ACCT 323 Exam 3
Examination - level of assurance and attestation risk
Highest level of assurance, Attestation risk at low level
___ controls over computer systems have a pervasive effect.
IT
An audit firm has been engaged to report on whether a material weakness that previously resulted in an adverse opinion on internal control has been remediated. Which of the following statements is correct?
If there has been an auditor change, the successor auditor may issue such a report.
Correct or Incorrect: The Attestation Standards, not the Statements on Auditing Standards, apply to engagements involving special-purpose frameworks
Incorrect
A proper compilation report on financial statements that omit note disclosures:
Indicates that management has omitted such information.
Which of the following is most likely to be considered a material weakness in internal control?
Ineffective oversight of financial reporting by the audit committee.
Inquiry and analytical procedures ordinarily performed during a review of a nonpublic entity's financial statements include:
Inquiries about accounting principles and practices used.
Which of the following is not one of the attribute standards of the IIA's Standards for the Professional Practice of Internal Auditing?
Integrity and skepticism.
As compared to an audit in accordance with GAAS, an audit in accordance with Generally Accepted Government Auditing Standards requires the auditors to:
Issue an additional report on compliance with laws and regulations and internal control.
single audit act
Legislation passed by the U.S. Congress that establishes uniform requirements for audits of federal financial assistance provided to state and local governments.
The level of assurance provided by CPAs who have performed a review of subject matter.
Limited assurance
Which of the following is least likely to be included in an agreed-upon procedures attestation engagement report?
Limited assurance on the information presented.
Review - level of assurance and attestation risk
Limited or negative assurance, Attestation risk at moderate level
Performance Standards of Internal Auditing
Managing the internal audit function Nature of Work Engagement Planning Performance of Engagement Communicating results Monitoring progress Communicating the acceptance of risks
The objective of a review of interim financial information is to provide the accountant with a basis for reporting whether:
Material modifications should be made to conform with generally accepted accounting principles.
A control deficiency, or a combination of control deficiencies, in internal control over financial reporting, such that there is a reasonable possibility that a material misstatement of the company's annual or interim financial statements will not be prevented or detected on a timely basis
Material weakness
Which of the following is defined as a weakness in internal control that allows a reasonable possibility of a misstatement that is material?
Material weakness.
Which of the following is an accurate statement about internal control weaknesses?
Material weaknesses are also control deficiencies.
May or May not: Compile the financial statements for the past year and issue a publicly available report.
May provide; independence is not required
May or May not: Prepare the financial statements for the past year.
May provide; independence is not required
May or May not: Provide an opinion on whether financial statements are prepared following the cash basis of accounting.
May provide; independence is required
May or May not: Review quarterly information and issue a report that includes limited assurance.
May provide; independence is required
May or may not: Issue a SysTrust examination report on the security against unauthorized access of a service organization's electronic processing system.
May provide; independence is required
If the auditor believes that financial statements prepared on the entity's income tax basis are not suitably titled, the auditor should:
Modify the auditor's report to disclose any reservations.
Interim information of public companies:
Must be reviewed by CPAs before it is filed with the Securities and Exchange Commission.
Yes or no: If the financial statements are intended for use only outside the United States, must an audit report include an opinion on whether U.S. GAAP are followed?
No
Yes or no: If the resulting audit report will be used extensively both in the United States and in Laos, must the report include an opinion on whether U.S. GAAP are followed?
No
According to PCAOB standards for reporting on internal control, performing the LIFO calculation or adjusting investments to fair value is referred to as:
Nonroutine transactions.
The minimum likelihood of loss involved in the consideration of a control deficiency that is less than a significant deficiency is:
Not considered.
The public interest
Observing integrity, objectivity, and independence helps to serve this group
Which of the following procedures is usually the first step in reviewing the financial statements of a nonpublic entity?
Obtain a general understanding of the entity's organization, its operating characteristics, and its products or services.
A comprehensive examination of an operating unit or a complete organization to evaluate its systems, controls, and performance, as measured by management's objectives is called a(an):
Operational Audit.
When reporting on a company's compliance with a law, the CPAs may report on: Compliance with the Law Itself vs Effectiveness of Internal Control over Compliance (1)YesYes (2)YesNo (3)NoYes (4)NoNo
Option 1
Which of the following must be obtained in a review of a nonpublic company? Engagement Letter vs Representation Letter (1)Yes Yes (2)Yes No (3)No Yes (4)No No
Option 1
A CPA who is not independent may perform which of the following services for a nonpublic company? Compilation vs Review Yes Yes Yes No No Yes No No
Option 2
Under the Single Audit Act, the auditor must apply procedures to test for compliance and test the effectiveness of controls for: Major Programs vs Non-Major Programs A.YesYes B.YesNo C.NoYes D.NoNo
Option B
Is independence required when an accountant is engaged to either prepare or compile a client's financial statements? Prepare Compile A.Yes Yes B.Yes No C.No Yes D.No No
Option D
Type of service: A grocery store wants to provide the highest level of assurance that its prices are less than the prices of its competitors.
Other attestation service
The Dodd-Frank Act requires auditors to report on broker-dealer compliance with internal control:
Over compliance with various SEC requirements during the most recent fiscal year.
Public company guidance comes from the ________.
PCAOB
Source of standard: A letter to an underwriter of a public company.
PCAOB Auditing Standards
Source of standard: A quarterly review of the financial statements of a public company that has an annual audit.
PCAOB Auditing Standards
Which of the following forms of accountant association is least likely to result in issuance of an accountant's report on financial statements or financial information?
Preparation.
Government Auditing Standards Ethics
Public Interest, Integrity, Objectivity, Proper use of government information, resources, and position, professional behavior
The organization that administers the Certified Internal Auditor program is the:
The Institute of Internal Auditors.
Engagements that provide assurance on systems' (1) security, (2) availability, (3) processing integrity, (4) online privacy, and (5) confidentiality.
Trust Services
A "comfort letter" is ordinarily addressed to:
Underwriters of securities.
Which of the following is correct relating to an engagement to apply agreed-upon procedures to prospective financial statements?
Use of the report is restricted to the specified users.
Yes or no: If Laotian generally accepted auditing standards do not require the Laotian form of audit report, may your firm use the Laotian report form?
Yes
Yes or no: If Laotian generally accepted auditing standards do not require the Laotian form of audit report, may your firm use the U.S. report form and modify it as necessary?
Yes
Yes or no: In performing the audit, must your firm consider GAAS to the extent the standards are appropriate?
Yes
Purpose of International Standards for the Professional Practice of Internal Auditing
a. Guide adherence with the mandatory elements of the International Professional Practice Framework b. Provide a framework for performing and promoting a broad range of value-added internal auditing c. Establish a basis for the evaluation of internal audit performance d. Foster improved organizational processes and operations
Assurance on Sustainability Information
a. More and more businesses are disclosing information about their sustainability initiatives, generally in the area of Social responsibility and Environmental conservation
accounting estimates
activities involving management's judgments or assumptions,
professional behavior
auditors should comply with laws and regulations and avoid any conduct that might bring discredit to their work
PCAOB AS 6115
auditors should inform the audit committee about the matter when there is a material weakness that continues to exist and they uncover an additional material weakness
Estimate process
bad debt expense
Webtrust
designed to provide assurance on electronic systems
Review reports ______ result in an opinion like audit reports.
do not
Audit standards require that auditors apply analytical procedures during every audit to a client's preliminary and final ________ data.
financial
Step 2: top down approach goal
focus on testing those controls that are most important to auditor's conclusion on internal control, avoiding those that are less important
Summary of financial statement
i. Also referred to as condensed financial statements ii. Include less detail than the audited financial statements iii. Written by auditors who issued the report, unless they have issued an adverse opinion or disclaimer of opinion iv. CPA issue an opinion that the summary financial statements are consistent
Audit of personal financial statements
i. Assets shown at estimate current values and liabilities at estimated current amounts ii. Balance Sheet -> statement of financial condition iii. Income statement -> statement of changes in net worth iv. Completeness
Compilation of financial statements
i. Assisting management in presenting financial information in the form of financial statements ii. Read the compiled statements for appropriate format and identify obvious material misstatements iii. No responsibility to perform any investigative procedures to substantiate the client's representation
Significant account
i. Changes from prior periods ii. Reporting complexity iii. Existence of related party transactions
Process of Objective of Management's Evaluation of Internal Control
i. Evaluate design effectiveness of controls ii. Evaluate operating effectiveness of internal control iii. Document the process iv. Issue the report
focuses of operational audits
i. Focuses on efficiency, effectiveness, and economy of operations
Examples of subject matter
i. Historical or prospective performance or condition ii. Physical Characteristics iii. Historical Events iv. Analyses v. Systems or processes vi. Behavior
Evaluation of internal controls
i. Identify controls and risks ii. Evaluating the operation of controls
no modifications required in compilations
i. Lack of consistent application of GAAP ii. Existence of major uncertainties including going-concern uncertainties iii. Scope limitation - issue no review report
Major developments affecting the internal auditing profession
i. Need for additional assurance about financial information ii. Demand by stock exchanges and SEC for management to assume more responsibility for controls and financial information iii. Need for assurance about the reliability of operational reports iv. Demand for solutions to operational problems v. Passage of the Foreign Corrupt Practices Act of 1977 vi. Report of the National Commission on Fraudulent Financial Reporting vii. Report and Recommendations of the Blue Ribbon Committee on Improving the Effectiveness of Corporate Audit Committees (1999) viii. Passage of the Sarbanes-Oxley Act of 2002
Test of controls in order of decreasing persuasiveness
i. Reperformance of the application of controls ii. Observation of the company's operations iii. Inspection of relevant documents iv. Inquiries of appropriate personnel
Agreed-upon procedures
i. include a list of procedures performed and the related findings 1. Intended for those parties only 2. Restricted-use reports
reviews
i. performing limited procedures, such as inquiries and analytical procedures 1. Limited Assurance/negative assurance 2. Attestation risk at moderate level
Auditors are also required under GAGAS to report fraud or _______.
