Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

AUDIT 2024 > A5 > Flashcards

A5 Flashcards

1
Q

Describe the top-down approach used to select controls to test for issuer/nonissuer clients.

A

The top-down approach includes the following chronological levels:

Financial Statement Level: the auditor evaluates overall risks

Entity Level: the auditor identifies & tests controls pertaining to:

*The control environment
*Management override
*Monitoring the results of operations and other controls
*Period-end financial reporting
*Centralized processing
*The company’s risk assessment process
*Policies that address significant business control & risk management practices

*Accounts, Disclosure, and Assertions Level:
the auditor evaluates “inherent” risk factors to identify significant classes of transactions, account balances and disclosures, and their relevant assertions for which there is a reasonable possibility of material misstatement

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

After forming an opinion on the effectiveness of the entity’s internal control over financial reporting, an auditor should evaluate management’s report on internal control.

Describe the elements of management’s report on internal control

A

The management’s report should:

*Indicate that management is responsible for internal control
*Describe the subject matter
*Identify criteria used by management to measure the effectiveness of the entity’s internal control
*Include a statement of management’s assessment about the effectiveness of internal control, including an “as of” date
*Describe any material weaknesses identified by management

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Describe the difference in the purpose of an audit of FS & an audit of ICFR for a nonissuer.

A

Audit of FS: An auditor considers internal control in an audit conducted in accordance w/GAAS to plan the audit and determine the nature, extent, and timing of tests to be performed.

Audit of ICFR: An auditor expresses an opinion about whether the entity maintained, in all material respects, effective internal control as of a point in time based on the control criteria

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

How does the extent of testing of internal controls differ between a financial statement audit and an audit of ICFR for nonissuers?

A

The extent of testing of internal controls for a FS audit is more limited than that of an auditor engaged to audit the effectiveness of the entity’s internal control.

When rendering an opinion on internal control, the auditor should obtain evidence regarding the effectiveness of selected controls over all relevant assertions. This level of testing is not required for a FS audit.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Is the report that contains an opinion on the effectiveness of internal control over financial reporting restricted?

A

Generally, the report that contains an opinion of the effectiveness of internal control over financial reporting is not restricted

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What is the accountant’s responsibility w/respect to control deficiencies identified during an engagement to audit the internal control of a nonissuer?

A

Significant deficiencies & material weaknesses should be communicated in writing to management and those charged w/governance by the report release date.

Control deficiencies that are not significant deficiencies or material weaknesses should be communicated in writing to management within 60 days of the report release date.

A material weakness in internal control results in adverse opinion

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

May an auditor who is engaged to perform an integrated audit provide a report stating that all control deficiencies or all significant deficiencies have been identified?

A

An auditor should not issue a report stating that ALL significant deficiencies have been identified

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

May an auditor issue a report stating that no material weaknesses were identified when engaged to perform an integrated audit?

A

BC the auditor’s objective in an audit of internal control over financial reporting is to obtain reasonable assurance about whether effective internal control over financial reporting was maintained in all material respects, the auditor should not issue a report indicating that no material weaknesses were identified during the integrated audit.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

How are control deficiencies, significant deficiencies, and material weaknesses communicated by the auditor to the issuer in an integrated audit?

A

All internal control deficiencies over financial reporting that were identified during the audit should be communicated to management in writing.
The audit committee should be informed when the communication was made.

Any significant deficiencies identified during the audit should be communicated in writing to the audit committee.

Any material weaknesses identified during the audit should be communicated in writing to both management and the audit committee prior to the issuance of the auditor’s report on internal control over financial reporting.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What standards are referenced in the auditor’s report that provides an opinion on the internal control over financial reporting for:

  1. Issuer?
  2. Nonissuers?
A
  1. For issuers, an auditor must reference that the audit was conducted in accordance w/the standards of the Public Company Accounting Oversight Board (United States). PCAOB
  2. For nonissuers, an auditor must reference that the audit was conducted in accordance w/auditing standards generally accepted in the United States of America
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Is it possible for an auditor to render an unmodified opinion on the FS and an adverse opinion on internal control over financial reporting?

