Exam Review for ACCT 309
Which principles of the CPC did Michael Moore violate?
1. Due care - Mr. Moore did not train or educate his staff which caused low competence and quality of services 2. Scope and nature of services - Mr. Moore did not enact internal quality control procedures which led to incompetent services. He had a draft of a quality control manual hidden in his desk.
What are the penalties for a CEO or CFO that was not directly involved in committing fraud, but that should have been aware of the fraud?
1. Fine of up to $1,000,000 2. Prison time up to ten years
What does SOX 404 require all external auditors to do?
1. Give an opinion on the audited company 2. Give a report on the internal control report
What are the four sides of the fraud diamond?
1. Incentive/Motive 2. Opportunity 3. Rationalization 4. Capability/Capacity
What was wrong with Moore's audit of Standard Drilling?
1. Moore "completed" the audit in two weeks - it should have taken longer. 2. Standard Drilling had a large accounts receivable and no cash 3. Deposits on rigs - Moore should've found who the deposit was with
What are the three sides of the fraud triangle?
1. Motive 2. Opportunity 3. Rationalization
What are some behavioral warning signs of a fraudster?
1. New cars 2. New homes 3. Never leave work 4. Have worked with the company for a long time 5. Don't want help
What are the three categories of entity objectives that should be addressed for appropriate internal control?
1. Operations 2. Reporting 3. Compliance
Identify four sections in SOX that directly address auditor independence issues (content, not section numbers)
1. Prohibited non-audit services (example - consulting) 2. Pre-approval of all audit and non-audit services by the board of directors 3. Rotation of audit lead and review partners. 4. Auditors report directly to the audit committee of the board of directors 5. One-year cooling-off period before accepting positions at audit clients
What did the Foreign Corrupt Practices Act of 1977 do?
1. Prohibited the acceptance of bribes, kickbacks, and illegal gratuities 2. Must enact controls and document them
What are the steps (in order) in the accounting cycle?
1. Recording in a specialized or general journal 2. Posting to the general ledger and subsidiary ledger 3. Trial balance 4. Adjusting entries and adjusted trial balance 5. Financial statements
What are two factors to consider in business writing related to audience identification?
1. Relevance 2. Use of jargon 3. Level of detail 4. Use of graphics
What are "logical access" controls?
1. Requiring a User ID and password 2. Setting controls that monitor what you are allowed to see, change, add, or delete
What aspects of data do master files usually relate to that must be recorded for every transaction?
1. Resources 2. Agents
Identify four principles of the AICPA Code of Professional Conduct
1. Responsibilities 2. Public Interest 3. Integrity 4. Objectivity and Independence 5. Due Care 6. Scope and Nature of Services
What are the two transaction cycles we covered in class?
1. Revenue 2. Expenditure
Purchasing casualty insurance and installing smoke alarms and fire extinguishers are examples of which two categories of risk response?
1. Risk sharing 2. Risk reduction
Why would an auditor not complete an audit?
1. The auditor walked away because of unethical activity within the company 2. The auditor was fired 3. The company's books were a mess
What was wrong with Moore's audit of Ethos?
1. The previous auditor filed an 8KA that there was an issue, but Moore never contacted him to find out why 2. Ethos was dependent on two clients (red flag) 3. Over 50% of account on the aging report were more than 90 days past due
What opinions can external auditors make?
1. Unqualified 2. Qualified 3. Disclaimer 4. Adverse
What are some examples of standing data?
1. Vendor info 2. Inventory 3. Employee info 4. General ledger
Name two sections in SOX that relate to a specific side of the fraud triangle
1. Violations of SOX 302 - Certification of FS and IC, bring heaving fines and prison time which impacts motivation 2. SOX 304 requires reimbursement of incentive-based pay if the financial statements are restated which reduces motivation 3. SOX 404 requires additional audit work to attest to internal control, which reduces opportunity 4. SOX 406 suggests (indirectly requires through COSO) a code of ethics for financial reporting employees which should make it harder to rationalize fraud
On average, how long does corruption go undetected?
18 months
When was COSO created?
1992
What is the average duration of asset misappropriation fraud?
20 months
When was COSO updated?
2013
What is the average duration of financial statement fraud?
24 months
What is a control account?
A control account is the general ledger account which is supported by a subsidiary ledger. The total ending balances in the subsidiary ledgers must equal the control account.
What is an 8KA form?
A form reporting particular events outside quarter/annual reports. Examples include documenting the hiring/firing of executives and whether an auditor resigns, is fired, or is hired.
