CPA Audit Notes

Auditing
PCAOB - auditing standards for issuers
ASB- auditing standards for non-issuers (GAAS)
GAO (Gov Acctblty Office)- auditing standards for government entities
Due care: encompasses the employment of reasonable care and diligence as well as critical review at
every level of supervision of the work done and the judgment exercised by those assisting in the audit.
Standard auditor's report on comparative financial statements states explicitly that evidence is
obtained (and therefore examined) and implies that accounting principles have been consistently
applied.
Quality control policies and procedures governing new client acceptance are established to minimize the
likelihood of association with a client whose management lacks integrity.
Auditor's standard report refers to both GAAS and GAAP explicitly
GAAS
General Standards (TID)
T-echnical: training to perform audit
I-ndependence: maintain independence in state of mind
D-ue professional care: in performance and prep of report
Standards of Field Work (PIE)
P-Lanning: plan and supervise assistance
I-nternal control: understanding of entity and internal control to assess risk of fraud and error and
design of audit and procedures
E-vidence : sufficient appropriate audit evidence to afford reasonable opinion
Standards of Reports (GCDO)
G-AAP: state in report whether financial statements are in accordance with GAAP
1
C-onsistency: identify in report when GAAP principles not consistent in current period in relation to prior
period (only mentioned when inconsistent aka implicit)
D-isclosure: implicit. only identified if not reasonably adequate
O-pinion: either express opinion of statements as a whole or state opinion cannot be expressed (states
reasons if no opinion)
AICPA replaced GAAS with 7 Principles ("PR-PR")
P-urpose/Premise - provide opinion if F/S are presented fairly in all material repects on
premise that management have 1) responsibility for fair presentation and
2) provide auditor with all relevant info

(unrestricted access)
R-esponsibilities: 1. Appropriate competence 2. comply with ethical requirements
3. maintaining professional skepticism and exercising professional judgment
P-erformance: to express opinion, obtains reasonable assurance (high but not absolute)
plans and supervises assistance
determines and applies materiality level
identifies and assesses risk of material misstatement (includes internal control)
obtains sufficient appropriate evidence about whether material misstatements exist
auditor is unable to have absolute assurance due to inherent limitation
1. nature of financial reporting, 2. audit procedures, 3. achieve time/ cost v benefit goal
R-eporting: express opinion in accordance with findings or that an opinion cannot be expressed
_______________________________
AICPA professional standards or professional requirements
Unconditional Requirements - "must" or "is required"
Presumptively mandatory- expected but rare occasions is not "should"
Explanatory material- further guidance "may: might: could"
Interpretative publications: guidance outside standards, appendices etc
2
6 Elements of a quality control system
Leadership responsibilities for quality
Relevant ethical requirements
Acceptance and continuance of clients and specific engagements
Human Resources
Engagement Performance
Monitoring
Documentation Requirements
Auditor should document
issues (and resolution) of issues related to ethical requirements including conclusions about
independence matters
conclusions about acceptance/continuance of client relationships
issues and conclusions related to consultations
Quality control reviewer should document
required procedures have been performed
date that the engagement quality control review was completed
that the review is not aware of any unresolved matters about engagement ream's significant judgments
and conclusions
Quality Control Standards apply to Auditing/Accounting/Review services only
Statements on Quality Control Standards are issued by the AICPA's Auditing Standards Board
3
Unqualified Audit Report
3 paragraphs
Intro- lays out responsiblities
Scope paragraph- what audit consists of. belief audit provides basis of opinion
Opinion paragraph - one sentence; in our opinion.....
Signed CPA Firm
Date (when 'sufficient appropriate" evidence has been obtained; end of fieldwork at
earliest)
Unmodified Opinion (clarity project's version of unqualified)
Intro:1 sentence- We have audited....
Management's responsibility for F/S: internal control listed
` Auditors responsiblity- 3 paragraphs
Opinion: in our opinion...
AICPA requires city and state of auditor performing audit
GAAS require an auditor to express an opinion on the financial statements. That responsibility is
EXPLICITLY represented in the Auditor's Responsibility paragraphs of the auditor's standard report which
states that the auditor's responsibility is to express an opinion.
4
Statements on Standards for Accounting and Review Services (SSARS)
for compilation or review services related to F/S of non issuers
Level of assurance- positive or negative or procedures/finding or no assurance
Emphasis on AU, AR, and AT
5
6
Planning Activities
Terms of engagement- accept on when preconditions established and common understandings
Premise: Audit in accordance that management have responsibility for
1. Preparation and fair presentation of F/S
2. Provide auditor with all information relevant
Auditor must obtain management agreement
Engagement Letter
- objective and scope
-respective responsibilities
-statement about inherent limitations of audit
-statement identifying applicable financial reporting framework
-reference to expected content of any reports issued
-other matters (fees, deadlines, specialist, etc)
7
if management limits predecessor to respond? evaluate to take on engagement
Matters to be addressed w predecessor
1. info on integrity of management
2. disagreements w management about accounting or audit issues
3. communications to those charged w governance about sensitive issues (fraud, etc)
4. communications to management about significant deficiencies in I/C
5. understanding about reason for change in auditor
Preconditions for an audit : The use by management of an acceptable financial reporting framework in

the preparation of the financial statements and the agreement of management to the premise on which
an audit is conducted.
The auditor's communication with the predecessor auditor may be written or verbal
General Details
1. Objectives of the Expression of an opinion on the financial statements
engagement
2. Management’s • Establishing and maintaining effective internal control over financial
responsibilities reporting
• Identifying and ensuring that the entity complies with laws and
regulations
• Making financial records and related information available to the
auditor
• Providing a representation letter (see Evidence Module)
• Adjusting financial statements to correct material misstatements
• Affirming in representation letter that effect of uncorrected
misstatements aggregated by auditor is immaterial
3. Auditor’s • Conducting audit in accordance with US GAAS
responsibilities • Ensuring that audit committee is aware of any significant
deficiencies which come to auditor’s attention
4. Limitations of the • Obtains reasonable, rather than absolute, assurance
audit • Material misstatement may remain undetected
• If auditor is unable to form or has not formed an opinion, auditor
may decline to express an opinion or decline to issue a report
Other (not required) • Arrangements regarding:
– Conduct of engagement (timing, client assistance, etc.)
8
– Involvement of specialists or internal auditors
– Predecessor auditor
– Fees and billing
– Additional services to be provided relating to regulatory
requirements
– Other additional services

• Any limitation or other arrangement regarding the liability of the
auditor or the client
• Conditions under which access to the auditor’s working papers may
be granted to others
AU-c 210 : relates to engagement letters
Planning and supervision
Standards of Fieldwork (PIE)
P-lanning & Supervision - auditor must adequately plan work and properly supervise assistants
(New PR-PR) Performance : to obtain reasonable assurance auditor Plans the work and properly
Supervises any assistants
Usually prepare planning memo, thought not required
Basic responsibility- to be responsive to the assessment of risk of material misstatements based on

auditors understanding
Develop overall audit strategy
Audit Plan- nature (what procedures), timing (when to perform procedures) and extent (sample size) of
audit. Required. Written
3 Different types of audit procedures ("nature")
1. Risk assessment procedures - inquiry, analytical
Further Audit Procedures - 2. test of controls, and 3. substantive procedures
9
Determine specialized skill to assist with audit (Audit specialist)
Discuss audit strategy with client management (timing and parties needed)
Documentation
1. Audit Strategy
2. Audit plan (aka audit program)
3. Significant changes to audit strategy or audit plan and why
4. Other matters for an "initial audit engagement"
During planning of the audit, the auditor should also consider establishing an understanding
about other matters such as
a. Arrangement on conduct of engagement (timing, client assistance, etc.)

b. Arrangement on involvement of specialists or internal auditors
c. Arrangement on involvement of predecessor auditor
d. Arrangements on fees and billing
e. Any limitation of liability
f. Conditions under which access to auditor’s working papers may be granted
g. Additional services provided relating to regulatory requirements
h. Arrangement regarding other services
Materiality
Planning Stage - delt with size of missstaements audit plan was designed to detect
Evaluation stage- final conclusion if fairly stated or not
Clarified - eliminates the 2 stages,
Focuses on "performance materiality" the one amount that is planned throughout evidence
gathering phase. less than F/S materiality to build in cushion for undetected errors
Tolerable Misstatement- amount of materiality thats allocated to individual audit ares
Documentation requirements
10
- Materiality for F/S as a whole
-Materiality for specific classes of transactions, account balances, disclosures
- performance materiality
- any revisions to considerations during audit
The auditor should establish performance materiality at less than materiality for the financial
statements as a whole to allow for the possibility of uncorrected and undetected misstatements.
The determination of materiality is a matter of professional judgment, and involves both quantitative
(the relative magnitude of the items in question) and qualitative (the surrounding circumstances)
considerations.
Audit Risk
Auditor give incorrect opinion when f/s are misstated
Unmodified = everything is good
Audit Risk is applicable at the level of an individual audit area (lower level)
AR = IR * CR * DR
11
Each component is considered from left to right in order:
Inherent risk (IR) : The probability that a material misstatement would occur in the particular audit area
in the absence of any internal control policies and procedures.
Control risk (CR) : The probability that a material misstatement that occurred in the first place would not
be detected and corrected by internal controls that are applicable.
Detection risk (DR) : The probability that a material misstatement that was not prevented or detected
and corrected by internal control was not detected by the auditor's substantive audit procedures (that
is, an undetected material misstatement exists in a relevant assertion). Auditors Responsibility
Another version of the equations is...
AR = RMM * DR
RMM = risk of material misstatement (combine inherent and control risk)
Audit risk is the risk that auditor expresses an inappropriate audit opinion when the financial statements
are misstated, and it is a function of the risks of material misstatement and detection risk.
Relationship between control risk and detection risk is ordinarily INVERSE
Detection risk is the risk that the auditor will not detect a material misstatement that exists in an
assertion. Detection risk may be viewed in terms of two components (1) the risk that analytical
procedures and other relevant substantive tests would fail to detect misstatements equal to tolerable
misstatement, and (2) the allowable risk of incorrect acceptance for the substantive tests of details.
f DR increases, the auditor is MORE willing to risk missing a MM and can do less work or use weaker
evidence.
Analytical Procedures
comparisons or more involved such as ratios and trend analysis
3 broad Purposes:
1. Planning - is required
2. Useful as substantive procedure - not required
3. Required as final review
As indicated in AU-C 520, a basic premise underlying the application of analytical procedures is that
plausible relationships among data may reasonably be expected to exist and continue in the absence of
known conditions to the contrary
12
AU-C 520 indicates that relationships involving income statement accounts tend to be more predictable
than relationships involving only balance sheet accounts.
U-C 315 and AU-C 520 require the use of analytical procedures at both the risk assessment and near
completion of the audit, but not as a substantive procedure.
Analytical procedures used in the overall review stage of an audit are intended to assist the auditor in
assessing the conclusions reached and in evaluating the overall financial statement presentation.
Analytical procedures used in planning often use data aggregated at a high level.
Detecting Fraud
Basic responsiblity- plan audit to provide reasonable assurance
2 types of fraud:
Fraudulent financial reporting "cooking the books"
misappropriation of assets - theft and false entries to conceal
AU-C 240 deals with fraud
Fraud: Evaluation and Communication
Required Documentation:
13
Discussion among engagement personnel
Procedures performed as a basis for assessing risks of material fraud
Specific risks of fraud identified
Basis for auditors conclusion of improper revenue recognition is not identified as a fraud risk
Results of procedures performed to address risk of management override of I/C
Other conditions that caused auditor to do follow up procedures
Nature of communication to management
Required Communications
Must inform those charged with governance when senior management is involved.
Must inform 1 level above if management isnt involved
Can divulge if: Subpoena, SEC requirements (changed auditors and must talk to SEC), authorized to
communicate to successor, Government
When the auditor communicates fraud-related issues to management, the communication may be
written or verbal
AU-C 240 requires that all management fraud, regardless of materiality, be reported to the audit
committee
Detecting Illegal Acts
Reasonable assurance of detecting illegal acts that have direct and material effect
Inquire of management about compliance with laws and regulations
AU-C 250 requires the auditor to apply audit procedures specifically designed to determine whether an
illegal act has occurred when such information comes to his/her attention
14
AU-C 240 states that a material misstatement may occur due to errors, fraud, and illegal acts with a
direct effect on financial statement amounts
Using the Work of a Specialist
Auditor remains responsible for conclusions of specialist
Unmodified report - should not refer to specialist in an unmodified audit report
Modified report - may refer to specialist in modified audit report if it will help readers
Required Communications
communicate significant and relevant items to those in charge of governance
May be oral or writing
1. Managements responsibilities and auditor responsibilities under GAAS
2. Planned scope and timing of audit
3. Significant findings from the audit -- The auditor should communicate
1.The auditor's views about the qualitative aspects of the entity's significant accounting policies
including the quality (not just the acceptability) of significant accounting practices, estimates,
and disclosures;
2.Significant difficulties encountered during the audit including significant delays caused by
management, unreasonable time pressure, unavailability of expected information, etc;
3.Disagreements with management over accounting and auditing matters whether or not those
disagreements were satisfactorily resolved;
4.Any other matters that the auditor believes would be important to those charged with
governance in their oversight of financial reporting;
5.Uncorrected misstatements -- The auditor should request that uncorrected misstatements be
corrected and communicate any uncorrected misstatements accumulated by the auditor,
including the financial statement effect.
6.Other matters -- The auditor should communicate the following matters:
a.Material misstatements communicated to management that were corrected;
b.Any significant findings or issues discussed with management;
c.Any known instances where management consulted with other accountants about
accounting or auditing matters; and
15
d.The written representations that the auditor requested from management.
AU-C 260 discusses communications
Internal Control - Concepts and standards

Auditor must obtain sufficient understanding of entity and its environment including internal control
Clarified Standards - Obtain reasonable assurance, which is a high, but not absolute level of assurance,
the auditor
plans work and supervises assistants
determines and applies appropriate materiality levels
identifies and assesses risk of material misstatement due to fraud or error based on
understanding the entity and its environment including INTERNAL CONTROL
obtain sufficient appropriate audit evidence about if material misstatements exist
Obtains understanding of "Design" of I/C by:
inquiry
observation
review of applicable documentation
Within given categories (cash, sales, etc) - control risks are generally constant
Ways to Document understanding of I/C
Flowcharts- advantages: unlikely to overlook important considerations; tailored to client-specific

circumstances; fairly easy for others to review and understand, fairly
easy to update
disadvantages: tedious and time consuming to prepare initially
16
Internal control questionnaires (ICQs) - yes = good no = bad
advantages: prepared in advance for various categories to eliminate obmissions
disadvantages: generic, not tailored to client-specific circumstances and irrelevant

questions are annoying
Narrative write ups (memos)
advantages: tailored to client, detailed or generic, easy to prepare
disadvantages: easy to overlook relevant internal control issues
"Walk through" = small sample to walk through the entire process to verify documented understanding
of I/C
Primary objective of understanding I/C is for audit planning - nature/timing/extent of audit
A compensating control supplements a basic underlying control
AU-C 315 states that the auditor should obtain sufficient knowledge of the information (including
accounting) system to understand the financial reporting process used to prepare the entity's financial
statements, including significant accounting estimates and disclosures
Internal Control Concepts 2
Auditor will make a preliminary decision on I/C
"ineffective" is maximum control risk with no reliance, and will perform a wholly substantive audit
approach
"effective" possibility of assessing control risk at less than maximum, reliance
If less than maximum, auditor will perform "tests of control" to evaluate operating effectiveness of
controls - then reevaluate operating effectiveness of controls
Perform "tests of controls" -- but only for those specific control policies and procedures (strengths that
justify accepting a somewhat higher level of detection risk) on which reliance is planned.
Tests of controls directed toward effectiveness or operation of a control would ordinarily include
inquiries, inspections of documents, observation, and re-performance of the application of a control
Design and implementation of I/C is management responsibility
17
Understanding internal control and assessing control risk are steps which may be performed
concurrently
The auditor is NOT required to obtain knowledge about the operating effectiveness of internal control
When assessing control risk at below the maximum level, an auditor is required to document the
auditor's understanding of the
I. Entity's control activities that help ensure management directives are carried out.
II. Entity's control environment factors that help the auditor plan the engagement.
AU-C 330 for information on the nature of tests of controls
AU-C 315 requires that control risk be assessed in terms of financial statement assertions
The auditor should document the basis for conclusions about internal control -- either way, whether
internal control is perceived to be effective or ineffective.
18
Internal Control Standards 1
Primary guidance to auditor's consideration of I/C
Understanding the Entity and its environment and assessing the risk of material misstatement
Performing audir procedures in response to assessed risks and evaluating audit evidence
I/C = a process designed to provide reasonable assurance with regard to 1. reliability of financial
reporting, 2. effectiveness and efficiency of operations and 3.compliance with applicable laws and
regulations
I/C consists of 5 interrelated components:
1. Control Environment - policy and procedures "tone at top"
2. Risk assessment - policy and procedures to id and analyze risk for management
3. Info and Commun Systems - to id, capture and exchange relevant info
4. Control Activities - policy and procedures to provide objective are achieved (SCARE)
Segregation of Duties: Authorization (execution), access (custody), accounting (record keeping)
Controls (physical controls)
Authorization
Review (performance review)
EPD (information processing)
5. Monitoring
Understanding the Entity and its environment
industry, regulatory and other external factors
Nature of entity (operations, ownership, governance, etc..)
objectives and strategies
measurement and review of entity's financial performance
19
Sufficient understanding of internal control
Risk Assessment Procedures- an understanding of entity and its environment to assess RMM
Inquiries of management
observation and inspection of documents
analytical procedures performed in planning
review of info obtained in prior periods
discussion among audit team members about RMM
"significant risks" - need special audit consideration (complex, related parties, subjective, "unusual")
Discussion with team about RMM and applicable financial reporting framework
Key elements of understanding obtained about the entity, environment, I/C
Assessment of RMM and basis for assessment
ID "significant risks" and related controls
Ongoing monitoring : involves assessing the design and operation of controls on a timely basis and
taking necessary corrective actions
Segregation of Duties Deep Dive:
Can't prevent fraud due to collusion or management override
Custody - employee has direct access to asset
Authorization- executing
Recording- accounting and record keeping
Reconciliation (can be a 4th)
20
Concept of reasonable assurance recognizes that cost of an entity's internal control structure should not
exceed the benefits expected to be derived
Internal Control Standards 2
Performing audit procedures in response to assessed risks and evaluating audit evidence
"Overall responses" - assign more experienced staff, more supervision, specialists, change audit plan
3 different types of audit procedures
1. Risk assessment procedures
2. Tests of control: (further procedure) determine effectiveness of controls, when auditor

