i-75 con't Flashcards

Question

IT general controls - systems administration and programming

Answer 1

-this department maintains the computing infrastructure and computer hardware and grants access to system resources -roles: maintain operating system and related hardware, new releases of the operating system and also new hardware updates like driver updates, installing those updates -the role of the programmer requires they be in direct contact with the production programs and data, it is imperative they not have access to info about application programs or data files -administrators: include database administrators, network administrator (ensure that all application devices link to the orgs networks and that the networks operate securely and continuously; monitoring and troubleshooting), web administrator (operate and maintain t he web serves), help desk personnel (answer help line calls and emails, resolve user problems, and obtain technical support and vendor support when necessary). each are responsible for management activities associated with the system that they control. they each grant access to their system resources usually with usernames and passwords. system admins should not be permitted to participate directly in these systems operations -administrator: security admin ensures that all components of the system are secure form threats both internal and external. responsibilities include security of software and systems and granting appropriate access to systems via user authentication, password setup and maintenance. the security admin decides how frequently passwords need to be changed etc

Answer 2

-operator: data entry, operate the computer run the program, execute the transaction -data control clerk: control document flow, ensure that sensitive data is only handled by appropriate parties, schedule batches for data entry and editing, reconcile control totals -file librarian: check files in and out only as necessary to support scheduled jobs, no access to live operating equipment or live data unless the data has been checked into the library, if a librarian has access to live application programs they could make changes to both live and archive copies fo the program and this would be a security risk bc the changes they make may not be detected

Answer 3

-computer operators (data entry personnel) should never be allowed to act as application programmers or system admin -system programmers should never have access to application program documentation -data admins should never have access to computer operations (live data) -application programmers and systems analysts should never have access to computer operations (live data) -application programmers and systems analysts should not control access to data, programs or computer resources

Answer 4

-concern the accuracy, validity and completeness of data processing in specific application programs three categories: -input and origination controls -processing and file controls -output controls

Answer 5

-ensure that transactions entered into the system are valid, complete and accurate -ex: automate data entry, removing the manual input of data, thus growing the use of the term origination control to replace input control

Answer 6

-involves data origination with scanners rather than manual data entry -scanning with bar codes allows for automated data origination and reduces errors associated with manual data input -the goals of automated data capture and scanning include accuracy, completeness, and efficiency of data

Answer 7

-input control used in OLRT systems where entered data is used to display additional confirming data -such a entering a zip code and the city and the state are displayed to confirm -a business application would involve entering a customer number and having the rest of the data displayed to confirm -the confirming data is already in the record and serves as an input control -goals include efficiency, accuracy and completeness

Answer 8

-input application controls that where comparisons are made to verify that all of the data were input properly -financial control totals involve dollar amounts -non financial control totals do not involve dollar amounts, but has a record count or hash total -used in batch processing (not online real time), group transactions, and sets them aside until its appropriate to go ahead and process those transactions -some batch totals are financial, some non financial

Answer 9

-re keying or the re entering of critical data -when changing passwords, entering the new password a section time is an example

Answer 10

-certain computer edit routines that function as a control to signal when erroneous data have been input into a system -several types: limit tests, field and validity checks, missing data checks, and check digits

Answer 11

-ensure that a numeric field does not excess a specified value -there are some variations like range test and sign test -range test goal: catch obvious data entry errors, test validity and accuracy -sign test: numbers have to be of a certain sign/quality

Answer 12

-try to navigate from one data screen to another but you are prevented from going further because you didn't enter all the required data on the screen you are on but you think you have it filled in until you see the pop upIT application controls

Answer 13

-ensures that the data entered into the field is the correct type -alphabetic for names, numeric for zip code or SS -used to make sure that the data entered in the correct number of characters

Answer 14

-compares the value entered in a field to a list of valid data values -also known as valid code test -important control to prevent the creation of fakes entities such as fake customers, fake employees, fake vendors -ensures that each account code entered into the system is a valid code

Answer 15

-arithmetic manipulation of a numerical field that captures the info content of that field and then gets tacked onto the end of that numeric field, like a customer account -designed to ensure that each account code entered into the system is both valid and correct

Answer 16

-speed data entry and reduce errors -if the input involves entering checks and the screen is pre formatted to already resemble a check, the data entry should be faster and should result in less errors

Answer 17

-pre supplied data values within fields wherever possible such as today's date already the default date for the check or for the sales order -goal is efficiency and accuracy

Answer 18

-transactions are inputted, set aside, then similar transactions are grouped together in batches in order to be processed the same way which increases speed of processing -transactions with no errors are processed and transactions with errors are detected and rejected -disadvantage is the time delay between data input and data processing

Answer 19

-more common now then batch processing -the minute the transaction happens, the master files are brought up to date -used when transactions are high volume and allows for better customer service

Answer 20

-ensure the master file is updated with accurate and complete data

Answer 21

-there may be certain logic checks with regard to processing time, where there is an upper limit on how much CPU time can be dedicated to the processing of any transaction -if more time is needed for processing than what is allowed, the system is designed to flag the error as a time out

Answer 22

-labels on removable storage that are read by computer system -used primarily in batch processing -on a thumb drive, an internal label would be attached as an indicator and the system would read it as protected data that should not be changed -read only by the system and not by humans, allowing the update program to determine that the correct file is being used for the update process -also known as electronic file identification -external label: labels on removable storage that are readable by humans

Answer 23

-should a program crash in the mist of a long processing application, these controls allow for various places along the processing to be a good re start without going all the way back to the beginning before resuming the processing

Answer 24

-in an OLRT system, each transaction is written to a transaction log as the transaction is processed -the transaction logs become an electronic audit trail allowing the transaction to be traced through each stage of processing -electronic transaction logs constitute the principal audit trail for OLRT -processing goals of transaction logs include accuracy, completeness, and validity of processing -transaction logs are also important to an OLRT backup and recovery process -having a transaction log will enable a system to determine where the data needs to be re processed -if something went wrong in the master file, the last good transaction that was processed becomes the starting point for the bad transactions that need to be re processed -a transaction log is vital for backup and recovery of OLRT since there is no paper trail

Answer 25

-logic check -upper limit on printing time -upper limit on the number of pages allowed to be printed

Answer 26

-a parity check/bit is an example of a self checking digit -a digit is added to a string of numbers as a control to confirm that previous numbers are correct -purpose of a check digit is to confirm that the previous numbers are correct, and are common in numeric recording systems

Answer 27

-verifies that transmission between devices is accurate by echoing back the received transmission from the receiving device, back to the sending unit -sending data back for comparison with data originally sent is the verification control

Answer 28

-verifies that data was correctly written to desk -would be used for critical applications where the concern is data quality and integrity -the data is written to a disk or to somewhere in the cloud, and then we re read the data and do a confirmation that exactly the same data was written as was originally read -good control to make sure the disk or the device we are writing to has not been corrupted

Answer 29

-used by an independent auditor to test a client's IT controls to see if those controls were working during the period under audit -with test data, an auditor might request payroll checks for people with valid and also invalid employee numbers to determine how such transactions are handled by the client's system -auditor knows in advance how the results should be --> the client's payroll system should process the payroll for those entries that contained valid employee numbers and the system should reject the request for the period with an invalid employee number -the client's system is offline at the time the test data is run but there is a risk

Answer 30

-even though the client's system is offline, the auditor did request a check for a valid employee and that request should have been processed by the system, the challenge is that the auditor must make sure that the test data is not later included with the client's payroll records, must be reversed out -client is not running live payroll at the time of test but the records that are processed during the test data, if they are not reversed out, will become part of the permanent payroll record -time consuming --> test data programs need to be tailor made by the auditor for each client's computer applications -special test data to test the payroll program and different test data to test the AP etc -the auditor needs to determine that the application program tested was actually used by the client during the period to process data since the client is not using the system while we are performing test data, when was the last time they did use the system

Answer 31

-the auditor requested a check for an invalid employee -another use of test data would be the auditor requesting two paychecks for the same employee -if functioning properly, the payroll program should handle this error and not process the two paychecks but print out an error report -this error report should go to the control team for follow up before processing will continue -note that the auditor need not test for all invalid conditions, just one valid and one invalid

Answer 32

-similar to test data approach except that the test data is integrated into a system in the midst of live transactions -test data can be introduced while the client is processing payroll usually bc the client's system has created a hypothetical dummy database specifically for the test data to be run while live transactions are being processed -test data is initially commingled with live data, so the challenge is to make sure that the test data is being fed into the dummy database and doesn't corrupt the real files -client operating personnel are usually unaware of the testing process

Answer 33

-programs can be specifically developed for the application, bought as a packaged program or utility or produced by a generalized audit software package (GASP) -auditor will re process the client's actual data using the auditor's own GASP -software purchased or developed by the auditor should be able to obtain the same results as the client's computer program -the auditor then compares their results to those results obtained by the client's computer

Answer 34

-time it takes to build an exact duplicate of the client's system -there could be incompatibility between the two systems and tracing any differences in the two sets of output back to the differences in the program may be difficult

Answer 35

-reconciling data from two sep files -recalculating amounts and totals and selecting items for testing that meets certain criteria -can be used to sort data in ascending or descending order, summarize data by customer account number, and make file comparisons of payroll details with personnel records -allows an auditor to sample and test a much higher percentage of transactions which results in a more reliable audit -require little or no technical knowledge about the client's hardware or software features -allow for reduction of audit time after initial use

Answer 36

-programs specifically written to access the files of a particular client -disadvantage: they can only be used for a particular client where GASP cost may be amortized over many clients

Answer 37

can't replace human judgment

Answer 38

-for systems that don't have a permanent audit trail -require that any audit take place while processing takes place -routines that are built into the application program to perform an ongoing audit function -built into the client's application program when the program is being developed (with auditor participation) for use in ensuring that controls are operating effectively -sections of an application program code that collect transaction data for the auditor -allow the auditor to capture specific data as transactions are being processed

Answer 39

-benefit: enhanced timeliness of info -computer controls are appropriate for processing normal recurring transactions, high volume -manual controls are more appropriate for the processing of unusual or nonrecurring transactions -disadvantage: automated controls include the potential loss of data and the recording of unauthorized transactions

Answer 40

-goal of a sample is to select enough items so that the sample is representative of the population -knowing when does the same size have to be increased and when can the auditor get away with a smaller sample size is key to understand

Answer 41

-after a sample has been selected and analyzed, the auditor must evaluate the population based on the results of the sample -based on the errors found in the auditor's sample, is the control activity strong or week? -is the client's balance substantiated?

