Auditing Flashcards Preview

CPA > Auditing > Flashcards

Flashcards in Auditing Deck (280):
1

Covers all professional engagements and is the minimum standard of conduct Member should additionally follow specific standards for a specific engagement

Professional Responsibilities - Audit

1

The International Auditing and Assurance Standards Board (IAASB) Member of the International Federation of Accountants (IFAC)

International Auditing

1

Control risk increases with poor Internal Controls and sloppy accounting practices.

Internal Control

1

Controls are redundant to another department The system does not appear to be reliable and testing controls would not be an efficient use of time Costs exceed benefit

Auditing and IT

1

Collection of evidence to support the opinion.

Evidence and Risk

1

To provide users of financial information with REASONABLE ASSURANCE that the financial statements are not materially misstated.

Engagement Planning

1

Taking part of a population- subjecting it to audit procedures- projecting results to a population

Audit Sampling

1

Must conform to GAAP Consistency with prior period reporting is implied (must state if inconsistent) Adequacy of disclosure is implied (must state if disclosures are lacking) Opinion is provided - provides assurance Must be signed by the auditor and dated.

Audit Reports - Pre-Clarity Project

1

Preparation and Fair Presentation of Financial Statements in accordance with the Applicable Financial Reporting Framework

Audit Reports - Clarified Standards

2

Integrity Objectivity No Conflicts of Interest No known misrepresentations of facts No outsourcing of judgment

Professional Responsibilities - Audit

2

IAASB standards are for countries that don't have their own standards and help set the tone for the rest of the members who do have their own standards (AICPA) IAASB doesn't override member standards

International Auditing

2

Auditor will need to perform more testing and dig deeper into accounts in order to arrive at an opinion regarding the financial statements.

Internal Control

2

System isn't complex or complicated System output is detailed

Auditing and IT

2

Evidence consists of client accounting data and supporting documentation from client or from third parties.

Evidence and Risk

2

Auditors are *not* responsible for detecting theft or fraud. Instead- they are responsible for providing REASONABLE ASSURANCE that the financial statements are not materially misstated.

Engagement Planning

2

Based on formulas Helps find an appropriate audit sample Helps evaluate evidence obtained Helps evaluate results and quantify Sampling Risk

Audit Sampling

2

If inconsistent- an Unqualified Opinion is OK Explanatory paragraph after Opinion is added Otherwise - Qualified Opinion issued

Audit Reports - Pre-Clarity Project

2

Internal Control Design, Implementation, Maintenance

Audit Reports - Clarified Standards

3

Safeguards > Threats - Independence Threats > Safeguards - No Independence

Professional Responsibilities - Audit

3

IAASB standards are based on a risk assessment approach

International Auditing

3

Internal control provides reasonable assurance that Material misstatements will be prevented Reliability/integrity of financial statements will be preserved Assets are protected against misuse

Internal Control

3

Maintains database Restricts access Responsible for IT internal control

Auditing and IT

3

Evidence has an inverse relationship with Detection Risk The one aspect of Audit Risk an auditor can control through (N)ature (T)iming (E)xtent of audit procedures. Inherent Risk and Control risk are outside of auditor's control.

Evidence and Risk

3

The earlier the auditor is hired- the better for audit planning and efficiency.

Engagement Planning

3

Based on human decision Equally acceptable as Statistical Sampling

Audit Sampling

3

Accounting Errors Reclassifications Prospective treatment of a new principle Accounting Estimate Change

Audit Reports - Pre-Clarity Project

3

Introduction Management's Responsibility for the F/S Auditor's Responsibility Opinion

Audit Reports - Clarified Standards

4

Self-Review (Auditing own work) Advocate of the Client Adverse Interest (Lawsuit against Client) Too familiar with Client - could impair the appearance of Independence to public Undue influence on Client - On Board of Directors- exception being an Honorary board position

Professional Responsibilities - Audit

4

IAASB - No Internal Control audits IAASB - No Referencing another Audit Firm IAASB - Less detailed documentation IAASB - Required: obtain written fraud assessment IAASB - Required: location of auditor's home office

International Auditing

4

CEO/CFO must disclose Internal Control deficiencies Management must provide assessment of Internal Control Management must certify Financial Statements

Internal Control

4

Recommends changes or upgrades Liaison between IT and users

Auditing and IT

4

Detection Risk which is decreased by gathering evidence.

Evidence and Risk

4

If Control Risk for the accounts and/or transactions is low- audit procedures can be performed at interim dates. The auditor then reviews changes in the balances at year-end.

Engagement Planning

4

Variables sampling Probability proportionate to size sampling

Audit Sampling

4

The opinion states that the financial statements are fairly presented in all material respects The opinion states if the financials are in conformity with GAAP.

Audit Reports - Pre-Clarity Project

4

Introduction Management's Responsibility for F/S Auditor's Responsibility Basis for (Modified) Opinion (Modified) Opinion

Audit Reports - Clarified Standards

5

Offset the threats Safeguards are created by Legislation (SOX)- Client (Audit Committee)- Accounting Firm (Policies)

Professional Responsibilities - Audit

5

Standards set by International Ethics Standards Board for Accountants (IESBA) Code of Ethics for Professional Accountants - Similar to AICPA Code of Professional Conduct

International Auditing

5

Inverse Relationship Stronger Internal Controls - Less Testing Needed Weaker Internal Controls - More Testing Needed

Internal Control

5

Responsible for disc storage Holds system documentation

Auditing and IT

5

Inherent Risk and Control Risk are outside of an auditor's control.

