Exam 2 Audit
Disclosure of work performed by component auditor
- If we accept work of other auditors not disclosure is required - If we do not accept responsibility then we need to modify the working in the opinion and basis for opinion (PCAOB) and auditor's responsibility (ASB)
Treatment of detected misstatements and control deficiencies
- if a misstatement is material the auditor will propose adjusting entries. If they do it, all good. Management can do the entry, not do it or propose an alternative. Types of deficiencies 1) Control - not material or significant. Reported to management - does not affect opinion 2) Significant - potential for material affect in the future. Reported to management and audit committee - does not affect opinion. 3) Material - likely to be material. Reported to everyone - adverse opinion.
Management Representation Letter
- written representation · Prepared at the conclusion of fieldwork · Prepared by the auditor · Summarizes all information provided and representations made by management · Required! (Refusal to sign = pervasive scope limitation disclaimer of opinion bc this is requirement of our job)
Types of Opinions
-Adverse - pervasive GAAP - Disclaimer of opinion - pervasive GAAS or lack of independence. Auditor was not able to perform the job in which they were hired
SEC's principles of auditor objectivity and independence (3)
1) An auditor should not audit his or her own work. 2) An auditor should not function in the role of management. 3) An auditor should not serve in an advocacy role for the entity. - don't be a legal representative for the client
Non-Audit Services Prohibited by the SEC (9)
1) Bookkeeping 2) Financial information systems design and implementation 3) Appraisal or valuation services 4) Actuarial services 5) Internal audit outsourcing services 6) Management functions or human resources 7) Expert services 8) Legal services 9) Broker or dealer
How to address other reporting considerations (6)
1) Consistency between periods 2) Other info included in FS 3) Interim reviews of FS - same for PCAOB and ASB 4) Single statement audits - issue one report and say they disclaim opinion for any other reports prepared by client 5) Special purpose frameworks - use GAAP under PCAOB. If not PCAOB and not using GAAP need to specify why 6) Additional reporting requirements for GAAAS
Client traits that can impact an auditor's engagement risk (3)
1) Entity's compliance with laws and regulations - most important one. Look for illegal acts that have direct and material impact on FS. 2) Entity's use of accounting estimates 3) Related parties and related party transactions
· Emphasis on auditor responsibilities relating to accounting estimates (5)
1) Evaluate risk related to estimation uncertainty - certain level of risk bc it is not reality 2) Review managements policies and procedures for developing estimates 3) Verify estimates are developed - what numbers are fact and what are judgements 4) Determine if estimates are reasonable - main goal of auditor a. Focus on significant assumptions underlying estimates - look at managements policies and procedures for developing estimates. b. Be professionally skeptical of suspect assumptions 5) Recording and disclosure of estimates - high priority area and need to disclose detail and how estimates was developed.
The Elements of Quality Control (HELP ME)
1) Human resources 2) Engagement/client acceptance and continuance - management integrity 3) Leadership responsibilities - tone at the top of auditors 4) Performance of the engagement 5) Monitoring - partner review, peer review of engagements 6) Ethical requirements - independent, objectivity, etc.
· Covered members must be independent Who are "covered members"? (6)
1) Individual on the attest engagement team - working on audit or attestation 2) Individual in position to influence the attest engagement - partner 3) Partner who provides more than 10 hours of non-attest services to the attest client within fiscal year - partner who is on other engagements who provide some value-added service 4) Partner in the office which the lead attest engagement partner primarily practices in connection with the attest engagement - same office as someone who is primary engagement lead means you have to be independent too. 5) Firm, including the firm's employee benefits plan needs to be independent. If client is an index fund you offer for EBP then you are not independent now. 6) An entity whose operating, financial or acct. policies can be controlled by someone or an entity above.
Sections of the SSARS compilation report (4)
1) Management's responsibility 2) Accountant responsibility 3) Scope of engagement - no assurance of any kind 4) Additional info (intentional client omission, departures, lack of independence, using something other than GAAP)
Methods of Variables Sampling
1) Mean-per-unit Estimation - use average value of an item to estiate total vale of population 2) Ratio Estimation - use ratio of audited amounts in sample to BV to estimate the total value of a population. 3) Difference Estimation - uses differnces between audited amount in sample to their BV to estimated the total value of a population. 4) Probability-proportional-to-size Sampling - used for testing stratified samples - used when there is volatility and uncertainty which requires greater sample sizes.
