are true
Which of the following will provide auditing standards of public companies? A. GAO B. AICPA C. GAAP D. PCAOB
D. PCAOB for public companies, AICPA for non public
in which way did the public accounting profession bring about the problems that resulted in congress passing the SOX of 2002? a. failed to detect egregious frauds b. emphasized generating revenues over audit quality c. viewed helping the clients find an accounting solution to show increased earnings as value added auditing d. all of the above
D. all of the above are the reasons that SOX was passed.
How often does the PCAOB inspect audit firms?
Every year if they have over 100 public company audit clients Every 3 years for all others
the audit committee must be composed of outsiders such as the organizations attorney and audit partner
False because those are not outsiders
the auditor is permitted to violate the confidentiality rule in providing relevant information to an inquiry by a major shareholder of the client.
False, can only provide the information to the PCAOB, AICPA, or a judge
The standards of fieldwork include the responsibility of the auditor to exercise due professional care
False, this is part of general standards. The fieldwork standards include Planning and Supervision, internal controls and evidence
Audit Process
Planning, Studying and Testing Internal Controls (Compliance Testing), Testing Transactions and Balances (Substantive Testing), Issuing the Audit Report
PCAOB
Public Company Accounting Oversight Board sets standards for audits of both financial statement and internal controls for public companies
the proper supervision of audit assistants is a requirement of which of the generally accepted auditing standards
Standards of Fieldwork
Generally Accepted Audit Standards
The AICPA has 10 generally accepted auditing standards for the audit of financial statements. General Standards Fieldwork Standards Reporting Standards
Accounting standards are set by
The FASB. The PCAOB only sets audit standards
rights and obligations
The company legally owns the assets
existence and occurrence
There is such an asset
General Standards
Those applying to the auditor and the firm Technical Training and Proficiency (auditing and accounting) Independence (unbias, fair) Professional Care (behave prudently)
Fieldwork Standards
Those applying to the conduct of the audit Planning and Supervision (audit program lists what you will do) Internal Controls (password protection, inventory locked) Evidence (gather evidence, sufficient and appropriate)
Role of Management
To certify financial statement correctiveness.
cutoff
Transactions and events have been recorded in the correct accounting period
GAAP provides the criteria against which the auditor measures the fairness of financial statement presentation
True
The AICPA sets auditing standards for non publicly traded companies
True
An audit committee must be comprised of outside directors. which of the following is considered an outside director?
a director who is not a member of management and has no other relationship to the organization
william tyler, a cpa, may not accept a commission for recommending a product or service to
an attestation (audit) client
The relationship between control risk and detection risk is
an inverse relationship
the financial statement auditor must understand the clients internal control as a component of the fieldwork standards; one reason for this understanding is so that the auditor may
assess the risk of possible misstatements in the financials
brainstroming session
at beginning of every audit think about how the client could be committing fraud youth must speak during the meetings
Integrated Audit
audit of internal control and financial statements
why are high tech companies so risky?
because technological assets become outdated very quickly
Results of the financial statement audit are communicated to users through a(n): a. financial statement b. written management assertion c. audit report d. none of the above
c. audit report
competent, trustworthy employees
certain employees who control assets should be bonded. take out insurance policy on employee that pays when they steal
The SOX act requires management of public companies to
certify accuracy of financial statements establish a code of corporate conduct take accountability for restated earnings
Materiality
concept that relates to the significance of importance of an item for purposes of the audit, auditors should consider overall materiality in terms of the smallest aggregate level of misstatements that could be material to any one of the financial statements. use the lesser of the 2 numbers.
Auditing Internal Controls
conduct a walk through if deficiencies are found: deficiency in design: did not think about the control deficiency in operation: the control does not work right serious deficiency= significant deficiency : auditor mentions to company. not reported to public material weakness- reasonable possibility of a misstatement to financials. Very severe. you get an adverse opinion on internal controls.
what procedures should be done before accepting an audit engagement
contact the previous auditor, get audit client permission
Preventative vs Detective controls
designed to prevent occurrence of misstatement vs. to discover errors that have already happened
which of the following would an auditor perform in order to develop an effective audit program?
develop an understanding of the clients business and industry
assessing management integrity
do i want this as a client? 1. contract previous auditor 2. get audit client permission ASK: what do you think about management integrity? did you have any disagreements with them about auditing or accounting? What did you think of their internal controls? Did you find any fraud or illegal activity? What is your reason of understanding for change in auditor?
adequate documentation
documentation should exist prenumbered paper/ documents make it hard to insert extra things transaction trail should exist to provide info to respond to customer inquiries
according to SOX, how often must audit managers and partners rotate off an engagement of a public company?
every 5 years
GAAS requires technical knowledge in auditing but not in the clients buisness
false
adverse audit opinion
financial statements are not fairy presented. everything is all wrong.