illegal acts
Internal auditing is an __________, objective assurance and consulting activity designed to add value and improve an organization's operations.
independent
agreed-upon procedures restricted-use reports
intended for audit committee, management, and other parties for whom the procedures were designed
Comfort Letter
investment banking firms that underwrite securities issue often request independent auditors who have audited the financial statements and schedules in the registration statement to issue a letter for the underwriters (PCAOB)
A formal operational audit report is prepared for _______.
management
Maintaining effective internal control is the responsibility of the __________.
management
Determining the allowance for doubtful accounts, establishing warranty reserves, and assessing assets for impairment are examples of __________ that involve judgments or assumptions.
management estimates
Users of operational audits
managers at various levels + board of directors
Internal auditing is considered to be part of an organization's:
monitoring
Materiality for an attestation engagement may be considered in the context of _________ factors.
quantitative or qualitative (nonquantitative)
Routine transactions are for _____ activities.
recurring
Routine transactions
recurring activities
Audit communication with GAGAS requires communication with the client, those charged with governance, and ________.
regulators
Foreign corrupt practices act of 1977
require public companies to establish and maintain effective internal accounting control. This sparked the establishment of internal auditing departments in many companies
public companies and interim reviews
required to have annual audits and interim reviews of the first three quarters of the year prior to public release of that information
Federal financial assistance must be spent in accordance with the program's _________.
requirements
Sarbanes Oxley Act of 2002 404(b)
requires CPA firm to audit internal control and express an opinion on effectiveness of internal control. (Required for companies with a capitalization in excess of $75,000,000)
control risk
risk that internal control will fail to prevent or detect a material misstatement of the subject matter
detection risk
risk that the practitioner's procedures will fail to detect a material misstatement of the subject matter
Attestation risk
risk that the practitioners will unknowingly fail to appropriately modify their report on the subject matter that is materially misstated (moderate)
inherent risk
risk that the subject matter is materially misstated before considering any internal control
interrelated items
sales and receivables, inventory and payables, building and equipment, and depreciation
Principles of trust services
security, availability, processing integrity, confidentiality, privacy
agreed-upon procedures findings section
set forth any instances of noncompliance with relevant laws and regulations noted by the CPAs
Trust servicesd
set of professional attestation and advisory services based on a core set of principles and criteria that address the risks and opportunities of IT-enabled systems and privacy programs
Criteria for attestation standards
standards or benchmarks that are used to evaluate the subject matter of the engagement. Important in reporting the practitioner's conclusion to the users because they convey the basis on which the conclusion was formed
nonroutine transactions examples
transactions such as counting and pricing inventory, calculating depreciation expense, or determining prepaid expenses.
Similarity between PCAOB/ASB and SSARS
- A starting point is establishing an understanding with the client as to the nature of the engagement - A final step is communicating the results
Analytical Procedure
- Compare recorded amounts developed to expectations designed - Develop expectations by identifying and using plausible relationships that are reasonably expected to exist
Difference between PCAOB/ASB and SSARS
- Conducted for clients that have not had an annual client - SSARS reviews are not typically on interim information - Public companies must have financial statements reviewed quarterly
Single financial statements and specific elements, accounts, or items of financial statements example
1. A loan agreement that includes the balance sheet be audited annually 2. A lease agreement with requirement that the annual company revenues be audited 3. A governmental agency requires a schedule of gross income and certain expenses of a company's real estate operation 4. An agreement in which one company is considering acquiring another company and needs a schedule of gross assets and liabilities
Accepting an engagement to examine an entity's financial projections most likely would be appropriate if the projections were to be distributed to:
A bank with which the entity is negotiating for a loan.
Negative assurance is most likely to be provided in a practitioner's report with:
A review report,
Agree or disagree: Checks are made payable to cash.
Agree
Which assertion is generally most difficult to attest to with respect to personal financial statements?
Completeness.
Agreed-upon procedures for prospective financial statements
1. Summarizes procedures performed and findings 2. Report is restricted to use of specified parties
major federal financial assistance program
A significant federal assistance program as determined by the auditors based on a risk-based approach. In a single audit, the auditors must provide an opinion on compliance related to major programs.
Under the attestation standards, in which of the following circumstances is a review report least likely to be issued?
A significant limitation on the scope of the engagement has occurred.
Which of the following types of audits is designed to determine that an organization has complied with the specific requirements of major financial assistance programs?
A single audit.
In which of the following reports should a CPA not express negative (limited) assurance?
A standard compilation report on financial statements of a nonpublic entity.
A practitioner's report on agreed-upon procedures that is in the form of procedures and findings should contain:
A statement of restrictions on the use of the report.
Under PCAOB internal control reporting standards, what are the auditor's communication requirements to the audit committee with respect to material weaknesses?
All must be communicated in written form.
The SEC reporting requirement that a public company prepare a report in which it acknowledges its responsibility for establishing and maintaining accurate internal control and to assess internal control effectiveness in general applies to which companies?
All public companies
Source of standard: A quarterly review of the financial statements of a nonpublic company that has an annual audit.
Auditing Standards Board Statements on Auditing Standards
Source of standard: A report on summary financial statements of a nonpublic company.
Auditing Standards Board Statements on Auditing Standards
Source of standard: An audit of the financial statements of a nonpublic company.
Auditing Standards Board Statements on Auditing Standards
professional behavior
Auditors should comply with laws and regulations and avoid any conduct that might bring discredit to the auditors' work
The control framework ordinarily used in an internal control audit is Internal Control—Integrated Framework, created by the ________ of the Treadway Commission.
Committee of Sponsoring Organizations (COSO)
When performing a review of a nonpublic company, which is least likely to be included in auditor inquiries of management members with responsibility for financial and accounting matters?
Communications with related parties.
Type of Service: MNO Company believes that it has effective internal control to assure itself that it complies with various legal requirements, but it would like assurance from its CPA on compliance with the legal requirements.
Compliance
Which of the following fits most directly under the control activities components of the COSO IC framework?
Ensuring that cash disbursements are authorized by appropriate personnel.
Which attest engagement aligns most directly with a financial statement audit in terms of assurance provided?
Examination.
Which of the following would result in a modified CPA's report on a review of the interim financial statements of a publicly held company?
Inadequate disclosure.
Correct or Incorrect: A special-purpose financial reporting framework is any framework other than GAAP.
Incorrect
Correct or Incorrect: An audit report on financial statements that are prepared using a special-purpose framework must include, in all circumstances, a description of the purposes for which the statements are prepared.
Incorrect
Correct or Incorrect: An audit report on financial statements that are prepared using a special-purpose framework will indicate that the audit was conducted in accordance with the special-purpose financial reporting framework auditing standards.
Incorrect
Comfort letters to underwriters are normally signed by the:
Independent auditor.
Which of the following would be used on a review engagement?
Inquiries about significant subsequent events.
When auditors are engaged to make an assertion on a report filed on a printed form designed by authorities, and they believe the assertion is not justified, the auditors should:
Reword the form or attach a separate report.
When auditing financial statements in accordance with generally accepted auditing standards, the auditors must test compliance with all laws and regulations that have a __________ effect on line-item amounts in the financial statements.
direct and material
SSARS reviews are performed on clients that ______ an annual audit.
do not need
SSARS reviews are performed on clients that ______an annual audit.
do not need
XBRL
eXtensible Business Reporting Language is an international information format designed for business information.
On a review report, _____ page of the review report should include a caption with words like "Independent Accountant's Review Report."
each
Congress passed the Single Audit Act to ensure federal dollars were spent _________.
effectively
PCAOB AC 2201
emphasizes the need for controls specifically intended to address the risk of fraud, period-end financial reporting processing, audit-committee effectiveness
Governmental auditors
perform operational audits of governmental programs that are administered by both gov and non-gov programs in order to evaluate effectiveness through measurable elements, such as: number of families relocated, number of individuals rehabilitated
GAGAS provide audits for financial and _____ audits.
performance
The broad statement of purpose of an operational audit includes the intent to appraise the ______ of a particular organization.
performance
Broker-dealer
person or firm in the business of buying and selling securities
The _____ of entity-level controls distinguishes them from other controls.
pervasiveness
Each operational audit is _____ to the particular engagement.
unique
A statement of limitations on the use of the report
when reporting subject matter and a written assertion is not obtained from the responsible party
The significance of accounts should be considered ______ regard to internal control.
without
The GAO issues the publication entitled Government Auditing Standards, which include GAGAS. This publication is commonly referred to as the ____________ Book.
yellow
Required under single audit act? Determine that the organization contributes the appropriate amount of its own resources to the program.
yes
Required under single audit act? Determine that the organization followed procedures to minimize the time elapsing between the transfer of funds from the U.S. Treasury and their disbursement.
yes
Required under single audit act? Determine whether program income is correctly recorded and used in accordance with the program requirements.
yes
A(n) ____ is a declaration about whether the subject matter is presented in accordance with certain criteria.
assertion
In an attestation engagement, the practitioner must evaluate the subject matter or an ___________ about the subject matter that is the responsibility of another party.
assertion
Practitioners report either on the ______ about the subject matter or the subject matter itself.
assertion
After determining significance, the financial statement _______ come into determination.
assertions
Agreed upon procedures objective
assist users in evaluating an entity's compliance with specified requirements based on procedures agreed upon by the users of the report
The ______ committee is especially important as it exercises oversight responsibility over the financial statements.
audit
To present a report that includes an assertion about internal control over compliance, management should evaluate the company's internal control using some appropriate __________.
control criteria
Systrust
designed to provide assurance on other systems
accounting estimates examples
determining the allowance for doubtful accounts, estimating warranty reserves, and assessing assets for impairment.
