Audit Engagements Flashcards
(14 cards)
Which of the following is a requirement for an audit of both an issuer’s and a nonissuer’s financial statements?
A. The auditor is required to assess the risk of fraud.
B. The auditor is required to refer to a recognized control framework in performing the audit of internal control over financial reporting.
C. The auditor is required to express an opinion on the effectiveness of the company’s internal control over financial reporting.
D. The auditor is required to assess the effectiveness of management’s assessment of the company’s internal control over financial reporting.
A. The auditor is required to assess the risk of fraud.
An issuer is a publicly held entity that files with the SEC. Audits of issuers must adhere to PCAOB auditing standards. A nonissuer is a privately held entity that is not required to file with the SEC. Audits of nonissuers must adhere to GAAS.
Audits of both issuers and nonissuers require the auditor to perform risk assessment procedures to identify and evaluate the risk of material misstatement, whether due to error or fraud. Specifically, both PCAOB (AS 2401) and GAAS (AU-C 240) have guidelines for the consideration of fraud in the financial statements (F/S). The guidelines prescribe the use of professional skepticism, proper communications with the client, and other requirements.
(Choice B) Only F/S audits of issuers require (as default) an audit of both the entity’s F/S and its internal control over financial reporting. Testing internal controls in an F/S audit of a nonissuer is at the discretion of the auditor and not required unless the auditor is engaged to perform an integrated audit, which is not indicated in this scenario.
(Choices C and D) Only issuer F/S audits require that CPAs express an opinion on the effectiveness of the entity’s internal control. Such audits also require an auditor to evaluate management’s assessment of internal control.
Things to remember:
Audits of both issuers and nonissuers require the auditor to perform risk assessment procedures to identify and evaluate the risk of material misstatement, whether due to error or fraud. Specifically, both PCAOB and GAAS have guidelines for the consideration of fraud in the financial statements.
When comparing a nonissuer financial statement audit with an integrated audit, which of the following statements would be correct?
A. Both audits have a similar purpose.
B. Both audits have a similar scope.
C. Both audits follow similar procedures.
D. Both audits result in a single opinion.
C. Both audits follow similar procedures.
Think through this one, it is pretty straightforward.
Which of the following is a conceptual similarity between generally accepted auditing standards and the attestation standards?
A. Both sets of standards require the CPA to report on the adequacy of disclosure in the financial statements.
B. All of the elements of reporting in generally accepted auditing standards are included in the attestation standards.
C. The requirement that the CPA be independent in mental attitude is included in both sets of standards.
D. Both sets of standards are applicable to engagements regarding financial forecasts and projections.
C. The requirement that the CPA be independent in mental attitude is included in both sets of standards.
Attestation services are nonaudit services in which a practitioner is contracted to assess and report on assertions (claims) made by another party. Since an attestation engagement is not an audit, attestation standards (SSAEs) use the term practitioner rather than auditor to refer to the CPA. Examples of attestation services include examinations, reviews, and agreed-upon procedures.
The CPA must maintain independence when performing either attestation or auditing services. Independence means the auditor is acting with integrity and an objective mindset when performing services for a client. The CPA’s objectivity is used to provide confidence to users about the fairness of the information that is presented to them.
(Choice A) GAAS requires the auditor to report on the adequacy of financial disclosures. In contrast, reporting in an attestation engagement is based on the nature of the engagement and may not include any financial disclosures.
(Choice B) Not all reporting elements of GAAS are included in the SSAEs since the two standards are used for different types of services. GAAS directly relates to financial reporting whereas attest services vary based on the subject matter. For example, a CPA may validate that the physical characteristics of an object are properly described during an attestation engagement.
(Choice D) Only the attestation standards apply to engagements regarding financial forecasts and projections. Forecasts cannot be part of auditing procedures because audits must be performed on events that have already happened.
Things to remember:
Attestation standards and auditing standards both require that CPAs be independent to objectively perform their services. GAAS directly relates to services in connection with financial reporting whereas SSAE (attest) services vary based on the subject matter. Examples of attestation services include examinations and forecasts.
Which of the following services is an attest engagement?