Answer 42

-auditor is testing controls hoping that the control passes the auditor's test and control risk can be lowered -done in internal control stage -results in less substantive testing if control risk can be lowered

Answer 43

-auditor is testing account balances looking for overstatement or understatement -substantive testing -where the auditor is sampling in order to substantiate appropriate dollar amounts

Answer 44

-in sampling for attributes, the auditor first specifies the problem being estimated and anticipates the actual error (or deviation rate) -the auditor's expected error rate is based on the difficulty of the task and how well the employees understood their role

Answer 45

as the expected error rate rises, the sample size must be increased

Answer 46

-after the expected error rate has been anticipated, the auditor sets the highest error rate that could be present before the auditor would feel that the control activity was not reliable -setting a limit for the tolerable error rate is based on auditor's professional judgment -for very significant controls, this rate will be low -for less important controls, the auditor can afford for the rate to be higher

Answer 47

-the importance of the activity as well as the possible presence of other controls will both influence the auditor's tolerable deviation (or error) rate -as the tolerable deviation rate rises, the required sample size will decrease

Answer 48

-in sampling, there's always some chance that the sample will be misleading -the auditor establishes how much risk is allowable that a sample will be different from the population -auditor sets a limit for how reliable the sample needs to be, which is the confidence level -the auditor doesn't look at every item so in the end of the sample, it may not be representative of the total population

Answer 49

-if 10% is viewed as the allowable level of sampling risk, that means that the auditor is okay being just 90% confident that the sample is reliable and actually represents the population -the auditor can never be 100% confident that the sample represents the population because the auditor is not examining everything -as the auditor wants to reduce the allowable level, let's say to 5%, the need for reliability increases to 95% --> so the number of items needed for a representative sample will increase

Answer 50

1. auditor estimates actual error rate 2. auditor sets limit for tolerable error rate 3. auditor sets limit for allowable level of risk that sample is not presentative of the population

Answer 51

-after the actual error rate is estimated, and after the tolerable deviation rate is set, and after the allowance for sampling risk is set, the actual number of items in the sample can now be determined -the actual number of items in the total population is not a factor in determining the sample size in sampling for attributes -use a chart or a formula (the chart would have to be provided)

Answer 52

-wants to know how high the population error rate could be based on knowledge of the sample error rate (ex: 4 out of a 150 sample having errors) -a chart is used to determine the highest expected rate for the population -for example, a sample error rate (which will never be the sample as the error rate in the pop) of 4/150 = 2.6%, which might indicate, based on the chart, an upper deviation rate of 6% -represents to the auditor the population error rate, basked on knowledge of the sample error rate -if the upper deviation rate > tolerable rate, that means there is too many errors in the population and it's not reliable

Answer 53

-compare the upper deviation rate to the tolerable rate to see if the control is effective -the difference between the two is the allowance for sampling risk or precision (subtract the two), representing the closeness of the auditor's sample results to the true (but unknown) population error rate -if the upper deviation > tolerable, that is ineffective --> there would be too many errors in the population based on the sample results, meaning out assessment of control risk cannot be lowered, the control is not to be relied on and as a result, more substantive testing is needed

Answer 54

-auditor's biggest fear -ex: if the upper deviation rate is 4.3 and the tolerable rate is 5, the auditor will likely view the control as reliable -as a result of relying on the control, the auditor will likely lower the assessment of control risk and perform less substantive testing -this would be fine if the auditor's sample was truly a representation of the total population -since only a sample was taken, there's a risk that the auditor's sample was not a proper representation of the population -if the population contained way more errors than the sample indicated, the auditor may assess control risk too low and therefore do less substantive testing when more substantive testing may be needed -assessing control risk too low may result in the auditor giving an unmodified opinion on the financials due to not performing enough substantive tests -for this reason, assessing control risk too low relates to the effectiveness of the audit since the audit would be ineffective

Answer 55

-saying that internal controls are bad when they really aren't -this would result in more substantive testing than needed -it's better to assess too high than too low -assessing control risk too high relates to efficiency -it results in an inefficient audit because too much time is spend on additional substantive procedures

Answer 56

-the population size has a direct effect on the sample size **reminder - in attribute sampling, the population size has no effect on the sample size

Answer 57

-must rely on a bigger sample when the variability is higher -the auditor does not set the variability of the population but rather has to make an estimation of it -if the standard deviation (formula will be used) is larger than expected, the sample size will have to be increased

Answer 58

-the correct number of items is selected and the average size is determined for the sample -that average is then used for the population as a whole to arrive at a single point estimation for the entire population -ex: if a sample of 80 checks indicates an average of $90, then 100,000 checks would be estimated at a total of $9M

Answer 59

-the difference between the point estimation of the population and the client's reported figure is the auditor's estimation of the amount of misstatement in the population -if the estimation is $9M and the actual client figure is $9.1M, then a $100,000 misstatement is projected

Answer 60

-if the estimated misstatement in the client figure is smaller than the auditor's tolerable amount of misstatement, the test is viewed as supporting the client figure and less other testing is needed -if the estimated misstatement is larger than the auditor's tolerable amount of misstatement, the test did not support the client figure and more additional testing is required

Answer 61

-uses the average value of the items in the sample to estimate the true population value -ex: if $250 if the average value times 2000 items in the population, the point estimate is $500,000; which is the average value of $250 per item projected onto the population of 2000 customer balances -bell shaped curve is common with this -use when perpetual records do not exist -more sensitive to variability in the population, making the auditor stratify or divide the population into relatively similar groups

Answer 62

-take the ratio of the sample's true value, to the client's book value of the sample -requires a smaller sample size than MPU -only effective when the dollar amount of the differences between audit and book values is expected to be proportional to the book value

Answer 63

-focus is on how much of a mistake was made -requires a smaller sample size than MPU -only effective when the auditor expects large numbers of under and over statements

Answer 64

result from: -a larger expected amount of misstatements -a smaller tolerable amount of misstatements -a reduction in the allowable amount of sampling risk -a higher amount of variability in the population

Answer 65

-auditor is always looking to reduce sample size whenever possible -auditor separates out the largest and smallest items to test them sep; the remaining items have a much smaller amount of variability and hence, a smaller sample is needed -each group is treated as a sep population

Answer 66

-the auditor picks individual dollars from the population rather than individual units -larger dollar items have automatically a better chance of being selected -this method increases the chance that bigger items (with potentially bigger errors) will be used in the sample -stratification occurs nationally here, so variability is not a factor that the auditor must consider and the sample size is usually smaller than other sampling methods, which is considered an advantage of PPS over classical variable sampling -useful to test for overstatement of receivables, existence assertion; not good for understatement and completeness -negatives to PPS: zero balances, negative balances and understated balances require special design consideration because PPS is designed to test larger items -useful when the auditor expects a low error rate -also called dollar unit sampling -advantages: smaller sample sizes and efficiency

Answer 67

-(reliability factor (most likely from a table)*population book value)/tolerable misstatement -usually selected using systematic selection with a random start and then a specified sampling interval (every 90th dollar item is sampled, for ex) -sampling interval = book value of pop / sample size -sample size is based off of: population book value (AR book value), tolerable misstatement (net of any expected misstatements), and confidence (risk of incorrect acceptance, allowable level of sampling risk, confidence itself)

Answer 68

-for items having a book value, greater than or equal to the sampling interval, the projected misstatement is the actual misstatement in the sample item (no further projection) -for items having a book value less than the sampling interval, the auditor would have to apply the tainting percentage, to the sample interval from which that account was selected

Answer 69

-accounts with zero balances and negative balances have no chance of being selected so the auditor must make special arrangements to test them because the accounts with zero balance may be understated due to error or fraud

Answer 70

-with substantive testing, the auditor is trying to prove a dollar amount -in sampling for variables, there is a risk that the sample may not be representative of the population (sampling risk) -if the auditor's sample looks good, few errors are found, the auditor would likely reach the conclusion that the account balance is fairly stated in all material respects -if the sample was misleading, not a true rep of the population, the auditor would have incorrectly accepted -tests effectivenss

Answer 71

-in sampling for variables, there is a risk that the sample may not be representative of the pop (sampling risk) -if the auditors sample looks bad, many errors in the sample, the auditor would probably reject the account balance as fairly stated in all material respects -if the sample was misleading, not a true rep of the pop, the auditor would have incorrectly rejected -tests efficiency, because more substantive testing than needed would be performed

Answer 72

-COGS/avg inventory -measures of the effectiveness of an entity's inventory management -higher is better

Answer 73

-ending inventory/(COGS/365) -inventory conversion period measures to degree to which resources have been devoted to inventory to support sales -lower is better because inventory is converted quickly

Answer 74

-net credit sales/avg receivables -measures the number of times receivables are collected in one year -higher is better

Answer 75

-ending AR/(sales/365) -lower is better because receivables are converted quickly into cash

Answer 76

-the time it takes to convert inventory into sales (receivables) and those same receivables into cash -can be determined by taking the receivables collection period (lower is better) and adding the inventory conversion period (lower is better)

Answer 77

-"net operating cycle" -inventory + AR - AP -aka, days to sell + days to collect - days to pay vendor

Answer 78

-COGS/avg AP -lower is better

Answer 79

-ending AP/(COGS/365) -higher is better -defer payment as long as you can

Answer 80

-ability to pay short term obligations as they become due

Answer 81

-current assets minus current liabilities -absolute value and measures the ability of a firm to meet short term obligations as they become due -ex: if current assets are 100 and current liabilities are 60, WC is 40; the working capital ratio is 100/60 or $1.67:1 -that means there are 1.67 of current assets for every $1 of current liabilities -WC will be positive when there are more current assets then liabilities, and that's good unless the bank requires something else

Answer 82

-development of quantitative relationships between various elements of a firm's financial statements -enables comparisons of firms of different sizes

Answer 83

-measures a firm's ability to meet its short and long term obligations -current ratio & quick ratio

Answer 84

(cash & cash equivalents + ST securities + receivables (net)) / CL

Answer 85

-measure the efficiency of operations -like sales in the numerator or COGS in turnover ratios

Answer 86

measures operational results like NI in the numerator

Answer 87

-measures the magnitude of debt in the capital structure of the entity -the more of the assets that are financed by debt, the more risk but the greater potential return

Answer 88

-a high current ratio, current assets relative to current liabilities seems great but might not tell the real story -there could be some trouble behind the scenes that the CR actually hides and therefore a better indication of liquidity rather the CR might be the quick ratio or acid test, which uses the most liquid assets in the numerator -the result of the quick ratio or acid test ratio is expected to be lower compared to the CR because not all CA are used in the numerator of the acid test ratio, but all CL are used in the denominator

Answer 89

-uses only the most liquid CA --> cash, AR, marketable ST securities -the CA not considered liquid enough to be in the quick ratio are inventory and prepaid expenses bc if a firm was to need cash immediately, creditors don't want the debtor's inventory in satisfaction of the debt

Answer 90

-covering a point in time -can compare two companies of different sizes by using total assets as the base -divide each item on the BS by total assets and that way you can compare -you can then compare each item on the BS relative to the TA value -size of the company becomes irrelevant

Answer 91

-covering a period of time -usually the basis that's used is sales

Answer 92

-another measure of liquidity/solvency -measure of a firm's ability to meet current interest expense given the current level of earnings -NI + int exp + inc tax exp / int exp -numerator is EBIT/int exp -measures if current earnings can cover the firm's interest cost for the period, and banks would be concerned with the debtor's ability to pay interest on the borrowed funds

Answer 93

-more operational -measure efficiency, like the turnovers

Answer 94

-return = have NI in the numerator and measure profitability -turnover = does not measure profitability and therefore will not feature NI but rather sales or COGS in the numerator, measuring efficiency

Answer 95

NI / total assets

Answer 96

NI / total equity

Answer 97

-if the numerator increases, the ratio increases -if the numerator goes down, the ratio falls -if the denominator falls, the ratio increases -if the denominator increases, the ratio decreases

Answer 98

-financial statements are being reported for last year and this year -the report date for the audit of the most recent financial statements is used -the auditor updates the auditor report on the financial statements previously issued -update can mean reaffirm the previous year's opinion or it can mean change the original opinion as a result of changed conditions or info coming to the auditor's attention during the CY engagement

Answer 99

-a reporting company will occasionally change independent auditors -if comparative statements are presented, the predecessor auditor may have reported on the previous statements while the successor has audited the current statements

Answer 100

-when different statements are reported that had different auditors, the reporting company can decide that both reports should be attached -if previous auditor is asked to allow the reprinting of the earlier opinion, certain actions must be taken by the previous auditor before permission can be granted -predecessor should obtain a rep letter from management at or near the date of re issuance to help ensure that no new info indicates the presence of misstatements in the old statements -ask management if they are aware of anything that you, the old auditor, missed, whether any of the previous management representations need to be modified and whether there have been any subsequent events requiring adjustments to or disclose in the financial statements -predecessor auditor should obtain a rep letter from the successor auditor stating that no new info has been found by the successor which indicates the presence of MM in the previous year's financial statements -old auditor doesn't review evidence gathered by the new auditor that relates to the new year

