What defines an Audit?
An audit includes, examining, on a test basis, evidence supporting the amounts and disclosures in the financial statements. An audit also includes assessing the accounting principles used and the significant estimates made by management, as well as evaluating the overall financial statement presentation.
What is a Control Deficiency?
A control deficiency exists when the design or operation of a control does not allow management or employees, in the normal course of performing their assigned functions, to prevent or detect misstatements on a timely basis.
What is a Significant Deficiency?
A significant deficiency is a Control Deficiency, or combination of control deficiencies, that adversely affects the entity's ability to initiate, authorize, record, process, or report financial data reliably in accordance with generally accepted accounting principles such that there is more than a remote likelihood that a misstatement of the entity's financial statements that is more than inconsequential will not be prevented or detected by the entity's internal control.
What is a Material Weakness?
A material weakness is a Significant Deficiency, or combination of significant deficiencies, that results in more than a remote likelihood that a material misstatement of the financial statements will not be prevented or detected by the entity's internal control.
Materiality (in a for profit financial statement audit)
In a for-profit financial statement audit, materiality is related to the financial statements taken as a whole.
Materiality (in accordance with the Single Audit Act)
The schedule of findings and questioned costs includes instances of material noncompliance with laws, regulations, contracts, or grant agreements related to a major program. The auditor's determination of whether a noncompliance is material for the purpose of reporting an audit finding is in relation to a type of compliance requirement for a major program or an audit objective (identified in the OMB Circular A-133 Compliance Supplement).
Encompass many objectives, such as assessing program effectiveness and results, economy and efficiency (including compliance with laws and regulations concerning economy and efficiency) internal control, and compliance with legal requirements.
What is an Attest Engagement?
An Attest Engagement is one in which a practitioner is engaged to issue or does issue an examination, a review, or an agreed-upon procedures report on subject matter, or an assertion about the subject matter, that is the responsibility of another party.
State the purpose of generally accepted auditing standards (GAAS).
An audit should be planned, performed, and reported on in accordance with GAAS. Auditing standards are concerned with audit quality and the objectives to be attained.
What are procedures?
Auditing procedures are acts that the auditor performs during the course of an audit to comply with auditing standards (i.e. GAAS).
What do the Statement on Standards for Accounting & Review Services apply to?
They apply to compilations and reviews performed by practitioners. Remember, a compilation never provides assurance.
What is a Financial Forecast?
A financial forecast consists of prospective financial statements that present, to the best of the responsible party's knowledge and belief, an entity's expected financial position, results of operations, and cash flows.
What is a Financial Forecast based on?
A Financial Forecast is based on the responsible party's assumptions reflecting conditions it expects to exist and the course of action it expects to take.
What is a Financial Projection?
A Financial Projection is based on assumptions by the responsible party reflecting expected conditions and courses of action, given one or more hypothetical assumptions (a condition or action not necessarily expected to occur).
What does the examination of a financial forecast entail?
An examination of a financial forecast entails evaluating the preparation of the statements, the support underlying the assumptions, and the presentation of the statements for conformity with AICPA guidelines.
What does limited use of prospective financial statements mean?
Limited use of prospective financial statements means use by the responsible party and those with whom that party is negotiating directly, e.g. in a submission to a regulatory body or in negotiations for a bank loan. These third parties are in a position to communicate directly with the responsible party. Only a forecast is appropriate for general use.
What is Pro Forma Financial information?
Pro forma information shows what the significant effects on historical financial information would have been had a consummated or proposed transaction (or event) occurred at an earlier date. Examples of these transactions include a business combination, disposal of a segment, a change in the form or status of an entity, and a change in capitalization.
An assertion, which is not required to be written unless required by another attest standard, is any declaration or set of declarations about whether the subject matter is based on or in conformity with the criteria selected.
What is Detection Risk?
Detection risk is a function of the effectiveness of an audit procedure and of its application by an auditor and can be changed at his discretion.
The conditions to be met to accept an engagement to perform agreed-upon procedures
1) the specified parties have participated in determining its nature and scope, and they take responsibility for the adequacy of the procedures 2) report use is restricted to those parties 3) the statements include a summary of significant assumptions
When is the examination of pro forma financial information appropriate?