contemplates on relying on I/C for higher level of detection risk, or wholly substantive
procedures doesn't provide sufficient audit evidence by themselves
3. Substantive procedures (further procedure)
Required Documentation
Overall Responses to address RMM at F/S level
Linkage of those procedures with assessed RMM at relevant assertion level
Results of Audit procedures
That F/S agree with underlying records
The professional standards require auditors to test controls at least every third year.
Internal Control Required Communications
Must Communicate IN WRITING any identified "material weaknesses" and "significant deficiencies"
wither in design or operation of internal control
Communication no later than 60 days following the "report release date". The "report release date" is
the date that the auditor grants the entity permission to use the auditor's report in connection with the
audited financial statements
Not in charge of seeking them out
Lesser matters can be verbally
21
Significant deficiency: A deficiency (or combination of deficiencies) in internal control that is less severe
than a material weakness, yet important enough to merit attention by those charged with governance.
Material weakness: A deficiency (or combination of deficiencies) in internal control such that there is a
reasonable possibility that a material misstatement of the entity's financial statements will not be
prevented or detected and corrected on a timely basis.
Can say "no material weakness" in letter but can't say "no significant weakness"
The written communication about significant deficiencies and material weaknesses should:
1.State that the purpose of the audit was to express an opinion on the financial statements, not to
express an opinion on the effectiveness of internal control;
2.State that the auditor is not expressing an opinion on the effectiveness of internal control;
3.State that the auditor's consideration of internal control was not designed to identify all
significant deficiencies or material weaknesses;
4.Include the definition of the terms material weakness and significant deficiency, as applicable.
5.Identify the matters that are considered to be material weaknesses and significant deficiencies,
as applicable.
6.State that the communication is intended solely for the use of management, those charged with
governance, and others within the organization (it should not be used by anyone other than
those specified parties) - if such a communication is required to be given to a governmental
authority, that specific reference may be added.
The auditor should not issue a written communication stating that no significant deficiencies were
identified during the audit.
Using the Work of Internal Audit Function
1. Obtain audit evidence- substitute I/A work in place of external auditor
2. To provide direct assistance- use I/A to perform procedures subject to external auditors
direction/supervision/review
Using I/A to obtain evidence, must verify:
22
1. Objectivity: consider (1) the organizational status of the internal audit function; and (2) the policies
affecting the internal auditor's objectivity about areas audited
2. Competence
3. Systematic and disciplined approach - formal structured approach, including quality control
External Auditor should also: 1. Read I/A function's reports related to planned use 2. Perform
procedures to evaluate I/A's work and if conclusions are appropriate 3. Reperform some of I/A work that
is to be used
Using I/A to provide assistance, must verify:
1. Objectivity: consider (1) the organizational status of the internal audit function; and (2) the policies
affecting the internal auditor's objectivity about areas audited
2. Competence
External auditor should: Obtain written acknowledgement from management to use I/A without
interference, Direct/supervise/review, test some of the work performed by I/A
Don't report involvement of I/A. No distinction
AU-C 610 requires that judgments about inherent and control risk always be those of the independent
auditor
23
Internal Control - Transaction Cycles
Specific Transaction Cycles
Control Risk may be viewed as a constant in each category. A transaction cycle is, therefore, the highest
level of aggregation for which control risk may be viewed as a constant.
-Revenue/receipts
-Expenditures/disbursements
-Payroll
Use "SCARE" acronym when thinking about each group
Revenue/Receipts - Sales cycle
Purchase Orders - External Document
1. Sales order info 2. Shipping Docs (outbound or inbound, bills of lading-common carriers) 3.
Sales invoice 4. Customer Remittance advice (to match payment w account)
Control Activities "Scare"
Segregation of Duties: different employees or departments perform segregated duties

(authorization/access/accounting)
Control: access
Authorization: executed as authorized by management
Review: monthly statements sent to customers, benchmark for authority levels, compare documents,
verify proper "cutoff" for transactions,
EDP/IT : all of key documents should be pre-numbered, aged trial balance reconciled to GL periodically
Lapping will result in a delay in the recording of specific remittance credits
Completeness: assertion deals with whether all transactions have been included in the proper period.
24
Presentation or disclosure: assertion deals with whether particular components of the financial
statements are properly classified, described, and disclosed
Rights and obligations: assertion deals with whether assets are the rights of the entity and liabilities are
the obligations of the entity at a given date
Existence or occurrence: assertion deals with whether assets or liabilities of the entity exist at a given
date and whether recorded transactions have occurred during a given period
Prenumbering is the standard cure for completeness
AU-C 500 for a discussion of the various financial statement assertions.
Revenue/Receipts - Cash
First: prepare remittance log or a duplicate listing of checks received
"SCARE"
Segregation: Cash receipt listed immediately when opened (and restrictively endorsed)
Different person should open mail, handle accounting, prepare deposit, reconcile
Controls: limit direct and indirect access, personnel should be "bonded", lockbox and passwords,
Authorization: executed as authorized, reconciliations and adjusting JE reviewed and approved
Review: compare to total per the cash receipts journal and traced to bank deposit, deposit daily
Bank reconciliations on timely basis
25
EDP/IT: key documents are pre-numbered, use pre-numbered receipts for "on site"
Expenditures/Disbursements
"SCARE"
Segregation of Duties: Separate departments handle authorition,accounting,access
Purchasing Dept- places order Receiving Dept-receive goods AP-invoice,bill,item
Control: Bonded employees, limit access
26
Authorization: designated purchasing depart. has authority, dual signatures required, requester
indicates acceptance prior to payment, any adjusting JE
Review: Monthly statements from suppliers v. AP, purchase order-what they order, what they received
(eliminate quantity order when sending copy to receiving), what they paid for (AP), receipts and
disbursement bank recons
AP system- tracks by supplier
Voucher payable system: track individual transactions
EDP/IT: key documents should be prenumbered, detailed records to support GL's AP, supporting docs
should be marked as paid when issued
Auditor's usually examines receiving reports to support entries in the Voucher register and sales returns
journal
Stamping a voucher as "paid" is a control designed to prevent vouchers from being paid twice
When the shipping department returns nonconforming goods to a vendor, the purchasing department
should send to the accounting department the Debit memo
Mailing disbursement checks and remittance advices should be controlled by the employee who Signs
the checks last.
Payroll Cycle
27
"SCARE"
Segregation: personnel department- oversees pay rates and file, treasurer dept- issue/sign checks and
distribute, payroll depart- prepares payroll each period (calculations and record keeping)
Controls: files limited to authorized personnel, access to paychecks
Authorization: payroll should be approved by management, verified by independent employee
Review: underlying payroll info and compare to personnel file, reconcile to payroll register, reconcile
time sheets, bank recon to payroll account
EDP/IT: key documents should be prenumbered and account for numerical sequence
An appropriate departmental supervisor should distribute the payroll checks to employees in that
department
Unclaimed checks should be returned to treasury, secured, and eventually destroyed, if not claimed
within an appropriate time.
Payroll department, which is essentially a recordkeeping function, should not also authorize payroll rate
changes
Misc Cycles
Completeness deals with whether all transactions are recorded
The use of periodic inventory counts to adjust the perpetual inventory records ensures that the
inventory records are accurate
Management's objectives in establishing and maintaining an internal control structure are to ensure
that:
1) transactions are executed in accordance with management's general or specific authorization;
2) transactions are recorded as necessary to permit preparation of the financial statements in
accordance with GAAP and to maintain accountability for assets;
3) access to assets is permitted only in accordance with management's authorization; and
4) the recorded accountability for assets is compared with the existing assets at reasonable intervals and
differences are investigated and resolved. Ensuring that custody of work in process and of finished
goods is properly maintained is an example of the third objective.
Audit Evidence - Concepts and Standards

Standards of Fieldwork "PIE: Planning and supervision, Internal Control, Evidence
28
AICPA Performance Principle:5. obtain reasonable assurance, the auditor
plans and supervises work
Determines and applies materiality levels
ID and assess RMM due to fraud, error, understanding of internal control
Obtains sufficient appropriate audit evidence about whether MM exist
Substantive or "substantiate" means to verify. search for MM
Substantive Audit Procedures
1. Test of details
Test of ending balances: testing the composition of Y/E balances
Test of transactions: test the few debits/credits causing balance to change
2. Substantive analytical procedures
1. Required in planning
2. May be useful as substantive audit evidence
3. required as final review
Analytical procedures for substantive purposes:
29
Nature of assertion (completeness, may have competitive advantage over other tests, forest
thru trees)
Predictability of the relationship: Stable v dynamic environment
IS items versus balance sheet items
Degree of management discretion
Reliability of data
Subject to audit testing
Independent sources
effective internal control
Precision of expectation - decreases as the level of aggregation increases
4 categories of Ratios
Liquidity ratios: solvency. entity's short term ability to meet obligations
Profitability ratios: operating performance for a period of time
Activity ratios: efficiency. how effective in utilizing assets
Coverage ratios: leverage. ability to meet its obligations over time
Deep dive on Ratios**
Liquidity Ratios
Current liabilities
Net Cash from Operations from CF statement, so period of time/not BS snapshot
30
Coverage Ratios
Activity Ratios
Trade Receivables = AR and AP
Profitability Ratios
31
If no info on Pref. Dividends = assume 0
The Professional Standards require that the working papers show that the accounting records agree or
reconcile with the financial statements.
Nature of Evidence 1
Audit evidence includes:
Accounting records
Other information
Menu of audit procedures: inspection (substantive), observation (control), confirmation (substantive),

recalculation (substantive), reperformance (control), analytical procedures (substantive), inquiry (both)
sufficient- quantity of evidence (related to risk of audit)
appropriate- quality of evidence. relevance and reliability (better quality, less quantity)
Reliability of Audit Evidence (ranking 1(best) thru 3 (least))
1. Evidence obtained directly by auditor is most reliable
2. Evidence more reliable from independent outside source
3. Evidence generated internally is more reliable when controls are effective
4. Evidence that is documentary form (non verbal)
5. Original documents are more reliable that copies or faxes
Relevant AICPA guidance is provided by AU 500: "Audit Evidence."
32
Assertions:
There are four assertions specific to "account balances at period end"
Existence: That the assets, liabilities, and equity interests exist
Completeness: That all assets, liabilities, and equity interests that should have been recorded
have been recorded. There are no omissions.
Rights and obligations: That the entity holds or controls the rights to its assets, and the liabilities
are the obligations of the entity. Any restrictions on the rights to the assets or obligations for the
liabilities must be disclosed
Valuation and allocation: That assets, liabilities, and equity interests are included in the financial
statements at appropriate amounts (relative to the requirements of GAAP) and any resulting
valuation or allocation adjustments are appropriately recorded.
There are four assertions about "presentation and disclosure"
Occurrence and rights and obligations -- That the disclosed events and transactions have
occurred and pertain to the entity
Completeness -- That all disclosures that should have been included have been included. There
are no omissions of required disclosures.
Classification and understandability -- That financial information is appropriately presented,

described, and clearly expressed.
Accuracy and valuation -- That financial and other information are disclosed fairly and at
appropriate amounts.
There are five assertions about "classes of transactions and events during the period"
Accuracy -- That amounts and other data have been recorded appropriately.
Occurrence -- That transactions and events that have been recorded have occurred. In other
words, they are properly recorded and valid.
Completeness -- That all transactions and events that should have been recorded have been
recorded. There are no omissions
Cutoff -- That transactions and events have been recorded in the correct accounting period.
Note that there are only two ways to record a transaction in the wrong period. One is by
recorded a transaction prematurely, which violates the "occurrence" assertion; and the other is
to record a transaction belatedly, which violates the "completeness" assertion.
Classification -- That transactions and events have been recorded in the proper accounts
33
Testing credit addresses the collectibility of accounts receivable. (valuation or allocation)
Tests from the accounting record (the voucher register) to the detail are tests of existence/occurrence.
Cutoff is often confusing as it addresses two assertions, Existence and Completeness. Determining which
of the two requires figuring out which transactions are being examined. If the auditor is looking at
transactions recorded in December which were not shipped until January, these transactions are really
January sales, NOT December sales. The assertion being addressed is Existence as the auditor is verifying
that December sales actually exist
Nature of Evidence 2 **
Traditional Assertions (PCAOB): Existence: validity Completeness: omissions Right & obligations:
rights of assets, obligations of liabilities valuation/allocation- appropriate dollar measurements to
GAAP presentation & disclosure: adequacy of disclosure
AICPA's 13
Account Balances at period end (balance sheet)
Existence: they actually exist
Completeness: no material omissions
Rights & obligations: no restrictions related to assets & liabilities (restrictions disclosed)
valuation and allocation: are properly measured to GAAP
Presentation and disclosure (foot notes)
Occurrence and rights and obligations: disclosed events occurred and pertain to entity
Completeness: no omissions of required disclosures
Classification and understanding: information presented clearly
Accuracy and Valuation: information is disclosed fairly and appropriate amounts
Classes of transactions during period (income statement)
Accuracy: recorded appropriately
Occurrence: properly recorded and valid
34
Completeness: transactions not omitted
Cutoff: transactions recorded in the correct period (redundant)
Classification: transactions recorded in proper accounts
Auditor's Basis for Conclusions
Risk Assessment Procedures- obtain understanding of entity and environment including internal control
to assess RMM
Test of Controls - (sometimes performed/sometimes not) obtain information about operating

effectiveness of controls in detecting/correcting MM at assertion level when adopted reliance on
internal control (wholly substantive = no tests of control)
Substantive Procedures- detect material misstatements at assertion level
Audit Procedures to Risk Assessment
Nature: responsive to planned level of detection risk consisting of 1. test of details 2 substantive
analytical procedures
Timing: performed at interim or final. interim date increases detection risk
Extent: effect sample sizes
The overall review would include considering the adequacy of the evidence gathered in response to
unusual or unexpected balances and whether such balances reflected a misstatement due to fraud
Evaluation of Misstatements ID during Audit

Evaluate the effect of id misstatements on audit
Evaluate effect of uncorrected misstatements on FS
Communicate misstatements on timely basis: if asked management to make correction, determine if

misstatements remain. if decline obtain understanding of why and impact to FS
Uncorrected Misstatements: reassess appropriateness of materiality of audt. are they material

individually or in aggregate?
35
Auditor must document
1. Threshold for "clearly trivial"
2. All misstatements accumulated and whether they have been corrected
3. Conclusion and basis for it about materiality of uncorrected misstatements individually or aggregate
The relevant AICPA guidance is provided by AU 450:
Factual misstatements -- Misstatements for which there is no doubt
Judgmental misstatements -- Differences due to the judgments of management that the auditor
considers unreasonable or to the selection of accounting policies that the auditor views as
inappropriate.
Projected misstatements -- The auditor's best estimate of misstatements in populations as suggested
by audit sampling.
Audit Documentation
AKA "Working papers"
Objectives:
Sufficient and appropriate record of basis for report
Evidence that audit was planned and performed per GAAS
Ownership: belongs to auditor
Composition: matter of judgment
General Requirements: sufficient so experienced auditor with no association to be able to review and
understand
Should include abstracts or copies of significant contracts or agreements
ID specific items tested or" identifying characteristics"
Document significant findings
Accounting Principles
Difficulties in audit procedures
Indications of MM or significant risks
36
Findings that result in modification of audit report
Proposed Audit adjustments (completed or not)
Info inconsistent with auditor conclusions
Should ID preparers and reviewer
Should document departures from presumptively mandatory requirement
Report release date: auditor grants entity permission to use audit report
AICPA: complete final audit documentations within 60 days after report release date (documentation
completion date)
PCAOB (issuers): complete final audit documentations within 45 days after report release date
(documentation completion date)
Cant delete but can add documentation if documented
Retention Requirement: minimum 5 yrs (AICPA non issuers), PCAOB (issuers) minimum 7 yrs
The relevant AICPA guidance is provided by AU 230 "Audit Documentation."
Lead schedules aggregate the major components to be reported in the financial statements. They
include information such as account numbers, prior year account balances, and current year unadjusted
information.
Confirmation
Management refusal to allow confirmation may be viewed as scope limitation- effect opinion
Confirmations are most useful in addressing the existence/occurrence assertion
Positive Confirmation: requests a response whether or not agrees with clients balance
"blank" confirmation requests: may provide more assurance but have lower response. they
enter values instead of yes/no. more likely to be used when the auditor is concerned that
recipients will not devote proper attention to the confirmations.
Non response requires follow-up
After 2 requests- use alternate procedures
Negative requests- response only if recipient disagrees with clients balance
37
non response is viewed as agreement
weaker so only use for specific items
if not response to positive, then not going to switch to negative
Negative Used when: 1. The population consists of a large number of small, rather
homogeneous items
2. The assessed risk of material misstatement is low, and the relevant