A. A review of prospective financial information.
B. A preparation engagement.
C. A compilation engagement where the accountant lacks independence.
D. An examination of internal controls.
D. An examination of internal controls.
The AICPA uses the term attestation engagement to refer to three types of engagements performed under the SSAEs. Attestation engagements relate to subject matter or assertions that are another party’s responsibility. Independence is required for all attestation engagements.
The three levels of attestation engagements (ERA) are:
Examination: the accountant expresses an opinion (reasonable assurance) about the subject matter or assertion of another party. The work performed is comparable to audits of historical financial statements
Review: the accountant expresses a conclusion with limited assurance on the subject matter or assertion. Procedures include inquiries and analytical procedures applied to numerical information related to the assertion
Agreed-upon procedures: the accountant issues a report on findings (no opinion or conclusion) regarding specific procedures applied to subject matter
(Choice A) Reviews are prohibited for prospective financial information because limited assurance cannot be provided for future scenarios. Reviews are also prohibited for internal control engagements and compliance engagements related to laws, rules, regulations, contracts, and grants.
(Choice B) Preparation engagements are nonassurance, nonattest engagements because independence is not required.
(Choice C) A compilation is considered an attest engagement when the accountant is independent, but is classified as a nonattest engagement when the accountant lacks independence.
Things to remember:
Attestation engagements relate to subject matter that is another party’s responsibility. They require independence and include examinations, most reviews, and agreed-upon procedures (ERA). Accounting standards specifically forbid reviews related to prospective financial information because limited assurance cannot be provided.
Statements on Standards for Accounting and Review Services establish standards and procedures for which of the following engagements?
A. Assisting in adjusting the books of account for a partnership.
B. Reviewing interim financial data required to be filed with the SEC.
C. Processing financial data for clients of other accounting firms.
D. Compiling an individual’s personal financial statement to be used to obtain a mortgage.
D. Compiling an individual’s personal financial statement to be used to obtain a mortgage.
Statements on Standards for Accounting and Review Services (SSARS establish professional responsibilities for CPAs performing reviews, compilations, and preparation engagements for nonpublic entities. CPAs performing compilations assist entities (and individuals) in presenting financial statements (F/S), elements, accounts, or items of F/S; no assurance is provided. This includes compiling personal F/S used to obtain a mortgage.
(Choices A and C) Assisting in adjusting an entity’s books and processing financial data for clients are considered bookkeeping services, which are not subject to SSARS.
(Choice B) Reviews of interim F/S of issuers (ie, an entity that reports to the SEC) are governed by auditing standards of the PCAOB. In contrast, reviews of interim unaudited financial information for nonpublic entities are performed in accordance with SSARS.
Things to remember:
Statements on Standards for Accounting and Review Services establish professional responsibilities for CPAs performing reviews, compilations, and preparation engagements for nonpublic entities. CPAs performing compilations assist nonpublic entities (and individuals) in presenting their financial statements, with no assurance provided.
An auditor has performed bookkeeping and other nonattest services that are not prohibited by the independence rules of the AICPA Code of Professional Conduct. The auditor has established and documented an understanding with the potential audit client, and the client has agreed to assume all management responsibility. Which of the following is correct?
A. The auditor may conduct the audit under GAAS without meeting any additional requirements.
B. The auditor may conduct the audit under PCAOB standards but must disclose the performance of the services.
C. The auditor may conduct the audit under GAAS but must disclose the performance of the services.
D. The auditor may not perform the audit under GAAS.
A. The auditor may conduct the audit under GAAS without meeting any additional requirements.
Audits conducted under Generally Accepted Auditing Standards (GAAS) must follow the AICPA Code of Professional Conduct (the Code), which outlines the independence requirements for auditors.
Under the Code, a CPA may be able to perform an audit and certain nonattest services (such as bookkeeping and preparing reconciliations) for the same nonissuer as long as client management assumes responsibility for the nonattest services. If an auditor assumes management’s responsibilities for nonattest services and audits the entity’s F/S, the auditor is essentially auditing their own work, which is an independence conflict. Some of the nonattest services that can be performed by a nonissuer’s auditor include bookkeeping and preparing reconciliations.
