- Audit Purpose: Express opinion on Fair presentation of FS in accordance with applicable Financial rep framework.

- Mgt. Resposibility: Preparation of FS, Internal control, Providing auditor access to information & people
- Audtr Responsibility: Prof. Skepticism, Ethical(Independence), Prof. Judgement, Audit evidence, Comply with GAAS
- Reasonable Assurance: High but not absolute; Plan, supervise, materiality, risk, audit evidence
- Audt Inherent Limitation: Nature of FR (Mgt Estimates & Judgement), Audit Procedures limits, Timeliness/Cost-Ben.
- Audt Scope: Single/Multiple period, Complete FS or partial. Non-issuer: FS audt or Integrated; Issuer:Integrate Audt
- Objective of FS Audit: 1. Obtain reasonable assurance; 2. To Report (opinion) on fair FS
- Objective of Internal control Audit: 1. Obtain reasonable assurance; 2. To opine on IC effecti. & material weakness
- Non-issuer Unmodified opinion(unqualified):Include emphasis-of-matter & other-matter(nonissuer); explanatory(iss)
- Modified Opinion types: Qualified (GAAP/GAAS issue); Adverse(GAAP issue), Dislaimer of Opinion(GAAS issue).
Qualified if material but not pervasive, Adverse if material & pervasive, Disclaimer if unable to obtain Audit Evidence
- Standard nonissuer Independent Auditor’s Report: 1) Introductory 2) Mgmt Respnbty 3) Audtr Respnsbty 4) Opinion
- Standard issuer Report of Independent Registered Public Accounting Firm: 1) Opinion 2) Basis for Opinion 3) CAMs
- Issuer: Audtr must file Form AP with PCAOB for each audit report within 35 days SEC submission or 10 days of reg.
- Modified nonissuer audit report: 1) Introductory 2) MR 3) AR *modified* 4) Basis for Modification 5) Opinion
- Modified issuer audit report: 1) Opinion + add’l Para 2) Basis for Opinion 3) CAMs *no CAMs req’d if A / D opinion*
- Emphasis of Matter P → referring to a matter that is presented / disclosed in the FS & fundamental to users
understanding
- GAASP Must: Going concern, Change in Acct principle, Change in Audit Opinion of Prior yr , Special Purpose
framework, MM in prior FS corrected
- Other Matter P → referring to a matter that is NOT presented / disclosed in the FS but relevant to users understanding
- Change in audit opinion, restrict use of report, prior FS audited by predecessor & prior report not presented,
comparative FS current year audited prior year unaudited, material inconsistency in other information, report on
supp info, refer to req’d supp info, report on compliance included in auditor’s report
- Critical Audit Matters = communicated or reqd to be communicated to the audit committee, material accounts/discl. &
especially challenging/subjective/complex judgement. Exempt: broker, Investment Co., Employee plan & Emr Grwt
co. CAM omitted in Adverse, Disclaimer or Independent issue
- Update means reaffirm or change in audit opinion due to new information or correction of misstatements. If update
opinion changed from the previous opinion, disclose DORCS in emphasis-of-matter or other matter para. DORCS is
Date, old Opinion type, Reason for old opinion, Changes and Statement “opinion … is different”
- Communication w/ predecessor auditor:
- Before audit: mgmt integrity, disagreements, reason for change in auditors, any fraud/noncompliance, IC matters,
communication to mgmt/AC/those charged w gov, fee pmt problems
- During audit: review audit documentation (opening balances, contingencies, etc.)
- Report Reissued by Predecessor → Decide if report is still appropriate ; procedures [old CPA should]: read current
period FS + report, compare prior period FS w/ current FS; obtain Rep letter from successor auditor & management.
Report Date for unrevised reissued report will be original date. Use Dual date for Revised audit report.
- Report not reissued: Successor Audtr express opinion on CY FS only, indicate PY audited by predecessor (not
Named), Date, Opinion type, modification Reason . DOR
- PY not audited: Clearly indicated on FS; (a) PY reviewed or compiler: Include other matter para disclosing DOR (b)
No audit, review or compilation of PY: Include other para assuming no responsibility.