Answer 101

-predecessor auditors may reissue their report on financial statements as long as the report is still appropriate -however, the current presentation of the prior period statements or the occurrence of subsequent events may make the previous report inappropriate -in deciding whether to reissue their report, the predecessor auditor's should: read the old statements being distributed to make certain that they have not been changed and read the new statements to make sure there are no inconsistencies that might signal misstatements in the old statements

Answer 102

-if the old auditor's report is unrevised, use the original report date in any reissue of the previous report, since the predecessor auditor had limited knowledge of the former client's current status

Answer 103

-if the auditor reissues the audit report at the client's request, the auditor should use the original report date on the reissued report -only if the original audit report is revised, would the auditor dual date the report -use of a subsequent date implies that the auditor has done additional work beyond last year's audit

Answer 104

-when a successor auditor does not present the predecessor auditor's report, the successor auditor should express an opinion on the current period financial statements only and indicate in an OM paragraph that the financial statements of the prior period were audited by a predecessor auditor -the predecessor auditor should not be named unless the practice of the predecessor was acquired or merged with the successor

Answer 105

-the type of opinion expressed by the predecessor auditor is shown -if the opinion was modified, the reasons for the modification are given -the successor auditor indicates the nature of any additional paragraphs like any emphasis or Om paragraphs included in last year's report -the date of the predecessor auditor's report (date of last year's report) is in the current report -even if the predecessor's opinion was unmodified, still need an OM para in this year's report to show last year's opinion -predecessor auditor is not named

Answer 106

-if prior period financial statements are restated and the predecessor auditor agrees to issue a new report on the restated financial statements of the prior period, the successor auditor should express an opinion only on the current period

Answer 107

when the current period financial statements were audited but the previous year financial statements were reviewed or compiled and the report of the prior period is not reissued, the auditor should include in an OM paragraph the following: -service performed in the prior period whether it be review or compilation -the date of the prior report -a description of any material modifications described in the report -a statement that the service was less in scope than an audit and does not provide the basis for expressing an opinion on the financial statements **if the auditor didn't audit, review or compile --> include an OM paragraph stating that the auditor assumes no responsibility for them

Answer 108

-when reviewed financial statements are issued on a comparative basis with audited financial statements for a prior period, a review report should be issued along with either the re issuance of the prior period's audit report or an OM paragraph describing the responsibility being assumed for the prior periods financial statements -assuming the PY audit report is not being provided, the CPA should make no ref to the prior period's audited financial statements in the body of the review report other than OM para -no opinion is expressed on CY financial statements since only a review was performed in the CY -since the previous period's report is not being re issued, an OM para should include an indication of the type of report (opinion) issued on the previously issued audited financial statements, the date of the audit report and that no audit procedures have been performed since the date of PY audit report

Answer 109

-if, during the current examination, the auditor becomes aware of evidence that affects the prior statements and the opinion that was expressed, the auditor should update the opinion in the CY report

Answer 110

-sometimes the auditor cannot gather evidence to support beginning inventory -if auditor cannot gather evidence to support beginning inventory but can gather evidence to support ending inventory, then an unmodified opinion may be rendered on the BS (end of year figures) but a disclaimer may need to be rendered on the income statement and statement of cash flows (beginning year figures) -auditor may give an unmodified opinion on the BS and disclaim the income statement and statement of CF -BS deals with end of the year figures, income statement has some beginning of the year figures -inventory income statement has beginning inventory on it

Answer 111

-must disclaim an opinion on the IS bc of the inability to verify the COGS during the year -auditor may, however, issue an unmodified opinion on the BS since inventory can be verified as of the BS date

Answer 112

-an auditor is allowed to audit one financial statement and not the other -can do this provided the auditor's scope was not limited by the client during the engagement to audit the complete financial statements

Answer 113

-auditor is supposed to gain audit satisfaction regarding both beginning and ending inventory -if the auditor is unable to form an opinion on a new client's opening inventory balances, the auditor will issue an opinion on the closing balance sheet only and will a disclaimer of opinion on the statements of income, RE and CF

Answer 114

forwards -no audit is possible bc the term audit can only be used when financial statements are historic

Answer 115

-forecast: next year's financial statements assuming what is generally expected regarding company growth, interest rates, inflation, and since the assumptions are based on reasonable expectations from last year to this year, forecasts can be for general use -projections: next year's financial statements assuming hypothetical situations that are not widely expected and therefore projections are restricted use

Answer 116

-a CPA can examine or perform agreed upon procedures regarding a forecast or projection and provides an opinion -reviews engagements are not allowed for forward looking financial info bc the term review implies historic info -examination: highest level of service, giving an opinion (positive assurance), CPA must be independent -an examination is audit like and involves evidence gathering regarding the assumptions used -agreed upon procedures: the CPA and client agree upon the procedures to be performed, CPA must be independent, procedures are performed by CPA, a report on the findings is issued with no opinion and no assurance provided

Answer 117

-include examinations, reviews and agreed upon procedures engagements -when it comes to forecasts and projections, a CPA can examine or perform agreed upon procedures

Answer 118

-in an examination, the CPA evaluates the prep of the forecast or projection -CPA should request a written assertion from the responsible party regarding the assumptions used and withdraw if no assertion is provided -CPA should determine that the accounting principles used in the forecast or projection were appropriate -CPA provides an opinion whether the financial info is presented in accordance with AIPCA -CPA should determine whether the assumptions have been adequately disclosed in the forecast or projection -CPA should obtain written reps from the responsible party; if no written reps, CPA should withdraw

Answer 119

-most often for an attestation engagement, the engaging party is the responsible party -however, the engaging party may be a potential acquirer of the entity -if the responsible party who is not the engaging party refuses to provide a written assertion, the CPA need not withdraw but instead, disclose the refusal in the examination report and restrict the use of the report to the engaging party

Answer 120

-title that includes the word independent -identification of the prospective financial info as either a forecast or projection --> "we have examined the accompanying forecast" -"our examination was conducted in accordance with SSAE issued by the AICPA" -"we believe that the evidence we obtained is sufficient and appropriate to provide a reasonable basis for our opinion" -an opinion as to whether the forecast or projection meets AICPA guidelines --> note it doesn't say the forecast presents fairly -statement that the prospective results may not be achieved -this caveat should accompany both an examination report on a forecast and a projection -"we have no responsible for updating this report for events and circumstances occurring after the date of the report" -projection would also include "the projection and this report are restricted to these specified parties" -signature of firm, city and state where report is issued and date of report

Answer 121

-if the prospective financial info departs in a material way from AICPA presentation guidelines for a forecast or for a projection, the CPA should express a qualified and adverse opinion -if the prospective financial info fails to disclosure any "significant assumptions" or if one or more of the significant assumptions are not suitably support or do not provide a reasonable basis for the forecast or projection, the CPA should express an adverse opinion -if the CPA is unable to obtain sufficient appropriate evidence as a basis for the opinion, the CPA should express a disclaimer of opinion

Answer 122

-an independent CPA issues a report on findings based on specified procedures performed -agreed to by the CPA and engaging party -follows attestation standards, SSAE #19 -CPA performs these specific procedures on subject matter (financial statements such as forecasts and projections or non financial statement matters) and reports without any opinion or conclusion -the report issued includes a list of the procedures performed and related findings, but not an overall opinion -terms of procedures is "here is what we did" and "here is what we found"

Answer 123

-no longer requires a restriction on distribution of the report -can now be a general use report -a restriction on distribution is still permitted but no longer required -no longer requires a written assertion be provided by the responsible party to the CPA -the engaging party must take responsibility in writing for the adequacy of the procedures prior to the issuance of the report -procedures can be developed during the engagement if the engaging party takes responsibility prior to the report

Answer 124

-a clear understanding of the terms of the engagement should be established between the engaging party and the independent CPA -the CPA should prepare an engagement letter and have the client's signature to avoid confusion -nature of the engagement (AUP) -subject matter and responsible party must be identified -CPA's responsibilities for the engagement -reference to SSAE by the AICPA -identify any external specialists expected to be used by the CPA during the engagement -ref to whether the report will be restricted or available for general use

Answer 125

-statement that the responsible party is responsible for the subject matter -statement that responsible party intends to provide a statement that the procedures performed are appropriate for the purposes of the engagement -statement that engaging party intends to provide a rep letter at the conclusion of the engagement; rep letter could be requested from the responsible party if different from engaging party

Answer 126

-AICPA suggests that the CPA avoid such vague terms in the engagement letter regarding procedures to be performed -avoid terms such as review, general review, limited review, note, check, test, verify -words to use: inspection, confirmation, comparison, agree, trace, inquire, recalc, observe, mathematically check

Answer 127

-SSAE standards permit a specialist to assist a CPA perform the procedures -SSAE standards do not permit the client's internal audit staff to perform any of the procedures but they can provide the CPA with schedules and compile data for the practitioner to use

Answer 128

-should be obtained by the CPA from the engaging or responsible party (when different from the engaging party) -should be dated the same as the agreed upon procedures report date

Answer 129

-engagement letter -engagement compiled with SSAE -procedures performed -the findings -who performed the work -when the procedures were completed -who reviewed the work and whether a rep letter was obtained

Answer 130

-engaging party must agree to and acknowledge that the procedures performed are appropriate to meet the intended purpose of the engagement

Answer 131

-title of the report should include the word independent -addressee -identification of the engaging party -a statement that the CPA must be independent and meet certain ethical requirements -relevant subject matter (financial statements, forecasts, projections) -a description of the procedures performed and their findings, no assurance -SSAE standards issued by the AICPA -if there is an alert to restrict -manual or printed signature of the CPA firm -city and state of the practitioner's office -date of the report, no earlier than when the procedures were performed, and the findings determined

Answer 132

-AUP engagement is one in which a CPA is engaged by a client to issue a report of findings based on specific procedures performed on subject matter -independent CPA's report on AUP should be in the form of procedures performed and results obtained (findings) -the prospective financial info should include a summary of significant assumptions

Answer 133

-title includes the word independent -appropriate addressee -identification of the prospective financial info (forecast or projection) -"we have performed the procedures listed below" -"the procedures were agreed to by the specified parties" -"we followed SSAE standards established by the AICPA" -"we were not engaged to and we did not conduct an examination" -"we do not express an opinion or conclusion" -"had additional procedures been performed, other matters might have been identified" -"the prospective results may not be achieved" -"we have no responsibility for updating this report for events and circumstances occurring after the date of the report" -a projection would also include "the projection and this report are restricted to these specified parties" -signature of CPA firm, city and state where report is issued from and report date

Answer 134

-CPA must be independent -CPA inquires and performs analytical procedures -increase attention where there is increased risks -CPA expresses a conclusion, not an opinion -on subject matter or management's written assertion -engagement letter needed -review is substantially less in scope than an examination -a statement that no opinion will be expressed -request written reps from responsible party and from engaging party if engaging is not responsible party -reps should have the same date as the review report -inquire about sub events up to date of the report -a statement that identifies the measurement criteria to be used -a written assertion about the subject matter is usually provided

Answer 135

-CPA must be independent -CPA inquires and performs analytical procedures -increase attention where there is increased risks -CPA expresses a conclusion, not an opinion -on historic financial statements of a non issuer -engagement letter needed -review is substantially less in scope than an audit -a statement that no opinion will be expressed -management rep letter needed -reps should have the same date as review report -inquire about sub events up to the date of the report -financial statements and accounting records are provided

Answer 136

-expectation that the CPA will receive a written assertion -the engaging party is usually the responsible party -CPA requires a written assertion from the engaging party if so -refusal results in the CPA withdrawing -if responsible party is diff than engaging party, and the responsible party refuses to provide a written assertion, the CPA discloses the refusal in the review report and restricts the use of the review report to the engaging party

Answer 137

-if engaging party is the responsible party and refuses to provide written rep, CPA should withdrawal -if engaging party is not responsible party and responsible party refuses to provide written rep, the CPA should make inquiries of the responsible party and seek oral response; if satisfactory oral responses are obtained, restrict report to engaging party -if engaging party is not responsible and no oral or written rep are provided by responsible party, that's a scope limitation and CPA should withdraw

