79 terms

Sarbanes-Oxley Act of 2002

STUDY
PLAY
The Sarbanes-Oxley Act of 2002 consists of 11 "Titles," the first four of which are directly applicable to auditors. What is the purpose of Title IV?
To address a variety of "enhanced financial disclosures," the most well-known of which deals with required internal control reporting (Section 404), among other matters.
List the standard setting responsibilities of the Public Company Accounting Oversight Board (PCAOB).
Auditing and related attestation, quality control, ethics and independence standards.
List the five primary responsibilities of the PCAOB.
1.) Registration of public accounting firms;
2.) Inspection of registered public accounting firms;
3.) Standard setting;
4.) Enforcement;
5.) Funding.
What is the purpose of the Sarbanes-Oxley Act of 2002?
The purpose is to address a series of perceived corporate misconduct and alleged audit failures (including Enron, Tyco, and WorldCom, among others) and to strengthen investor confidence in the integrity of the U.S. capital markets.
List the two primary revenue sources through which the Public Company Accounting Oversight Board's (PCAOB) budget is funded.
1.) Registration and annual fees from public accounting firms; and
2.) An annual "accounting support fee" assessed on issuers based on their relative monthly market capitalization.
What is the audit committee's responsibility regarding nonaudit services not specifically prohibited by Title II of the Sarbanes-Oxley Act?
The issuer's audit committee is required to approve any nonaudit services, including tax services, that are not specifically prohibited by Title II.
The Sarbanes-Oxley Act of 2002 consists of 11 "Titles," the first four of which are directly applicable to auditors. What is the purpose of Title III?
It established requirements related to "corporate responsibility" to make executives take responsibility for the accuracy of financial reporting (including a requirement for certification by the entity's "principal officers") and to make it illegal for management to improperly influence the conduct of an audit.
The Sarbanes-Oxley Act of 2002 consists of 11 "Titles," the first four of which are directly applicable to auditors. What is the purpose of Title I?
It establishes the PCAOB, gives standard-setting authority to the PCAOB regarding auditing, quality control, and independence standards, and creates its role in overseeing the accounting firms required to register with the PCAOB.
The Sarbanes-Oxley Act of 2002 consists of 11 "Titles," the first four of which are directly applicable to auditors. What is the purpose of Title II?
It established independence requirements for external auditors, which addressed perceived conflicts of interest [limiting nonaudit services, establishing a five year rotation for the audit partner and review partner, and restricting members of the audit firm from taking key management positions (including CEO, CFO, controller, or chief accounting officer) during the one year period preceding the audit engagement].
How frequently is the Public Company Accounting Oversight Board (PCAOB) required to conduct inspections of registered public accounting firms?
The frequency of inspection depends on the number of issuers that a firm audits.
*Firms that provide audit reports for at least 100 issuers - PCAOB must inspect annually;
*Firms that provide audit reports for fewer than 100 issuers - PCAOB must inspect every three years.
What interim standards were adopted by the Public Company Accounting Oversight Board (PCAOB)?
PCAOB adopted the American Institute of Certified Public Accountants' (AICPA) auditing standards in existence on April 16, 2003, as "interim standards, on an initial, transitional basis."
List the three general documentation requirements under Public Company Accounting Oversight Board (PCAOB) Auditing Standard No. 3.
1.) Demonstrate the auditor's compliance with PCAOB standards;
2.) Support the basis for the auditor's conclusions regarding every relevant financial statement assertion; and
3.) Demonstrate that the underlying accounting records agree to or reconcile with the financial statement elements.
Define "report release date."
The date when the auditor grants permission to use the auditor's report in connection with the issuance of the entity's financial statements. This date must be documented by the auditor.
What are deemed "significant findings or issues" that must be documented by the auditor?
1) Issues involving the application of accounting principles; 2) Circumstances causing modification of planned audit procedures; 3) Matters that could result in modification of the auditor's; 4) Material misstatements; 5) Significant deficiencies or material weaknesses in internal control; 6) Difficulties in applying auditing procedures; and 7) Disagreements among members of audit team.
Differentiate between the American Institute of Certified Public Accountants' (AICPA) and the Public Company Accounting Oversight Board's (PCAOB) requirements regarding "retention" of audit documentation.
*AICPA: requires retention of audit documentation for five years for audits of "nonissuers;"
*PCAOB: requires retention of audit documentation for seven years for audits of "issuers."