A

Yes, an auditor may render an unmodified opinion on the FS and an adverse opinion on internal control over financial reporting.

EX: the internal controls may not be operating effectively, but the FS may be fairly stated.

Note: The auditor should consider the effect of an adverse opinion on internal control over financial reporting has on the opinion on the FS.
The auditor should disclose whether the opinion on the FS was affected by the adverse opinion on internal control over financial reporting.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Define an attestation engagement

A

An attestation engagement is one in which a practitioner (CPA) is engaged to issue or does issue an examination, a review, or an agreed-upon procedures report on a subject matter, or an assertion about the subject matter, that is the responsibility of a party other than the practitioner (usually management)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Define underlying subject matter

A

In an attestation engagement, the phenomenon that is measured or evaluated by applying criteria (examination or review), or the phenomenon upon which procedures are performed (agreed-upon procedures)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Define subject matter information

A

In an attestation engagement, the outcome of the measurement or evaluation of the underlying subject matter against criteria

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

List 6 major attestation services

A

Statements on Standards for Attestation Engagements (SSAE) established by the AICPA provide information addressing attestation services for the following subject matters:

*Agreed-upon procedures
*Financial forecasts & projections
*Pro forma FS
*Reporting on controls at a service organization
*Compliance
*Management’s Discussion and Analysis

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

How are attestation standards different from GAAS?

A

*Broader in scope than GAAS

*Different conceptual focus: No reference is made to GAAP or to FS

*Do not supersede any existing standards (SAS, SSARS) for other engagements

*Provide for services tailored to the needs of the user, who may directly participate in specifying either the nature & scope of the engagement or the criteria against which the assertions are measured

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

What levels of assurance may be provided by attestation engagements?

A

*Assertion-Based Examination: A positive opinion, high level of assurance

*Review (“limited assurance”): Moderated level of assurance

*Agreed-upon Procedures: No assurance

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

Which type of attestation engagement involves expressing an opinion that convey the results of a measurement or evaluation without obtaining an assertion from the responsible party?

A

Direct examination engagement

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

Identify the 7 conditions that must exist in order to perform an agreed-upon procedures attestation engagement.

I AM
SURE

Agreed-upon procedures engagement provide no assurance. Reviews provide limited (negative) assurance.

A

*Independent of the practitioner

*Agreement of the parties
*Measurability & consistency of subject matter

*Sufficiency of the procedures
*Use of report can be general or restricted to specified parties
*Responsibility for the subject matter is with the client, or the client is able to provide evidence that a 3rd party is responsible
*Engagements to perform agreed-upon procedures on prospective FS must include a summary of significant assumptions

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

What is the difference between a financial forecast and a financial projection?

A

A financial forecast reflects, to the best of the responsible party’s knowledge, the expected financial results of a future period based on expected conditions and expected courses of action.

A forecast is appropriate for general or limited use.

A financial projection is based on hypothetical assumptions and reflects a “what if” scenario.

A financial projection is “RESTRICTED USE”

BOTH financial forecast & financial projections are appropriate for limited use.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

In what ways might the CPA be associated with prospective FS?

All reports on prospective FS require a statement indicating that the prospective results may not be achieved.

A

The practitioner may:

*Prepare Prospective FS

*Compile Prospective FS

*Apply agreed-upon procedures to prospective FS

*Examine prospective FS

Note that a review of prospective FS is NOT allowed

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

How does an examination of prospective FS differ from the application of agreed-upon procedures?

A

An examination:

*Is more substantial in scope & responsibility than an agreed-upon procedures engagement

*Includes the expression of an opinion as to whether the statements are presented in conformity w/AICPA guidelines & whether the underlying assumptions provide a reasonable basis for the prospective statements

23
Q

What type of engagement can an accountant perform on pro forma FS and what procedures are necessary for a pro forma statements engagement?

A

The accountant can conduct either an examination or review of pro forma FS.

The accountant should perform the following procedures in a pro forma FS engagement:

*Obtain an understanding of the future or hypothetical event and evaluate the pro forma adjustments & assumptions pertaining to the adjustments.