An examination of pro forma financial information, which provides a basis for giving positive assurance, is appropriate only if the historical statements have been audited
What is included in a practitioner's report on pro forma information?
A pracitioner's report on pro forma information should include 1) an identification of the pro forma information 2) a reference to the financial statements from which the historical financial information is derived and a statement as to whether such financial statements were audited or reviewed 3) as statement that the review was made in accordance with standards established by the AICPA 4) a caveat that a review is substantially less in scope than an examination and that no opinion is expressed 5) a separate paragraph explaining the objective of pro forma financial information and its limitations, and 6) the practitioner's conclusion providing limited assurance.
The AICPA defines assurance services as independent professional services that improve the quality of information, or its context, for decision makers. Assurance services encompass audit and other attestation services but also include other, nonstandard services. Assurance services do not encompass consulting services.
Name two ways Assurance Services differ from Consulting Services
Assurance services differ from consulting services in two ways 1) they focus on improving information rather than providing advice and 2)they usually involve situations in which one party wants to monitor another rather than the two-party arrangements common in consulting engagements
What are the five Sys Trust principles?
online privacy, security, processing integrity, availability and confidentiality
What is CPA Performance Review?
CPA performance review evaluates whether an entity's performance measurement system contains relevant and reliable measures for assessing the degree to which the entity's goals and objectives are achieved. It attempts to provide a more balanced scorecard than just the traditional financial statements
What does the engagement performance of quality control consist of?
The engagement performance element of quality control includes policies and procedures that cover planning, performing, supervising, reviewing, documenting, and communicating the results of each engagement.
What are the objectives of supervision?
Objectives of supervision include establishing procedures for planning engagements, maintaining the firm's standards of quality, and reviewing documentation of the work performed and reports issued.
The factors affecting a CPA firm's quality control policies and procedures
The nature and extent of a firm's quality control policies and procedures depend on a number of factors, such as the firm's size, the degree of operating autonomy allowed, its human resources policies, the nature of its practice and organization, and appropriate cost-benefit considerations
What purpose is served by obtaining a management representation letter?
A management representation letter is obtained to assure that management understands its responsibility for the financial statements
Describe the procedures performed during the initial planning stage for an audit
During initial planning, an auditor should, among other things, meet with the client to agree on the type, scope, and timing of the engagement
Audit risk is the risk that an auditor may unknowingly fail to modify the opinion on materially misstated financial statements. The high, but not absolute, level of assurance that is intended to be obtained by the auditor is expressed in the auditor's report as obtaining reasonable assurance about whether the financial statements are free of material misstatement (whether caused by error or fraud). Audit risk includes inherent risk and control risk, which are not affected by the auditor's procedures.
Detection risk is the risk that the auditor will not detect a material misstatement that exists in a relevant assertion. It is affected by the auditor's procedures and can be changed at his discretion
Inherent risk is the susceptibility of an assertion to material misstatement in the absence of related controls.
Control risk is the risk that a material misstatement will not be prevented or detected by internal control. Control risk is assessed prior to determining the acceptable level of detection risk
The audit findings that support an unqualified opinion.
The opinion paragraph of the standard auditor's report explicitly states that the financial statements present fairly, in all material respects, the financial position, results of operations, and cash flows of the entity in conformity with GAAP. It reflects, the financial position, results of operations, and cash flows of the entity in conformity with GAAP.
Explain the determining factor used to make a preliminary judgment about materiality
The auditor's materiality level might be based on the entity's period-to-date financial results and position or financial statements of one or more prior periods. But recognition should be given to the effect of major changes in the entity's circumstances (for example, a significant merger) and relevant changes in the economy as a whole or the industry in which the entity operates.
When are financial statements free of material misstatement?
If proposed adjustments are immaterial (proposed adjustments that collectively are not material) then by definition the financial statements are free from material misstatement, and an unqualified opinion may be expressed. HOWEVER, the schedule of proposed adjustments must be included in the management representation letter, and management must assert that these proposed adjustments are individually and collectively immaterial. (No disclosure in the footnotes would be required).
