Audit Review
How do the scope, procedures, and purpose of tests of controls in an examination of the internal control of a non issuer compare to those for obtaining an understanding of internal control and assessing control risk as part of a financial statement audit of a non issuer? Scope Procedures Purpose A. Different Different Different B. Similar Different Different C. Different Similar Similar D. Different Similar Different
A. Different Different Different
In reporting on an nonissuer's internal control over financial reporting, an auditor should include a paragraph that describes the: A. Inherent limitations of any internal control B. Documentary evidence regarding the control environment factors C. Potential benefits from the practitioner's suggested improvements D. Changes in internal control since the prior report
A. Inherent limitations of any internal control
A report on an issuer's integrated audit must include each of the following statements, except: A. The audit was conducted in accordance with AICPA standards B. The audit includes obtaining an understanding of internal control over financial reporting C. Management is responsible for maintaining effective internal control D. The auditor believes the audit provides a reasonable basis for the issued opinion
A. The audit was conducted in accordance with AICPA standards
An examination report on compliance governed by Statement on Standards for Attestation Engagements would include:
An opinion on whether the entity complied, in all material respects, with the applicable compliance requirements
How does Title 2 of the Code of Federal Regulations (containing single audit requirements) define a subrecipient?
As a nonfederal entity that expends federal awards received from another entity to carry out a federal program
In auditing a not-for-profit entity that receives governmental financial assistance, the auditor has a responsibility to:
Assess whether management has identified laws and regulations that have a direct and material effect on the entity's financial statements
When a service organization provides services that affect the initiation, execution, processing, or reporting of a user company's transactions, those services are:
Considered to be part of the user company's information system
Payroll Data Co. (PDC) processes payroll transactions for a retailer. Cook, CPA, is engaged to issue a report on PDC's internal controls implemented as of a specific date. These controls are relevant to the retailer's internal control, so Cook's report may be useful in providing the retailer's independent auditor with information necessary to plan a financial statement audit. Cook's report should
Contain a disclaimer of opinion on the operating effectiveness of PDC's controls
Dunn, CPA, is auditing the financial statements of Taft Co. Taft uses Quick Service Center (QSC) to process its payroll. Price, CPA, is expressing an opinion on a description of the controls placed in operation at QSC regarding the processing of its customers' payroll transactions. Dunn expects to consider the effects of Price's report on the Taft engagement. Price's report should contain a (an):
Description of the scope and nature of Price's procedures
In auditing compliance with requirements governing major federal financial assistance programs under the Single Audit Act, the auditor's consideration of materiality differs from materiality under the generally accepted auditing standards. Under the Single Audit Act, materiality is:
Determined separately for each major federal financial assistance program
Management of Eva industries, an issuer as defined under SOX, believes it has eliminated a material weakness previously noted in its assessment of internal control, an has hired Henna and Company, CPAs, to attest to the improvements in internal control. Which of the following is true of this engagement?
Eva's management must provide a written report to accompany Henna and Company's report
Which of the following professional services would be considered an attestation engagement?
Examining the income statement and balance sheet for one year in the future based on client expectations and predictions
Auditors conducting an audit in accordance with the Single Audit Act use a risk-based approach designed to:
Focus the audit on high-risk programs
In accordance with Office of Management and Budget audit requirements for audits of non-Federal entities expending federal awards, which of the following statements is accurate regarding Federal awards expended?
Free rents received as part of an award to carry out a federal program are treated as federal funds expended
Which of the following activities would most likely be considered an attestation engagement?
Issuing a report about a firm's compliance with laws and regulations
According to the Statement on Auditing Standards No. 117, Compliance Audits, a compliance audit is based on management's assumption of responsibility for all of the following, except:
Maintaining effective controls that provide absolute assurance that the entity administers programs in compliance with related requirements
Green, CPA, is auditing the financial statements of Ajax Co. Ajax uses the DP Service Center to process its payroll. DP's financial statements are audited by Blue, CPA, who recently issued a report on DP's policies and procedures regarding the processing of other entity's transactions. In considering whether Blue's report is satisfactory for Green's purposes, Green should:
Make inquiries concerning Blue's professional reputation
Quick Service Center processes the payroll for a variety of clients, including James Industries. Adams, CPA , is Quick's auditor, while Robinson, CPA, is the auditor for James Industries. Which of the following is not required of Adams?
