AUD 1 - Audit Standards & Engagement Planning Flashcards Preview

CPA AUDIT > AUD 1 - Audit Standards & Engagement Planning > Flashcards

Flashcards in AUD 1 - Audit Standards & Engagement Planning Deck (49):

What are the three basic types of Audits?

  1. Compliance Audits
    • Designed to determine if an entity is complying wtih applicable laws & regulations?
    • Performed by gov't or regulatory orgs
  2. Operational Audits
    • Effectiveness, Efficiency, Economy - done by internal Auditors, Govt auditors or CPAs.
      • Audit dept or division to see if meeting organizational goals
        • Company's policies & procedures
      • Govt auditors to determine the effectiveness & benefit of specific govt funded programs
    • Often performed by Internal Auditors
  3. Financial Statement Audits
    • Designed to determine if FS are fairly presented in accordance w/ the AFRF.
    • Performed exclusively by CPAs.


Applicable Financial Reporting Framework


(General vs. Special)

Applicable Financial Reporting Framework - basis of an audit, a set of criteria used to determine measurement, recognition, presentation & disclosure of all materials items appearing in the FS.

  • General Purpose Framework:
    • GAAP, issued by FASB
    • IFRS, issued by the ISAB
    • Statements of Federal Financial Accounting Standards, issued by Fed Acct Std Advisory Board
    • Statements of Govt Accounting Standards, issued by GASB
  • Special Purpose Framework (OCBOA):
    • Cash Basis
    • Modified Cash Basis
    • Tax Basis
    • Regulatory Agency Basis
    • Contractual Basis


The Steps in an Audit


  1. Prepare for the Audit
  2. Obtain understanding of Client, its Environment, & Internal Control
  3. Asses Risks of Material Misstatement and determine nature, timing, & extent of further procedures
  4. Perform Tests of Control
  5. Perform Substantive Procedures
  6. Formulate an Opinion
  7. Issue an Audit Report


What are 4 general qualifications an Auditor must have to perform an audit?

  1. Appropriate competence & capabilities to perform the audit in the form of adequate technical training & proficiency
    • Continuing Education (CPE)
    • Practical Experience
    • Knowledge of Industry & Business
    • Proper Education in accounting
  2. Applies professional skepticism - an attitude that includes a questioning mind & critical assessment of audit evidence. 
  3. Complies w/ relevant ethical requirements.
    • Independence in fact & appearance
  4. Exercises professional judgement throughout the engagement.


 What is Reasonable Assurance?

Reasonable Assurance - A high level of assurance, although not equivalent to absolute assurance.

  • The scope of the audit is limited to items that are considered material
  • The auditor cannot look at evidence supporting all information in the FS


To obtain Reasonable Assurance, the auditor must?


What are the 5 steps?


To obtain Reasonable Assurance, the auditor must?

  1. Plan the work
  2. Properly supervise assistants
  3. Determine & apply appropriate Materiality levels
  4. Identify & Asses RMM
    • May be due to fraud or error
    • Based on auditor's understanding of the enity & environment
  5. Obtain sufficient appropriate audit eveidence


What are the Clarity Standards?

  • Clarity Standards are the 10 GAAS re-organized in a uniform manner. These standards were designed to clarify auditing standards (GAAS), make them easier to follow & easier to understand.
  • These Clarity Standards apply to audits of non-issuers.
  • Clarity Standards were created by the ASB of the AICPA.


Under the Clarity Standards, what are the two pronouncement issued by ASB which describes two levels of requirements that are imposed on the auditors?

  1. Unconditional Requirements
    • "Must or Required" to
  2. Presumptively Mandatory Requirement
    • "Should"


NOTE:  The Auditing Standards Board (ASB) is the AICPA's senior committee for auditing, attestation, and quality control applicable to the performance and issuance of audit and attestation reports for non-issuers.


Clarity Standards - Format (5)

The clarity project changed the format of 10 GAAS, into these five sections:

  1. Introduction
    • Purpose & Scope of each standard
  2. Objectives
    • What requirements are expected to be achieved?
    • Has Auditor obtained sufficient appropriate audit evidence?
    • The 10 GAAS
  3. Definitions
    • Sufficient Appropriate Audit Evidence
    • Terms that are particular to that standard
  4. Requirements
    • Unconditional Requirement?
    • Presumptively Manditory Requirement?
  5. Application & Other Explanatory Material 
    • Guidance, explanation, & suggestions on how to apply the requirements


Generally Accepted Accounting Standards (GAAS)


A measure of?