Answer 138

-a review report does not contain an opinion but rather a disclaimer -while no opinion is expressed, a review report contains a conclusion -the conclusion could be that the CPA states "we are not aware of any material modifications that need to be made to the subject matter or to the responsible party's written assertion" --> unmodified conclusion, limited assurance -could have a modified conclusion that states "except for the effects of....we are not aware of any material modifications...." -note that if there is a modified conclusion, the CPA must report directly on the subject matter, not on the responsible party's written assertion -no standardized format -this allows the report to be tailored to the circumstances of the specific engagement -the CPA can report either on the responsible party's written assertion or can report directly on the subject matter -if the CPA qualifies the conclusion bc of a MM (that are not pervasive), the CPA must report directly on subject matter, not on written assertion -if reporting on the responsible party's assertion (unmodified conclusion), the assertion should accompany the review report or be clearly stated in report

Answer 139

-title includes independent -addressee --> to responsible party -"we have reviewed the subject matter" or "we have reviewed management's assertion" including time period involved -identification of the criteria against which the subject matter was evaluated -statement that identifies the responsible party and its responsibility -statement that the CPA's responsibility is to express a conclusion (not an opinion) -statement that the review was conducted in accordance with SSAE issued by AICPA -standards require the CPA to plan and perform the engagement to obtain limited assurance whether any material modifications should be made -a review is substantially less in scope than an examination -disclaim an opinion, we do not express an opinion -express the belief that the review provides a reasonable basis for the conclusion -conclusion about whether any material modifications should be made to the subject matter or the assertion --> "we are not aware" -modified conclusion --> "except for the effects of...we are not aware..." -signature of CPA firm, city and state where the review report is being issued, date of the report

Answer 140

-if there are MM but not pervasive, the CPA may express a qualified conclusion "except for the effects of...we are not aware..." -if qualifying the conclusion, the CPA reports directly on subject matter not management's assertion -since there are misstatements, the CPA should consider whether a modified conclusion (qualified) is an adequate way to disclose the misstatement -if not adequate, the CPA should withdraw and not issue any review report -material and pervasive misstatement --> CPA should withdraw

Answer 141

-a CPA may use a specialist who practices in areas other than accounting or auditing -if the review report is unmodified, do not mention the specialist or refer to the specialist's findings in the review report -if however, the CPA is qualifying the conclusion, then the CPA may refer to the work of the specialist in the review report

Answer 142

-pro forma is historic, not forward looking -shows what the significant effects on last year's financial statements might have been, had a transaction taken place earlier in the year

Answer 143

-may be used to show the effects of business combinations, changes in capitalization, dispositions of significant business segments, proposed sales of securities -the objective of an examination and review of pro forma is for the CPA to determine whether management's assumptions provide a reasonable basis for presenting the significant effects directly attributable to the transaction or event and whether the pro forma adjustments are appropriate given management's assumptions

Answer 144

-document contained pro forma financial info must include the historic financial statements or the financial statements must be readily available -for a CPA to perform an examination on the pro forma, the historic financial statements must have been audited -the audit report must be included in the document containing the pro forma financial info or must be readily available -the CPA cannot express a higher level of service on the pro forma info than was expressed on the historic financial statements -if you only reviewed the historic, you cannot examine pro forma -for a CPA to perform a review engagement on pro forma, the CPA could have either audited or reviewed the historical financial statements and then the audit report or review report must be included in the document containing the pro forma info

Answer 145

-besides an understanding of the events, the CPA must obtain the appropriate level of knowledge of the entity's accounting and financial reporting practices to perform necessary procedures even if a diff CPA firm performed the audit or review of the historical statements -reach out to that other CPA -for an examination or review, the CPA must be independent, have an engagement letter and request a written assertion from management --> if management refuses, the CPA should withdraw -the CPA should determine that the computations in the pro forma columns are correct and also request written reps at the end of the engagement and should withdraw if management refuses

Answer 146

-an examination of pro forma includes an opinion whether management's assumptions provide a reasonable basis for the significant effects on the historical financial statements from the transaction or events -opinion also covers whether the pro forma adjustments give appropriate effect to the assumption -the examination report should be dated as of the completion of the procedures -in the event of a scope limitation, uncertainty, inadequate disclosure may lead to qualified, adverse, or disclaimers of opinion

Answer 147

-CPA's report on a pro forma presentation should include not only identification of the pro forma info, but also a ref to the financial statements from which the historical pro forma financial info is derived and a statement as to whether such financial statements were audited or reviewed -if the historical financial statements were reviewed, a statement is needed that the review was made in accordance with SSAE standards -a statement that a review is substantially less in scope than an examination and that no opinion is expressed -a sep para explaining the objective of pro forma info -CPA's conclusion providing limited assurance -report can be available for general use

Answer 148

-CPA performs procedures regarding the responsible party's written assertion about compliance -a CPA performs procedures and provides a report

Answer 149

-standards that apply to these compliance attestation engagements are SSAE -independence is required -CPA may perform an AUP or an examination -the CPA may not perform a review regarding compliance -in an examination, the CPA is hired to provide an opinion on compliance, but this opinion is not considered a legal determination of the entity's compliance -in an AUP engagement, the CPA is not hired to provide an opinion or give assurance, but instead to report on the findings of procedures performed

Answer 150

-in both an examination and AUP engagement, management must accept responsibility for the entity's compliance with specified requirements and accept responsibility for internal control over compliance -if an AUP engagement, management should evaluate compliance with specified requirements or evaluate compliance with control over compliance (CPA provides no assurance) -if an examination engagement, management should evaluate compliance with the specified requirements (CPA provides opinion on compliance with specified requirements, not on internal control over compliance)

Answer 151

-for both AUP engagements and examinations engagements, the CPA should obtain an understanding of the requirements that the company needs to be in compliance -if compliance is based on a law or regulation, the CPA needs to understanding what the requirements are for compliance

Answer 152

-for both AUP engagements and examination engagements, the CPA should obtain an understanding of the requirements that the company needs to be in compliance -knowledge can be based on prior engagements or the CPA could already be familiar or read documentation -read regulator's reports -government issued reports to assist companies in their compliance -interview entity personnel, the CFO, compliance officer, legal counsel and internal auditors any contract or grant administrator

Answer 153

-for an examination, highest level of service, the objective is for the independent CPA to issue an opinion, provide reasonable assurance -the CPA should obtain from management a written assertion about compliance -management provides the CPA with --> "we are in compliance with x regulation that requires ...." --> the objective of the examination engagement on compliance is to express an opinion on whether management's assertion about compliance is fairly stated or whether the entity complied in all material respects

Answer 154

-CPA must obtain sufficient and appropriate evidence to provide reasonable assurance of compliance -the examination should be planned to detect intentional and unintentional noncompliance -CPA should obtain an understanding of the relevant internal control over compliance sufficient to plan the engagement and assess control risk -the understanding of control risk should be used to: --> determine types of non compliance --> consider matters affects the risk of non compliance --> design tests of non compliance --> written reps from management regarding its fulfillment of its pre conditions

Answer 155

-to form an opinion, the practitioner evaluates the nature and frequency of non compliance, its materiality to the specified requirements -"in our opinion, the client complied in all material respects with the requirements for..." -report modifications: when an examination disclosures non compliance with specified requirements that the practitioner believes have a material effect on the entity's compliance, the report should be modified -depending on materiality and pervasiveness, the CPA should express wither a qualified or adverse opinion on compliance -an explanatory para (before the opinion) should be added to the report -in the event of a scope limitation, the practitioner should qualify or disclaim an opinion depending on materiality (like if management refuses to provide written rep)

Answer 156

-objective is to apply procedures to compliance with specified requirements or to the entity's control over such compliance -the report describes the procedures and the findings -the CPA is not obligated to perform any other procedures -written rep should be obtained relating to: -->preconditions: management must accept responsibility for the entity's compliance with specified requirements and accept responsibility for internal control over compliance --> management should evaluate compliance with the specified requirements or evaluate compliance with control over compliance --> CPA issues report on findings but provides no assurance

Answer 157

-independence of CPA -subject matter -specified parties and requirements -a list of procedures and findings -any possible restrictions of the use -a disclaimer of responsibility for the sufficiency of the procedures -no mention of financial statements -no opinion about compliance -no opinion about internal control -nothing about the fairness of the procedures

Answer 158

-generally required in an audit under PCAOB standards but not required in an audit under AICPA standards -if a privately held company is going public soon, they may want to have their very first integrated audit while still a private entity -the AICPA standards are very similar to PCAOB

Answer 159

-where the auditor is engaged to report on both the financial statements and internal control over financial reporting -two opinions are expressed --> one on the financial statements and another on internal control over financial reporting -could have two sep reports or one combined with two opinions -focus is on whether even one MM exists in management's internal control over financial reporting -the auditor is not required to perform procedures to search for deficiencies that are less severe than a MM (both AICPA and PCAOB agree on that)

Answer 160

-the objective of reporting on internal control over financial reporting is to obtain reasonable assurance that no MM exist in internal control over financial reporting -significant deficiency is not as severe as a material weakness

Answer 161

-a deficiency or combination of deficiencies in internal control over financial reporting such that there is a reasonable possibility that a MM will not be prevented or detected on a timely basis -PCAOB and AICPA agree on this definition

Answer 162

a deficiency or combination of deficiencies in internal control over financial reporting that is less severe than a MM but important enough to be brought to the attention of those responsible -AICPA and PCAOB agree on this defintion

Answer 163

-CPA would give their opinion as to whether there are any MM in internal control over financial reporting at the as of date identified in management's assessment of their own internal control -this implies that management has a responsibility to assess their own internal control and furnish a report to the auditor on that internal control as of the date in management's assessment -focus on whether even one MM exists in management's internal control over financial reporting -the auditor is not required to perform procedures to search for deficiencies that are less severe than a MM

Answer 164

-the auditor will test controls to provide a reasonable assurance that no MM exist because reasonable assurance requires that sufficiency appropriate audit evidence be obtained as to whether MM exist -focus is on whether even one MM exists in management's internal control over financial reporting

Answer 165

-in an integrated audit, tests of controls are mandatory and the auditor should design the tests of controls in order to address the objectives of both engagements simultaneously -in an integrated audit, controls must be tested so design the test of controls to be relevant to the financial statement audit and the same controls are relevant to report on IC -test of controls should be designed to achieve objectives in both engagements simultaneously

Answer 166

-the auditor should use the same IC criteria that management uses to evaluate the effectiveness of IC over financial reporting in management's assessment, most likely the COSO framework -the auditor should use the same risk assessment process to focus on the areas of highest risk in the audit of ICFR and focus on the areas of highest risk in the audit of the entity's financial statements -more complex audits require more control testing and less complex engagements require less control testing but the same risk assessment process should be used for both the financial statement audits as well as the audits of internal control

Answer 167

-the auditor may use the work of specialists, even internal auditors who are assessed to be both competent and objective -the auditor should use the same materiality for both the financial statement audit and the audit of ICFR

Answer 168

4 preconditions that management must meet before an integrated audit may be accepted by a CPA firm: 1. management must accept responsibility for the effectiveness of the entity's ICFR since the design, implementation and maintenance of IC is a management function 2. management must make an assessment of its very own ICFR based on suitable criteria usually that would involve COSO framework 3. management must support their assessment of ICFR with sufficient documentation 4. management must provide its written assessment about the effectiveness of ICFR in a report that accompanies the auditor's report. if management refuses to furnish a written assessment, the auditor should withdraw

Answer 169

-purpose: allow the auditor to take a systematic approach to identify risks and select which controls to test -begins with the auditor forming a general understanding of the entity and the industry in which it operates by looking at the company's financial statements and acquiring general business knowledge -used to select the controls to be tested in an audit of ICFR for both issuers and non issuers -the auditor obtains an understanding of the overall risks to ICFR, then examines entity level controls, focusing on significant accountings and disclosures and their relevant assertions