*Obtain written representations from management

*Make reference to the FS from which the historical information was derived, and indicate whether the FS were audited or reviewed

24
Q

When are a service organization’s services considered to be part of a user entity’s info system?

A

A svc organization’s services are considered to be part of a user entity’s information system when those services affect the initiation, execution, processing, or reporting of the user company’s transactions

25
Q

Difference between SOC 1 & SOC 2 report?

A

SOC 1 & 2 are both reports that report on Controls at a Service Organization.

Where they differ is:

SOC 1 Report is relevant to User Entities’ Internal Control over Financial Reporting.
Report is intended to be used by USER ENTITY and user auditor in evaluating the impact that certain relevant controls at the service organization have on the FS of the user entity.

SOC 2 Report is relevant to security, Availability, Processing Integrity, Confidentiality, or Privacy.
Gives assurance to a broad range of users of the controls in place at a service organization relevant to one or more of the Trust Services Criteria of Security, Availability, Processing Integrity, Confidentiality and Privacy.

26
Q

What are the responsibilities of a user auditor as it relates to svc organization relevant to the audit.

A

User auditor should obtain understanding of:
*nature & significance of the services provided by the svc organization
*the effect on the user entity’s system of internal control

Understanding should provide an appropriate basis to:
*identify & assess the risks of material misstatement
*design & perform audit procedures responsive to those risks

27
Q

What type of opinion should be issued if the user auditor is unable to obtain sufficient appropriate audit evidence regarding the services provided by a svc organization relevant to the audit?

A

Qualified Opinion
or
Disclaimer of Opinion

28
Q

What 2 types of SOC reports may a svc auditor provide, and what is the difference in how the user auditor may use them?

A

Both Report on Management’s Description of the Service Organization’s System & the Suitability
Type 1 Report -
*Design of Controls (called)
*Does not provide assurance on the operating effectiveness of controls
*Does not support a reduction in the assessed level of control risk

Type 2 Report-
*Design & Operating Effectiveness of Controls (called)
*Provides assurance on the operating effectiveness of the controls
*Supports a reduction in the assessed level of control risk

29
Q

Identify 3 situations for which an auditor may be asked to report on compliance.

A

*Compliance w/contractual agreements or regulatory requirements in connection w/FS audit

*An attestation engagement regarding an entity’s compliance w/requirements of specific laws & regulations or on internal control over compliance

*Compliance & internal control over compliance as part of a single audit engagement when auditing a recipient of federal financial assistance

30
Q

Under US auditing standards, when may an auditor issue a special report on a client’s compliance w/contractual agreements or regulatory requirements in connection w/a FS audit?

A

*must have audited the client’s FS and expressed an unmodified or qualified opinion (ex: no adverse opinion or disclaimer)

*may only give negative assurance on the compliance

31
Q

When issuing a report on a client’s compliance w/contractual agreements or regulatory requirements in connection w a FS audit, how may the report be presented?

A

The report on compliance should be in writing & may either be a separate report or provided in one or more paragraphs in the auditor’s report on the FS.

32
Q

When reporting on an attestation engagement regarding an entity’s compliance w/requirements of specific laws & regulations or on internal control over compliance, practitioners may be engaged to perform what types of engagements?

A

Practitioners may be engaged to perform agreed-upon procedures or examination engagements on an entity’s compliance.

A practitioner should not accept an engagement to perform a review

33
Q

What conditions must be met in order for a practitioner to perform an agreed-upon procedures engagement related to an entity’s compliance w/specified requirements or internal control over compliance w/specified requirements?

A

*Responsible party must accept responsibility for the entity’s compliance w/specified requirements & the entity’s internal control over compliance w/specified requirements

*Responsible party must evaluate the entity’s compliance w/specified requirements or the entity’s internal control over compliance w/specified requirements

34
Q

What conditions must be met in order for a practitioner to perform an examination engagement related to an entity’s compliance w/specified requirements

A

*Responsible party accepts responsibility for the entity’s compliance w/specified requirements & the effectiveness of the entity’s internal control over compliance

*Responsible party evaluates the entity’s compliance w/specified requirements

*Sufficient evidential matter must exit or can be developed to support management’s evaluation

35
Q

What is the formula for audit risk of noncompliance (as adapted from the audit risk model)?