Evidence and Risk

5

The auditor can take the engagement if they are able to overcome the limitations of the engagement.

Engagement Planning

5

Attribute Sampling

Audit Sampling

5

Title - States that the auditor is independent Address - whomever hired the auditor Introduction Paragraph Scope Paragraph Opinion Paragraph Signed and Dated by Author

Audit Reports - Pre-Clarity Project

5

Introduction Management's Responsibility for the F/S Auditor's Responsibility Opinion Emphasis-of-Matter Other-Matter

Audit Reports - Clarified Standards

6

On the engagement team- have Significant influence on Audit- such as: Reviewing Partner Managing Partner in CPA Firm Firm Personnel who does more than 10 hours of non-attest work (Income Taxes) Partner sharing office with another Partner who oversees an engagement Financial Interest in Client by Covered Member (Auditor on Engagement)

Professional Responsibilities - Audit

6

A) Covers all accountants B) Covers Public accountants C) Covers accountants in a business environment

International Auditing

6

Reliability of Financial Reporting Operational Efficiency/Effectiveness Compliance with Law and Regulations

Internal Control

6

Uses computer speed to quickly sort data and files- which leads to a more efficient audit Compatible with different client IT systems Extracts evidence from client databases Tests data without auditor needing to spend time learning the IT system in detail Client-tailored or commercially produced

Auditing and IT

6

Less Evidence collected. Opens door for incremental audit risk - Internal Control should be strong. Business and transactions should be relatively stable and predictable. (N) Less-competent Evidence collected (T) Interim testing acceptable (E) Fewer transactions are verified.

Evidence and Risk

6

To plan the scope of the audit To plan the objectives of the audit

Engagement Planning

6

Risk that your sample isn't representative of population Can happen even if audit is done properly

Audit Sampling

6

GAAS was followed (IF SEC company- uses the standard of the PCAOB) Reasonable assurance about material misstatements was obtained. Financial statements and disclosures are supported by evidence. Management estimates evaluated Accounting principles evaluated Financial Statement presentation evaluated Reasonable basis exists for an opinion If any scope limitations exist- the auditor tries to work around them and still issue an unqualified opinion if possible.

Audit Reports - Pre-Clarity Project

7

No direct financial interest No Material indirect financial interest Firm personnel who are not Covered Members cannot own more than 5% of stock Covered Member's immediate family cannot own more than 5% of stock or be employed in Key positions. If Covered member is aware of this- it will impair independence. Cannot make management decisions. All requirements apply during the period of the professional engagement- and as long as they are a client.

Professional Responsibilities - Audit

7

Accountants should have Integrity Accountants should be Objective Accountants should have Competence Accountants should exercise Due Care Accountants should maintain Confidentiality Accountants should act Professionally

International Auditing

7

Control Environment Risk Assessment Information and Communication Monitoring Control Activities

Internal Control

7

Group of related spreadsheets Retrieves information through Queries

Auditing and IT

7

More Evidence collected (N) More-competent Evidence collected (T) End of year balance testing (E) More transactions are verified

Evidence and Risk

7

The auditor can compare actual versus forecasted numbers.

Engagement Planning

7

A risk of Control Testing - Auditor works to make Control Risk lower More substantive tests - Sample overstates Control Risk- Leads to an under-reliance on internal control- over-testing- and overall audit inefficiency Audit ends up being effective (correct result)- but you do more work

Audit Sampling

7

A prior year's Financial Statement used for comparative purposes must also meet criteria for an Unqualified Opinion If an exception arises- the Explanatory and Opinion paragraphs will address the issue If a prior year's issue has been corrected - issue an Unqualified opinion and ignore the past issue

Audit Reports - Pre-Clarity Project

8

If Supervisor's position is still GAAP/GAAS- defer to Supervisor If Supervisor's position is not GAAP/GAAS- report to higher levels of management If management ignores you- consider leaving the firm

Professional Responsibilities - Audit

8

What are the threats/safeguards? Does this new client threaten our ethics? What are the conflicts of interest? What are the threats/safeguards for offering a second opinion? What are the threats/safeguards for receiving commissions or contingent fees? Is our marketing truthful? What are the threats/safeguards for receiving client gifts? What are the threats/safeguards to objectivity?

International Auditing

8

Sets tone for the entire company

Internal Control

8

A language that defines a database and gives information on database structure. It maintains tables- which can be joined together. It establishes database constraints.

Auditing and IT

8

Auditors are there to verify that Assets & Revenues are not overstated Expenses & Liabilities are not understated Exception - if the CPA Exam states that it is a tax-driven company flip them around

Evidence and Risk

8

If issues relating to predecessor auditor's work on previous Financial Statements come up during the current audit- Auditor must have client's permission to discuss the issue.

Engagement Planning

8

A risk of Control Testing - Complement to Confidence Level Inverse relationship to Sample Size Higher accepted risk of assessing Control Risk too low = Smaller Sample Lower accepted risk of assessing Control Risk too low = Larger Sample

Audit Sampling

8

Includes: Immaterial GAAP issues Going Concern worries Auditor shares responsibility Emphasizing a particular aspect of Financial Statements Unqualified Opinion/Assurances not affected Explanatory paragraph added after opinion

Audit Reports - Pre-Clarity Project

9

Audit Review Attestation Engagement

Professional Responsibilities - Audit

9

Integrity/Ethics of Management Competence of Management Organizational Structure Human Resource Policies Assignment of Authority/Responsibility Management's Style (riskier with a dominant/aggressive individual) Board/Audit Committee involvement

Internal Control

9

Maintains and queries a database Auditor needs information- so client uses DML to get the information needed

Auditing and IT

9

Cost vs. Benefit is a primary constraint.