Sustainability Accounting Standards Board
developed criteria for management reporting and CPA attestation
Inquiry of Management
- Determine the status of unrecorded adjustments - Inquire as to the accounting principles, practices, and methods used - Inquire as to communications from regulatory agencies
Nonroutine process
- Financial statement close - depreciation - physical inventory - LIFO calculation
Other Review Procedure
- Read financial statements - Read the minutes of board meetings
General attestation standard
- adequate technical training - adequate knowledge -reason to believe subject matter an be evaluated - independence in mental attitude - exercise due professional care
Routine process
- cash receipts - payroll - cash disbursements - inventory closing
Reporting attestation standard
- the subject matter must be identified - the practitioner's conclusion must be stated - any reservations about the engagement or subject matter must be disclosed - the report must state that it is intended only for information and use of specific parties
Fieldwork attestation standard
- work must be adequately planned and properly supervised - sufficient evidence must be obtained
Which of the following is least likely to be structured using the AICPA attestation standards?
A review of nonpublic interim information.
What does the comfort letter include
1. A statement that the auditors are independent. 2. Whether the audited financial statements and financial statement schedules included in the registration statement comply with the accounting requirements of the Securities Act of 1933 and related regulations. 3. Unaudited financial statements condensed interim financial information, and pro forma financial information. 4. Changes in selected financial statement items during a period subsequent to the date and period of the latest financial statements included in the registration statement. 5. Tables, statistics, and other financial information included in the registration statement. 6. Certain nonfinancial statement information included in the registration statement complies regarding form with SEC regulations. 7. Provides positive assurance whether the audited financial statements included in the registration statement comply regarding form with the accounting requirements of the Securities Act of 1933
Review Reports on Comparative Statements
1. Accountants who have reviewed prior-period financial statements presented with those of the current period should report on both years 2. Accountants engaged to perform a lower level of service on current year a. Do not update prior year's report b. Reissued prior year's report and present it with current year report or include a reference to the prior year's report
Two types of compliance attestation engagements
1. Attesting to an entity's compliance with specified requirements of laws, regulations, rules, contracts, or grants 2. Attesting to the effectiveness of an entity's internal control over compliance with specified requirements
matters
1. Client's industry 2. Regulatory matters 3. Client's business 4. Recent changes in the client's operations
AICPA AU-C910
1. Comply with auditing standards to the extent the standards are appropriate 2. Financial statements intended for use only outside US issue 3. Use in the U.S. and outside the U.S.—2 reports
Screening the client in review of nonpublic companies
1. Contact the client's predecessor CPAs 2. AICPA AR-C 90
Communicating results
1. Criteria for communicating 2. Quality of communications 3. Errors and omissions 4. Use of "Conducted in conformance with the International Standards for the Professional Practice of Internal Auditing 5. Engagement disclosure of noncompliance with the Standards 6. Disseminating results 7. Overall Opinion
extent
1. Depend on frequency of control
Engagement Planning
1. Developing appropriate objectives, scope, timing, and resource allocations 2. Planning considerations 3. Engagement objectives 4. Engagement scope 5. Engagement resource allocation 6. Engagement work program
Attestation materiality
1. Difficult because subject matter may not be financial 2. Determine based on likely needs of intended users
Internal Auditors' Role in SOX Compliance involvement
1. Document and test controls to support management's assertion 2. Management's responsibility to ensure the organization is in compliance with the requirements of SOX 3. Internal Auditor's role = documenting and testing controls, but must be compatible with overall mission and charter of the internal audit function 4. Should not be seen as impairing the internal auditors' objectivity 5. External auditors can rely on work of internal auditors to fulfill responsibilities
SOC 2 Report Users
1. Essentially stakeholders 2. Customers 3. Regulators 4. Business Partners 5. Suppliers Directors
Requirements of the report of national commission on fraudulent financial reporting in 1987
1. Establish an internal auditing function staffed with appropriately qualified personnel and fully supported by top management 2. Position the internal auditing function's suitably within the organization, maintaining a director of internal auditing function, and establishing effective reporting relationships between the director of internal auditing and the audit committee of the BOD to maintain objectivity
Nature of Work
1. Governance 2. Risk Management 3. Control
Statements for Accounting and Review Services
1. Guidance for reviews, compilations, and preparation of financial statements 2. No annual audit performed
Independence and Objectivity
1. Helps when the chief audit executive reports to a level within the organization that allows the internal audit activity to fulfill its responsibilities, so the audit committee 2. Organizational independence 3. Direct interaction with the board 4. Chief audit executive roles beyond internal auditing 5. Individual objectivity 6. Impairments to independence and objectivity
Performance of Engagement
1. Identifying information 2. Analysis and evaluation 3. Documenting information 4. Engagement supervision
nature
1. Inquiries, inspections, observations, and reperformance 2. Vary the tests when possible (make them unpredictable)
No modifications in review of nonpublic companies
1. Lack of consistent application of GAAP 2. Existence of major uncertainties including going-concern uncertainties 3. Scope limitation - issue no review report
planning steps of the audit of internal control over financial reporting
1. Management's report on internal control 2. plan the engagement 3. use a top-down approach to identify controls to test 4. test and evaluate design effectiveness 5. test and evaluate operating effectiveness 6. form an opinion on effectiveness of internal control over financial reporting 7. issue auditors' attestation report
An operational audit is most likely to address an organization's:
Effectiveness, efficiency and economy of operations.
Compliance auditing performing examinations
1. Material Noncompliance with specified requirements = qualified or adverse opinion 2. Scope Restriction = Qualified or disclaimer of opinion 3. Involvement of another CPA firm in the examination = report that indicates a division of responsibility
Special-purpose financial reporting frameworks overview
1. Must included a basis of accounting paragraph (a type of emphasis-of-matter paragraph) 2. Describe the basis of accounting being used or refer to a financial statement note that provides such a description 3. Other matter paragraph about intended use of the auditor's report if done under a contractual or regulatory basis 4. Auditors must obtain an understanding of How management determined the framework is acceptable, The purpose of the statements, The intended users
In evaluating the design effectiveness of the company's internal control, the auditors ask themselves, if the controls are operating effectively, are internal controls effective?
1. Observation of the company's operations 2. Inquiry of appropriate personnel 3. Inspection of relevant documentation
SOC 2 Report more information
1. Organizations that outsource tasks and functions a mechanism for improving governance and oversight of service providers 2. Service organizations the ability to communicate the suitability of the design and operating effectiveness of their controls
objective of assurance on trust services
1. Perform procedures to determine that management's description of the system is fairly stated 2. Obtains evidence that the controls over the system are designed and operating effectively to meet the Trust Services Principles and Criteria - the suitable criteria required for an attest engagement 3. Provide assurance to consumers, business partners, bankers, creditors, regulators, and outsourcers
Practitioner of trust services
1. Performs procedures to determine that management's description of the system is fairly stated, and 2. Obtains evidence that the controls over the system are designed and operating effectively to meet the Trust Services Principles and Criteria—the suitable criteria required for an attest engagement
difficulty of completeness for audit of personal financial statements
1. Poor internal control because all aspects of each transaction usually are under the control of the individual 2. Individuals may seek to omit assets and income from personal financial statements, which is far more difficult to detect 3. Need to assess the risk of the individual concealing assets
Examination of prospective financial statements
1. Practitioners gather evidence relating to the client's procedures for preparation of the statements 2. evaluate the underlying assumptions 3. obtain a written representation letter from the client 4. evaluate whether the statements are presented in conformity with AICPA guidelines
Proficiency and Due Professional Care
1. Proficiency 2. Due professional care 3. Continuing Professional development
What do both financial forecasts and projections need?
1. Prospective financial statement items 2. Background information 3. A list of the major assumptions and accounting policies
Objective of Management's Evaluation of Internal Control
1. Provide a reasonable basis for its annual assessment 2. Process 3. Auditors' Objective 4. Plan the engagement
Assurance on Management's Discussion and Analysis objective
1. Provide assurance on whether the presentation includes, in all material respects, the required elements of the rules and regulations adopted by the SEC 2. Provide assurance on whether the historical financial amounts included in the presentation have been accurately derived, in all material respects, from the entity's financial statements 3. Provide assurance on whether the underlying information, determinations, estimates, and assumptions of the entity provide a reasonable basis for the disclosures contained in the presentation
Reporting on Compliance with Aspects of Contractual Agreements or Regulatory Requirements in Connection with Audited Financial Statements
1. Provide negative assurance to client's compliance 2. Must first have performed an audit of the related financial statements 3. Example: prepared for a bond trustee as evidence of the company's compliance with restrictions contained in the bond indenture
Reporting/reviews? on prospective financial statements
1. Report on subject matter 2. States whether the statements are presented in conformity with AICPA guidelines 3. States whether underlying assumptions provide a reasonable basis for the statements 4. Does not vouch for the achievability of the forecast or projection
Managing the internal audit function
1. Role of Chief audit executive 2. Audit activity is planned based on a risk assessment 3. Plans approved by senior management and board 4. Audit work is planned, controlled, coordinated to ensure that maximum value is provided to the organization 5. Resources of the internal auditing department are efficiently and effectively employed 6. Planning 7. Communication and Approval 8. Resource Management 9. Policies and procedures 10. Coordination
Quality Assurance and Improvement Program
1. Scope of Assessments 2. Qualifications and independence of assessors 3. Conclusions 4. Corrective Action plans 5. Must include both internal and external assessments of effectiveness 6. Reporting on Quality program 7. Use of "conducted in accordance with the standards" 8. Disclosure of noncompliance
timing
1. Sufficient period of time 2. Periodic controls - may have to wait to after report date
reporting the findings
1. Summarize findings related to the basic purpose of the audit 2. Suggest improvements in the operational policies and procedures of the unit, and a list of situations in which compliance with existing policies and procedures is less than adequate 3. Exit conference: review findings with all persons directly concerned with the operations audited 4. Formal report issued to management
Likely source of misstatements
1. Verify points within the company's processes at which a misstatement could arise that could be material; 2. Identify the controls management has implemented to address these potential misstatements; and 3. Identify the controls management has implemented to prevent or detect on a timely basis unauthorized acquisition, use, or disposition of the company's assets that could result in a material misstatement.
