Flashcards in AUD Deck (104):
What does TID stand for in the GAAS general standards?
Training, Independence, and Due professional care
What does PIE stand for in the standards of field work?
Planning and supervision, Internal Control, and Evidence
What does GCDO stand for in the standards of reporting?
GAAP, Consistency, Disclosure, and Opinion
When is an adverse opinion rendered?
When a severe GAAP departure is present in the financial statements.
What are the two main differences between the standards of attestation and the auditing standards?
The attestation standards and generally accepted auditing standards differ conceptually in two main areas: 1) the attestation standards provide a framework for the attest function beyond historical financial statements; and 2) the attestation standards provide for the growing number of attest services in which the practitioner expresses assurances in forms other than the positive opinion.
Formula for days sales in acc receivable?
Acc rec / credit sales per day.Credit sales per day = Total credit sales / 365.
Adj entry for wages at end of year that weren't recorded:
DR: Operating expensesCR: Accrued wages payable(accrued liab)
Why would an auditor modify the auditor's report based on the work of a specialist?
If there is a difference between the specialist's valuation of an asset and the client's.
who should make up the audit committee?
members of the board or directors who are not officers or employees
what are the 3 general standards?
adequete training, independence of mental attitude, and due professional care
3 fieldwork standards?
adequete planning, understanding the entity and its internal control, sufficient and appropriate audit evidence
the auditors judgment of the overall fairness of the financial statements is applied within the framework of?
generally accepted audit principles
what does the auditor primarily use to come up with materiality?
the prior year financial statements
basics of independence concerning a close relative?
CR can have a financial interest in the audit client as long as the amount is immaterial to them. CR can work for the audit client as long as its not in accounting or financial reporting. CR can work for audit firm, and is not a covered member unless the person works on the engagement team or can influence the members of the engagement team or the audit itself
when planning a new audit, why would the auditor consider the methods used to process accounting information?
Because the methods influence the design of internal control
who appoints the PCAOB?
SOX created the PCAOB and it is overseen by the SEC
under securities act of 1934 what organizations are required to submit audited financial statements?
every company traded on national and over the counter exchanges
primary purpose of establishing quality control procedures for deciding whether to accept a new client?
minimize likelihood of association with clients whose management lack integrity
to succeed in legal action against the auditor, the client must be able to show that?
the CPA had duty to perform, the CPA breached the contract, the client suffered losses, and that there is a close causal connection between the auditor's behavior and the damages suffered by the client
risk that auditor concludes no material misstatement exists when there actually is one
3 components of audit risk?
inherent risk, control risk, detection risk. They are multiplied together: .8 x .75 x .25 = .15 audit risk
if inherent risk is .8 and control risk is .2, what does the auditor do to lower audit risk?
increase and perform substantive testing to reduce detection risk to the point that it equals the acceptable level of audit risk
why are inherent risk and control risk different than detection risk?
inherent risk is the possibility of a material mistatement due to lack of human and system technology. Control risk is risk of material error that is not prevented or detected on a timely basis by the client's internal controls. Detection risk is risk that the auditor misses a material error. Thus, inherent risk and control risk are functions of the client and its environment while detection risk is not
the risk of material misstatement refers to:
the combination of inherent & control risk. Multiplying IR by CR results in the 'risk of material misstatement'
the level of detection risk is inversely related to:
the assurance provided by substantive tests. As the auditor performs substantive procedures he becomes more and more sure there are no material errors exist, and detection risk goes down
the audit program should be designed so that sufficient evidence is gathered to:
support the auditor's conclusions
Do most illegal acts affect the fin statements directly or indirectly?
if you uncover an illegal act at a public company, the auditor is required to notify:
when auditor has reason to believe an illegal act has ocurred, he should do what?
consider accumulating additional evidence, inquire of management at a level above those who did the act, and consult with the client's legal counsel
what is lapping fraud?
you steal customer A's money, then you get customer B's money and apply it to A's account, then get C's money and apply it to B's account, and so on
what is kiting?
money is moved from one account to the other but in different time periods to inflate the amount being reported
does the PCAOB make auditing standards that must be followed by all CPAs?
it only makes auditing standards for public companies
is the PCAOB a gov agency?
what is an S-1 form?
a form that must be filed with the SEC whenever a company plans to issue new securities to the public
what is auditors responsibility for supplementary information such as segment info?
auditor should apply limited procedures to the required info and report deficiencies in or omission of such info
who creates auditing standards for private companies?
what is form 8-K?
the form filed with SEC to report a significant event
how long do you have to dispose of stock in a client if you inherited some unsolicited?