Evidence and Risk

9

Were they adequately performed? (Review the working papers) Are the results consistent with the audit report?

Engagement Planning

9

Leads to higher Detection Risk - Fewer substantive tests Sample understates Control Risk This error leads to over-reliance on internal control- under-testing- and overall audit ineffectiveness. Does NOT necessarily mean that the Financial Statements are materially misstated - it does mean that if there is one- you are less likely to find it

Audit Sampling

9

A qualified opinion creates reduced assurances. It results from scope limitations or major inconsistencies. It includes material problems with GAAP- disclosures- or segment reporting. If there is an issue that causes a Qualified Opinion- the explanatory paragraph goes after the Scope and before the Opinion paragraphs and the Opinion paragraph refers to the issue as well.

Audit Reports - Pre-Clarity Project

10

Agreement must be in writing. Independence not required - Must state if you are not independent Applicable engagements: Consulting- Compilation

Professional Responsibilities - Audit

10

Detection Risk determines nature- timing- and extent of audit procedures.

Internal Control

10

A Data Control Language controls a database and restricts access to the database.

Auditing and IT

10

Sufficient (quantity) Appropriate: Relevant & Reliable (Quality)

Evidence and Risk

10

Auditor determines what the reporting objectives are. Auditor determines the scope of the audit.

Engagement Planning

10

A risk of Substantive Testing - Auditor accepts a balance as fairly stated- when in fact it is not fairly stated Hurts audit effectiveness Wrong conclusion reached Efficient- but not effective

Audit Sampling

10

Qualified opinion is issued. Scope paragraph modified Explanatory paragraph between Scope and Opinion paragraphs Opinion paragraph points out scope limitation

Audit Reports - Pre-Clarity Project

11

Consulting engagements are covered by Statements on Standards for Consulting Services (SSCS) Requirements: Competence- Due Care- Planning- Supervision- Obtain Sufficient Data- Must Serve Client Interest- Must have written or oral agreement- must communicate with client.

Professional Responsibilities - Audit

11

Risk of material misstatement determines acceptable level of Detection Risk

Internal Control

11

A numerical character consistently added to a set of numbers. It makes it more difficult for a fraudulent account to be set up or go undetected.

Auditing and IT

11

Best evidence: Observation of activity by auditor. 2nd Best: Originates from External Parties and is sent directly to auditor (or failing that items are generated by third party and provided to auditor by the client such as a bank statement) Weakest: Oral evidence from management.

Evidence and Risk

11

Materiality and Audit Risk

Engagement Planning

11

A risk of Substantive Testing - Auditor rejects balance as fairly stated when in fact it is fairly stated Hurts audit efficiency Wrong recommendations given Effective- but not efficient

Audit Sampling

11

Qualified opinion is issued. Scope paragraph remains unchanged Explanatory paragraph between Scope and Opinion paragraphs Opinion paragraph points out inconsistency

Audit Reports - Pre-Clarity Project

12

Advisory Services Transaction Services Management Consulting Implementation Services

Professional Responsibilities - Audit

12

Rapid growth in the company. The methods management uses to identify risk- estimate its significance and assess the likelihood of occurrence Major changes to operations- personnel- systems- IT- products- corporate organization- and foreign operations.

Internal Control

12

A Code Review tests a program's processing logic. Advantageous because auditor gains a greater understanding of the program.

Auditing and IT

12

Third party documents are more persuasive and credible than internally-prepared docs Auditor Knowledge = Most Persuasive 3rd Party info given to auditor 3rd Party info given to client Internally-prepared doc

Evidence and Risk

12

Training and Proficiency (Education and Audit Experience) Independence Due Professional Care (TIP)

Engagement Planning

12

Risk of human (auditor) missing an error Also called exception- error or deviation.

Audit Sampling

12

States that an opinion cannot be issued. Includes severe Scope limitation

Audit Reports - Pre-Clarity Project

13

Not allowed if Member also performs services where independence is required Commissions or referral fees for Covered Members are not allowed Example - Audit firm gets a commission for recommending to Client that they implement a new A/P System...NOT Allowed If a firm performing non-attest work doesn't also perform Covered Member services (aka - Independence not required)- then Firm can get a commission on referring products/services- but they must disclose to the Client Tax Preparation - Payment according to refund amount is disallowed

Professional Responsibilities - Audit

13

No Internal Control testing is performed. All audit procedures are increased in intensity to compensate for increased risk.

Internal Control

13

Examines data and looks for reasonableness using upper and lower limits to determine if data fits the correct range. Did anyone score higher than 100%?

Auditing and IT

13

Test substance/amounts/values. They help to reduce the risk of material misstatements. They only test accuracy of financial statements and dollar amounts - they don't test internal controls.

Evidence and Risk

13

Auditor must be independent in fact and appearance Honesty No direct financial interest No indirect material financial interest

Engagement Planning

13

Sampling Risk deals with the chance that your audit sample is flawed Non-Sampling risk deals with the chance that your human decisions/conclusions are flawed

Audit Sampling

13

Very material GAAP and Disclosure issues would cause an Adverse Opinion. If there is an issue that causes an Adverse Opinion- the explanatory paragraph goes after the Scope and Before the Opinion paragraphs and the Opinion paragraph refers to the issue as well

Audit Reports - Pre-Clarity Project

14

When fees are structured relative to judicial proceedings. Example: IRS audit- or filing an amended tax return subject to tax case with a different taxpayer.