Departures from GAAP in review of nonpublic companies
1. When accountants become aware of a material departure from GAAP 2. Add an emphasis-of-matter paragraph when substantial doubt occurs 3. Allowed in the existence of most major uncertainties
Steps of an operational audit
1. definition of purpose 2. familiarization 3. preliminary survey 4. program development 5. fieldwork 6. reporting the findings 7. follow-up
Step 1: Plan the engagement
1. efficient planning requires coordination with financial statements audit 2. consider matters 3. auditors' consideration of internal control
Definition of purpose in operational audits
1. intention to appraise the performance of a particular organization, function, or group of activities 2. Expanded to precisely scope the audit and nature of report 3. Which policies and procedures are to be appraised and how they relate to the objective of the organization
Review procedures of nonpublic company
1. perform analytical procedures 2. make inquiries of management and others within the organization 3. perform other procedures considered necessary 4. obtain representations from management relating to the financial statements
Internal auditing can best be described as:
A control function.
Which of the following requires modification of a review report?
A departure from generally accepted accounting principles.
government auditing standards
A document that contains standards for audits of government organizations, programs, activities, and functions and of government assistance received by contractors and other nonprofit organizations.
Which of the following does not result in a modification of a compilation report?
A lack of consistent application of generally accepted accounting principles.
A material weakness is a control deficiency (or combination of control deficiencies) that results in a reasonable possibility that a misstatement of at least what amount will not be prevented or detected?
A material amount.
A primary purpose of operational auditing standards is to provide:
A measure of management performance in meeting organizational goals.
compliance supplement
A publication of the U.S. Office of Management and Budget that specifies audit procedures for federal financial assistance programs.
Nonpublic companies that are audited may also want interim reviews. Auditors must then follow the _______.
ASB Standards
departures from GAAP in compilations
Accountant must discuss the departure in a separate paragraph in the compilation report
Standards for a CPA's association with the audited financial statements of nonissuers are issued by the Auditing Standards Board, whereas standards for the preparation, compilation or review of the annual financial statements of nonissuer companies are issued by the __________.
Accounting and Review Services Committee
Source of standard: A compilation of the financial statements of a nonpublic company.
Accounting and Review Services Committee Statements on Standards for Accounting and Review Services
Source of standard: A quarterly review of the financial statements of a nonpublic company that annually has a review of its financial statements. (Note: The question is on the quarterly review.)
Accounting and Review Services Committee Statements on Standards for Accounting and Review Services
Source of standard: An annual review of the financial statements of a nonpublic company.
Accounting and Review Services Committee Statements on Standards for Accounting and Review Services
According to PCAOB standards, determining the allowance for doubtful accounts is referred to as a(n):
Accounting estimate transaction.
XBRL Engagements
Accounting profession is in process of developing guidance for CPAs to provide assurance on XBRL-Related Documents.
When an accountant examines a financial forecast that fails to disclose several significant assumptions used to prepare the forecast, the accountant should describe the assumptions in the accountant's report and issue a(n):
Adverse opinion.
When performing an examination, if a CPA finds one or more significant assumptions are not reasonable for a forecast, the most appropriate report is:
Adverse.
Which of the following is the least likely to be considered subject matter of an attestation engagement?
Affirmation.
Agree or Disagree: An emphasis-of-matter paragraph should be added to a cash-basis set of financial statements indicating that the framework is other than GAAP.
Agree
Agree or Disagree: Financial statements prepared following a contractual basis are considered as having been prepared following a special-purpose financial reporting framework, and their use should be restricted to specified users.
Agree
Agree or Disagree: When financial statements are prepared following a contractual basis, the auditors must obtain an understanding of significant management interpretations of the contract.
Agree
Agree or disagree: The authorized check signers reconcile bank accounts.
Agree
Agree or disagree: The purchasing department manager and assistant manager are the authorized check signers.
Agree
Bill Jensen, a staff member of Zhan & Co., CPAs, has given you the following list of what he refers to as "internal control deficiencies" for the Zabling Co. audit and has asked you to review each point and make certain that you agree that each is an internal control deficiency. Agree or disagree: Voided checks are torn up and destroyed.
Agree
Type of service: A bank wants a CPA firm to confirm account receivables of a company that has pledged the receivables as collateral for a loan.
Agreed-upon procedures
Which of the following types of services is most likely to result in a report that is restricted to specified parties?
Agreed-upon procedures.
Communication in writing to management
All control deficiencies regardless of severity
Significant Accounts
An account is significant if there is a reasonable possibility that it could contain a misstatement that individually or in aggregate has a material effect on financial statements
Which of the following best describes a CPA's engagement to report on a public entity's internal control over financial reporting?
An engagement to form an opinion on the effectiveness of internal control.
Questioned Cost
An expenditure that the auditor asks about because it does not meet the criteria for allowability, or program eligibility, or is not adequately supported with documentation
Internal Auditing
An independent, objective assurance and consulting activity designed to add value and improve an organization's operations. It helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control, and governance processes
An auditor's report on financial statements prepared in accordance with a special purpose financial reporting framework of accounting other than generally accepted accounting principles should include all of the following except:
An opinion as to whether the basis of accounting used is appropriate under the circumstances.
A CPA's report relating to a SysTrust engagement is most likely to include:
An opinion on management's assertion that the system meets one or more of the SysTrust principles.
A comfort letter will ordinarily include
An opinion on whether the audited financial statements comply in form with SEC accounting requirements.
The proper report by an auditor relating to summarized financial statements includes:
An opinion on whether the summarized information is fairly stated in all material respects in relation to the basic financial statements.
Which of the following is not an example of financial statements that use a special purpose financial reporting framework?
An organization that has limited the scope of the auditor's examination.
What does single audit act apply to
Applies to states, local governments, and nonprofit organizations that expend $750,000 in federal financial assistance
An audit of internal control over financial reporting ordinarily assesses internal control:
As of the last day of the fiscal period.
What SOC 3 Report provide
Assertion by management that it maintained effective controls to meet the Trust Services criteria, a short description of its system, and a CPA's report on either management's assertion or on the effectiveness of controls in meeting the Trust Services criteria
When performing an attestation examination engagement, the standards do not require which of the following?
Assertion.
An auditor is reporting on cash basis financial statements. These statements are best referred to in his opinion by which of the following descriptions?
Assets and liabilities arising from cash transactions, and revenue collected and expenses paid.
Relationship between assurance services and attestation services
Assurance services improve the quality of the information, while Attestation services examine and report on the reliability of the subject matter or an assertion about that subject matter
Type of service: A public company wants to provide its shareholders assurance about the narrative analysis of financial results provided in the company's Form 10-K.
Attestation of MD&A
Type of service: A computer manufacturing company wants to provide assurance about estimated future results to be included in the company's annual report.
Attestation of prospective financial information
The independence of the internal auditing department will most likely be assured if it reports to the:
Audit committee of the board of directors.
Based on PCAOB standards for an internal control audit, which of the following is least likely to indicate a significant deficiency relating to a client's antifraud programs?
Audit committee's active engagement in discussions on the topic of fraud.
An unqualified public company audit report on a client's internal control over financial reporting which is not combined with the audit report on the financial statements is most likely to include which of the following sections?
Basis for opinion.
A "comfort letter" to an investment banking firm will normally not:
Be included with the registration statement for the securities.
The framework most likely to be used by the client in its internal control assessment is the:
COSO internal control framework.
Among the Dodd-Frank Wall Street Reform and Consumer Protection Act's requirements is one requiring:
CPA examinations of broker-dealer internal control over compliance.
When an accountant compiles a financial forecast, the accountant's report should include a(n):
Caveat that the prospective results of the financial forecast may not be achieved
Chapter 18
Chapter 18
Chapter 19
Chapter 19
Chapter 20
Chapter 20
Chapter 21
Chapter 21
Which of the following is not typically performed when the auditors are performing a review of client financial statements?
Confirmation of accounts receivable.
Type of Service: ABC Company is involved in a very vibrant industry. It would like all of its press releases to include audited results, regardless of when they are issued.
Continuous auditing
A weakness in the design or operation of a control that does not allow management or employees, in the normal course of performing their functions, to prevent or detect misstatements on a timely basis
Control deficiency
Correct or Incorrect: An audit opinion on financial statements that use a special-purpose framework may be unmodified.
Correct
Correct or Incorrect: An audit report on financial statements that are prepared using a special-purpose framework must include an emphasis-of-matter paragraph alerting users that the financial statements were prepared in accordance with the framework.
Correct
Correct or Incorrect: If a regulatory agency requires a particular layout for the audit report, the auditor may be able to use that layout rather than the suggested report included in the Professional Standards.
Correct
Correct or Incorrect: Some, but not all, special-purpose frameworks require an indication that the financial statements are intended solely for certain specified users.
Correct
An unqualified public company audit report on a client's internal control over financial reporting which is not combined with the audit report on the financial statements is least likely to include which of the following sections?
Critical audit matters.
When a practitioner examines projected financial statements, the practitioner's report should include a separate paragraph that:
Describes the limitations on the usefulness of the presentation.
The auditors examined the client's internal control over cash receipts and concluded that they are operating exactly as designed. However, the design of the controls does not include control procedures to prevent misstatements and the potential omission of cash receipts.
Determine if the control deficiency is a material weakness by obtaining further evidence.
Agree or Disagree: Cash-basis financial statements are considered as having been prepared following a special-purpose financial reporting framework, and their use should be restricted to specified users.
Disagree
Agree or Disagree: International Financial Reporting Standards are considered a special-purpose financial reporting framework.
Disagree
Agree or disagree: All cash receipts (checks) received through the mail are prelisted by the two individuals who open the mail.
Disagree
Agree or disagree: All cash receipts received through the mail are restrictively endorsed when received.
