A5 - Integrated Audits, Attestation Engagements, Compliance and Government Audits Flashcards
(85 cards)
1
Q
When is an examination engagement performed?
A
The purpose is to obtain reasonable assurance about whether, in all material respects to the following:
1. prospective F/S is presented in accordance with AICPA guidelines
2. Assumptions underlying projections/forecast are suitably supported
3. Express an opinion in a written report on the matters in a paragraph.
2
Q
What are the main characteristics of an examination engagement?
A
- Positive assurance will be provided
- An opinion will be issued
- Independence is required
3
Q
When can be examination reported?
A
Examination can be reported on:
1. Prospective financial statements
2. Pro forma financial statements
3. Compliance engagements
4. Management discussion and analysis (MD&A)
5. Service organizations
4
Q
When is a SOC 1 report used?
A
A SOC 1 report focuses on internal controls over financial reporting
5
Q
When is a SOC 2 report used?
A
A SOC 2 report focuses on controls over data security.
6
Q
What is the SOC 2 Trust Service Criteria (TSC)?
A
- Security (mandatory)
- Availability - if you’re making ‘up-time’ guarantees
- Processing integrity
- Confidentiality
- Privacy - protection of private/personal information
7
Q
When is a type 1 report used in a SOC report?
A
Type 1 reports only cover the design of internal controls over financial reporting at a specific point in time. No opinion is rendered.
8
Q
When is a type 2 report used in a SOC report?
A
Type 2 reports covers the design and effectiveness of internal controls over security (test of controls and results). An opinion is rendered on the effective operation of the controls over a period of time.
9
Q
What services are not considered attestation engagements?
A
- Tax preparation services
- Consulting or advisory services
- Internal Control Audits
- Litigation services
10
Q
What type of engagements are classified as review?
A
- Pro forma financial statements
- Management discussion and analysis (MD&A)
11
Q
What type of engagements are classified as agreed-upon procedures?
A
- Prospective financial statements
- Compliance engagements
- Agreed-upon procedures
12
Q
What is attestation risk?
A
It is similar to audit risk and it is the risk the practitioner will express an inaccurate opinion or conclusion on the subject matter or assertion
13
Q
How is attestation risk computed?
A
Attestation risk = inherent risk + control risk + detection risk
14
Q
What is inherent risk?
A
Risk of misstatement or error without considering controls. This risk exist independent to the attestation engagement and practitioner does not have control over it.
15
Q
What increases inherent risk?
A
- complex calculations
- High-volume transactions
- cash businesses
- amounts derived from estimates
- economy
16
Q
What is control risk?
A
Risk of misstatement or error after considering controls. This risk exist independent to the attestation engagement and practitioner does not have control over it.
17
Q
When are control risks considered high?
A
Control risk is consider high when:
1. Controls implemented are not operating effectively
2. No controls exist relative to a specific assertion
3. Testing operating effectiveness of internal controls is not efficient.
18
Q
What is detection risk?
A
Risk that the CPA does not identify a material misstatement or error. Detection risk does not exist independent of the attestation engagement. Therefore, the practitioner has control over this risk by modifying the nature, extent, and timing of attestation procedures.
19
Q
When is an inverse relationship with attestation risk?
A
An inverse relationship exists regarding the practitioner’s acceptable level of detection risk and the assurance that will be required from test of details.
20
Q
What are the key characteristics of an audit?
A
- focuses on historical F/S
- Requires independence
- express positive assurance
- PCAOB/SAS standards
21
Q
What are the key characteristics of an examination?
A
- focus on proforma F/S, service org, compliance, MD&A, prospective F/S
- requires independence
- Express positive opinion
- SSAE standards
22
Q
What is the objective of an integrated audit?
A
The objective is to report on internal controls over financial reporting to obtain reasonable assurance that no “material weaknesses” exist.
23
Q
What is the auditor require to do in an integrated audit?