Sections for audit reports ASB (9)
1) Report title 2) Addressee 3) Inro paragraph - purpose of audit 4) Management responsibility 5) Auditor responsibility 6) Scope paragraph 7) Opinion paragraph 8) Name and signature 9) Location and audit report date
Sections of audit reports PCAOB (8)
1) Report title 2) Addressee 3) Opinion 4) Basis for opinion - managements responsibility, auditors' responsibility, scope of audit 5) CAM 6) Name and signature 7) Auditor tenure 8) Location and audit report date
Sections of the SSAE examination report (9)
1) Report title 2) Addressee 3) Purpose of engagement 4) Management's responsibility 5) Accountants' responsibility · "Accountant's responsibility" rather than "Auditor's responsibility" 6) Scope of engagement 7) Opinion 8) Signature 9) Location 10) Date
Sections of the SSAE review report (9)
1) Report title 2) Addressee 3) Purpose of engagement 4) Management's responsibility 5) Accountants' responsibility Conclusion, not opinion 6) Scope of engagement - Not an examination 7) Opinion - Negative assurance 8) Signature 9) Location & Date
Sections of the SSAE agreed-upon-procedures report (10)
1) Report title 2) Addressee 3) Purpose of engagement 4) Management's responsibility solely responsible 5) Accountants' responsibility no representations made 6) Scope of engagement - No opinion or conclusion made 7) Limitation of use - always in Agreed upon procedures, can be in review or examination 8) Signature 9) Location 10) Date
Sections of the SSARS review report (10) like SSAE
1) Report title 2) Addressee 3) Purpose of engagement 4) Scope of engagement - not examination or audit 5) Management responsibility 6) Accountant responsibility 7) Opinion - negative assurance 8) Signature 9) Location 10) Date
Steps in PPS
1) Select items to test on a predetermined dollar interval 2) For each item, calculate the difference between the recorded amount and the audited amount. 3) Divide the difference in part 2 by the recorded amount (this is called the tainting factor) 4) Multiply the tainting factor by the interval amount.* 5) Sum all of these items together for the projected error.
Types of analytical procedures and relative levels of assurance
1) Trend analysis (low) how info relates to other info. Look at last year and this year for anything that differs. Useful but not high assurance. 2) Ratio analysis (low) low assurance 3) Reasonableness analysis (high) develop model with little assumptions. We know interest rate on a loan and the loan amount so we can calc the interest and see if expectations are accurate.
Code of Professional Conduct - Rules of Conduct (11) *For all of the principles and rules, you should focus less on memorization and more on being able to define and identify examples of each.*
1) integrity and objectivity - honest and impartial 2) independence - no direct or material indirect interest in clients 3) compliance with standards - follow GAAS 4) compliance with accounting principles - follow GAAP 5) acts discreditable - be good 6) contingent fees - nope 7) commissions and referral fees - nope 8) soliciting and advertising - okay as long as it is not misleading. Can't say you do something if you can't. 9) confidential client information 10) form of organization and name - obey rules of calling firm a CPA firm if you have partners who are not CPA 11) general standards - professional competence, due professional care, planning and supervision of audit, sufficient relevant data (need enough evidence to support conclusions)
Specific matters relating to the collection of audit evidence (6)
1) treatment of opening balances - some account categories are concerned with acquisition and disposal rather than the amount itself i.e., PP&E 2) Securities and derivative instruments - not focused on testing but rather specialty people 3) Inventory - have specific ways to test inventory 4) Litigation - legal letters to attorneys 5) Going concern 6) Accounting estimates
Compliance reporting in an audit engagement (4)
1)Introduction (purpose only) 2)Scope -"nothing came to our attention" -"had we performed additional procedures other matters may have come to our attention" 3)Limitation of use 4)Signature, location, and date
Difference Between Attribute Sampling and Variables Sampling
Attribute: testing for a specific characters - yes or no Variable: looking at dollar value differences in sample - use account balances
Fraud risks: What is a Brainstorming Session?
Audit team gets together and asks how they can address risk of material misstatement due to fraud. How can people steal, misrep their financial position?
