Deck 3 Flashcards
what is the key difference between SOC1 and SOC2 report?
SOC1 reports on service organization’s controls on financial informations of its clients.
SOC2 reports on service organization’s cloud and data security controls. SOC2 report is based on trust service criteria- security, availability,processing integrity, confidentiality, privacy.
which factor is most relevant for client’s organizational structure of control risk?
Client’s organizational structure and lines of reporting reflects segregation of duties and relevant of control risk.
when would the auditor assess control risk at maximum level for certain assertions?
When there are no controls relating to financial statement assertions, controls risk is maximum.
To assess CR, auditor must identify control policies and procedures that relate to specific assertions. if control policies and procedures are unlikely to relate to the assertions - CR will be maximum.
Managements responsibilities for integrated audit of nonissuer
Management is required to perform evaluation of the effectiveness of internal control.
Must accept the responsibility for the effectiveness of internal control.
Identify and document control objectives and that controls that meet those objectives.
Providing a written assessment about the effectiveness of entity’s controls that is dated as of the date of the financial statement.
which internal control matters auditor will communicate to nonissuer audit committee?
Significant deficiencies in the design or operation of internal controls are required to be communicated (within 60 days of report release date)
Material fraud/illegal acts perpetrated by high-level management - is a result of significant I/C deficiencies.
What opinion should auditor should give (integrated audit of nonissuer) when there’s a combination of control deficiencies that have a reasonable possibility of causing a material misstatement on the F/S?
Adverse Opinion on the material weakness.
Likelihood of material weakness- reasonable possibility - Adverse opinion.
Significant deficiency- reasonable possibility- not material but more than inconsequential - Unmodified.
Acceptable level of detection risk is inversely related to -
Assurance provided by substantive tests.
if acceptable level of detection risk decreases- more assurance is required from substantive tests.
Acceptable level of detection risk is directly related to risk of failing to discover material misstatement (audit risk)
which section of audit report of nonissuer’s financial statement does the auditor disclaims an opinion on internal control?
Auditor’s responsibilities section.
Auditor’s responsibilities section express an opinion on F/S and not internal control.
Opinion section for unmodified report express opinion that F/S are fairly presented.
When the auditor prepares a schedule of dividends received that were reported as investment income and vouches it to dividend information available to public, what assertion is tested?
Auditor tests Occurrence assertion by vouching clients accounting records to supporting documentation.
which section of a nonissuer’s audit report auditor communicates nature of the engagement and specific financial statements covered by audit?
Opinion section-
first paragraph includes:
name of the entity
title of the F/S audited, dates periods covered
reference to F/S notes
a statement that F/S have been audited
second paragraph states that F/S is fairly stated in all material respects the financial position, results of operations and cash flow of the entity.
what is common between nonissuer financial statement audit and integrated audit?
Both audits follow similar procedures- to understand ICFR, determine which controls reduce RMM, test those controls, then use those results to determine substantive testing.
Purpose and scope are different.
Which section should include auditor’s report (nonissuer) on compliance?
Other-matter paragraph.If auditor asks to report on compliance in connection with F/S audit, findings can be reported in other matter paragraph or in a separate report.
which should be included in KAM section?
A statement that a separate opinion is not expressed on KAM.
KAM should be titled Key Audit Matters, define KAM, state a separate opinion is not expressed. For each KAM there should be a subheading, reference to any related disclosures, description of why it is a KAM and how it was addressed.
AICPA prof code prohibits which non audit services for a nonissuer?
Tax advocacy is prohibited.
But a CPA can perform routine accounting functions (book keeping, tax compliance, payroll services).
SEC prohibits this non audit services for issuers.
Which standards will apply for preparation if an accountant is engaged to prepare financial statements and also review the same?
Not SSARS/SSAE
Accountant performing preparation may or may not apply SSARS depends on the situation. It applies to SSARS if preparation is the highest level of service.
