Study Guide – AUD (2025)

A1/M1: Professional Standards

Audits

GAAS

Guides auditors in the performance of a properly planned and executed audit / measures audit quality
NOT a rule, NOT a procedure (GAAP is a rule)

Statements on Auditing Standards (SAS)

Used for non-issuers
Set by AICPA Auditing Standards Board (ASB)

PCAOB Standards

Used for issuers
Set by the Public Company Accounting Oversight Board (PCAOB)

Generally Accepted Government Auditing Standards (GAGAS)

Used for government organizations
Set by Governmental Accountability Office (GAO)

Other Engagements

Statements on Standards for Accounting and Review Services (SSARS)

Provide guidance for review and compilation(non-issuer), preparation(non-issuer) of historical F/S
*compilation and preparation services only provided to non-issuer client
Set by AICPA Accounting and Review Services Committee (ARSC)

Statements on Standards for Attestation Engagements (SSAE)

Provide guidance for attestation engagements other than those applied by SAS and SSARS
Set by ASB
This includes, AUP of historical F/S + prospective F/S + internal control reports

Guidelines

AICPA Code of Professional Conduct (Ethics) - AICPA

Provides guidelines to the members of the AICPA for behavior in the conduct of their business.
Also provides assurance to the public that the profession maintains high standards.

Statements on Quality Control Standards (SQCS) - ASB

Provides guidance to CPA firms about policies and procedures designed to ensure the firm complies with professional standards and regulatory requirements.

GAAS Hierarchy

Auditing Standards: SAS and PCAOB

Most authoritative
Specific language is used to clarify the auditor’s level of responsibility:

“Must” or “Required” = Unconditional statement; auditor MUST do this.
“Should” = Presumptively mandatory requirement; must be able to justify departure and document in writing.
“May,” “might,” and “could” = Not an imposed requirement; only a recommendation

Interpretive Publications: AICPA Audit and Accounting Guides, Auditing interpretation of GAAS, Auditing Statements of Position

Recommendations for how auditing standards should be applied, but not considered to be auditing standards

Other Auditing Publications: Journal of Accountancy, Textbooks, CPE courses

Not authoritative, but may be helpful

A1/M2: Audit Engagements

Purpose of an Audit

To provide opinion on whether the statements are presented fairly, in all material aspects, in accordance with GAAP
To give reasonable assurance about whether the financial statements are free from material misstatements

Auditors Responsibilities

Expressing an opinion on the financial statements
Maintaining professional skepticism

Critical assessment and Questioning Mind
Assume that management is neither dishonest nor honest

Complying with ethical requirements

Auditors should meet ethical requirements (AICPA code of conduct), such as being independent in both fact and appearance

Exercising professional judgment

Professional judgment may be necessary when making decisions about materiality, audit risk, drawing conclusions, etc.

Obtaining sufficient and appropriate evidence

Sufficient appropriate audit evidence has been obtained and audit risk has been limited to 'low level'

Complying with GAAS

GAAS provides a set of guidelines and principles for planning, performing, and reporting on audit engagements

Inherent Limitations of an Audit

Auditors obtain reasonable assurance, not absolute that financial statements are free from material misstatement
Absolute assurance is unable to be obtained due to limitations such as:

The nature of reporting (inherent uncertainty due to subjective decision)
The nature of audit procedures (management hiding information, intentional collusion, or fraud)
Timeliness of financial reporting and balance of cost and benefit (impractical to address all information)

A1/M3: Forming an Audit Opinion

Considerations when Forming an Audit Opinion

Sufficient and appropriate audit evidence was obtained as required by GAAS – scope limitation
Whether financial statements are fairly presented, in all material respects, in accordance with the applicable framework, such as GAAP - departure from GAAP

Types of Opinions

Unmodified (Non-issuers) and Unqualified (Issuers)

States that financial statements are presented fairly, in all material respects
Issued when sufficient appropriate audit evidence is obtained, no material misstatements are present

Modified Opinions

Auditors are unable to obtain sufficient appropriate audit evidence to express opinions (scope limitation), OR
Auditors conclude that financial statements are materially misstated (departure from GAAP)

Qualified Opinion (financial statement issues)

Financial statements contain misstatements.
Material, but NOT pervasive.