Describe the limited changes in audit documentation that are permitted after the documentation completion date.
*No documentation can be deleted; but
*Documentation can be added - must indicate the date the information was added, the name of the person preparing the additional documentation, and the reason for adding it.
Describe the level of detail in the audit documentation required by Public Company Accounting Oversight Board (PCAOB) Auditing Standard No. 3.
The documentation should be prepared in sufficient detail to permit an experienced auditor without prior connection to the engagement to understand the procedures performed and the conclusions reached and to determine who performed the work and on what date.
Differentiate between the American Institute of Certified Public Accountants' (AICPA) and the Public Company Accounting Oversight Board's (PCAOB) requirements regarding the documentation completion date.
*AICPA: A complete and final set of audit documentation should be assembled no later than 60 days after the report release date for audits of "nonissuers."
*PCAOB: A complete and final set of audit documentation should be assembled no later than 45 days after the report release date for audits of "issuers."
What is meant by the term "stated control objective" in the Public Company Accounting Oversight Board's (PCAOB) Auditing Standard No. 4?
The specific control objective identified by management that, if achieved, would result in the material weakness no longer existing.
What is the engagement objective as prescribed under the Public Company Accounting Oversight Board's (PCAOB) Auditing Standard No. 4?
*To express an opinion as to whether a previously reported material weakness (one or more) in internal control continues to exist as of a specified date.
*Such an engagement is strictly voluntary, because PCAOB standards do not require reporting on whether a previously reported material weakness continues to exist.
List the five conditions required for an engagement to report whether a previously reported material weakness continues to exist under the Public Company Accounting Oversight Board's (PCAOB) Auditing Standard No. 4.
1) Management accepts responsibility for internal control over financial reporting; 2) Management evaluates the effectiveness of the specific controls that address the material weakness; 3) Management provides an assertion that the specific control is effective; 4) Management supports its assertion with evidence; and 5) Management provides a written report to accompany the auditor's report.
What opinion choices does an auditor have when engaged to report on whether a previously reported material weakness continues to exist under the Public Company Accounting Oversight Board's (PCAOB) Auditing Standard No. 4?
The auditor may either express (1) an unqualified opinion or (2) a disclaimer of opinion. A qualified opinion is not permitted.
Define "control deficiency."
A weakness that exists when the design or operation of a control does not allow management or employees, in the normal course of performing their assigned functions, to prevent or detect misstatements on a timely basis.
Describe the top-down approach.
A risk-based approach to auditing that begins at the financial statement level and with the auditor's understanding of the overall risks to internal controls over financial reporting (ICFR). The auditor then focuses on "entity-level" controls and works down to significant accounts and disclosures and their relevant assertions.
Define "entity-level controls."
Controls related to the control environment, controls over management override, the company's risk assessment process, controls to monitor results of operations or other controls, controls over the period-end financial reporting process; and policies that address significant business control and risk management practices.
Define "walkthrough."
The process of following a transaction from origination through the company's processes until reflected in the financial records.
Define "significant deficiency."
A deficiency, or a combination of deficiencies, in internal control over financial reporting that is less severe than a material weakness, yet important enough to merit attention by those responsible for oversight of the company's financial reporting.
Define "material weakness" in internal control.
A deficiency, or combination of deficiencies, in internal control over financial reporting, that creates a reasonable possibility that a material misstatement of the financial statements will not be prevented or detected on a timely basis.
List some indicators of material weaknesses.
*Identification of fraud involving senior management, whether or not material;
*Restatement of previously issued financial statements;
*Identification by the auditor of a material misstatement of the financial statements in the current period; and
*Ineffective oversight of the company's external financial reporting and internal control by the company's audit committee.
List the two categories of control deficiency.
(1) Deficiency in design and (2) deficiency in operation.
List the procedures associated with testing operating effectiveness of internal controls.
Inquiry, observation, inspection, re-performance.
Define "deficiency in operation."
A deficiency that exists when a properly designed control does not operate as designed or when the person performing the control does not possess the necessary authority or qualifications to perform the control effectively.
Define "deficiency in design."
A deficiency that exists when a control necessary to meet the control objective is missing or when an existing control is not properly designed so that, even if the control operates as designed, the control objective is not always met.