controls are operating effectively
3. recipients are expected to pay attention to the request, and a low

rate of exceptions is expected
AU 330, "Performing Audit Procedures in Response to Assessed Risks and Evaluating the Audit Evidence
Obtained,"
Standard bank confirmation form requests information on outstanding bank loans.
Accounting Estimates
Auditors objective: if accounting estimates are reasonable and disclosures are adequate in view of
financial reporting framework
Risk assessment of estimates: requirements of reporting framework, how they are made and based on
what data, method or model used, assumptions, used specialist?
If significant risk: obtain understanding of relevant controls and evaluate whether they mitigate
Are methods used consistently over time?
Should do one or more of:
1. determine if events up to report date provide evidence about estimate
2. test how management made estimate and data used
3. test operating effectiveness of applicable controls
4. develop point estimate or range to evaluate management's
Document:
Basis for auditor's conclusions about reasonableness
Indications of possible management bias
38
Fair Value Estimates
Perform Risk assessment procedures: how management developed estimate, RMM, substantive
procedures responsive to risk, evaluate reasonableness and disclosures
Fair value assumptions:
Observable inputs- assumptions market participants used in pricing, independent
unobservable inputs: assumption they believe market would use
Evaluating Models:
Validated prior to use?
Control over changes?
Validity periodically tested?
Adjustments to outputs?
Adequately documented (parameters or limitations)
Document: Basis for auditor's conclusion, any management bias
The relevant AICPA guidance is provided by AU 540: "Auditing Accounting Estimates, Including Fair Value
Accounting Estimates and Related Disclosures."
Lawyer's Letters
Probable, Remote, Reasonably Possible
The primary source of information to be reported about litigation, claims, and assessments is
management
Primary means is obtaining corroboration of the information furnished by management concerning

litigation, claims, and assessments.
How to ID Lawyers: ask management, inspect invoices, review minutes
Send "letter of inquiry" by management to lawyers to share with auditors. Auditors write. Management
sends
Encourage lawyer to respond toward end of fieldwork
2 Categories of Legal Matters
39
Asserted Claims: (pending or threatened litigation)
Unasserted Claims: (potential litigation) lawyer wont inform auditor about an omission not
mentioned, but will inform management
Must be probable . At least possibility of unfavorable outcome
Clarified SAS says: obtain sufficient appropriate audit evidence regarding completeness of litigation
Applicable Audit Procedures:
1. Inquire management
2. Obtain from management a description of any litigation
3. Review minutes
4. Review legal expense accounts and invoice of legal matters
Exception: auditor is not required to obtain lawyers letter indicate that no actual or potential litigation
that would cause RMM
Attorneys have a professional obligation to directly inform the auditors about any omissions of asserted
claims from the listing contained in the client's letter requesting information from the attorney
The refusal of a client's attorney to provide information requested in an inquiry letter is considered a
limitation on the scope of the audit. It would result in a disclaimer or a qualified opinion.
Per AU-C 501, a lawyer may be required to resign if his advice concerning reporting for litigation, claims,
and assessments is disregarded by the client
Lawyer Letter should be dated ~ a week or so from audit report date
The relevant AICPA guidance is provided by AU 501: "Audit Evidence -- Specific Considerations for
Selected Items."
Management Representations Letters
Obtain written representations from management to corroborate their responses to auditors inquires
Letter to Auditors, Signed by CEO and CFO, Dated same as auditor's report
If not supplied- major scope limitation
40
If current management was not present for all periods covered, tailor the representations to the
circumstances. Tailor details, Not dates covered
Letter Includes:
Takes responsibility for preparation of F/S
Take responsibility for I/C related to F/S and prevention and detection of fraud
Significant assumptions are reasonable
Related party transactions reported properly
Subsequent events adjusted/disclosed
Uncorrected misstatements immaterial
Litigation are properly reported
Information provided to : all info, additional info requested, access to personnel
All transactions recorded
Provided risk assessment regarding fraud / no knowledge of fraud/ no material fraud/ no

allegations/ disclosed instances
Disclosed contingent liabilities / litigation claims
See AU-C 580 "Written Representations." for guidance on representation letters.
Related Party Transactions
Arms length transactions: between unrealted willing seller and buyer acting independently and pursuing
own best interests
Procedures to ID existence of related parties
Ask management
Review prior years audit documentation
Review SEC filings
Review stockholder listings (private companies)
Find Transactions with related parties
Ask Management
41
Review minutes
Inspect documents related to large, unusual transactions (review debt agreements)
Significant related party transactions outside normal business = "significant risk" . review controls
Document: names of related parties and nature of related party transactions
Auditors are generally not in a position to provide reliable, independent appraisals of transaction prices
between related parties. Auditors are particularly concerned with the adequacy of disclosure about
transactions between related parties
After identifying related party transactions, the auditor should examine the transactions in order to
determine the their effects on the financial statements. In that process, the auditor would look to see if
the transactions were properly authorized by the board of directors
The relevant AICPA guidance is provided by the clarified SAS, AU 550: "Related Parties.
Subsequent Events and Related Issues
Information that existed at the report date and may affect the report comes to the auditor's attention.
Objectives:
Audit evidence that subsequent events are appropriately reflected
Respond to subsequently discovered facts
Predecessors auditor report is still appropriate
Balance sheet date to date of auditor's report = subsequent time frame
Subsequently discovered facts: become known after date of auditor's report, had they been known may
have caused auditor to revise report
2 types of subsequent events
1. Requiring adjustment: better information about conditions already existing at BS date (ex.
lawsuit, loss of AR due to deterioration into bankruptcy)
2. Requiring disclosure: unrelated to conditions at BS date but still material
(Ex. flood/hurricane, sale of bond or stock issuance, purchase of business, litigation post BS
date)
42
Include inquiries on (1) matters including contingent liabilities existing at the date of the balance sheet,
(2) whether there was any significant change in capital stock, long-term debt, or working capital, (3)
current status of items in the financial statements, and (4) any unusual adjustments.
Audit procedures to detect subsequent events:
IC procedures to ID subsequent events
Ask management (document in management rep letter)
Read minutes
Read interim F/S subsequent to Y/E
Discovered BEFORE release date:
Discuss with management and if F/S require revision
If Revises: Auditor should evaluate revision, either date audit report at later date or
"dual date" report for revision
Obtain written representations
Discovered AFTER report date:
Discuss with management and if F/S require revision
If Revises: Auditor should evaluate revision, make sure they are timely to not mislead
If opinion changes: should add "emphasis of matter" or "other matter"
If doesn't revise: make sure they are timely to communicate
If management doesn't inform users: notify management or legal counsel
Predecessor Reissuance of report:
Read F/S of subsequent period
compare prior period to subsequent F/S
Ask management about info that affects previous report, and obtain written rep letter from
management
Obtain rep letter from successor auditor
43
When Dual dating is used, auditor responsibility for events subsequent to the completion of fieldwork is
limited to the specific event referred.
The relevant AICPA guidance is provided by AU 560: "Subsequent Events and Subsequently Discovered
Facts."
Going Concern
Substantial doubt about entity ability to continue as a going concern for reasonable period of time
Assess F/S effects: adequacy of disclosure
Determine implications to audit report
"reasonable period of time" : not to exceed 1 yr beyond date of F/S being audited
Indicators of going concern:
negative trends: recurring losses, negative cash flow
Internal matters: labor problems, dependent on 1 customer/project
External matters: lawsuits, loss of major customer, natural disasters
Other indicators: in default, disposing major blocks of assets
If substantial doubt:
Ask management of plans to overcome
Evaluate most important aspects of plans
Must add "emphasis of matter" paragraph to audit report after opinion
Document:
conditions/events
significant elements of management plans
procedures in evaluating management plans
conclusion whether substantial doubt remains or alleviated
conclusion if add paragraph to audit report
44
If disclosure is inadequate (GAAP departure): issue qualified or adverse opinion
If evidential matter is unavailable to ascertain compliance with GAAP: may disclaim opinion
If disclosure is adequate and consistent with GAAP: issue unqualified opinion but add "emphasis of
matter" paragraph
Introduction to Auditing Individual Areas
Generic audit procedures for 4 Assertions for Account Balances
1. Existence: Confirmations, Observation, Inspect underlying documents
2. Completeness: cutoff tests, analytical procedures
3. Rights and Obligations: Ask personnel, examine authorization of transactions
4. Valuation and Allocation: recalculate account balances, trace receipts or disbursements,

analytical procedures, examine publish price quotes
CASH
Proof of cash compares:
1. Balance per bank 2. Balance per books
+ deposits in transit (deposits after statement) +interest and other direct deposits
- outstanding checks - service charges and other direct withdrawals
=adjusted balance =adjusted balance
Confirm balance via letter from management to have bank send bank statement to auditors
Request a "cut-off" bank statement (typically ~10 days after Y/E)
"Kiting" - overstatement of cash at Y/E. transfer of cash between accounts, not both recorded in same
period.
Review schedule of inter-bank transfers
Ask about available cash, document in representation letter, disclose any restrictions
Deep Dive: Bank transfer schedules
Were disbursement and receipt recorded in book in same year? If not, is check listed as outstanding?
Were deposit cleared in the same year? If not, is deposit listed as in transit?
45
Did checks and deposit clear bank in timely fashion
Cash in bank and collateral for loans are confirmed on the bank confirmation
Much of the work done to audit the statement of cash flows consists of agreeing amounts included in
the statement of cash flows to amounts reported in the other financial statements.
The bank will alert the company about NSF checks by sending debit memos
The bank will alert the company about direct deposits by sending credit memos
Accounts Receivable
Verify mathematical accuracy of subsidiary to GL.
Confirm Selected AR (all individual material and selected others)
Perform follow up for non responses (if no response alternate procedures)
Alternative Procedures if no response from "positive confirmations"
Subsequent cash receipts (preferred)
Inspect underlying documents
Completeness: cut off test a few days before and after year end (proper period. shipping v recording)
Rights and obligations: inquiry management about A/R used as collateral or review loan documents
Valuation: review aged trial balance of A/R. large items. analytical procedures (uncollectable/returns)
Confirmation requests should be mailed to respondents by the CPAs
Auditors may not ignore individually immaterial accounts when confirming accounts receivable
Including a list of items or invoices that constitute the account balance makes it easier for the potential
respondent to reply to confirmations
In testing the completeness assertion (regarding omissions) related to sales and receivables, the auditor
starts with a source document and agrees the item to the accounting records
46
The negative form of confirmation can only be used when four conditions are met: 1) the combined
assessed level of inherent and control risk, is low; 2) a large number of small balances is involved; 3) a
very low exception rate is expected AND 4) the auditor has no reason to believe that the recipients of
the requests are unlikely to give them consideration.
Control objectives activities
Accounts receivable and sales

Sales orders prenumbered
Credit approval
Credit and sales departments independent
Control of back orders
Sales order and sales invoice comparison
Shipping invoices prenumbered
Names and addresses on shipping invoice
Review of sales invoices
Control over returned merchandise
Credit memoranda prenumbered
Matching of credit memoranda and receiving reports
Control over credit memoranda
Control over scrap sales
Control over sales to employees
Control over COD sales
Sales reconciled with cash receipts and AR
Sales reconciled with inventory change
AR statement to all customers
Periodic preparation of aging schedule
Control over collections of written-off receivables
Control over AR write-offs (e.g., proper authorization)
Control over AR written off (i.e., review for possible collection)
Independence of sales, AR, receipts, billing, and shipping personnel
Inventory
Observation of inventory is a "dual purpose" test
Internal Control Objectives- compare
Substantive objectives- evidence to evaluate dollar-balance reported for inventory
47
Existence: focus on count tags, prenumbered tags, perform test counts for selected tag numbers
Quantities
Price test- reasonableness of unit cost
Extension: cost x quantity
Lower of cost or market
Completeness: perform cut-off test for sales and purchases
sales: shipments for last days of period and first days of next period
purchases: shipments received for last days of period and first days of next period
Right and obligations: inquire about inventory as collateral for debt, read agreements, disclose in
management rep letter
Valuation: analytical procedures to identify excess inventory, obsolete inventory (dusty, etc)
specialist if difficult to measure quantity or quality of inventory
If the auditor is appointed near the end of the fiscal year for a first year audit, the auditor will most likely
disclaim an opinion on everything but the balance sheet
From source documents to account balances = completeness
From account balances to documents to source documents = existence
Lease likely to verify all inventory owned by the client is on hand at the time of the count
Investments in Securities
Objective is valuation of investments in securities and derivative instruments
Measured at fair value:
ID method used to determine fair value
Estimates from 3rd party based on model, understand model
Management uses a model, understand model and sufficient appropriate evidence
Quoted market prices are best
Broker-dealers may provide quoted prices
48
No quoted market prices:
obtained from broker-dealers using models (future cash flows, black scholes)
multiple models on estimates
Impairment loss: evaluate management's conclusion
Decline in Fair Value is other than temporary:
FV is significantly below carrying value
security downgraded by rating agency
financial condition of issuer worse
dividends reduced or interest payments suspended
Trading securities:
Balance sheet: reported at fair value (current assets)
income statement: unrealized holding gains/losses reported (interest and dividends)
Available for sale
balance sheet: reported at fair value (current of non current assets). unrealized holding
gains/losses as separate component in stockholders equity
income statement: unrealized holding gains/losses as separate component as OCI. not in Net
income
Held to maturity:
balance sheet: reported at amortized cost basis (as current or non current assets)
income statement: no recognition of fluctuations in market value recorded. Interest as revenue
Long term investments: The auditor uses analytical procedures to develop an expectation of investment
income. Analytical procedures could be used to ascertain the reasonableness of the completeness of
recorded investment income
The equity method requires that the investment be valued by reflecting changes in the investee's equity.
As a result, the auditor must examine copies of the audited financial statements of the investee
company.
49
FIXED ASSETS
AKA PPE
Existence: test of transactions (rather than physically checking)
Test for additions: inspect underlying documents
Test for disposals: trace proceeds to cash receipts journal and bank statement
Completeness:
repairs and maintenance for anything that should have been capitalized
review lease agreements for anything that should be capitalized
Right and Obligations:
inquiry management if used as collateral
Valuation:
recalculate depreciation expense
inquire about impairments of long lived assets. document in management rep letter
A weakness in internal control over recording equipment retirements may cause retirements to fail to
be recorded. This means that the equipment records contain equipment items that should have been
removed. The auditor then must try to identify equipment that is likely to have been retired and to
attempt to locate such equipment in the plant.
Current Liabilities
Completeness is the primary concern with Liabilities
Usually do not confirm payables
Search for unrecorded liabilities: review cash disbursements subsequent to BS date. payments in excess
of threshold- review documentation
Toward end of fieldwork"
inspect open/unpaid invoices
50
inquiry of management
Existence: inspect underlying documents (invoices/receiving documents)
Valuation: not usually a major audit issue. expect to pay 100%. possible cash discounts
Rights and obligations: read documents (look for unusual), ask about related party transactions
Other current liabilities primarily addressed by analytical procedures
Long Term Liabilities
decreases: verify payment dates in loan documents, trace cash disbursements to bank statement
increases: read new loan agreements, verify minutes, trace cash receipts to bank statement
Existence: inspect supporting documentation
Rights and obligations:
Disclose restrictive debt covenants
Disclose assets used as collateral
reclassify any potion scheduled for payment within next year as current liability
Valuation:
Read loan agreement terms
Recalculate discount of premium
Apply analytical procedures to evaluate reasonableness of interest expense
Stockholder's Equity
Existence:
External registrar confirm shares outstanding
Issuance of new stocks follow procedures, approved in minutes
Completeness:
Read minutes for authorization of new shares
Account for numerical sequence of stock certificates
Rights and obligations
51
Verify par/stated value: certificates or minutes will state value
Review contracts with employee stock option plans
inquiry of management about restrictions related to dividends
Valuations
Trace cash receipts/disbursements to journals to bank statement, review minutes
verify par/stated value
Payroll
Expenses on income statement
Primarily tested by analytical procedures
Test of details only if suggestion of material misstatement
Classes of Transactions Assertions: (income statement)
Occurrence, Completeness, Cutoff, Accuracy, Classification
Occurrence and accuracy: examine personnel records, trace payroll transactions to GL and bank,
Recalculate selected items
Completeness: Review time reports, analytical procedures
Cutoff- implicitly tested with occurrence and completeness
Classification- verify payroll deductions and taxes, trace cash disbursements, review outside
reports
When control risk is assessed as low, substantive procedures in this area are typically limited to
analytical procedures and recalculating year-end accruals.
52
Audit Sampling
Introduction to Sampling
Involves with sufficiency (quantity) of audit evidence and extent (how heavily) of audit testing
Non statistical sampling: judgmental
Statistical Sampling: beneficial to quantifying sufficiency of audit evidence. Still requires judgment
Advantage over non statistical is it allows the auditor to:
design efficient sample
measure the sufficiency of evidential matter obtained
evaluate the sample risks
Types of Sampling
Attribute sampling- test of controls (related to assessment of control risk)
Variable sampling: substantive tests to evaluate implied audit value ($)
Difference Estimation, Ratio Estimation, Mean per unit estimation, Probability

