What is the primary duty of an auditor?
To provide users of financial information with REASONABLE ASSURANCE that the financial statements are not materially misstated.
What is the auditor's responsibility for detecting theft or fraud?
Auditors are *not* responsible for detecting theft or fraud. Instead- they are responsible for providing REASONABLE ASSURANCE that the financial statements are not materially misstated.
When should an auditor be hired in relation to the balance sheet date for optimum audit planning and efficiency?
The earlier the auditor is hired- the better for audit planning and efficiency.
When can audit procedures be performed at interim dates?
If Control Risk for the accounts and/or transactions is low- audit procedures can be performed at interim dates. The auditor then reviews changes in the balances at year-end.
When can an auditor accept an engagement offered after the year is already closed?
The auditor can take the engagement if they are able to overcome the limitations of the engagement.
For what does an auditor use professional skepticism?
To plan the scope of the audit To plan the objectives of the audit
How can analytical procedures be performed in audit planning?
The auditor can compare actual versus forecasted numbers.
What must an auditor have in order to discuss issues relating to a predecessor auditor's work?
If issues relating to predecessor auditor’s work on previous Financial Statements come up during the current audit- Auditor must have client’s permission to discuss the issue.
What questions must an auditor ask with respect to procedures carried out by assistants?
Were they adequately performed? (Review the working papers) Are the results consistent with the audit report?
How is audit strategy mapped out?
Auditor determines what the reporting objectives are. Auditor determines the scope of the audit.
What are the foundations of Generally Accepted Audit Standards (GAAS)?
Materiality and Audit Risk
What are the General Standards for auditing?
Training and Proficiency (Education and Audit Experience) Independence Due Professional Care (TIP)
Describe the key components of maintaining auditor independence.
Auditor must be independent in fact and appearance Honesty No direct financial interest No indirect material financial interest
Describe Due Professional Care
Technical abilities mirror those held by peers in the profession Follow GAAS Standards Obtain a Reasonable Level of Assurance Maintain Reasonable Level of Skepticism Supervise Audit Staff Review judgment at every level
List the Standards of Field Work
Planning and Supervision Internal Control Evidence (PIE)
List the Standards of Reporting
Consistency Disclosures Opinion GAAP (CDOG)
What should an auditor do prior to accepting an audit engagement?
Review the previous financial statements Speak to third parties Contact predecessor auditor to evaluate whether engagement should be accepted (must have client permission)
What questions should be asked by an auditor prior to taking an engagement?
Note: must have permission of client to contact predecessor auditor (no permission = no engagement) Why the Auditor Change? Any Serious Discussions with Audit Committee? How is Management Integrity? Disagreements? How was Internal Control? Understand Industry or Be Willing to Learn Consider Scope Limitation - Limited evidence available = no engagement
What should be included in an audit engagement agreement?
Note: must be written Objectives of Engagement Limitations of Engagement Responsibilities of Management - Provide written assertions Responsibilities of Auditor - Limited error/fraud responsibility Expectations of Access to Records Financial Statements (and Disclosures) are Management’s Responsibility Compliance with Laws Internal Control
What is management's responsibility with respect to the financial statements?
Management is responsible for financial statements and adequacy of disclosures. Presentation & Disclosure Existence (Tests Overstatements) Rights & Obligations Completeness (Tests Understatements) Valuation & Allocation
What is the purpose of the Audit Committee?
Responsible for Hiring Auditor Oversees Internal Control Must Agree with Auditor on: Responsibility of the Parties- Audit Fee- Timing of the Audit- Audit Plan Acts as Liaison Between Auditor and the Board Auditor Communicates Concerns about: Internal Control Deficiencies- Errors- Fraud- Illegal Activities
How is Audit Risk calculated?
Inherent Risk x Control Risk x Detection Risk Risk that material mistakes- errors- omissions- or fraud will result in an inaccurate audit report Based on Auditor Judgment Measured in both Qualitative and Quantitative
Describe Control Risk
Risk that internal control will not detect error or fraud Auditor cannot control this.
Describe Inherent Risk.
Which transactions have a higher level of risk? Auditor cannot control
Describe Detection Risk.
Will the auditor fail to detect a material misstatement? Auditor CAN control Do testing at year-end Increase substantive testing Run more effective tests
What responses should an auditor take based on different levels of acceptable detection risk (DR)? What type of tests should be performed?