The procedures an auditor should take before beginning field work on a new audit engagement in which an auditor does not possess expertise in the industry in which the client operates
The auditor should obtain an understanding of the entity and its environment, including its internal control. For this purpose, the auditor performs the following risk assessment procedures: 1) inquiries of management and others within the entity 2) analytical procedures and 3) observation and inspection
List examples of risk assessment procedures
The auditor performs risk assessment procedures to obtain the understanding of the entity and its environment, including its internal control. These include 1) reading internal audit reports 3) interim statements 3) quarterly reports and 4) minutes of board meetings
Tests of Details
Tests of details are used to collect sufficient, appropriate audit evidence to support the opinion.
Accounting Trends and Techniques
Is a nonauthoritative publication, which provides practical guidance for conducting accounting and audit engagements, that describe current practices regarding corporate financial accounting and disclosure policies. This annual AICPA publication is based on a survey of the annual financial reports of over 600 public companies.
The basic premise underlying analytical procedures
A basic premise underlying the application of analytical procedures is that plausible relationships among data may reasonably be expected to exist and continue in the absence of known conditions to the contrary. Variability in these relationships can be explained by, for example, unusual events or transactions, business or accounting changes, misstatements, or random fluctuations. The objective of analytical procedures, such as ratio analysis, is to identify significant differences for evaluation and possible investigation
The objective of analytical procedures
The objective of analytical procedures is to identify such things as the existence of unusual transactions and events, and amounts, ratios, and trends that might indicate matter that have financial statement and audit planning ramifications. They are used to plan the audit and identify areas of specific risk (not specific illegal acts).
Nonfinancial data used for analytical procedures
Number of employees, square footage of selling space, volume of goods produced, and other similar information
The basis for choosing between analytical procedures and tests of details
The decision is based on the auditor's judgment about the expected effectiveness and efficiency of the available procedures. The auditor considers the level of assurance required to be provided by substantive testing for a particular audit objective related to a particular assertion, and then must decide which procedure or combination of procedures can provide that level of assurance. "For some assertions, analytical procedures are effective in providing the appropriate level of assurance
What considerations are made for fraud?
Consideration for fraud entail 1) understanding fraud 2) discussing fraud risks with members of the engagement team 3) obtaining information needed to identify fraud risks 4) identifying those risks 5) assessing fraud risks 6) responding to the assessments 7) evaluating evidence at the end of the audit 8) making appropriate communications about fraud 9) documenting the consideration
Due professional care requires the auditor to exercise professional skepticism. Professional skepticism is an attitude that includes a questioning mind and critical assessment of audit evidence. Regardless of past experience with the entity or belief in managements honesty, the audit should be conducted with an awareness that a material misstatement due to fraud may exist and ongoing questioning of whether the evidence suggests that such fraud has occurred
Assessing objectivity of internal auditors
Assessing objectivity includes obtaining information about 1) organizational status (the level to which the internal auditors report, access to those charged with governance, and whether these individuals over see employment decisions related to the internal auditors) and 2) policies to maintain internal auditors objectivity concerning the areas audited
Judgments that an auditor may share with an entity's internal auditor
An internal auditor, regardless of his competence and objectivity, should never make any judgments about the audit work being conducted. All judgments must be made by the auditor. In addition, the responsibility to report on financial statements rests solely with the auditor and cannot be shared with internal auditors. Judgments about 1) assessments of inherent and control risk 2) materiality of misstatements 3) sufficiency of tests performed 4) evaluation of significant accounting estimates and 5) other matters affecting the auditor's report always should be those of the auditor. The auditor may, however, use the internal auditor to provide direct assistance in the audit as long as the auditor supervises, reviews, evaluates, and tests the work of the internal auditor.
When tests still need to be performed on internal auditors work
When amounts are material and the risk of material misstatement of the subjectivity of the evaluation of the evidence is high, the consideration of the internal auditors' work cannot alone reduce audit risk to an acceptable level. Thus, direct testing of those assertions by the auditor cannot be eliminated
What items could suggest the existence of related party transactions?