Disagree
Agree or disagree: Separate sequences of prenumbered checks are used for each bank account.
Disagree
Agree or disagree: When a disbursement is made based on paper supporting documents, those supporting documents are canceled by the individual who signs the check.
Disagree
A circumstance caused scope limitation in a Sarbanes-Oxley 404 internal control audit is most likely to result in a(n):
Disclaimer of opinion.
When an auditor reports on financial statements prepared on an entity's income tax basis, the auditor's report should:
Disclose that the income tax basis is a basis of accounting other than generally accepted accounting principles
During a review of the financial statements of a nonpublic entity, the CPA finds that the financial statements contain a material departure from generally accepted accounting principles. If management refuses to correct the financial statement presentations, the CPA should:
Disclose the departure in a separate paragraph of the report.
In governmental accounting, emphasis is placed on:
Expenditures of funds.
The auditors concluded that the ineffectiveness of the design of controls over accounts payable and cash disbursements represents a material weakness in internal control, even though the financial statements are not materially misstated.
Express an adverse opinion on internal control.
The auditor's prior-year report on internal control included an adverse opinion. The client has since modified internal control and no material weaknesses were found in the current year.
Express an unqualified opinion on internal control.
The auditors concluded that a significant deficiency in internal control exists in the payroll function, but no material weakness.
Express an unqualified opinion on internal control.
Prospective financial statements that present an entity's expected financial position, results of operations, and cash flows for one or more future periods.
Financial forecast
Prospective financial statements that present expected results, given one or more hypothetical assumptions.
Financial projection
Given one or more hypothetical assumptions, a responsible party may prepare an entity's expected financial position, results of operations, and changes in financial position. Such prospective financial statements are known as:
Financial projections.
PrimePlus/ElderCare Services
Financial, Nonfinancial, helping family members monitor the elder's care, submitting claims to insurance companies, lifestyle planning, target
report of national commission on fraudulent financial reporting in 1987
Findings and recommendations about preventing fraudulent financial reporting by public companies
Management is beginning to take corrective action on human resources department deficiencies reported during the last internal audit. According to the IIA's Standards, the internal auditor should:
Follow up to see that the corrective action satisfies the audit recommendations.
In 1977, passage of the __________ increased the demand for internal auditing.
Foreign Corrupt Practices Act
Operational auditing is primarily oriented toward:
Future improvements to accomplish the goals of management.
SOC 3 Reports
General use SysTrust reports related to security, availability, and processing integrity.
Financial PrimePlus/ElderCare Services
Goal setting, funding analysis, needs assessment
Which of the following bodies promulgates standards for audits of federal financial assistance programs?
Government Accountability Office.
When performing an audit of a city in accordance with the Single Audit Act, an auditor should adhere to:
Government Auditing Standards.
In an audit in accordance with generally accepted auditing standards, the auditors must test compliance with those laws and regulations that:
Have a direct and material effect on the financial statements.
Assurance on internal control over financial reporting (nonpublic)
Have the option of having an integrated audit.
Which is least likely to be a question asked of employee personnel during a walk-through?
Have you assessed the operating effectiveness of the system?
When auditing an entity's financial statements in accordance with Government Auditing Standards (the "Yellow Book"), an auditor is required to report on: I. Noteworthy accomplishments of the program. II. The scope of the auditor's testing of internal controls.
II only
Which of the following must be included in management's report internal control under section 404 of the Sarbanes-Oxley Act of 2002?
Identification of the framework used for evaluating internal control.
When performing an operational audit, the purpose of a preliminary survey is to:
Identify areas that should be included in the audit program.
Communication to BOD
If conclude oversight of financial reporting and internal control is ineffective
Which of the following best describes the scope of internal auditing as it has developed to date?
Internal auditing has evolved to more of an operational orientation from a financial orientation.
The portion of internal control most directly related to a CPA's engagement to attest to compliance with laws and regulations is:
Internal control over compliance.
Nonfinancial PrimePlus/ElderCare Services
Interpersonal and interrelationship management, management of interaction between service providers and client
The client did not furnish adequate evidence for the auditors to evaluate internal control over inventory. All other evidence was provided.
Issue a disclaimer of opinion.
Quantum, CPA, was engaged by a group of oil and gas royalty recipients to apply agreed-upon procedures to financial data supplied by Ziphar Co. regarding Ziphar's written assertion about its compliance with contractual requirements to pay royalties. Quantum's report on these agreed-upon procedures should contain a(n):
List of the procedures performed (or reference thereto) and Quantum's findings.
Those transaction flows that have a meaningful bearing on the totals accumulated in the company's significant accounts and, therefore, have a meaningful bearing on relevant assertions
Major classes of transactions
An important aspect of performing an audit in accordance with the Single Audit Act is to identify:
Major federal financial assistance programs.
The existence of a material weakness led to an adverse opinion in the internal control audit report of a publicly traded company. Which of the following statements is correct if management believes that it has remediated the weakness?
Management may engage the auditors to report on whether the material weakness continues to exist prior to its next annual audit.
According to the IIA's Standards, an internal auditor's working papers should be reviewed by the:
Management of the internal auditing department.
Which of the following need not be included in management's report on internal control under Section 404(a) of the Sarbanes-Oxley Act of 2002?
Management's acknowledgment of its responsibility to establish and maintain internal control that detects all significant deficiencies.
A Type 2 service auditor's report addresses:
Management's description and design of its controls and control operating effectiveness.
SOC 1 Report, Type 2?
Management's description and design of its controls and control over operating effectiveness
SOC 1 Report, Type 1
Management's description and design over its controls
A CPA should not normally refer to which one of the following subjects in a "comfort letter" to underwriters?
Management's determination of identifiable segments.
Communication to audit committee
Material weaknesses, significant deficiencies and that all other deficiencies have been communicated to management
May or may not: Perform a review of a forecast the company has prepared for the coming year.
May not provide
May or may not: Perform an examination of Management's Discussion and Analysis when he or she has not audited the year's financial statements.
May not provide
May or may not: Assist an elderly client with his estate planning.
May provide; independence is not required
May or may not: Compile a forecast for the coming year.
May provide; independence is not required
May or May not: Apply certain agreed-upon procedures to accounts receivable for purposes of obtaining a loan, and express a summary of findings relating to those procedures.
May provide; independence is required
May or May not: Perform an audit of the financial statements on whether they are prepared following generally accepted accounting principles.
May provide; independence is required
Concerning interim quarterly financial statements, management of public companies:
Must engage CPAs to review the statements.
Bill Jones, the president of AMTO, a nonpublic audit client of your firm, has come to you and indicated that his company established a subsidiary in the country of Laos this year and that he wants your firm to issue an audit report on that subsidiary for use in Laos for various purposes. The financial statements should follow Laotian generally accepted accounting principles. Answer the following questions relating to this situation. Yes or no: Is this considered an audit of financial statements using a special-purpose financial reporting framework?
No
Yes or no: Must a paragraph be added to the report indicating that the financial statements are intended solely for certain specified users?
No
CPA services performed under PrimePlus/ElderCare services may be: Financial vs Nonfinancial (1)YesYes (2)YesNo (3)NoYes (4)NoNo
Option 1
In a compliance attestation engagement, CPAs may address an organization's: Compliance with Specified Requirements vs Internal Control over Compliance with Specific Laws and Regulations (1)YesYes (2)YesNo (3)NoYes (4)NoNo
Option 1
In an integrated audit, which of the following must the auditors communicate to the audit committee? Known Material Weaknesses vs Known Significant Deficiencies (1)YesYes (2)YesNo (3)NoYes (4)NoNo
Option 1
When issuing an unqualified audit report in a compliance attestation engagement, the CPA may report on: Management's Assertion vs Subject Matter (1)YesYes (2)YesNo (3)NoYes (4)NoNo
Option 1
In an integrated audit, which of the following lead(s) to an adverse opinion on internal control? Known Material Weaknesses vs Known Significant Deficiencies (1)YesYes (2)YesNo (3)NoYes (4)NoNo
Option 2
Management's documentation of internal control ordinarily should include information on: Controls designed to prevent fraud vs controls designed to ensure employee personal integrity (1)YesYes (2)YesNo (3)NoYes (4)NoNo
Option 2
When issuing a qualified audit report in a compliance attestation engagement, the CPA may report on: Management's Assertion vs Subject Matter (1)YesYes (2)YesNo (3)NoYes (4)NoNo
Option 3
A practitioner's unqualified (unmodified) opinion based upon an examination may ordinarily be on: Subject Matter vs Assertion A.YesYes B.YesNo C.NoYes D.NoNo
Option A
Assurance services performed for decision makers may address the: Quality of information vs Context of information A.YesYes B.YesNo C.NoYes D.NoNo
Option A
Suitable criteria in an attestation engagement may be available: Publicly vs In CPA's Report A.YesYes B.YesNo C.NoYes D.NoNo
Option A
Walk-throughs provide evidence that helps the auditor to: Evaluate design effectiveness of controls vs Confirm whether controls have been placed in operation A.YesYes B.YesNo C.NoYes D.NoNo
Option A
A CPA is engaged to perform an engagement of a nonpublic company following attestation standards. During the examination, the CPA discovers a material deviation from the criteria on which the subject matter was being evaluated. The CPA's conclusion may be on: Subject matter vs written assertion A. Yes Yes B. Yes No C. No Yes D. No No
Option B
Walk-throughs provide the auditors with evidence to: Confirm their understanding effectiveness of controls vs Substantiate account balances A.YesYes B.YesNo C.NoYes D.NoNo
Option B
Which of the following circumstances requires modification of the accountant's report on a review of interim financial information of publicly held entity? Inconsistent Accounting Principle Application Inadequate Disclosure A.Yes Yes B.Yes No C.No Yes D.No No
Option C
Source of standard: An audit of a public company.