proportionate to size
53
Type1 Errors: false rejection (related to efficiency)
I/C: risk of under reliance on internal control
$'s:risk of incorrect rejection of $ balance
Type 2 Errors: false acceptance (related to effectiveness).mistake out the door. audit not effective
I/C: risk of over reliance on internal control
$'s: risk of incorrect acceptance of $ balance
Non-Sampling risk: any other mistake an auditor could make
Inappropriate auditing procedures
Failure to recognize actual characteristics of sampled item
The relevant AICPA guidance is provided by AU 530 "Audit Sampling."
The variability of the population causes the sample size to increase and is responsible for the sampling
risk
Expected amount of misstatements and the measure of tolerable misstatement are factors that would
influence sample size for a substantive test of details
When the auditor decides to increase the risk of incorrect rejection, the auditor is increasing the risk of
audit inefficiency
Attribute Sampling
operating effectiveness of internal control of interest
54
Deviation or occurrence based on yes/no
How sample is selected
Statistical sampling: use random selection or systematic (every n-th item, etc)
Non-statistical: block or haphazard sampling (can still do random)
Factors that affect sample size selection: Relationship
Risk of over-reliance (Type 2). (1-confindence ) Inverse
Expected error rate (variability of population) Direct
Tolerable error rate (precision) Inverse
Risk of under-reliance (type 1) implicit Inverse
Population Size implicit Direct
Deep Dive Attribute Sampling
Use of attribute sampling for:
Test of controls
Dual purpose test of controls and substantive test of transactions
Factors To find sample size: Desired confidence level, expected population error rate, tolerable error
rate
Take the largest sample size required of all that you are going to test
Factors To find upper error rate: desired confidence level, sample size (rounded down to nearest 10),
number of errors found
Compare upper error rate vs tolerable error rate. if doesn't fit:
Larger samples for substantive testing
More substantive audit procedures performed
Can calculate computed upper deviation rate
Sample error rate + allowance for sampling risk = upper deviation rate
55
Sample error rate
Errors / sample size
If assessment of control risk is too high? Inefficient audit
If assessment of control risk is too low? Ineffective audit
Population size is not considered in determining the sample size for an attributes sampling
The allowance for sampling risk is the margin added to the actual sample error rate to obtain the
achieved upper precision limit
The auditor should consider the tolerable rate of deviation for the control being tested, the likely
deviation rate, and the allowable risk of assessing control risk too low when determining sample size for
a test of controls
Variable Sampling
based on bell curve
Must calculate sample size:
Estimated population standard deviation
Tolerable misstatement (confidence interval). "allowance for sampling risk"
Risk of incorrect acceptance: effectiveness. type 2, related to confidence
Population size: now considered explicitly
Factors for Variable Sampling Relationship
variability of population direct
tolerable misstatement (precision) inverse
risk of incorrect acceptance: (1-confidence) (type 2) inverse
population size direct
risk of incorrect rejection: (implicit) (type 1) inverse
Stratification: breaking population into several groups of similar items. may reduce variability and
sample size
56
3 approaches to classical sampling
1. Difference estimation: estimate population value by difference between sample audit and
book value. When know BV
2. Ratio estimation: estimate population value by ratio between sample audit and book value.
when sample audit values proportional to BVs
3. Mean per unit: estimate population audit value by calculating sample audit value and
extrapolating. requires large sample.
Deep Dive: Sampling choice
Selection depends on purpose of test
1. Test control to see if operating effectively: attribute
2. Detecting Fraud: Discovery Sampling (stop and go)
Discovery sampling—a procedure for determining the sample size required to have a stipulated
probability of observing at least one occurrence when the expected population deviation rate is at a
designated level. It is most appropriate when the expected deviation rate is zero or near zero. If a
deviation is detected, the auditor must either (1) use an alternate approach, or (2) if the deviation is of
sufficient importance, audit all transactions.
3. Find MM (need $ amount): PPS or variable sampling
PPS (Monetary Unit Sampling)- must have 0 or few misstatements b/c small sample
utilizes dollar units for sampling, the inclusion of zero and negative balances
requires special design considerations especially effective for
AR/Inventory. Can't find errors
Variable: more than a few misstatements expected. estimate balance needed
Difference Estimation/Ratio/Mean Per Unit
Difference Estimation:
Calculation of Point Estimate (implied audit value)
(AV-BV)/n = d (for sample)
d*N=D
57
AV= BV+ D
Ratio
R = av/bv (for sample)
AV=R*BV
MPU
MPU=av/n (for sample)
AV=MPU * N
Probability proportional to size (PPS)
aka dollar unit
Individual dollar is used for population and sampling unit
Advantage: efficiency. minimal sample size if AV is close to BV.
Disadvantage: doesn't work well with negative balances and 0 balances. overstatment only
Sample Size = (Reliability * BV)/tolerable misstatments
Reliability factor: from table.
Population book value: $ value
Tolerable misstatement (net of expected misstatements)
Systematic selection from random starting point with sample interval
Interval: Population BV / sample size
If less than interval:
BV-AV/BV = taint %
58
Taint % * interval = projected misstatement
If more than interval"
BV-AV= projected misstatement
IT (Computer) Auditing
2 Ways computer affect audit
Study and evaluation of internal control may be different
Evidence gathering procedures may differ
If IT is big deal, then auditor substantive procedures alone may not be enough
Categories of Computer controls:
General controls: widespread impact on specific applications
Organization/operation (segregation of duties),
systems development and documentation,
HW/SW: parity check between HW, echo check, diagnostic, boundary,
Access
Data procedures: physical safeguards, labels, plans
Application controls: affect particular data processing tasks
The following duties must be segregated: systems analysis, programming, computer operations,
transaction authorization, library functions, and data control.
Disadvantage of computer files v manual files is It is usually easier for unauthorized persons to access
and alter the file
IT CONTROLS - APPLICATION CONTROLS
Input: accurate and authorized
Forms
Control Totals: Hash total (not meaningful), Record counts, batch total (meaningful)
59
Logic Tests: within predetermined range
Validity Checks: legit code
Missing Data Check
Check Digits: capture information content of numeric field and added to end
Processing: accurate and authorized
Checkpoint/restart
Limit on processing time: upper limit
Internal/External Limit
Output: distribution of reports is accurate and authorized
Output limit: upper limit on printing time
Similarities between all: Control totals, logic checks, error resolution procedures
IT EVIDENCE GATHERING PROCEDURES
Audit SW can be developed
Generalized: more expensive Customized: less efficient/cant be re used
Test Data: run data to see if system catches know errors. Processed with the client's computer and the
results are compared with the auditor's predetermined result
Integrated Test Facility: dummy division to process dummy data. Fictitious and real transactions are
processed together without the knowledge of operating personnel
Parallel simulation: running data on auditor's system to compare with actual output. Uses a generalized
audit software package prepared by the auditors.
Tagging: electronic tags to attached to data and track thru process
Embedded audit modules: built in audit routines and audit hooks (points where module can be added).
Auditors are required to be involved in the system design. Continuous monitoring and analysis
60
An audit of an entity that processes most of its financial data in electronic form: perform audit test on
continuous basis
Documentation of details of transactions will be retained for only a short period of time= Perform tests
several times during the year, rather than only at year end
Auditing "around" the computer involves examining inputs into and outputs from the computer while
ignoring processing
OTHER IT CONSIDERATIONS
Compiler: converts source program into machine readable form (object program)
Online: direct communication with CPU
Real Time: files are immediately updated
Distributed system: network of remote computers linked to main system, each with
input/processing/output capability
Value added network: independent network that facilitates transactions connecting buyer and seller
systems
Point to point sales: computer to computer communication
Internet based: AICPA developed "Webtrust"
In performing a Trust Services engagement The CPA reports on whether the system meets one or more
of the following principles over a particular reporting period:
1. Security. The system (infrastructure, software, people, procedures, and data) is protected
against unauthorized access (both physical and logical).
2. Availability. The system is available for operation and use as committed or agreed.
3. Processing Integrity. System processing is complete, accurate, timely and authorized.
4. Online Privacy. Private information obtained as a result of electronic commerce is collected,
used, disclosed, and retained as committed or agreed.
5. Confidentiality. Information designated as confidential is protected as committed or agreed.
Preventive controls are generally more important than detective controls in EDI systems
EDI transactions are formatted using standards that are uniform worldwide
In an EDI system, the emphasis would be on preventive controls rather than on detective controls
61
Database systems

(a) Definitions

1] Database—A collection of interrelated files, ordinarily most of which are stored on-line.
2] Database system—Computer hardware and software that enables the database(s) to be
implemented.
3] Database management system—Software that provides a facility for communications
between various applications programs (e.g., a payroll preparation program) and the
database (e.g., a payroll master file containing the earnings records of the employees).
4] Data independence—Basic to database systems is this concept which separates the data
from the related application programs.
5] Structured query language (SQL)—The most common language used for creating and
querying relational databases (see(b)3] below), its commands may be classified into three
types

a] Data definition language (DDL)—Used to define a database, including creating,
altering, and deleting tables and establishing various constraints.
b] Data manipulation language (DML)—Commands used to maintain and query a
database, including updating, inserting in, modifying, and querying (asking for data)
c] Data control language (DCL)—Commands used to control a database, including
controlling which users have various privileges (e.g., who is able to read from and
write to various portions of the database).
(b) Database structures

1] Hierarchical—The data elements at one level "own" the data elements at the next lower
level (think of an organization chart in which one manager supervises several assistants,
who in turn each supervise several lower level employees).
2] Networked—Each data element can have several owners and can own several other
elements (think of a matrix-type structure in which various relationships can be
supported).
3] Relational—A database with the logical structure of a group of related spreadsheets.
Each row represents a record, which is an accumulation of all the fields related to the
same identifier or key; each column represents a field common to all of the records.
Relational databases have in many situations largely replaced the earlier developed
hierarchical and networked databases.
4] Object-oriented—Information (attributes and methods) are included in structures called
object classes. This is the newest database management system technology.
5] Object-relational—Includes both relational and object-oriented features.
6] Distributed—A single database that is spread physically across computers in multiple
locations that are connected by a data communications link. (The structure of the database
is most frequently relational, object-oriented, or object-relational.)
62
Commercially produced utility software is used for sorting, merging, and other file maintenance tasks.
Generalized audit software also performs such file maintenance tasks but generally requires a more
limited understanding of the client’s hardware and software features. Periodically, an essay question
asks candidates to provide a list of functions performed by Generalized audit software. The following
list is based on the AICPA Auditing With Computers Auditing Procedure Study:
Record extraction
Sorting
Summarizing
Field statistics (avg, max, min, standard deviation)
File comparison
Gap/Duplicate detection
Sampling
Techniques for continuous (or concurrent) testing. Advanced computer systems, particularly
those utilizing EDI, sometimes do not retain permanent audit trails, thus requiring capture of
audit data as transactions are processed. Such systems may require audit procedures that are able
to identify and capture audit data as transactions occur.

(1) Embedded audit modules and audit hooks—Embedded audit modules are programmed
routines incorporated into an application program that are designed to perform an audit
function such as a calculation, or a logging activity. Because embedded audit modules require
that the auditor be involved in systems design of the application to be monitored, this
approach is often not practical. An audit hook is an exit point in an application program that
allows an auditor to subsequently add an audit module (or particular instructions) by
activating the hook to transfer control to an audit module.
(2) Systems control audit review files (SCARF)—A SCARF is a log, usually created by an
embedded audit module, used to collect information for subsequent review and analysis. The
auditor determines the appropriate criteria for review and the SCARF selects that type of
transaction, dollar limit, or other characteristic.
(3) Extended records—This technique attaches additional audit data which would not otherwise
be saved to regular historic records and thereby helps to provide a more complete audit trail.
The extended record information may subsequently be analyzed.
(4) Transaction tagging—Tagging is a technique in which an identifier providing a transaction
with a special designation is added to the transaction record. The tag is often used to allow
logging of transactions or snapshot activities.
Also, particularly in electronic systems, timing of audit procedures (tests of controls and substantive
procedures) may be affected due to data irretrievability after a certain period of time
63
AUDIT REPORTS
INTRODUCTION TO AUDIT REPORTS
OLD:
GCDO: GAAP, Consistency (when principles not consistent from one period to next), Disclosure, Opinion
Principle on Reporting (7)
G and O map clearly to new standard
Structure to Unmodified Audit Report
Title: Independent Auditor's Report
Addressee: Board of Directors and Stockholder, XX Company
Body of Report: 6 paragraphs
Intro sentence- Nature & F/S involved (always). ex. We have audited...and related notes
Management responsibility (2nd section) One long sentence.
Auditor's responsibility (3 Paragraphs)
1st: Our responsibility is to express opinion on F/S based on audit. In accordance

with GAAS. Plan and perform for reasonable assurance. Perform procedures for
64
audit evidence. Procedures depend on judgment and I/C. Risk is
considered in F/S to design audit but not assessing I/C.
2nd: Accordingly we express no such opinion. Includes accounting policies and

estimates and presentation
3rd: We believe audit evidence is sufficient to provide basis for opinion
Opinion
One sentence: In our opinion, F/S referred to above present fairly in all material
respects as of__ in accordance with____
Signature (firm's name), city & state, and date
Comparative financial statements
IF prior was audited by different auditor, 1. Predecessor report reissued. 2. auditor state's in an
"other matter" paragraph that prior year from different auditor, state their opinion and reasons
if it was modified and date of that report
If prior was never audited, if current auditor compiled or reviewed: "other matter" paragraph
stating what, when, reason for modifications, and that service didn't provide basis for opinion
If nothing ever happened with prior: "other matter" paragraph stating that fact
When comparative financial statements are being presented, auditor's "update" their prior year audit
report to determine that it is still appropriate
Whenever an updated report has an opinion different from that previously expressed, the auditor
should disclose all substantive reasons for the different opinion in a separate emphasis-of-matter
paragraph following the opinion paragraph.
Audits of Group Financial Statements
Component Auditor: could be part of group engagement firm, network affiliated firm, another unrelated
firm
Group financial statements: include more than one component, aggregated / consolidated
Engagement partner is responsible for supervision. if audit report is appropriate
If you should reference component auditors work in report:
65
Reference should not be made unless all are met:
Component's F/S use the same framework
Component auditor has complied with GAAS
Component auditor has issued a report that is not restricted as to use
Making Reference to component auditor's work: clearly indicate who did what. If group engagement
partner assume responsibility for component's auditor's work= no reference in report
After deciding to make reference to a component auditor: Make inquiries about the professional
reputation and independence of the component auditor
EMPHASIS OR MATTER AND OTHER MATTER PARAGRAPHS
Emphasis of matter: refers to matter appropriately disclosed in F/S but auditor believes its fundamental
to users understanding of the F/S
After opinion
use heading emphasis of matter
reference the matter and where they can be found
auditor's opinion isn't modified based on matter emphasized
Emphasis of matter may be required:
Substantial doubt entity's ability to continue as going concern
When there is an inconsistency in accounting principles used
When F/S are prepared in accordance with special purpose frameworks
Auditor may choose to add emphasis of matter
uncertainty as to outcome of important litigation
when a major catastrophe has significant effect
When there are significant transactions with related parties
unusually important subsequent events
66
Other Matter: refers to matter other than those disclosed in F/S but auditor believes is relevant to users
understanding of audit, auditor's responsibility, or auditor's report
after opinion paragraph
after emphasis of matter paragraphs if any
use heading other matter
clearly indicate other matter is not required to be disclosed in F/S
Auditor required to add other matter paragraph
opinion currently expressed on prior year's F/S is different than opinion previously expressed
(for comparative purposes, prior misstatements corrected)
Auditor may add other matter paragraph
when reporting on more than one set of F/S (one on GAAP, one on IFRS)
when not possible for auditor to withdraw from engagement which management imposed
pervasive scope limitation
Auditor should communicate proposed wording of any expected emphasis or other matter paragraph
QUALIFIED FOR SCOPE LIMITATION
Express clearly an appropriately modified opinion when:
Auditor concludes that the F/S as a whole are misstated based on financial framework
Qualified: for misstatements that are not pervasive to F/S, but could be material
Auditor is unable to obtain sufficient appropriate audit evidence to conclude F/S as a whole are
free from material misstatements
Qualified: possible effect on F/S if any, could be material but not pervasive
"pervasive": 1. effects are not confined, 2.effects if so confined could represent substantial proportion
of F/S 3. disclosures fundamental to users understanding
Qualified: expresses reservations but "taken as a whole", F/S still fairly stated
67
Add a "Basis for Qualified Opinion" paragraph to precede opinion paragraph
Opinion paragraph would be changed and called "Qualified Opinion"
Content would include: In our opinion, except for possible effect of the matter descried in Basis
for Qualified Opinion, the F/S present fairly
When the auditor is not independent, the auditor is precluded from issuing any type of report other
than a disclaimer.
Either a qualified opinion or a disclaimer would be issue for a scope limitation
QUALIFIED FOR MISSTATEMENT
Express clearly an appropriately modified opinion when:
Auditor concludes that the F/S as a whole are misstated based on financial framework
Qualified: for misstatements that are not pervasive to F/S, but could be material
Qualified expresses reservations, but take as a whole, F/S still fairly stated
Defect in presentation, or adequacy of disclosure
Add a "Basis for Qualified Opinion" paragraph to precede opinion paragraph
Opinion paragraph would be changed and called "Qualified Opinion"
Content would include: In our opinion, except for the effect of the matter descried in Basis
for Qualified Opinion, the F/S present fairly
The relevant AICPA guidance is provided by AU 705: "Modifications to the Opinion in the Independent
Auditor's Report.
When an entity omits a financial statement, the auditor may accept an engagement to audit the other
financial statements, but should qualify the opinion due to GAAP departure
ADVERSE OPINION
Pervasive: effects not confined to specific items, if confined could represent substantial impact
68
Only 1 reason for adverse opinion:
F/S are both material and pervasive
The meaning of adverse is F/S are misstated (F/S presentation misstated)
Add "basis for adverse opinion" paragraph before opinion
Use heading "adverse opinion" for opinion paragraph
"in our opinion, bc of the significance of matter discussed in basis of adverse, the F/S do not
present fairly"
Deep Dive: Piecemeal opinions
Piecemeal opinions are forbidden! No different opinions for different areas. B/C it questions
what has validity. Some yes some no? Doesnt work
Not a piecemeal opinion?
Different opinions on F/S are allowed
Can occur with unmodified on one but disclaimer on another
Special engagements: Audit of single F/S, Audit of specific elements or accounts (ex AR)
But if adverse opinion or disclaimer issued on F/S as whole, can only issue unmodified if
Separate report and Element isn't major portion of F/S or based on stockholder
equity or net income
Single F/S is a major portion of F/S
An unjustified change in accounting principles is a GAAP departure that would result in a qualified or
adverse opinion
DISCLAIMER OF OPINION
One reason for disclaimer of opinion:
69
Scope: auditor was unable to obtain sufficient appropriate audit evidence and possible effects
could be material and pervasive (no conclusion expressed)
Modify "auditor's responsibility" section of report. Now only 2 sentences.
Add basis for Disclaimer of Opinion paragraph before conclusion
Heading of "Disclaimer of Opinion" for opinion paragraph
CONSISTENCY OF FINANCIAL STATEMENTS
The auditor need not refer to consistency, unless there is an inconsistency
Objectives to evaluate consistency and communicate in audit report when comparability has been
materially affected by
1. Change in accounting principle.
Falls within framework?
Effect of change properly accounted
Disclosures are adequate
Whether justified that alternative accounting principle is preferable
IF change in accounting principle all 4 requirements met? emphasis of matter until it covers all years
involved. otherwise evaluate if change results in material misstatement and if audit report should be
modified
2. Adjustments to correct material misstatement in previously issued F/S
Add emphasis of matter, doesn't need to be repeated
IF multi-year: evaluate consistency between earliest period covered by report and prior period
IF new principle starting now, would not even be considered a change in accounting principle
If new accounting principle has immaterial effect on F/S: don't have to reference in report
Among situations that ordinarily do not result in an emphasis-of-matter paragraph on consistency are
changes in accounting estimates (e.g., changing the life of a fixed asset) and changes in principles with
70
an immaterial effect (even if expected to be material in the future); absent other circumstances, a
standard unmodified opinion may be issue***
The relevant AICPA guidance is provided by AU 708: "Consistency of Financial Statements.
OPENING BALANCES - INITIAL AUDITS
Obtain sufficient appropriate evidence
Opening balances contain misstatements that materially affect current period's F/S
Appropriate accounting policies in opening balances have been consistently applied in current
period (or changes appropriately accounted for and presented and disclosed)
Initial = prior weren't audited or audited by someone else
Opening balances: also includes matters requiring disclosures (contingencies/ commitments)
Reaudit: initial audit engagement to audit things that were audited by predecessor
Possible material misstatements in prior? = management host meeting between all 3
Don't reference predecessor auditor
Unable to obtain evidence on opening balance
Express qualified or disclaim opinion
If misstatements: qualified or adverse
OTHER INFORMATION ALONG WITH FINANCIAL STATEMENTS
Respond approriately when aware that include other info that could undermine credibility of those F/S
and the auditor's report
Doesn't include press release of cover letter accompanying document containing F/S
Other information: info other that F/S and audit report that's included in a document containing audited
F/S and audit report
Inconsistency: other info that conflicts with info in audited F/S
Found before release: ask to revise, withhold report, add other matter paragraph, withdrawl
71
Found after release: ask to revise, inform governance and legal counsel
SUPPLEMENTARY INFORMATION RELATED TO FINANCIAL STATEMENTS
Evaluate the presentation and if it's fairly stated in relation to F/S
Information outside of basic F/S (excludes required supplementary info)
To audit supplementary info: either unmodified or qualified opinion on F/S.
Info accompany the audited F/S or is "readily available"
Auditor may issue separate reports: but must cross reference
If management doesn't make suggested changes: modify opinion on supplementary info or withhold
report
When reporting on such supplementary information in relation to the financial statements as a whole,
the measurement of materiality is the same as that used in forming an opinion on the basic financial
statements taken as a whole
REQUIRED SUPPLEMENTARY INFORMATION
Objectives
Describe in audit report whether required supplementary info is presented
Communicate when required supplementary information hasn't been presented in accordance