do operating leases and claims against clients for immaterial amounts impair indedpence?
are statements in the standards that include the word "should" mandatory?
they are considered presumptively mandatory- the auditor can depart from them if justification is documented
what is the completeness assertion concerned with?
determining that all transactions are recorded
in testing the existence assertion for an asset, the auditor normally works from the ______ to the _______
accounting records to the supporting evidence
according to SOX how long does a firm keep audit documentation?
have to keep it 7 years
what is the best place to put in writing the understanding between client and firm about what will take place during the audit?
the engagement letter
to see if checks are being issued for unauthorized purchases, the auditor would most likely select testing from the population of:
what does tracing shipping docs to sales invoices accomplish?
that all items shipments have been invoiced
most effective control over recorded purchases?
supporting forms such as purchases orders and receiving reports are independently compared for agreement
if trying to detect overstatement of sales, you start with the:
accounting records and trace to the source documents
what is pervasiveness?
the extent to which an exception affects different parts of the financial statements
difference between adverse opinion and disclaimer of opinion?
adverse opinion is stating that the financials do not fairly present the position of company in accordance to GAAP. Disclaimer of opinion is when a material uncertainty affects the financials
what paragraph explicitly states the auditors responsibility to express an opinion?
the opening paragraph of the standard audit report
when would a lack of independence cause a disclaimer of opinion?
in all cases
if the financials and/or footnotes fail to disclose information that is required by GAAP, what type of opinion is issued?
adverse or qualified. if qualified, an extra paragraph would be added that describes the nature of the missing info, and the opinion paragraph would have an extra sentence "except for the information discussed in previous paragraph"
on a public company audit, are the reports on the financial statements and internal controls issued separately or combined?
it can be either
what are the 2 situations which result in a qualified opinion?
1) when the statements are materially misstated due to one account balance or class of transaction that does not have a pervasive effect on the statements2)when the auditor is unable to obtain audit evidence regarding a particular account balance that does not pervasively affect the statementsEssentially either a single deviation from GAAP or a scope limitation. The report itself is very similar to an unqualified opinion but an extra paragraph is added to explain the qualification after the scope paragraph but before the opinion paragraph
how many paragraphs does a standard unqualified report have and what are they?
3. The introductory paragraph states the audit work performed and states the responsibility of the auditor and auditee in relation to the financial statements, the scope paragraph details the scope of the audit work, and the opinion paragraph simply states the unqualified opinion
when is an adverse opinion issued and how does the report change?
Adverse is the opposite of an unqualified opinion. It means that the financial statements as a whole are materially misstated and do not conform with GAAP. or the "differ pervasively" from GAAP. On the report, the scope paragraph is modified accordingly and an explanatory paragraph is added after the scope paragraph but before the opinion paragraph. In the opinion paragraph, the auditor specifically states that the statements are not in accordance with GAAP.
What situations would result in a disclaimer of opinion?
When the auditor is not independent or there is a conflict of interest.When a limitation on scope is imposed by the client and the auditor cant gather sufficient audit evidence.When there is a substantial going concern issue.When there are significant uncertainties in the business of the client.
when an auditor selects one or a few transactions and follows them through the entire accounting process, he is doing what?
a walkthrough. A walkthrough combines observation, documentation, and inquiry. PCAOB Standard 2 requires at least one walkthrough per major class of transaction
which section of SOX requires mgmt to issue an internal control report?
Section 404 requires auditors to assess and report on the effectiveness of the internal control over financial reporting
what is the definition of incompatible functions?
those that place any person in a position to both perpetrate and conceal errors or irregularities in the normal course of their duties. well designed controls should separate the duties of authorization, record keeping and custody of assets
what is the primary purpose of the auditors consideration of internal controls?
to determine the nature, extent, and timing of audit tests to be applied
if the auditor finds a reportable condition in internal controls, who should they tell first?
the audit commitee
if after understanding the ICs the auditor decides to perform tests of controls, the auditor most likely decided that:
it would be efficient to perform tests of controls that would result in a reduction in planned substantive tests
what is the concept of reasonable assurance?
recognizes that the cost of internal controls should not exceed the benefits derived
7 factors of the control environment: (I see ham bone)
I- integrity and ethical valuesC- commitment to competenceH- human resource policies and practicesA- assignment of authority and responsibilityM- management's philosophy and operating styleB- board of directors or audit committee participationO- organization
even the best designed IC can fail due to:
human error, faulty judgement, collusion, management override
what are the five components of internal control? (clowns run cartels in mexico)
1) control environment2) risk assessment3) control activities4) information and communication5) monitoring
***What is the process of assessing risk in general?
You assess inherent risk and control risk to determine the amount of substantive testing that must be carried out to reduce detection risk to a level so that overall risk will still achieve an acceptably low level. Acceptable audit risk is not changed.
