A5 Flashcards
Describe the top-down approach used to select controls to test for issuer/nonissuer clients.
The top-down approach includes the following chronological levels:
Financial Statement Level: the auditor evaluates overall risks
Entity Level: the auditor identifies & tests controls pertaining to:
*The control environment
*Management override
*Monitoring the results of operations and other controls
*Period-end financial reporting
*Centralized processing
*The company’s risk assessment process
*Policies that address significant business control & risk management practices
*Accounts, Disclosure, and Assertions Level:
the auditor evaluates “inherent” risk factors to identify significant classes of transactions, account balances and disclosures, and their relevant assertions for which there is a reasonable possibility of material misstatement
After forming an opinion on the effectiveness of the entity’s internal control over financial reporting, an auditor should evaluate management’s report on internal control.
Describe the elements of management’s report on internal control
The management’s report should:
*Indicate that management is responsible for internal control
*Describe the subject matter
*Identify criteria used by management to measure the effectiveness of the entity’s internal control
*Include a statement of management’s assessment about the effectiveness of internal control, including an “as of” date
*Describe any material weaknesses identified by management
Describe the difference in the purpose of an audit of FS & an audit of ICFR for a nonissuer.
Audit of FS: An auditor considers internal control in an audit conducted in accordance w/GAAS to plan the audit and determine the nature, extent, and timing of tests to be performed.
Audit of ICFR: An auditor expresses an opinion about whether the entity maintained, in all material respects, effective internal control as of a point in time based on the control criteria
How does the extent of testing of internal controls differ between a financial statement audit and an audit of ICFR for nonissuers?
The extent of testing of internal controls for a FS audit is more limited than that of an auditor engaged to audit the effectiveness of the entity’s internal control.
When rendering an opinion on internal control, the auditor should obtain evidence regarding the effectiveness of selected controls over all relevant assertions. This level of testing is not required for a FS audit.
Is the report that contains an opinion on the effectiveness of internal control over financial reporting restricted?
Generally, the report that contains an opinion of the effectiveness of internal control over financial reporting is not restricted
What is the accountant’s responsibility w/respect to control deficiencies identified during an engagement to audit the internal control of a nonissuer?
Significant deficiencies & material weaknesses should be communicated in writing to management and those charged w/governance by the report release date.
Control deficiencies that are not significant deficiencies or material weaknesses should be communicated in writing to management within 60 days of the report release date.
A material weakness in internal control results in adverse opinion
May an auditor who is engaged to perform an integrated audit provide a report stating that all control deficiencies or all significant deficiencies have been identified?
An auditor should not issue a report stating that ALL significant deficiencies have been identified
May an auditor issue a report stating that no material weaknesses were identified when engaged to perform an integrated audit?
BC the auditor’s objective in an audit of internal control over financial reporting is to obtain reasonable assurance about whether effective internal control over financial reporting was maintained in all material respects, the auditor should not issue a report indicating that no material weaknesses were identified during the integrated audit.
How are control deficiencies, significant deficiencies, and material weaknesses communicated by the auditor to the issuer in an integrated audit?
All internal control deficiencies over financial reporting that were identified during the audit should be communicated to management in writing.
The audit committee should be informed when the communication was made.
Any significant deficiencies identified during the audit should be communicated in writing to the audit committee.
Any material weaknesses identified during the audit should be communicated in writing to both management and the audit committee prior to the issuance of the auditor’s report on internal control over financial reporting.
What standards are referenced in the auditor’s report that provides an opinion on the internal control over financial reporting for:
- Issuer?
- Nonissuers?
- For issuers, an auditor must reference that the audit was conducted in accordance w/the standards of the Public Company Accounting Oversight Board (United States). PCAOB
- For nonissuers, an auditor must reference that the audit was conducted in accordance w/auditing standards generally accepted in the United States of America
Is it possible for an auditor to render an unmodified opinion on the FS and an adverse opinion on internal control over financial reporting?
Yes, an auditor may render an unmodified opinion on the FS and an adverse opinion on internal control over financial reporting.
EX: the internal controls may not be operating effectively, but the FS may be fairly stated.
Note: The auditor should consider the effect of an adverse opinion on internal control over financial reporting has on the opinion on the FS.
The auditor should disclose whether the opinion on the FS was affected by the adverse opinion on internal control over financial reporting.
Define an attestation engagement
An attestation engagement is one in which a practitioner (CPA) is engaged to issue or does issue an examination, a review, or an agreed-upon procedures report on a subject matter, or an assertion about the subject matter, that is the responsibility of a party other than the practitioner (usually management)
Define underlying subject matter
In an attestation engagement, the phenomenon that is measured or evaluated by applying criteria (examination or review), or the phenomenon upon which procedures are performed (agreed-upon procedures)
Define subject matter information
In an attestation engagement, the outcome of the measurement or evaluation of the underlying subject matter against criteria
List 6 major attestation services
Statements on Standards for Attestation Engagements (SSAE) established by the AICPA provide information addressing attestation services for the following subject matters:
*Agreed-upon procedures
*Financial forecasts & projections
*Pro forma FS
*Reporting on controls at a service organization
*Compliance
*Management’s Discussion and Analysis
How are attestation standards different from GAAS?
*Broader in scope than GAAS
*Different conceptual focus: No reference is made to GAAP or to FS
*Do not supersede any existing standards (SAS, SSARS) for other engagements
*Provide for services tailored to the needs of the user, who may directly participate in specifying either the nature & scope of the engagement or the criteria against which the assertions are measured
What levels of assurance may be provided by attestation engagements?
*Assertion-Based Examination: A positive opinion, high level of assurance
*Review (“limited assurance”): Moderated level of assurance
*Agreed-upon Procedures: No assurance
Which type of attestation engagement involves expressing an opinion that convey the results of a measurement or evaluation without obtaining an assertion from the responsible party?
Direct examination engagement
Identify the 7 conditions that must exist in order to perform an agreed-upon procedures attestation engagement.
I AM
SURE
Agreed-upon procedures engagement provide no assurance. Reviews provide limited (negative) assurance.
*Independent of the practitioner
*Agreement of the parties
*Measurability & consistency of subject matter
*Sufficiency of the procedures
*Use of report can be general or restricted to specified parties
*Responsibility for the subject matter is with the client, or the client is able to provide evidence that a 3rd party is responsible
*Engagements to perform agreed-upon procedures on prospective FS must include a summary of significant assumptions
What is the difference between a financial forecast and a financial projection?
A financial forecast reflects, to the best of the responsible party’s knowledge, the expected financial results of a future period based on expected conditions and expected courses of action.
A forecast is appropriate for general or limited use.
A financial projection is based on hypothetical assumptions and reflects a “what if” scenario.
A financial projection is “RESTRICTED USE”
BOTH financial forecast & financial projections are appropriate for limited use.
In what ways might the CPA be associated with prospective FS?
All reports on prospective FS require a statement indicating that the prospective results may not be achieved.
The practitioner may:
*Prepare Prospective FS
*Compile Prospective FS
*Apply agreed-upon procedures to prospective FS
*Examine prospective FS
Note that a review of prospective FS is NOT allowed