Making inquiries regarding the professional reputation of Robinson, CPA
Computer Services Company (CSC) processes payroll transactions for schools. Drake, CPA, is engaged to report on CSC's internal controls placed in operations as of a specific date. These internal controls are relevant to the school's internal controls, so Drake's report will be useful in providing the schools' independent auditors with information necessary to plan their audits. Drake's Type I report expressing an opinion on CSC's internal controls placed in operation as a of a specific date should contain
Management's description of the service organization's system
In which case might an auditor of an issuer render a qualified opinion on internal control? I. When there is a scope limitation II. When there is a material weakness in internal control
Neither I or II
A CPA in public practice is required to comply with the provisions of the Statements on Standards for Attestation Engagements (SSAE) when:
No; No
Which of the following statements best serves as management's assertion of consistency in an MD&A presentation?
Nonfinancial data have been accurately derived from related records
Which of the following is a conceptual similarity between generally accepted auditing standards and the attestation standards?
The requirement that the CPA be independent is included in both sets of standards
A practitioner is engaged to express an opinion on management's assertion that the square footage of a warehouse offered for sale is 150,000 square feet. The practitioner should refer to which of the following sources for professional guidance?
Statements on Standards for Attestation Engagements
Which of the following standards should a CPA firm apply in a review of pro forma financial information?
Statements on Standards for Attestation Engagements
An auditor conducting a compliance audit will design and perform additional audit procedures in response to the assessed risk of material noncompliance. These procedures will include tests of controls if:
Tests of controls are required by the governmental audit requirement
An auditor determines that a client who received a federal grant fraudulently reported information to the federal government. The client's management refuses to acknowledge the fraud. Which of the following parties should the auditor contact first?
The agency that provided the grant
Which of the following factors is an auditor least likely to consider when reporting on compliance with aspects of contractual agreement in connection with audited financial statements in accordance with Statements on Auditing Standards?
The appropriate opinion to render in the report on compliance with aspects of the contractual agreement
Which of the following is a conceptual difference between the attestation standards and generally accepted auditing standards (GAAS)?
The attestation standards provide a framework for the attest function beyond historical financial statements
Which of the following best describes an auditor's responsibility with respect to communicating internal control deficiencies of issuers?
The auditor is required to communicate all deficiencies in internal control to management, and deficiencies that constitute a significant deficiency or a material weakness to management and the audit committee
The scope of audits of recipients of federal financial assistance in accordance with federal audit regulations varies. Which of the following elements do these audits have in common?
The auditor is required to document an understanding of internal control established to provide reasonable assurance of compliance with the applicable laws and regulations
Although the scope of audits of recipients of federal awards in accordance with federal audit regulations varies, audits under the Single Audit Act generally have which of the following elements in common?
The auditor is to determine whether the federal financial assistance has been administered in accordance with applicable laws and regulations
When an auditor is to conduct an audit of a service organization, what considerations should the auditor make in the planning stages regarding internal controls of the organization?
The auditor should obtain an understanding of the effect of the user organization upon the service organization
A client uses a service organization to process its payroll. Which of the following statements is correct regarding the user auditor's use of the service auditor's report on internal controls placed in operation?
The client's auditor can use the service auditor's report as audit evidence for the client's internal controls
If a statement from the Statements on Standards for Attestation Engagements provides that a procedure or action is one that the practitioner "should consider," then which of the following interpretations is correct?
The consideration of the procedure is preemptively required, whereas carrying out the procedure is not required
Which of the following cognizant agencies is most likely to be assigned to an auditee?
The federal agency that provides the most funding to the auditee
Which of the following best describes the responsibility of the auditor with respect to significant deficiencies and material weaknesses in an audit of an issuer?
- Both significant deficiencies and material weaknesses - Material weaknesses but not significant deficiencies
Which of the following is a correct statement about a practitioner who is engaged to examine an entity's compliance with requirements of specific rules in accordance with Statements on Standards for Attestation Engagements?