PCAOB Auditing Standards
SOC 1 Report Users
People: User Auditors (CPAs that audit the user entities financial statements) and User Entities (like the service organizations)
Type of service: The relative of an institutionalized uncle wants a CPA firm to oversee the uncle's financial affairs.
PrimePlus/ElderCare services
When a CPA is associated with a forecast, all of the following should be disclosed except the:
Probability of achieving estimates.
Assurance on internal control over financial reporting (public)
Performed as a part of the integrated audit covering financial statements and internal control.
Compliance auditing
Performing procedures to test compliance with laws and regulations.
Auditors' Objective
Plan and perform the audit to obtain reasonable assurance about whether material weaknesses exist to express an opinion on company's internal control over financial reporting. The evidence is gathered for an opinion as of the date specified in management's assessment - normally the last day of the company's fiscal year
Rule for providing assurance on management's discussion and analysis
Practitioners must have audited the most recent financial statement
An auditor's report would be designated as a report on financial statements following a special purpose financial reporting framework for financial statements when they are:
Prepared in accordance with a regulatory basis of accounting other than generally accepted accounting principles.
Assurance on internal control over financial reporting
Primary assurance service, particularly as performed for public companies that are required to have their internal control audited as part of the integrated audit required by SOX and PCAOB
Services to help older individuals maintain, for as long as possible, their lifestyle and financial independence.
PrimePlus/ElderCare
Type of Service: Williams is worried about the welfare of his father, who lives in a distant state.
PrimePlus/ElderCare
Which public companies does Section 404(b) of the Sarbanes-Oxley Act of 2002 require to obtain an audit of their internal control over financial reporting?
Public companies with a market capitalization in excess of $75,000,000.
Attributes Standards of Internal Auditing
Purpose, Authority, and Responsibility Independence and Objectivity Proficiency and Due Professional Care Quality Assurance and Improvement Program
Kent is auditing an entity's compliance with requirements governing a major federal financial assistance program in accordance with the Single Audit Act. Kent detected noncompliance with requirements that have a material effect on that program. Kent's report on compliance should express a(an):
Qualified opinion or an adverse opinion.
Costs paid with federal assistance that appear to be in violation of a law or regulation are known as:
Questioned costs.
Purpose, Authority, and Responsibility
Recognition of the definition of internal auditing, the Code of Ethics, and the Standards in the Internal Audit Charter
Compliance Auditing of Government Entities and Organizations Receiving Federal Financial Assistance
Recognition of various legal and contractual requirements pertaining to the bases of accounting, fund structure, and other accounting principles (more likely to have direct and material effect on FS)
Identifying relevant assertions
Relevant assertions are those that have meaningful bearing on whether account is presented fairly. a. existence or occurrence; b. completeness c. valuation or allocation d. rights and obligations e. presentation and disclosure.
In which of the following types of reports do the auditors express negative assurance?
Reports on reviews of financial statements.
For a CPA, a client imposed scope limitation during a review of financial statements is most likely to result in:
Resignation from the engagement.
When performing a review of a nonpublic company, the auditors must obtain in a representation letter acknowledgement of management for its responsibility for each of the following except:
Responsibility for identifying illegal acts committed by employees.
Which of the following is a strong indicator that a material weakness in internal control exists?
Restatement of previously issued financial statements to reflect a correction.
Soc 2 Report
Restricted use reports on controls at a service organization related to security, availability, processing integrity, confidentiality, and/or privacy
SOC 1 Report
Restricted use reports on controls at a service organization relevant to a user entity's internal control over financial reporting when an audit client has outsourced a portion of its processing to a service organization
Which of the following is not currently an acceptable form of association with prospective financial statements?
Review.
In evaluating design effectiveness, the auditors often consider the nature of the transactions making up the account. Transactions are classified as:
Routine, Nonroutine, Accounting estimates
Type of service: A company that processes payroll for other companies wants to provide assurance on its internal control over financial reporting that will be useful to the auditors of the companies that use its services.
SOC 1
Type of service: A service organization wishes to provide a restricted-use report from its auditor to regulators on its processing integrity and confidentiality controls.
SOC 2
A restricted-use report on controls at a service organization related to security, availability, processing integrity, confidentiality, and/or privacy is referred to as a:
SOC 2 report.
Type of service: A service organization wishes to provide a general-use report from its auditor on its processing integrity and confidentiality controls.
SOC 3
The type of service organization control (SOC) report that is for general use is:
SOC 3.
The primary section of the Sarbanes-Oxley Act dealing with management and auditor reporting on internal control over financial reporting
Section 404
Each page of the financial statements compiled by an accountant may include a reference such as:
See accountant's compilation report.
Type of Service: DEF Mortgage Banking Co. services mortgages for others, and the auditors of those other organizations are constantly inquiring of DEF concerning its internal control as a part of their audits of the other organizations.
Service organization audit
An account for which there is a reasonable possibility that it could contain misstatements that individually, or when aggregated with others, could have a material effect on the financial statements
Significant Account
Which of the following is a weakness in internal control that allows a reasonable possibility that a significant (but less than material) misstatement may occur and not be detected?
Significant deficiency.
Audits in accordance with the __________ are specifically designed to help ensure that the billions of dollars in federal financial assistance are appropriately spent.
Single Audit Act
Consider a company whose sales are initiated by customers either through the Internet or in a retail store. Which of the following is correct?
These types of sales represent two major classes of transactions within the sales process.
A report on an attestation engagement should:
State the practitioner's conclusion about the subject matter or assertion.
Step 3: Design Effectiveness
Step 3: Design Effectiveness
Compliance auditing procedures are:
Substantive procedures.
Benchmarks that are objective and permit reasonably consistent measurement in an engagement performed under Statements on Standards for Attestation Services are referred to as:
Suitable criteria.
Which of the following is least likely to be the subject matter of an attestation engagement?
Suitable criteria.
Financial statements that are developed from and summarize the overall information presented in audited financial statements are referred to as:
Summary financial statements.
A service developed by the AICPA and CICA to provide assurance about the reliability of systems other than electronic commerce systems.
SysTrust
Type of Service: JKL would like all of its customers and potential customers to have assurance about the effectiveness of its internal controls related to processing information.
SysTrust
An accountant has been engaged to prepare a nonpublic client's financial statements. While preparing the financial statements, the accountant finds a number of material misstatements related to journal entries. The client refuses to correct the misstatements. Which of the following is correct?
The accountant should withdraw from the engagement.
When the auditors have performed an audit and are asked to report on the client's compliance with aspects of contractual agreements, which of the following is correct?
They may do so and provide negative assurance as to compliance.
Management's evaluation process of internal control ____________ with the management report on internal control--the first step of the audit process.
concludes
Financial statements prepared following which of the following are most likely to be considered a special-purpose financial reporting framework?
The cash basis of accounting.
The party responsible for assumptions identified in the preparation of prospective financial statements is usually:
The client's management.
An operational audit report which deals with the accounts receivable department of a wholesaler is most likely to address:
The efficiency and effectiveness of the customer collections and include any findings requiring corrective action.
The operational auditors' initial conclusions about potential problem areas are summarized as:
The preliminary survey.
Which of the following is not an objective of a CPA's examination of a client's MD&A?
The presentation is in conformity with rules and regulations adopted by the SEC.
Which of the following statements is correct with respect to an audit report issued for financial statements to be used primarily outside of the United States?
The report may follow either the U.S. format, modified as appropriate, or may follow the format of the other country.
An after-school program provides free healthy snacks to low-income families with funds passed-through the state welfare department from the U.S. Department of Health and Human Services. In this situation, which organization is the primary recipient of the funds?
The state welfare department.
Which of the following is correct concerning financial statements prepared in the United States for use in another country?
The type of audit report issued depends upon whether it is for use primarily outside the United States.
proper use of government information, resources, and position ethics
These items should be used for official purposes and not for the auditors' personal gain or otherwise inappropriately
Performing walk-through
Tracing a transaction from its origination through the company's information system until it is reflected in the company's financial reports
The assurance services that address user and preparer needs regarding issues of security, availability, processing integrity, confidentiality, and privacy within e-commerce and other systems are referred to as:
Trust Services.
The auditors identified a material weakness in internal control in August. The client was informed and the client corrected the material weakness prior to year-end (December 31); the auditors concluded that management eliminated the material weakness prior to year-end. The appropriate audit report on internal control is:
Unqualified
GAGAS
Use in auditing federal entities and organizations that received federal financial assistance
Which of the following is accurate relating to audit reports on tax basis financial statements?
Use of the report need not be restricted.
Tracing a transaction from origination through the company's information systems until it is reflected in the company's financial reports
Walk-through
A procedure that involves tracing a transaction from origination through the company's information systems until it is reflected in the company's financial report is referred to as a(n):
Walk-through.
Which of the following is not a typical question asked during a walk-through?
What is the largest fraudulent transaction you ever processed?
An international information format designed specifically for business information.
XBRL
The accounting profession is currently developing assurance services related to which of the following international information formats?
XBRL.