Professional Responsibilities - Audit

14

Auditor tests Internal Controls. Auditor evaluates Control Risk based on tests Auditor adjusts substantive tests accordingly Weaker Internal Control - More substantive tests Stronger Internal Control - Less substantive tests

Internal Control

14

Auditor processes data with client's computer - fake transactions are used to test program control procedures. Each control needs to only be tested once Problem with this method - fake data could combine with real data.

Auditing and IT

14

Trace (or Vouch) Reconcile Analytical Procedures Confirmations Examine evidence that supports management assertions. (T.R.A.C.E.)

Evidence and Risk

14

Technical abilities mirror those held by peers in the profession Follow GAAS Standards Obtain a Reasonable Level of Assurance Maintain Reasonable Level of Skepticism Supervise Audit Staff Review judgment at every level

Engagement Planning

14

Looking at Control Procedures - Were invoices approved when paid? Errors are stated in terms of %- not dollar amounts For example- 5 invoices out of 100 were not properly paid. Error rate is 5% Hint: If you see Error Rate on the Exam- they are referring to Attribute Sampling.

Audit Sampling

14

Disclosed in Introductory Paragraph. Doesn't name the other auditor without permission. Referenced in Opinion paragraph and division of responsibility indicated If other auditor is not referenced- then you take responsibility for their conclusions- so consideration of independence- experience- credentials- etc required

Audit Reports - Pre-Clarity Project

15

Client must carry them out - covered member cannot perform management functions. Client must assign someone of competence to oversee the non-attest engagement and CPA must be satisfied that this has occurred.

Professional Responsibilities - Audit

15

Performance Reviews Information Processing Physical Controls Segregation of Duties

Internal Control

15

Auditor can review logs to see which applications were run and by whom.

Auditing and IT

15

Auditors focus first on Balance Sheet Accounts then associated Income Statement items

Evidence and Risk

15

Planning and Supervision Internal Control Evidence (PIE)

Engagement Planning

15

Control Procedures are either operating properly or they are not operating properly - based on Error Rate and the tolerance you have for errors

Audit Sampling

15

Compilations are governed by SSARS (Statements on Standards for Accounting and Review Services)

Audit Reports - Pre-Clarity Project

16

Must have definite objectives Must have specific procedures planned Must have a basis for recommendations Must have recommendations communicated Must have action steps to implement

Professional Responsibilities - Audit

16

Understand Client's Major transaction classes Transaction initiation Support records/documents Transaction processing Financial Statement internal reporting process Financial Statement external reporting process

Internal Control

16

Helpful in online environments Restricts computer access - may use encryption.

Auditing and IT

16

Assurance Level is High. Acceptable Detection Risk is Low.

Evidence and Risk

16

Consistency Disclosures Opinion GAAP (CDOG)

Engagement Planning

16

Error rate in population that you are willing to accept/tolerate Inverse relationship to Sample Size Higher Tolerable Rate = Smaller Sample Lower Tolerable Rate = Larger Sample If you're willing to accept a higher probability that errors exist- there is less pressure on the sample

Audit Sampling

16

Non-SEC (non-public) registrants only.

Audit Reports - Pre-Clarity Project

17

Departure from GAAP is appropriate if GAAP would cause Financial Statements to be misleading- then it must be explained/disclosed.

Professional Responsibilities - Audit

17

Through written documentation such as Internal Control memos- flowcharts- and questionnaires

Internal Control

17

Library Management Software logs any changes to system/applications etc.

Auditing and IT

17

If Acceptable DR is High - Negative Confirmation is used - Customer only responds if balance is materially wrong. If Acceptable DR is Low - Positive Confirmation is used - Customer asked to confirm by telling auditor the balance. Corresponding Income Statement Account - Revenue

Evidence and Risk

17

Review the previous financial statements Speak to third parties Contact predecessor auditor to evaluate whether engagement should be accepted (must have client permission)

Engagement Planning

17

What Error Rate are you expecting? - Judgment call- based on experience Direct relationship to Sample Size More errors = Larger Sample Less errors = Smaller Sample

Audit Sampling

17

Accountant puts together financial statements with information PROVIDED BY MANAGEMENT. No opinion is expressed- and no assurances are given. Independence is not required.

Audit Reports - Pre-Clarity Project

18

Member may disclose confidential info when client isn't following GAAP OR If they receive a subpoena - CPAs are not Attorneys- so there is no CPA-Client privilege

Professional Responsibilities - Audit

18

Were all transactions recorded? Were they timely? Measured appropriately? Recorded in correct period? Presented and disclosed properly? Did Management communicate their responsibilities?

Internal Control

18

Assist with audit calculations Enable continuous monitoring in an audit environment that is changing Weakness: requires implementation into the system design Example: SCARF - Collects information based on some criteria and can be analyzed at a later time (necessary because the audit environment is continually changing)

Auditing and IT

18

Review purchase orders/invoices Confirm with Vendors Corresponding Income Statement Account - Various Expenses

Evidence and Risk

18

Note: must have permission of client to contact predecessor auditor (no permission = no engagement) Why the Auditor Change? Any Serious Discussions with Audit Committee? How is Management Integrity? Disagreements? How was Internal Control? Understand Industry or Be Willing to Learn Consider Scope Limitation - Limited evidence available = no engagement

Engagement Planning

18

Attribute in the sample gives information about the entire audit population Used to estimate Internal Control error rate

Audit Sampling

18

Disclosures not necessary must state that they are not included

Audit Reports - Pre-Clarity Project

19

This is an act discreditable. You MUST return all documents the client gives you even if they don't pay their bill. If you create a document- however- like a work paper- you are not required to give the client a copy of papers you created if they haven't paid their bill They are the firm's work papers- but are still confidential!