(Choice B) Under PCAOB standards, an auditor cannot perform certain nonattest services, including bookkeeping, for an issuer. A limited number of nonattest services (eg, tax planning) may be performed if the services are approved in advance by the client’s audit committee.
(Choice C) Under GAAS, the performance of nonattest services requires documentation of management’s understanding of the scope of services and management’s assumption of all responsibility. However, disclosure of the performance of the nonattest services is not required.
(Choice D) The auditor may perform the audit under GAAS (for private entities) because independence has not been impaired in this scenario.
Things to remember:
Audits conducted under GAAS require that auditors follow the AICPA Code of Professional Conduct. The Code allows auditors to perform certain nonattest services, such as bookkeeping, for potential clients without impairing independence. Auditors should not assume any management responsibility for these nonattest services.
When planning an engagement to examine the effectiveness of the entity’s internal control in an integrated audit of a nonissuer, a practitioner would least likely consider which of the following factors?
A. Preliminary judgments about the effectiveness of internal control.
B. The extent of recent changes in the entity and its operations.
C. The type of available evidential matter pertaining to the effectiveness of the entity’s internal control.
D. The evaluation of the operating effectiveness of the controls.
D. The evaluation of the operating effectiveness of the controls.
The key thing about this question is it is asking about the planning phase.
CPAs performing an integrated audit issue an opinion on both the financial statements (F/S) and the entity’s system of internal control (I/C). When examining I/C, a top-down approach is applied by:
First, looking at I/C at the F/S level (ie, macro level) to understand overall the risk of material misstatement
Second, directing attention to significant classes (ie, micro level) of transactions (eg, inventory), accounts, and disclosures to develop a plan for tests of controls (TOCs)
Third, performing TOCs and evaluating results
Generally, the first two steps are performed during the planning phase of the engagement. During these steps, auditors identify any changes in I/C since the last examination and make preliminary judgments about the effectiveness of I/C (Choices A and B). To plan TOCs, auditors consider the type of evidence available (eg, signed checks, electronic audit for IT controls) pertaining to the effectiveness of such controls (Choice C).
After TOCs have been appropriately planned, auditors will test the operating effectiveness of the controls to identify any deficiencies. If a deficiency is identified, a determination will be made as to whether it constitutes a material weakness. A material weakness requires auditors to modify their opinion in the report.
Things to remember:
Planning an examination of internal control (I/C) includes making preliminary judgments about I/C, identifying any changes to I/C, and considering the type of evidence available. Tests of controls are performed after all appropriate planning has been done.
An accountant is required to comply with the provisions of Statements on Standards for Accounting and Review Services (SSARS) when
A. Both compiling financial statements generated using computer software and reproducing client-prepared financial statements for the client without modification.
B. Compiling financial statements generated using computer software.
C. Reproducing client-prepared financial statements for the client without modification.
D. Neither compiling financial statements generated using computer software nor reproducing client-prepared financial statements for the client without modification.
B. Compiling financial statements generated using computer software.
Statements on Standards for Accounting and Review Services (SSARS) establish professional responsibilities for CPAs performing reviews, compilations, and preparation engagements for nonpublic entities.
A CPA performing reviews provides limited assurance (negative assurance) about whether any material modifications are needed in the financial statements (F/S) so that F/S adhere to the applicable reporting framework.
A CPA performing compilations applies accounting and financial expertise to assist management in presenting the entity’s F/S, elements, accounts, or items of F/S, with no assurance provided. As part of this service, the CPA reads the F/S to identify obvious material misstatements, considers whether F/S are in appropriate form, and issues a report.
A CPA performing a preparation puts together F/S in a way similar to that for a compilation. However, the CPA is not responsible for reading the F/S or for issuing a report.
In this scenario, the CPA compiling the F/S (using computer software or not) must adhere to SSARS (Choice D). Reproducing client-prepared F/S without modification is not a professional service; therefore, no standards (eg, SSARS) are involved (Choices A and C).
Things to remember:
Statements on Standards for Accounting and Review Services (SSARS) establish professional responsibilities for CPAs performing reviews, compilations, and preparation engagements for nonpublic entities. Reproducing client-prepared financial statements is not covered under SSARS.