Significant Deficiency
a control deficiency, or a combination of control deficiencies, in internal control over financial reporting that is less severe than a material weakness, yet important enough to merit attention by those responsible for oversight of the company's financial reporting
Compensating Control
a control that reduces the risk that an existing or potential control weakness will result in a failure to meet a control objective
make inquiries of management and others within the organization
a. Accordance with GAAP b. Changes in business activities c. Significant subsequent events Knowledge of material fraud or suspected fraud
perform other procedures considered necessary
a. Actions taken at a stockholder and director meetings b. Reading interim financial information c. Obtaining reports from other accountants who have reviewed significant components of the company
perform analytical procedures
a. Applied to the financial data by reference to prior financial statements, budgets and other operating data b. Compare recorded amounts and ratios to expected values, identify significant differences that might indicate a misstatement, investigate the unexpected values
Audit Documentation - Compliance Auditing of Government Entities and Organizations Receiving Federal Financial Assistance
a. Before the work is issued, evidence of supervisory review of the work performed that supports findings, conclusions, and recommendations contained in the audit report
single audit act designing compliance for major programs
a. Concerned with compliance with laws and regulations that could have direct and material effect on each major federal financial assistance program b. Assess inherent risk and control risk, then design substantive procedures using OMB Circular A-133 compliance supplement
Effect of Substantive Procedures on audit of internal control
a. Could provide evidence of effectiveness or ineffectiveness of internal control over financial reporting b. Example: Identification of material misstatement in financial statements is indicative of at least a significant deficiency in internal control
Forma report in the findings
a. Criteria used to evaluate the activity b. The condition/problem that exists c. The cause d. The effect e. Recommendations for improvement
obtain representations from management relating to the financial statements
a. Dated: as of the date of the review report b. Responsibility for financial statements conformity with GAAP c. Responsibility to prevent and detect fraud and to divulge knowledge of actual or suspected fraud d. Responsibility to respond fully and truthfully to all inquiries
Cybersecurity services
a. Designed to provide assurance regarding data security b. Provides users with information about a business's cybersecurity risk management program c. CPAs can provide an examination level service on cybersecurity
Form an opinion
a. Evaluate the results of their evaluation of the design, b. Evaluate the results of tests of the operating effectiveness of controls, c. Evaluate negative results of substantive procedures performed during the financial statement audit, and d. Evaluate any identified control deficiencies.
single audit act evaluation of results
a. Frequency of noncompliance b. Whether it results in material amount of questioned costs - expenditure that the auditor questions on the grounds that it does not meet the criteria for allow- ability, program eligibility, or other requirements or is not adequately supported with documentation c. Consider actual amounts and projected amounts from samples d. Must report all questioned costs that exceed $25,000
AICPA AR-C90
a. Guidelines for accountants who decide to make inquiries of the predecessor accountants before accepting a review engagement Questions regarding integrity of management, disagreements over accounting principles, the willingness of management to provide or to revise
Future Assurance SErvices
a. Health Care Performance Measurement: This service provides assurance about the effectiveness of health care services provided by health maintenance organizations, hospitals, doctors, and other providers. b. Continuous Auditing: provides assurance using a series of reports provided simultaneously or shortly after the related information is released
Laws and regulations dictated ways funds are spent
a. Identify laws and regulations b. (1) discussing laws and regulations with management, program and grant administrators, and government auditors; c. (2) reviewing state and federal compliance requirement documents; d. (3) reviewing relevant grant and loan agreements; and e. (4) reviewing minutes of the legislative body of the governmental organization. f. Also obtain written representations from management about completeness of laws and regulations
Levels of severity of control deficiencies
a. Less than a significant deficiency b. Significant deficiency - less severe than material weakness yet important enough to merit attention c. Material weakness - reasonable possibility that a material misstatement will not be prevented or detected
How to provide negative assurance
a. Performed audit procedures on the applicable restrictions b. Conducted an audit of the related financial statements
single audit act requirements
a. Presented fairly in all material respects according to GAAP b. Schedule of expenditures of federal awards is fairly presented c. Entity complied with the provisions of laws, regulations, and contracts or grants that may have a direct and material effect on each major federal financial assistance program a. . Activities allowed or not allowed. Determine that the organization complies with the specific requirements regarding the activities allowed or not allowed by the program. b. 2. Allowable costs/cost principles. Determine that the organization complies with federal cost accounting policies applicable to the program. c. 3. Cash management. Determine that the recipient/subrecipient followed procedures to minimize the time elapsing between the transfer of funds from the U.S. Treasury, or pass-through entity, and their disbursement. d. 4. Eligibility. Determine that individuals or groups of individuals that are being provided goods or services under a program are eligible for participation in and for the levels of assistance received under that program. e. 5. Equipment and real property management. Determine that the organization safeguards and maintains equipment purchased with federal assistance and uses the equipment for appropriate purposes. f. 6. Matching, level of effort, earmarking. Determine that the organization contributes the appropriate amount of its own resources to the program. g. Period of availability of federal funds. Determine that federal funds were spent or obligated within the period of availability. h. 8. Procurement and suspension and debarment. Determine that the organization uses appropriate policies for purchases with federal funds, and that the organization does not contract with vendors that are suspended or debarred i. 9. Program income. Determine whether program income is correctly recorded and used in accordance with the program requirements. j. 10. Reporting. Determine that the organization has complied with prescribed reporting requirements. k. 11. Subrecipient monitoring. Determine whether recipients monitor the compliance of subrecipients. l. 12. Special tests and provisions. Determine that the organization complies with other significant specific requirements that apply to the program.
single audit act identification of major programs
a. Risk-based approach for both the amount of program's expenditures and risk of material noncompliance i. Type A (not low risk), Type B (high risk) ii. Must test compliance and controls equal to 40% unless low-risk auditee
Factors of significant accounts
a. Size and composition. b. Susceptibility of loss due to errors or fraud. c. Volume of activity, complexity, and homogeneity of individual transactions. d. Nature of the account. e. Accounting and reporting complexity. f. Exposure to losses. g. Possibility of significant contingent liabilities. h. Existence of related party transactions. i. Changes from the prior period.
Difference between audit of internal control and audit of financial statements
a. Time period i. Audit of internal control - as of date ii. Audit of financial statements - entire financial statement period
FS for use in the US and outside US
a. U.S. unmodified report with emphasis of matter paragraph indicating basis of accounting b. Either option from "Only outside the U.S." above
FS intended for use only outside US issue
a. US form report that indicates that the financial statements have been prepared in accordance with a financial reporting framework generally accepted in another country b. The other country audit report
Evidence as to the design of internal control and its operating effectiveness should be considered ____________ the date specified in the assessment.
as of
Walk-through provide evidence to
a. Verify that the auditors have identified points at which a significant risk of misstatement to a relevant assertion exists. b. Verify their understanding of the design of controls, including those related to the prevention or detection of fraud. c. Evaluate the effectiveness of the design of controls. d. Confirm whether controls have been placed in operation (implemented).
single audit act report
a. Whether the schedule of expenditures of federal awards is fairly presented in all material respects in relation to the financial statements taken as a whole. b. Whether the entity complied with the provisions of laws, regulations, and contracts or grants that may have a direct and material effect on each major federal financial assistance program. c. The work performed on internal control relating to major federal financial assistance programs.
Effects of Internal Control Testing on Audit Substantive Procedures
a. Will lead to decreased scope of substantive procedures b. However, significant deficiencies or material weaknesses could lead to more substantive procedures c. Not acceptable to omit substantive procedures completely
Reporting - Compliance Auditing of Government Entities and Organizations Receiving Federal Financial Assistance
a. Written reports on compliance with laws and regulations on internal control based on direct and material effects and scope of auditors' test of compliance
Attestation Services
a. engagements to issue an examination, review, or agreed-upon procedures report on the subject matter or an assertion about the subject matter that is the responsibility of another party. Evaluate the subject matter of the engagement against suitable criteria
Compilations when CPAs are not independent
a. indicate a lack of independence in the last paragraph to their compilation report. "We are not independent with respect to XYZ Company"
public interest
a. observing integrity, objectivity, and independence in performing professional services assists the auditors in serving the public interest
integrity ethics
a. public confidence in government is maintained by auditors' performing professional services with integrity
GAGAS audits have _____ documentation standards besides those under traditional audit standards.
additional
When a practitioner is performing an examination, departure of subject matter from the criteria will generally result in a qualified or __________ opinion, depending on the materiality of the departure.
adverse
Examples of limited procedures in a review are ______ procedures and inquiries.
analytical
Public companies are required to have _____audits and interim reviews.
annual
FDIC Improvement Act of 1991
applies to financial institutions with total assets of $500 million or more, requires an internal control report
Attestation Standards
apply to engagements in which practitioners are engaged to issued or do issue an examination, a review, or an agreed-upon procedures report on the subject matter, or an assertion about subject matter, that is the responsibility of another party
The procedures applied by the CPAs in a review of financial statements consist primarily of inquiries of management and of __________.
applying analytical procedures
Available criteria for attestation standards
available and understandable to users
objectivity
being independent in fact and appearance when providing audit and attest services
Objectivity includes being free from influence and _________.
conflicts of interest
Suitable criteria are those that are objective and permit reasonably __________.
consistent measurements
Comprehensive bases of other accounting other than GAAP
cash basis, tax basis, contractual basis, regulatory basis
Engagement letter in review of nonpublic company
clearly specifying the objectives of the engagement, management's responsibilities, the accountant's responsibilities, and limitations of the engagement
The balance sheet of an individual is referred to as the statement of financial condition. Of particular concern in the audit of such statements is the assertion of __________.
completeness
Operational Auditing
comprehensive examination of an operating unit or a complete organization to evaluate its systems, controls, and performance, as measured by management's objectives (purchasing, data processing, receiving, shipping, office services, advertising, engineering)
Material Weakness
control deficiency, or combination of control deficiencies, in internal control over financial reporting, such that there is a reasonable possibility that a material misstatement of the company's annual or interim financial statements will not be prevented or detected on a timely basis.