In terms of aging reports, what is considered "current"?
Accounts less than 30 days past due
What is the AAA, and who is it geared towards?
American Accounting Association - Geared towards educators
What is the AICPA, and who is it geared towards?
American Institute of Certified Public Accountants - Geared towards CPAs
What is an "attest service"?
An audit service
Which type of fraud is most common?
Asset misappropriation
What happened in 2003 to audit fees?
Audit fees skyrocketed due to the Sarbanes-Oxley Act
What is the difference between batch and real-time data processing?
Batch = all at once Real-time = continuously
In terms of the fraud diamond, what is capability/capacity?
Being in a position capable of committing fraud
If an executive sells his or her shares of company stock, when does it need to be posted?
By the end of the day
What is the meaning of audit cake?
CAKE = Cumulative Audit Knowledge & Experience CAKE refers to the accumulate knowledge you attained over the period of time, while doing audit of a particular client or clients in the particular industry. Your experience allows you to apply your wisdom while doing risk assessment and performing audit procedures. It could also be counterproductive as it tends to limit your reasoning at times.
Which two executives must personally certify that financial statements are materially accurate and internal controls are adequate and functioning?
CEO and CFO
Who must abide by Part 2 of the CPC?
CPAs in a corporation
Which type of asset misappropriation results in the most loss?
Check tampering ($158,000)
What is financial statement fraud?
Committing fraud by understating or overstating net income from improper reporting mechanisms or deceptive methods
What is asset misappropriation?
Committing fraud through billing, check-tampering, non-cashm skimming, cash on hand, payroll, cash larceny, and register disbursements
What is corruption?
Committing fraud through economic extortion, illegal gratuities, purchasing schemes, sales schemes, bribery, invoice kickbacks, conflicts of interest, and bid rigging
What tool in Excel could be used to add red font for all inventory items with fewer than 100 unit sales per week?
Conditional formatting
What was the purpose of the Treadway Commission?
Congress started the Treadway Commission which later lead to COSO to make guidelines
What is the purpose of controls?
Controls should prevent or detect risks and can also be corrective
If an employee approves a large purchase order from a vendor, and the vendor later has four tickets to an NFL playoff game delivered to the employee's home, what type of fraud was committed?
Corruption > Kickback/Illegal Gratuity
What is the keyword for a revenue cycle transaction?
Customer
When referring to files, what do columns consist of?
Customer attributes
When referring to files, what do rows consist of?
Customers
Which "Big Four" firm was the first to have their IQC deficiencies released?
Deloitte
Which AICPA Code of Professional Conduct principle requires performance of professional services to the best of a member's ability and requires continuing professional education?
Due Care
Who usually commits asset misappropriation?
Employees
Who must abide by Part 3 of the CPC?
Everyone else not covered by the other two parts (retired CPAs, educators, etc)
Who is most likely to commit financial statement fraud?
Executives have the most incentive (stocks, bonuses, etc)
Issuing a debit memo is part of what transaction cycle?
Expenditure cycle
True or false: Audit firms can not do consulting for companies.
False - Audit firms can do consulting for companies that they don't audit.
True or false: COSO was created in 2013
False - COSO was made in 1992 and updated in 2013
True or false: Employees and inventory are examples of transaction files
False - Employees and inventory are examples of master files
True or false: Funds "clawed back" from a CEO and/or CFO goes back to the company.
False - Funds "clawed back" from a CEO and/or CFO does not go back to the company or government
True or false: If an executive sells his or her shares of company stock, it must be reported to the SEC in five business days.
False - It must be reported to the SEC in two business days
True or false: Loans can be made to executives in publicly-traded companies
False - Loans can't be made to executives in publicly-traded companies because of SOX.
True or false: All publicly-traded companies must abide by COSO.
False - Not all publicly-traded companies have to use COSO but must have some sort of control framework.
True or false: SOX mandates a code of ethics for senior financial officers.
False - SOX does not mandate a code of ethics, but SOX 404 mandates use and disclosure of an internal control framework
True or false: Additions to the Sarbanes-Oxley Act must be added by Congress
False - SOX gives the PCAOB to add to SOX without having to go through Congress
True or false: Sub-certifications legally bind people
False - Sub-certifications ask for certification from people below them but doesn't legally bind those people
True or false: The PCAOB audits publicly-traded companies
False - The PCAOB audits the auditors
True or false: The PCAOB can indefinitely prohibit you from audits for a private company
False - The PCAOB can indefinitely prohibit you from audits for a publicly-traded company
True or false: The PCAOB charged Moore and M&A with fraud
False - The SEC charged Moore and M&A with fraud
True or false: The SEC can take away a CPA license
False - The state s the only body that can revoke a CPA
True or false: An external auditor can own stock with a client
False - This violates auditor independence
What tool in Excel can be used to focus only on records that match a specific criteria established by the user?