What are the three categories?

​The 10 GAAS standards are considered as measures of the quality of the auditor's performance. The GAAS standards are divided into three categories:

  1. General Standards - Applies to all aspect of the engagement from acceptance to completion.
    • Qualification of auditor & quality of work.
  2. Framework Standards - Applies only to the portion of the engagement devoted to gathering of evidence.
    • How the audit is planned & how audit evidence is accumulated & evaluated.
  3. Reporting Standards - Applies only to the manner in which the audit report is to be written.
    • Preparation & content of audit report.





The 10 standards are considered overall measures of the quality of the auditor's performance.


General Standards

  • Training & Proficiency
  • Independence
  • Due Professional Care

Standards of Fieldwork

  • Planning & Supervision
  • Internal Controls - "Rely" (Understanding)
  • Corroborative Appropriate Audit Evidence - "Sub Testing"

Reporting Standards

  • Accounting Principles in accordance with GAAP
  • No New Principles - Consistency
  • Omtted Disclosures - None
  • Express an Opinion


3 General Standards


General Standards - Qualification of auditor & quality of work.

  1. Training & Proficiency
    • Audit must be performed by somone having adequate technical training & proficiency as an auditor.
      • Proper Education in accounting
      • Knowledge in the industry & business
      • Practical experience (CPE)
  2. Independence
    • Independence in mental attitude.
      • Ability to act with integrity & objectively
      • Independent in fact & appearance
  3. Due Professional Care
    • DPC must be excercised in the performance of the audit & preparation of the report.
      • Critical review of judgement used at ever level
      • Skill & care of prudent CPA
        • Preparation of complete workpapers
        • Operating with due diligence
        • Professional Skepticism
        • Acting with competency & diligence


3 Standards of Fieldwork


Standards of Fieldwork - How the audit is planned and how audit evidence is accumulated & evaluated.

  1. Planning & Supervision
    • Auditor must adequately plan the work & must properly supervise any assistants.
  2. Internal Controls - Rely
    • Auditor must obtain sufficient understanding of the entity, its environment, & internal control, to assess the risk of material missstatment (RMM) of the FS whether due to error or fraud, and to design the nature, timing, & extent of further audit procedures.
  3. Corroborative Audit Evidence - Substantive Testing
    • Auditor must obtain Sufficient Appropriate (Corroborative) audit Evidence by performing audit procedures (I-CORRIIA)


NOTE:  Rely & Substantive Testing has an inverse relationship.


4 Standards of Reporting


Standards of Reporting - Preparation & content of the audit report. (GAAS audit to check for GAAP)

  1. Accounting Principles in conformity with US GAAP
    • The report must state whether the FS are presented in confirmity w/ US GAAP.
      • Explicitly stated in report.
  2. No New Accounting Principles Applied - Consistency
    • The report must identify those circumstances in which such principles have not been consistently observed in the current period in relation to the preceeding period.
      • Implicitly implied.
  3. Ommitted Informative Disclosures - None
    • Informative disclosures in the FS are to be regarded as reasonably adequate unless otherwise stated in the report.
      • Implicitly implied.
  4. Expression of an Opinion
    • The report must contain either an expression of opinion regarding the FS, taken as a whole, or an assertion to the effect that an opinion cannot be expressed.
      • Explicitly stated in report


Professional Skepticism




Due Professional Care

Professional Skepticism - An auditor's attitude that includes a questioning mind and a critical assessment of audit evidence, with an alertness for conditions that may indicate a material misstatement.


Integrity - Honesty & fairness with an incorruptible commitment to ethical values


Objectivity - Refraining from compromising professional judgement due to bias, conflict of interest, or undue influence of others


Independence - An auditor's ability to perform without compromising professional judgement and act with integrity, objectivity, and professional skepticism, consisting of independence mind & appearance.


Due Professional Care - Applying a level of care to the performance of work that would be expected of a professional with comparable qualifications, enabling an auditor to act without negligence, with skill & due diligence. 