A practitioner should assess control risk
Wolf is auditing an entity's compliance with requirements governing a major federal financial assistance program in accordance with Government Auditing Standards. Wolf detected noncompliance with requirements that have a material effect on the program. Wolf's report on compliance should express:
A qualified or adverse opinion
A CPA's report on agreed-upon procedures related to management's assertion about an entity's compliance with specified requirements should contain:
A statement of limitations on the use of the report
According to the PCAOB, each of the following statements is true with respect to the auditor's responsibility to communicate material weaknesses in internal control over financial reporting, except: A. All such weaknesses must be communicated in writing to all stockholders B. All such weaknesses must be communicated prior to the issuance of the auditor's report on internal control over financial reporting C. All such weaknesses must be communicated in writing to management D. All such weaknesses must be communicated in writing to the audit committee
A. All such weaknesses must be communicated in writing to all stockholders
Each of the following statements is correct regarding how an auditor can obtain an understanding of the likely sources of potential misstatements in an integrated audit of a nonissuer, except: A. An evaluation of the entity's information technology risk and controls should be performed utilizing an approach other than the top-down approach B. Walkthroughs are frequently the most effective way of understanding sources of potential misstatements C. An understanding of how transaction are initiated, authorized, processed, and recorded should be achieved D. The controls that management has implemented to address potential sources of misstatements should be identified
A. An evaluation of the entity's information technology risk and controls should be performed utilizing an approach other than the top-down approach
An engagement to audit the internal control of a nonissuer will generally: A. Be more extensive in scope than the assessment of control risk made during a financial statement audit B. Increase the reliability of the financial statements that are being audited C. Require procedures that duplicate those already applied in assessing control risk during a financial statement audit D. Be more limited in scope than the assessment of control risk made during a financial statement audit
A. Be more extensive in scope than the assessment of control risk made during a financial statement audit
In an integrated audit of a nonissuer, if an auditor concludes that a material weakness exists as of the date specified in management's assessment, the auditor should take which of the following actions? A. Issue an adverse opinion B. Communicate, in writing, to the entity's outside legal counsel that the material weakness exists C. Disclaim an opinion D. Obtain written representations from management relating to such matters
A. Issue an adverse opinion
Jackson is auditing the financial statements of Saffer Company, a nonissuer. Which of the following is true? A. Jackson is required to audit and report on Saffer's internal control B. If Jackson provides an adverse opinion on the financial statements, an audit of Saffer's internal control is not permitted C. Jackson is not required to audit internal control, but should report any significant deficiencies of material weakness noted D. Saffer is required to obtain an audit of its internal control, but a professional other than Jackson may be hired for this purpose
A. Jackson is required to audit and report on Saffer's internal control
Which is true regarding PCAOB standards surrounding internal control? A. PCAOB standards surrounding internal control apply only to auditors of issuers B. All auditors must follow PCAOB standards surrounding internal contorl C. PCAOB standards surrounding internal control apply only to audits of nonissuers D. The PCAOB has not issued standards surrounding internal control
A. PCAOB standards surrounding internal control apply only to auditors of issuers
In an integrated audit of a nonissuer, which of the following is the responsibility of an auditor with regard to testing controls at a company with multiple business units? A. Testing controls over specific risks at business units that are material to the company's consolidated financial statements B. Testing controls over only certain specific risks at all business units of the company C. Testing controls over all risks at all business units of the company D. Testing controls over all risks at business units that are material to the company's consolidated financial statements
A. Testing controls over specific risks at business units that are material to the company's consolidated financial statements
In the integrated audit of an issuer, which of the following would not be considered an entity-level control? A. The outside auditor's assessment process of internal auditor competence and objectivity B. Management's established controls to monitor results of operations C. The board of directors' controls to monitor the activities of the audit committee D. The executive committee's process for assessing business risk
A. The outside auditor's assessment process of internal auditor competence and objectivity
The audit is required to communicate each of the following items to those charged with governance, except:
All control deficiencies detected during the course of the audit
Gearty & Duffy, certified public accountants, have been engaged to perform a single audit of Sleepy Knoll Township, a local government receiving substantial federal financial assistance for community development and housing assistance. A single audit represents:
An audit of the township's financial statements and of compliance with federal regulations relating to federal financial assistance as prescribed by the Single Audit Act and 2 CFR 200
Which of the following professional services would be considered an attest engagement covered by the Statements on Standards for Attestation Engagements (SSAEs)?