A
The auditor is required to test internal controls, and should design a test of controls so they are relevant to the financial statement audit
24
Q
What materiality is used by the auditor in an integrated audit?
A
Same materiality for both financial statement audit and the audit of internal control over financial reporting.
25
What is a top-down approach for an audit of internal controls?
Allows the auditor to take a systematic approach to identify risks and select which controls to test
26
Who are lesser deficiencies found communicated to in the case of a non-public entity?
These are reported to management within 60 days of the report release date (documentation completion date). Those charged with governance should be informed.
27
When are lesser deficiencies found communicated to in the case of a governmental entity?
Auditor must communicate deficiencies within 60 days of the report release date (documentation completion date)
28
What opinion does the auditor render in an integrated audit of an issuer with material weaknesses?
The auditor will render an adverse opinion if there are material weaknesses in internal controls. Significant deficiencies do not apply.
29
Who issues Generally Accepted Government Auditing Standards (GAGAS)?
GAGAS is issued by the Government Accountability Officer (GAO) under the authority of the comptroller general of the U.S.
30
What is another name for GAGAS?
The yellow book
31
How is an audit of a governmental entity performed?
It is performed using GAGAS and GAAS standards
32
How is the audit report on internal controls over financial reporting structured under a GAGAS audit?
1. it must be in writing
2. Must be issued regardless of whether there are significant deficiencies or not.
3. Report should comment on the scope of auditor's testing on internal controls (understanding of design of relevant controls, implementation, and assessed control risk).
4. Report can be combined or separate.
33
How should the auditor documents significant deficiencies on internal controls?
1. if response is written, it should be included in the auditor's report
2. If response is oral, it should include a summary of the oral response in the auditor's report.
34
What is the auditor's responsibility to report on compliance with GAGAS?
Auditor is required to report on compliance with laws, regulations, contracts, and grants even if there are no instances of non-compliance.
35
How is the auditor's report on compliance structured under GAGAS (GADOMIS)?
G - GAGAS and GAAS compliance
A - Audit's design to provide reasonable assurance of detecting instances of non-compliance
D - Distinguish b/w general and specific requirements
O - No opinion on overall compliance with laws and regulations
M - Management's responsibility to comply with laws and regulations
I - Illegal acts reporting ("criminal prosecution" and "more than inconsequential")
S - Scope of testing of internal controls over compliance and testing results (deficiencies and material weaknesses)
36
What are general requirements in the audit report?
Requirements that are applicable to all general programs
37
What are specific requirements in the audit report?
requirements that are specific to a particular federal program
38
What action should the auditor follow if identifies noncompliance, fraud, illegal act, significant deficiencies in internal controls or if entity refuses to acknowledge it?
1. Auditor approaches management of government entity.
2. If no action taken, auditor approaches external parties (e.g., federal agency furnishing grants)
3. No overall report in compliance is provided by the auditor
39
How should the auditor report instances of illegal acts that result in "criminal prosecution"?
Report in compliance should identify illegal acts that are "more than inconsequential"
40
What are the 3 types of reports under GAGAS?
1. Financial Statement Audit Report
2. Internal control report
3. Report on compliance
41
What does the Single Audit Act requires?
State and local government entities that expended total federal assistance greater than or equal to $750,000 in a fiscal year have an audit performed. Purpose is to promote efficiency.
42
What is the emphasis of a single coordinated audit under the Single Audit Act?
Perform a single coordinated audit of the total federal funds with emphasis on the "major" assistance program. Auditor should recognize the major programs.
43
How is materiality determined under the Single Audit Act?
Materiality is determined for each major federal financial assistance program
44
How is an audit under the Single Audit Act performed?
Auditor should perform the following:
1. test controls over each major program
2. Evaluate compliance with emphasis on matters that have material and direct effect in the major programs
45
When does GAGAS standard use the term "unconditional"?