Professional Responsibilities - Audit

19

Auditor needs reasonable assurance that controls are functioning as designed and effective Internal Control Testing should be strong as (IRON) so that nothing gets past them Inquiry - Interview company personnel Re-performance - Can it be replicated? Observation - Watch the control be applied INspection - Dig into the details/documents If results are as expected- substantive procedures do not need to be adjusted

Internal Control

19

An Audit Hook is an application instruction that gives auditor control over the application.

Auditing and IT

19

Examine purchase agreements Look at Board Minutes Is Inventory held as collateral? Corresponding Income Statement Account - COGS

Evidence and Risk

19

Note: must be written Objectives of Engagement Limitations of Engagement Responsibilities of Management - Provide written assertions Responsibilities of Auditor - Limited error/fraud responsibility Expectations of Access to Records Financial Statements (and Disclosures) are Management's Responsibility Compliance with Laws Internal Control

Engagement Planning

19

Used to determine initial level of Control Risk

Audit Sampling

19

SSARS (Statements on Standards for Accounting and Review Services)

Audit Reports - Pre-Clarity Project

20

CPA firm names must not be misleading. If partner dies- remaining partner has two years to change name if partnership dissolved. If partner dies and more than one partner still remains (i.e. 1 dies and you still have 2 or more partners...you don't need to change the name) All Partners/Shareholders must be members of the AICPA in order to hold themselves out as members of the AICPA. Non-CPAs can be owners- but 2/3 of Ownership must be CPAs. Non-CPA owner must not be involved with the accounting- and is still bound by AICPA code of conduct- must maintain CPE requirements and have Bachelor's degree.

Professional Responsibilities - Audit

20

Controls tested by auditor in a prior year can be used in the current year's audit assuming they are re-tested every third year Exception If the control has changed since the last audit

Internal Control

20

Transaction Tagging allows logging of company transactions and activities.

Auditing and IT

20

Should match last year's ending balance.

Evidence and Risk

20

Management is responsible for financial statements and adequacy of disclosures. Presentation & Disclosure Existence (Tests Overstatements) Rights & Obligations Completeness (Tests Understatements) Valuation & Allocation

Engagement Planning

20

Risk of Assessing Control Risk too low Gives you the Sampling Risk

Audit Sampling

20

Reviews give limited assurance.

Audit Reports - Pre-Clarity Project

21

It is an Act Discreditable.

Professional Responsibilities - Audit

21

Control Risk increases Scope of substantive procedures increases Detection Risk decreases Material Weakness - Reasonable possibility that a material misstatement in Financial Statements would not be found- more than a remote chance of occurrence

Internal Control

21

Extended Records add audit data to financial records.

Auditing and IT

21

If Beginning Balance Additions Subtractions are OK then Ending Balances should also be OK.

Evidence and Risk

21

Responsible for Hiring Auditor Oversees Internal Control Must Agree with Auditor on: Responsibility of the Parties- Audit Fee- Timing of the Audit- Audit Plan Acts as Liaison Between Auditor and the Board Auditor Communicates Concerns about: Internal Control Deficiencies- Errors- Fraud- Illegal Activities

Engagement Planning

21

Attribute sampling is only useful when there is documented evidence (an audit trail) to test Use when the existence of an error needs to be verified or debunked

Audit Sampling

21

Analytical procedures are required for reviews. Compare results to documented predictions.

Audit Reports - Pre-Clarity Project

22

Licenses are granted at the State level If State revokes certificate- AICPA Ban Felony Conviction- AICPA Ban Prepares Fraudulent Tax Return- AICPA Ban Intentionally failing to file return- AICPA Ban SEC can get involved with discipline

Professional Responsibilities - Audit

22

Reasonable possibility exists that a material misstatement in Financial Statements would not be found- and has more than a remote chance of occurrence.

Internal Control

22

Destroys prior data when updated aka Destructive Updating Requires well-documented Audit Trail

Auditing and IT

22

Foot all balances - Check the Math Trace Cash Flow items to other Financial Statements Check classifications - Operating Activities Investing Activities Financing Activities

Evidence and Risk

22

Inherent Risk x Control Risk x Detection Risk Risk that material mistakes- errors- omissions- or fraud will result in an inaccurate audit report Based on Auditor Judgment Measured in both Qualitative and Quantitative

Engagement Planning

22

Testing for a dollar amount Value in sample gives information about value in entire population.

Audit Sampling

22

Financial statements are presented with no opinion expressed- and limited assurances are given. Independence is required for a review engagement.

Audit Reports - Pre-Clarity Project

23

Monitors CPA Firms who audit SEC clients - All SEC Audit firms must register Issues standards for firms to follow - usually stricter than AICPA standards

Professional Responsibilities - Audit

23

Tests Completeness Starts with source document and traces forward to the journal entry.

Internal Control

23

If the auditor only audits the outputs of a computer system and doesn't also audit the software applications- an error in the applications could be missed.

Auditing and IT

23

Interest Paid Income Taxes Paid Non-cash Transactions Cash and Cash Equivalents Definitions

Evidence and Risk

23

Risk that internal control will not detect error or fraud Auditor cannot control this.