Qualified Opinion (audit issues)

Auditors are unable to gather sufficient appropriate audit evidence.
Material, but NOT pervasive

Disclaimer of Opinion

Auditors are unable to gather sufficient appropriate audit evidence
Therefore, auditors deny offering an opinion.
Material AND pervasive

Ex. The inability to determine the extent of or the amounts associated with a pervasive employee fraud scheme

Adverse Opinion

Financial statements contain misstatements.
Material AND pervasive

Pervasive

Have far-reaching effects across several accounts, or
If specific to only one account, it:

Represents a significant portion of the financial statements, or
Has issues with disclosures that are fundamental to the users’ understanding

A1/M4: Unmodified (Unqualified) Opinion

Non-issuers - Unmodified

Sufficient appropriate audit evidence has been obtained and
Financial statements are fairly presented with respect to the applicable framework
Required sections (“OBRA”)

Opinion (First section) - GAAP
Basis for Opinion (Second section) - GAAS
Responsibilities of Management for the Financial Statements (Anywhere after second) - GAAP
Auditor's Responsibilities for the Audit of the Financial Statements (Anywhere after second) - GAAS

Opinion includes:

Name of client
Statement that the financials have been audited
Title of each financial statement and reference to the notes.
Dates or periods covered by the financials.
A statement that the financials are presented fairly in accordance with the applicable framework.
Identification of the applicable framework, and the country of origin (such as GAAP).

Basis for opinion includes:

Statement that the audit was conducted with GAAS, and the country of origin (such as the US).
Reference to the auditor’s responsibilities section of the report.
Statement that the auditor is required to be independent and meet ethical standards.
Statement as to whether the auditor believes that the evidence obtained is sufficient and appropriate.

Responsibilities of Management for the Financial Statements

Explanation that management is responsible for preparation of financial statements.
Statement that management is responsible for internal controls.
When required, evaluation of whether there are conditions that raise substantial doubt on going concern.
Reference the framework used (such as GAAP)

Auditor's Responsibilities for the Audit of the Financial Statements

Statement that the objectives of the auditor are to gain reasonable assurance, about whether the F/S as a whole are free from material misstatement, whether due to fraud or error and to issue a report and give an opinion.
Statement about the highlighted 3 parts
Description of auditor’s responsibilities to:

Exercise professional judgment
RMM + audit procedures
Obtain an understanding of internal controls
Evaluate appropriateness of policies used and overall presentation of financials
Conclude whether there are conditions that raise substantial doubt as a going concern

Statement that the auditor is required to communicate findings with those charged with governance.
Reference the use of GAAS throughout.

Other reporting structures:

Title - clearly indicate that it is an independent report (“Independent Auditor’s Report”)
Addressee - addressed to those charged with governance (typically NOT management)
Signature of the auditor’s firm
City and State where the auditor’s report is issued
Date of the auditor’s report - the date the auditor had obtained sufficient appropriate audit evidence

Key Audit Matters (KAMs) Section (Optional- anywhere after 2nd section)

KAM is selected out of matters communicated to those charged with governance

Areas with higher assess risk
Areas requiring significant judgment
Significant events or transactions

KAM paragraph (“IPAD”)

Identify each CAM in the report
Describe the principal considerations (why) that led to considering it a CAM
Describe how the CAM was addressed
Refer to the relevant financial statement accounts and disclosures

Must include the heading “Key Audit Matters”
Should NOT be reported when the audit report opinion is 'adverse'/'disclaimer'

Issuers - Unqualified

Required sections

Opinion on the Financial Statements (First section)
Basis for Opinion (Second section) - includes management and auditor responsibility
Critical Audit Matters - mandatory for issuers

Other reporting structures:

Title - must include the title “Report of Independent Registered Public Accounting Firm”
Tenure - we have served Company since 20xx
If a separate ICFR report is issued - put in F/S audit report that 'ICFR audit has been conducted'

A1/M5: Modified Opinions Due to Financial Statement Issues

Modified opinion (financial statement issues)

The auditor is able to gather sufficient appropriate audit evidence but finds a material misstatement.
Qualified = Material but NOT pervasive.
Adverse = Material AND pervasive.

Financial Statement Issues

Not following selected framework (such as GAAP)
Inappropriate accounting principles (ex. Not consolidating F/S)
Unreasonable estimates
Providing inadequate disclosures
Incorrect numbers
No reasonable justification for a change in accounting principle.

Ex) Client changes from FIFO to LIFO without providing a valid reason.

Client omits part of the financial statements (ex. Cash flow statement)

This would be acceptable IF the client had asked for only one financial to be given an opinion on.

Nonissuer report changes for Qualified opinions

Opinion → Qualified Opinion

Opinion sentence adds the wording: “Except for… as described in the Basis for Qualified opinion section…”

Basis for Opinion → Basis for Qualified Opinion

Add paragraph describing departure from framework and quantify effects (if possible) following the opinion section.
Sufficient appropriate audit evidence for “qualified” opinion should be claimed.

All other elements are the same as unmodified.

Nonissuer report changes for Adverse opinions

Opinion → Adverse Opinion

“Because of the significance of the matter discussed in the Basis for Adverse Opinion section of the report….. do not present fairly….”

Basis for Opinion → Basis for Adverse Opinion

Add paragraph describing departure from framework and quantify effects (if possible) following the opinion section.
Sufficient appropriate audit evidence for “adverse” opinion should be claimed.