A

Audit risk of noncompliance (should be low) =

Risk of material noncompliance (assessed by auditor)
X
Detection risk (controlled by auditor)

36
Q

Explain the differences between “unconditional requirements” and “presumptively mandatory requirements” defined by GAGAS (the Yellow Book).

A

GAGAS define “unconditional requirements” w/ which the auditor “must” comply

AND

“Presumptively mandatory requirements” w/ which the auditor “should” comply.

The reason for not observing presumptively mandatory requirements that are not observed must be documented.

37
Q

Identify the 3 types of governmental audits/engagements normally undertaken by CPAs.

A

FINANCIAL AUDITS:
Incorporate GAAS and determine whether the FS present fairly the financial position, results of operations, and cash flows in accordance w/ GAAP. May also include audits of FS performed in conformity w/ a special purpose framework or other comprehensive basis of accounting.

ATTESTATION ENGAGEMENTS:
Incorporate the AICPA’s standards for examinations, reviews, and agreed-upon procedures by reference, and include expanded requirements.

PERFORMANCE AUDITS:
Engagements that may have the following objectives:
Effectiveness
Economy
Efficiency;
Internal Control; Compliance & prospective analysis

38
Q

Attestation engagements performed in conformity w/Government Auditing Standards (the Yellow Book) could include what subject?

A

*Compliance w/specified laws, regulations, rules, contracts, or grants

*Effectiveness of internal control over compliance w/ specified requirements.

*Presentation of management’s discussion and analysis (MD&A)

*Reliability of performance measures

39
Q

What 4 objectives may be included in performance audits under GAGAS?

A
  • Effectiveness, economy, and efficiency
  • Internal Control
  • Compliance

*Prospective analysis

40
Q

Which key category of performance audit objectives is described by the following:

Audit objectives that focus on program effectiveness & results to evaluate whether programs are meeting their goals & objectives, and which address the costs & resources used to execute program initiatives.

A

EFFECTIVENESS

ECONOMY

EFFICIENCY

41
Q

Which key category of performance audit objectives is described by the following:

Audit objectives that relate to evaluating compliance w/criteria established by provisions of laws, regulations, contracts, and grant agreements, or other requirements

A

COMPLIANCE

42
Q

Describe the guidance added by the GAO in the 2018 revision of the Yellow Book concerning internal control & performance audits.

A

In 2018 revision of the Yellow Book, the GAO added guidance that auditors should consider whether internal controls are significant to the audit objectives and, if so, should determine which of the 5 COSO components are significant.

Similar to a financial stmt audit, the auditors would then assess the design & implementation of internal controls & potentially test the operating effectiveness of internal controls. Any deficiencies should be assessed and used in the evaluation of identified findings

43
Q

When performing financial audits under GAGAS, what additional requirements are required in addition to the standard GAAS requirements?

A
  • Previous audits & attestation engagements: the auditor should evaluate whether appropriate corrective actions to address findings from previous audit engagements have been addressed.
  • Fraud, noncompliance, and abuse: the auditor should consider compliance w/ contracts or grant agreements and the occurrence of abuse & should avoid interference w/ investigations or legal proceedings.
  • Findings: the auditor should plan & perform procedures to develop the elements of a finding including criteria, condition, cause, and effect or potential effect.

*Documentation: auditor should document evidence of supervisory review of the work performed and any departures from GAGAS.

*Communication: auditor should communicate pertinent information that in the auditor’s professional judgment needs to be communicated to individuals contracting for or requesting the audit

44
Q

When reporting on financial audits under GAGAS, what additional requirements are required in addition to the standard GAAS requirements?