In what circumstance is the Public Company Accounting Oversight Board's (PCAOB) Auditing Standard No. 5 applicable?
When engaged to "perform an audit of management's assessment of the effectiveness of internal control over financial reporting" (ICFR) - the objective of such an engagement is to express an opinion on the effectiveness of ICFR.
What type of opinion is required on internal control over financial reporting when a material weakness exists?
Adverse opinion.
What are the two specific matters that affect the auditor's evaluation of consistency of financial statements as prescribed in the Public Company Accounting Oversight Board's Auditing Standard No. 6?
1.) A change in accounting principle; and
2.) A restatement to correct a misstatement in previously issued financial statements.
List the four criteria the auditor should evaluate when there is a change in accounting principle.
1.) Whether the newly adopted principle is GAAP;
2.) Whether the method of accounting for the effect of the change conforms to GAAP;
3.) Whether the disclosures related to the change are adequate; and
4.) Whether the company has justified that the alternative accounting principle is preferable.
What effects on the auditor's report, if any, does a change in the reporting entity resulting from a transaction or event, such as the purchase or disposition of a subsidiary, have?
The auditor's report does not require recognition of the matter.
What effects on the auditor's report, if any, does a correction of a material misstatement to previously issued financial statements have?
The auditor's report should include an explanatory paragraph describing the inconsistency;
The auditor should evaluate the adequacy of the company's disclosure regarding any such restatement.
What effects on the auditor's report, if any, does a change in the classification in previously issued financial statements have?
The auditor's report does not usually require recognition of the matter unless the change represents a change in accounting principle or the correction of a material misstatement.
Describe the engagement quality review "cooling off" restriction as explained in the Public Company Accounting Oversight Board's (PCAOB) Auditing Standard No. 7.
The person serving as engagement partner during either of the two audits preceding the audit subject to engagement quality review is not permitted to serve as engagement quality reviewer, unless the registered firm qualifies for a specific exemption to this requirement.
What is the purpose of the engagement quality reviewer under the Public Company Accounting Oversight Board's (PCAOB) Auditing Standard No. 7?
To perform an evaluation of the significant judgments made by the engagement team and the related conclusions reached and in preparing any engagement report(s).
Describe the basic requirement associated with the Public Company Accounting Oversight Board's (PCAOB) Auditing Standard No. 7, "Engagement Quality Review."
PCAOB Auditing Standard No. 7 requires an engagement quality review and concurring approval before issuing the report for audit (or review) engagements conducted under PCAOB standards.
List the qualifications required of an engagement quality reviewer under the Public Company Accounting Oversight Board's (PCAOB) Auditing Standard No. 7.
1.) Must be an "associated person" of a registered public accounting firm; and
2.) Must have competence, independence, integrity, and objectivity.
List the differences in the American Institute of Certified Public Accountants (AICPA) Statements on Quality Control Standards (SQCS) relative to the Public Company Accounting Oversight Board's (PCAOB) Auditing Standard No. 7.
SQCS do not:
*Require an "engagement quality review" for any type of engagement;
*Impose a "cooling off" restriction or a requirement that the reviewer must be an "associated person" of a registered public accounting firm;
*Require a "concurring approval of issuance" before issuing a report;
*Specifically require that engagement quality review documentation must be retained with other documentation.
What are the requirements regarding concurring approval of issuance of an engagement report as prescribed by the Public Company Accounting Oversight Board's (PCAOB) Auditing Standard No. 7?
*The firm cannot give permission to the client to use the engagement report until the engagement quality reviewer provides concurring approval of issuance.
*The engagement quality reviewer cannot express such approval if there is any "significant engagement deficiency."
Under the Public Company Accounting Oversight Board's (PCAOB) Auditing Standard No. 7, what should the engagement quality reviewer do to evaluate the significant judgments and conclusions of the engagement team?
To evaluate the significant judgments and conclusions of the engagement team, the engagement quality reviewer should:
*Hold discussions with the engagement partner and other members of the engagement team; and
*Review documentation.
What is the auditor's objective for audit risk as prescribed by the Public Company Accounting Oversight Board's (PCAOB) Auditing Standard No. 8?
To conduct the audit of financial statements in a manner that reduces audit risk to an appropriately low level.
Describe the audit plan that an auditor is responsible for establishing under the Public Company Accounting Oversight Board's (PCAOB) Auditing Standard No. 9.