with guidelines or material modifications necessary
Procedures:
Inquiry of management: presented accordingly, if changed, or significant assumptions
Evaluate info for consistency
Add "other matter" paragraph
That it is included
That it is omitted
Some of it is missing and some is presented
Auditor identified material departures
72
Auditor's opinion on F/S is not affected by presentation or omission of required supplementary info
When required supplementary information is included with the financial statements, the auditor is
required to: 1) inquire management about methods of preparing the information and whether methods
have changed; 2) ask about significant assumptions; 3) compare the information for consistency with
management's responses, the audited financial statements, and other knowledge obtained during the
audit; and 4) obtain additional representations in the management representation letter
ALERT TO RESTRICT REPORT
To restrict use of auditor written communication if potential exists for it to be misunderstood if take out
of context
Not responsible for controlling distribution of written communication after release
Required when:
Criteria suitable/available to limited or specified users
Matters presented are a "by product" report (ex. I/C report of significant issues, not the
purpose)
Labeled as "other matter" at end of audit report
FINANCAL STATEMENTS USING ANOTHER COUNTRY'S FRAMEWORK
Address special considerations that are relevant to
Acceptance of engagement
Planning and performance of engagement
Forming an opinion and reporting on the F/S
F/S intended for use solely outside US
Still Perform audit under GAAS
If have to use country's standards, use in addition to GAAS
For use only outside US: may use report from that country or use US form of report revised to reference
framework of country
73
For use both in/out of US: use US for of report including "emphasis of matter" paragraph
REPORTING ON SUMMARY FINANCIAL STATEMENTS
Historical financial information that is derived from F/S with less detail
Engagement Acceptance:
Must have been engaged to audit F/S to audit summary F/S
Written Management responsibility
Determine audited F/S are readily available to users (website is ok, upon request is not ok)
Reporting - Unmodified: are consistent in all material respects to audited F/S
Adverse: summary F/S are not consistent with audited F/S
IF audited F/S contain an adverse opinion or disclaimer: cant express opinion on summary F/S
An auditor's report on condensed financial statements should indicate:

1) the auditor has audited and expressed an opinion on the complete financial statements;
2) the date of the auditor's report on such statements;
3) the type of opinion expressed; and
4) whether the information in the condensed financial statements is consistent, in all material respects,
with the audited financial statements.
INTERIM FINANCIAL INFORMATION
Objective: whether material modifications should be made to conform with reporting framework
Covers period less than 12 months or if 12 months doesn't end on Fiscal Year end
Agree upon terms of engagement w management (letter)
objectives of engagement
responsibilities of management and auditor
limitations of a review
I.D. of applicable framework
Basis for conclusions (no opinion expressed)
74
Analytical procedures
Inquiries: written representation letter to document. same date as auditor's review report
Independent Auditor's review report
Addressee
1. Report on the Financial Statements
2. Management's Responsibility
3. Auditor's responsibility (disclaim an opinion)
4. Conclusion (expressed as negative assurance)
Signature, city, state, date
Accountant's review report on interim F/S is not a "part" of the registration statement within the
meaning of the Securities Act of 1933
When an accountant is associated with the financial statements of a public entity and has not audited or
reviewed such statements, the accountant must either request
Name is not included
F/S marked "unaudited" and include an accompanying disclaimer separately or on each

statement
The relevant AICPA guidance is provided by AU 930: "Interim Financial Information."
OTHER TYPES OF REPORTS

REPORTS ON APPLICATION OF REQUIREMENT OF FRAMEWORK
Hypothetical Transaction: transaction or financial reporting issue that doesn't involve facts or
circumstances of an entity
Specific Transaction: completed or proposed transaction or group of transactions or a financial reporting

issues involving an entity
Reporting Accountant: accountant other than continuing accountant
Don't accept engagement involving hypothetical transactions
75
Acceptance Issues:
Consider purpose of request and intended use
Management will authorize continuing accountant to respond to reporting accountants inquiries
Not required to consult with continuing account if:
reporting accountant is engaged about a specific transaction
And
reporting accountant is engaged to provide recurring accounting advice and doesn't believe 2nd
opinion isn't being requested
Reporting:
Description of engagement and SAS
ID entity, describe situation
Describe requirements of framework used
Management's responsibility and consult with continuing accountant
Differences in facts may change report
"Alert" should restrict distribution. not for general use
FINANCIAL STATEMENTS WITH SPECIAL PURPOSE FRAMEWORKS
Special purpose framework: other than GAAP that is one of the following bases of accounting
Cash Basis
Tax Basis
Regulatory Basis (require a description of purpose)
Contractual Basis (require a description of purpose)
An "emphasis of matter" paragraph after opinion
F/S are based on special purpose framework
Refer to F/S note describing basis used
Point out that basis is other than GAAP
76
IF using contractual or regulatory basis, also add:
"other matter" paragraph restricting distribution to specified users
IF F/S are prepared on regulatory basis and intended for "general use" neither "emphasis of matter" or
"other matter" added
OCBOA is N/A so dont pick answer using that
A description of how the basis differs from GAAP should be included in the Notes to the financial
statements
The separate explanatory paragraph should refer to the note that describes the basis of accounting.
The relevant AICPA guidance is provided by AU 800: "Special Considerations — Audits of Financial
Statements Prepared in Accordance With Special Purpose Frameworks."
AUDITS OF SINGLE F/S AND SPECIFIC ELEMENTS< ACCOUNTS OR ITEMS
Determine if audit of single F/S or element in accordance with GAAS feasible
If specific element is based on stockholders' equity: auditor should obtain sufficient appropriate audit
evidence to express an opinion about financial position (balance sheet)
If specific element is based on net income: auditor should obtain sufficient appropriate audit evidence to
express an opinion about both financial position (balance sheet) and results of operations (inc. stamt)
If opinion is modified on complete set of F/S
IF relevant and pervasive to specific element:
Express adverse opinion on specific element if matter involves misstatement
Express disclaimer on specific element if matter involves scope limitation
IF adverse or disclaimer on set of F/S: dont express unmodified opinion on single F/S
IF emphasis of matter or other matter pertains to specific element: include on report
An auditor may report on one basic financial statement and not the others, provided that access to
information for all statements is not limited and that all procedures considered necessary are
performed. Such engagements merely involve limited reporting objectives
77
The report on such data should refer to the audit report on the financial statements
The relevant AICPA guidance is provided by AU 805 "Special considerations — Audits of Single Financial
Statements and Specific Elements, Accounts, or Items of a Financial Statement."
REPORTING ON COMPLIANCE WITH REQUIREMENTS IN A F/S AUDIT
Example: debt agreements
May express "negative assurance" : nothing came to our attention that the entity failed to comply
IF didn't find non compliance
Auditor expressed unmodified or qualified on F/S
Covenants subject to auditor procedures
If adverse or disclaimer of opinion on F/S: should only report on non compliance when identified. cant
give "negative assurance"
Can be combined with audit report on F/S
Add "alert" to restrict distribution to specific parties
SERVICE ORGANIZATIONS USER AUDITORS
Service auditor: practitioner that reports on controls at a service organization
Service organization: organization or segment that provides services to user entities that are relevant to
internal control over financial reporting
Subservice organization: Service organization used by another Service organization to perform services
relevant to entities internal control over financial reporting
User auditor: audit and reports on F/S of user entity
User Entity: uses service organization and whose F/S being audited
Service Auditor Reports:
Type 1 Report: report on system and suitability of design of controls
Type 2 report: report on system and suitability of design and operating effectiveness of controls
78
The AICPA has established three types of examination services that result in the following three
types of CPA reports on service organization controls (SOC):
 SOC 1: Restricted use reports on controls at a service organization relevant to a user

entity's internal control over financial reporting.
 SOC 2: Restricted use reports on controls at a service organization related to security,
availability, processing integrity, confidentiality, and/or privacy.
 SOC 3: General use SysTrust reports related to security, availability, processing integrity,
confidentiality, and/or privacy.
SERVICE ORGANIZATIONS SERVICE AUDITORS
Service auditor: practitioner that reports on controls at a service organization
Service organization: organization or segment that provides services to user entities that are relevant to
internal control over financial reporting (outsourcing transaction processing)
Subservice organization: Service organization used by another Service organization to perform services
relevant to entities internal control over financial reporting (outsourcing, outsourcing)
Type 1 Report: management's description of service org's system and suitability of design of controls.
2 Opinions rendered on: 1. System description, and 2. control objectives suitably designed
Management's description of service org system
Written assertion by management about material respects of design and implemented controls
Service auditor's report that expresses an opinion on the written assertion
Type 2 Report: management's description of service org's system and suitability of design and
effectiveness of controls
3 opinions expressed: 1. description is fair, 2. control objectives suitably designed 3. controls operated
effectively
Management's description of service org system
Written assertion by management about material respects of design and implemented controls
objectives and operative effectively
Service auditor's report that expresses an opinion on the written assertion
COMFORT LETTERS
79
Letter for underwriters: contributes to "due diligence" for underwriters under Section 11 of 1933
Securities Act (not required by or filed with SEC)
Restricted to specified parties
Signed by auditors. addressed to underwriter of securities
Intro Paragraph: identify statement and F/S. States independence of accountants
Positive assurance: in our opinion audited F/S comply as to form with SEC requirements (only given)
Negative assurance: limited assurance. not aware of any need for modification.
unaudited or interim information complies with form of SEC requirements
Whether modifications are needed for unaudited F/S
any changes in amounts of stick, debt, or decrease in F/S elements
The relevant AICPA guidance is provided by AU 920: "Letters for Underwriters and Certain Other
Requesting Parties."
GOVERNMENT AUDITING STANDARDS
Referred to as GAGAS. Issued by GAO. Referred to as "yellow book"
A written report on I/C over financial reporting is required for every audit (additional reporting)
comment on auditors understanding
comment on scope of testing of control
significant deficiencies identified, obtain a written response from management to include in

report
Written report on compliance with applicable laws, regulations, and agreements
distinguish between general and specific requirements
focuses on noncompliance having material and direct effect on F/S
comment on scope of compliance testing
80
may have duty to report fraud/illegal acts, abuse to outside authority
Should report any know instances of illegal acts that could result in "criminal prosecution". report on
non trivial acts
Remember the 3 C's: Controls, Compliances, Crimes
Single audit act of 1984: spent over 750K of federal money in a year, single coordinated audit of major
assistance programs, not grant by grant
Audit F/S and schedule of expenditures provided by federal government
Materiality is determined separately for each major program involved
Test I/C of major programs and evaluate compliance
Reports Issued under Single Audit Act
Fairness of F/S and schedule of expenditures of federal assistance
I/C over financial reporting
Compliance
Schedule of Findings and Questioned Costs" if ID any audit findings
DEEP DIVE:GOVERNMENT AUDITNG STANDARDS
Report on I/C
Begins with audit of F/S performed
Then separate sections: Internal Control Over Financial Reporting (no opinion),
Compliance and other matters
Includes significant deficiencies and material weaknesses
Report on Compliance:
Looked at laws and regs, only those that material effect F/S (illegal acts disclosure through refernce)
If spend more than 750K in a year:
Audit Schedule of Expenditures of Federal Awards
81
Audit of compliance
Report of audit findings with responses from officials and corrective action plans
Direct communication when: Reported to the entity's governing body and the governing body fails to
make a required report to the federal inspector general
I/C reporting under Government Auditing Standards differs by: requiring that the scope of the auditors'
testing of internal control over financial reporting be described. It can be a separate report or combined
report with compliance with laws and regulations.
Financial statement audits in accordance with Government Auditing Standards require the following
reports:
1) an audit report;
2) a report on internal control;
3) a report on compliance with laws, regulations, and the provisions of contracts or grant agreements
The auditor's documentation should contain sufficient information so that supplementary oral
explanations are not required
sub-recipient: nonfederal entity that expends federal awards received from another entity to carry out a
federal program.
COMPLIANCE AUDITS
SAS 117
Objective: Express opinion about compliance
ID requirements that are supplementary to GAAS & GAGAS to evaluate requirements
Incorporates AICPAs risk assessment
Risk of material non compliance (same as RMM) and if they are pervasive to compliance
Reporting: Opinion directed at compliance at program level
82
Issue separate report on compliance or combined with I/C over compliance or separate report
on I/C over compliance
If the auditor detects noncompliance with requirements that have a material effect on the program
being audited, the auditor should issue a qualified or adverse opinion on compliance.
The auditor is required to give positive assurance on the items tested as to compliance with laws and
regulations. The auditor provides negative assurance on the items not tested
SSARSs- GENERAL PRINCIPLES
Statements on Standards for Account and Review Services: SSARS
Created by AICPAs accounting and review services committee
Two types of requirements
Unconditional Requirements: "must"
Presumptively mandatory requirement: "should"
Application and Other Explanatory Material: explain meaning of requirements: "may"," might"," could"
SSARSs: enforced by rule no 2
Interpretive publications
Other compilation and review publications: no authority
Circumstances prevent acceptance:
ethical requirements not met
info needed is unavailable
reason to doubt management integrity
Prior to accepting:
Determine competence
Financial reporting framework is acceptable
Management acknowledges and understands requirements
The Statements on Standards for Accounting and Review Services are not applicable when:
1) preparing a working trial balance;
83
2) assisting in adjusting the books of account;
3) consulting on accounting, tax, and similar matters;
4) preparing tax returns ;
5) providing bookkeeping or data processing services
6) processing financial data for clients of other accounting firms
SSARSs—Preparation of Financial Statements
AR-C 70
Meet preconditions
Obtain written agreement as to terms
NO REPORT ISSUED FOR PREPARATION ENGAGEMENT
Accountant not required to be independent because no assurance is provided
Documentation Requirements:
Document work performed: engagement letter, copy of F/S prepared
Any reason for noncompliance
Doesn't apply if:
Bookkeeping services
preparation of information to taxing authorities
F/S as part of personal financial planning
F/S associated with litigation or business valuation services
SSARSs- COMPILATION ENGAGEMENTS
A "compilation" engagement involves assisting management in presenting the financial statements
Meet preconditions, written agreement, compilation report must be issued when engage to compile
entity's F/S
Need not be independent - cause no opinion. but must be stated at end or report
84
Understand framework, read F/S, request additional info
Clarified Compilation Report:
Title
Body: Management responsibility, performed in accordance with SSARSs by ARSC of AICPA,

didn't audit or review F/S or perform procedures to verify management info, disclaim opinion or
any form of assurance on F/A
Signature block: signature, city/state, date
Add separate paragraph to state if special purpose framework and refer to note on F/S
F/S contain known departures: propose adjustment, modify report by adding separate paragraph
work performed ( letter, F/S compiled, compilation report)
document reasons for noncompliance with a presumptively mandatory requirement
IF modifying compilation report is inadequate to indicate deficiencies, withdrawal
In a compilation, the accountant is required only to read the financial statements to consider whether
the financial statements are free from obvious material errors
A compilation engagement carries no expectation that the accountant will obtain an understanding of
the entity's internal control
An accountant may compile financial statements lacking substantially all disclosures provided that:
1) the omission is clearly indicated in his/her report; and
2) the omission is not intended to mislead those who might reasonably be expected to use the compiled
statement
The accountant does not perform any evidence-gathering procedures to corroborate the financial
information involved.
If the financial statements are prepared using a special purpose framework and the financial statements
do not disclose this basis, the accountant's compilation report should identify the basis
Compiled financial statements should be accompanied by an accountant's report stating:
that the accountant compiled the financial statements in accordance with Statements on
Standards for Accounting and Review Services
that the accountant does not express an opinion or any other form of assurance on the financial
statements
85
Guidance is provided in the clarified SSARSs, specifically by AR-C 80, Compilation Engagements
Circumstance Resolution
Departures from GAAP A departure from generally accepted accounting principles requires
the accountants to discuss the departure in a separate paragraph in
the compilation report.