Answer 170

-the reason that auditors look at entity level controls is to ensure that sufficient policies and procedures are implemented to recognize misstatements due to error or fraud in a timely manner so that MM do not affect the financial statements -IC that help ensure that management directives pertaining to the entire entity are carried out -second level of the top down approach to understanding the risks of an org -refers to the entire company

Answer 171

-controls related to the control environment -controls to prevent management over ride and the entity's risk assessment process -controls over info and communication, monitoring the results of operations or other controls (like activities of the internal audit staff) -controls over a period end financial reporting process -controls over risk management practices **most important controls = over the control environment and over the period end reporting process

Answer 172

-auditors attention Is directed towards those accounts, disclosures and assertions that have reasonable possibility of being MM -auditor should double check that the auditor has a complete understanding of the risks -final step is to select which controls to test based on the assessed risk of MM to each relevant assertion -the auditor should test each control that is the most important in determining whether or not a particular risk has been sufficiently addressed -if two controls address the same risk, it may not be necessary to test both -it may not be necessary to address two risks sep if one control sufficiently addresses both of them -the test of these IC will provide the auditor with a conclusion about the effectiveness of ICFR

Answer 173

-auditor will test design effectiveness -"how do those controls look on paper" -were they designed to accomplish the objective and if they were, then we can test operating effectiveness of that control -auditor could inquire, observe and inspect documentation of the control design to provide evidence that the control was placed in operation -auditor may perform a walkthrough to evaluate design effectiveness

Answer 174

-are the controls that have been designed working as intended? -procedures to test operating effectiveness include observation, inspection of documentation, recalc and re performance of the control -inquires may be made but inquiry alone is not sufficient enough

Answer 175

-whether a deficiency noted rises to the level of a MM is usually a judgment call for the auditor that often is determined by the likelihood of a failure of the control (reasonable possibility) to cause a misstatement and the magnitude of such a misstatement should one occur from this deficiency

Answer 176

-mostly the auditors professional judgment to determine whether a significant deficiency rises to the level of a material weakness -discovery of any fraud involving senior management, whether material or not results in a material weakness -restatement of previously issued financial statements to correct a MM is considered a material weakness -identification of any MM during the audit that was not detected by IC is considered a material weakness -ineffective oversight of reporting and controls by those charged with governance

Answer 177

-auditor isn't finished with the ICFR engagement until he reviews reports issued by other such as internal auditors or service org control reports bc those reports may address IC related issues -obtain written rep from management -communicate IC matters

Answer 178

-auditor must communicate IC matters identified in the audit -"these are the MM as well as significant deficiencies that we identified" -we don't search for anything less than a MM but if we find a deficiency that is significant even if it doesn't rise to the level of MM, we must communicate -significant deficiencies and MM should be reported to those charged with governance and management in writing, by the report release date -before we allow our report on ICFR to be in the hands of the public or anyone else, we should have communicated those deficiencies that rise to the level of significant or MM to non governmental entities

Answer 179

-less deficiencies found should be reported to management within 60 days of the report release date which happens to be the documentation completion date for a non public entity and those charged with governance should be informed that there needed to be such communication -if no deficiencies were identified, the auditor should not issue a report indicating that no MM or no significant deficiencies were found --> this could be misinterpreted since we only have to communicate the MM and significant deficiencies that we identified

Answer 180

-the auditor must communicate deficiencies within 60 days of the report release date, which happens to be the documentation completion date -for governmental audits the communication need not take place by the report release date but for non governmental entities it would

Answer 181

-since we are giving two opinions, one on the financial statements and one on IC, the auditor could choose to issue two sep reports -if so, the two reports should have the same date, and include an OM para to cross ref the other report and identifying the date and character of the other report -the other option would be to issue a combined report on the financial statements and ICFR -the report date would not be dated before the auditor's obtained sufficient appropriate audit evidence to support the auditor's opinion -if the auditor chooses the two report approach, both reports should be dated the same

Answer 182

-if a MM is found, leads to an adverse opinion on IC and the auditor would state whether the opinion on the financial statements was affected by the existence of that MM -no qualified is allowed on IC but an adverse opinion on IC is required if one or more MM -scope limitation: If the client imposes a scope limitation on the audit of ICFR, the auditor should either withdraw from the engagement or issue a disclaimer, stating the reasons for the disclaimer and consider the effect on the audit of financial statements -ref made to another auditor that participated in the engagement, the component audit --> component auditor is taking responsibility for a portion of the integrated audit and has already issued a report on IC over a component of the entity and the primary auditor simply wants to ref the report of the component auditor --> an auditor may not make ref to a component auditor unless the component auditor has followed appropriate professional standards and has issued a report that is not restricted -elements of management's report are incomplete or improperly presented and management refuses to revise their report on IC --> if that's the case, the independent auditor would add an OM para to the audit report, describing the reasons for determining that elements of the report are incomplete or improperly presented --> this would not necessitate an adverse opinion on IC it would just make for a modified report

Answer 183

-management takes responsibility for IC and says that they have assessed the effectiveness of their ICFR as of a date -based on that assessment, management could conclude that their internal control is effective and then lists the criteria used to assess, COSO, integrated framework -the management report goes on to mention that inherent limitations such as lapses in human judgment, management override, collusion, may exist, and bc of that IC may not detect, prevent, or correct misstatements -projections of any assessment of effectiveness to future periods are subject to the risk that controls may become inadequate bc of changes in conditions or that the degree of compliance with company policies may deteriorate -company then signs and dates the report

Answer 184

-generally accepted government auditing standards (GAGAS) are issued by the government accountability office (GAO) under the authority of the controller general of the US -also known as yellow book -GAGAS standards impose additional performance and reporting requirements compared to a typical GAGAS audit -GAGAS doesn't replace GAAS, an audit of governmental entity is performed under both GAAS and GAGAS standard

Answer 185

-GAGAS reports on IC are required in every audit as is the testing of IC -for every audit under GAGAS, a written report on ICFR must be issued regardless of whether there are any identified deficiencies -the report should comment on the scope of the auditor's testing of IC -the reports can be combined or sep -if sep reports are issued, each report should include a para that references the other -if any significant deficiencies in IC are identified, the auditor should obtain a response from management of the entity -if that response is written, it should be included in the auditor's report on IC -if the response is oral, it should include a summary of the oral response in the auditor's report on IC

Answer 186

-under GAGAS, unlike GAAS, there is a requirement for the auditor to report on compliance with laws, regs, and contracts and grants even if there are no instances of non compliance -the auditor's report on compliance distinguishes between general requirements (requirements that are applicable to all federal programs) and specific requirements (requirements that are specific to a particular federal program) -the auditor should focus on non compliance having a material and direct effect on the entity's financial statements, similar to AICPA standards on illegal acts having a material and direct effect on the entity's financial statements -auditor's report on compliance should also mention the scope of the testing of these compliance issues but does not provide an opinion on overall compliance with laws and regs -the report on compliance should indicate that compliance with laws and regs is the responsibility of management -the auditor should design the audit to provide reasonable assurance of detecting instances of non compliance that have a material and direct effect on entity's financial statements -if there is non compliance, fraud, illegal act, and if the entity refuses to acknowledge it, the auditor should notify external parties such as the federal agency that provided the grant that there is abuse and that management refuses to acknowledge it -first the auditor approaches management of the government entity, and If they don't respond appropriately, taking responsibility, then the auditor goes to external parties -the auditor should report any known instances of illegal acts that could result in criminal prosecution and the auditor's report on compliance should identify any illegal acts that re more than inconsequential

Answer 187

-financial statement audit report -IC report -report on compliance

Answer 188

-requires state and local government entities that expend total federal assistance greater than or equal to $750K in a fiscal year to have an audit performed -the purpose is to promote efficiency -a single coordinated audit of the total federal funds with emphasis on the major assistance program -auditors must recognize which programs are considered major -the CPA should perform the engagement both in accordance with GAAS and GAGAS -GAGAS requires the additional audit requirements such as IC reporting and compliance reporting -the alternative to the single audit act would be to audit an entity's various federal grants --> each federal grant would require an audit, which is inefficient -recipients of federal assistance who spend under $750K in are exempt

Answer 189

-involves one engagement that covers an audit of the entity's financial statements and a schedule of expenditures of federal assistance -federal assistance means that the money came from the federal government to the state government or local government and lets see how that entity spent $750K of federal government assistance

Answer 190

-must be performed in accordance with GAGAS -auditor needs to identify each major program based on risk assessments (materiality should be determined sep for each major program) -in contrast, GAAS audit requires materiality to take into consideration simply the financial statements as a whole -auditor should test controls over each major program -auditor should evaluate compliance with emphasis on those matters that have a material and direct effect on the major programs

Answer 191

-audit report must express an opinion of the fairness of the entity's financial statements and an opinion on the schedule of expenditures of federal assistance -there is also a required report on ICFR and includes testing of the controls of identified major programs -there is also a report on compliance issues related to the applicable laws, regs and contracts and grants even if no non compliance is found

Answer 192

-schedule of findings and questioned costs if the auditor identified any audit findings -an audit finding may involve a significant deficiency in IC, noncompliance with any applicable laws, regs, contracts and grant agreements or any instances of fraud -management is expected to prepare a corrective action plan to response to any current year audit findings

Answer 193

-unconditional: describe a professional requirement to comply with a standard in all circumstances in which it is relevant -presumptively mandatory: describe a professional requirement to comply with a standard or provide a special explanation for not doing so

Answer 194

-the employer: management -employees who participate in the plan -plan custodian: bank or qualified financial institution to manage the employee benefit plan assets -auditor: not responsible to know whether an audit is required for the employee benefit plan

Answer 195

-while companies are not forced to have employee benefit plans, if they do have one, it likely falls under ERISA rules, which are heavily regulated -most employee benefit plans are subject to employee retirement income security act of 1974 -2 basic types of ERISA plans: --> welfare plans: healthcare, disability, life insurance --> pension plans: retirement income or deferral of income until retirement (vesting requirements) --> vesting: are employees entitled to benefits earned without any future employee required? if so, your benefits are vested

Answer 196

-employee benefit plans cost companies big money so they try to save where possible, but they must comply with ERISA -minimum age cannot be save above 21 to enter the pension plan to prevent employees from having to work from the company for 10 years in order to become eligible -ERISA does not allow discrimination, plan features that relate to contribution and vesting for highly compensated employees, usually must be the same for other employees -funding requirements: pension plans are typically subject to specific funding requirements, but welfare plans are not

Answer 197

-minimum employment to enter the pension plan is 12 months or 1000 hours -usually, benefits don't vest until you work for 24 months for the company, but you can start earning the benefits after 12 months -work beyond 24 months, all benefits earned from month 12 have now vested and if it's a pension plan, you can collect the vested benefits at retirement age even if you quit now -company pension plans are allowed to vest more quickly than ERISA requirements, but not more slowly -ERISA allows certain exemptions

Answer 198

-defined benefit welfare plan: usually do not have sep accounts for individual participants -defined contribution welfare plan: have sep accounts for each participant, benefits are limited to the balance is each account, flexible spending account

Answer 199

-unfunded plans: all benefits are paid by insurance or paid by employer, unfunded means no employee contributions -ERISA exempts unfunded welfare plans from audit requirements -funded plans: employees contributed to the welfare fund --> if any portion of the plan is funded, then all of the plan's activities are subject to ERISA and the plan assets are required to be held in trust or custodial accounts bc employee money is involved, and you can't have the employee co mingling the plan assets with employer assets

Answer 200

-benefit: employer promises the employee a specific amount each year at retirement, 60% of final year's salary either as an annual annuity or possibly one lump sum -contribution: sep accounts for each participant, benefits are limited to the balance in each account --> 401K (private sector) --> 403B plan (public school teachers and charities) --> allows employees to defer income until retirement, taxes aren't paid until distribution from the plan at retirement -ESOP: employee stock ownership plan is a type of 401K pension plan --> this is an incentive plan for employees to purchase stock in the company