Segregation of Duties
functions of authorizing, recording, and maintaining custody should be done by separate people procedures manuals and job descriptions in a company needed organizational charts showing who reports to who in the company dont put relatives in a position vulnerable to collusion mandatory vacations
reconciliations
happens within the company submitted transactions reconciled with processed transactions. subsidiary and control accounts in agreement physical count of assets with recorded assets
physical controls
have security locks and fences around the warehouse. appropriate maintenance policies vaults and safes
Indepence in Fact
independent in their mental attitude in conducting the audit
Unqualified Audit Opinion
indicates that the financial statements are presented in accordance with GAAP
environment risk
inherent risk and control risk together
in audit risk the risk of misstatement is composed of
inherent risk and control risk. together they determine the probability of the financial statements containing material misstatements
internal controls
is a process designed to provide reasonable assurance regarding: 1. reliability of financial reporting 2. compliance with applicable laws 3. effectiveness and efficiency of operations (TREAD LIGHTLY, similar to consulting) 4. safe guarding of assets
Qualified Audit Opinion
issued when auditor has some reservations about the financial statements. "expect for" language included.
a change from FIFO to LIFO for inventory valuation purposes would be relevant to the standards of reporting because
it is a change in accounting principle that requires footnote disclosure by the client and mention in the audit report
Authorization Procedures
make sure only properly authorized transactions take place. if you want to do something major in the company you need BOD approval.
Planning Phase
making client acceptance and continuance decisions
who is responsible for internal controls?
management. publicly traded- management writes a report on the effectiveness of the internal controls
Testing Transactions and Balances "Substantive Testing"
obtaining evidence about internal control operating effectiveness counting
Brenda Hursch, an auditor, would be considered independent for purposes of an audit of Microship company even though her spouse worked for microship company as a(n)
order entry staff cant be a member of the accounting dept
Financial Statement Audit
process of gathering evidence regarding assertions to see if they agree with established criteria (GAAP) and issuing a report on the findings
Integrated Audit
provide an audit on the internal controls as well
Independence in appearance
public confidence in the auditor, independent of the client. does not own stock.
Auditing Standards issued by the AICPA Auditing Standards Board in place as of 4/16/03 are
recognized by the PCAOB as a starting point
the triple match principle
required before payments are made approved purchase order receiving report vendor invoice
Studying and Testing Internal Controls "Compliance Testing"
risk assessment policies in place to make sure things run smoothly, not a lot of theft, locks, password protection
timing of the audit
risky client means that there is more work needed. wait till year end is over to start your audit. nonrisky client, do the audit whenever.
GAAP
set by the FASB
Audit Risk
set by the auditor. what do you want the chance to be you give an unqualified opinion on misstated financials think about risks involved before doing the audit can be discussed in an essay
Committee of Sponsoring Organizations (COSO)
set the standards for gold standard internal controls main contribution: document called Internal Controls Integrated Framework PCAOB uses framework as a model to judge what represents a good control system
AICPA
sets audit standards for private companies
Government Accountability Office (GAO)
sets the standards for government audits
CPA firms performing public financial statement audits must: a. register with the AICPA b. Register with the Institute of Auditors c. Register with the US General Accounting Office d. Register with the PCAOB
the cpa firms must register with the PCAOB
Audit Risk Calculation work amount
the lower the audit risk, the more work for the auditor to do. The need to have very tight procedures to avoid error.
inherent risk
the probability of material error or fraud assuming the absence of internal control
control risk
the probability that material errors or fraud are not prevented or detected by existing internal control
Financial Statement Assertions (PERCV)
the process of gathering evidence regarding assertions to see if they agree with established GAAP and issuing a report on the findings 1. Presentation and Disclosure 2. Existence or Occurrence 3. Rights and Obligations 4. Completeness 5. Valuation or Allocation
detection risk
the risk that an auditors PROCEDURES will lead to the conclusion that a material misstatement does NOT exist in an account balance when in fact, such misstatement does exist is referred to as IT IS A PLUG FIGURE
in the audit, the auditor considers audit risk. audit risk is
the risk that the auditor may unknowingly fail to modify the opinion on the financial statements that are materially misstated.
if the company has bad internal controls
there is a higher chance for a misstatement. in general chaos is bad
Reporting Standards
those applying to communicating the auditor's opinion Consistency (assume no change in accounting principle if not noted) GAAP (presented in accordance with GAAP) Opinion Disclosures ( assume disclosures and footnotes are there)
Disclaimer Of Opinion
too nervous to give any opinion on the audit
analytical procedures
trend work, ratio work, comparisons to budgets looking for things that dont make sense must employ in planning phase and final review phase. can compare to industry standards and averages.
Issuing the Audit Report
write the report for the company about findings