To describe professional requirements to comply with a standard in all circumstances in which it is relevant
46
When does GAGAS standard use the term "presumptively mandatory"?
To describe professional requirements to comply with a standard or provide a special explanation for not doing so.
47
How should the CPA complete the audit documentation under GAGAS?
Similar to GAAS, audit documentation should be sufficient information so that supplementary oral explanations are not required. This will help the new auditor reviewing the documentation be able to determine what work was performed without additional explanations.
48
Who can perform a single audit?
1. CPA Firms
2. Government Auditors at the state and local levels
49
What standards are single audits performed?
GAGAS and GAAS standards.
50
Who are the users of a forecast?
Forecast are for general use
51
Who are the users of a projection?
Projections have a restricted use (limited use only).
52
What are the types of prospective financial statements?
1. Forecast
2. Projection
53
What is a forecast?
Next year's F/S assuming what is generally expected regarding company growth, interest rates, inflation, and assumptions based on reasonable expectations from last year (historical data)
54
What is a projection?
Next year's F/S assuming hypothetical situations/assumptions that are not widely expected (what if type of scenario).
55
When are examples of limited use or restricted use applied?
1. The principle stockholder only
1. Negotiations for a bank loan
2. Submission to a regulatory agency
3. Use solely within the entity
56
What are the steps in a top-down approach in an integrated audit to assess risk?
1. obtain an understanding of the company and industry
2. Examines entity level controls
3. Review accounts, disclosures, and assertions that have a reasonable possibility to be materially misstated.
4. Select controls for testing (selecting appropriate evidence to conclude on the control)
5. Conclude on the effectiveness of internal controls over financial reporting.
57
What are entity-level controls?
Are used to ensure that sufficient policies and procedures are implemented to recognize misstatements due to error or fraud in a timely manner.
58
What are entity-level controls?
1. controls related to Control Environment
2. Controls to prevent mgmt override
3. Entity's risk assessment process
4. Controls over information and communication
5. Controls over monitoring the results of operations
6. controls over monitoring the results of other controls (e.g., activities of internal audit staff)
7. controls over period end financial reporting process
8. Control over risk management practices
59
What are the controls over the control environment?
Asses how management promotes the following:
1. Ethical values and integrity
2. whether board of directors assumed responsibility for the accuracy and completeness of the F/S
60
What are the controls over the period end financial reporting process?
Assess methods used to perform the following:
1. enter information to the general ledger
2. extent to which IT is used
3. Type of adjusting and consolidation entries
4. Involvement of management
5. board and audit committee in the period end reporting process
61
When can the CPA report on an examination of proforma financial information?
The CPA can report on an examination of proforma financial information if the historical F/S has been audited.
62
What are the engagements regarding proforma the CPA attempts to determine whether management's assumptions provide reasonable basis for presenting the significant effects attributable to the underlying transactions and events?
Examination and Review
63
What are the type of opinions that could be rendered in an examination engagement of pro forma F/S?
unmodified, qualified, adverse or disclaimer of opinion
64
What's the date used in an examination report of proforma F/S?
As of the date of completion of the pro forma procedures
65
What does the CPA's report on a review of proforma F/S include?
1. Identification of proforma information
2. Reference to the F/S from which the historical financial information is derived
3. A statement as to whether the F/S were audited or reviewed
4. A statement on conformance with AICPA standards
5. A caveat that a review is substantially less in scope than an examination and that no opinion is expressed.
6. Separate paragraph stating the objective of proforma financial information
7. Practitioner's conclusion providing limited assurance
66
What are preconditions for the CPA to perform an examination or review on proforma F/S?
1. Obtain appropriate knowledge of the entity's accounting and financial reporting (e.g., knowledge from CPA who performed historical F/S, industry trade journals)
2. CPA must be independent
3. Ensure computation in proforma columns are correct
4. Obtain written representation at the end of engagement
67
What is an agreed-upon procedures engagement?