Answer 201

-funded plans are subject to ERISA, unfunded plans are not -ERISA generally requires a funded welfare plan to be audited if its designated a large plan, having at least 100 actual participants at the start of the plan year -if the welfare plan is funded, the assets are held in trust or in a custodial account -welfare plans may be exempt from the audit requirements if benefits are paid from the employer's general assets or paid by insurance or some combination

Answer 202

-an audit is usually required for a pension plan that is a large plan, having at least 100 participants at the start of the plan year based on eligible participants, not based on number of employees actually participating -many employees who are eligible to participate in the pension plan do not participate but they are counted towards the 100 for audit requirements

Answer 203

-ERISA: employee retirement income security act of 1974 comes under the jurisdiction of the department of labor (DOL) with help from the IRS -the DOL requires benefit plan financial statements to be filed on form 5500 for both welfare and pension plans

Answer 204

-DOL requires benefit plan financial statements to be filed on form 5500 for both welfare and pension plans -form 5500 is an annual filing, "report of employee benefit plan" -the financial statements may be GAAP based, cash basis or modified cash basis of accounting -the DOL requires the auditor to report and express an opinion on whether plan financial statements and required supplemental schedules comply with DOL requirements -there is a requirement for management to provide the auditor with a nearly completed draft of the form 5500 for the auditor to review for inconsistencies with the audited financial statements prior to issuing an opinion on the benefit plan

Answer 205

-ERISA provides certain specific exemptions from some or all of ERISA, but the auditor is not responsible for determining whether a plan is subject to ERISA requirements -auditor is not responsible for determining whether the plan must be audited or which reporting framework is appropriate -the plan sponsor's legal counsel should be involved in those determinations -auditor is not responsible for determining whether the plan is unfunded or funded -with unfunded plans, the benefits are either paid from the employer's assets or by insurance coverage (or combo of those) -ERISA exempts unfunded plans -plan administrator's legal counsel makes that determination, not the auditor

Answer 206

-auditor should follow GAAS -auditor should consider relevant compliance issues (is the plan in compliance with requirements) but the plan administrator (not the auditor) is responsible for compliance with laws and regs -the auditor should inquire about the plan's qualified tax status -the plan having a qualified tax status is very important for tax purposes so the auditor should obtain appropriate written reps from the benefit plan manager regarding qualified tax status and whether plan management has performed the relevant internal revenue code (IRC) compliance tests, including the discrimination testing, and has corrected or intends to correct failures, if any -auditor should read any correspondence involving the plan from IRS

Answer 207

-full scope audit: max audit procedures are performed -limited scope audit: fewer audit procedures are performed, a term unique to employee benefit plans sometimes known as ERISA section 103(a)(3)(C) audit

Answer 208

should audit (examine) the following areas of activity: -plan assets and investment income -employee and employer contributions -payments of benefits -payroll info of the participants -any loans to participants -liabilities and plan obligations -administrative expenses -the allocation of investment income to individual participants

Answer 209

-management could authorize such an audit only when plan assets are held by a qualified, regulated financial institution -examples of qualified regulated financial institutions are banks, insurance companies and trust companies --> these entities are regulated, which means they are subject to periodic state or federal examination -if the plan administrator chooses a limited scope audit, the plan administrator may direct the auditor not to address the plan assets and investment activity -to be eligible for the limited scope audit, the qualified financial institution holding the plan assets must provide the auditor a certification that the investments and investment activity are complete and accurate -auditor then reads the certification and agrees the certified info with the plan's financial statements -without this certification from the qualified financial institution, a full scope audit is required

Answer 210

-the audit should perform audit procedures on the financial statement info, including the disclosures not covered by the certification -in a limited scope audit of the employee benefit plan, the auditor need not audit the plan assets or investment activity but still must examine: --> employee and employer contributions --> payments of benefits to employees --> payroll data --> loans to participants --> liabilities and plan obligations --> administrative expenses --> the allocation of investment income to individual participants

Answer 211

responsibilities principle: in carrying out their responsibilities are professionals, members should exercise sensitive professional and more judgment --> sensitive refers to being aware of how your actions appear, how they look to non accountants --> members of AICPA should co-operate with other members to improve the art of accounting, maintaining public confidence

Answer 212

-state of mind that requires impartiality, intellectual honesty, free from conflicts of interest -no matter what role you serve as an accountant, a member has to act with objectivity even if not attest related -independence is not the same as objectivity --> only those doing attest related engagements need to be independent in fact and appearance

Answer 213

-independence in fact = audit and reviews -independence in appearance = audit and reviews -objectivity and integrity = audit and reviews, tax, consulting and compilations

Answer 214

public interest principle: members should accept the obligation to act in a way that will serve the public interest, honor the public trust, and demonstrate a commitment to professionalism --> a distinguishing mark of a profession is acceptance of its responsibility to the public

Answer 215

integrity principle: to maintain and broaden public confidence, members should perform all professional responsibilities with the highest sense of integrity --> code defines integrity as what is right and what is just

Answer 216

objectivity and independence principle: a member should maintain objectivity and be free of conflicts of interest in discharging professional responsibilities --> a member in public practice should be independent in fact and appearance when providing auditing and other attestation services --> its easier to spot a conflict of interest in someone else than it is to spot in yourself so you never want to give an impression that you lack objectivity

Answer 217

due care principle: a member should observe the profession's technical and ethical standards, strive continually to improve competence, and continually improve the quality of services and discharge professional responsibility to the best of the member's ability --> while perfection is not required, a member is required to live up to the AICPA standards or will be considered negligent, lack of due care --> competence requires a commitment to continued learning, CPE courses, consulting with experts --> involves adequate planning and supervision --> its great to be an expert in your field but if you can't plan your engagements well, or supervise your assistants, you will lack reasonable care and this will lead to negligence --> most individuals on a typical engagement lack experience and must be properly supervised

Answer 218

-a member in public practice shall observe the principles of the code of professional conduct in determining the scope and nature of services to be provided -members should practice in firms with good quality control procedures so there is a better chance that everyone in the firm is doing things in the proper way, less change of being negligent -use your professional judgment to determine whether the scope and nature of services provided to an attest client would create a conflict of interest -assess whether a contemplated activity is consistent with your role as a professional, taking part in public nuisances

Answer 219

-largest part of AICPA code of professional conduct relates to members in public practice (a member engaged in auditing, tax or consulting for a client) -where the code does not provide clear guidance, members in public practice should always apply the threats and safeguards conceptual framework in order to determine whether threats to a member's compliance with the rules (independence, objectivity, integrity) can be reduced to an acceptable level --> acceptable level: a level at which a reasonable and informed third party who is aware of the relevant info would be expected to conclude that a member's compliance with the rules is not compromised by application of safeguards

Answer 220

-if a major shareholder of a client threatens to terminate a professional service of a member in pubic practice unless the member follows the instructions of the major shareholder or reaches a certain judgment or conclusion, this is an example of undue influence -usually bullying, blackmail or extortion

Answer 221

-if the CPA is a liberal democrat and is being asked to audit the NRA, the two have opposing political ideology and that's an example -another example would be if your client's insurance company had to step in and settle a claim against your client and now that insurance company is suing your firm for subrogation, reimbursement -suddenly you and your client have an adverse interest in the outcome since your client is now essentially suing you. difficult to remain objective and act with integrity

Answer 222

-if you are an environmentalist and you are auditing a solar panel manufacturer and you think solar energy is just the coolest thing, there is a risk that you are too much of a client advocate to be objective and act with integrity -when you don't have to attest work but you do advisory or consulting work for a client, you can advocate -providing forensic accounting services to a client involved in a lawsuit to a third party makes it difficult to act with integrity -acting as an underwriting or investment advisor for you client makes it difficult to act with objectivity

Answer 223

-former firm partner has joined the client in a key position -members spouse or member's parent is employed by the client -difficult to be objective when you are dealing with friends, relatives or former colleagues

Answer 224

-especially significant when auditing -after assessing the client's management as inept, you take steps with the best of intentions to keep the client from being late with a bill payment, so you mail the bill, that's acting as management

Answer 225

-if one client makes up a bulk of your practice, there is a self interest threat bc if that client goes under, your revenue would be impacted therefore excessive reliance on revenue from a single client would be an example of a self interest threat

Answer 226

-if the firm set up the controls at the client, there is a threat known as the self interest threat, that the firm should not test the controls bc they would be reviewing the firm's own work -the firm should probably hire another firm just to test controls in question, reducing self review threat to an acceptance level

Answer 227

-if a member determines that there is a threat to integrity and objectivity, the next step is to determine if the threat to integrity and objectivity is at an unacceptable level -if so, the member needs to determine if there is any way to reduce the threat to an acceptable level by using what the AICPA code of conduct refers to as safeguards

Answer 228

-safeguards created by the AICPA, state society of CPA's or safeguards created by congress or by state and local laws, or even SEC or PCAOB -rigorous testing requirements and experience requirements in order to receive a CPA license is an example -continuing professional education and training requirements (CPE courses), the more education, the more training the more likely we can navigate difficult ethical circumstances and still do the right thing -there is also a threat of discipline from the professional standards, loss of license, fines, imprisonment, for acting without integrity and objectivity, and these threats of discipline are designed to make it more likely that a member will act ethically -ethical hotlines: -created to help a member get the right answer to an ethical dilemma would be another example -external reviews of the firm's quality control system -if a firm knows that another firm is going to come in and review their work, that gives a firm more confidence if the concern is adhering to ethics and acting with integrity -legislation such as SOX that establishes prohibitions against certain services that would impair independence or impair objectivity and integrity

Answer 229

-does the client have an active governance structure such as an active audit committee in place, to ensure appropriate decision making and providing oversight and communications regarding a firm's services such as not hiring a firm that lacks independence or about not asking the auditor to perform consulting services that would impair independence -does the tone at the top at the client org emphasize a commitment to fair financial reporting and compliance with laws and regs? -does the client have policies and procedures in place to emphasize fair financial reporting and compliance? -does the client have policies in place to address ethical conduct? -does the client have personnel with suitable skills, knowledge, or experience to make managerial decisions about the delivery of professional services? -the bottom line with regard to safeguards implemented by the client is whether or not you are a member in public practice have confidence in the people at the top of the client entity are they people with integrity, trying to do the right thing and establish and maintain the right type of culture?

Answer 230

-does the leadership in your own firm stress compliance with rules and acting in public interest? -does the firm have quality control policies and procedures in place designed to implement and monitor engagement performance? -has someone from senior management of the firm been designated to oversee the functioning of the firm's quality control? if yes, as a member in public practice, do we have confidence in that senior firm member? -do we have disciplinary mechanisms within the CPA firm designed to promote compliance with policies and procedures? -are we rewarding those in the firm who do the right thing and terminating those who do the wrong ethical thing? -are we rotating partners properly who are part of the engagement team? -do we have policies in place to prevent partners and other members of the firm from being compensated for selling non audit services to attest clients that would impair independence?