Becker mnemonic for management assertions
C - completeness O - cutoff V - VAA E - existence R - rights and obligation U - understandability and classification P - presentation and disclosure
Relevant Reliable
Does it relate to the assertion being tested? (COVER U) How dependable is the evidence? (AEIOU) o Auditor Prepared Evidence (Reperformance, Recalculation) o External Evidence (Confirmations) o Internal Evidence (Accounting Records, Scanning) o Oral Evidence (Observation, Inquiry) o U know it! (Whatever...) We know that the best evidence is prepared by auditor (reperform and recalc), then 3rd parties, evidence prepared by client and then looked at by auditors (scanning, accounting records) then by client themselves (observation, inquiry).
Explanatory paragraph Emphasis of Matter
Explanatory paragraph - PCAOB Emphasis of Matter - ASB
Acts Discreditable: What is the example that Becker/AICPA loves to use?
Failure to return client records following a client demand to do so.
Contingent Fees: Generally not allowed, but what is the exception?
If a CPA represents a client in legal proceedings/issues
Examples of External and Internal Client Factors that Auditors Must Understand Understanding of Internal Control
Internal factors: ownership, operations, governance structure, investing and financing, accounting policies. External factors: industry, regulation, reporting framework (GAAP), other external factors.
Reasons for auditor change
Issues with management (integrity, disagreements, fraud)
Example of variable sampling: Assume that from a population of 5,400 accounts with a total value of $9,000,000, an auditor selects a sample of 200 accounts with a book value of $342,500. The audited value of these accounts based on confirmation results is $325,000, with an average value of $1,625 ($325,000/200) per account.
Means per unit: 5,400 x $1,625 = $8,775,000 Ratio Estimate: ($325,000/$342,500) x $9,000,000 = $8,540,145 Difference: ($342,500 - $325,000) / 200 x 5,400 = $472,500 projected error $9,000,000 - $472,500 = $8,527,500
Written plan of audit procedures - NET
Nature (what) - Focus of the audit - what we are trying to accomplish - Examines the factors that dictate what audit procedures are to be performed. For an audit there is a wide variety of procedures that change client to client (retail vs. law) Extent (how) - Scope of the audit - Evaluates any client characteristics that will affect how (and how many audit procedures are to be performed to achieve a certain confidence level. Timing (when) - Timing and reporting of the audit -Determines when the optimal time for an audit is. Year-end versus interim but also doing surprise versus predetermined testing days. Speed of audit depends on when the audit report needs to be finished.
Permanent file vs. current file
Permanent: documents with long term relevance. Chart of accounts, control framework. Things consistent year to year. Current: items relevant to current year such as file balance, provided by client docs
Commissions and Referral Fees: When are they permissible?
Permissible for tax and non-attest services
Analyzing how changes in one area of the audit risk model will affect the audit Basic materiality concepts
Recap: if controls are good there is low CR, moderate RMM. RMM is always moderate or high bc IR is always moderate or high (why audits are needed). As RMM goes down DR goes up. DR is high = less work. DR is low =more work. With RMM we are valuating IR and CR which is done in planning by using inspection of record and docs, inquiry, and PRELIMINARY ANALYTICAL PROCEDURES which highlights things auditors should be aware of.
Sufficiency of audit evidence Appropriateness of audit evidence
Sufficiency (quantity) of audit evidence Appropriateness (quality) of audit evidence
Remember that quality control standards are different from GAAP and GAAS
Under all guidelines (PCAOB, SAS, SSAE, SSARS) we need quality control. Quality control require engagement review by both engagement partner and second party. ASB: second party is non-engagement partner or qualified external party PCAOB: non-engagement partner AICPA quality control standards are independent of GAAP and GAAS
Evaluate design and operating effectiveness of controls (ZOU Fencing) -
are controls relevant to the audit are effectively designed and placed in operation. Want to make sure controls are present and address the specific risk we are concerned with. Controls also need to be used correctly.
Purpose and significance of service organizations
identify and document the propose and significance of an entity's use of a service organization. Including an audit of the entity internal controls! Understand the relevance. If they outsource payroll then their controls become controls that need to be understood.