An engagement to report on management's discussion and analysis (MD&A)
Which of the following would not be considered an attest engagement subject to attestation standards?
An engagement to review the financial statements of a nonpublic company
Which of the following statements correctly describes the "top-down" approach used during an audit of internal control over financial reporting? A. Begin reviewing income statement accounts and then review balance sheet accounts B. Begin by understanding the overall risks to internal control over financial reporting at the financial statement level C. Begin reviewing balance sheet accounts and then review income statement accounts D. Begin by understanding the overall risks to internal control over financial reporting at the general ledger level
B. Begin by understanding the overall risks to internal control over financial reporting at the financial statement level
In an audit an issuer: I. Management must assess and report on internal control II. The auditor must assess and report on internal control A. Either I or II B. Both I and II C. I only D. II only
B. Both I and II
When planning an audit of the effectiveness of the entity's internal control in an integrated audit of a nonissuer, an auditor would be least likely to consider which of the following factors? A. The extent of recent changes in the entity and its operations B. The evaluation of the operating effectiveness of the controls C. Preliminary judgments about the effectiveness of internal controls D. The type of available evidential matter pertaining to the effectiveness of the entity's internal control
B. The evaluation of the operating effectiveness of the controls
An auditor's report would be designated a report on compliance when it is issued in connections with:
Compliance with aspects of regulatory requirements related to audited financial statements
Gearty & Duffy, certified public accountants, have been engaged to perform an audit of Sleepy Knoll Township in accordance with 2 CFR 200 single audit. In connection with that engagement, Gearty & Duffy will determine major programs:
By applying a risk-based approach
A nonissuer uses a service organization whose services are part of the nonissuer's system of internal control. In the integrated audit, how does an auditor evaluate whether the service auditor's report on controls provides sufficient appropriate evidence to support an opinion on internal controls over financial reporting?
By assessing the results of the tests of controls and the service auditor's opinion on the operating effectiveness of the controls
In an integrated audit of a nonissuer, an auditor should issue an adverse opinion on the effectiveness of an entity's internal control in which of the following situations? A. The financial statements are misstated B. The entity may not continue as a going concern C. A material weakness exists D. The auditor was asked by the client to provide the report to another practitioner
C. A material weakness exists
If an auditor performing an integrated audit identifies one or more material weaknesses in an nonissuer's internal control, the auditor should: A. Expand the audit of internal control to identify deficiencies less severe than material weaknesses B. Disclaim an opinion on internal control C. Express an adverse opinion on the entity's internal control D. Conclude that the financial statements are materially misstated because of the material weakness in internal control
C. Express an adverse opinion on the entity's internal control
In an audit of an issuer, the auditor must provide an opinion of which of the following? I. The financial statements II. The audit committee's oversight of financial reporting and internal contorl III. The effectiveness of internal control A. I and II only B. I only C. I and III only D. I, II, and III
C. I and III only
When engaged to audit a nonissuer's internal control, an auditor should: A. Qualify any opinion concerning management's assessment that the cost of correcting any weaknesses exceeds the benefits B. Disclaim an opinion on whether the system taken as a whole is sufficient to prevent or detect material errors or irregularities C. Obtain management's written assessment regarding whether the company has maintained effective internal control D. Keep informed of events subsequent to the date of the report that might have affected the accountant's opinion
C. Obtain management's written assessment regarding whether the company has maintained effective internal control
An auditor has been hired to report on a nonissuer's internal control over financial reporting. Which of the following best describes a reporting option in this scenario? A. If management fails to provide a written representation letter acknowledging its responsibility for the effectiveness of internal control, the auditor may issue either a qualified opinion or an adverse opinion B. When a significant deficiency exists, the auditor may issue either a qualified or adverse opinion C. When a material weakness exists, the auditor should issue an adverse opinion D. If management fails to provide a written representation letter acknowledging its responsibility for the effectiveness of internal control, the auditor will generally issue an unmodified opinion with additional explanatory language
C. When a material weakness exists, the auditor should issue an adverse opinion
A practitioner has examined a client's compliance with debt covenants associated with a bank loan and is ready to issue a report. Which of the following standards apply to the report?