- Group auditor → (1) Make No reference: Group audtr assumes responsibility and do not refer Comp. audtr in AR &
perform procedures on Component FS (1) Make reference without name in AR para if Comp. Auditr report not
restricted; Name of component auditor included ONLY IF given permission + component auditor’s report is presented
w/ auditor’s report on the group FS. Issuer: reference made in Opinion para & Basis of opinion.
- Reporting on a complete set of FS + Single FS / Specific Element:
- Issue separate reports & express opinions for each engagement, BUT can be published together if
differentiated & complete FS is unmodified
- If opinion on complete FS is modified due to the specific element, should express A / D on that specific element
- If Adv. / Discl. on complete FS → GR don’t express clean opinion on specific element b/c it contradicts, CANNOT
issue a clean opinion on the single FS. NA to immaterial element not published with audit report
 - Specific element is stockholder’s equity, perform procedures necessary to express opinion about BS (Fin. Positon
- If specific element is net income, perform procedures necessary to express opinion about BS + IS
- Subsequent event: PRIME upto report date not Release date; AR = review Post BS transactions, Rep letter, inquiry,
reading minutes, compare latest interim FS with FS under audit ; if new info comes after audit report date, may dual
date to extend responsibility only for that subsequent event
- Other Information: Generally audtr NOT responsible, Should read. If material discrepancy: Modify op. in Other-
matter/explanatory para or withdraw (False/Fraudulent/deceptive/misleading).
- Supplementary info or Reqd Suppl. Information: Apply limited procedures. Auditor report may be reqd. by client
- Report on supp info (separate engagement) → evaluate presentation & fairly stated in relation to FS as a whole ;
report in separate report OR in OM paragraph
- Report on req’d supp info → apply limited procedures ; report in OM paragraph ; opinion permitted but not req’d
- Report on special purpose frameworks:
- Non GAAP titles,OCBOA-Tax/cash/Regu./Contr.; IFRS based FS are subject to US GAAS similar to normal audit
- EoM identifying special framework, it’s different than GAAP, refers to note
- Cash Basis (non-issuer) Private co: opinion on fair presentation, EoM, Statement that it’s different than GAAP
- Regulatory Basis General use: No Choice, Dual Opinion: Opinion of Fair presentation per Special framework &
Adverse Opinion para as difference between US GAAP & Special framework is Presumed material
- Regulatory Basis Restricted use : Single opinion, opinion on fair presentation w/ special purpose framework, OM
restricting use IF contractual / regulatory basis ;
- Report on FS prepared w/ framework of another country → distribution outside US only = use other country’s report
OR US form report with modification; distribution inside US = US form report w/ EoM identifying framework, refers to
- Report on application of framework [GAAP]→ restricted use, independence not req’d but disclose lack of independenc
- Reporting accountant (Consultant/Advisory): Hired to report or oral advice on a specific transaction accounting,
Independence not reqd. Consult with continuing accountant after taking management approval.
- Continuing accountant: with whom client has an ongoing relationship.