Lack of consistent application of Compilation report not required to be altered.

GAAP, substantial doubt about
ability to remain a going concern
properly disclosed in financial
statements

Lack of consistent application of Modify the compilation report for a departure from generally
GAAP, substantial doubt about accepted accounting principles.
ability to remain a going concern
not properly disclosed in
financial statements

Compilations of information that This is permissible. In such situations the accountants should add the
omits substantially all following last paragraph to their report:
disclosures (e.g., note disclosures
omitted)
• Management has elected to omit substantially all of the disclosures

(and the statement of cash flows) required by generally accepted
accounting principles. If the omitted disclosures were included in
the financial statements, they might influence the user’s
conclusions about the company’s financial position, results of
operations, and cash flows. Accordingly, these financial statements
are not designed for those who are not informed about such
matters.
The financial statements should also indicate “Selected Information
—Substantially All Disclosures Required by Generally Accepted
Accounting Principles Are Not Included.”
Compilations when the CPAs are Independence is not required. The following may be added to the
86
not independent compilation report:

• We are not independent with respect to XYZ Company.
In addition the CPAs may also provide reason(s) for the lack of
independence (e.g., a member of the audit team had a direct
financial interest in XYZ Company)
SSARSs- REVIEW ENGAGEMENTS
Must meet preconditions for engagement
Obtain written agreement
Must be independent, a review report expresses "negative assurance": not aware of any material
modifications
Must agree or reconcile underlying document to F/S
Procedures:
Analytical procedures: unsusual F/S relationships
Inquiry about financial reporting issues (no corroborating evidence)
Written management representation letter (signed by CFO/CEO)
Clarified Report
Title: Independent Accountants review report
Body: Into, Management Responsibility for F/S (labeled), Accountant's Responsibility (labeled),
accountants conclusion (labeled)
Signature block: signature, city/state and date
Special purpose framework: add emphasis of matter paragraph
If F/S contain departures; add "known departures" paragraph after conclusions
If modifying isnt appropriate way to communicate deficiencies: withdrawal
87
Document:
work performed: engagement letter, management rep letter, significant findings, copy F/S, copy
of review report
Reasons for non compliance with presumptively requirements
If the accountant becomes aware of a GAAP departure during a review engagement, the review report
should disclose this departure in a separate paragraph of the report
A practitioner is allowed to change an engagement from an audit to a review given reasonable

justification. The review report would NOT reference: 1) the original engagement; 2) any auditing
procedures that may have been performed; or 3) scope limitations that resulted in the changed
engagement.
Belief that modification of the review report is not adequate to indicate the deficiencies in the financial
statements, Baker should withdraw from the engagement
The accountant would modify the standard review report if he/she became aware of departures from
the applicable financial reporting framework that were not corrected
An accountant is allowed to issue a review report on one financial statement as long as the scope of the
inquiry and analytical procedures has not been restricted
SSARSs - OTHER TOPICS
Compiling Pro Forma Information: effects that actual or potential transaction might have had on
historical financial information if it occurred on financial presentation
Prerequisite: must have compiled, reviewed or audited historical F/S that is basis of pro forma
Each page stamped with "see accountant's compilation report"
Doesn't have to be independent, but should state if not independent
May assist in preparation of pro forma information without issuing compilation report
Supplemental Info & required Supplementary Info
when compiling or reviewing supplemental information, indicate responsibility taken in
separate report or other matter paragraph
when compiling or reviewing required supplemental information:
add other matter paragraph
88
Review and compilation reports on comparative financial statements
refer to each period of F/S shown. nature of engagement can change year to year (compile v
review)
When change in accountants and prior report not presented: successor should state fact in
other-matter
Changing engagement form from Audit to a Review
Consider reasons and incremental cost to complete the audit
When audit prior year and review subsequent year: add a separate paragraph to the review report
stating (1) that the prior period's financial statements were audited; (2) the date of the previous report;
(3) the type of opinion expressed; (4) the reasons for any modification of the report; and (5) that no
auditing procedures were performed after the date of the previous report
Compilation report should disclose the lack of independence
OTHER PROFESSIONAL SERVICES

ATTESTATION STANDARDS
Attestation: examination, review, or agreed upon procedures report on subject matter, or an assertion
about the subject matter that is the responsibility of another party
Auditing is historical matter. Attestation could be anything
The SSAE are a broad category of attestation services that are not covered by other standards
Attestation engagements: examination, review, or agreed upon procedures
11 Attestation Standards (similar to GAAS)
General Standards:
Technical training in attest function (adequate and proficiency)
Knowledge in subject matter
Criteria that is suitable and available (capable of evaluation against criteria)
89
Independence
Due professional care: in planning and performance and preparation of report
Fieldwork Standards
Planning and supervision
Evidence: sufficient evidence for reasonable basis
Reporting Standards
Nature of engagement: whether examination, review or agreed-upon procedures
Conclusions: state conclusion about subject matter in relation to criteria
Reservations: about engagement or adequacy of presentation, then appropriately expressed
Limited use: when restricted to specific parties
Must state when: Criteria is limited in understanding, criteria only available to some, no
written assertion provided, when agreed-upon procedures to subject matter
SSAE Hierarchy:
Standards: SSAEs are interpretations of standards and must be followed by practitioners
Interpretations: explain compliance with SSAEs when not applying applicable interpretations
Other attestation publications: no authoritative status
Services of Attestation
Examination: positive assurance (low level of attestation risk) similar to audit
ID material deficiencies
Can add explanatory paragraph
Report can be issued for general distribution, refer to AICPA standards
Review: Negative Assurance (Moderate level of attestation risk)
ID material deficiencies
Can add explanatory paragraph
Include disclaimer of opinion
90
Report can be issued for general distribution
Agreed-upon procedures (neither negative nor positive assurance)
Specified parties take responsibility for sufficiency of procedures (perform procedures on their
behalf)
Conclusions presented as: procedures...findings
No other assurance given/ disclaim an opinion
Limited distribution to specified parties
Prospective financial statements include summaries of both significant assumptions and significant
accounting policies
FINANCIAL FORECASTS AND PROJECTIONS
2 types: Forecasts (predicted outcome best guess)
Projections (expected outcome based on certain assumptions, what if)
AICPA allows: Examination (always, a lot of work), agreed upon procedures (restricted distribution),
compilation. (review is not allowed)
Responsibilities: evaluate presentation and underlying assumptions for reasonableness. similar structed
report to that of audit report
Only a forecast can have general distribution
Any report on projection would have to have restricted distribution
Agreed-upon procedures report:
91
ID nature and prospective F/S information
Refer to AICPAs attestation standards
Conclusion is procedures...findings
State not an examination and give disclaimer of opinion. results may not be achieved and don't
take responsibility for anything after the fact
Restrict distribution to specified parties
Compilation of Prospective F/S- No assurance given
Read and compare to AICPA guidelines
Report:
ID nature of engagement and subject matter. refer to AICPA standards
Stat limited in scope and disclaim opinion. Forward looking and not responsible for it
Any report of "projection" has restricted distribution
Agreed upon procedures on forecast: restricted
Any type of partial presentation: restricted
An accountant's report on a compilation of a projection includes:

1) a statement that the compilation is limited in scope;
2) a disclaimer of responsibility to update the report;
3) a caveat that the prospective results may not be achieved; and
4) a description of the limitations of the presentation's usefulness
An examination of a financial forecast is a professional service that involves evaluating the preparation,
the support for the assumptions, and the presentation of the prospective financial statements and
rendering an opinion
When the assumptions do not provide a reasonable basis for the forecast, the examination report
should express an adverse opinion
Circumstances resulting in departure from standard examination report
1. Departure from AICPA presentation guidelines (result in a qualified or adverse opinion)

2. Unreasonable assumptions (adverse opinion)
92
3. Scope limitation (disclaimer)
4. Emphasis of a matter (unmodified)
5. Evaluation based in part on report of another auditor (unmodified—divided responsibility)
Only a financial forecast is appropriate for general use
PRO FORMA FINANCIAL INFORMATION
Pro forma: show significant effects on historical F/S if an event happened before balance sheet date
rather than after balance sheet date (business combination, new securities, etc)
Requirements:
Document with pro forma information that references historical statements
Accountant has audited or reviewed historical F/S
3 Objectives:
Management assumptions are reasonable for effects
Whether pro forma adjustments reflect those assumptions
Whether pro forma F/A are adjusted
Can express positive assurance for examination or negative assurance for review of each objective
Report on a review of pro forma financial information should include
reference to the financial statements from which the historical financial information is derived
statement as to whether such statements were audited or reviewed.
Any modification of the report on the historical financial statements
COMPLIANCE ATTESTATION
Reporting of entity's written assertion about compliance or effectiveness of I/C related to compliance
Can only do examination and agreed-upon procedures (no review)
Examination report
Into: nature and subject matter. responsibilities of management and accountant
Scope: Reference AICPA standards and note that doesn't provide legal determination
93
Opinion: express without identify specific measurement requirements
Agreed-upon procedures report
Into: nature and subject matter. responsibilities of management and accountant. AICPA
standards
Enumerate procedures and findings
State disclaimer of opinion
Restrict distribution to specified parties
REPORTING ON INTERNAL CONTROL IN AN INTEGRATED AUDIT
Integrated audit: auditing F/S and expressing a report on internal control over financial reporting
Design and operating effectiveness of I/C
Basic responsibility: design test of control to achieve objectives of both engagements simultaneously
Support opinion on I/C at end of period
Support auditor's assessment of control risk of the audit
Obtain sufficient appropriate evidence if material weaknesses exist. not required to seek anything else
out. use same criteria as management to evaluate
Management Requirements:
Accept responsibility for effectiveness of I/C
Evaluate effectiveness of I/C using suitable and available criteria
support assertion on I/C with sufficient appropriate evidence
provide written assertion about I/C in a report containing auditor's report
May use work of others after assessing competence and objectivity
Materiality is the same for both engagements
Use Top-down approach
Evaluating Design effectiveness: inquiry, observation, and inspection of documentation, walk thru
Evaluating Operating Effectiveness: inquiry, observation, inspection of documentation, recalculating,

performance of control
94
Focus on reasonable possibility: depends on magnitude and potential of misstatement
Communication:
identified material weakness and significant deficiencies
for non-government entities: by the report release date
for governmental entities: within 60 days of report release date
Lesser matters no later than 60 days after report release date
Can be separate report on combined report, if separate: add paragraphs referencing other report and
should have same date
Reporting on I/C
If any material weakness: Adverse opinion on effectiveness of I/C
Scope limitation: withdrawal or disclaimer of opinion
The work performed in an attestation engagement on internal control is more extensive in scope than
that performed during the control risk assessment in a financial statement audit.
4 conditions that must be met for the auditor to examine internal control in an integrated audit under
AICPA standards
Management accepts responsibility for the effectiveness of I/C
Management must evaluate the effective of I/S using suitable available criteria
Management must support its assertions about effective of I/C with sufficient appropriate
evidence
Management must provide its written assertion about the effectiveness of I/C in a report to
accompany auditor's report
95
An auditor's unqualified report on internal control would provide the opinion that the company
maintained, in all material respects, effective internal control over financial reporting as of a specific
date (usually year end), based on the control criteria
MANAGEMENT DISCUSSION AND ANALYSIS
Attesting to MD&A presentations according to SEC requirements (Must have audited F/S)
Examination of MD&A to provide positive assurance
MD&A includes elements required by SEC
Discussion of financial condition (liquidity and capital resources)
Discussion of changes in financial condition
Discussion of results of operation
Are Historical amounts accurately derived
Underlying information and assumptions provide reasonable basis for disclosures within
presentation
Review of MD&A to provide negative assurance as to whether there is a reason to believe
The presentation does not include elements required by SEC
the amounts are not accurately derived
information does not provide a reasonable basis for MD&A presentation
Examination of MD&A presentation embodies 4 assertions
Occurrence
Completeness of explanation
Consistency with financial statements
Presentation and disclosure
ASSURANCE SERVICES
Attestation: no restriction of subject matter, speaking to reliability
96
Assurance: independent profession services that improve quality or context of information for decision
makers
SARBANES-OXLEY ACT OF 2002 AND THE PCAOB