Filter or Auto-filter
On December 15th the CFO of a company approaches the accounts payable clerk and says since the company is preparing for year-end reporting, the CFO doesn't want any incoming invoices processed through the remainder of the year. What type of fraud is this?
Financial Statement fraud
What type of fraud is the most costly for a company?
Financial Statement fraud
What type of fraud is usually committed by upper management?
Financial Statement fraud
What type of fraud is the least frequent?
Financial statement fraud
Which act prohibited the acceptance of bribes, kickbacks, or illegal gratuities?
Foreign Corrupt Practices Act of 1977
Which type of asset misappropriation is most common?
Fraud through billing
Explain the motive/incentive/pressure side of the fraud triangle.
If a manager is pressured to meet hard to achieve numbers and deadlines, he or she has incentive to commit fraud.
Explain the opportunity side of the fraud triangle.
If an opportunity to commit fraud presents itself, someone is going to take it. Example - Having no segregation of duties
What is "standing" data?
Information we store that doesn't change often
What is the IIA, and who is it geared towards?
Institute of Internal Auditors - Geared towards internal auditors
What is the IMA, and who is it geared towards?
Institute of Management Accountants - Geared towards managerial accountants
In terms of fraud, what does it mean to have integrity?
Internally knowing that committing fraud is wrong
What is an example of data reconciliation?
Inventory counts (perpetual inventory)
What does it mean to have professional skepticism?
It means for an auditor to trust no one, always be suspicious, and ask questions. An auditor can't take a client's word; they must actually do the work.
What does sufficient relevant data principle (1.300.001) in the CPC say?
It says auditors must do field work by going to the client location. An auditor can't take a client's word; they must do the work.
What is an aging report?
List of all customers with the balance and age of each
How did Moore & Associates violate the General Standards Rule of the CPC (1.300.001)
M&A accepted close to 300 public audit engagement over the span of three years. Moore was the sole auditor for all of these. M&A could not reasonably expect to complete all of those audits with professional competence.
What does it mean to have supervisory controls?
Management is actively reviewing work (Report to the Nations > Management Review)
In general, who is most likely to commit fraud?
Managers
Which "Big Four" firm called on the PCAOB to change its standards?
PWC - When PWC's quality control section was released, PWC said that they are the best and don't have any problems.
Why didn't the PCAOB kick PWC out in 2008-2009?
PWC audited a large amount of publicly-traded companies.
Who must abide by Part 1 of the CPC?
Public CPAs
Which agency directly regulates and monitors public accounting?
Public Company Accounting Oversight Board (PCAOB)
What does the formula =LEFT(A2, 2) do?
Returns the two most outer-left characters in cell A2
Issuing a credit memo is part of what transaction cycle?
Revenue cycle
What is the meaning of SALY?
SALY = Same As Last Year SALY is a good place to start for an audit but you must go on
What is the "claw back" provision in the Sarbanes-Oxley Act?
SOX 304 - The "claw back" provision requires the CEO and CFO to return all trading profits, incentive-based pay, and bonuses received if financial statements must be restated as the result of misconduct
Which section in SOX requires every publicly-traded company to have control framework?
SOX 404
Which section is the most infamous of the Sarbanes-Oxley Act?
SOX 404
Which section of SOX is responsible for the increase of audit fees?
SOX 404
Which section of SOX is responsible for the rule requiring every annual report to have an internal control report?
SOX 404
How long did it take to write, pass, and enact the Sarbanes-Oxley Act?
Six months
Explain the rationalization side of the fraud triangle.
Someone being able to justify his or her fraudulent acts. Example - Borrowing funds
Where are frequently-occurring business transactions initially recorded?
Specialized journal
What is "robin-hood syndrome" and what side of the triangle does it relate to?
Stealing from the rich to give to the poor - Rationalization
Investigating unfavorable expense variances is an example of what type of control activity?
Supervisory control
What is the "Big Four"?
The "Big Four" are the four largest auditing companies in the world. They are (in no order) Deloitte, PWC, Ernst & Young, and KPMG.
What is the "Fair Fund" provision in SOX?
The "Fair Fund" provision sets aside any money recovered from fraud into a special fund to repay the victims of the fraud
What was the Sarbanes-Oxley Act an amendment to?