Auditing Standard


Auditing Procedures

Auditing Standards - A framework of guidelines, established by an appropriate authoritative body such as the PCAOB for issuers and AICPA/ASB for non-issuers, which deals with measures of the quality of the auditor's performance of those acts.

  • Issuers => PCAOB => GAAS
  • Non-Issuers => AICPA => ASB => Clarity Standards


Auditing Procedures - Actions taken by the auditor to obtain sufficient appropritate audit evidence on which the auditor's opinion is based. (I-CORRIIA)

  • Inquiry
  • Confirmation
  • Observation
  • Re-calculation
  • Re-performance
  • Inspection of Tangible Assets
  • Inspection of Records/Documents
    • Tracing-Completeness
    • Vouching-Existence/Occurence
  • Analytical Procedures


Assurance Engagements


Attestation Engagements (ERAS)

Assurance Engagement is an engagement in which an accountant issues a report designed to enhance the degree of confidence of third parties & mgmt about the outcome of an evaluation or measurment of FS against an AFRF. Assurance services include all attestation services.


Attest Engagement is an assurance engagement that requires independence as defined by the AICPA professional standards. Examples are (ERAS): 

  • Examinations (Audits)
  • Reviews
  • Agreed-upon procedure engagements
  • Special Reports


Independence NOT needed for: (Non-assurance Services)

  • Compilations (when indicated)
  • Consultations
  • Taxes
  • Other non-attest services (Bookkeeping or PR)


Prior to accepting audit engagement, the Auditor must? (4)

  1. Review client’s Financial Statements 
    • To ensure that the FS are auditable
  2. Auditor must determine if the correct AFRF (GAAP/IFRS) has been used
  3. Speak to 3rd Parties
    • To inquire about mgmt's Integrity
  4. Contact Predecessor Auditor to evaluate whether engagement should be accepted (RID-C)
    • Must Have Permission from Client
      • No Permission = No Engagement


What are 4 key inquiries the successor auditor must ask the predecessor auditor prior to accepting an audit engagement? 



Sucessor auditor must speak with predecessor auditor to determine (RID-C):

  • Reasons for Change
  • Integrity of Mgmt
  • Disagreements during Audit
  • Communication with Mgmt or those charged with Governance regarding fraud, noncompliance w/ laws/regulations, significat deficiencies & material weaknesses in internal control


NOTE: Sucessor auditor must have permission from the client to contact the predecessor auditor. 


'Those Charged with Governance'

The individuals or parties responsible for overseeing the strategic direction of an entity & obligations related to accountability, generally the board of directors, although often the audit committee in matters related to financial reporting. 


What certain matters should be communicated to those charged with Governance?


Certain matter should be communicated to those charged with governance. These communications may be oral or in writing & may be communicated during or after the audit report is issued for non-issuers. 

  • Disagreements with management about accounting policies or audit procedures, including why the auditor believes the AFRF being used is not appropriate for the entity.
  • Illegal Acts - Noncompliance w/ laws & regulations discovered during the audit & fraud involving senior mgmt
  • Significant accounting policies adopted or changed by management
  • Adjustments - AJEs proposed by auditor to mgmt with a significant impact on the financial records
  • Prior discussions w/ management before acceptance of the engagement
  • Problems arising during the audit in obtaining SSAE, such as employee cooperation
  • Responsibilities of the auditor under GAAS
  • Other Information regarding responsibilities
  • Views of other accountants who were contacted by management on significant matters
  • Estimates in the accounting records & process used to obtain them


NOTE:  For Issuers, these matters should be communicated to governance PRIOR to the issuance of the report. 


What are 4 the qualifications of a Financial Expert?

Under SOX, the audit committee is rquired to be made up of independent directors & one financial expert. If there are NONE, the REASONS why the audit committee does not include at least one must be disclosed.

A financial expert has the following qualities:

  1. Understanding of GAAP & Financial Statements
  2. An understanding of the functions of the Audit Committee
    • Need not be a CPA
  3. Experience in Preparing or Auditing FS
  4. Experience in Internal Controls


Engagement Letter

What are the 5 parts?