Compliance attestation standards
Which of the following is not a role of the risk assessment in an integrated audit or a nonissuer? A. Determining evidence necessary to conclude on the effectiveness of a given control B. Determining significant accounts and relevant assertions C. Selecting controls to test D. Concluding on the effectiveness of a given control
D. Concluding on the effectiveness of a given control
Which of the following conditions is necessary for an auditor to accept an engagement to audit and report on a nonissuer's internal control over financial reporting? A. Management agrees not to present the auditor's report in a general-use document to stakeholders B. The auditor anticipates relying on the entity's internal control in a financial statement audit C. The auditor is a continuing auditor who previously has audited the entity's financial statements D. Management presents its written assessment about the effectiveness of internal control
D. Management presents its written assessment about the effectiveness of internal control
Each of the following types of controls is considered to be an entity-level control, expect those: A. Relating to the control environment B. Pertaining to the company's risk assessment process C. Addressing policies over significant risk management practicies D. Regarding the company's annual stockholder meeting
D. Regarding the company's annual stockholder meeting
Which of the following best describes the responsibility of the auditor to report significant deficiencies and material weaknesses in an engagement to audit the effectiveness of a nonissuer's internal control? A. The auditor must communicate material weaknesses, but need not disclose significant deficiencies B. Neither significant deficiencies nor material weaknesses are required to be communicated C. The auditor must communicate significant deficiencies, but need not separately identify material weaknesses D. The auditor must communicate both significant deficiencies and material weaknesses
D. The auditor must communicate both significant deficiencies and material weaknesses
When an audit firm includes a report on compliance with aspects of contractual agreements in the auditor's report on the nonissuer's financial statements, in which paragraph of the audit report should the report on compliance be included?
Other-matter paragraph
An audit performed in accordance with 2 CFR 200 single audit will expand the auditor's responsibilities beyond generally accepted auditing standards. The auditor's expanded responsibilities include:
Performance of additional procedures to test and report on compliance with laws, rules, regulations and provisions of contracts or grant agreements that have a direct and material effect on major federal award programs
A CPA is required to comply with the provisions of Statements on Standards for Attestation Engagements when engaged to:
Provide assurance on investment performance statistics prepared by an investment company on established criteria
An audit client has substantial assets held in a trust that is managed by the trust department of a bank. Which of the following actions by the auditor is the most efficient way to obtain information about the trust department's internal controls?
Rely on the trust department's audit report on internal controls placed in operation and their operating effectiveness
Negative assurance may be expressed when an accountant is requested to report on the:
Results of performing a review of management's assertions
A practitioner reporting pro forma financial information does not posses an understanding of the client's business and the industry in which the client operates. The practitioner should take which of the following actions?
Review industry trade journals
A CPA is required to comply with the provisions of Statements on Standards for Attestation Engagements (SSAE) when engaged to:
Review management's discussion and analysis (MD&A) prepared pursuant to rules and regulations adopted by the SEC
An auditor is auditing a mutual fund company that uses a transfer agent to handle accounting for shareholders. Which of the following actions by the auditor would be most efficient for obtaining information about the transfer agent's internal controls?
Review reports on internal control placed in operation and its operating effectiveness produced by the agent's own auditor
Which of the following procedures should a user auditor include in the audit plan to create the most efficient audit when an audit client uses a service organization for several processes?
Review the service auditor's report on controls placed in operation
Detection risk of noncompliance is inversely related to:
Risk of material noncompliance
Which of the following is a requirement for accepting an attestation engagement to report on the controls at a service organization?
The service auditor has the competence and capability to perform the engagement
A service organization provides processing services for a client's sales orders. Which of the following information is relevant when gathering data for the report on the service organization's internal controls?
The service organization's system calculates accounts receivable balances
What is a service auditor's responsibility, if any, with regard to other information presented in a document containing management's description of its system and the service auditor's report?
To read the other information in order to identify material inconsistencies or misstatements
In an attest engagement, use of the accountant's report should be restricted to specified parties in all of the following situations, except:
When reporting on an assertion about the subject matter instead of reporting directly on the subject matter
If a service auditor is unable to obtain a written assertion from the service organization's management regarding its system and the suitability of the design and operating effectiveness of controls, it would be most appropriate for the auditor to:
Withdraw from the engagement unless prohibited by law