The audit plan is more specific than the audit strategy and deals with the nature, timing, and extent of the auditor's planned procedures (including risk assessment procedures, tests of controls, and substantive procedures).
As outlined in the Public Company Accounting Oversight Board's (PCAOB) Auditing Standard No. 12, what is the purpose of risk assessment procedures?
The auditor should perform risk assessment procedures sufficient to provide a reasonable basis for identifying and assessing the risks of material misstatement and designing further audit procedures.
List the two categories of auditor responses regarding risks of material misstatement as prescribed by the Public Company Accounting Oversight Board's (PCAOB) Auditing Standard No. 13.
1.) Overall responses; and
2.) Responses involving the nature, timing, and extent of audit procedures at the relevant assertion level.
List the matters that are to be evaluated by the auditor per the Public Company Accounting Oversight Board's (PCAOB) Auditing Standard No. 15.
1.) Results of analytical procedures performed as the overall review;
2.) Misstatements accumulated during the audit;
3.) The qualitative aspects of the company's accounting practices;
4.) Conditions identified related to fraud risk;
5.) The presentation (including disclosures) of the financial statements; and
6.) Adequacy of evidence obtained.
What is the auditor's objective for supervision of the audit engagement as prescribed by the Public Company Accounting Oversight Board's (PCAOB) Auditing Standard No. 10?
The objective is to supervise the audit engagement so that the work is performed as directed and supports the conclusions reached.
Describe the different treatments regarding financial statement assertions between the AICPA's Statements on Auditing Standards and the Public Company Accounting Oversight Board's (PCAOB) Auditing Standard No. 15.
The PCAOB identifies five financial statement assertions, whereas the AICPA identifies 13 assertions in total of three categories of assertions (involving (1) account balances at the period end; (2) transactions and events for the period; and (3) presentation and disclosure). The AICPA's discussion of assertions is consistent with International Standards on Auditing.
What is the auditor's objective for audit planning as prescribed by the Public Company Accounting Oversight Board's (PCAOB) Auditing Standard No. 9?
The objective is to plan the audit so that the audit is conducted effectively.
Describe the overall strategy that an auditor is responsible for establishing under the Public Company Accounting Oversight Board's (PCAOB) Auditing Standard No. 9.
The overall strategy involves rather high level audit resource allocation issues involving the scope, timing, and direction of the audit activities.
List the two levels at which the risks of material misstatement should be assessed as outlined in the Public Company Accounting Oversight Board's (PCAOB) Auditing Standard No. 8?
1.) At the financial statement level; and
2.) At the assertion level.
What is the auditor's objective for identifying and assessing risks of material misstatement as prescribed by the Public Company Accounting Oversight Board's (PCAOB) Auditing Standard No. 12?
To identify and appropriately assess the risks of material misstatement, thereby providing a basis for designing and implementing responses to the risks of material misstatement.
List the five financial statement assertions outlined in the Public Company Accounting Oversight Board's (PCAOB) Auditing Standard No. 15.
1.) Existence
2.) Completeness
3.) Rights and obligations
4.) Valuation or allocation
5.) Presentation and disclosure
What is the auditor's objective for the consideration of materiality in planning and performing the audit as prescribed by the Public Company Accounting Oversight Board's (PCAOB) Auditing Standard No. 11?
The objective is to apply the concept of materiality appropriately in planning and performing audit procedures.
What is the auditor's objective for evaluating audit results as prescribed by the Public Company Accounting Oversight Board's (PCAOB) Auditing Standard No. 14?
To evaluate the results of the audit to determine whether the audit evidence obtained is sufficient and appropriate to support the opinion.
As outlined in the Public Company Accounting Oversight Board's (PCAOB) Auditing Standard No. 12, list the specific risk procedures an auditor should perform to assist in assessing risks of material misstatement.
*Obtaining an understanding of the company and its environment;
*Obtaining an understanding of internal control over financial reporting;
*Considering information from client acceptance/retention, planning, prior audits, and other engagements for the company;
*Performing analytical procedures; and
*Inquiring about the RMM.
What is the auditor's objective as it relates to responding to the risks of material misstatement as prescribed by the Public Company Accounting Oversight Board's (PCAOB) Auditing Standard No. 13?
The objective is to address the risks of material misstatement through appropriate overall audit responses and audit procedures.