  • Objective & Scope of the audit
    • Stmts auditing & ob is an opinion on FS
  • Responsibilities of the Auditor
    • Conducting an audit in accordance with GAAS
  • Responsibilities of Mgmt & identification of the AFRF
    • Making avail of all records
    • Not limiting the scope of the auditor's work
    • Paying the fee
  • Other relevant information
    • Schedules to be provided
    • Fee agreement
  • Reporting - expected form & content
  • Inherent limitatons exists


Engagement Letter


Once the auditor has made the decision to accept the engagment, the auditor is req'd to send a written engagement letter or a comparable written agreement to the client. The elements of an engagement letter are (FACSIMILE):

  • Fees
  • Auditor's Responsibilities
    • Conducting audit in accordance w/ GAAS
    • Informing the client of any improvements in control or economy of operations that come to the auditor's attention during the engagment
  • Confirmation of Engagement (Signed)
  • Scope & Objective of Engagement
    • Statements to be audited
    • Obj is an opinion on the F/S
  • Internal Control & Inherent Limitations
    • A stmt that state, "Communicate any significant deficiencies or material weaknesses of I/C"
    • A stmt that state, "Due to inherent limitations of an audit & I/C, material misstatements may not be detected"
  • Management's Responsibilities
    • FS Prep
    • DIM of I/C
    • Give access to ALL relevant info (records)
  • Irregularities - Fraud
  • ILLegal Acts - Noncompliances w/ laws & reg
  • Errors


What is Audit Planning?


The nature, extent, & timing of planning will vary with? (4)

Audit Planning - Involves developing an overall strategy for the expected conduct and scope of the audit.

  • The engagement team plans the audit to be responsive to the assessment of RMM based on the auditor's undertanding of the entity, its environment, & including Internal Control. 


The nature, extent, & timing of planning will vary with:

  • Size & complexity of the entity
  • Auditor's experience with the entity
  • Knowledge of the entity's business & industry
  • Knowledge of the entity, its environment, & internal control


Audit Program


Designed so that? (3)

A step-by-step list of the audit procedures, which is required for every GAAS audit.

Designed so that:

  1. Procedures will achieve specific audit objectives, which relate to mgmt's assertions. (U-PERCV)
  2. Supports auditors conclusions.
  3. Describes the nature, timing, & extent of:
    • Risk assessment procedures sufficient to assess RMM.
    • Further audit procedures at the relevant assertion level for each material class of transactions, account balance, & disclosure
    • Other procedures that complies with GAAS


What are the 3 key considerations in the development of the Audit Program?

  1. A preliminary judgement about Materiality
    • ​​Misstatements & ommisions
    • Based on Auditor's judgement
  2. A preliminary judgement about the Risk of Material Misstatement (RMM)
    • Inherent Risk
    • Control Risk
  3. Business & Industry Considerations
    • ​​Different types of transactions, regulatory, accounting policies.




The concept of materiality is often incorporated in the principles underlying a financial reporting framework in the context of the prep & fair presentation of FS. Materiality generally indicates misstatements & omissions are considered material if they are expected to, individually or in teh aggregate, influence the decision a user will make on the basis of the FS.


Audit Planning Procedures


The steps in planning an audit include (BRAINSTOPS):

  • Basic discussions with the client about the nature of the engagement & the client's business & industry
  • Review of audit documentation from previous audits performed
  • Ask about recent developments such as mergers, new product lines
  • Interim FS are analyzed to identify accts & transactions that differ from expectations. Analytical procedures is mandatory in planning of an audit. 
  • Non-audit personnel are identified (tax & consultants)
  • Staffing for the audit
  • Timing of the audit
  • Outside assistance should be determined (use of a specialist)
  • Pronouncements reflecting changes in accounting principles & audit standards
  • Scheduling with the client of certain activities, such as schedules


Audit Planning


Supervision includes? (3)

The auditor, who is the individual w/ the final responsibility for the audit, is responsible for planning the nature, extent, & timing of direction & the supervision of assistants. Supervision includes:

  1. Instructing assistants
  2. Reviewing work performed
  3. Dealing w/ differences of opinions among firm personnel


What are Analytical Procedures that the auditor must perform during the audit planning procedures?

Analytical Procedures - is mandatory in the planning of an audit to identify accounts that may be misstated & deserve special emphasis in the audit program. 


Analytical Procedures are used in the planning of an audit to identify areas that may represent a high risk of mistatements by comparing the client's financial data to the auditor's expectations based on nonfinancial data that the auditor aggregates through observation of the client & its environment. 