Answer 231

-client A vs client B conflicts where a member has two clients but their interests conflict with another another, feuding spouses in a nasty divorce and you are hired to do the join return bc they both still love you, but one spouse is saying I need my former spouse's SSN and the other spouse is telling you don't provide it to them, make them get it their own way -client A vs client B, would be if a member provides consulting services to one client who happens to be suing one of your audit clients

Answer 232

-suggesting to a client that she make an investment, knowing that the investment would benefit the member making the suggestion -your client thinks you are giving them objective investing advice but you have an ownership or other financial interest -recommending every client to hire a payroll company that exclusively sends business back to you -another example of whats goos for you is not necessarily good for your client

Answer 233

-threats of objectivity may be reduced to an acceptable level if there is full disclosure to the client -if the client is aware of the conflict of interest and consents to it, then the code says that the conflict has been reduced to an acceptable level -conflicts should be disclosed to clients and affected their parties even if threats are determined to be at an acceptable level -document and retain disclosures

Answer 234

-objectivity is threatened when a member in public practice services on the board of directors of a client entity -usually there is no conflict if the member is a consultant to the board of directors bc you are simply providing advice to the board and they are making their own decisions -difficult to act with integrity when you are on the board, easier to be objective when you are simply a consultant

Answer 235

-accounting firms have policies on gifts and entertainment and even so, the gift must be reasonable in the circumstances -a gift that a jury would find reasonable in the circumstances could still impair integrity if it violates the firms rules and the member should know then firms rules -if its a small firm and they have no policies on gifts, the gift must be reasonable in the circumstances otherwise objectivity and integrity are impaired -it's like tickets to a football game vs tickets to the superbowl -objectivity and independence are threatened if members in public practice receive gifts from (or give gifts to) clients or its officers or directors -or it's 10% shareholders of the client where the value is such that it would violate the member firms policies or violate applicable laws and regs

Answer 236

-a member in public practice might find that a superior is breaching ethics rules -if the member determines that the position taken b y the superior in the form would result in the client overstating revenue or understating liabilities of a material amount, then the member should discuss the matter with the superior -if the superior is unwilling to listen to the member, then the member goes over the head of the superior -if the superior is breaching ethics and the member has already spoken to the superior, the member goes up the chain of command in the firm and if that superior cant convince the member that no ethics are being breached then the member has more steps to take -the member should determine whether the firm has policies and proceeders (ethics hotline) -determine whether there is a duty to report the matter to external parties -consult legal counsek -fully document the situation -consider quitting the firm and take steps to limit exposure to the ethical violation of subordinating your judgment

Answer 237

-outsourcing administrative support such as record storage and software application hosting does not breach objectivity or integrity provided the member has ensured the TSP has required professional qualification and technical skills -the member must be able to adequately plan and supervise the TSP's work and obtain the date necessary to evaluate the work of the TSP since the member in public practice is responsible for the work even though its outsourced

Answer 238

-clients need to be notified, preferably in writing before any confidential client info is provided to the TSP -client has veto power over confidential client info being outsourced -if the client objects to their bookkeeping before outsourced or their tax returns being outsourced, hen the member should not outsource the service or decline the engagement altogether

Answer 239

-does the AICPA ever say its okay for the members to depart from GAAP when doing attest work? -if other accounting principles apply such as IFRS bc you are doing work for a company in another country -or your client is under a contractual arrangement to follow a financial statement format that is prescribed by a third party -if you can demonstrate that due to unusual circumstances, following GAAP would have been misleading, such as: --> new legislation: GAAP hasn't been modified to catch up with the new legislation --> new business transaction: like bitcoin trading and your judgment says that following current GAAP rules would be misleading -can't depart from GAAP simply to serve your client's momentary best interest

Answer 240

-describe the departure, "here is what we did that is inconsistent with GAAP" -here is what the number would have looked like had we followed US GAAP -describe why compliance with US GAAP would have been misleading

Answer 241

-members in public practice should not engage in discreditable acts, such as discrimination and harassment in the workplace, sexual misconduct -other discreditable acts include failure to file or failure to pay ones own tax liability -disclosure of confidential client info, whether it's an existing client, a potential client where you meet and gather confidential info, even pro bono work requires confidentiality of client info, whether getting paid or not, whether landing the client or not -sometimes in doing work for your own client, you learn confidential info about an other company, even though they are not your client, you should not be disclosing confidential info about them -negligence in prep of financial statements or tax returns --> failure to follow standards is a discreditable act even if recklessness cannot be shown -improperly limiting our liability for our own negligence in the engagement letter -members should be accountable and liable for their own negligence although client negligence that contributions to CPA losses is recoverable in the engagement letter, contributory negligence, right of contribution -false advertising -improper retention of client records -removing client files from a firm after you quit or are fired hoping the client follows you to your new firm, records belong to the firm, not to any one CPA

Answer 242

-can you keep client provided original records if they haven't paid the bill? no -client provided records: must turn over if client demanded no exceptions within 45 days -firm should require the client to sign a document that admits to picking up all the records so the client cannot say later that some records were deliberately withheld -members work products: the deliverables set forth in the engagement letter should be turned over to the client at the client's request. work product can be withheld if: --> fees are due for the specific product, tax return, financial statement etc or if work product is incomplete, to company with professional standards such as unresolved audit issues or if threatened outstanding litigation exists --> if fees are due for some other work product, work product retention is not allowed -audit working papers: members exclusive properly and need not be provided to the client unless a state law requires production

Answer 243

-members may charge a reasonable fee for the time and expense incurred in producing records -members need not convert records from paper format to electronic format or vice versa -state laws are sometimes more demanding than the AICPA standards, and if so, state laws would need to be followed

Answer 244

-arise when a client is charged a fee depending upon results -not permitted in connection with attest clients or the filing of an original tax return or a tax return amended bc of error even for non attest clients -members shall not receive contingent fees for any service performed for a client for which the member provides any of the following attest services: --> financial statement audits, reviews, compilations expected to be used by a third party where lack of independence is not disclosed, and also examinations of prospective financial statements -permitted for compilations of financial statements expected to be used by third parties if the member includes a statement that the member is not independent -are allowed if an independent judge is involved -are allowed in an IR examination of a client tax return -are allowed in connection with private letter rulings -compilation where lack of independence is disclosed in the report

Answer 245

-can a member accept a commission for recommending a product or service to a client? -prohibited for attest clients, it would impair independence -for non attest clients, they are permitted but client disclosure is required -there is an exception for member's spouses who are allowed to receive commission from an attest client as long as the spouse activities are sep from the member's activities

Answer 246

-a member can buy a product and re sell it to a client at a profit as part of a consulting engagement without disclosure of the markup -a member can subcontract out a service without disclosing the markup, provided the client consents to the outsourcing

Answer 247

advertisements and solicitations are misleading or deceptive if they: -create false or unjustified expectations of favorable results -imply the ability to influence a court, regulatory agent or official'-intentionally underestimate fees, just to get the engagement -would mislead or deceive a reasonable person

Answer 248

-in a messy divorce, a member may accept an engagement to prepare the joint return or even the two sep filed returns -however, the info is confidential and if one spouse wants the member to show the tax return to a third party and the other spouse refuses to consent, the correct answer is to consult an attorney and listen to the advice to prove that good faith was followed

Answer 249

-do not disclose confidential client info without the specific consent of the client -info is considered confidential if its not known to be available to the public and obtained as a result of such relationships either proprietary (receiving payments) or voluntary (not getting paid) -considered an act discreditable to the profession for disclosing info that is confidential or to use the info for personal benefit -a member should take reasonable steps to ensure that staff members do not disclose confidential info -if selling the member's practice, cannot reveal confidential info to buyer of the practice unless client consents -even a member who quits a firm or is fired is expected to maintain confidentiality with regard to the former client's info

Answer 250

-a member must disclose confidential client info if necessary to comply with a validly issued subpoena -a mere letter from the IRS or SEC asking for confidential client info is not enough -if a member is being brought up on charges of malpractice or negligence, you can defend yourself even if it means revealing confidential client info -to defend yourself in an ethics case brought by the AICPA or state board of accountancy -to comply with peer review, every 3 years every CPA must be reviewed -when communicating with the client's governance or their employer hotline you can disclose confidential client info

Answer 251

-when a member outsources work to a third party service provider, before revealing confidential client info to the third party, a member should determine whether the third party service provider has procedures in place to maintain confidentiality of your client's info -enter into a contract with the 3rd party to maintain confidentiality of your client's info or obtain specific consent from the client of the disclosure of such info and this where the client would likely veto the outsourcing

Answer 252

-revealing client names is allowed to potential purchasers of your practice or to your friends and family members unless revealing their name would lead to a disclosure of confidential info

Answer 253

-firm names may not be misleading -while names of past owners are allowed and so are fictitious names, you can't include names of people who were never owners just to make it seem like the firm is larger than it is -a firm may not designate itself as members of the AICPA unless all of the firms CPA owners are members of the AICPA -while non CPA ownership of a CPA firm is allowed, if a firm does attest work, CPA's must own a majority of its financial interests and CPA's must remain responsible for the attest work

Answer 254

-staff accountants, internal auditors and those not engaged in public practice such as those who work in accounting for a college, work for a fortune 500, or a small charitable org, or a government agency -while independence rules do not apply, integrity and objectivity rules do apply -all members whether in public practice or in business must act with integrity and objectivity

Answer 255

-since independence rules do not apply to members in business, we need only look at threats to integrity and objectivity -all the same threats apply to members in business (that applied to members in public practice) except management participation since what the member in business is doing is often participating in management

Answer 256

-a member in business hires a relative as a subordinate, the threat is that you may not review their work properly -note that working for the company for a long time is not a threat to objectivity and integrity for a member in business but is a threat to a member in public practice

Answer 257

a member in business's spouse or close relative owning stock in the employer

Answer 258

-an example would be if the member has initiated a lawsuit agains the employer -this would be considered a threat to the member's objectivity bc the member and the employer are now opposition -another example would be if the member works for target but the member's brought is a big investor in walmart

Answer 259

-a member might lack integrity and objectivity if its work preparing a prospectus would result in financing for the employer, still need to remain objective with regard to accounting rules, revenue recognition, not too aggressive -as an employee, you still must maintain integrity -another example would be holding back material info that a third party needs to make a decision about the employer, like a labor strike

Answer 260

an internal auditor accepting responsibility to test controls that she set up prior to being promoted to internal auditor

Answer 261

-being pressured to deviate from company policy or change a conclusion -cannot subordinate your judgment (just like a member in public practice -if a supervisor asks you to become associated with false or misleading info, that would be considered undue influence and would be a threat to integrity and objectivity

Answer 262

-only rely on safeguards from the employer or the profession, legislation or regulation to reduce threats to an acceptance level

Answer 263

-should not engage in discreditable acts like discrimination, harassment in the workplace, sexual misconduct (same rules apply to members in public practice) -cannot disclose confidential employer info -cannot mislead in advertising, failure to file your own tax return or pay tax

Answer 264

-CPA's who do attest work, tax professionals, professionals who provide consulting services to third parties

Answer 265

-retired or unemployed CPA's -should not commit an act discreditable to the profession (discrimination, harassment, confidential info, false advertising)

Answer 266

-with the DOL, the CPA is auditing the client's employee benefit plan, rather than the financial statements -the requirements for independence by the auditor regarding audits of employee benefit plans applies to the plan as well as the plan sponsor, employer -to maintain independence, an auditor cannot have a direct financial interest nor a material indirect financial interest in the employer or the plan -can have an indirect financial interest that is immaterial -not only members of the engagement team and their immediate family but partners in other cities cannot own any shares of the client's stock and must be independent of the plan if the CPA firm wants to audit the employee benefit plan -covered members, spouses, immediately family members, other members of the audit firm cannot have. a direct financial interest in the benefit plan or in shares of the company's stock if the CPA wants to audit the employee benefit plan -employees of the benefit plan can move to the audit firm but must do two things: disassociate from the plan and not take part in the audit of the plan covering any period of employment with the plan

Answer 267

-if the CPA firm wants to audit an employee benefit plan, no member of the CPA firm can be serving as an investment advisor of the plan, voting trustee, or underwriter at any time during the period of the professional engagement -if the CPA firm wants to audit an employee benefit plan, no member of the CPA firm can be serving as director, officer or employee of the plan or sponsoring employer

Answer 268

-DOL permits certain consulting and other services to be performed by members of the CPA firm who is auditing the employees benefit plan -the CPA firm may perform actuarial services for the plan without violating independence -the CPA firm may advise on tax issues while performing the audit of the plan without violating independence -the CPA firm may not maintain financial records regarding the plan if the firm is auditing the plan, that would violate independence

Answer 269

-serve the pubic interest: the collective well being of the community of people and entities served by the auditor --> auditor services should be designed to meet those needs -act with integrity: auditors conducting their work with an attitude that is fact based, nonpartisan, and non ideological with regard to the audited entities -act with objectivity: independence of mind and appearance when providing audits, maintaining an attitude of impartiality, free of conflicts of interest -maintain proper use of government info, resources and positions bc these are to be used for official purposes and not for the auditor's personal gain -professional behavior: includes compliance with all relevant legal, regulatory and professional obligations, avoidance of conflicts of interest, sensitivity to appearance of impropriety, and putting forth an honest effort to meet technical and professional standards

Answer 270

-adopted a conceptual framework for making independence determinations for situations where no clear rule applies 3 steps: -identifying threats to independence -evaluating the significance of the threats identified, both individually and in the aggregate -applying safeguards as necessary to eliminate threats or reduce them to an acceptable level -if threats are identified and no available safeguards can eliminate them or rude them to an acceptable level, independence is considered to be impaired

Answer 271

-the threat that a financial or other interest will inappropriately influence the auditors judgment or behavior -ex: if you the auditor, are auditing a county government program that provides small business loans, and your spouse has received one of these loans for her business, that's self interest threat

Answer 272

-the threat that an audit firm will evaluate its own non audit service, source documentation preparation, payroll prep, and not appropriately evaluate the results of previous judgments made or actions taken

Answer 273

-the threat that an auditor will, as a result of political, ideological, social or other convictions, take a position that is not objective -ex: if you are an auditor, with a strong democrat party loyalty, and you are asked to audit one of the obamacare exchanges...