1) exchanging of property for similar property in a nonmonetary transaction 2) borrowing or lending at rates significantly above or below market rates 3) selling realty at a price materially different from its appraised value, and 4) making loans with no scheduled repayment terms
The procedure performed after determining that a related party transaction has occurred
After identifying related party transactions, the auditor should become satisfied about their purpose, nature, extent, and effect. Among other things, the auditor should obtain an understanding of the business purpose of the transaction
The first procedure performed in evaluating the reasonableness of accounting estimates
To evaluate reasonableness, the auditor obtains an understanding of the development of the estimates
The auditor's normal concern about assumptions used in making accounting estimates
In evaluating the reasonableness of an estimate, the auditor normally concentrates on key factors and assumptions that are 1) significant to the accounting estimate 2) sensitive to variations 3) deviations from historical patterns 4) subjective and susceptible to misstatement and bias
What are estimates based on
Estimates are based on both subjective and objective factors. Hence, control over estimates may be difficult to establish. Given the potential bias in the subjective factors, the auditor should adopt an attitude of professional skepticism toward both the subjective and objective factors. Estimates are often based on assumptions about the future
Difference between the calculation of estimates supported by evidence and those in the financial statements
if the amount in the financial statements is not reasonable, it should be treated as a likely error or fraud and aggregated with other likely misstatements. If the differences are individually reasonable but collectively indicate possible bias, the auditor must reconsider the estimates as a whole
The necessary procedure in and audit of Fair Value Measurements and Disclosures (FVMD)
The auditor should obtain an understanding of managements accounting and financial reporting process for FVMD and the relevant controls that are sufficient for an effective audit of FVMD. The understanding is used to assess the risk of material misstatement and to determine the nature, timing, and extent of audit procedures
The first action taken after a subsequent discovery of an omitted procedure
The auditor determines whether 1) the omission impairs the current ability to support the opinion, and 2) persons are currently relying or are likely to rely on the report. If these conditions exist, the auditor should promptly undertake to apply the omitted procedure or alternative procedures that would provide a satisfactory basis for the opinion. Notification of users of financial statements is necessary only if the auditor could not become satisfied with the opinion upon applying additional procedures
What is the second standard of field work
The auditor must obtain a sufficient understanding of the entity and its environment, including it's internal control, to assess the risk of material misstatement of the financial statements whether due to error or fraud, and to design the nature, timing, and extent of further audit procedures
The components of internal control (Controls stop CRIME)
Control activities, Risk assessment, Information and communication systems, Monitoring, and control Environment
Control Activities (C in CRIME)
Control activities are the policies and procedures that help ensure that management directives are carried out. They include performance reviews, information processing, physical controls, and segregation of duties
Risk Assessment (R in CRIME)
Risk assessment is the entity's identification and analysis of relevant risks as a basis for their management
Information and communication systems (i in CRIME)
Information and communication systems support the identification, capture, and exchange of information in a form and time frame that enable people to carry out their responsibilities
Monitoring (M in CRIME)
Monitoring is a process that assesses the quality of internal control performance over time
control Environment (E in CRIME)
The control Environment provides discipline and structure, sets the tone of an organization, and influences the control consciousness of its people. It includes participation of those charged with governance, integrity and ethical values, organizational structure, management's philosophy and operating style, assignment of authority and responsibility, human resource policies and practices (relative to hiring, orientation, training, evaluating, counseling, promoting, compensating, and remedial actions), and commitment to competence
The management control method most likely to improve supervision
The Control Activities component of internal control includes performance reviews. Performance reviews involve comparison of actual performance with budgets, forecasts, or prior performance. Identifying variances alerts management to the need for investigative and corrective actions. Such actions are necessary for effective supervision
Knowledge required in gaining an understanding of internal control
In all audits, the auditor should obtain an understanding of each of the five components of internal control sufficient to plan the audit. A sufficient understanding is obtained by performing procedures to understand the design of controls relevant to an audit of financial statements and determining whether they have been implemented.
Steps an auditor need NOT take in obtaining an understanding of internal control
In an audit of financial statements, the auditor is not obligated to search for significant deficiencies or material weaknesses, nor obtain knowledge of the operating effectiveness of the controls, unless the auditor intends to rely on the controls
Systems flowcharts provide a visual representation of a series of sequential processes, that is, of a flow of documents, data, and operations. In many instances, a flowchart is preferable to a questionnaire because a picture is usually more easily comprehended. A systems flowchart does not specifically identify the weaknesses in internal control
3 conditions present when fraud exists
1) pressures or incentives 2) opportunity and 3) capacity to rationalize
is the measure of the quality of evidence, it is the relevance & reliability of evidence
Tests of controls
Tests of controls are procedures to obtain evidence about the operating effectiveness of controls in preventing or detecting material misstatements in the financial statements. Tests of controls are concerned with how they were applied, by whom they were applied, and the consistency of their application during the audit period.