Audit Risk

Audit Risk (AR) is the risk that the auditor may unknowingly fail to appropriately modify the opinion on financial statements that are materially misstated.


"The risk that the auditor gives the wrong opinion."


AR = IR x CR x DR


Components of Audit Risks

Risk of Material Misstatements (RMM)

Inherent Risk

Control Risk

Detection Risk

RMM - The risk that the relevant assertions related to account-balances, classes of transactions, or disclosures contain misstatements that could be material to the FS when aggregated with other misstatements. (RMM = Inherient Risk x Control Risk)

  • Inherent Risk - the risk that a material misstatement of an assertion will take place in absence of internal control. Example: Cash is more susceptible to theft than PPE.
  • Control Risk - the risk that the client's internal control structure will fail to prevent or detect/correct a material misstatement on a timely basis. 


Detection Risk - the risk that the auditor will fail to detect. It is the only risk component that the auditor has the ability to affect. Has two components:

  • Test of Details risk (TD)
  • Substantive Analytical Procedures risk (AP)


Audit Risk Relationships




Rely & SUB has an Inverse Relationship

RMM & DR has an Inverse Relationship


Flow of Audit Risk:

Rely = Low, RMM = High  >>>  DR = Low, SUB = High

Rely = High, RMM = Low  >>>  DR = High, SUB = Low


Material Misstatements in the FS can result from?




Errors & Fraud (2)

The auditor's responsibility is to plan & perform the audit to obtain reasonable assurance that no errors or fraud have caused the FS to be materially misstated


Material Misstatements in the FS can result from:

  • Errors
    • Unintentional mistakes, misjudgements, or ommissions of amounts or disclosures
    • Due to incompetency of employees
  • Fraud (Two Types) - Intentional act
    1. Fraudulent Financial Reporting
      • "cooking the books"
    2. Missappropriation of Assets ("Defalcation Schemes")
      • Embezzlement, theft, misuse of assets


Known Misstatements


Likely Misstatements

An auditor evaluates two types of mistatements resulting from errors or fraud.

  • Known Misstatements - misstatements specifically identified during the audit.
  • Likely Misstatements - misstatements that have not been specifically identified, but are considered likely to exist.


NOTE:  Auditor must communicate both misstatements (even immaterial) to the appropriate level of management on a timely basis. 


Communication of Fraud

The auditor is req'd to communicate all knowledge or suspicion of fraud to mgmt and/or governance, although the auditor is req'd to communicate w/ governance when senior mgmt is involved in the fraud.

  • The communication may be oral OR in writing
  • Fraud should be documented in writing by the auditor.


What are the Fraud Triangle's three conditions?


In planning an audit to consider fraud, the auditor will consider three conditions that are generally assumed to be present whenever a successful fraud occurs, referred to as the fraud triangle.

  1. Motivation (Reason)
    • Incentive (for personal gain)
    • Pressure (to meet expectations)
  2. Opportunity
    • Lack of Internal Control
  3. Rationalization


Examples of Fraud Risk Factors  - Fraudulent Financial Reporting

Motivation (4)

Opportunities (4)

Rationalization (1)

Motivation/Reason (Incentive/Pressure)

  1. Threats to financial stability or profitability
  2. Pressure to meet requirements or expectations of third parties
  3. Threats to personal financial situations of management or directors
  4. Excessive pressure by mgmt or governance to meet financial targets


  1. Opportunities due to the nature of the entity
    • Significant related party transactions
  2. Management not monitored effectively
  3. Organizational structure is complex or unstable
  4. Deficiencies in Internal Control


  1. Factors allowing governance, management, or employees to engage in fraudulent activities
    • Lack of ethical standards
    • Aggressive or unrealistic forecasts


Examples of Fraud Risk Factors  - Missappropriation of Assets

Motivation (2)

Opportunities (2)

Rationalization (1)

Motivation (Incentive/Pressure)

  1. Presssure created by personal financial obligations of mgmt or employees with access to assets
  2. Adverse relationship between the entity & employees with access to assets



  1. Assets particularly susceptible due to characteristics or cirumstances
    • large cash processed or on hand
  2. Inadequate Internal Controls over assets



  1. Attitudes or behavior of those with access to assets susceptible to misappropriation
    • Disregard for monitoring or Internal Control


Quality Control (SQCS)