- System of Quality Control (CPA Firm): Policies & Procedures HELP ME maintain quality practice. Human Resource ,
Engagement acceptance, Leadership, Engagement Performance, Monitoring, Ethical policies
- HR policies: recruitment, Assigning personnel, Prof. Development, Training, Perf. Evaluation, Compensation
- Eng./Client acceptance: Min. Assoc. with Mgt lack Integrity, Background check, Nature/Scope of Eng, Firm competenc
- Leadership: Ultimate responsibility, Leaders attitude, adherence & action to Quality Control systm
- Eng. Performance: Supervise & review work, Expert consultation, Guidance material, Documentation,
- Monitoring: Implementation & maintenance of QC, Peer review: Appoint CPA firm every 3 yr, (1 Yr for >100 PCAOB)
- Ethical requ.: Independence, Integrity & objectivity, Annual written Indepenedence confirmation
- GAAS vs SQCS: GAAS relate to conduct of each engag. & SQCS-Quality Control standards relate to Firm’s practice
- Eng. Partner: Ulitimate responsibility, Review & Conclude, Critical areas, Significant risks (Revenue/Mgt override)
- Eng Quality Control Review: Review eng findings, significant matters, Fin. Statement, report, SOAP, Com with Mgt
- Audit documentation: assembled within 45 days (issuers) or 60 days (non-issuers) after report release date ; must be
retained for 7 years (issuers) or 5 years (others) ; Doc. Can’t be deleted after Document Completion Date
- Permanent (Continous File): Stock plan, leases, Minutes of meeting, pension plan, contracts
- Mgt Imposed Restriction: Don’t accept engagement if Resteiction likely result in Disclaimer op. Unless reqd by law
- Audit committee = members of the board, 3 - 5 “outside” directors, don’t have a material financial interest
- Communications: SPAM PODIUM MARS: Selection/chang in accounting policies, Process of accounting estimates,
Adequacy of disclosures, Manangement judgments, Planned scope & timing of the audit, Other issues, Difficulties
mgmt, Impairm Independence, Uncorrected misstatements, Mgt Disagreements
Material corrected misstate, Accountant consulted, Representation Mgt, Significant audit findings dis. With MGT ;
add’l comm for issuers = critical acct policies, alternative GAAP treatments, material comm btwn auditor + mgmt
- Written communication should be restricted, oral communication should be documented
- Nonissuers → timely manner give enough time for appropriate action to be taken
- Issuers → before issuance of audit report
- 5 components of internal control (CRIME): control environment, risk assessment (by mgmt), information &
communication systems, monitoring, existing control activities
- Service organizations issue reports on IC either: Type 1 Report (design only) OR Type 2 Report (design + op eff)
- IC communications: SD + MW communicated in writing to mgmt + charged w gov ; previously communicated SD +
MW not corrected communicated again ; CD to mgmt only ; auditor may not report on absence of SD but can report on
absence of MW ; recommend early comm but max 60 days report release date [nonissuer],before release dt [issuers]
- Auditing around the computer (Manual audit proc):Focus on Input & Output stage, Test Input data reperform &
compare, use for simple batch system, risk - insufficient evidence & procedure.
- Auditing through the computer (CAAT)→ Focus on Input & Processing stage, transaction tagging (follows transaction
thru client’s system), embedded audit module (collect data by criteria), test data (offline process test data on client
system, for invalid #, excess pay rate, excess hrs), integrated test facility (live, client system, auditor’s data), parallel
simulation (“reperformance test” auditor’s system, client’s data), generalized audit software packages (perform tests
of controls & subs tests directly on client system, Easy to test more sample in less time,little IT knowledge)
- Audit Procedures: Risk Assessment Procedures & Further Audit Proc. Further Audit proc> Test of control & Substanti
- Presumed fraud risk = improper revenue recognition (overstatement) + mgmt override of controls
- Audit risk = risk of giving the wrong opinion (failure to modify when there is MM): AR = IR * CR * DR; RMM=IR*CR
- Inherent risk & control risk = exists independently of audit ; auditor cannot change this risk, can change risk assessme
- Inherent Risk: risk of mistatement due to a factor other than a control failure. Business risk
- Control risk is risk of misstatement that an entity control’s will not prevent or detect.
- Detection risk = risk that auditor won’t detect MM ; auditor can change this risk through NET ; if DR ↓, ↑ subs tests
- Inverse relations: RMM vs DR; DR vs Subs. Testing Test of Details, Audit risk vs. Materiality
- Management Assertions: completeness, cutoff, valuation/allocation/accuracy, existence/occurrence, rights &
obligations, understandability & classification
- Documentation of risk: understanding of entity & IC, risks & related controls, procedures performed, risk assessment &
basis for the assessment
- Response to risk:
- More effective/strong controls, CR ↓, DR ↑, less subs tests required ; rely on controls more + test controls
- Less effective/weak controls, ↑ CR, ↓ DR, more subs tests required ; don’t rely on controls
- Materiality for the FS as a whole → based on the smallest level of MM for any one of the FS ; quan + qual factors
- Materiality for classes of transactions/acct balances/disclosures → separate materiality levels for each
- Can use internal auditors for assistance w/ subs tests + tests of controls ; can’t share responsibility for audit
- Audit evidence is all information auditor use to conclude and base opinion. Sufficiency refer to quantity and
appropriateness refer to relevant & reliable. Sufficiency depends on RMM & Quality of evidence. Greater risk imply
more evidence reqd. and High quality require less evidence.
- Audit evidence reliability (AEIOU) → Audtr direct knowledge + observation, External, Internal, Oral, U.
- Evidence Relevance relate to assertion tested and timing of procedure.
- Directional testing: Overstatement/existence- vouch backward (From FS to Journal entries to source documents) ;
Completeness/understatement- Trace forward (Source documents to Journal entries to FS)
- C FIVE CARROT WARS: Confirmation(existence) to enquire and confirm balances; Footing/Cross-
footing/recalculation (Accuracy); Inquiry internal or external party orally or writing; Vouching(existence/occ.) supporting
documents; Examination/Inspection(Existence) of records/tangible assets; Cutoff(completeness) transaction;
Analytical (overstement) compare/scan unusual items, Reperformance, Reconciliation, Observation process, Tracing,
Walk-through combo of inquiry/observation/inspect/control reperformance; Audit related accounts; Rep. letter, Subse.
- Substantive procedures designed to detect material misstatement; Test of details & Analytical procedure
- Test of detail: Many Transactions-focus on end bal & must have strong IC; Few transaction – test of detail is sufficient
- Analytical procedure must during planning phase (Start) & overall final review phase (end). But not mandatory
during substantive audit phase. During planning, Ap helps in entity understanding and risk assessment. In final
review, AP assist in reasonableness of account balance. In substantive procedure, it is used to corroborate.
- Efficiency/effectiveness factors of AP: Assertion, predicatbility, data reliability, expectation precision & method
- Trend Analysis & Ratio Analysis provide low assurance, imprecise & used with other procedure
- Nonstatistical Predictive & Regression analysis provide high assurance, precision & can be used as principal procedur
- External confirmation: Oral confirmation & electronic access provided by Mgt doesn’t meet definition of external conf.
 Current ratio = CA/CL Net profit margin = NI / Net sales
Quick ratio = (cash + ST mkt securities + receiv.)/CL Gross Margin = Net sales - COGS / Net sales
Working Capital = CA – CL Return on Assets = NI / Average total assets
Operating CF Ratio= CFO/Ending CL Return on sales= (PBT+-Interest)/sales

AR turnover = Sales / Average AR Days sales in AR = (end AR/sales)*365

AP turnover = COGS / Average AP Days in inventory = (end inv/COGS)*365
Inventory turnover = COGS / Average inventory Days payables = (end AP/COGS)*365
Asset turnover = Sales / Average total assets
- Sampling Risk- Sample is not representative of population and auditor’s conclusion can be incorrect
- Sampling 4 Rules: Population normally distributed, unbias unrestricted & randomly selected, same
characters(mean/SD), Standard deviation=Variability=uncertainty=large sample size. No Judgement involved
- Statistical & Nonstatistical Sampling = both are acceptable under GAAS & require professional judgement
- Statistical → auditor specifies sample risk & calculates sample size that provides a degree of reliability
- Nonstatistical → judgement used in selecting sample size & evaluating sample results
- Types of Statistical Sampling:
- Attribute Sampling → test of controls ; estimate rate of occurrence / deviations ;
- Risk of assessing CR too low (overreliance, not effective) - Beta risk
- Risk of assessing CR too high (under reliance, inefficient) – Alpha risk
- SD+ASR= UD i.e. Sample Deviation Rate(proj)+Allow. for Sample Risk = Upper Deviation rate. If
UD<=Tolerable DR, Rely on Control and if UD> Tolerable Dev. rate, don’t rely on control.
- Variables (Estimation/classical) Sampling → substantive testing ; estimate numerical value , dollar est.
- Risk of incorrect acceptance (effectiveness) – Beta risk
- Risk of incorrect rejection (efficiency) – Alpha risk
- Tolerable misstatement is max. monetary misstatement, may be =< Performance materiality.
- Projected mistatement + all Known misstatements < Tolerable misstatements, FS fairly stated unless Qualitativ
- Stratification sampl used for highly variability popul. It sub-divide pop. into homogenous group &reduce sampl size
- PPS Sampling:hybrid method using attribute sampling theory to express a conclusion in dollar amounts; sampling
unit defined in dollar amt ; Steps = 1) Sample size = population amount/Sampling interval 2) Sampling Interval =
tolerable misstatement/reliability factor 3) Sample Selection = random start, then selected based on interval 4)
Evaluation of Sample Results = project errors onto the interval ; ex. 25% error $5000 interval = $1250 error
- Population estimation (based on errors in sample tested): Mean PU, Ratio & Difference Estimat
- Attribute sampling for Deviation (Internal control errors) and Variable sampling for Misstatements.
- Confidence level is inverse of the Audit Risk. For example At 95% confidence level, risk is 5%
- Nonsampling risk- wrong audit procedure or improper evaluate evidence or results
- Tolerable deviation rate= tolerable mistakes= risk of misstatement; If Estimated/expected Deviation rate< Tolerable
deviation rate use audit judgment if risk acceptable
- Attribute Sample Size Factors
Risk of Assessing Control risk too low Want less Risk – More Samples
(Inverse Relation to sample size) Accept high Risk - Less Sample
Tolerable Deviation Rate Want less Deviation – More Samples
(Inverse Relation to sample size) Accept high Deviation – Less Sample
Exp./Est Deviation Rate Expect less Deviation – Less Samples
(Direct Relation to sample size) Expect high Deviation – More Sample
Population Size Doesn’t impact sample size
- Discover attribute sampling= Tol. Deviation rate is zero = fraud attribute
Variable Sample Size Factors
Acceptable level of risk Want less Risk – More Samples
(Inverse Relation to sample size) Accept high Risk - Less Sample
Tolerable Misstatement Want less Deviation – More Samples
(Inverse Relation to sample size) Accept high Deviation – Less Sample
Exp./Est/Assessed Misstatement Expect less Deviation – Less Samples
(Direct Relation to sample size) Expect high Deviation – More Sample
- Completeness: Tracing, Analytical substantive review, observation; Cutoff: Cutoff procedures
- Valuation/allocation/accu: Inspection/examinaion, footing, recalculation, reconciliation
- Existence/occurrence: Confirmation, observation, inspection, examination, Vouching
- Rights & obl: Inspection; Understandibility/cl: Inspection, Review, Inquiry
- Assertions Account Balance: C-VER Completeness, Valuation/alloc/accu, Existence/occurrence, Rights/obligation
- Transactions & events: COVE-U Completeness, cutoff, Valuation/alloc/accu, Existence/occurrence, und/class
- Presentation & discl: C-VRU Completeness, Valuation/alloc/accu, Existence/occurrence, und/class
- AR confirmations req’d UNLESS: immaterial, ineffective, or IR + CR are very low & other procedures used
- Exceptions could be due to timing difference or misstatement
- Positive confirmations = response req’d ; customer agrees / disagrees ; sent for: large accounts, expected errors,
disputed items, weak IC, old balances; Blank Positive greater assurance lower response rate; Econf. call verificatio
- Negative confirmations = response only if customer disagrees ; used when: IR + CR low, large # of small balances;
don’t expect that recipient will ignore
- Expenditure test for undestatement & completeness: Purchase, Receiving, Accounts payable & Treasurer, Purchse
Dept approve PO, AP dept matches documents with invoice and treasury makes/mail checks; Segregate Duty of
Purchase recquistion, PO & Receiving Blind Copy PO to receiving dept, audtr search for unrecorded liabilities by
cutoff procedures
- Cash is High Fraud risk, Segregation of Duties important, All Banks Confirmation, Test Bank reconciliation, Bank
confirmation provide Contingent liabilities, collateral, security agreement
- Kiting → cash in 2 places ; look at bank transfer schedule (receipt date will be before the disbursement date)
- Lapping → use today’s cash receipts to cover yesterday’s theft ; look at deposit slips (few days btwn deposit + posing
in the customer’s acct) ; Best guard is “Lock box” system,
- Inventory: Observation of Op./End. Inventory count is reqd. procedure. Observe Third party warehouse inven. If
significant otherwise obtain confimation; Inv. Turnover ratio for obsolete inventory(Valuation assertion)
- Investment: Transaction authorisation, Custody & record-keeping duty must be segregated; use of safe deposit box,
periodically counted by independent party, confirm securities held by custodian, Req. audited FS of investee, Tes fair
value require Recalculation, verify price, use of specialist. Reliability/Relevance of 3 rd Party pricing services
- PPE Cycles: Special requisition, Might req. BOD approval, PPE Policy, Seq. Numbered work order for disposition,
review R&M expense for capital items (completeness), Recalculate Dep/Impairment
- Payroll: Segregation of duty, HR Dept., Supervision, Payroll dept do Time Keeping and pay computation,Treasury
sign & paymaster mail check. Payroll dept is a record-keeping not a custodial. Anayltical and recalculate payroll
accrual if IC effective. If IC not effective test in detail to assert completeness, existence, right/obli.
- Financing: Debt agreement, Bond indenture, BOD approval, stock transfer agent, Review BOD minutes and
agreements for completeness, confirm with stock transfer agent, stock certificate book if no agent.
- Op. Balance: Read FS & predecessore report, audit doc., Observe current Inv. Count & recon to Op. Bal, 3 rd party
confirmation for op. bal, trace cash collection for opening AR, Withdraw if Mgt refuse to inform predecessor auditor,
Qualified or Disclaimer if inability, Qualified or adverse if Mst Misstatement
- Attorney letter: inquire about litigations including timing & degree of probability of unfavorable outcome & amount
range ; response is sent directly to auditor ; no response / refusal to cooperate = scope limitation, Conf. Limitation ok
- Going concern1YR FS issue date:Indicators FINE,Mitigating factors:restructuring, sell assets,delay/reduce exp, equity;
Nonissuer report: Sub. Doubt alleviated – May add emphasis para, Sub. Doubt remain – Must add emphasis para;
Issuer report: Explanatory para for going concern or Disclaimer of opinion. Going concern discl. inadequate – qualified
or adverse opinion, Going concern inappropriate – Adverse opinion.
- Accounting estimate a past event estimate that can’t be accumulated in a timely cost-effective manner.Check Mgt Bias
- Mistatement less than Quantitative materiality is qualitatively material if it change results from net Income to net loss
- Mgmt representation letter → from CEO & CFO, dated as of the auditor’s report, final piece of evidence
- Integrated Audit: Audit of FS & Internal control over Financial reporting (ICFR), PCAOB makes it mandatory for
LAF(MV> $700M) & AF entity (MV>75M).
- Issuer Annual report : Mgt responsibility for ICFR and mgt assessment (assertion)
- Non-issuer: Mgt responsibility, Mgt written assessment, withdraw/disclaim if mgt refuses written assessment
- Management representation: Assessment, deficiencies/weakness, changes in ICFR
- High risk area: Mgt Fraud & mgt override of controls.
- Top-Down Approach: FS level risk>Entity level controls>Account level>Assertions. Test controls for imp. Risk
- Test of Controls: Design effectiveness & operating effectiveness. Auditor resp. for obtaining sufficient evidence on
effectiveness of entity’s overall internal control rather than each individual control.
- Evaluate Mgt report on ICFR: Incomplete or improper discl. of Mat weakness, AR should modify and include them
- Non-issuer: Comm. Significant Deficiency & Material weakness to Mgt & Charged with gov by Report release date.
Control deficiency commu. To Mgt within 60 days.
- Issuer: Communicate material weakness before report issue. Mat. Weakness & Significant deficiency in writing to
mgt & audit committee. Control deficiency only to mgt.
- Audit Committee Oversight of FR ineffective: Auditor communicate in writing to BOD.
- SSAE [AICPA]= ALL INDEPENDENCE REQ’D ; examinations (positive assurance/opinion), reviews (limited
assurance, negative, conclusion), agreed-upon procedures (no assurance, list of findings, restricted use),
- Attestation risk: Inherent risk * Control Risk * Detection risk
- Prospective FS:
- Financial forecast = expected conditions & expected courses of action ; general / limited use
- Financial projection = what-if hypothetical ; limited use only
- Examinations + AUP → follow SSAE ; Preparations + Compilations → follow SSARS
- Pro forma FS: what-if hypothetical on historical FS

- Compliance report (negative assurance/ No Opinion) in connection with audited FS are governed by SAS.
Compliance Examination (reasonable assurance) & Agreed upon attestation (no assurance) governed by SSAE.
- SSARS [AICPA]= ALL REQUIRE REP LETTERS ; Preparations (no independence or report req’d) each pg marked
“No Assurance is provided”, Compilations (lack of independence disclosed, read FS for obvious errors, disclose any
GAAP departures, disclose if req’d disclosures omitted) each pg marked “see Accountant’s Compilation report”
- Reviews of nonissuer FS (independence req’d, Limited negative assurance, each pg “see review report”, discl any
GAAP departures), Inquiry & Analytical proced., No predecessor audtr comm., No understanding of IC or control risk
assessment, U LIAR CPA Undestanding with Client(EL), Learn client, Inquire, Analytical, Review, Client rep letter,
Prof. Judg., Acct. report.
- Review of Interim FS = Int. FS < a Yr or 12 month end on date other than FY end; whether auditor is aware of any
material modifications to interim FS for GAAP conformity ; evidence that interim data reconciles to acct data ; follow
SAS or PCAOB
- Comfort letters [for underwriters] = review interim fin info; Attorney or rep letter reqd, restricted use; negative
assurance for most; positive assurance on form compliance w/ SEC Act ONLY IF FS audited
- Government Auditing
- GAGAS: created by GAO ; “Yellow Book” ; includes ethical principles, general standards, add’l standards for financial
audits & attest engagements, field work & reporting standards for performance audits
- Performance audit: Improve program performance/operations, Obj: Effect,Eco&Effic, IC, Compliance,Prosp analys
- Financial audits: FS per GAAP/sp. Framework; GAAS+GAGAS
- Add’l standards for performing fin audits → previous audits/attest eng .corrections, fraud/noncompliance/abuse,
findings, Comm. to legislative committee/contracting party departures from GAGAS
- Add’l standards for reporting fin audits → Report on scope of testing of ICFR & compliance and its findings,
report fraud/noncompliance/ abuse, report to outside parties if mgmt doesn’t do its job, report findings & solicit views
from responsible officials + corrective action, consider reducing materiality, consider reporting deficiencies early
- Report noncompliance as communication to entity & in the auditor’s reporter
- Ethical principl: serving public interest, integrity, objectivity, proper use of govt info & resources, professional behavior
- General standards → independence, professional judgement, competence, quality control & peer review 3 yrs
- Single Audit Act: either single audit OR program audit [only for recipients of one federal program & not req’d to have
FS audit]
- Applies to Recipients & Subrecipients entities that expend 750k in federal awards
- Materiality considered separately for each major program
- Major programs =expend $ 750k or high risk small program using Risk-based approach; Low-risk auditee 20% &
other 40%, Low risk if no material weekness, recent audit, unmodified opinion or questioned cost <5%
- Report submission: 30 days or 9 months from end of audit period, 3 yr retention, Report Sig. Def./Material
weakness, Material non compliance, Questioned cost >$25,000.
- COMPARISON OF REPORTS:

- AICPA Ethics: Responsibilities, Public interest, integrity, objectivity&Inde, Due care, scope & nature of service
- AICPA Code of Professional Conduct:
- Independence rule:
- Independence req’d for audits/attest service; not req’d for compilations (disclose), consulting, or tax work
- Independence impaired: direct or material indirect financial interest, audit fees unpaid for >1 year prior to issuance of
current audit report, CPA has mgmt position or makes mgmt decisions
- Independence NOT impaired: checking acct w/ bank client that is fully insured, fully collateralized auto loan
- Integrity & objectivity Rule: Integrity is right & just, objectivity is free from bias or conflict of interest
- General standards Rule → professional competence, due prof. care, planning & supervision, sufficie relevant data
- Compliance w/ Standards Rule → comply w/ GAAS, SSARS,SSAE, FASB,IASB, others
- Accounting principles Rule → comply with GAAP ; explain departures from GAAP
- Confidential Client Information Rule → confidential BUT can be disclosed w/out clients permission for quality review
program, subpoena, inquiry/investigation by AICPA, CPA, or under state statute & Defence legal team
- Contingent fees Rule → GR not permitted ; permitted for compilations if lack of ind disclosed ; permitted if
contingent fee fixed by court/public auth a tax matter return (like in IRS matter)
- Acts Discreditable Rule → keeping clients records after they ask for it back ; discrimination ; failure to follow
standards ; negligence ; failure to file timely tax returns or remit payroll taxes ; CPA exam ques ; false claims about
ability to perform services ‘ disclosure of confidential information
- Advertising/solicitation rule: False/misleading/decep. Advertising, implying influence, intentionally under-est fee
- Commission/referral fee: Not allowed in attest service or compliation (if independent); Allowed in Compi/Tax/Adv
- Org/name rule: CPA Must own>50%, 2yr limit after partner death to continue as a sole, CPA imply indep.,Use
employment title
- AICPA Conceptual Framework Approach: Members in practice, member in business, Independence
 - Threats → adverse interest, advocacy, familiarity, mgmt participation, self-interest, self-review, undue influence
- Safeguards → from profession, legislation, regulation, client, firm
Ethics requirement SEC & PCAOB: Applies to Issuer
- SOX Title I created PCAOB: 5 members (2 CPA & 3 Non-CPA), Register PAF, establish Rules, Do investigation,
inspections & disciplinary action.
- Annual Inspection of PAF: If PAF issues >100 issuers audit report. Upto 100 issuer: 1 in 3 yrs
- Registration updated annually, CPA firm registered with PCAOB can do Issuer audit, 7yr Doc. retention
- PCAOB Sanctions: Suspension firm or Individual, Revocation, Limitation, censur,Civil Monetary penalty: $750K Ind.
& $15 M for PAF Intentional Repeated negligence; Other violations penalty: $100K Ind., $2 M PAF
- Prohibited Non-audit service: Bookkeeping, Info system, Valuation/actuarial, Mgt Function, Int. audit, Broker,
Legal, Expert, Tax services permitted if pre-approved by Audit committee (No Aggressive/Confid./Executives tax)
- Audit Partner rotate: Lead/concurring/reviewing partner every 5 yrs, 5 year Time-out period to return; Other
Partner every 7 yr & 2yr timeout, Small firm (5 client/ 10 partners) exempted from partner rotation
- Cool-off period 1 Yr: PAF cant appoint Executives/offices of audit client for 1 yr
- Impair Independence: Direct Inv., Material Indirect Inv., Loans, Bank Account> $250K, Broker, Credit Card>$10K,
Insurance products by client, Client Inv. In PAF, employment of audit staff & close rel. in Fin. role
- Exception to Invst: Unsolicited/Inherited stock sold in 30 days, Stock of New client disposed, Immed. Family
members stock disposed in 30 days
- Contingency or Commission arrangment not permitted with audit client
- Audit committee adminster Auditors: PAF report to AC, All Audit & non-audit engagement must be pre-approved, Pre-
approval not reqd. Non-audit service fee <= 5%, Communicate CAM and discussion with management
- GAGAS Ethics: Public Interest, Integrity, Objectivity, Proper use of Info/resource, Professional Behaviour
- GAGAS Threats: Self-Interest, Self-Review, Bias (political), Familiarity, undue influence, Mgt Participation,
Structural
- Govt Non-audit services: Mgt assume responsibility & ability to effectively oversee non-audit services
- Audit firm cannot provide confidential / aggressive tax services to clients ; cannot provide tax services to corporate
officers / immediate family of those officers ; preparing corp tax returns OK
- DOL: FS of Employee benefit plan: establishes independence guidelines for auditors rendering an opinion on
employee benefit plans;
- Independence impaired: direct or material indirect fin interest, Inv Advisor, voting trustee, maintains financial records
for the plan