Efficient planning of the evaluation of internal control requires ____________ the financial statement audit.
coordination with
If a material departure is not ______, the report needs to be modified.
corrected
A statement of limitations on the use of the report
criteria are agreed-upon or only available to specified parties
Assertion
declaration about whether the subject matter is presented in accordance with certain criteria
In follow up, it is ensured that _____ are satisfactorily handled.
deficiencies
Difference between small and large clients
degree of complexity operations
A modified report that describes the departure
departure of subject matter from criteria
Mission of internal audit
enhance and protect organizational value by providing risk-based and objective assurance, advice, and insight. Represent a high-level control that functions by measuring and evaluating the effectiveness of other controls
_______-level controls are included in the control environment, or monitoring components, of internal control.
entity
The achievement of overall control objectives is pervasively affected by _________ controls.
entity level
Accounting ______ involve management's judgment or assumptions.
estimates
Character of engagement
examinations, reviews, agreed-upon procedures
Control Deficiency
exists when the design or operation of a control does not allow management or employees, in the normal course of performing their functions, to prevent or detect misstatements on a timely basis
The professional standards of the Accounting and Review Services Committee state that _________ or compilation may be performed when a CPA lacks independence.
financial statement preparation
Charter
formal written document that outlines the department's purpose, authority, and responsibility approved by BOD
A departure from GAAP is included as a _____ paragraph to the report.
fourth
Auditors must familiarize themselves with the _____ being performed in the unit being audited.
function
SOC 3 Report users
general use
nonpublic companies and interim reviews
have annual financial statements audited may choose to undergo interim reviews
Management responsibility for internal control
i. Accept responsibility for effectiveness ii. Evaluate the effectiveness using suitable criteria iii. Support the evaluation with sufficient evidence iv. Provide a report on internal control
Why is there a demand for assurance services
i. Arises from developments in information technology ii. Reduce information risk for outside parties and enable the company to contract at more favorable terms iii. Information technology has significantly changed expectations of information users iv. New services being developed (trust services and cybersecurity)
Objectives of Operational Auditors
i. Assessments of the unit's performance in relation to management's objectives or other appropriate criteria. ii. Assurance that its plans (as set forth in statements of objectives, programs, budgets, and directives) are comprehensive, consistent, and understood at the operating levels. iii. Objective information on how well its plans and policies are being carried out in all areas of operations, as well as information on opportunities for improvement in effectiveness, efficiency, and economy. iv. Information on weaknesses in operating controls, particularly as to possible sources of waste. v. Reassurance that all operating reports can be relied on as a basis for action
Certification of Internal Auditors (CIA)
i. Bachelor's degree + 3 part examination + 2 year work experience in internal auditing 1. Essential of Internal Auditing 2. Practice of Internal Auditing 3. Business Knowledge of Internal Auditing
Preparation of financial statements
i. Can prepare financial statements, but not perform audit, review, or compilation (They don't need to be independent) ii. A written letter is required (Signed by both accountant or firm, and management) iii. Each page of financial statements needs to include statement - No CPA provides any assurance on the and The statements have not been audited or reviewed, and no CPA expresses an opinion or conclusion or provides any assurance on them
CRIME
i. Control environment ii. Risk Assessment iii. Information System relevant to Financial Reporting and Communication iv. Monitoring Activities v. Existing Control activities
auditors of large public companies should report on
i. Financial statements ii. Internal control over financial reporting iii. Based on provisions of PCOAB Standard No. 5, the audits of internal control and financial reporting should be integrated (expected that the work of others will be related to low-risk areas)
AICPA's Assurance Standards Executive Committee Purpose
i. Identify and prioritize emerging trends and market needs for assurance in areas not covered by other authoritative standards ii. Develop related assurance methodology guidance and tools as needed to assure the quality, relevance, and usefulness of information or its context for decision makers and other users
Reporting on Whether a Previously Reported Material Weakness Continues to Exist
i. Management believes material weakness has been eliminated ii. Auditor engaged to report on whether material weakness continues to exist iii. Engagement focused on evidence regarding material weakness
Management's Evaluation Process and Assessment
i. Management can be assisted by consultants but not by the CPA firm that conducts the audit of financial statements ii. Must understand definition of internal control adopted by the SEC iii. Evaluation must use an accepted "control framework" such as Internal Control-Integrated Framework created by COSO (committee of sponsoring organization of the Treadway Commission) iv. Must understand concepts of control deficiency, significant deficiency, and material weakness
Target PrimePlus/ElderCare Services
i. Other professionals who deal with older adults ii. Children of older adults who have the resources and interest to see their love ones are cared for iii. Older clients who have the financial resources to avail themselves of the services
Assurance on prospective financial statements
i. Primarily for securities analysts and loan officer ii. Is similar to financial projections and forecasts iii. Includes an opinion on conformity with AICPA guidelines iv. Includes an opinion on the underlying assumptions v. Includes financial forecasts and projections
System and Organization Controls (SOC) Reports
i. Service organizations that provide processing services to customers who decide to outsource their processing data 1. Cloud Computing 2. Payroll processing services 3. Information security services 4. Information system services
Management's report on internal control
i. State that it is management's responsibility to establish and maintain adequate internal control. ii. Identify management's framework for evaluating internal control. iii. Include management's assessment of the effectiveness of the company's internal control over financial reporting as of the end of the most recent fiscal period, including a statement as to whether internal control over financial reporting is effective. iv. Include a statement that the company's auditors have issued an attestation report on management's assessment
Dodd-Frank Wall Street Reform and Consumer Protection Act additiona reporting
i. The broker-dealer has established and maintained internal control over compliance; ii. Internal control over compliance was effective during the most recent fiscal year; iii. Internal control over compliance was effective as of the end of the most recent fiscal year; iv. The broker-dealer was in compliance with various related rules addressing areas including safeguarding customer securities and funds and maintaining necessary capital or reserves; and v. The information the broker-dealer used to assess compliance with point 4 was derived from its books and records.
examinations
i. designed to obtain reasonable assurance - the level of assurance a financial statement audit provides 1. Identify and assess the risks of material misstatement as the basis for designing and performing further procedures 2. Highest level of assurance 3. Attestation risk at low level
fieldwork
i. executing the operational audit program 1. Select representative samples of transactions from records and inspect 2. Analysis: actual performance v. budget, productivity goals, performance by similar units 3. Summary and evaluate material gathered 4. Corrective action if necessary
These GAGAS apply only when regulated by ______, regulation, or agreement.
law
agreed-upon procedures advantage
likely that the work performed will meet CPAs needs
A report cannot be issued
limitations on scope of the engagement
The review report provides ______ assurance that the information is fairly presented.
limited
A significant deficiency is a control deficiency that is less severe than a __________ yet important enough to merit attentions by those responsible for oversight of the company's financial reporting.
material weakness
Nonpublic companies _____choose to have interim reviews.
may
Purpose of screening the client
minimize the risk of association with a client whose management lacks integrity
In a review, practitioners gather sufficient evidence to drive risk to a(n) _______ level.
moderate
Audits under the Single Audit Act are _____ than traditional financial statement audits.
more extensive
The auditor's goal is to focus on testing controls that are ____ important to the auditor's conclusion on internal control.
most
Step 4: Test of operating effectiveness
nature, timing, extent
Limited assurance is also called ______ assurance.
negative
Required under single audit act? Determine that only registered United States citizens work on the program.
no
Required under single audit act? Determine that the organization complies with generally accepted accounting principles applicable to the program.
no
Suitable criteria for attestation standards
objective and permit reasonably consistent measurements 1. Sufficiently complete: no relevant factors are omitted that would affect a conclusion about the subject matter 2. Relevant 3. Objective 4. Permit reasonable consistent measurements
objectivity
objectivity includes being independent in fact and appearance when providing audit and attest services, maintaining an attitude of impartiality, being intellectually honest, and being free from conflicts of interest
Purpose of attestation standards
obtain an appropriate assertion from the party responsible for the subject matter or report on either the subject matter itself or an assertion about the subject matter
Reviews
obtain limited assurance that there are no material modifications that should be made to the financial statements in order for the statements to be in conformity with GAAP or other applicable financial reporting framework
nonroutine transactions
occur only periodically; they generally are not part of the routine flow of transactions
familiarization
of objectives, organizational structure, and operating characteristics of the unit being audited
Agreed-upon procedures - level of assurance and attestation risk
only restricted use reports
four broad areas of trust services
policies, communications, procedures, monitoring
The operational auditors' __________ summarizes the auditors' preliminary conclusions about the critical aspects of the audit.
preliminary survey
Accounting services designed to provide no assurance or no summary of findings on the financial statements are __________ engagements.
preparation and compilation
Financial projection
presents expected results, given one or more hypothetical assumptions
Financial forecast
presents information about the entity's expected financial position, results of operations, and cash flows
agreed-upon procedures internal control over compliance
process by which management obtains reasonable assurance that the organization has complied with specific requirements
Assurance Services
professional services that are meant to improve the quality of information or its context for decision makers and other users. They go beyond attestation services in that they may involve analyzing data or putting data in a form to facilitate decision making, or they may address relevance to a decision
AT-C Compliance Attestation
provides guidance for CPA's when they are engaged either to apply agreed-upon procedures or perform an examination on an organization's compliance with laws and regulations
integrity
public confidence in government is maintained by performing professional services with this attribute
General Approach to operational audits
purpose, familiarization, preliminary survey, program development, fieldwork, report the findings, follow-up
Sarbanes Oxley Act of 2002 404(a)
requires annual report filed with SEC to include an internal control report by management 1. Management acknowledges responsibility for establishing and maintaining adequate internal control Report provides assessment of internal control effectiveness at end of
Auditors should use a ______ approach to assess controls.
top-down
Routine transactions examples
sales, purchases, cash receipts and disbursements, and payroll.
Accounting and Review Services Committee
sets professional standards for CPAs associated with the unaudited financial statements or unaudited financial information of nonpublic companies and financial statement preparation
The date of a review report _____ be earlier than the date on which sufficient evidence is received.
should not
An account is ________ if there is a reasonable possibility that it could contain a misstatement that has a material effect on the financial statements.
significant
Compliance auditing definition
testing and reporting on whether an organization has complied with the requirements of various laws, regulations, and agreements
Nonpublic companies that are audited may also want interim reviews. Auditors must then follow _______.
the ASB standards
Entity Level controls
the portions of the control environment dealing with integrity and ethical values
proper use of government information, resources, and position
these should be used for official purposes and not for personal gain
entity-level controls
those in control environment or monitoring components of internal control
Single Audit Act
to provide a mechanism for improving the management of federal financial assistance programs by providing statutory requirement to test compliance with laws and regulations and internal controls over program compliance requirements
The ____ approach starts with controls such as financial statements and entity-level controls.
top-down