What is the auditor's objective for obtaining audit evidence as prescribed by the Public Company Accounting Oversight Board's (PCAOB) Auditing Standard No. 15?
To plan and perform the audit to obtain appropriate audit evidence that is sufficient to support the opinion.
What is the auditor's responsibility regarding "reasonable assurance" as prescribed by the Public Company Accounting Oversight Board's (PCAOB) Auditing Standard No. 8?
To reduce audit risk to an appropriately low level.
List the circumstances that impact the extent of supervision as outlined in the Public Company Accounting Oversight Board's (PCAOB) Auditing Standard No. 10.
*The size and complexity of the company;
*Nature of the work assigned to engagement personnel;
*Capabilities of each engagement team member; and
*The risks of material misstatement.
What are the engagement partner's responsibilities as outlined in the Public Company Accounting Oversight Board's (PCAOB) Auditing Standard No. 10?
The engagement partner is responsible for the engagement and its performance, including the proper supervision of the engagement team members and compliance with PCAOB standards.
Describe the PCAOB requirements as to the timing of the auditor's communications with an entity's audit committee.
The required matters should be communicated on a timely basis, and prior to the issuance of the auditor's report.
What specific matters should be communicated to the audit committee about the auditor's evaluation of the quality of financial reporting?
(1) Qualitative aspects of significant accounting policies; (2) assessment of critical accounting policies and practices; (3) conclusions about critical accounting estimates; (4) significant unusual transactions (and the business rationale); (5) conformity with the applicable financial reporting framework; (6) new accounting pronouncements affecting financial reporting; and (7) alternative accounting treatments discussed with management.
What 4 matters should be communicated to an issuer's audit committee related to the entity's accounting policies, estimates, and significant unusual transactions?
1.) Significant accounting policies and practices.
2.) Critical accounting policies and practices (and why they are considered critical).
3.) Critical accounting estimates (and management's processes and significant assumptions).
4.) Significant unusual transactions (outside the normal course of business).
Describe the PCAOB requirements as to the form of the auditor's communications with an entity's audit committee.
The communications may be oral or in writing, unless otherwise specified. For example, an engagement letter is obviously a written communication.
What is the meaning of the term critical accounting estimate?
An accounting estimate where (a) the nature of the estimate is material due to the levels of subjectivity and judgment necessary to account for highly uncertain matters or the susceptibility of such matters to change; and (b) the impact of the estimate on financial condition or operating performance is material.
What are the 4 objectives of the auditor related to communications with audit committees that are identified in PCAOB Auditing Standard No. 16?
1.) Communicate responsibilities and establish an understanding of the engagement's terms.
2.) Obtain information from the audit committee relevant to the audit.
3.) Communicate information about the strategy and timing of the audit.
4.) Provide the audit committee with timely observations about significant audit matters.
What is the meaning of the term critical accounting policies and practices?
A company's accounting policies and practices that are both most important to the portrayal of the company's financial condition and results, and require management's most difficult, subjective, or complex judgments, often as a result of the need to make estimates about the effects of matters that are inherently uncertain.
What are the two primary matters that the auditor should evaluate when engaged to report on supplemental information accompanying the financial statements of an issuer?
1.) Whether the information is fairly stated in relation to the financial statements; and
2.) Whether the information is presented in conformity with regulatory requirements (or other applicable criteria).
What is the auditor's basic objective when reporting on supplemental information under PCAOB Auditing Standard No. 17?
To obtain sufficient appropriate audit evidence to express an opinion on whether the supplemental information is fairly stated, in all material respects, in relation to the financial statements as a whole.
When is PCAOB Auditing Standard No. 17 ("Auditing Supplemental Information Accompanying Financial Statements") applicable?
It applies when reporting on supplemental information in connection with financial statements audited under PCAOB auditing standards, whether required by regulatory authorities or provided voluntarily.
When the auditor issues an adverse opinion (or a disclaimer of opinion) on an issuer's financial statements, how is the opinion on the supplemental information affected?
The auditor should also express an adverse opinion (or disclaimer of opinion) on the supplemental information.
When the auditor issues a qualified opinion on an issuer's financial statements, how is the opinion on the supplemental information affected?
The auditor should express a qualified opinion on the supplemental information only if the basis for that qualification also applies to the supplemental information.
YOU MIGHT ALSO LIKE...