Which of the following statements is correct concerning an auditor’s responsibilities regarding financial statements?
A. An auditor will assemble an entity’s financial statements based on information provided by management.
B. The adoption of sound accounting policies is an implicit part of an auditor’s responsibilities.
C. An auditor’s responsibilities for audited financial statements are confined to the expression of the auditor’s opinion.
D. Making suggestions that are adopted about an entity’s internal control environment impairs an auditor’s independence.
C. An auditor’s responsibilities for audited financial statements are confined to the expression of the auditor’s opinion.
GAAS indicates that the overall objective of the independent auditor is to form an opinion on the financial statements (F/S) based on sufficient and appropriate evidence. The opinion should be clearly expressed in a written audit report. Auditing standards provide auditors with general guidelines for achieving these objectives, but it is up to the auditor to determine the appropriate procedures that will be performed.
(Choice A) A CPA performing a preparation or compilationengagement will put together an entity’s F/S. CPAs performing audits (auditors) will not perform these services for an audit client because it would impair independence.
(Choice B) An entity’s management, not the auditor, is responsible for adopting sound accounting policies.
(Choice D) An auditor may make suggestions for improvements to a client’s internal control without impairing independence as long as management takes responsibility for deciding which suggestions to implement. Independence is impaired if auditors make decisions that should be the responsibility of management.
Things to remember:
The primary objective of the independent auditor is to form an opinion about the fair presentation of an entity’s financial statements (F/S), expressed in a clearly written report. Auditors will not prepare or compile F/S for their audit clients or adopt (ie, choose) an entity’s accounting policies.
According to generally accepted auditing standards, which of the following terms are used to refer to the unconditional requirement imposed on auditors?
Must Should
A. Yes Yes
B. Yes No
C. No Yes
D. No No
B. Yes No
The Auditing Standards Board (ASB) issues two levels of requirements for auditors performing services in accordance with generally accepted auditing standards (GAAS). These requirement levels are the unconditional requirement and the presumptively mandatory requirement.
The wording of the standard determines which requirement applies. If the standard uses the word “must” or the phrase “is required to,” then the requirement is unconditional and those rules apply. If the standard uses the word “should,” then the presumptively mandatory requirements apply. For example, if the standards state that an auditor must do something, then the auditor is required to comply and may not depart from the standards.
Things to remember:
The Auditing Standards Board has two levels of requirements for auditors performing services in accordance with generally accepted auditing standards: unconditional requirements and presumptively mandatory requirements. The term and phrase associated with the unconditional requirements are “must” and “is required to.” The term associated with presumptively mandatory requirements is “should.”
Which of the following cognizant agencies is most likely to be assigned to an auditee?
A. The federal agency that is located within the auditee’s region.
B. The federal agency that provides the most funding to the auditee.
C. An independent federal agency that does not provide funding to the auditee.
D. A preselected federal agency whose sole purpose is to monitor single audits.
B. The federal agency that provides the most funding to the auditee.
A nonfederal entity (eg, state government) that spends more than $50 million a year in federal awards is required to have a cognizant agency for audit. A cognizant agency for audit is a federal agency (eg, U.S. Department of the Treasury) that has primary audit responsibilities for a nonfederal entity (ie, the auditee). The federal agency that provides the most funding to the nonfederal entity is usually assigned as the cognizant agency for audit.
If the U.S. Department of the Treasury and the U.S. Department of Transportation (DOT) provide a state with $68 million in funding and the state spends more than $50 million annually, the state will be assigned a cognizant agency for audit. If the DOT provided $48 million, it will be assigned to that state because it provided the most funding.
(Choice A) Federal grant regulations require nonfederal agencies to use regional contractors and pricing when negotiating contracts. However, region is not a factor for assigning a cognizant agency.
(Choice C) Independence is required for the auditors hired by the federal agency (eg, DOT) to conduct the audit of the nonfederal entity (eg, state government), not for the federal agency itself. The auditors’ independence is impaired if they have a direct financial interest in the auditee.
(Choice D) Federal agencies are assigned based on their contributions; they are not usually preselected by the government. In addition, the federal agency’s responsibilities include conducting quality control reviews of audits and providing advice to auditees.