what is the audit risk formula?
inherent risk X control risk X detection risk = overall audit risk
the auditor uses the assessed level of control risk to determine the acceptable level of
detection risk for financial statement assertions
if auditor increases the level of control risk because controls are found to be ineffective, the auditor would most likely increase the
extent of tests of details
what do assertions about existence or occurrence deal with?
whether assets or liabilities exist at a given date and whether recorded transactions have occurred during a given period
when an auditor assesses control risk as low, he must:
identify specific policies and procedures that are likely to prevent or detect material misstatements, and he must perform tests of controls to evaluate the effectiveness of such policies and procedures. if the tests of controls result in the control risk being assessed as low, then the auditor may limit the extent of substantive testing
what does 'information and communication' refer to as far as internal control within an organization?
the ability of the accounting system to generate reliable info and convey it in a timely manner to the parties in the organization that need it
What are the 5 assertions about classes of transactions and events for the period?Alistair Overeem Cant Cut Corners
Accuracy- amounts and other data have been recorded appropriatelyOccurrence- transactions and events that have been recorded have occurredCompleteness- all transactions and events that should have been recorded have been recordedCutoff- transactions and events have been recorded in the correct accounting periodClassification- transactions and events have been recorded in the proper accounts
4 assertions about account balances at end of period?Even Cain Realizes Value
Existence- assets, liabilities, and equity interests existCompleteness- all assets, liabilities, and equity that should have been recorded have been recordedrights and obligations- the entity holds or controls the rights to assets, and liabilities are the obligations of the entityValuation and allocation- assets, liabilities, and equity interests are included in the financial statements at appropriate amounts and any resulting valuation or allocation adjustments are appropriately recorded
4 assertions about presentation and disclosure:Overeem Can't Complain Anymore
Occurrence & rights and obligations- disclosed events and transactions have occurred and pertain to the entityCompleteness- all disclosures that should have been included have been includedClassification and understandability- financial information is appropriately presented, described, and clearly expressedAccuracy and valuation- financial and other info are disclosed fairly and at appropriate amounts
why is it best to have "blind" invoices received by the receiving department?
to make sure the receiving dep counts the incoming merchandise so that they only pay for what they received
what is the purpose of purchase cutoff testing?
to determine that items actually received in inventory have been included in the proper period
what is an integrated test facility?
it puts fake transactions in with real transactions which are processed together without client employees knowing it
a person who mails signed checks can also:
cancel the supporting documents
an effective control over purchases would be to have the purchasing department authorized to:
purchase, but not initiate purchases
an increased extent of tests of controls is most likely to occur when:
controls appear to be effective so that the preliminary control risk assessment is low. this is because auditor can then do less substantive testing.
are significant deficiencies and material weaknesses supposed to be relayed orally or written to those charged with governance?
AU 325 says that sig def and material weaknesses in a public company must be communicated in writing to the audit committee of the board of directors
when should control deficiencies be reported?
either during the audit or after the audit's completion, within 60 days of the report release date
management must disclose material weaknesses in internal control if the weakness exists:
at the end of the year
what are the 2 types of control deficiency?
design and operations. design means its poorly designed, while operations means the people performing their tasks are doing them deficiently
what is ratio estimation used for?
to measure the total estimated error amount within a population
there is an inverse relationship between sample size and:
tolerable error. as the tolerable error decreases the sample size would increase
what is sampling risk?
the risk that the sample chosen doesn't accurately represent the population
How is the allowance for sampling risk calculated?
It's the difference between the upper limit and the deviation rate of the sample.
what are embedded audit modules?
coded into the clients system to collect data for the auditor
purpose of test data approach?
test data is entered with a known outcome into client's system to see if it produces same result
under the PCAOB standards, a scope limitation related to internal controls over financial reporting should result in:
a disclaimer of opinion.
if a control deficiency is discovered, what is the next step?
determine if it is a material weakness by gathering additional evidence
what opinion is rendered if there is one or more material weakness in internal control over fin reporting?
an adverse opinion
"if this statement is not correct... give details of difference directly to our auditors
acc rec confirmation
"in our opinion, these statements audited by us comply in all material respects"
comfort letter to underwriters
"no claims that OUR lawyer..."
management rep letter
"which raises substantial doubt about its ability to continue as a going concrern"
CPA is associated with the financial statements, but is NOT independent
providing NEGATIVE assurance on a company's financials