Less Acceptable DR = Run More Substantive Tests More Acceptable DR = Run Less Substantive Tests More Substantive Tests (DR down) = Less Audit Risk; (AR = IR x CR x DR) Less Substantive Tests (DR up) = More Audit Risk; (AR = IR x CR x DR)
What are quantitative measurements versus non-quantitative measurements with respect to risk?
Quantitative Measurements - Inherent- Control- and Detection Risk can all be measured in terms of percentages Non-Quantitative Measurements - Inherent- Control- and Detection Risk can all be measured in terms of acceptable ranges
Whose responsibility is it to FIND and PREVENT fraud?
It is Management's responsibility.
What is the auditor's responsibility with respect to fraud and illegal acts?
Assess the RISK that such things will lead to material misstatements Design the audit to provide reasonable assurance against fraud- illegal acts that directly and materially affect the financial statements Report ALL management fraud to the audit committee (minor fraud by low-level employees not reported to committee) Perform required inquiries and procedures (management inquiries- analytical procedures- discussions with audit personnel about fraud)
What are the three factors that affect/influence fraud?
Fraud is born out of: Rationalization Incentive Opportunity (RIO)
What is the difference between fraud and errors?
Errors are unintentional- fraud is intentional.
What red flags may indicate higher risk in an audit?
Management compensation tied to stock Aggressive financial forecasting Former auditor disagreed with Management Records not available for audit Current audit procedures may need to be reconsidered if red flags exist.
Describe the characteristics of a Fraud Risk Factor.
Has been observed in similar situations Does NOT necessarily mean that there is a material weakness in internal control Leads to an auditor taking action
What does an examination of internal control accomplish with respect to illegal acts?
Internal control analysis can result in the conclusion that IC is weak- but probably won’t identify illegal acts
What is the purpose of adjusting audit procedures in light of fraud risk factors identified during an audit?
Strives to make audit engagement procedures less patterned and predictable Re-evaluates management’s application of accounting procedures Finds and assigns audit personnel with relevant skills in this area
What should be documented with respect to fraud risk factors in an audit?
Any fraud risks identified that could lead to material misstatement Audit procedures performed to assess risks Nature of communication made to audit committee and company management Disclosure to third parties regarding fraud not normally the auditor’s responsibility Fraud by management should normally be reported to the audit committee- NOT the SEC.
What was the effect of the SOX Act of 2002?
Created PCAOB Designates Officer responsibility for internal control Must disclose significant internal control weaknesses to auditor and audit committee Must disclose any level of fraud discovered by employees with internal control responsibilities
What is the Hierarchy of Authoritative Literature?
1. Statements on Auditing Standards (SAS) 2. Auditing Interpretations- AICPA Guides & SOPs 3. Industry Articles (no authority)
What quality control activities are undertaken by CPA firms with audit practices?
Firm Leadership exhibits quality and leads by example and sets the tone for the organization Firm should Monitor and document that its policies and procedures are being followed Firm should have Relevant Ethical Requirements Acceptance and continuance of client engagements should continue to be evaluated for client integrity- auditor competency- and legality Firm should have competent and ethical personnel Firm engagements are performed- supervised- and reviewed in accordance with professional standards and regulations.
Which literature governs Compilation services?
SSARS - Statements on Standards for Accounting and Review Services These govern reporting for non-public entities only
What is the independence requirement for Compilations?
Independence NOT required for Compilations No Internal Control work allowed No assurance given
What type of assurance is provided by a Compilation?
Compilations are not an assurance service. No assurance is provided.
What type of assurance is provided by Review services?
Reviews provide NEGATIVE assurance.
What is the independence requirement for a Review?
Reviews require independence. No Internal Control work allowed Performs analytical procedures No material indirect financial interest allowed No immaterial direct financial interest allowed
For compilations and reviews- what knowledge must a service provider have?
Must have an understanding of the client industry.
What are attestation services?
CPA expresses a conclusion about an assertion - Compliance with laws NOT considered a Consulting engagement Independence Required
What is the independence requirement for consulting services?
Independence is not required for consulting services.
Describe the limitations on Prospective Financial Statements?
Report is restricted to specified users. Agreed-upon procedures are implemented.