Things to remember:
A nonfederal entity (eg, state government) that spends more than $50 million annually in federal awards will be assigned a cognizant agency for audit. The federal agency that provides the most funding to a nonfederal entity will usually be assigned to it. Federal agencies are not preselected, required to be independent, or assigned based on region.
What authoritative standard is applicable for a direct examination engagement?
A. Statements on Auditing Standards (SAS).
B. Statements on Standards for Accounting and Review Services (SSARS).
C. Statements on Standards for Attestation Engagements (SSAE).
D. Statements on Standards for Consulting Services (SSCS).
C. Statements on Standards for Attestation Engagements (SSAE).
CPA’s have a variety of services that they are permitted to perform. The AICPA, the PCAOB, and the Government Accountability Office (GAO) issue statements on standards for different categories of engagements to provide authoritative guidance to accounting professionals. Understanding which standard(s) apply to an engagement is key to performing it properly.
The Statements on Standards for Attestation Engagements (SSAE) provide guidance on attestation engagements beyond historical financial statement audits. These engagements were created to address the growing need for assurance on non-historical financial data and other non-financial information (eg, controls and compliance).
Direct examination attestation engagements allow the practitioner to measure or evaluate the underlying subject matter against the criteria without an assertion from the responsible party.
(Choice A) Statements on Auditing Standards (SAS) define generally accepted auditing standards (GAAS) for nonissuers.
(Choice B) Statements on Standards for Accounting and Review Services (SSARS) apply when the CPA is associated with the F/S of a private company, but that association is something less than a full-scope audit engagement. These include compilation, preparation, and review engagements.
(Choice D) Statements on Standards for Consulting Services (SSCS) provide guidance to practitioners who provide business and management consulting services to their clients.
Things to remember:
Direct examination engagements must adhere to the Statements on Standards for Attestation Engagements (SSAEs). In direct examination engagements, practitioners assess subject matter against criteria without an assertion. These standards apply to the preparation and issuance of attestation reports for nonissuers.
Which of the following professional services would be considered an attest engagement?
A. A management consulting engagement to provide computerized advice to a client.
B. An engagement to report on compliance with statutory requirements.
C. An income tax engagement to prepare federal and state tax returns.
D. An engagement to prepare the tax returns of the company’s CEO.
B. An engagement to report on compliance with statutory requirements.
This answer is correct because a report on compliance with statutory requirements might be structured as an attest engagement in which the required “written assertion” relates to such compliance.
Which of the following, discovered during a nonissuer audit, most likely would raise a question concerning possible noncompliance with laws and regulations?
A. The entity prepared several large checks payable to cash during the year.
B. Related party transactions, although properly disclosed, were pervasive during the year.
C. The entity was a campaign contributor to several local political candidates during the year.
D. Internal control material weaknesses previously reported to management were not corrected.
A. The entity prepared several large checks payable to cash during the year.
An auditor’s responsibility is to obtain reasonable assurance that the F/S are free from material misstatement, whether caused by fraud or error, considering the applicable legal and regulatory frameworks. Remember, the auditor cannot be expected to detect all noncompliance with all laws and regulations.
Say an auditor determines that the entity prepared several large checks payable to cash during the year. Checks are rarely, if ever, written to cash. This information suggests that someone in a management position is stealing cash. If the auditor suspects noncompliance, the auditor should discuss the matter with management (at least one level above those suspected to be involved) and with those charged with governance, as appropriate.
If unable to obtain sufficient appropriate audit evidence for compliance, the auditor should evaluate the effect on the auditor’s report.
(Choice B) Pervasive related party transactions are a concern to the auditor only if the transactions are not properly disclosed.
(Choice C) Entities are permitted to contribute to political campaigns as long as the disbursements have the appropriate levels of management/executive approval.
(Choice D) If I/C material weaknesses previously reported to management were not corrected, the auditor should follow up with management. However, this situation is not necessarily an indication of noncompliance with laws and regulations.
Things to remember:
An auditor must obtain reasonable assurance that the F/S are free from material misstatement, whether caused by fraud or error. If the auditor suspects noncompliance (eg, there are large checks payable to cash), the auditor should discuss the matter with management and with those charged with governance.