An independents CPA issues a report on findings based on specified procedures performed and agreed with the engaging party. Follows attestation standards, SSAE#19
68
How does agreed-upon procedures services differentiate from other engagements?
1. Must be independent
2. Performs specific procedures on subject matter
3. Report findings without any opinion or conclusion.
4. Produces no assurance (no positive or negative assurance)
5. Will list out procedures and their corresponding findings
6. Report can be used for general use or restricted
7. Engaging party takes responsibility for the procedures prior to the issuance of the AUP report
8. Engagement letter is required
9. Mgmt. rep letter is required,
69
What are the AICPA standards that apply to an AUP?
SSAE standards
70
How does the AICPA require the procedures to be described in the engagement letter (specific terms)?
1. Inspection
2. confirmation
3. comparison
4. agree
5. trace
6. inquire
7. recalculate
8. observe
9. mathematical check
71
What is the role of the client's internal audit staff in an agreed upon procedures engagement?
Client's internal audit staff can provide the CPA schedules and collect data for their use, but they cannot perform any procedures.
72
Who is required to perform the agreed upon procedures?
The CPA and the specialist.
73
What is the date of the written representation letter on an AUP?
written representation should be dated the same as the agreed upon procedures report date.
74
What information is included in a report related to an agreed upon procedures engagement (SAPITO ROSADA)?
S - Statement stating CPA's independence and meet certain ethical requirements
A - Addressee
P - Procedures and findings description, no assurance
I - Identification of engaging party
T - Title of report includes word independent
O - No Opinion/conclusion rendered
R - Relevant subject matter - F/S, forecasts, projections
O - practitioner's office City and state
S - Signature of CPA Firm
A - AICPA SSAE standards
D - Date of report (no earlier than when the procedures were performed and findings determined)
A - Alert to restrict
75
What should the CPA do if engaged to perform an examination of projections?
It should ensure that hypothetical assumptions used to determine the projection are disclosed. Otherwise, it should not accept the engagement.
76
What would the auditor do if the engaging party and responsible party refuses to provide a written assertion or written representation in an examination engagement under SSAE?
The auditor should withdraw from the engagement
This is applicable to all attestation engagements.
77
When does the CPA renders a qualified or adverse opinion in an examination engagement related to financial forecast or projection?
Prospective financial information departs in a material way from AICPA presentation guidelines
78
When is an adverse opinion rendered in an examination engagement related to financial forecast or projection?
Prospective financial information fails to disclose any "significant assumptions," or if one or more of the significant assumptions are not suitably supported or do not provide reasonable basis for the forecast or projection.
79
When is a disclaimer of opinion rendered in an examination engagement related to financial forecast or projection?
If the CPA is unable to obtain sufficient appropriate evidence as a basis for the opinion.
80
What is a list of walkthrough procedures used in an integrated audit?
1. Inquiry
2. Observation
3. Inspection of relevant documentation
4. Reperformance of controls
81
What would the auditor do if the engaging party and responsible party are different and refuse to provide a written assertion or written representation in an examination engagement under SSAE?
1. Auditor should disclose in the refusal in the examination or review
2. The auditor should restrict the use of the examination/review to the engaging party
82
How are significant deficiencies reported in an audit of internal controls over compliance under GAGAS?
Auditor should obtain a response from management of the entity.
1. If response is written, it should be included in the auditor's report.
2. If response is oral, report should include a summary of oral responses.
83
How is the integrated audit report titled?
PCAOB issuer audit reports typically use the title "Report of Independent Registered Public Accounting Firm."
84
When is a prospective financial statement presented partially?
A presentation is partial if it "omits" one or more of the following:
1. Sale or revenue
2. Gross profit or cost of sales
3. Unusual or infrequently occurring items
4. Provisions for income taxes
5. Discontinued operations
6. Income from continuing operations
7. Net income
8. Basic and diluted earnings-per-share
9. significant changes in financial position.
85