A
  • A stmt in the audit report that they complied w/GAGAS
  • Report on internal control & compliance w/ provisions of laws, regulations, contracts, grant agreements, and federal awards
  • Communication of deficiencies in internal control, fraud, and noncompliance
  • Report findings & also solicit & report views of responsible official along w/ any planned corrective actions
  • Disclosure of the exclusion of confidential or sensitive info from an audit report
45
Q

Determine the # of opinions required for a FS audit that falls under government auditing standards

A

One opinion is required for a FS audit that falls under government auditing standards, which is on the fairness of the FS

Note: Government auditing standards also require a report on internal control over financial reporting & on compliance w/ provisions of laws, regulations, contracts, grant agreements, or federal awards that have a material effect on the FS.
GAGAS does not require that the auditor express an opinion on internal controls.

46
Q

Which laws & regulations need to be considered by the auditor in a government audit?

A

The auditor must consider the effects of laws & regulations that have a direct & material effect on the determination of amounts in the entity’s FS.

Management’s representations should include a stmt that management has identified and disclosed in writing to the auditor all the laws and regulations that have a direct & material effect on its FS.

47
Q

When reporting on a client’s internal control deficiencies & weaknesses under GAGAS, the auditor is required to perform which procedures?

A

When reporting on a client’s internal controls, the auditor must:

*obtain an understanding of the design of relevant controls and determine whether they have been implemented

*communicate all significant deficiencies (reportable conditions) noted during the audit, even those that do not result in material weaknesses’;

*prepare a written report on the auditor’s understanding of the client’s internal control & assessment of control risk;

AND

*report significant deficiencies to specific legislative & regulatory bodies

Note: 3rd & 4th bullet ponts are required for GAGAS, but not GAAS

48
Q

Reporting standards for financial audits under Government Auditing Standards differ from reporting standards under generally accepted auditing standards (GAAS) in that

A

Government Auditing Standards require the auditor to describe the scope of the auditor’s tests of compliance w/ laws & regulations.

49
Q

In conducting an audit of an organization receiving federal financial assistance, what additional audit procedures must be performed in addition to the general requirements of GAAS & GAGAS?

A

Those procedures performed under GAAS & GAGAS plus:

  • Expanded internal control documentation & testing requirements
  • Expanded reporting to include formal written reports on the consideration of internal control & the assessment of control risk
  • Expanded reporting to include whether the federal financial assistance has been administered in accordance w/ applicable laws & regulations
  • Application of single audit standards to federal financial assistance
50
Q

Audits of governmental entities may draw on up to 3 sets of standards or supplementary requirements.

What are they & what are the circumstances that surround their application?

A

Generally accepted auditing standards (all audits)

Generally accepted government auditing standards (Yellow Book audits): auditee is a government, or receives financial assistance from the government

2 CFR 200.500 (single Audits of Federal Financial Assistance): an entity expending more than $750,000 in federal financial assistance annually

50
Q

What are the objectives of a single audit?

A
  • Audit of the entity’s financial statements & reporting on a separate schedule of expenditures of federal awards in relation to those FS
  • Compliance audit of federal awards expended during the year as a basis for issuing additional reports on compliance related to major programs and on internal control over compliance
51
Q

Material noncompliance w/ the requirements of major federal financial assistance programs results in what type of opinion on compliance?

A

Qualified (expect for) or adverse opinions on compliance will be rendered in the event of discovery of material reportable instances of noncompliance

52
Q

What are the 4 reports recommend under the Single Audit Act?

A

Under the Single Audit Act, the following are recommended:

*Opinion (or disclaimer) on FS & supplementary schedule of expenditures of federal awards

*Report on internal control & compliance w/provisions of laws, regulations, contracts, & grant agreements

*Report on compliance & internal control over compliance applicable to ea major program. This report must include an opinion (or disclaimer) on compliance

*Schedule of findings & questioned costs

53
Q

How does materiality under the Single Audit Act differ from materiality under both GAAS & GAGAS?

A

Under the Singles Audit Act, materiality is considered separately for each major program, not simply in relation to the FS taken as a whole

Under both GAAS & GAGAS, materially is considered in relation to the FS being audited taken as a whole

AUDIT 2024 (10 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions