Professional Documents
Culture Documents
CPA Audit Notes
CPA Audit Notes
Due care: encompasses the employment of reasonable care and diligence as well as critical review at
every level of supervision of the work done and the judgment exercised by those assisting in the audit.
Standard auditor's report on comparative financial statements states explicitly that evidence is
obtained (and therefore examined) and implies that accounting principles have been consistently
applied.
Quality control policies and procedures governing new client acceptance are established to minimize the
likelihood of association with a client whose management lacks integrity.
GAAS
I-nternal control: understanding of entity and internal control to assess risk of fraud and error and
design of audit and procedures
G-AAP: state in report whether financial statements are in accordance with GAAP
1
C-onsistency: identify in report when GAAP principles not consistent in current period in relation to prior
period (only mentioned when inconsistent aka implicit)
O-pinion: either express opinion of statements as a whole or state opinion cannot be expressed (states
reasons if no opinion)
P-urpose/Premise - provide opinion if F/S are presented fairly in all material repects on
P-erformance: to express opinion, obtains reasonable assurance (high but not absolute)
1. nature of financial reporting, 2. audit procedures, 3. achieve time/ cost v benefit goal
R-eporting: express opinion in accordance with findings or that an opinion cannot be expressed
_______________________________
2
6 Elements of a quality control system
Human Resources
Engagement Performance
Monitoring
Documentation Requirements
issues (and resolution) of issues related to ethical requirements including conclusions about
independence matters
that the review is not aware of any unresolved matters about engagement ream's significant judgments
and conclusions
Statements on Quality Control Standards are issued by the AICPA's Auditing Standards Board
3
Unqualified Audit Report
3 paragraphs
Scope paragraph- what audit consists of. belief audit provides basis of opinion
Date (when 'sufficient appropriate" evidence has been obtained; end of fieldwork at
earliest)
GAAS require an auditor to express an opinion on the financial statements. That responsibility is
EXPLICITLY represented in the Auditor's Responsibility paragraphs of the auditor's standard report which
states that the auditor's responsibility is to express an opinion.
4
Statements on Standards for Accounting and Review Services (SSARS)
5
6
Planning Activities
Terms of engagement- accept on when preconditions established and common understandings
Engagement Letter
-respective responsibilities
7
if management limits predecessor to respond? evaluate to take on engagement
The auditor's communication with the predecessor auditor may be written or verbal
General Details
1. Objectives of the Expression of an opinion on the financial statements
engagement
2. Management’s • Establishing and maintaining effective internal control over financial
responsibilities reporting
• Identifying and ensuring that the entity complies with laws and
regulations
• Making financial records and related information available to the
auditor
• Providing a representation letter (see Evidence Module)
• Adjusting financial statements to correct material misstatements
• Affirming in representation letter that effect of uncorrected
misstatements aggregated by auditor is immaterial
3. Auditor’s • Conducting audit in accordance with US GAAS
responsibilities • Ensuring that audit committee is aware of any significant
deficiencies which come to auditor’s attention
4. Limitations of the • Obtains reasonable, rather than absolute, assurance
audit • Material misstatement may remain undetected
• If auditor is unable to form or has not formed an opinion, auditor
may decline to express an opinion or decline to issue a report
Other (not required) • Arrangements regarding:
8
– Involvement of specialists or internal auditors
– Predecessor auditor
– Fees and billing
– Additional services to be provided relating to regulatory
requirements
– Other additional services
• Any limitation or other arrangement regarding the liability of the
auditor or the client
• Conditions under which access to the auditor’s working papers may
be granted to others
P-lanning & Supervision - auditor must adequately plan work and properly supervise assistants
(New PR-PR) Performance : to obtain reasonable assurance auditor Plans the work and properly
Supervises any assistants
Audit Plan- nature (what procedures), timing (when to perform procedures) and extent (sample size) of
audit. Required. Written
9
Determine specialized skill to assist with audit (Audit specialist)
Discuss audit strategy with client management (timing and parties needed)
Documentation
1. Audit Strategy
During planning of the audit, the auditor should also consider establishing an understanding
about other matters such as
Materiality
Planning Stage - delt with size of missstaements audit plan was designed to detect
Focuses on "performance materiality" the one amount that is planned throughout evidence
gathering phase. less than F/S materiality to build in cushion for undetected errors
Documentation requirements
10
- Materiality for F/S as a whole
- performance materiality
The auditor should establish performance materiality at less than materiality for the financial
statements as a whole to allow for the possibility of uncorrected and undetected misstatements.
The determination of materiality is a matter of professional judgment, and involves both quantitative
(the relative magnitude of the items in question) and qualitative (the surrounding circumstances)
considerations.
Audit Risk
Audit Risk is applicable at the level of an individual audit area (lower level)
AR = IR * CR * DR
11
Each component is considered from left to right in order:
Inherent risk (IR) : The probability that a material misstatement would occur in the particular audit area
in the absence of any internal control policies and procedures.
Control risk (CR) : The probability that a material misstatement that occurred in the first place would not
be detected and corrected by internal controls that are applicable.
Detection risk (DR) : The probability that a material misstatement that was not prevented or detected
and corrected by internal control was not detected by the auditor's substantive audit procedures (that
is, an undetected material misstatement exists in a relevant assertion). Auditors Responsibility
AR = RMM * DR
Audit risk is the risk that auditor expresses an inappropriate audit opinion when the financial statements
are misstated, and it is a function of the risks of material misstatement and detection risk.
Detection risk is the risk that the auditor will not detect a material misstatement that exists in an
assertion. Detection risk may be viewed in terms of two components (1) the risk that analytical
procedures and other relevant substantive tests would fail to detect misstatements equal to tolerable
misstatement, and (2) the allowable risk of incorrect acceptance for the substantive tests of details.
f DR increases, the auditor is MORE willing to risk missing a MM and can do less work or use weaker
evidence.
Analytical Procedures
3 broad Purposes:
1. Planning - is required
As indicated in AU-C 520, a basic premise underlying the application of analytical procedures is that
plausible relationships among data may reasonably be expected to exist and continue in the absence of
known conditions to the contrary
12
AU-C 520 indicates that relationships involving income statement accounts tend to be more predictable
than relationships involving only balance sheet accounts.
U-C 315 and AU-C 520 require the use of analytical procedures at both the risk assessment and near
completion of the audit, but not as a substantive procedure.
Analytical procedures used in the overall review stage of an audit are intended to assist the auditor in
assessing the conclusions reached and in evaluating the overall financial statement presentation.
Analytical procedures used in planning often use data aggregated at a high level.
Detecting Fraud
2 types of fraud:
Required Documentation:
13
Discussion among engagement personnel
Basis for auditors conclusion of improper revenue recognition is not identified as a fraud risk
Required Communications
Must inform those charged with governance when senior management is involved.
Can divulge if: Subpoena, SEC requirements (changed auditors and must talk to SEC), authorized to
communicate to successor, Government
When the auditor communicates fraud-related issues to management, the communication may be
written or verbal
AU-C 240 requires that all management fraud, regardless of materiality, be reported to the audit
committee
Reasonable assurance of detecting illegal acts that have direct and material effect
AU-C 250 requires the auditor to apply audit procedures specifically designed to determine whether an
illegal act has occurred when such information comes to his/her attention
14
AU-C 240 states that a material misstatement may occur due to errors, fraud, and illegal acts with a
direct effect on financial statement amounts
Modified report - may refer to specialist in modified audit report if it will help readers
Required Communications
3. Significant findings from the audit -- The auditor should communicate
1.The auditor's views about the qualitative aspects of the entity's significant accounting policies
including the quality (not just the acceptability) of significant accounting practices, estimates,
and disclosures;
2.Significant difficulties encountered during the audit including significant delays caused by
management, unreasonable time pressure, unavailability of expected information, etc;
3.Disagreements with management over accounting and auditing matters whether or not those
disagreements were satisfactorily resolved;
4.Any other matters that the auditor believes would be important to those charged with
governance in their oversight of financial reporting;
5.Uncorrected misstatements -- The auditor should request that uncorrected misstatements be
corrected and communicate any uncorrected misstatements accumulated by the auditor,
including the financial statement effect.
6.Other matters -- The auditor should communicate the following matters:
c.Any known instances where management consulted with other accountants about
accounting or auditing matters; and
15
d.The written representations that the auditor requested from management.
AU-C 260 discusses communications
Clarified Standards - Obtain reasonable assurance, which is a high, but not absolute level of assurance,
the auditor
identifies and assesses risk of material misstatement due to fraud or error based on
understanding the entity and its environment including INTERNAL CONTROL
inquiry
observation
Within given categories (cash, sales, etc) - control risks are generally constant
16
Internal control questionnaires (ICQs) - yes = good no = bad
"Walk through" = small sample to walk through the entire process to verify documented understanding
of I/C
AU-C 315 states that the auditor should obtain sufficient knowledge of the information (including
accounting) system to understand the financial reporting process used to prepare the entity's financial
statements, including significant accounting estimates and disclosures
"ineffective" is maximum control risk with no reliance, and will perform a wholly substantive audit
approach
If less than maximum, auditor will perform "tests of control" to evaluate operating effectiveness of
controls - then reevaluate operating effectiveness of controls
Perform "tests of controls" -- but only for those specific control policies and procedures (strengths that
justify accepting a somewhat higher level of detection risk) on which reliance is planned.
Tests of controls directed toward effectiveness or operation of a control would ordinarily include
inquiries, inspections of documents, observation, and re-performance of the application of a control
17
Understanding internal control and assessing control risk are steps which may be performed
concurrently
The auditor is NOT required to obtain knowledge about the operating effectiveness of internal control
When assessing control risk at below the maximum level, an auditor is required to document the
auditor's understanding of the
I. Entity's control activities that help ensure management directives are carried out.
II. Entity's control environment factors that help the auditor plan the engagement.
AU-C 315 requires that control risk be assessed in terms of financial statement assertions
The auditor should document the basis for conclusions about internal control -- either way, whether
internal control is perceived to be effective or ineffective.
18
Internal Control Standards 1
Understanding the Entity and its environment and assessing the risk of material misstatement
Performing audir procedures in response to assessed risks and evaluating audit evidence
I/C = a process designed to provide reasonable assurance with regard to 1. reliability of financial
reporting, 2. effectiveness and efficiency of operations and 3.compliance with applicable laws and
regulations
2. Risk assessment - policy and procedures to id and analyze risk for management
3. Info and Commun Systems - to id, capture and exchange relevant info
4. Control Activities - policy and procedures to provide objective are achieved (SCARE)
Authorization
5. Monitoring
19
Sufficient understanding of internal control
Risk Assessment Procedures- an understanding of entity and its environment to assess RMM
Inquiries of management
"significant risks" - need special audit consideration (complex, related parties, subjective, "unusual")
Documentation Requirements
Discussion with team about RMM and applicable financial reporting framework
Ongoing monitoring : involves assessing the design and operation of controls on a timely basis and
taking necessary corrective actions
Authorization- executing
20
Concept of reasonable assurance recognizes that cost of an entity's internal control structure should not
exceed the benefits expected to be derived
Performing audit procedures in response to assessed risks and evaluating audit evidence
"Overall responses" - assign more experienced staff, more supervision, specialists, change audit plan
Required Documentation
The professional standards require auditors to test controls at least every third year.
Must Communicate IN WRITING any identified "material weaknesses" and "significant deficiencies"
wither in design or operation of internal control
Communication no later than 60 days following the "report release date". The "report release date" is
the date that the auditor grants the entity permission to use the auditor's report in connection with the
audited financial statements
21
Significant deficiency: A deficiency (or combination of deficiencies) in internal control that is less severe
than a material weakness, yet important enough to merit attention by those charged with governance.
Material weakness: A deficiency (or combination of deficiencies) in internal control such that there is a
reasonable possibility that a material misstatement of the entity's financial statements will not be
prevented or detected and corrected on a timely basis.
Can say "no material weakness" in letter but can't say "no significant weakness"
The written communication about significant deficiencies and material weaknesses should:
1.State that the purpose of the audit was to express an opinion on the financial statements, not to
express an opinion on the effectiveness of internal control;
2.State that the auditor is not expressing an opinion on the effectiveness of internal control;
3.State that the auditor's consideration of internal control was not designed to identify all
significant deficiencies or material weaknesses;
4.Include the definition of the terms material weakness and significant deficiency, as applicable.
5.Identify the matters that are considered to be material weaknesses and significant deficiencies,
as applicable.
6.State that the communication is intended solely for the use of management, those charged with
governance, and others within the organization (it should not be used by anyone other than
those specified parties) - if such a communication is required to be given to a governmental
authority, that specific reference may be added.
The auditor should not issue a written communication stating that no significant deficiencies were
identified during the audit.
2. To provide direct assistance- use I/A to perform procedures subject to external auditors
direction/supervision/review
22
1. Objectivity: consider (1) the organizational status of the internal audit function; and (2) the policies
affecting the internal auditor's objectivity about areas audited
2. Competence
3. Systematic and disciplined approach - formal structured approach, including quality control
External Auditor should also: 1. Read I/A function's reports related to planned use 2. Perform
procedures to evaluate I/A's work and if conclusions are appropriate 3. Reperform some of I/A work that
is to be used
1. Objectivity: consider (1) the organizational status of the internal audit function; and (2) the policies
affecting the internal auditor's objectivity about areas audited
2. Competence
External auditor should: Obtain written acknowledgement from management to use I/A without
interference, Direct/supervise/review, test some of the work performed by I/A
AU-C 610 requires that judgments about inherent and control risk always be those of the independent
auditor
23
Internal Control - Transaction Cycles
Specific Transaction Cycles
Control Risk may be viewed as a constant in each category. A transaction cycle is, therefore, the highest
level of aggregation for which control risk may be viewed as a constant.
-Revenue/receipts
-Expenditures/disbursements
-Payroll
1. Sales order info 2. Shipping Docs (outbound or inbound, bills of lading-common carriers) 3.
Sales invoice 4. Customer Remittance advice (to match payment w account)
Control: access
Review: monthly statements sent to customers, benchmark for authority levels, compare documents,
verify proper "cutoff" for transactions,
EDP/IT : all of key documents should be pre-numbered, aged trial balance reconciled to GL periodically
Completeness: assertion deals with whether all transactions have been included in the proper period.
24
Presentation or disclosure: assertion deals with whether particular components of the financial
statements are properly classified, described, and disclosed
Rights and obligations: assertion deals with whether assets are the rights of the entity and liabilities are
the obligations of the entity at a given date
Existence or occurrence: assertion deals with whether assets or liabilities of the entity exist at a given
date and whether recorded transactions have occurred during a given period
Revenue/Receipts - Cash
"SCARE"
Segregation: Cash receipt listed immediately when opened (and restrictively endorsed)
Different person should open mail, handle accounting, prepare deposit, reconcile
Controls: limit direct and indirect access, personnel should be "bonded", lockbox and passwords,
Review: compare to total per the cash receipts journal and traced to bank deposit, deposit daily
25
EDP/IT: key documents are pre-numbered, use pre-numbered receipts for "on site"
Expenditures/Disbursements
"SCARE"
26
Authorization: designated purchasing depart. has authority, dual signatures required, requester
indicates acceptance prior to payment, any adjusting JE
Review: Monthly statements from suppliers v. AP, purchase order-what they order, what they received
(eliminate quantity order when sending copy to receiving), what they paid for (AP), receipts and
disbursement bank recons
EDP/IT: key documents should be prenumbered, detailed records to support GL's AP, supporting docs
should be marked as paid when issued
Auditor's usually examines receiving reports to support entries in the Voucher register and sales returns
journal
Stamping a voucher as "paid" is a control designed to prevent vouchers from being paid twice
When the shipping department returns nonconforming goods to a vendor, the purchasing department
should send to the accounting department the Debit memo
Mailing disbursement checks and remittance advices should be controlled by the employee who Signs
the checks last.
Payroll Cycle
27
"SCARE"
Segregation: personnel department- oversees pay rates and file, treasurer dept- issue/sign checks and
distribute, payroll depart- prepares payroll each period (calculations and record keeping)
Review: underlying payroll info and compare to personnel file, reconcile to payroll register, reconcile
time sheets, bank recon to payroll account
EDP/IT: key documents should be prenumbered and account for numerical sequence
An appropriate departmental supervisor should distribute the payroll checks to employees in that
department
Unclaimed checks should be returned to treasury, secured, and eventually destroyed, if not claimed
within an appropriate time.
Payroll department, which is essentially a recordkeeping function, should not also authorize payroll rate
changes
Misc Cycles
The use of periodic inventory counts to adjust the perpetual inventory records ensures that the
inventory records are accurate
Management's objectives in establishing and maintaining an internal control structure are to ensure
that:
1) transactions are executed in accordance with management's general or specific authorization;
2) transactions are recorded as necessary to permit preparation of the financial statements in
accordance with GAAP and to maintain accountability for assets;
3) access to assets is permitted only in accordance with management's authorization; and
4) the recorded accountability for assets is compared with the existing assets at reasonable intervals and
differences are investigated and resolved. Ensuring that custody of work in process and of finished
goods is properly maintained is an example of the third objective.
28
AICPA Performance Principle:5. obtain reasonable assurance, the auditor
1. Test of details
1. Required in planning
29
Nature of assertion (completeness, may have competitive advantage over other tests, forest
thru trees)
Reliability of data
Independent sources
4 categories of Ratios
Liquidity Ratios
Current liabilities
30
Coverage Ratios
Activity Ratios
Profitability Ratios
31
If no info on Pref. Dividends = assume 0
The Professional Standards require that the working papers show that the accounting records agree or
reconcile with the financial statements.
Nature of Evidence 1
Audit evidence includes:
Accounting records
Other information
appropriate- quality of evidence. relevance and reliability (better quality, less quantity)
32
Assertions:
Completeness: That all assets, liabilities, and equity interests that should have been recorded
have been recorded. There are no omissions.
Rights and obligations: That the entity holds or controls the rights to its assets, and the liabilities
are the obligations of the entity. Any restrictions on the rights to the assets or obligations for the
liabilities must be disclosed
Valuation and allocation: That assets, liabilities, and equity interests are included in the financial
statements at appropriate amounts (relative to the requirements of GAAP) and any resulting
valuation or allocation adjustments are appropriately recorded.
Occurrence and rights and obligations -- That the disclosed events and transactions have
occurred and pertain to the entity
Completeness -- That all disclosures that should have been included have been included. There
are no omissions of required disclosures.
Accuracy and valuation -- That financial and other information are disclosed fairly and at
appropriate amounts.
There are five assertions about "classes of transactions and events during the period"
Accuracy -- That amounts and other data have been recorded appropriately.
Occurrence -- That transactions and events that have been recorded have occurred. In other
words, they are properly recorded and valid.
Completeness -- That all transactions and events that should have been recorded have been
recorded. There are no omissions
Cutoff -- That transactions and events have been recorded in the correct accounting period.
Note that there are only two ways to record a transaction in the wrong period. One is by
recorded a transaction prematurely, which violates the "occurrence" assertion; and the other is
to record a transaction belatedly, which violates the "completeness" assertion.
Classification -- That transactions and events have been recorded in the proper accounts
33
Testing credit addresses the collectibility of accounts receivable. (valuation or allocation)
Tests from the accounting record (the voucher register) to the detail are tests of existence/occurrence.
Cutoff is often confusing as it addresses two assertions, Existence and Completeness. Determining which
of the two requires figuring out which transactions are being examined. If the auditor is looking at
transactions recorded in December which were not shipped until January, these transactions are really
January sales, NOT December sales. The assertion being addressed is Existence as the auditor is verifying
that December sales actually exist
Nature of Evidence 2 **
Traditional Assertions (PCAOB): Existence: validity Completeness: omissions Right & obligations:
rights of assets, obligations of liabilities valuation/allocation- appropriate dollar measurements to
GAAP presentation & disclosure: adequacy of disclosure
AICPA's 13
Rights & obligations: no restrictions related to assets & liabilities (restrictions disclosed)
Occurrence and rights and obligations: disclosed events occurred and pertain to entity
34
Completeness: transactions not omitted
Risk Assessment Procedures- obtain understanding of entity and environment including internal control
to assess RMM
Nature: responsive to planned level of detection risk consisting of 1. test of details 2 substantive
analytical procedures
The overall review would include considering the adequacy of the evidence gathered in response to
unusual or unexpected balances and whether such balances reflected a misstatement due to fraud
35
Auditor must document
3. Conclusion and basis for it about materiality of uncorrected misstatements individually or aggregate
Judgmental misstatements -- Differences due to the judgments of management that the auditor
considers unreasonable or to the selection of accounting policies that the auditor views as
inappropriate.
Projected misstatements -- The auditor's best estimate of misstatements in populations as suggested
by audit sampling.
Audit Documentation
Objectives:
General Requirements: sufficient so experienced auditor with no association to be able to review and
understand
Accounting Principles
36
Findings that result in modification of audit report
Report release date: auditor grants entity permission to use audit report
AICPA: complete final audit documentations within 60 days after report release date (documentation
completion date)
PCAOB (issuers): complete final audit documentations within 45 days after report release date
(documentation completion date)
Retention Requirement: minimum 5 yrs (AICPA non issuers), PCAOB (issuers) minimum 7 yrs
Lead schedules aggregate the major components to be reported in the financial statements. They
include information such as account numbers, prior year account balances, and current year unadjusted
information.
Confirmation
Management refusal to allow confirmation may be viewed as scope limitation- effect opinion
Positive Confirmation: requests a response whether or not agrees with clients balance
"blank" confirmation requests: may provide more assurance but have lower response. they
enter values instead of yes/no. more likely to be used when the auditor is concerned that
recipients will not devote proper attention to the confirmations.
37
non response is viewed as agreement
Negative Used when: 1. The population consists of a large number of small, rather
homogeneous items
AU 330, "Performing Audit Procedures in Response to Assessed Risks and Evaluating the Audit Evidence
Obtained,"
Accounting Estimates
Auditors objective: if accounting estimates are reasonable and disclosures are adequate in view of
financial reporting framework
Risk assessment of estimates: requirements of reporting framework, how they are made and based on
what data, method or model used, assumptions, used specialist?
If significant risk: obtain understanding of relevant controls and evaluate whether they mitigate
Document:
38
Fair Value Estimates
Perform Risk assessment procedures: how management developed estimate, RMM, substantive
procedures responsive to risk, evaluate reasonableness and disclosures
Evaluating Models:
Adjustments to outputs?
The relevant AICPA guidance is provided by AU 540: "Auditing Accounting Estimates, Including Fair Value
Accounting Estimates and Related Disclosures."
Lawyer's Letters
The primary source of information to be reported about litigation, claims, and assessments is
management
Send "letter of inquiry" by management to lawyers to share with auditors. Auditors write. Management
sends
39
Asserted Claims: (pending or threatened litigation)
Unasserted Claims: (potential litigation) lawyer wont inform auditor about an omission not
mentioned, but will inform management
Clarified SAS says: obtain sufficient appropriate audit evidence regarding completeness of litigation
1. Inquire management
3. Review minutes
Exception: auditor is not required to obtain lawyers letter indicate that no actual or potential litigation
that would cause RMM
Attorneys have a professional obligation to directly inform the auditors about any omissions of asserted
claims from the listing contained in the client's letter requesting information from the attorney
The refusal of a client's attorney to provide information requested in an inquiry letter is considered a
limitation on the scope of the audit. It would result in a disclaimer or a qualified opinion.
Per AU-C 501, a lawyer may be required to resign if his advice concerning reporting for litigation, claims,
and assessments is disregarded by the client
The relevant AICPA guidance is provided by AU 501: "Audit Evidence -- Specific Considerations for
Selected Items."
Obtain written representations from management to corroborate their responses to auditors inquires
Letter to Auditors, Signed by CEO and CFO, Dated same as auditor's report
40
If current management was not present for all periods covered, tailor the representations to the
circumstances. Tailor details, Not dates covered
Letter Includes:
Take responsibility for I/C related to F/S and prevention and detection of fraud
Arms length transactions: between unrealted willing seller and buyer acting independently and pursuing
own best interests
Ask management
Ask Management
41
Review minutes
Significant related party transactions outside normal business = "significant risk" . review controls
Auditors are generally not in a position to provide reliable, independent appraisals of transaction prices
between related parties. Auditors are particularly concerned with the adequacy of disclosure about
transactions between related parties
After identifying related party transactions, the auditor should examine the transactions in order to
determine the their effects on the financial statements. In that process, the auditor would look to see if
the transactions were properly authorized by the board of directors
The relevant AICPA guidance is provided by the clarified SAS, AU 550: "Related Parties.
Information that existed at the report date and may affect the report comes to the auditor's attention.
Objectives:
Subsequently discovered facts: become known after date of auditor's report, had they been known may
have caused auditor to revise report
1. Requiring adjustment: better information about conditions already existing at BS date (ex.
lawsuit, loss of AR due to deterioration into bankruptcy)
(Ex. flood/hurricane, sale of bond or stock issuance, purchase of business, litigation post BS
date)
42
Include inquiries on (1) matters including contingent liabilities existing at the date of the balance sheet,
(2) whether there was any significant change in capital stock, long-term debt, or working capital, (3)
current status of items in the financial statements, and (4) any unusual adjustments.
Read minutes
If Revises: Auditor should evaluate revision, either date audit report at later date or
"dual date" report for revision
If Revises: Auditor should evaluate revision, make sure they are timely to not mislead
Ask management about info that affects previous report, and obtain written rep letter from
management
43
When Dual dating is used, auditor responsibility for events subsequent to the completion of fieldwork is
limited to the specific event referred.
The relevant AICPA guidance is provided by AU 560: "Subsequent Events and Subsequently Discovered
Facts."
Going Concern
Substantial doubt about entity ability to continue as a going concern for reasonable period of time
"reasonable period of time" : not to exceed 1 yr beyond date of F/S being audited
If substantial doubt:
Document:
conditions/events
44
If disclosure is inadequate (GAAP departure): issue qualified or adverse opinion
If evidential matter is unavailable to ascertain compliance with GAAP: may disclaim opinion
If disclosure is adequate and consistent with GAAP: issue unqualified opinion but add "emphasis of
matter" paragraph
CASH
+ deposits in transit (deposits after statement) +interest and other direct deposits
Confirm balance via letter from management to have bank send bank statement to auditors
"Kiting" - overstatement of cash at Y/E. transfer of cash between accounts, not both recorded in same
period.
Ask about available cash, document in representation letter, disclose any restrictions
Were disbursement and receipt recorded in book in same year? If not, is check listed as outstanding?
Were deposit cleared in the same year? If not, is deposit listed as in transit?
45
Did checks and deposit clear bank in timely fashion
Cash in bank and collateral for loans are confirmed on the bank confirmation
Much of the work done to audit the statement of cash flows consists of agreeing amounts included in
the statement of cash flows to amounts reported in the other financial statements.
The bank will alert the company about NSF checks by sending debit memos
The bank will alert the company about direct deposits by sending credit memos
Accounts Receivable
Completeness: cut off test a few days before and after year end (proper period. shipping v recording)
Rights and obligations: inquiry management about A/R used as collateral or review loan documents
Valuation: review aged trial balance of A/R. large items. analytical procedures (uncollectable/returns)
Auditors may not ignore individually immaterial accounts when confirming accounts receivable
Including a list of items or invoices that constitute the account balance makes it easier for the potential
respondent to reply to confirmations
In testing the completeness assertion (regarding omissions) related to sales and receivables, the auditor
starts with a source document and agrees the item to the accounting records
46
The negative form of confirmation can only be used when four conditions are met: 1) the combined
assessed level of inherent and control risk, is low; 2) a large number of small balances is involved; 3) a
very low exception rate is expected AND 4) the auditor has no reason to believe that the recipients of
the requests are unlikely to give them consideration.
Inventory
47
Existence: focus on count tags, prenumbered tags, perform test counts for selected tag numbers
Quantities
sales: shipments for last days of period and first days of next period
purchases: shipments received for last days of period and first days of next period
Right and obligations: inquire about inventory as collateral for debt, read agreements, disclose in
management rep letter
Valuation: analytical procedures to identify excess inventory, obsolete inventory (dusty, etc)
If the auditor is appointed near the end of the fiscal year for a first year audit, the auditor will most likely
disclaim an opinion on everything but the balance sheet
Lease likely to verify all inventory owned by the client is on hand at the time of the count
Investments in Securities
48
No quoted market prices:
obtained from broker-dealers using models (future cash flows, black scholes)
Trading securities:
balance sheet: reported at fair value (current of non current assets). unrealized holding
gains/losses as separate component in stockholders equity
income statement: unrealized holding gains/losses as separate component as OCI. not in Net
income
Held to maturity:
balance sheet: reported at amortized cost basis (as current or non current assets)
Long term investments: The auditor uses analytical procedures to develop an expectation of investment
income. Analytical procedures could be used to ascertain the reasonableness of the completeness of
recorded investment income
The equity method requires that the investment be valued by reflecting changes in the investee's equity.
As a result, the auditor must examine copies of the audited financial statements of the investee
company.
49
FIXED ASSETS
AKA PPE
Test for disposals: trace proceeds to cash receipts journal and bank statement
Completeness:
repairs and maintenance for anything that should have been capitalized
Valuation:
inquire about impairments of long lived assets. document in management rep letter
A weakness in internal control over recording equipment retirements may cause retirements to fail to
be recorded. This means that the equipment records contain equipment items that should have been
removed. The auditor then must try to identify equipment that is likely to have been retired and to
attempt to locate such equipment in the plant.
Current Liabilities
Search for unrecorded liabilities: review cash disbursements subsequent to BS date. payments in excess
of threshold- review documentation
50
inquiry of management
Valuation: not usually a major audit issue. expect to pay 100%. possible cash discounts
Rights and obligations: read documents (look for unusual), ask about related party transactions
decreases: verify payment dates in loan documents, trace cash disbursements to bank statement
increases: read new loan agreements, verify minutes, trace cash receipts to bank statement
reclassify any potion scheduled for payment within next year as current liability
Valuation:
Stockholder's Equity
Existence:
Completeness:
51
Verify par/stated value: certificates or minutes will state value
Valuations
Payroll
Occurrence and accuracy: examine personnel records, trace payroll transactions to GL and bank,
Recalculate selected items
Classification- verify payroll deductions and taxes, trace cash disbursements, review outside
reports
When control risk is assessed as low, substantive procedures in this area are typically limited to
analytical procedures and recalculating year-end accruals.
52
Audit Sampling
Introduction to Sampling
Involves with sufficiency (quantity) of audit evidence and extent (how heavily) of audit testing
Statistical Sampling: beneficial to quantifying sufficiency of audit evidence. Still requires judgment
Types of Sampling
53
Type1 Errors: false rejection (related to efficiency)
Type 2 Errors: false acceptance (related to effectiveness).mistake out the door. audit not effective
The variability of the population causes the sample size to increase and is responsible for the sampling
risk
Expected amount of misstatements and the measure of tolerable misstatement are factors that would
influence sample size for a substantive test of details
When the auditor decides to increase the risk of incorrect rejection, the auditor is increasing the risk of
audit inefficiency
Attribute Sampling
54
Deviation or occurrence based on yes/no
Statistical sampling: use random selection or systematic (every n-th item, etc)
Test of controls
Factors To find sample size: Desired confidence level, expected population error rate, tolerable error
rate
Take the largest sample size required of all that you are going to test
Factors To find upper error rate: desired confidence level, sample size (rounded down to nearest 10),
number of errors found
Sample error rate + allowance for sampling risk = upper deviation rate
55
Sample error rate
Population size is not considered in determining the sample size for an attributes sampling
The allowance for sampling risk is the margin added to the actual sample error rate to obtain the
achieved upper precision limit
The auditor should consider the tolerable rate of deviation for the control being tested, the likely
deviation rate, and the allowable risk of assessing control risk too low when determining sample size for
a test of controls
Variable Sampling
Stratification: breaking population into several groups of similar items. may reduce variability and
sample size
56
3 approaches to classical sampling
1. Difference estimation: estimate population value by difference between sample audit and
book value. When know BV
2. Ratio estimation: estimate population value by ratio between sample audit and book value.
when sample audit values proportional to BVs
3. Mean per unit: estimate population audit value by calculating sample audit value and
extrapolating. requires large sample.
Discovery sampling—a procedure for determining the sample size required to have a stipulated
probability of observing at least one occurrence when the expected population deviation rate is at a
designated level. It is most appropriate when the expected deviation rate is zero or near zero. If a
deviation is detected, the auditor must either (1) use an alternate approach, or (2) if the deviation is of
sufficient importance, audit all transactions.
PPS (Monetary Unit Sampling)- must have 0 or few misstatements b/c small sample
utilizes dollar units for sampling, the inclusion of zero and negative balances
requires special design considerations especially effective for
AR/Inventory. Can't find errors
Difference Estimation:
d*N=D
57
AV= BV+ D
Ratio
AV=R*BV
MPU
AV=MPU * N
Disadvantage: doesn't work well with negative balances and 0 balances. overstatment only
BV-AV/BV = taint %
58
Taint % * interval = projected misstatement
IT (Computer) Auditing
If IT is big deal, then auditor substantive procedures alone may not be enough
Access
The following duties must be segregated: systems analysis, programming, computer operations,
transaction authorization, library functions, and data control.
Disadvantage of computer files v manual files is It is usually easier for unauthorized persons to access
and alter the file
Forms
Control Totals: Hash total (not meaningful), Record counts, batch total (meaningful)
59
Logic Tests: within predetermined range
Check Digits: capture information content of numeric field and added to end
Checkpoint/restart
Internal/External Limit
Control Totals: Hash total (not meaningful), Record counts, batch total (meaningful)
Control Totals: Hash total (not meaningful), Record counts, batch total (meaningful)
Similarities between all: Control totals, logic checks, error resolution procedures
Test Data: run data to see if system catches know errors. Processed with the client's computer and the
results are compared with the auditor's predetermined result
Integrated Test Facility: dummy division to process dummy data. Fictitious and real transactions are
processed together without the knowledge of operating personnel
Parallel simulation: running data on auditor's system to compare with actual output. Uses a generalized
audit software package prepared by the auditors.
Embedded audit modules: built in audit routines and audit hooks (points where module can be added).
Auditors are required to be involved in the system design. Continuous monitoring and analysis
60
An audit of an entity that processes most of its financial data in electronic form: perform audit test on
continuous basis
Documentation of details of transactions will be retained for only a short period of time= Perform tests
several times during the year, rather than only at year end
Auditing "around" the computer involves examining inputs into and outputs from the computer while
ignoring processing
OTHER IT CONSIDERATIONS
Compiler: converts source program into machine readable form (object program)
Distributed system: network of remote computers linked to main system, each with
input/processing/output capability
Value added network: independent network that facilitates transactions connecting buyer and seller
systems
In performing a Trust Services engagement The CPA reports on whether the system meets one or more
of the following principles over a particular reporting period:
1. Security. The system (infrastructure, software, people, procedures, and data) is protected
against unauthorized access (both physical and logical).
2. Availability. The system is available for operation and use as committed or agreed.
3. Processing Integrity. System processing is complete, accurate, timely and authorized.
4. Online Privacy. Private information obtained as a result of electronic commerce is collected,
used, disclosed, and retained as committed or agreed.
5. Confidentiality. Information designated as confidential is protected as committed or agreed.
Preventive controls are generally more important than detective controls in EDI systems
EDI transactions are formatted using standards that are uniform worldwide
In an EDI system, the emphasis would be on preventive controls rather than on detective controls
61
Database systems
(a) Definitions
1] Database—A collection of interrelated files, ordinarily most of which are stored on-line.
2] Database system—Computer hardware and software that enables the database(s) to be
implemented.
3] Database management system—Software that provides a facility for communications
between various applications programs (e.g., a payroll preparation program) and the
database (e.g., a payroll master file containing the earnings records of the employees).
4] Data independence—Basic to database systems is this concept which separates the data
from the related application programs.
5] Structured query language (SQL)—The most common language used for creating and
querying relational databases (see(b)3] below), its commands may be classified into three
types
a] Data definition language (DDL)—Used to define a database, including creating,
altering, and deleting tables and establishing various constraints.
b] Data manipulation language (DML)—Commands used to maintain and query a
database, including updating, inserting in, modifying, and querying (asking for data)
c] Data control language (DCL)—Commands used to control a database, including
controlling which users have various privileges (e.g., who is able to read from and
write to various portions of the database).
(b) Database structures
1] Hierarchical—The data elements at one level "own" the data elements at the next lower
level (think of an organization chart in which one manager supervises several assistants,
who in turn each supervise several lower level employees).
2] Networked—Each data element can have several owners and can own several other
elements (think of a matrix-type structure in which various relationships can be
supported).
3] Relational—A database with the logical structure of a group of related spreadsheets.
Each row represents a record, which is an accumulation of all the fields related to the
same identifier or key; each column represents a field common to all of the records.
Relational databases have in many situations largely replaced the earlier developed
hierarchical and networked databases.
4] Object-oriented—Information (attributes and methods) are included in structures called
object classes. This is the newest database management system technology.
5] Object-relational—Includes both relational and object-oriented features.
6] Distributed—A single database that is spread physically across computers in multiple
locations that are connected by a data communications link. (The structure of the database
is most frequently relational, object-oriented, or object-relational.)
62
Commercially produced utility software is used for sorting, merging, and other file maintenance tasks.
Generalized audit software also performs such file maintenance tasks but generally requires a more
limited understanding of the client’s hardware and software features. Periodically, an essay question
asks candidates to provide a list of functions performed by Generalized audit software. The following
list is based on the AICPA Auditing With Computers Auditing Procedure Study:
Record extraction
Sorting
Summarizing
File comparison
Gap/Duplicate detection
Sampling
Techniques for continuous (or concurrent) testing. Advanced computer systems, particularly
those utilizing EDI, sometimes do not retain permanent audit trails, thus requiring capture of
audit data as transactions are processed. Such systems may require audit procedures that are able
to identify and capture audit data as transactions occur.
(1) Embedded audit modules and audit hooks—Embedded audit modules are programmed
routines incorporated into an application program that are designed to perform an audit
function such as a calculation, or a logging activity. Because embedded audit modules require
that the auditor be involved in systems design of the application to be monitored, this
approach is often not practical. An audit hook is an exit point in an application program that
allows an auditor to subsequently add an audit module (or particular instructions) by
activating the hook to transfer control to an audit module.
(2) Systems control audit review files (SCARF)—A SCARF is a log, usually created by an
embedded audit module, used to collect information for subsequent review and analysis. The
auditor determines the appropriate criteria for review and the SCARF selects that type of
transaction, dollar limit, or other characteristic.
(3) Extended records—This technique attaches additional audit data which would not otherwise
be saved to regular historic records and thereby helps to provide a more complete audit trail.
The extended record information may subsequently be analyzed.
(4) Transaction tagging—Tagging is a technique in which an identifier providing a transaction
with a special designation is added to the transaction record. The tag is often used to allow
logging of transactions or snapshot activities.
Also, particularly in electronic systems, timing of audit procedures (tests of controls and substantive
procedures) may be affected due to data irretrievability after a certain period of time
63
AUDIT REPORTS
INTRODUCTION TO AUDIT REPORTS
OLD:
GCDO: GAAP, Consistency (when principles not consistent from one period to next), Disclosure, Opinion
Intro sentence- Nature & F/S involved (always). ex. We have audited...and related notes
64
audit evidence. Procedures depend on judgment and I/C. Risk is
considered in F/S to design audit but not assessing I/C.
Opinion
One sentence: In our opinion, F/S referred to above present fairly in all material
respects as of__ in accordance with____
IF prior was audited by different auditor, 1. Predecessor report reissued. 2. auditor state's in an
"other matter" paragraph that prior year from different auditor, state their opinion and reasons
if it was modified and date of that report
If prior was never audited, if current auditor compiled or reviewed: "other matter" paragraph
stating what, when, reason for modifications, and that service didn't provide basis for opinion
If nothing ever happened with prior: "other matter" paragraph stating that fact
When comparative financial statements are being presented, auditor's "update" their prior year audit
report to determine that it is still appropriate
Whenever an updated report has an opinion different from that previously expressed, the auditor
should disclose all substantive reasons for the different opinion in a separate emphasis-of-matter
paragraph following the opinion paragraph.
Component Auditor: could be part of group engagement firm, network affiliated firm, another unrelated
firm
Group financial statements: include more than one component, aggregated / consolidated
65
Reference should not be made unless all are met:
Making Reference to component auditor's work: clearly indicate who did what. If group engagement
partner assume responsibility for component's auditor's work= no reference in report
After deciding to make reference to a component auditor: Make inquiries about the professional
reputation and independence of the component auditor
Emphasis of matter: refers to matter appropriately disclosed in F/S but auditor believes its fundamental
to users understanding of the F/S
After opinion
66
Other Matter: refers to matter other than those disclosed in F/S but auditor believes is relevant to users
understanding of audit, auditor's responsibility, or auditor's report
opinion currently expressed on prior year's F/S is different than opinion previously expressed
(for comparative purposes, prior misstatements corrected)
when reporting on more than one set of F/S (one on GAAP, one on IFRS)
when not possible for auditor to withdraw from engagement which management imposed
pervasive scope limitation
Auditor should communicate proposed wording of any expected emphasis or other matter paragraph
Auditor concludes that the F/S as a whole are misstated based on financial framework
Qualified: for misstatements that are not pervasive to F/S, but could be material
Auditor is unable to obtain sufficient appropriate audit evidence to conclude F/S as a whole are
free from material misstatements
Qualified: possible effect on F/S if any, could be material but not pervasive
"pervasive": 1. effects are not confined, 2.effects if so confined could represent substantial proportion
of F/S 3. disclosures fundamental to users understanding
Qualified: expresses reservations but "taken as a whole", F/S still fairly stated
67
Add a "Basis for Qualified Opinion" paragraph to precede opinion paragraph
Content would include: In our opinion, except for possible effect of the matter descried in Basis
for Qualified Opinion, the F/S present fairly
When the auditor is not independent, the auditor is precluded from issuing any type of report other
than a disclaimer.
Auditor concludes that the F/S as a whole are misstated based on financial framework
Qualified: for misstatements that are not pervasive to F/S, but could be material
Qualified expresses reservations, but take as a whole, F/S still fairly stated
Content would include: In our opinion, except for the effect of the matter descried in Basis
for Qualified Opinion, the F/S present fairly
The relevant AICPA guidance is provided by AU 705: "Modifications to the Opinion in the Independent
Auditor's Report.
When an entity omits a financial statement, the auditor may accept an engagement to audit the other
financial statements, but should qualify the opinion due to GAAP departure
ADVERSE OPINION
Pervasive: effects not confined to specific items, if confined could represent substantial impact
68
Only 1 reason for adverse opinion:
"in our opinion, bc of the significance of matter discussed in basis of adverse, the F/S do not
present fairly"
Piecemeal opinions are forbidden! No different opinions for different areas. B/C it questions
what has validity. Some yes some no? Doesnt work
Special engagements: Audit of single F/S, Audit of specific elements or accounts (ex AR)
But if adverse opinion or disclaimer issued on F/S as whole, can only issue unmodified if
Separate report and Element isn't major portion of F/S or based on stockholder
equity or net income
An unjustified change in accounting principles is a GAAP departure that would result in a qualified or
adverse opinion
DISCLAIMER OF OPINION
69
Scope: auditor was unable to obtain sufficient appropriate audit evidence and possible effects
could be material and pervasive (no conclusion expressed)
Objectives to evaluate consistency and communicate in audit report when comparability has been
materially affected by
IF change in accounting principle all 4 requirements met? emphasis of matter until it covers all years
involved. otherwise evaluate if change results in material misstatement and if audit report should be
modified
IF multi-year: evaluate consistency between earliest period covered by report and prior period
IF new principle starting now, would not even be considered a change in accounting principle
If new accounting principle has immaterial effect on F/S: don't have to reference in report
Among situations that ordinarily do not result in an emphasis-of-matter paragraph on consistency are
changes in accounting estimates (e.g., changing the life of a fixed asset) and changes in principles with
70
an immaterial effect (even if expected to be material in the future); absent other circumstances, a
standard unmodified opinion may be issue***
Opening balances contain misstatements that materially affect current period's F/S
Appropriate accounting policies in opening balances have been consistently applied in current
period (or changes appropriately accounted for and presented and disclosed)
Reaudit: initial audit engagement to audit things that were audited by predecessor
Respond approriately when aware that include other info that could undermine credibility of those F/S
and the auditor's report
Doesn't include press release of cover letter accompanying document containing F/S
Other information: info other that F/S and audit report that's included in a document containing audited
F/S and audit report
Found before release: ask to revise, withhold report, add other matter paragraph, withdrawl
71
Found after release: ask to revise, inform governance and legal counsel
If management doesn't make suggested changes: modify opinion on supplementary info or withhold
report
When reporting on such supplementary information in relation to the financial statements as a whole,
the measurement of materiality is the same as that used in forming an opinion on the basic financial
statements taken as a whole
Objectives
Procedures:
That it is included
That it is omitted
72
Auditor's opinion on F/S is not affected by presentation or omission of required supplementary info
When required supplementary information is included with the financial statements, the auditor is
required to: 1) inquire management about methods of preparing the information and whether methods
have changed; 2) ask about significant assumptions; 3) compare the information for consistency with
management's responses, the audited financial statements, and other knowledge obtained during the
audit; and 4) obtain additional representations in the management representation letter
To restrict use of auditor written communication if potential exists for it to be misunderstood if take out
of context
Required when:
Matters presented are a "by product" report (ex. I/C report of significant issues, not the
purpose)
Acceptance of engagement
For use only outside US: may use report from that country or use US form of report revised to reference
framework of country
73
For use both in/out of US: use US for of report including "emphasis of matter" paragraph
Historical financial information that is derived from F/S with less detail
Engagement Acceptance:
Determine audited F/S are readily available to users (website is ok, upon request is not ok)
IF audited F/S contain an adverse opinion or disclaimer: cant express opinion on summary F/S
Objective: whether material modifications should be made to conform with reporting framework
Covers period less than 12 months or if 12 months doesn't end on Fiscal Year end
objectives of engagement
limitations of a review
74
Analytical procedures
Inquiries: written representation letter to document. same date as auditor's review report
Addressee
2. Management's Responsibility
Accountant's review report on interim F/S is not a "part" of the registration statement within the
meaning of the Securities Act of 1933
When an accountant is associated with the financial statements of a public entity and has not audited or
reviewed such statements, the accountant must either request
Hypothetical Transaction: transaction or financial reporting issue that doesn't involve facts or
circumstances of an entity
75
Acceptance Issues:
And
reporting accountant is engaged to provide recurring accounting advice and doesn't believe 2nd
opinion isn't being requested
Reporting:
Special purpose framework: other than GAAP that is one of the following bases of accounting
Cash Basis
Tax Basis
76
IF using contractual or regulatory basis, also add:
IF F/S are prepared on regulatory basis and intended for "general use" neither "emphasis of matter" or
"other matter" added
A description of how the basis differs from GAAP should be included in the Notes to the financial
statements
The separate explanatory paragraph should refer to the note that describes the basis of accounting.
The relevant AICPA guidance is provided by AU 800: "Special Considerations — Audits of Financial
Statements Prepared in Accordance With Special Purpose Frameworks."
If specific element is based on stockholders' equity: auditor should obtain sufficient appropriate audit
evidence to express an opinion about financial position (balance sheet)
If specific element is based on net income: auditor should obtain sufficient appropriate audit evidence to
express an opinion about both financial position (balance sheet) and results of operations (inc. stamt)
IF adverse or disclaimer on set of F/S: dont express unmodified opinion on single F/S
An auditor may report on one basic financial statement and not the others, provided that access to
information for all statements is not limited and that all procedures considered necessary are
performed. Such engagements merely involve limited reporting objectives
77
The report on such data should refer to the audit report on the financial statements
The relevant AICPA guidance is provided by AU 805 "Special considerations — Audits of Single Financial
Statements and Specific Elements, Accounts, or Items of a Financial Statement."
May express "negative assurance" : nothing came to our attention that the entity failed to comply
If adverse or disclaimer of opinion on F/S: should only report on non compliance when identified. cant
give "negative assurance"
Service organization: organization or segment that provides services to user entities that are relevant to
internal control over financial reporting
Subservice organization: Service organization used by another Service organization to perform services
relevant to entities internal control over financial reporting
User Entity: uses service organization and whose F/S being audited
Type 2 report: report on system and suitability of design and operating effectiveness of controls
78
The AICPA has established three types of examination services that result in the following three
types of CPA reports on service organization controls (SOC):
Service organization: organization or segment that provides services to user entities that are relevant to
internal control over financial reporting (outsourcing transaction processing)
Subservice organization: Service organization used by another Service organization to perform services
relevant to entities internal control over financial reporting (outsourcing, outsourcing)
Type 1 Report: management's description of service org's system and suitability of design of controls.
2 Opinions rendered on: 1. System description, and 2. control objectives suitably designed
Written assertion by management about material respects of design and implemented controls
Type 2 Report: management's description of service org's system and suitability of design and
effectiveness of controls
3 opinions expressed: 1. description is fair, 2. control objectives suitably designed 3. controls operated
effectively
Written assertion by management about material respects of design and implemented controls
objectives and operative effectively
COMFORT LETTERS
79
Letter for underwriters: contributes to "due diligence" for underwriters under Section 11 of 1933
Securities Act (not required by or filed with SEC)
Positive assurance: in our opinion audited F/S comply as to form with SEC requirements (only given)
Negative assurance: limited assurance. not aware of any need for modification.
The relevant AICPA guidance is provided by AU 920: "Letters for Underwriters and Certain Other
Requesting Parties."
A written report on I/C over financial reporting is required for every audit (additional reporting)
80
may have duty to report fraud/illegal acts, abuse to outside authority
Should report any know instances of illegal acts that could result in "criminal prosecution". report on
non trivial acts
Single audit act of 1984: spent over 750K of federal money in a year, single coordinated audit of major
assistance programs, not grant by grant
Compliance
Report on I/C
Then separate sections: Internal Control Over Financial Reporting (no opinion),
Report on Compliance:
Looked at laws and regs, only those that material effect F/S (illegal acts disclosure through refernce)
81
Audit of compliance
Report of audit findings with responses from officials and corrective action plans
Direct communication when: Reported to the entity's governing body and the governing body fails to
make a required report to the federal inspector general
I/C reporting under Government Auditing Standards differs by: requiring that the scope of the auditors'
testing of internal control over financial reporting be described. It can be a separate report or combined
report with compliance with laws and regulations.
Financial statement audits in accordance with Government Auditing Standards require the following
reports:
1) an audit report;
2) a report on internal control;
3) a report on compliance with laws, regulations, and the provisions of contracts or grant agreements
The auditor's documentation should contain sufficient information so that supplementary oral
explanations are not required
sub-recipient: nonfederal entity that expends federal awards received from another entity to carry out a
federal program.
COMPLIANCE AUDITS
SAS 117
Risk of material non compliance (same as RMM) and if they are pervasive to compliance
82
Issue separate report on compliance or combined with I/C over compliance or separate report
on I/C over compliance
If the auditor detects noncompliance with requirements that have a material effect on the program
being audited, the auditor should issue a qualified or adverse opinion on compliance.
The auditor is required to give positive assurance on the items tested as to compliance with laws and
regulations. The auditor provides negative assurance on the items not tested
Application and Other Explanatory Material: explain meaning of requirements: "may"," might"," could"
Interpretive publications
Prior to accepting:
Determine competence
The Statements on Standards for Accounting and Review Services are not applicable when:
83
2) assisting in adjusting the books of account;
AR-C 70
Meet preconditions
Documentation Requirements:
Bookkeeping services
Meet preconditions, written agreement, compilation report must be issued when engage to compile
entity's F/S
Need not be independent - cause no opinion. but must be stated at end or report
84
Understand framework, read F/S, request additional info
Title
Add separate paragraph to state if special purpose framework and refer to note on F/S
F/S contain known departures: propose adjustment, modify report by adding separate paragraph
Documentation Requirements
In a compilation, the accountant is required only to read the financial statements to consider whether
the financial statements are free from obvious material errors
A compilation engagement carries no expectation that the accountant will obtain an understanding of
the entity's internal control
An accountant may compile financial statements lacking substantially all disclosures provided that:
1) the omission is clearly indicated in his/her report; and
2) the omission is not intended to mislead those who might reasonably be expected to use the compiled
statement
The accountant does not perform any evidence-gathering procedures to corroborate the financial
information involved.
If the financial statements are prepared using a special purpose framework and the financial statements
do not disclose this basis, the accountant's compilation report should identify the basis
that the accountant compiled the financial statements in accordance with Statements on
Standards for Accounting and Review Services
that the accountant does not express an opinion or any other form of assurance on the financial
statements
85
Guidance is provided in the clarified SSARSs, specifically by AR-C 80, Compilation Engagements
Circumstance Resolution
Departures from GAAP A departure from generally accepted accounting principles requires
the accountants to discuss the departure in a separate paragraph in
the compilation report.
Lack of consistent application of Modify the compilation report for a departure from generally
GAAP, substantial doubt about accepted accounting principles.
ability to remain a going concern
not properly disclosed in
financial statements
Compilations of information that This is permissible. In such situations the accountants should add the
omits substantially all following last paragraph to their report:
disclosures (e.g., note disclosures
omitted)
Compilations when the CPAs are Independence is not required. The following may be added to the
86
not independent compilation report:
In addition the CPAs may also provide reason(s) for the lack of
independence (e.g., a member of the audit team had a direct
financial interest in XYZ Company)
Must be independent, a review report expresses "negative assurance": not aware of any material
modifications
Procedures:
Clarified Report
Body: Into, Management Responsibility for F/S (labeled), Accountant's Responsibility (labeled),
accountants conclusion (labeled)
87
Document:
work performed: engagement letter, management rep letter, significant findings, copy F/S, copy
of review report
If the accountant becomes aware of a GAAP departure during a review engagement, the review report
should disclose this departure in a separate paragraph of the report
Belief that modification of the review report is not adequate to indicate the deficiencies in the financial
statements, Baker should withdraw from the engagement
The accountant would modify the standard review report if he/she became aware of departures from
the applicable financial reporting framework that were not corrected
An accountant is allowed to issue a review report on one financial statement as long as the scope of the
inquiry and analytical procedures has not been restricted
Compiling Pro Forma Information: effects that actual or potential transaction might have had on
historical financial information if it occurred on financial presentation
Prerequisite: must have compiled, reviewed or audited historical F/S that is basis of pro forma
May assist in preparation of pro forma information without issuing compilation report
88
Review and compilation reports on comparative financial statements
refer to each period of F/S shown. nature of engagement can change year to year (compile v
review)
When change in accountants and prior report not presented: successor should state fact in
other-matter
When audit prior year and review subsequent year: add a separate paragraph to the review report
stating (1) that the prior period's financial statements were audited; (2) the date of the previous report;
(3) the type of opinion expressed; (4) the reasons for any modification of the report; and (5) that no
auditing procedures were performed after the date of the previous report
Attestation: examination, review, or agreed upon procedures report on subject matter, or an assertion
about the subject matter that is the responsibility of another party
The SSAE are a broad category of attestation services that are not covered by other standards
General Standards:
89
Independence
Fieldwork Standards
Reporting Standards
Must state when: Criteria is limited in understanding, criteria only available to some, no
written assertion provided, when agreed-upon procedures to subject matter
SSAE Hierarchy:
Interpretations: explain compliance with SSAEs when not applying applicable interpretations
Services of Attestation
ID material deficiencies
ID material deficiencies
90
Report can be issued for general distribution
Specified parties take responsibility for sufficiency of procedures (perform procedures on their
behalf)
Prospective financial statements include summaries of both significant assumptions and significant
accounting policies
AICPA allows: Examination (always, a lot of work), agreed upon procedures (restricted distribution),
compilation. (review is not allowed)
Responsibilities: evaluate presentation and underlying assumptions for reasonableness. similar structed
report to that of audit report
91
ID nature and prospective F/S information
Conclusion is procedures...findings
State not an examination and give disclaimer of opinion. results may not be achieved and don't
take responsibility for anything after the fact
Report:
Stat limited in scope and disclaim opinion. Forward looking and not responsible for it
An examination of a financial forecast is a professional service that involves evaluating the preparation,
the support for the assumptions, and the presentation of the prospective financial statements and
rendering an opinion
When the assumptions do not provide a reasonable basis for the forecast, the examination report
should express an adverse opinion
92
3. Scope limitation (disclaimer)
4. Emphasis of a matter (unmodified)
5. Evaluation based in part on report of another auditor (unmodified—divided responsibility)
Pro forma: show significant effects on historical F/S if an event happened before balance sheet date
rather than after balance sheet date (business combination, new securities, etc)
Requirements:
Document with pro forma information that references historical statements
3 Objectives:
Can express positive assurance for examination or negative assurance for review of each objective
reference to the financial statements from which the historical financial information is derived
COMPLIANCE ATTESTATION
Reporting of entity's written assertion about compliance or effectiveness of I/C related to compliance
Examination report
Scope: Reference AICPA standards and note that doesn't provide legal determination
93
Opinion: express without identify specific measurement requirements
Into: nature and subject matter. responsibilities of management and accountant. AICPA
standards
Integrated audit: auditing F/S and expressing a report on internal control over financial reporting
Basic responsibility: design test of control to achieve objectives of both engagements simultaneously
Obtain sufficient appropriate evidence if material weaknesses exist. not required to seek anything else
out. use same criteria as management to evaluate
Management Requirements:
Evaluating Design effectiveness: inquiry, observation, and inspection of documentation, walk thru
94
Focus on reasonable possibility: depends on magnitude and potential of misstatement
Communication:
Can be separate report on combined report, if separate: add paragraphs referencing other report and
should have same date
Reporting on I/C
The work performed in an attestation engagement on internal control is more extensive in scope than
that performed during the control risk assessment in a financial statement audit.
4 conditions that must be met for the auditor to examine internal control in an integrated audit under
AICPA standards
Management must evaluate the effective of I/S using suitable available criteria
Management must support its assertions about effective of I/C with sufficient appropriate
evidence
Management must provide its written assertion about the effectiveness of I/C in a report to
accompany auditor's report
95
An auditor's unqualified report on internal control would provide the opinion that the company
maintained, in all material respects, effective internal control over financial reporting as of a specific
date (usually year end), based on the control criteria
Attesting to MD&A presentations according to SEC requirements (Must have audited F/S)
Underlying information and assumptions provide reasonable basis for disclosures within
presentation
Occurrence
Completeness of explanation
ASSURANCE SERVICES
96
Assurance: independent profession services that improve quality or context of information for decision
makers
PCAOB responsibility:
Inspect registered public accounting firms ( review +100 firms = annually, less than 100 every 3
yrs)
Standard setting
Enforcement
Funding - funded by registration and annual fees from accounting firms, accounting support fee
assessed on issuers
Title II of the Sarbanes-Oxley Act of 2002 establishes 5 years as the upper limit before mandatory
rotation
DEEP DIVE
97
Cooling off period of 1 year: applies to lead partner, concurring partner, audit engagement team
member> 10 hours audit/review/attest services
Applies if new job: financial/executive capacity, financial oversight or F/S preparation at client
AUDITING STANDARD NO 1
98
AUDITING STANDARD NO 3
Audit documentation
Demonstrate complied with PCAOB standards, support basis for auditor's conclusions, underlying
records agree or reconcile with F/S
Document audit procedures involving audit procedures, all significant findings or issues and actions to
address them (ID in engagement completion document)
Documentation completion date: no later than 45 days after report release date (AICPA up to 60 days)
99
After documentation completion date: nothing deleted, added must include date, name and reason for
addition
AUDITING STANDARD NO 4
In evaluating whether a material weakness exists, an auditor should focus on materiality at the financial
statement level
AUDITING STANDARD NO 5
Applicable: when auditor is engaged to audit the issuer's F/S and management's assessment of
effectiveness of I/C over F/R
Risk assessment underlies entire audit process, allows auditor to use work of others to reduce
duplication
Material weakness: deficiency in ICFR that there is a reasonable possibility that a material misstatement
will not be prevented or detected on a timely basis
Significant deficiency: deficiency in ICFR that is less severe than a material weakness, but important
enough to merit attention
Perform walkthroughs
100
operating effectiveness: inquiry, observation, walkthroughs, inspection of documentation, re-
performance
Indication of material weakness: fraud, restatement of prior F/S, discovery of MM in current F/S,
ineffective oversight by audit committee
Can issue separate or combined reports, if separate then explanatory report that references other, each
have same date
Deficiency in design: When a control necessary to meet the control objective is missing or when an
existing control is not properly designed so that, even if the control operates as designed, the control
objective is not always met
AUDITING STANDARD NO 6
Consistency: evaluation of
When there is a change in accounting principle, the auditor should evaluate whether
(2) the method of accounting for the effect of the change conforms to GAAP;
(4) the company has justified that the alternative accounting principle is preferable.
101
IF criteria isn't met then GAAP departure and qualified opinion or an adverse opinion
Change in classification do not require mention unless correction of material misstatement or change in
accounting principle
AUDITING STANDARD NO 7
Engagement quality review: requires engagement quality review and approval of issuance
For an audit
Cooling off: serving as engagement audit partner for either of the 2 audits before cant review
Accounting firm cant give permission to use report unless reviewer provides "concurring approval of
issuance". Review cant give it if there are any significant deficiencies
(1) holding discussions with the engagement partner and other members of the engagement team
No 8: Audit risk: conduct audit that reduces risk to appropriate level. At F/S level and relevant assertion
level
102
No 9:Audit Planning: plan audit so that its conducted effectively. engagement partner in charge
No 10: Supervision of Audit Engagement: work performed as direct and supports conclusions
No. 11 Consideration of Materiality: apply materiality in planning and performance. same materiality for
audit of F/S and ICFR
No 12 Identifying and Assessing RMM: ID and assess RMM as basis for designing and implementing
responses. provide reasonable basis for designing further audit procedures. Top down approach
No 13 Auditors responses to RMM: address RMM through overall audit responses and procedures
No 14 Evaluating audit results: evaluate results of audit to determine whether sufficient and appropriate
to support opinion
No 15 Audit evidence: plan a perform audit to obtain evidence to support conclusions. based on 5
assertions
Existence
Completeness
Valuation or allocation
AUDITING STANDARD NO 16
103
provide timely observations about significant audit matters
most important to portrayal of financial results and require management most difficult,
subjective or complex judgments
Communicate
difficult matters
Going concern
Can be oral or written and must be timely and prior to issuance of the auditor's report
AUDITING STANDARD NO 17
Procedures
104
Verify information reconciles to F/S or other records
Auditor's report does not include a statement that the methods of measurement and presentation have
not changed from those used in the prior period
AUDITING STANDARD NO 18
Related Parties
Evaluate whether related party relationships and transactions are properly reported and disclosed
Obtain understanding for: ID related parties, authorizing transactions, accounting for/disclosing in F/S
Communication:
management assertions that related party transactions were equivalent to arms length
105
IFAC has 4 separate stand setting boards
International Auditing and Assurance Standards Board: auditing and review, other assurance, QC
US vs International auditing
Public Interest Oversight Board oversees IFAC's auditing and ethics-related standard-setting activities
Divides code in 3 major parts. Members in public practice (MIPP), Members in Business (MIB),
Other members (OMs)
2. Public Interest principle: act in way to serve public interest, honor public trust, demonstrate
commitment to professional. "acceptance of responsibility to the public"
3. Integrity Principle: perform all professional responsibilities with highest sense of integrity
106
Integrity is measured in terms of what is right and just
4. Objectively and independence principle: maintain objectivity free of conflicts of interest in discharging
professional responsibilities. Independent in fact and appearance
5. Due Care Principle: observe procession technical and ethical standards, strive to continually improve
competence and quality of services and discharge professional responsibility
6. Scope and Nature of services principle: observe principles of code of professional conduct in
determining the scope and nature of services provided
ID threat
7 types of threats
107
Advocacy threats (advisor, underwriter, etc)
Self interest threats (you have interested stake, excessive reliance on one client)
Safeguards
Created by profession, legislation or regulation (training, standards, external review, hotline etc)
Implemented by the client (tone at top, client has skills, policies and procedures, governance)
CPA acting as an auditor must honor professional rules regarding integrity, objectivity, independence
Client consents
Director Positions: companies that you work with want you to serve as a director. will the threat be
unacceptably high? just be a consultant instead
Gifts and Entertainment: Objectivity and integrity are threatened if receive or give gifts to:
Officers
Directors
10% shareholders
If violate member's or client's policies or applicable laws and regulations. Know the rules or reckless in
not knowing the rules. If no rules, if its reasonable.
108
Nature of gift
Occasion
Cost / value
Entertainment was associated with conduct of business directly before, during or after (meals, etc)
Signed, permitted or directed signature to doc. containing materially false and misleading info
Proper procedure
Evaluate significant that material misstatement will occur or if laws or regulations violated (no?
then ok)
If still worried: review internal policies, review if responsible to third parties, consult legal,
document understanding
Not precluded from resigning but doesn't necessarily protect from legal liability
ADVOCACY, THIRD PARTY SERVICE PROVIDERS (TSPs), GENERAL STANDARDS, AND ACCOUNTING
PRINCIPLES
Client advocacy: cant advocate for attest clients, may advocate for advisory or tax clients but can
threaten objectivity or integrity (not too zealous)
Use of TSPs: Ok to outsource work to TSP but can threaten Integrity and objectivity. If outsourcing
professional services, notify clients in writing before confidential information to TSP. If client says no,
don't outsource of turn down engagement
109
General Standards: must follow rules by appropriate bodies
Professional Competence
Competence: possesses technical qualifications and can supervise and evaluate quality of work
performed. Decline if can't. Can't just turn over to specialist
Accounting Principles:
Exceptions: when departure from GAAP is appropriate (ex: new legislation, evolution of business
transactions, when other accounting principles apply, special frameworks)
Describe departure
DISCREDITABLE ACTS
Discreditable acts:
False advertising
110
Improper use of CPA credential
Records Requests
Records Types:
Member prepared records (AJEs, documents): deliver upon request when related to issued
product except if fees are due for that specific work product
Member's work products: provide upon request unless haven't been paid for that work, work is
incomplete, withhold to comply with standards, if threatened or outstanding litigation
Working papers: don't have to provide to client, unless explicit in engagement letter
Some states are more strict and if so, then follow state laws
Audit documentation is not transferable to a purchaser of a CPA practice unless the client consents
FEES
Contingent Fees: fee established for performance and amount is determined by the result
Compilation of F/S where 3rd party will use and didn't disclose lack of independence
Can't prepare original or amended tax return or claim for contingent fee
filing amended return that is subject of a test case involving different taxpayer w respect to
which taxing authority is developing a position
111
filing an amended return claiming a refund greater than threshold for review by join committee
on taxation or state taxing authority
representing a cline in connection with obtaining a private letter ruling or influencing the
drafting of a regulation or statue
Commissions and referral fees: Prohibited for attest clients, permitted for non-attest: just disclose
Spouse can receive commission for member's attest client, as long as the spouse's activities are separate
from the practice and member isn't significantly involved in spouse's activities
When take title and then sell to client, can mark up without disclosure
May subcontract service to another person and mark up costs without it being considered a commission
Tax accountants can accept referral fees and commissions. However, they should be disclosed to the
client
Claim that services will be performed for a stated fee when its likely they will be substantially
increased
Confidential info: proprietary information gained through relationship that isn't public
Discreditable act to: disclose without permission or use for personal benefit
Exceptions:
112
report potential concerns to employers confidential complaint line or audit committee
Additional concepts:
If new client likely leads to disclosure of confidential information from existing or previous
client, don't accept until get consent
When withdrawal, if contacted by new auditor, suggest the firm contact client to ask permission
for you to discuss matters freely
When using TSP: before disclosing, make sure they have adequate protection
Turning over client names is allowed unless disclosure of name signals propriety info
(bankruptcy)
CPA may generally disclose confidential information without a client's consent if it is necessary to avoid
violating GAAP, if in response to an ethics inquiry by a quality review board, or pursuant to a court order
Form of Org:
Firm cant designate itself as Member of the AICPA unless all its CPA owners are
Ownership of a separate business: that provides non attest services, but if member controls it they
would have to abide by code of conduct
Nonmember practitioners: must still comply with code, and responsible for fellows
Attest engagement performed with a former partner: finish engagement and use non-letter head
113
Firm Name:
Network firms: firms that work together for advantage and share
Common control
IF CPA controls another firm, the firm in which he has invested (XYZ) and its employees must abide by
code of conduct
When codes doesn't resolve issue, the Conceptual Framework should be applied
Threats
Advocacy threats
familiarity threats
self-interest threats
self-review threats
114
Safeguards
Your firm
Time period: independence rules must be follow when relationships exist during
partner, partner equivalent, or manager who provides more than 10 hrs of nonattest services to
attest cline within any fiscal year
partner or partner equivalent in the office that leads attest engagement but not associated with
entity whose operating, financial, or accounting policies can be controlled by any individuals or
entities
Network firms: firms that work together for advantage and share
Common control
115
Must comply with independence rules with respect to clients of other network firm if use of audit or
review report is not restricted (unrestricted)
Affiliates: covered members must abide by independence rules for both attest clients and affiliates
Reissued reports: If prior auditor and now not independent to prior engagement client and have to
reissue = do limited procedures (inquiries, reading F/S)
Engagement contract terms: can indemnify firm for liability and costs resulting from client's
management's knowing misrepresentations
Alternative dispute resolution (ADR): require ADR in lieu of litigation to resolve disputes, can put in
position of material adverse interests and thereby impair independence
Unpaid Fees: can't sign current year audit report if there are unpaid fees from more than one year prior
Fees are unpaid even if they are unbilled or if the client has issued the firm a note receivable
IF covered member has or is committed to acquire direct interest in attest client (immaterial or material)
independence is impaired. Only not impaired if both indirect and immaterial
Direct:
interest beneficially owned through investment vehicle, estate, trust, when beneficiary either:
116
Even if partner of professional employee isn't a covered member, that person or immediate family, cant
own more than 5%
if member receive or learn they will receive, independence will not be impaired if dispose of
interest within 30 days
Mutual fund: interest in fund is direct, interest in underlying investments if own less than 5% is indirect
If own more than 5% of diversified funds or undiversified funds evaluate if they are material to net
worth and net worth of immediate family
Retirement Plans: if members of immediate family members self-direct their investments into plan:
interest is direct (bad even if immaterial)
Defined benefit plan isn't interest held by covered member, unless specifically involved in investment
decisions
Partnerships:
General partnership: all are GP and have right to vote and investment decisions (direct investment in
partnership and partnership's investments
Limited Partnership: GP is direct interest, LP direct in partnership and indirect in investments (direct if
participated or have ability to replace GP)
LLCs:
Member managed: like partnerships and treated the same for independence
117
Agent managed: interest in LLC direct, investments are indirect (unless can control LLC/supervise or
participate)
Prepaid tuition plans: owner has direct financial inters in plan but only an indirect interest in its
underlying investments
Savings plan: direct in plan and underlying investments because you choose
Cant do it if:
If co-trustee is making decisions, if committed to acquiring more than 10% of client's equity
ownership
If co-trustee is making decisions, if value of holdings more than 10% of total assets
underlying trust investments ultimately revert to covered member as the grantor of trust
Beneficiary: of trust. Direct interest and interest in underlying investments is indirect (except if supervise
or participate in decisions)
Blind Trust: ultimately come back to grantor, then blind trust and underlying investments are direct
Employee Benefit Plans: if participates in plan that is an audit client or sponsored by one
Exceptions:
118
member is required to participate
no influence or control
2. Formally associated with audit client and is no longer and met requirements for preserving
independence
Depository accounts:
Firms can audit bank that holds its deposits if they conclude remote likelihood of the bank having
financial difficulties
accounts insured
Insurance policy: not an interest unless offers investment option. no problem if normal circumstances
Attest client
officers or directors
119
10% holder
normal circumstances
obtained before became a client, or you loan was sold to an attest client
ordinary circumstances
Business relationships:
Cooperative ventures: ok if: Participation of firms from separate contracts, don't assume
responsibilities neither has agent authority
Joint investment:
FAMILY RELATIONSHIPS
120
Immediate family members: spouses, spousal equivalents and dependents
IFM's:
plan creates option to invest in non attest client, should do so within 30 days
financial interest in attest client that: member knows or has reason to know is material or
enabled relative to exercise influence over client
CURRENT EMPLOYMENT
Is not a PTI
121
Doesn't participate in any employee benefit plan sponsored by school unless required
Can work for not for profit that is also attest client if:
Campaign Treasurer: ok if
Can audit political party or governmental unit which the candidate will head if wins
Former employment or association with attest client (left company for firm)
If in key position and comes to firm, independence impaired if participated on team or PTI when
covering any period of time employed or associated. Must dissociate. Can be OPIOs or 10 hr
people.
Disposition of stock
SUBSEQUENT EMPLOYMENT
122
Firms independence will be impaired when partner or professional employee goes to work for client in
key position unless all are met:
amounts due to former employee for previous interest in the firm are not material to firm and
calculation of payments is fixed. may adjust retirement benefits for inflation and pay interest on
amounts du e
Appearance of participation:
within one year of dissociating, has significant interaction with attest team, team member
should review whether team has maintained skepticism (position assumed, position held at
firm, nature of services former employee provided)
Applies to: lead partner, concurring partner, or member who provides 10+ hours
How long: one year cooling off period preceding the beginning of audit (entire audit cycle
passes)
123
CIRA performs functions similar to local governments (road maintenance, utilities, etc)
Credit Union:
Gifts: impaired if firm, team member, or PTI accepts gifs unless clearly insignificant to recipient
Nature of gift
Occasion
Cost/Value
Actual or threatened litigation: material adverse interests would impair, minor or not related wouldn't
impair
Would impair if: attest client sues alleging deficiencies, member sues client alleging fraud or deceit
Actual or Threatened litigation: filed by shareholders presumptively don't impair independence unless
cross claims with significant risk or material settlements or judgments
The code applies the "clearly insignificant" standard to gifts and the "reasonable in the circumstances"
standard to entertainment.
Regarding independence, the firm, team members, and those in a position to influence may not accept
gifts from attest clients unless the value of those gifts is clearly insignificant to the recipient. Other
partners in the office and 10-hour people, are not covered by the rule
CODE PROVISIONS
124
Non-audit services (NAS)
Form or content
Firms shouldn't assume management responsibilities (no custody, which recommendations, etc)
Objectives
Services
members responsibilities
any limitations
125
SOX limits NAS by saying MIPPS may not provide advisory services to clients that are public companies
Should not: audit own work, advocate for attest clients, serve as client's managers
bookkeeping, financial info system design, appraisal or valuation services, actuarial services,
internal audit outsourcing services, management function, broker or dealer, legal services
unrelated to audit
provide tax services to member of management (or immediate family) who serve in reporting
oversight role
SOX process:
audit committee must pre-approve any permitted NAS purchased from its auditor
SPECIFIC SERVICES
Remember: general requirements must always be me and SOX always respected in public company
126
127
128
129
MEMBERS IN BUSINESS
Threats
Adverse interest
Advocacy threat
familiarity threat
self-interest threat
self-review threat
Safeguards:
the employer
Gifts and Entertainment: MIBs do not accept if violate law or policies, should be reasonable
General Standards
Discreditable Acts
Discrimination/harassment
130
Disclosure CPA exam questions/answers
false advertising
OTHER MEMBERS
Discrimination/harassment
false advertising
OTHER ETHICS
SECURITIES AND EXCHANGE COMMISSION
Can provide NAS to : non-audit clients and audit clients that are private companies, tax work to
public clients if pre approved by audit committee and disclosed
131
Auditor Rotation:
Must rotate both lead audit partner and reviewing audit partner at least every 5 yrs
Audit report to audit committee: firms selected, compensated and discharge by audit committee
A violation of any PCAOB rule constitutes a violation of the 1934 Securities Exchange Act.
132
To Register: information disclosed
annual fees for audit and non audit services from each client
information relating to criminal, civil or admin proceeding pending against firm or associated
person in connection with audit report
copies of disclosures filed by client with SEC in last yr relating to disagreement with auditor
must provide concurring or 2nd partner to review and approve each audit report
PCAOB Must do annual inspections for firms doing 100 audits per yr, if less once every 3 yrs
PCAOB must notify SEC and may refer any investigation to SEC or legal
PCAOB can sanction ranging from 750K for individual or 15 mil for entity
SOX provides both fines and imprisonment for CEOs and CFOs who misrepresent company finances
independently
professional behavior
133
Independence Standards
Person impairments: family relationships, financial interests, employment relations, self review,
bias
Organizational impairments: audit function in reporting line with area under audit, audit area
that already is a part of
Establish policies and procedures, communicate to all auditors, establish internal policies to monitor
compliance , disciplinary mechanism, stress importance of independence, maintain documentation
Presumed free of organizational impairment if: at level of government other than one assigned or
different branch of government or headed by elected auditor
Auditors performing under GAGAS should complete, every 2 years, at least 24 hours of CPE that directly
relates to government auditing and an additional 56 hours (for a total of 80 hours) of CPE that enhances
the auditor's professional proficiency
Internal audit function is presumed free from organizational impairments to independence for reporting
internally if the AO's head:
is accountable to the head or deputy head of the government entity or to those charged with
governance;
reports the audit results both to the head or deputy head of the government entity and to those
charged with governance;
is located organizationally outside the staff or line-management function of the unit under audit
is sufficiently removed from political pressures to conduct audits and report findings, opinions,
and conclusions objectively without fear of political reprisal
DEPARTMENT OF LABOR
Financial Ties: impaired if accountant or firm or member had or acquired any direct interest and indirect
material
134
Employment Ties: impaired if connected as
promoter, underwriter, investment advisor, voting trustee, director, officer, employee of plan or
plan sponsor
NAS: don't audit what you prepared and not maintain financial records
Many consulting services are permitted, but one cannot maintain independence while auditing records
that one maintained in the first place.
TFhe DOL conducts financial and performance audits following Government Auditing
Standards relating to its mission, including audits of
(1) Compliance with applicable laws and regulations
(2) Evaluation of economy and efficiency of operations
(3) Evaluation of effectiveness in achieving program results
Adopted in more than 100 countries . AICPA will not be lower than IFAC codes, with merging efforts
Major differences
AICPA: look at their code first and if they dont answer ID threats, evaluate threats, apply
safeguards. IFAC is the opposite
Fundamental Principles:
Threats:
Self interest, self review, advocacy threats, familiarity threats, intimidation threats
135
ID threats to principles, if not trivial and inconsequential, then consider safeguards
ACCESS to Standards
http://www.aicpa.org/becomeacpa/cpaexam/forcandidates/howtoprepare/pages/literature.aspx
136