Engagement Planning

23

Mean Per Unit = Sample Average x Number in Population Stratification - Decreases effect of variance in population and reduces sample size

Audit Sampling

23

A prospective financial statement that uses normal circumstances. General and limited use allowed.

Audit Reports - Pre-Clarity Project

24

If Client pays a contingent fee (i.e. based on outcome) With Marketing or Planning engagements Aggressive Tax Strategies Firm does tax work for Client employee involved with audit oversight or their family

Professional Responsibilities - Audit

24

Tests Existence. Starts with a journal entry and searches for a voucher or source document to support the entry.

Internal Control

24

Software that translates source program (similar to English) into a language that the computer can understand

Auditing and IT

24

Results as if you had used Indirect Method Non-cash Transactions Cash and Cash Equivalents Definition

Evidence and Risk

24

Which transactions have a higher level of risk? Auditor cannot control

Engagement Planning

24

A form of Variable Sampling Does NOT use Standard Deviation Auditor focuses on a dollar amount Larger or more valuable items get picked more often as part of the sample

Audit Sampling

24

A prospective financial statement using hypothetical situations. Only limited use by the client is allowed.

Audit Reports - Pre-Clarity Project

25

Client Audit Committee must approve non-audit work performed by Firm Firm must disclose any potential independence issues to Audit Committee

Professional Responsibilities - Audit

25

Non-compatible duties performed by separate individuals- such as Authorization of asset disbursement vs. Recording of Assets vs. Custody of assets If supporting audit evidence doesn't exit - use Observation and Inquiry Accounting should be segregated from Production

Internal Control

25

Client data is processed using Generalized Audit Software (GAS) Sample size can be expanded without significantly increasing the audit cost GAS output compared to client output

Auditing and IT

25

Subsequent events occur after the Balance Sheet Date but before the audit report is issued. Auditor needs to make inquiries and assess if they affect the audit report.

Evidence and Risk

25

Will the auditor fail to detect a material misstatement? Auditor CAN control Do testing at year-end Increase substantive testing Run more effective tests

Engagement Planning

25

Misstatement found in sample - have to project it to remainder of population

Audit Sampling

25

Independence is required Only limited use by the client is allowed.

Audit Reports - Pre-Clarity Project

26

GAO - Government Accountability Office

Professional Responsibilities - Audit

26

Employees who prepare vouchers/invoices should not also have the authority to SIGN CHECKS Tip - Remember this as an underlying theme with Segregation of Duties. The authority to make a payment should not also lie in the hands of those creating invoices/vouchers. Why? People commit fraud by setting up fake companies and basically paying themselves

Internal Control

26

Plan the rest of audit- Shorter audit trails that may expire- Less documentation Assess the level of Control Risk - Unauthorized access to systems or data is more difficult to catch Systems access controls adds another layer to separation of duties analysis Focus should be on the general controls- new systems development- current systems changes- and program or data access control or computer ops control changes

Auditing and IT

26

If audit report has already been issued and auditor becomes aware of a situation that was present as of the BS date client should issue a disclosure to financial statement users and/or revise the financial statement. Regulatory agencies might need to get involved under some circumstances.

Evidence and Risk

26

Less Acceptable DR = Run More Substantive Tests More Acceptable DR = Run Less Substantive Tests More Substantive Tests (DR down) = Less Audit Risk; (AR = IR x CR x DR) Less Substantive Tests (DR up) = More Audit Risk; (AR = IR x CR x DR)

Engagement Planning

26

PPS: Easier to use- Results in a stratified (homogenous) sample- Results in a smaller sample size to audit- Easy to design Classic Variables Sampling: Easy to expand sample size- Selecting zero and negative balances easy

Audit Sampling

26

No disclosure required.

Audit Reports - Pre-Clarity Project

27

Auditors must follow both GAAS and GAS aka the Yellow Book materiality threshold is usually lower More detail is required on working papers More stringent CPE rules and requirements - 24 hours of continuing education must be related to governmental auditing every 2 years Compliance with Regulations is a requirement of the Audit Report

Professional Responsibilities - Audit

27

Employees who have custody of assets should not also RECORD those assets Someone in charge of petty cash should not also control the petty cash records Treasury Department (custodians) should NOT have record keeping duties They control assets and should not be able to adjust any recording of those assets

Internal Control

27

If auditor discovers that they forgot to perform a substantive procedure auditor should determine if other substantive procedures performed served as a substitute. Otherwise support for their audit opinion could be jeopardized.

Evidence and Risk

27

Quantitative Measurements - Inherent- Control- and Detection Risk can all be measured in terms of percentages Non-Quantitative Measurements - Inherent- Control- and Detection Risk can all be measured in terms of acceptable ranges

Engagement Planning

27

Tolerable rate for error - Inverse relationship with sample size Risk of assessing Control Risk too low - Inverse relationship with sample size Expected population error rate - Direct relationship with sample size Population size does NOT affect the sample size - as population is larger- sample size doesn't grow.

Audit Sampling

27

Accrue if estimable. Explanatory paragraph if not estimable.

Audit Reports - Pre-Clarity Project

28

Controls can't stop collusion or bad judgment Management can override controls Cost vs. Benefit relationship of Internal Control

Internal Control

28

REQUIRED When planning the audit (preliminary) REQUIRED When reviewing the audit (final) Analytical procedures may be also performed optionally along with the substantive testing. Use of Analytical Procedures in the audit must be documented.

Evidence and Risk

28

It is Management's responsibility.

Engagement Planning

28

SER + ASR < TER SER = Sample Error Rate ASR = Allowance for Sampling Risk TER = Tolerable Error Rate

Audit Sampling

28

Auditor assesses need for explanatory paragraph based on loss likelihood.

Audit Reports - Pre-Clarity Project

29

A written report to management is required. Report declaring that no material weaknesses were found is allowed Previous weaknesses reported that still exist should be reported again Should be reported no later than 60 days after audit report release date If one or more material weaknesses is uncorrected at year-end- an Adverse Opinion on Internal Control must be given

Internal Control

29

Helps the Auditor: Determine if Management Assertions are reasonable Develop audit plan Develop some expectations about the financial statement and hopefully bring to light any glaring errors on financial statement

Evidence and Risk

29

Assess the RISK that such things will lead to material misstatements Design the audit to provide reasonable assurance against fraud- illegal acts that directly and materially affect the financial statements Report ALL management fraud to the audit committee (minor fraud by low-level employees not reported to committee) Perform required inquiries and procedures (management inquiries- analytical procedures- discussions with audit personnel about fraud)

Engagement Planning

29

The amount that you add to the Sampling Error Rate to get some cushion for your sample. As high as you think the population error rate could go based on experience.

Audit Sampling

29

Gain contingencies are not reported.

Audit Reports - Pre-Clarity Project

30

A significant deficiency adversely affects a company's ability to report in the financial statements according to GAAP. A significant deficiency is a more than a remote likelihood of material misstatement by more than an inconsequential amount

Internal Control

30

Analytical Procedure focus is on dollar amounts (not internal controls) Analyzes Financial Data: Do Financial Statements Make Sense? Comparison of data between years

Evidence and Risk

30

Fraud is born out of: Rationalization Incentive Opportunity (RIO)

Engagement Planning

30

The amount of error rate that you can accept - If population error rate is less than TER- then accept the Control as effective If population error rate is more than TER- do more testing to get SER lower or conclude control isn't effective. Do more substantive testing

Audit Sampling

30

It doesn't. Opinion is Unqualifed.

Audit Reports - Pre-Clarity Project

31

If a Significant Deficiency is identified- a written report to management required Report declaring that no significant deficiencies exist is not allowed Previous deficiencies reported that still exist should be reported again Should be reported no later than 60 days after the audit report release date

Internal Control

31

Current Ratio = Current Assets / Current Liabilities

Evidence and Risk

31

Errors are unintentional- fraud is intentional.

Engagement Planning

31

Determine Test Objective - for example- have sales shipments been billed? Define Population and Deviation - take a sample of shipping document- trace forward to see if billed Determine Sample Size based on tolerable rate for error- risk of assessing Control Risk too low- and expected population error rate. Select Sampling Technique

Audit Sampling

31

Qualified Opinion is issued. Similar to Scope Limitation. Explanatory paragraph after Scope Paragraph. Opinion refers to GAAP issue.

Audit Reports - Pre-Clarity Project

32

A control is not operating as intended.

Internal Control

32

Quick Ratio = Liquid Assets / Current Liabilities

Evidence and Risk

32

Management compensation tied to stock Aggressive financial forecasting Former auditor disagreed with Management Records not available for audit Current audit procedures may need to be reconsidered if red flags exist.

Engagement Planning

32

Perform the Sampling Plan Evaluate Results Document Results

Audit Sampling

32

Adverse opinion is issued. Same paragraph structure as a Qualified opinion.

Audit Reports - Pre-Clarity Project

33

Are they competent? Are they objective?

Internal Control

33

Asset Turnover = Net Sales / Average Assets

Evidence and Risk

33

Has been observed in similar situations Does NOT necessarily mean that there is a material weakness in internal control Leads to an auditor taking action

Engagement Planning

33

Every certain # of a population is selected Population needs to be randomly ordered Primary advantage is that population doesn't require pre-numbering

Audit Sampling

33

Unqualified opinion with an Emphasis is OK Explanatory paragraph is added after Opinion paragraph.

Audit Reports - Pre-Clarity Project

34

Auditor needs to understand the role of Internal Auditors within the organization because their work affects the audit plan Responsibility for judgments about materiality or appropriateness of entries or estimates cannot be shared with third parties like Internal Auditors Internal Auditors should be asked to do some of the legwork like preparing schedules or running reports They should not be asked to make any decisions or judgments

Internal Control

34

Inventory Turnover = COGS / Average Inventory

Evidence and Risk

34

Internal control analysis can result in the conclusion that IC is weak- but probably won't identify illegal acts

Engagement Planning

34

Also called Stop or Go sampling Each audit step determines the next step

Audit Sampling

34

An audit performed under governmental auditing standards (GAS).

Audit Reports - Pre-Clarity Project

35

CEO/CFO must disclose deficiencies Management must provide assessment of Internal Controls Management must certify Financial Statements

Internal Control

35

Gross Margin % = Gross Margin / Sales

Evidence and Risk

35

Strives to make audit engagement procedures less patterned and predictable Re-evaluates management's application of accounting procedures Finds and assigns audit personnel with relevant skills in this area

Engagement Planning

35

Audit is testing an area that is so crucial that zero population errors can be tolerated Any phony employees on payroll?

Audit Sampling

35

GAS is more strict that GAAS.

Audit Reports - Pre-Clarity Project

36

Has inverse relationship Stronger Internal Control results in LESS substantive testing Weaker Internal Control leads to MORE substantive testing

Internal Control

36

Ratios are Analytical Procedures

Evidence and Risk

36

Any fraud risks identified that could lead to material misstatement Audit procedures performed to assess risks Nature of communication made to audit committee and company management Disclosure to third parties regarding fraud not normally the auditor's responsibility Fraud by management should normally be reported to the audit committee- NOT the SEC.