Answer 274

-the threat that arises when a close family member or close friend is a member of management -could undermine objectivity

Answer 275

-someone who you know, that works directly for the democrat party, knows that you are auditing one of the obamacare exchanges and is hounding you, the auditor, to give an unmodified opinion on the public health care exchange

Answer 276

-results from an auditor taking on the role of management or otherwise performing management functions on behalf of the entity undergoing an audit, making decisions -if an auditor were to assume management responsibilities for an audited entity, the management participation threat created would be so significant that no safeguards could reduce the threat to an acceptable level -leading and directing an entity, setting policies and strategic direction for the audited entity, directing and accepting responsibility for the audited entity employees, in the performance of their routine, recurring activities and having custody of the audited entity's assets

Answer 277

-the threat that an audit firms placement within a government entity, in combination with the structure of the entity being audited, will impact the audit org's ability to perform work and report results objectivity

Answer 278

-statutory safeguards may already be in place where an auditor org is placed in a different level of government than the audited entity -another safeguard would be if the auditor org is placed within a diff branch of government, legislative auditors can only audit an executive brach program -goal: making sure the auditor is not answering to the same person who they are auditing -if the head of an auditing org is directly elected by voters of the jurisdiction being audited, the auditor answers to the voters and tells the voters, this is how the particular agency is doing, no structural threat -this way, if the auditor answers to the voters, they don't have to worry about answering to the entity that is being audited -no structural threat if the head of the auditing org is elected or appointed by a legislative body and accountable to the legislative body

Answer 279

-consulting an independent third party, such as a professional org, a regulatory body or another auditor -involving another audit firm to perform or re perform part of the audit -having a professional staff member who was not a member of the audit team review the work performed -removing an individual from an audit team -prevent the audited entity from having the power to abolish the audit org (if it doesnt like the results of the audit) -provide that if the head of the AO is removed, the head of the agency reports this to the legislative body so that the legislative body is alerted to the removal -prevent the audited entity from interfering with the initiation, scope, timing and completion of any audit -prevent audited entity from interfering with audit reporting, findings, conclusions, or the manner mean or timing of the AO's reports -require the AO to report regularly to a legislative body or other independent governing body -give the audit org (AO) sole authority over the selection, retention, advancement and dismissal of its staff -guarantee the AO access to records and documents related to the agency, function or program being audited and access ti officials as needed to conduct the audit

Answer 280

-internal auditors working under the direction of the audited entity's management are considered independent for purposes of reporting internally if the head of the audit org meets all of the following: --> be accountable to head of the government entity or to those charged with governance --> reports audit results both to the head of the government entity and to those charged with governance --> located organizationally outside the staff or line management function of the areas being audited --> has access to those charged with governance --> is sufficiently removed from political pressure to conduct audits and report findings objectively without fear of political reprisal -if internal auditors audit external orgs, such as contractors (that work for the government) and no independence impairments exist, the auditor is considered an external party to the audited (contractor) entities

Answer 281

-an accounting firm is asked to audit a government agency -you are performing the audit and the government agency notices your proficiency, compliments you and asks if you would help them set up some software to improve their financial reporting -its a non audit function so very similar to AICPA rules, the auditor should determine whether providing such. anon audit service would create a threat to independence with respect to any GAGAS audit performed, cannot perform management functions for an audit client -a critical component of this determination is consideration of management's ability to effectively oversee the nonaudit service to be performed -auditor should ensure that the entity has the expertise to supervise, evaluate and take responsibility for those services

Answer 282

document: -threats to independence that require the application of safeguards and the safeguards applied -safeguards required if the AO is structurally located within a government entity and is considered independent based on those safeguards -consideration of audited entity management's ability to effectively oversee a non audited service to be provided by the auditor -the auditor's understanding with an audited entity for which the auditor will perform a non audit service

Answer 283

-threats to independence should be evaluated both individually and in the aggregate -threats to independence are not acceptable if they either: --> could impact the auditor's ability to perform an audit without being affected by influences that compromise professional judgment --> could expose the auditor or AO to circumstances that would cause a reasonable and informed third party to conclude that integrity, objectivity or professional skepticism of the AO, or a member of the audit team, had been compromised

Answer 284

-AICPA code of professional conduct governs non audit services provided to attest clients who are non issuers -the code also governs services provided to non audit services provided to clients who are issuers -if the client is an issue and the services are attest, SOX would over ride AICPA

Answer 285

-for an audit client, firms should be mindful of the total amount of non audit services provided -auditors can give advice to audit clients, but need to be careful not to take on management responsibilities -auditors are allowed to give guidance, give alternative, but not make the ultimate decision

Answer 286

-decide which of your recommendations the client should implement -decide which of a third party's recommendations, the client should implement -have custody of clients assets -prepare source documents that you are later going to audit -set policy or strategic direction for an audit client -authorize, execute or consummate transactions for client -serving as an attest client's stock transfer agent -accepting responsibility for an attest client's IC

Answer 287

independence would not be impaired if all the following safeguards are met: -assume all management responsibilities of the non attest service -oversee the service by assigning an expert (from within the client's staff) who possesses the capabilities of overseeing the service --> the covered member needs to assess whether the expert is capable of performing this task -management must be able to evaluate the adequacy and results of the serviced performed -accept responsibility for the results of the non audit services

Answer 288

covered members must establish and document in writing their understanding with the attest client regarding: -the objectives of the engagement -the services to be performed -the attest client's acceptance of its responsibilities -the members responsibilities -any limitations on the engagement if all are met, then the firm may: -provide advice, provide research materials, provide recommendations to assist management in making decisions, attend board meetings as. anon voting advisor, interpret financial statements, forecasts and provide management with advice regarding its potential plans, strategies or relationships

Answer 289

-during an audit, independent auditors need to communicate certain matters to the client and communication of these would not be considered in non attest services -the clients selection and application of accounting principles and financial statement disclosure requirement -adjusting JE that the covered member has proposed, prepared, for the client's consideration -the form or content of the financial statements -the appropriateness of the clients methods used in determining accounting and financial reporting

Answer 290

-SOX restricts auditors from providing these non attest services to public companies: --> bookkeeping or other services related to the accounting records or financial statements --> financial info systems design and implementation --> appraisal or valuation services --> actuarial services --> internal audit outsourcing --> management functions or human resources --> broker dealer or investment advisor or investment banking service --> legal services or expert services unrelated to the audit --> certain tax services are allowed for audit clients under SOX -independence would be impaired, there are no safeguards

Answer 291

-the tax services are contingent upon results bc no contingent fees -aggressive tax position; tax shelters designed for tax avoidance that have already been sot down by IRS -management of company; cannot prepare tax services for the CEO or spouse, the corp tax return is allowed but not offficiers or directors -audit committee must approve and permitted non audit services purchased by the public company from its auditor -a firm that seeks the permission of an audit client's audit committee to provide tax services must described the proposed services in writing to the committee, discuss with the committee the potential effects on independence, and document that discussion

Answer 292

while most non audit services are prohibited to public audit clients, CPA's may provide certain non audit services to non public audit clients: -executive or employee search -forensic accounting services -information systems -internal audit -investment advisory -tax services -hosting services -appraisal, valuation, actuarial -benefit plan administration -bookkeeping payroll and other disbursements -business risk consulting -corporate finance consulting

Answer 293

permissible with safeguards auditor may: -post client approved JE -prepare financial statements based on client's trial balance info -process client's payroll using client provided records -generate un signed checks using client prepared source documents -propose standard, correcting or adjusting JE not permitted: -make changes in accounting records without client approval -approve or authorize client transactions, approve vendor invoices for payment -prepare source documents such as sales orders or purchase invoices

Answer 294

permissible with safeguards auditor may, without impairing independence: -advice client on employee hiring or benefits -recommend candidate specifications or position description -solicit, screen and recommend candidates based on client approved criteria -recommend qualified candidates based on client approved criteria not permitted: -hire or terminate client employees -commit client to employee compensation

Answer 295

permissible with safeguards, auditor may without impairing independence: -install or integrate a client's off the shelf financial info system -assist in setting up client chart of accounts and financial statement format -perform network maintenance -design develop and install or integrate client's info system that is unrelated to financial statements or accounting records not permitted: -design or develop a client's financial info system -supervise client personnel in daily operation of financial info system -operate client's network

Answer 296

permissible with safeguards, auditor may without impairing independence: -identify opportunities for IC improvement -recommend improvement for management consideration not permitted: -perform ongoing monitoring activities of client's controls -determining which recommendation for improving IC should be implemented -reporting to the board or audit committee on behalf of management regarding internal audit -being listed as employee in client's directory -approve or being responsible for overall internal audit work

Answer 297

permissible with safeguards, auditor may without impairing independence: -prepare tax return -transmit tax return to IRS or state taxing authority -signs tax return if authorized by management not permitted: -representing client in court to resolve tax dispute

Answer 298

permissible with safeguards, auditor may without impairing independence: -gain client provided log in access to client's cloud based quick books so that member can provide permitted bookkeeping services for the client -retaining an attest client's original data during a non audit service engagement to facilitate performance of the non audit service engagement as long as original records are turned to client upon completion of engagement -retaining a copy of attest client's data or records as documentation to support a service the member provided -retaining a copy of work product prepared b y the member not permitted: -hosting an attest client's website or other non financial info system -storing an attest client's paper records on the client's behalf -storing an attest client's electronic records on the client's behalf -serving as client's disaster recovery provider

Answer 299

permissible with safeguards, auditor may without impairing independence: -transmit client's investment selection to broker -perform bookkeeping and reporting of client's portfolio balance -review management of client's portfolio by others to determine if managers are meeting client investment objectives -recommend allocation of asset classes not permitted: -make investment decisions on the client's behalf and then execute those buy and sell orders -take custody of client securities

Answer 300

permissible with safeguards, auditor may without impairing independence: -assist client in identifying sources of capital meeting client's criteria -assist client in drafting offering documents -be named as financial advisory in client's offering documents -assist client in transaction negotiations not permitted: -commit the client to a trnsaction -consummate transaction on client's behalf -act as a promoter underwriter, broker or dealer or guarantor of client's securities -maintain custody of client's securities

i-75 con't Flashcards

(326 cards)