PCAOB RESPONSIBLITIES
PCAOB responsibility:
Register Public Accounting Firms
Inspect registered public accounting firms ( review +100 firms = annually, less than 100 every 3
yrs)
Standard setting
Enforcement
Funding - funded by registration and annual fees from accounting firms, accounting support fee
assessed on issuers
Title II of the Sarbanes-Oxley Act of 2002 establishes 5 years as the upper limit before mandatory
rotation
DEEP DIVE
97
Cooling off period of 1 year: applies to lead partner, concurring partner, audit engagement team
member> 10 hours audit/review/attest services
Applies if new job: financial/executive capacity, financial oversight or F/S preparation at client
1 year period preceding the beginning of the audit of current year FS
AUDITING STANDARD NO 1
Adopted AICPA as of 4/16/03, then going forward issued own
Required changes to Auditor's report:
Required report to be titled: Report of Independent Registered Public Accounting Firm
In Scope paragraph: the standards of the PCAOB (instead of GAAS)
Opinion paragraph: US generally accepted accounting principles (re- wording)
Along with signature, must add city and state
98
Audit documentation
Demonstrate complied with PCAOB standards, support basis for auditor's conclusions, underlying
records agree or reconcile with F/S
Document audit procedures involving audit procedures, all significant findings or issues and actions to
address them (ID in engagement completion document)
Retain documentation for 7 years from release date (AICPA 5 yrs)
Documentation completion date: no later than 45 days after report release date (AICPA up to 60 days)
99
After documentation completion date: nothing deleted, added must include date, name and reason for
addition
reporting of previously reported material weakness continues to exist:
As of a date specified by management
PCAOB doesn't require it.
Auditor's report must be unqualified opinion or disclaimer
In evaluating whether a material weakness exists, an auditor should focus on materiality at the financial
statement level
An audit of I/C over financial reporting (integrated audit)
Applicable: when auditor is engaged to audit the issuer's F/S and management's assessment of
effectiveness of I/C over F/R
Objective: no material weaknesses in controls exist
Risk assessment underlies entire audit process, allows auditor to use work of others to reduce
duplication
Uses "top-down" approach at F/S then entity level
Control deficiencies: in design and in operation
Material weakness: deficiency in ICFR that there is a reasonable possibility that a material misstatement
will not be prevented or detected on a timely basis
Significant deficiency: deficiency in ICFR that is less severe than a material weakness, but important
enough to merit attention
Perform walkthroughs
Testing controls: if controls address assessed risk of misstatement
design of effectiveness: inquiry, observation, walkthroughs, inspection of documentation
100
operating effectiveness: inquiry, observation, walkthroughs, inspection of documentation, re-
performance
Indication of material weakness: fraud, restatement of prior F/S, discovery of MM in current F/S,
ineffective oversight by audit committee
Material weaknesses: communicated to management and audit committee
Significant deficiencies: communicated with audit committee
Lesser deficiencies: communicated to management
If audit committee is ineffective: report to board of director
Can issue separate or combined reports, if separate then explanatory report that references other, each
have same date
If material weakness: ADVERSE opinion and include definition of material weakness
If scope limitation: Disclaim opinion or withdraw
Deficiency in design: When a control necessary to meet the control objective is missing or when an
existing control is not properly designed so that, even if the control operates as designed, the control
objective is not always met
Consistency: evaluation of
(1) a change in accounting principle; (at management's discretion or mandated)
(2) an adjustment to correct a misstatement in previously issued financial statement
add explanatory paragraph
When there is a change in accounting principle, the auditor should evaluate whether
(1) the newly adopted principle is GAAP;
(2) the method of accounting for the effect of the change conforms to GAAP;
(3) the disclosures related to the change are adequate
(4) the company has justified that the alternative accounting principle is preferable.
101
IF criteria isn't met then GAAP departure and qualified opinion or an adverse opinion
Change in classification do not require mention unless correction of material misstatement or change in
accounting principle
Engagement quality review: requires engagement quality review and approval of issuance
For an audit
For a review of interim financial information
Evaluate significant judgments and conclusions
Reviewer must be associate person (within firm or paid outsider)
Cooling off: serving as engagement audit partner for either of the 2 audits before cant review
Accounting firm cant give permission to use report unless reviewer provides "concurring approval of
issuance". Review cant give it if there are any significant deficiencies
Significant engagement deficiencies":
(1) the engagement team failed to obtain sufficient appropriate evidence;
(2) the engagement team reached an inappropriate overall conclusion;
(3) the engagement report is not appropriate;
(4) the firm is not independent of its client
Evaluate the significant judgments and conclusions of the engagement team by
(1) holding discussions with the engagement partner and other members of the engagement team
(2) reviewing the engagement's audit documentation
AUDITING STANDARD NO 8-15
No 8: Audit risk: conduct audit that reduces risk to appropriate level. At F/S level and relevant assertion
level
102
No 9:Audit Planning: plan audit so that its conducted effectively. engagement partner in charge
No 10: Supervision of Audit Engagement: work performed as direct and supports conclusions
No. 11 Consideration of Materiality: apply materiality in planning and performance. same materiality for
audit of F/S and ICFR
No 12 Identifying and Assessing RMM: ID and assess RMM as basis for designing and implementing
responses. provide reasonable basis for designing further audit procedures. Top down approach
No 13 Auditors responses to RMM: address RMM through overall audit responses and procedures
No 14 Evaluating audit results: evaluate results of audit to determine whether sufficient and appropriate
to support opinion
No 15 Audit evidence: plan a perform audit to obtain evidence to support conclusions. based on 5
assertions
Existence
Completeness
Right and obligations
Valuation or allocation
Presentation and disclosure
Primary differences between AICPA and PCAOB
PCAOB apply to "integrated audits" and ASB apply to F/S audits
PCAOB 8 risk standards, ASB 5 standards
PCAOB more specific for engagement partner's responsibility
PCAOB focused on 5 traditional F/S assertions
required communication with audit committee
Communicate responsibilities and establish understanding of terms of engagement
Obtain info relevant to audit
Communicate info about strategy and time
103
provide timely observations about significant audit matters
Critical accounting policies and practices
most important to portrayal of financial results and require management most difficult,
subjective or complex judgments
Communicate
evaluation of quality of reporting
responsibility for other information in documents containing audited F/S
difficult matters
management's consultation with other accountants about issues
Going concern
Uncorrected or corrected misstatements
material written communications between auditor and management
departure from standard report
disagreements with management over significant matters
difficulties encountered in audit
other matters auditor views as significant
Can be oral or written and must be timely and prior to issuance of the auditor's report
Auditing supplemental information:
fairly stated in all material respects in relation to the F/S as a whole
Procedures
Obtain understanding of purpose and criteria in presentation
Obtain understanding of methods used to prepare (consistency)
Inquire management about significant assumptions
104
Verify information reconciles to F/S or other records
Test for completeness and accuracy
Obtain management letter for responsibilities
Can issue separate or combined reports
Qualified opinion on F/S = same if matter applies to supplemental info
Adverse or disclaimer opinion on F/S = same for supplemental info
Auditor's report does not include a statement that the methods of measurement and presentation have
not changed from those used in the prior period
Related Parties
Evaluate whether related party relationships and transactions are properly reported and disclosed
Obtain understanding for: ID related parties, authorizing transactions, accounting for/disclosing in F/S
Communication:
evaluate company's ID and reporting of related party issues
Any related party issues undisclosed to auditor
Any significant transactions not authorized
Any related party transactions that lack business purpose
management assertions that related party transactions were equivalent to arms length
INTERNATIONAL AUDITING ISSUES

IFAC AND INTERNATIONAL STANDARDS ON AUDITING
International Federation of Accountants (IFAC)
Organization for organizations: 18 members
Not an accounting standard setter
105
IFAC has 4 separate stand setting boards
International Auditing and Assurance Standards Board: auditing and review, other assurance, QC
International Ethics Standards Board
International Public Sector Board
International Accounting Education Board
US vs International auditing
ISAs do not provide "integrated audit" with internal control reporting
ISA requirements are less than US
ISAs don't provide division of responsibility
ISAs don't limit foreseeable future for going concern
Public Interest Oversight Board oversees IFAC's auditing and ethics-related standard-setting activities
CODE OF PROFESSIONAL CONDUCT

INTRODUCTION AND PREFACE
Divides code in 3 major parts. Members in public practice (MIPP), Members in Business (MIB),
Other members (OMs)
Six principles of professional conduct
1. Responsibilities principle: exercise sensitive professional and moral judgments.
Improve art of accounting
Maintain public's confidence
carry out profession's special responsibilities for self governance
2. Public Interest principle: act in way to serve public interest, honor public trust, demonstrate
commitment to professional. "acceptance of responsibility to the public"
3. Integrity Principle: perform all professional responsibilities with highest sense of integrity
106
Integrity is measured in terms of what is right and just
4. Objectively and independence principle: maintain objectivity free of conflicts of interest in discharging
professional responsibilities. Independent in fact and appearance
Objectivity: Impartiality, intellectual honest, freedom from conflicts of interest
5. Due Care Principle: observe procession technical and ethical standards, strive to continually improve
competence and quality of services and discharge professional responsibility
6. Scope and Nature of services principle: observe principles of code of professional conduct in
determining the scope and nature of services provided
The code is available at: http://pub.aicpa.org/codeofconduct
MIPPS INTRODUCTION AND CONCEPTUAL FRAMEWORK
Applies to public and government audit organization
3 Steps to applying conceptual framework
ID threat
Evaluate significance of threats
ID and apply safeguards
7 types of threats
Adverse interest threats (client and auditor)
107
Advocacy threats (advisor, underwriter, etc)
Familiarity Threats (family members or old colleagues)
Management Participation threats
Self interest threats (you have interested stake, excessive reliance on one client)
Self review threat
Undue influence threat (threaten to fire or withhold future business)
Safeguards
Created by profession, legislation or regulation (training, standards, external review, hotline etc)
Implemented by the client (tone at top, client has skills, policies and procedures, governance)
Implemented by the firm (tone at top, policies and procedures, rotations)
CPA acting as an auditor must honor professional rules regarding integrity, objectivity, independence
CONFLICT OF INTEREST, DIRECTORSHIPS, AND GIFTS
Two Types: 1. Client A v Client B, 2. Firm and members v Client
Threats to objectivity are reduce to an acceptable level when:
There is full disclosure
Client consents
Director Positions: companies that you work with want you to serve as a director. will the threat be
unacceptably high? just be a consultant instead
Gifts and Entertainment: Objectivity and integrity are threatened if receive or give gifts to:
Officers
Directors
10% shareholders
If violate member's or client's policies or applicable laws and regulations. Know the rules or reckless in
not knowing the rules. If no rules, if its reasonable.
Reasonableness is determined by:
108
Nature of gift
Occasion
Cost / value
Entertainment was associated with conduct of business directly before, during or after (meals, etc)
REPORTING INCOME AND SUBORDINATION OF JUDGMENT
Preparing and reporting income Members have violated code if:
Made, permitted or directed materially false and misleading entries
Failed to correct material misstatements when had authority
Signed, permitted or directed signature to doc. containing materially false and misleading info
Subordination of Judgment: If disagreement, don't simply accept superior judgment you
Proper procedure
Evaluate significant that material misstatement will occur or if laws or regulations violated (no?
then ok)
If significant threat, should discuss with superior
If superior doesn't resolve, go over superior's head
If still worried: review internal policies, review if responsible to third parties, consult legal,
document understanding
If can reduced to acceptable level: consider quitting
Not precluded from resigning but doesn't necessarily protect from legal liability
ADVOCACY, THIRD PARTY SERVICE PROVIDERS (TSPs), GENERAL STANDARDS, AND ACCOUNTING
PRINCIPLES
Client advocacy: cant advocate for attest clients, may advocate for advisory or tax clients but can
threaten objectivity or integrity (not too zealous)
Use of TSPs: Ok to outsource work to TSP but can threaten Integrity and objectivity. If outsourcing
professional services, notify clients in writing before confidential information to TSP. If client says no,
don't outsource of turn down engagement
109
General Standards: must follow rules by appropriate bodies
Professional Competence
Due Professional Care
Planning and Supervision
Sufficient Relevant Data
Competence: possesses technical qualifications and can supervise and evaluate quality of work
performed. Decline if can't. Can't just turn over to specialist
Accounting Principles:
Exceptions: when departure from GAAP is appropriate (ex: new legislation, evolution of business
transactions, when other accounting principles apply, special frameworks)
Describe departure
Describe its approximate effects
Describe reasons why compliance would result in misleading statement
Doesn't apply if: conflicting industry practice, unusual degree of materiality
DISCREDITABLE ACTS
Discreditable acts:
Discrimination and harassment in employment
Solicitation or disclosure of CPA Exam questions and answers
Failure to file a tax return or pay a tax liability
Negligence in preparation of F/S or records
Material departure from standards
Failure to follow additional government standards over GAAS
Improper use of indemnification and limitation of liability provisions
Disclosing confidential information obtained from employment or volunteer activities
False advertising
110
Improper use of CPA credential
Records Requests
Removing client files or info after termination
Use of confidential info without consent
Records Types:
Client Provided records: return upon request, even if not paid
Member prepared records (AJEs, documents): deliver upon request when related to issued
product except if fees are due for that specific work product
Member's work products: provide upon request unless haven't been paid for that work, work is
incomplete, withhold to comply with standards, if threatened or outstanding litigation
Working papers: don't have to provide to client, unless explicit in engagement letter
Some states are more strict and if so, then follow state laws
Must be honored within 45 days, in form you have them in
Audit documentation is not transferable to a purchaser of a CPA practice unless the client consents
FEES
Contingent Fees: fee established for performance and amount is determined by the result
Exclusion: fixed by courts or public authorities
Can't get them for attest services:
Audit or review of F/S
Compilation of F/S where 3rd party will use and didn't disclose lack of independence
Examination of prospective financial information
Can't prepare original or amended tax return or claim for contingent fee
Permitted contingent fees in tax area:
representing cline in revenue agent's examination of clients return
filing amended return that is subject of a test case involving different taxpayer w respect to
which taxing authority is developing a position
111
filing an amended return claiming a refund greater than threshold for review by join committee
on taxation or state taxing authority
representing a cline in connection with obtaining a private letter ruling or influencing the
drafting of a regulation or statue
Commissions and referral fees: Prohibited for attest clients, permitted for non-attest: just disclose
Spouse can receive commission for member's attest client, as long as the spouse's activities are separate
from the practice and member isn't significantly involved in spouse's activities
When take title and then sell to client, can mark up without disclosure
May subcontract service to another person and mark up costs without it being considered a commission
Tax accountants can accept referral fees and commissions. However, they should be disclosed to the
client
ADVERTISING AND CONFIDENTIALITY
Advertising: responsible for 3rd parties promotional efforts
Considered false if:
create false or unjustified expectations of favorable results
imply the ability to influence court or regulatory agency
Claim that services will be performed for a stated fee when its likely they will be substantially
increased
Confidential info: proprietary information gained through relationship that isn't public
General: don't disclose unless authorized
Discreditable act to: disclose without permission or use for personal benefit
Confidentiality survives employment relationship
Exceptions:
initiate ethic complaint with AICPA, state board of accounting
protect member's professional interests in legal proceedings
comply with professional standards
112
report potential concerns to employers confidential complaint line or audit committee
Disclosure on behalf of employer to:
obtain financing with lenders
communicate with vendors, clients, customers
communicate with employer's external accountant, attorney, regulators, other professionals
Additional concepts:
If new client likely leads to disclosure of confidential information from existing or previous
client, don't accept until get consent
When withdrawal, if contacted by new auditor, suggest the firm contact client to ask permission
for you to discuss matters freely
When using TSP: before disclosing, make sure they have adequate protection
Turning over client names is allowed unless disclosure of name signals propriety info
(bankruptcy)
CPA may generally disclose confidential information without a client's consent if it is necessary to avoid
violating GAAP, if in response to an ethics inquiry by a quality review board, or pursuant to a court order
FORM OF ORGANIZATION AND NAMES
Form of Org:
MIPP can only form permitted by law
MIPP can't practice under a firm name that is misleading
Name of one or more past owners can be included
Firm cant designate itself as Member of the AICPA unless all its CPA owners are
Ownership of a separate business: that provides non attest services, but if member controls it they
would have to abide by code of conduct
Nonmember practitioners: must still comply with code, and responsible for fellows
Attest engagement performed with a former partner: finish engagement and use non-letter head
113
Firm Name:
Network firms: firms that work together for advantage and share
Common control
profits and losses
common business strategy
significant portions of professional resources
common quality control policies and procedures
Attest firms must be majority owned by CPAs
IF CPA controls another firm, the firm in which he has invested (XYZ) and its employees must abide by
code of conduct
INTRODUCTION TO MIPPS INDEPENDENCE RULES
Shall be independent when performing attest services.
When codes doesn't resolve issue, the Conceptual Framework should be applied
Threats
Adverse interest threats
Advocacy threats
familiarity threats
management participation threats
self-interest threats
self-review threats
undue influence threats
Threats group into:
Financial relationships / employment relationships/family relationships/consulting relationships
114
Safeguards
Profession, legislation, regulation
attest client (policies and rules)
Your firm
Time period: independence rules must be follow when relationships exist during
The period covered by financial statements
period of processional engagement
Covered Members (who must follow rules)
Member on attest engagement team
position to influence attest engagement
partner, partner equivalent, or manager who provides more than 10 hrs of nonattest services to
attest cline within any fiscal year
partner or partner equivalent in the office that leads attest engagement but not associated with
the firm, including employee benefit plans
entity whose operating, financial, or accounting policies can be controlled by any individuals or
entities
NETWORK FIRM AND AFFILIATES
Network firms: firms that work together for advantage and share
Common control
profits and losses
common business strategy
significant portions of professional resources
common quality control policies and procedures
115
Must comply with independence rules with respect to clients of other network firm if use of audit or
review report is not restricted (unrestricted)
Affiliates: covered members must abide by independence rules for both attest clients and affiliates
REISSUES, ENGAGEMENT LETTERS, ADR, AND UNPAID FEES
Reissued reports: If prior auditor and now not independent to prior engagement client and have to
reissue = do limited procedures (inquiries, reading F/S)
Engagement contract terms: can indemnify firm for liability and costs resulting from client's
management's knowing misrepresentations
Alternative dispute resolution (ADR): require ADR in lieu of litigation to resolve disputes, can put in
position of material adverse interests and thereby impair independence
Unpaid Fees: can't sign current year audit report if there are unpaid fees from more than one year prior
Fees are unpaid even if they are unbilled or if the client has issued the firm a note receivable
Exception: client in bankruptcy
OVERVIEW AND UNSOLICITED FINANCIAL INTERESTS
IF covered member has or is committed to acquire direct interest in attest client (immaterial or material)
independence is impaired. Only not impaired if both indirect and immaterial
Financial interest: equity, debt or derivatives
Direct:
owned directly by member (even if managed)
interest beneficially owned through investment vehicle, estate, trust, when beneficiary either:
controls the intermediary
has authority to supervise or participate in investment decisions
(Passive if not doing either)
Beneficial owner: doesn't have title but gets benefits
116
Even if partner of professional employee isn't a covered member, that person or immediate family, cant
own more than 5%
Unsolicited Financial Interests:
if member receive or learn they will receive, independence will not be impaired if dispose of
interest within 30 days
If cant dispose, can still be independent if
member doesn't participate on attest engagement
interest is not material
MUTUAL FUNDS AND RETIREMENT PLANS
Mutual fund: interest in fund is direct, interest in underlying investments if own less than 5% is indirect
If own more than 5% of diversified funds or undiversified funds evaluate if they are material to net
worth and net worth of immediate family
Retirement Plans: if members of immediate family members self-direct their investments into plan:
interest is direct (bad even if immaterial)
If don't self direct: then they are indirect and immaterial is ok
Defined benefit plan isn't interest held by covered member, unless specifically involved in investment
decisions
PARTNERSHIPS, 529s, TRUST AND ESTATES, EMPLOYEE BENEFIT PLANS
Partnerships:
General partnership: all are GP and have right to vote and investment decisions (direct investment in
partnership and partnership's investments
Limited Partnership: GP is direct interest, LP direct in partnership and indirect in investments (direct if
participated or have ability to replace GP)
LLCs:
Member managed: like partnerships and treated the same for independence
117
Agent managed: interest in LLC direct, investments are indirect (unless can control LLC/supervise or
participate)
Section 529 Plans
Prepaid tuition plans: owner has direct financial inters in plan but only an indirect interest in its
underlying investments
Savings plan: direct in plan and underlying investments because you choose
Trusts and Estates
Cant do it if:
Member has authority to make investment decisions for trust or estate
If co-trustee is making decisions, if committed to acquiring more than 10% of client's equity
ownership
If co-trustee is making decisions, if value of holdings more than 10% of total assets
Grantor: set up trust. direct interest if:
ability to amend or revoke trust
authority to control the trust
ability to supervise or participate in the trusts investment decisions
underlying trust investments ultimately revert to covered member as the grantor of trust
if none are present indirect and immaterial are good
Beneficiary: of trust. Direct interest and interest in underlying investments is indirect (except if supervise
or participate in decisions)
Blind Trust: ultimately come back to grantor, then blind trust and underlying investments are direct
Employee Benefit Plans: if participates in plan that is an audit client or sponsored by one
Exceptions:
1. government organization and required by law to audit plan, ok if all met
118
member is required to participate
offered to all comparable employees
not associated with the plan (just auditing)
no influence or control
2. Formally associated with audit client and is no longer and met requirements for preserving
independence
DEPOSITORY ACCOUNTS, BROKERAGE ACCOUNTS, INSURANCE POLICIES
Depository accounts:
Firms can audit bank that holds its deposits if they conclude remote likelihood of the bank having
financial difficulties
Individual can maintain accounts if:
accounts insured
any uninsured amounts are not material
uninsured accounts are material are reduced to immaterial within 30 days
Brokerage accounts: impaired unless
client's services are normal terms, procedures and requirements
assets subject to risk of loss are immaterial to net worth
Insurance policy: not an interest unless offers investment option. no problem if normal circumstances
Exception if you selected or supervise or participate in decisions
LOANS, LEASES, AND BUSINESS RELATIONSHIPS
Loans: Can be a problem if member loans or borrow from
Attest client
officers or directors
119
10% holder
especially if client isn't a lender
Immaterial unsecured loan, home mortgage, or secured loan ok if:
normal circumstances
obtained before became a client, or you loan was sold to an attest client
loans kept current and not changed
estimated FV of collateral equal or exceeds outstanding balance
if a deficit, cant be material to net worth
Leases: Capital leases impair independence
Operating lease is ok if all three
Meet GAAP criteria
ordinary circumstances
all amounts paid to terms
Business relationships:
Cooperative ventures: ok if: Participation of firms from separate contracts, don't assume
responsibilities neither has agent authority
Joint investment:
OK if both own stock of widely held company, not ok if small company
Not Ok: jointly purchase vacation home
Other permitted loans from a financial institution attest client