Engagement Planning

36

Easy to implement- but is the worst method of sampling.

Audit Sampling

36

A report on internal control is required. GAAS and GAS don't require the I/C report.

Audit Reports - Pre-Clarity Project

37

Reliability of Financial Reporting Operational Efficiency/Effectiveness Compliance with Law and Regulations

Internal Control

37

Budget vs. Actual comparisons are Analytical Procedures.

Evidence and Risk

37

Created PCAOB Designates Officer responsibility for internal control Must disclose significant internal control weaknesses to auditor and audit committee Must disclose any level of fraud discovered by employees with internal control responsibilities

Engagement Planning

38

Control Activities Risk Assessment Information and Communications Monitoring Control Environment

Internal Control

38

Ratio analysis Budget vs. Actual comparison Comparison of data between years Use of non-financial data to predict expected values for financial data

Evidence and Risk

38

1. Statements on Auditing Standards (SAS) 2. Auditing Interpretations- AICPA Guides & SOPs 3. Industry Articles (no authority)

Engagement Planning

39

Integrity/Ethics of Management Competence of Management Organizational Structure Human Resources Policies Assignment of Authority/Responsibility Management's Style (riskier with a dominant/aggressive individual) Board/Audit Committee involvement

Internal Control

39

Management assertions help the auditor to plan the audit and select substantive tests.

Evidence and Risk

39

Firm Leadership exhibits quality and leads by example and sets the tone for the organization Firm should Monitor and document that its policies and procedures are being followed Firm should have Relevant Ethical Requirements Acceptance and continuance of client engagements should continue to be evaluated for client integrity- auditor competency- and legality Firm should have competent and ethical personnel Firm engagements are performed- supervised- and reviewed in accordance with professional standards and regulations.

Engagement Planning

40

Auditor tests Internal Controls. Auditor evaluates Control Risk based on tests Auditor adjusts substantive tests accordingly Weaker Internal Control - More substantive tests Stronger Internal Control - Less substantive tests

Internal Control

40

Presentation - Cutoff Classification - Is it in the right period and category? Existence/ Occurrence - Did it happen? Does it exist? Rights & Obligations - Does the company own them? Completeness - Was everything recorded? Valuation - Are they worth the amount at which they are recorded? (PERCV)

Evidence and Risk

40

SSARS - Statements on Standards for Accounting and Review Services These govern reporting for non-public entities only

Engagement Planning

41

Understand Client's Major transaction classes Transaction initiation Support records/documents Transaction processing Financial Statement internal reporting process Financial Statement external communication process

Internal Control

41

Occurrence Cutoff Classification Completeness Accuracy

Evidence and Risk

41

Independence NOT required for Compilations No Internal Control work allowed No assurance given

Engagement Planning

42

Auditor must document understanding of Internal Control via Memos - Flowcharts - Questionnaires

Internal Control

42

Occurrence Completeness Classification Accuracy

Evidence and Risk

42

Compilations are not an assurance service. No assurance is provided.

Engagement Planning

43

Auditor needs reasonable assurance that controls are functioning as designed and effective Internal Control Testing should be strong as (IRON) so that nothing gets past them Inquiry - Interview company personnel Re-performance - Can it be replicated? Observation - Watch the control be applied INspection - Dig into the details/documents If results are as expected - substantive procedures do not need to be adjusted

Internal Control

43

No it is an extended procedure. For example you don't have to take a loan covenant document and go search out that it's a valid loan covenant. Instead you consider the source - if it's externally prepared it's more persuasive.

Evidence and Risk

43

Reviews provide NEGATIVE assurance.

Engagement Planning

44

First and foremost you need to understand management's rationale and methods for developing estimates before you can judge reasonableness. Next Auditor should formulate their own opinion on what a good estimate should be and compare it. Finally determine if subsequent events affect the estimate.

Evidence and Risk

44

Reviews require independence. No Internal Control work allowed Performs analytical procedures No material indirect financial interest allowed No immaterial direct financial interest allowed

Engagement Planning

45

Audit workpapers are the property of the auditor. They can be paper or electronic. They must include a WRITTEN audit program (either paper or electronic).

Evidence and Risk

45

Must have an understanding of the client industry.

Engagement Planning

46

Information pertaining to the current year's audit.

Evidence and Risk

46

CPA expresses a conclusion about an assertion - Compliance with laws NOT considered a Consulting engagement Independence Required

Engagement Planning

47

Information used for this audit and future audits which is updated as needed.

Evidence and Risk

47

Independence is not required for consulting services.

Engagement Planning

48

Must be kept for 5 years after the audit release date or according to regulations whichever is longer. Must be kept for 7 years under PCAOB Audit PCAOB audits also require an Engagement Completion Document

Evidence and Risk

48

Report is restricted to specified users. Agreed-upon procedures are implemented.

Engagement Planning

49

Any experienced auditor should be able to look at your work and understand what you did.

Evidence and Risk

50

If further documents are added to the work papers after the audit report is issued it must be documented as to who added them why they were added and any effects on the audit report.

Evidence and Risk

51

After the audit report is released the firm has 60 days to subtract from the file. You can still add to the file if you document it but you cannot delete any information after 60 days. Note - for SEC auditors the PCAOB only allows deletions up to 45 days after issuance of the audit report.

Evidence and Risk