Remittance advices are sent with sales invoices to customers to be returned with cash payments.
Credit memos are internal documents crediting customer accounts for returns or allowances granted
The matters to be discussed with those charged with governance
The matters to be discussed with those charged with governance (two way communication is expected) include the auditors' responsibility under GAAS, significant accounting policies, sensitive accounting estimates, audit adjustments, including not only adjustments having a significant effect on financial reports but also uncorrected misstatements pertaining to the latest period presented that were determined by management to be immaterial, the quality of the accounting principles used by management, other information in documents containing audited statements, auditor disagreements with management whether or not satisfactorily resolved, managements consultations with other accountants, issues discussed with management prior to the auditors retention, and any serious difficulties the auditors may have had with management during the audit
What type of opinion is expressed on internal controls when the auditor discoveries a material weakness?
A material weakness requires the auditor to express an adverse opinion on the effectiveness of internal control
What is a change in the depreciation method?
A change in the depreciation method is a change in estimate inseparable from a change in principle. The change in principle requires an additional paragraph describing the lack of consistency.
What is the completeness assertion concerned with?
The completeness assertion concerns whether all transactions and accounts that should be presented are included.
Nonsampling risk includes the possibility of the auditor's failure to recognize a misstatement or deviation. Nonsampling risk includes all the aspects of audit risk that are not caused by sampling.
Sampling risk is the probability that a properly drawn sample may not be representative of the population; that is, the conclusions drawn from the sample may differ from those drawn if all items in the population are examined. Sampling risk arises because less than 100% of the items are evaluated.
Attribute sampling involves tests of controls, while variables sampling involves substantive testing. Identifying entries posted to incorrect accounts is an example of a test of control, which would be used in attribute sampling.
Performance audits are defined as engagements that provide assurance or conclusions based on an evaluation of sufficient, appropriate evidence against stated criteria, such as specific requirements, measures, or defined business practices. It attempts to measure the accomplishments and relative success of the undertaking. However, this measurement depends on the actual intent of the legislation that established the program.
A limit check compares the input value with a limit value (e.g., the number of the month cannot exceed 12).
The primary effect of stratification
The primary effect of stratification is to reduce the effect of high variability by dividing the population into subpopulations. Reducing the effect of the variance within each subpopulation allows the auditor to sample a smaller number of items while holding precision and the confidence level constant.
The tolerable rate
The tolerable rate is the maximum rate of deviations from a prescribed control activity that the auditor would be willing to accept without altering his assessment of control risk for the assertions related to the prescribed control.
Specific transaction authorization
A specific transaction authorization is applicable to a unique decision, which is usually a one-time decision
A general authorization establishes criteria and authorizes the routine making of decisions subject to the criteria.
General controls commonly include controls over data center and network operations, systems software acquisition and maintenance, access security, and application system acquisition, development, and maintenance
Concerns dealing with valuation, allocation, and accuracy
The accuracy and the valuation and allocation assertions are concerned with whether amounts have been recorded appropriately
Statistical sampling helps the auditor to design an efficient sample, to measure the sufficiency of the evidence obtained, and to evaluate the sample results. It helps the auditors to measure sampling risk and therefore design more efficient samples.
Dual-purpose testing is the use of a sample for both tests of controls and substantive testing. The sample size should be the larger of the samples that would otherwise have been designed for the two separate purposes.
Independent auditing can best be described as
Independent auditing can best be described as a discipline that attests to the results of accounting and other functional operations and data.
The accounting process
The accounting process is a professional activity that measures and communicates financial and business data
When a subsequent event disclosed in the financial statements occurs after the date of the report but before the issuance of the related financial statements, the auditor may use dual dating. The auditor may use the original date of the report except for the matters affected by the subsequent event, which would be assigned the appropriate later date.
Goods shipped FOB Destination by the vendor should be recorded in the period received by the client