The Securities & Exchange Act of 1934
True or false: The AICPA is a voluntary membership organization for CPAs
True
True or false: The PCAOB revoked Michael Moore's ability to do public audits
True
True or false: The PCAOB was created by the Sarbanes-Oxley Act.
True
True or false: The longer the fraud goes undetected, the more the financial loss
True
True or false: When you join the AICPA, you agree to abide by the Code of Professional Conduct
True
True or false: There are always two agents in a transaction cycle.
True - An external agent and internal agent
True or false: If you violate the PCAOB, you violate the Securities & Exchange Commission
True - The PCAOB is operated under the SEC
True or false: If your CPA license is revoked, you can apply in other states
True - Your license probably won't be reinstated, but you can apply
What is collusion?
Two or more people working together to commit fraud
What is occupational fraud?
Using your occupation to commit fraud
Which function in Excel could you use when preparing your income tax return to find your tax rate from the IRS tax tables?
VLOOKUP or Lookup
What is the keyword for an expenditure cycle?
Vendor
Is the AICPA Code of Professional Conduct mandated for CPAs?
Yes - The PCAOB has adopted the CPC; therefore, the CPC is mandatory for CPAs practicing in public accounting firms that are registered with the PCAOB.
Can a CPA use a third-party service provider?
Yes, but the CPA must tell the client and the third-party must abide the rules that the CPA must follow
What are the components of the CPC?
0.300s = All CPAs Part 1 = Public CPAs Part 2 = CPAs in a corporation Part 3 = Everyone else (retired CPAs, educators, etc)
What formula could be used to exclude the biggest value from the sum of cells A3:A7?
1. =Sum(A3:A7)-Large(A3:A7,1) 2. =Sum(A3:A7)-Max(A3:A7) 3. =Sum(A3:A7)-Small(A3:A7,5)
A cashier writes and signs a check for an invoice received from a company owned by his brother, even though there was no supporting documentation. His brother cashed the check and split the cash with the cashier. Which functions were not adequately segregated?
1. Authorization 2. Handling
An accounts receivable clerk receives a phone call from an angry customer who accuses the company of overbilling them. The clerk promises to credit the customer's account, then enters the credit in the customer's account. Which functions were not adequately segregated?
1. Authorization 2. Recording
What basic functions must be segregated for adequate internal control?
1. Authorization 2. Recording 3. Handling
Name four types of transaction control activities
1. Authorizations and approvals 2. Verifications 3. Physical controls 4. Controls over standing data 5. Reconciliations 6. Supervisory controls
Closing a branch location in a high-crime area and outsourcing payroll processing are examples of which two categories of risk response?
1. Avoidance 2. Sharing
What are the risk response categories?
1. Avoidance 2. Sharing 3. Reduction 4. Acceptance
Name two data processing methods
1. Batch 2. Real-time
What are the two inherent limitations of internal control discussed in COSO and addressed in an audit report?
1. Collusion 2. Improper management override of controls
What are the five principles of the control environment?
1. Commitment to integrity and ethical values 2. Exercises oversight responsibility 3. Establishes structure, authority, and responsibility 4. Demonstrates commitment to competence 5. Enforces accountability
What are the components of the COSO Internal Control Framework?
1. Control environment 2. Risk assessment 3. Control activities 4. Information and communication 5. Monitoring
What are the three types of fraud?
1. Corruption 2. Asset Misappropriation 3. Financial Statement fraud
When referring to files, what are fields?
The intersection of rows and columns
What is the "expectation gap"?
The public thinks auditors look for fraud.
How many audits does an auditor typically work on at a time?
Three (just an estimate - not definite)
What is the most common fraud detection method?
Tips
True or false: 95% of fraudsters are first-time offenders
True
True or false: Audit fees must be disclosed.
True
True or false: Auditors recommend corrections but can't change them
True
True or false: Batch processing usually has a set schedule (example - daily, bi-weekly, etc)
True
True or false: COSO is considered the "gold standard" or de facto framework with 99% of publicly-traded companies using it.
True
True or false: COSO requires a code of ethics for financial executives
True
True or false: COSO was created in 1992
True
True or false: COSO was updated in 2013
True
True or false: For every annual report issued, an internal control report must be included
True
True or false: Having involved managers is a good fraud detection method
True
True or false: If an executive sells his or her shares of company stock, it must be posted on the company website
True
True or false: Internal audits are the second most common fraud detection method
True
True or false: Loans can be made to executives in private companies
True
True or false: Master files are usually the agent and resource facets of data
True