"The Big Three" types of audit evidence
inspection of records and docs, observations, and inquiry
Confidence Level
inverse of sampling risk. Our confidence that the sample we tested is representative of population. Larger confidence levels require larger sample.
Inherent limitations of internal controls (3)
management override, mistakes/errors, collusion
Standard Sampling Assumptions (4)
normal distribution, unbiased and random, representative of population, variance in sample is representative of population.
General rules for utilizing the work of others in an engagement
the external auditor must evaluate the competence, objectivity, and systematic and disciplined approach of the internal audit in order to use their work. Even if those are satisfied the internal audit work CANNOT replace professional judgement exercised by the external auditor. Cannot replace our work, can only supplement it.
Identify key controls (4-part control testing diagram)
understand the risk, related assertion, control implemented, auditors test of the control
General procedures and concerns surrounding the use of confirmations
used to test AR, AP, Cash and Investments. Positive, negative and blank. There are timing differences and exceptions and you have to decide which it is. Anything that is an exception is a misstatement and has to be reported on w/p. Have to do follow ups for non-response.
Purpose of stratifying a sample, method used
volatility in a population creates uncertainty and requires larger sample sizes. Separates items out into homogenous groups and reduces sample size. Probability proportion to size sampling PPS is a way to test stratified samples.
General rules for utilizing the work of a specialist in an engagement
when the engagement is complex or specialized they may use work of a specialist. External auditor needs to evaluate the specialist qualifications, and adequacy of work performed. Treated as member of the audit engagement team and their work is reflected in the opinion given.
Additional SEC and PCAOB Requirements to remain independent (4)
· Audit partner rotation (5 years) · Cooling off period (1 year) if you are hired by the client but stay with acct. for the rest of the year, you cannot work on that client. · Audit fee disclosure · Unacceptable forms of partner compensation
Examples of factors that can impair independence
· CPA performs managerial or other significant activities for an entity's organization during the same period of attest engagement (trade associations and honorary trustees okay bc the relationship is not considered dependent) · Immediate family members of covered members are subject to the same independence requirements. Immediate family includes spouses and dependents. (married to the managers of the client you audit) · Close relatives with material interests (trust fund made of client stock) or significant influence (son/daughter is CEO of the client). Close relatives include parents/siblings/nondependent children. · Past due engagement fees (over 1 year) - computing interest now which means it is a loan, you are now an owner. · Actual or threatened litigation - if you are being threatened for litigation you are not independent.
Prohibited Financial Interests
· Direct -stock ownership in a client (including partnership, trust) · Material Indirect - stock ownership of client subsidiary, mutual fund investments in client (material interest), financial interest of close family members. Some type of bank loans is okay.
Completion and retention requirements for audit documentation
· PCAOB: 45 days / 7 years - 45 days to sort, clean and get rid of client docs from audit WP, hold WP for 7 years · ASB: 60 days / 5 years
Auditor Communications to the Audit Committee (4)
· Planned scope and timing of the audit - know plan and how audit procedures will be done and what time · Significant audit findings - goes into auditor report for public companies · Reasoning behind explanatory language included in the auditor's report - if we modify audit report for any reason · All significant deficiencies and material weaknesses - tell them it has been given to management
Situations when disclosure of confidential client information is permissible
· Request made by regulatory body · Subpoena or summons
Attribute Sampling Concepts (4)
· Tolerable Deviation Rate - deviation rate in the sample that the auditor is willing to accept · Expected Population Deviation Rate - deviation rate that the auditor expects in the population · Sample Deviation Rate - what we observe in the sample = # of deviations / sample size · Upper Deviation Rate - what is possible in population based on samples. Sample deviation rate + allowance for sampling risk. · If upper deviation is greater then tolerable we do not support the conclusion that the control is operating effectively.
Variables Sampling Concepts
· Tolerable Misstatement maximum amount of misstatent in a spefiic account that an auitor is willing to accept. Related inversely to sample size. · Projected Misstatement - estimated misstatement in the population of an account. If projected is greater than the tolerable we conclude the account is not fairly stated. We got a problem
Sampling Risk 1 & 2
· Type I - Risk of Incorrect Rejection · Type II - Risk of Incorrect Acceptance Sample risk - risk of incorrect acceptance - possibility that the sample drawn does not represent the population