The nature & extent of a CPA firm's quality control policies & procedures depend on? (4)

A CPA firm must establish a system of Quality Control designed to provide it with reasonable assurance that the firm & its personnel comply with applicable professional standards and applicable regulatory & legal requirements, &/or the firm only issue reports that are appropriate under the circumstances. ​


Qulity Control procedures depend on:

  1. Size of the firm
  2. Nature of the practice
  3. Organizational Structure
  4. Cost-Benefit Consideration


6 Elements of Quality Control of a CPA Firm


The 6 elements of Quality Control include (HEAL-ME):

  • Human Resource (Personnel management)
    • Policies/procedures for effective hiring, development, assignment, & advancement of staff
  • Ethical Requirements (Independence & Integrity)
  • Acceptance & continuance of client relationships & specific engagements
    • Ensure that the firm only associates with clients who has integrity
  • Leadership responsibilties for quality within the firm ("tone at the top")
  • Monitoring
    • Establish procedures to verify that it is complying w/ the above standards
  • Engagement Performance
    • Establish policies/procedures to ensure that it meets applicable professional standards in the performance of its engagements. 


During a financial statement audit an Internal Auditor may provide direct assistance to the independent CPA in performing?

You answered correctly

Correct! An external auditor may use the services of an internal auditor to assist with tests of controls OR substantive tests provided that the external auditor believes that the internal auditor is competent AND objective in performing such procedures.


Under the Sarbanes-Oxley Act of 2002, exactly how many consecutive years may an audit partner lead an audit for an issuer?

Correct!  Section 203 of Sarbanes-Oxley requires that the lead audit partner on an engagement be rotated at least every 5 years, although the firm may continue to audit the issuer client.


A cooling-off period of how many years is required before a member of an issuer's audit engagement team may begin working for the registrant in a key position?

Correct!  Section 206 of Sarbanes-Oxley prohibits a firm from performing an audit for an issuer is someone in a key position was employed in the audit practice of the audit firm during the one-year period prior to the audit.


Which of the following audit risk components may be assessed in non-quantitative terms?

a. Control risk and detection risk.

b. Control risk and inherent risk.

c. Detection risk.

d. Control risk, detection risk, and inherent risk.

You answered correctly

Correct! Control risk and inherent risk are components of the risk of material misstatement (RMM). RMM and detection risk are components of audit risk. All may be expressed in quantitative or non-quantitative terms.


Which of the following statements is correct regarding an independent auditor's reliance on a client's internal audit staff?

a. An independent auditor should not reduce the amount of audit testing based on the work of internal auditors.

b. An independent auditor should assess the organizational status of the director of internal audit.

c. An internal auditor should provide direct assistance to the independent auditor during preparation of audit workpapers.

d. An independent auditor should use internal audit workpapers when available.

You answered correctly

Correct!  When an auditor is evaluating whether or not to rely on the client’s internal audit staff, a significant factor will be the organizational status of the internal audit department.  It is more likely to be reliable if it reports to the board of directors, for example, than if it reports to management.


In assessing control risk, an auditor ordinarily selects from a variety of techniques, including

a. Inquiry and analytical procedures.

b. Reperformance and observation.

c. Comparison and confirmation.

d. Inspection and verification.

You answered incorrectly

Incorrect! Control risk is a function of the effectiveness of the client’s internal control. The auditor assesses control risk by obtaining an understanding of internal control, observation to determine whether controls have been put into place and reperformance to verify that controls are effective. Inquiries are performed in obtaining an understanding of internal control and analytical procedures are used in planning, as substantive tests, and in evaluating the results of an audit, but not in the assessment of control risk.


Control risk should be assessed in terms of

a. Specific control procedures.

b. Types of potential misstatements.

c. Financial statement assertions.

d. Control environment factors.

You answered incorrectly

Incorrect! Control risk is the possibility that the client’s internal controls will not prevent or detect a material misstatement on the financial statements. A misstatement on the financial statements occurs when one or more of management’s assertions is contradicted by audit evidence. As a result, control risk is assessed in terms of whether controls will provide reasonable assurance that management’s assertions are valid. The control environment is a broad measure of the tone, discipline and structure of an entity and is a factor considered in the assessment of control risk, but it is not specific to the effectiveness of internal controls.


Correct answer is C. Financial statement assertions.