1] Automobile loans and leases collateralized by automobile
2] Loans of surrender value under an insurance policy
3] Borrowings fully collateralized by cash deposits at same financial institution (e.g., "passbook
loans")
4] Aggregate outstanding balances from credit card and overdraft accounts that are reduced to
$10,000 on a current basis
FAMILY RELATIONSHIPS
120
Immediate family members: spouses, spousal equivalents and dependents
Close Relatives: parents, siblings, non dependent children
IFM's:
Follow same rules of covered members
Cant cumulative own more than 5% of attest client
Can work for attest client (just not in key position)
IMF benefit participation: ok if
offered to all employees in similar position
doesn't serve in position of governance
doesn't have ability to supervise pr participate in investment decisions or selection of options
covered member is not on attest team or PTI
investment is unavoidable consequence of participation
plan creates option to invest in non attest client, should do so within 30 days
CRL: impaired if either
key position with attest client
financial interest in attest client that: member knows or has reason to know is material or
enabled relative to exercise influence over client
or is changed to and for non engagement members
CURRENT EMPLOYMENT
Partner of professional employees (POPEs)
Can serve as adjunct faculty that is an attest client if all apply:
Doesnt hold a key position
Is not on the attest team
Is not a PTI
Is on a part time and non tenure basis
121
Doesn't participate in any employee benefit plan sponsored by school unless required
Doesn't assume management or set policies
Can work for not for profit that is also attest client if:
position is clearly honorary
cannot vote and takes no management role
externally circulated materials identify as honorary
Campaign Treasurer: ok if
Firm cant audit campaign
Can audit political party or governmental unit which the candidate will head if wins
Former employment or association with attest client (left company for firm)
If in key position and comes to firm, independence impaired if participated on team or PTI when
covering any period of time employed or associated. Must dissociate. Can be OPIOs or 10 hr
people.
Dissociation: requires all
Ceasing health and benefit plans
Ceasing other plans by liquidating and transferring funds
Disposition of stock
Collect or repay loans to or from client
Assess other relationships
The role of advisor to a client's board is not forbidden
SUBSEQUENT EMPLOYMENT
When attest team member or PTI is considering employment, impaired unless
promptly report consideration or offer to appropriate person
remove from engagement until offer is rejected
IF learn that colleague has offer: your responsibility to alert firm
122
Firms independence will be impaired when partner or professional employee goes to work for client in
key position unless all are met:
amounts due to former employee for previous interest in the firm are not material to firm and
calculation of payments is fixed. may adjust retirement benefits for inflation and pay interest on
amounts du e
former employee isn't in position to influence accounting firms operations
former employee doesn't participate or appear to participate, whether or not compensated
Appearance of participation:
continue to provide consultation
firm gives office or related amenities
take name off materials
team considers modifying audit plan due to knowledge of procedures
within one year of dissociating, has significant interaction with attest team, team member
should review whether team has maintained skepticism (position assumed, position held at
firm, nature of services former employee provided)
SOX: stricter rules
Applies to: lead partner, concurring partner, or member who provides 10+ hours
Avoid: key positions
How long: one year cooling off period preceding the beginning of audit (entire audit cycle
passes)
OTHER ASSOCIATIONS AND RELATIONSHIPS
Member of Social Club: ok if primary reason is social
Trade Association: impaired if
Belongs to trade association that is an attest client
POPE of firm is employed by or associated with trade association in important role
Common Interest Reality Association: ok if all met
123
CIRA performs functions similar to local governments (road maintenance, utilities, etc)
Annual assessment isn't material to either
Liquidation wouldn't result in distribution to member
Creditors wouldn't have legal recourse to member assts
Credit Union:
IF only reason let in b/c you are auditor = not good
Eligible if individually qualified
Gifts: impaired if firm, team member, or PTI accepts gifs unless clearly insignificant to recipient
Entertainment: can be accepted if reasonable in circumstances
Nature of gift
Occasion
Cost/Value
Nature/Frequency and value
Actual or threatened litigation: material adverse interests would impair, minor or not related wouldn't
impair
Would impair if: attest client sues alleging deficiencies, member sues client alleging fraud or deceit
Actual or Threatened litigation: filed by shareholders presumptively don't impair independence unless
cross claims with significant risk or material settlements or judgments
Final resolution eliminates independence issues
The code applies the "clearly insignificant" standard to gifts and the "reasonable in the circumstances"
standard to entertainment.
Regarding independence, the firm, team members, and those in a position to influence may not accept
gifts from attest clients unless the value of those gifts is clearly insignificant to the recipient. Other
partners in the office and 10-hour people, are not covered by the rule
CODE PROVISIONS
124
Non-audit services (NAS)
Applies to non-public attest clients and public non-attest clients
Communication of topics relate to audit and are not NAS
Selection and application of accounting standards/policies/disclosures
Appropriateness of client's methods used
Adjusting journal entries a member has prepared or proposed for consideration
Form or content
Firms should monitor total amount of NAS provided
Firms shouldn't assume management responsibilities (no custody, which recommendations, etc)
General Requirements: ok to give NAS if all are met
Client agrees to: assume management responsibilities,
oversee the service and firm assess that person,
evaluate adequacy of results and services
accept responsibility for results of services
MIPPS do not assume management responsibilities and satisfy that management:
meet criteria above
make informed judgment on results of NAS
accept responsibility for making significant judgments
Before performing NAS establish in writing:
Objectives
Services
Clients acceptance of responsibilities
members responsibilities
any limitations
125
SOX limits NAS by saying MIPPS may not provide advisory services to clients that are public companies
Should not: audit own work, advocate for attest clients, serve as client's managers
SOX: MIPPs can't provide
bookkeeping, financial info system design, appraisal or valuation services, actuarial services,
internal audit outsourcing services, management function, broker or dealer, legal services
unrelated to audit
SOX: tax services impaired if
firm enters into contingent fee
provides services in favor of aggressive interpretation of tax law
provide tax services to member of management (or immediate family) who serve in reporting
oversight role
SOX process:
Independent audit committee select, evaluate and compensate auditor
audit committee must pre-approve any permitted NAS purchased from its auditor
SPECIFIC SERVICES
Multiple areas in study text.
Remember: general requirements must always be me and SOX always respected in public company
126
127
128
129
MEMBERS IN BUSINESS
MIBs: generally don't need to worry about independence
Threats
Adverse interest
Advocacy threat
familiarity threat
self-interest threat
self-review threat
undue influence threat
Safeguards:
profession, legislation or regulation
the employer
Integrity and Objectivity:
Gifts and Entertainment: MIBs do not accept if violate law or policies, should be reasonable
Preparing and Reporting: MIB don't make or direct errors
Subordination of Judgment: same rules, supervisory, above supervisor
Obligation of member to external accountant: be truthful, crime to lie
Educational Services: teaching etc: work with professional standards
General Standards
Act with professional competence
Exercise Due professional care
adequately plan and supervise
sufficient relevant data for conclusions
Discreditable Acts
Discrimination/harassment
130
Disclosure CPA exam questions/answers
failure to file taxes
negligence in preparing F/S
Failure to follow standards
entering prohibited agreements
improperly disclosing information
false advertising
misleading use of CPA credential
OTHER MEMBERS
CPA who are: unemployed, retired, otherwise not working in profession
Should not act discreditably:
Discrimination/harassment
Disclosure CPA exam questions/answers
failure to file taxes
improperly disclosing information
false advertising
misleading use of CPA credential
OTHER ETHICS
SECURITIES AND EXCHANGE COMMISSION
Basic Independence Rules: Essentially same as Rule 101
SOX rules on non-audit services:
Can provide NAS to : non-audit clients and audit clients that are private companies, tax work to
public clients if pre approved by audit committee and disclosed
Cant provide tax advise if: aggressive or to person in key role
131
Auditor Rotation:
No requirement to rotate audit firm
Must rotate both lead audit partner and reviewing audit partner at least every 5 yrs
Other partners with significant role 7 yrs on 2 yrs off
Auditor Compensation: not independent if based on selling NAS to audit client
Audit report to audit committee: firms selected, compensated and discharge by audit committee
Timely Reporting: to audit committee
critical accounting policies and practices used
alternative treatments discussed with management, ramifications, treatment preferred
other material written communication to management
Cooling off period:
entire audit cycle to pass if participated with audit
if didn't participate with audit then ok
SARBANES OXLEY AND THE PCAOB
PCAOB: SEC selects 5 members no more than 2 are accountants
SEC must approve all PCAOB rules
A violation of any PCAOB rule constitutes a violation of the 1934 Securities Exchange Act.
PCAOB Registers public accounting firms
Establish auditing, quality, ethics, independence, and other standards
conduct inspections of public firms
conduct investigations and disciplinary proceedings
enforce compliance with SOX, PCAOB rules and professional standards
132
To Register: information disclosed
names of clients in past yr
annual fees for audit and non audit services from each client
statement of quality control policies
list of accountants associated with firm who participated in audits
information relating to criminal, civil or admin proceeding pending against firm or associated
person in connection with audit report
copies of disclosures filed by client with SEC in last yr relating to disagreement with auditor
Auditing Standards must at least include:
retain working papers for 7 yrs
must provide concurring or 2nd partner to review and approve each audit report
describe testing of internal control and results
PCAOB Must do annual inspections for firms doing 100 audits per yr, if less once every 3 yrs
If not happy with results: go to SEC for review
PCAOB must notify SEC and may refer any investigation to SEC or legal
If disciplinary proceeding: PCAOB must provide
specific charges, notification, allow to defend, and keep record of proceedings
PCAOB can sanction ranging from 750K for individual or 15 mil for entity
SOX provides both fines and imprisonment for CEOs and CFOs who misrepresent company finances
GOVERNMENT ACCOUNTABILITY OFFICE
Key Independence and ethical principles
independently
In accordance with : public interest, integrity, objectivity
proper use of government info, resources, and position
professional behavior
133
Independence Standards
Audit Organizations and individuals must be free from
Person impairments: family relationships, financial interests, employment relations, self review,
bias
External impairments: client pressures, client interference, unreasonable restrictions, threat to

replace
Organizational impairments: audit function in reporting line with area under audit, audit area
that already is a part of
Establish policies and procedures, communicate to all auditors, establish internal policies to monitor
compliance , disciplinary mechanism, stress importance of independence, maintain documentation
Presumed free of organizational impairment if: at level of government other than one assigned or
different branch of government or headed by elected auditor
Auditors performing under GAGAS should complete, every 2 years, at least 24 hours of CPE that directly
relates to government auditing and an additional 56 hours (for a total of 80 hours) of CPE that enhances
the auditor's professional proficiency
Internal audit function is presumed free from organizational impairments to independence for reporting
internally if the AO's head:
is accountable to the head or deputy head of the government entity or to those charged with
governance;
reports the audit results both to the head or deputy head of the government entity and to those
charged with governance;
is located organizationally outside the staff or line-management function of the unit under audit
has access to those charged with governance; and
is sufficiently removed from political pressures to conduct audits and report findings, opinions,
and conclusions objectively without fear of political reprisal
DEPARTMENT OF LABOR
Employee benefit security administration (EBSA)
Employee Income Retirement Security Act (ERISA) passed 1970
Financial Ties: impaired if accountant or firm or member had or acquired any direct interest and indirect
material
134
Employment Ties: impaired if connected as
promoter, underwriter, investment advisor, voting trustee, director, officer, employee of plan or
plan sponsor
NAS: don't audit what you prepared and not maintain financial records
Prohibited Transactions: no conflict of interest with plan
Many consulting services are permitted, but one cannot maintain independence while auditing records
that one maintained in the first place.
TFhe DOL conducts financial and performance audits following Government Auditing
Standards relating to its mission, including audits of

(1) Compliance with applicable laws and regulations
(2) Evaluation of economy and efficiency of operations
(3) Evaluation of effectiveness in achieving program results
INTERNATIONAL FEDERATION OF ACCOUNTANTS (IFAC)
IESBA: International ethic standard board accountants
Adopted in more than 100 countries . AICPA will not be lower than IFAC codes, with merging efforts
Major differences
IFAC is principle based, AICPA is rules based
AICPA: look at their code first and if they dont answer ID threats, evaluate threats, apply
safeguards. IFAC is the opposite
IFAC covers public and private in part A
part b applies them to Public accountants in public practice (similar to AICPA),
part c applies them to Professional accountants in business
Fundamental Principles:
Integrity, objectivity, professional competence and due care, confidentiality, professional

behavior
Threats:
Self interest, self review, advocacy threats, familiarity threats, intimidation threats
135
ID threats to principles, if not trivial and inconsequential, then consider safeguards
Safeguards: can be reduced to acceptable level by
profession, legislation or regulation (includes education)
safeguards in work environment (firm wide and engagement specific)
ACCESS to Standards
http://www.aicpa.org/becomeacpa/cpaexam/forcandidates/howtoprepare/pages/literature.aspx
136

CPA Audit Notes

Uploaded by

Document Information

Original Description:

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

CPA Audit Notes

Uploaded by

Copyright:

Available Formats

Auditing

PCAOB - auditing standards for issuers

ASB- auditing standards for non-issuers (GAAS)

GAO (Gov Acctblty Office)- auditing standards for government entities

Auditor's standard report refers to both GAAS and GAAP explicitly

General Standards (TID)

T-echnical: training to perform audit

I-ndependence: maintain independence in state of mind

D-ue professional care: in performance and prep of report

Standards of Field Work (PIE)

P-Lanning: plan and supervise assistance

E-vidence : sufficient appropriate audit evidence to afford reasonable opinion

Standards of Reports (GCDO)

D-isclosure: implicit. only identified if not reasonably adequate

AICPA replaced GAAS with 7 Principles ("PR-PR")

premise that management have 1) responsibility for fair presentation and

2) provide auditor with all relevant info

R-esponsibilities: 1. Appropriate competence 2. comply with ethical requirements

3. maintaining professional skepticism and exercising professional judgment

plans and supervises assistance

determines and applies materiality level

identifies and assesses risk of material misstatement (includes internal control)

obtains sufficient appropriate evidence about whether material misstatements exist

auditor is unable to have absolute assurance due to inherent limitation

AICPA professional standards or professional requirements

Unconditional Requirements - "must" or "is required"

Presumptively mandatory- expected but rare occasions is not "should"

Explanatory material- further guidance "may: might: could"

Interpretative publications: guidance outside standards, appendices etc

Leadership responsibilities for quality

Relevant ethical requirements

Acceptance and continuance of clients and specific engagements

Auditor should document

conclusions about acceptance/continuance of client relationships

issues and conclusions related to consultations

Quality control reviewer should document

required procedures have been performed

date that the engagement quality control review was completed

Quality Control Standards apply to Auditing/Accounting/Review services only

Intro- lays out responsiblities

Opinion paragraph - one sentence; in our opinion.....

Signed CPA Firm

Unmodified Opinion (clarity project's version of unqualified)

Intro:1 sentence- We have audited....

Management's responsibility for F/S: internal control listed

` Auditors responsiblity- 3 paragraphs

Opinion: in our opinion...

AICPA requires city and state of auditor performing audit

for compilation or review services related to F/S of non issuers

Level of assurance- positive or negative or procedures/finding or no assurance

Emphasis on AU, AR, and AT

Premise: Audit in accordance that management have responsibility for

1. Preparation and fair presentation of F/S

2. Provide auditor with all information relevant

Auditor must obtain management agreement

- objective and scope

-statement about inherent limitations of audit

-statement identifying applicable financial reporting framework

-reference to expected content of any reports issued

-other matters (fees, deadlines, specialist, etc)

Matters to be addressed w predecessor

1. info on integrity of management

2. disagreements w management about accounting or audit issues