Audit Module A
3 types of engagements
1. Examination 2. Review 3. Agreed upon procedures
Conditions that must be met for a compliance attestation
1. Management accepts responsbility for compliance 2. Compliance or the controls over compliance is capable of evaluation ad measurement against reasonable criteria 3. Sufficient evidence must be available to support management's decision.
Conditions that must be met in order for accountants to conduct an EXAMINATION on internal control
1. Management accepts responsibility of the effectiveness of internal control 2. Management's evaluation of control is based on suitable and available criteria 3. Management's evaluation of control is supported by sufficient evidence 4. Management presents its assertiona bout the effectiveness of its internal control in a written report that accompanies the accountants' report
Objectives that need to be meet in order to perform attestation engagement on prospective or pro forma financial information
1. Obtain knowledge about the entity's business 2. Obtain an understanding of the process through which the information was developed 3. Evaluate the assumptions used to prepare the info 4. Identify key factors affecting the information 5. Evaluate the preparation and presentation of the financial information
Types of Service organization control reports (SOCs)
1. SOC 1 2. SOC 2 3. SOC 3
Steps in a compliance examination
1. Understand the specific compliance requirements and assess planning materiality 2. PLan the engagement and assess the risk 3. Understand relevant controls over compliance, assess control risk, and design tests of compliance with detectionr risk in mind 4. Obtain sufficient evidence of compliance with specific requirements, including a wirtten letter of management representations 5. consider subsequent events 6. Form an opinion
Types of service organization reports
1.Type 1 report 2. Type 2 report
trust services
A set of professional attestation risks and opportunities of IT enabled systems and privacy programs. Following principles are used: 1. Security 2. Availability 3. Processing integrity 4. Confidentiality 5. Privacy
Examination
A type of engagement. It is similar in substance to an audit, but may be limited in terms of the focus of the engagement. Accountants evaluate internal controls and assess the risk of material misstatement, gather evidence in support of the assertions, and redener opinions that represent a high level of assurance.
Review
A type of engagement. It provides only a limited level of assurance. Procedures performed are typically limited to making inquiries and performing analytical procedures, although the accountants may decide that other procedures are necessary. It is a service performed by accountants to obtain limited assurance that no material modifications should be made to the financial statements in order for the statements to be in conformity with the applicable reporting framework Because some assurance is provided, auditors must be iindependent.
Agreed upon procedures
A type of engagement. The client delineates exactly what procedures it wants accountants to perform. LEvel of assurance varies depending on the procedures requested.
SOC 2
A type of service organization control report. It is a report on controls at a service organization relevant to security, availability, processing integrity confidentiality or privacy which may be requested by a user but does not apply directly to the user's financial statements.
SOC 1
A type of service organization control report. It is used for controls over financial reporting.
SOC 3
A type of service organization control report. It is used in marketing organizations' control effectiveness. It basically covers the same subject matter as SOC 2 does but in less detail and in a format that lends itself to a general use report.
Type 1 report
A type of service organization report. It desribes the service organization's internal controls placed in operation at a specific point in time but does not report on the effectiveness of the controls.
Type 2 report
A type of service organization report. It not only includes a description of the controls but also reports on the service organization's auditors' testing of the controls over a minimum six month period. Only this type is useful with respect to meeting SOX's rigorous internal control requirements.
attestation
An engagement in which a practictioner is engaged to issue or does issue an examination, a review, or an agreed upon procedures report on subject matter, or an assertion about the subject matter, that is the responsibility of another party.
Compliation
An engagement in which accountants assist management in presenting financial information that is the representation of management in the form of financial statements without providing any assurance on the accuracy or completeness of that information. Because no assurance is provided, accountants are not required to be independent to perform these
service organization
An organization that provides services to user entities processes clients' transactions that are likely to be relevant to user entities' internal control over financial reporting. Eg. Payroll processing companies, computerized information processing service centers, trust departments of banks, insurers that maintian the accounting records for reinsurance transactions
sustainability
Defined by the AICPA as the triple bottom line of: 1. Economic vitality 2. Social responsibility 3. Environmental responsibility
management discussion and analysis
Discussion of the nature of the business, past results, and future outlook Auditors are required to read this section to ensure that the information accompanying the audited financial statements is consistent with them.
Assurance services
Independent professional services that improve the quality of informaiton, or its context, for decision makers.
Review evidence
Procedures performed during a review of unaudited financial statements consist primarily of obtaining this by: 1. Obtaining a written understanding with management about the nature and limitations of a review engagement 2. Obtaining knowledge of the entity's business, accounting principles in the entity's industry, and the entity's organization and responsibilities 3. Inquiring of management about the entity's accounting system 4. Conducting anaytical procedures 5. Obtaining written representations from management
financial forecast
Prospective financial information based on expected conditions and the occurrence of one or more hypothetical events that change the entity's existing busines structure. Prospective information based on future expected conditions. Eg. What will things look like it we conintue along our expected path?
Financial projections
Prospective information based upon hypothetical "what if" events. "What will things look like if we choose a different path?"
Special purpose frameworks
Refers to a coherent accounting treatment in which substantially all important financial measurements are governed by criteria other than GAAP. Examples: statements conforming to regulatory agency accounting rules, tax basis accounting, cash basis framework accounting,
interim financial information
Refers to financial information or statements covering a period less than a full year or for a 12 month period ending on a date other than the entity's fiscal year end The objective is to provide the accountants a basis for communicating whether material modifications should be made to interim information to ensure conformity with GAAP.
eXtensible business reporting language (XBRL)
The SEC has mandated financial reporting using this, which provides a computer-readable identifying tag for each individual item of data
appropriate financial reporting framework
The measurement criteria in financial statement audits. It is the financial reporting framework adopted by management, and when appropriate, those charged with governance in the preparation of the financial statements that is acceptable in view of the nature of the entity and the objective of the financial statements.
Responsible party
The person at the client who is accountable for the information. Accountant should obtain written acknowledgement or other evidence of the party's responsibility for the subject matter or the written assertion.
Pro forma
This financial information shows the effect of a proposed or consummated transaction on the historical financial statements "as if" that transaction has occurred by a specific date. FInancial information based on historical information "as if" the event had previously occurred. "What would things look like if actual events occurred as of December 31 instead of January 15?"