Key Audit Matters section is OMITTED.
All other elements are the same as unmodified.

Issuer report changes for Qualified/Adverse opinions

No heading changes for qualified/adverse opinions
Opinion on the Financial Statements section

“Except for… as discussed in the following paragraph…” - qualified
“Because of… discussed in the following paragraph, the financial statements do not present fairly…” - adverse
Add paragraph describing departure from framework and quantify effects (if possible).

Critical Audit Matters section is OMITTED for adverse opinion

A1/M6: Modified Opinions Due to Audit Issues

Modified opinion (audit issues)

The auditor is unable to gather sufficient appropriate audit evidence.
Qualified = Material but NOT pervasive.
Disclaimer = Material AND pervasive.

Audit Issues (scope limitations)

Time constraints
Inability to obtain sufficient appropriate evidence

Scenarios that always result in a disclaimer of opinion:

Auditor is not independent
Unaudited financial statements
Refusal of management to take responsibility for the fair presentation of financials in conformity with GAAP (may also withdraw rather than disclaim opinion)

Causes of Audit Issues (scope limitations)

Circumstances beyond the control of the entity relating to the nature or timing of the auditor’s work.

The auditor should determine whether it is possible to perform alternative procedures.

Management-imposed limitations

Ex) management not giving evidence that was asked for, or not allowing auditors to speak to someone.
Auditor should ask management to remove the limitation
If management does not remove the limitation, communicate with those charged with governance to see if they can remove the limitation, or determine if there are alternative procedures to perform.
If the possible effect is both material and pervasive, either disclaim an opinion or withdraw from the engagement.

Unaudited Financial Statements

When an accountant is associated with the F/S but not auditing it - disclaimer of opinion
When the auditor is not independent but is required to report on the financial statements - disclaim + state non-independence

Disclaim opinion / state non-independence / reasons for non-independence (not required)

Non-issuer report changes for Qualified opinions

Opinion → Qualified Opinion

Opinion sentence adds the wording: “Except for the possible effects of the matter as described in the Basis for Qualified Opinion section…”

Do NOT refer to the scope limitations in the opinion sentence, the limitations will be addressed in the basis section.

Basis for Opinion → Basis for Qualified Opinion

Add in a paragraph explaining the reasons for inability to obtain evidence.
Sufficient appropriate audit evidence for “qualified” opinion should be claimed.

All other elements are the same as unmodified.

Nonissuer report changes for Disclaimer opinions

Opinion → Disclaimer of Opinion

State that auditors were only “engaged to” audit X company (company was not audited).
“Do not express an opinion… because of significance of matters described in Basis for Disclaimer of Opinion section, we have not been able to obtain sufficient appropriate audit evidence.”

Basis for Opinion → Basis for Disclaimer of Opinion

Add in a paragraph explaining reasons for inability to obtain evidence.
Removed from section:

Referral to auditors responsibilities section.
Sufficient appropriate audit evidence for opinion (cannot gather).

Auditor’s Responsibilities section – most are removed

Responsibility was to perform audit according to GAAS / However, due to the matters described in 'basis for disclaimer of opinion' the auditor was not able to obtain sufficient appropriate audit evidence

If engaged to report on Key Audit Matters, KAMs section is OMITTED

Issuer report changes for Qualified opinions

No heading changes for qualified opinions.
Opinion on the Financial Statements section

“Except for the effects of the adjustments, if any, … as described below”
Add paragraph explaining reasons for inability to obtain evidence.

Describe scope limitations here.

Basis for Opinion

“Except as discussed above”

Issuer report changes for Disclaimer of opinions

Opinion on the Financial Statements → Disclaimer of Opinion on the Financial Statements

State that auditors were only “engaged to” audit X company (company was not audited)
“As described in the following paragraph, because… not able to obtain sufficient appropriate audit evidence… do not express an opinion.”
Add paragraph explaining reasons for inability to obtain evidence.

Basis for Opinion → Basis for Disclaimer of Opinion

Only included in section - the 1st paragraph

Management is responsible for financial statements claim.
Registered with PCAOB and independent claim(s).

2nd paragraph - auditor responsibilities section is deleted

Critical Audit Matters section is OMITTED.

A1/M7: Emphasis-of-Matter, Other-Matter, and Explanatory Paragraphs

Emphasis-of-Matter Paragraphs (Non-Issuer)

Definition: Used when referring to a matter that is appropriately presented or disclosed in the financial statements and is fundamental to the users’ understanding of the financials
Reporting Requirements

Use the heading “Emphasis-of-Matter” or other appropriate heading
Describe the matter being emphasized and the location of the relevant disclosures from the financials.

Ex) As discussed in note 5…. there was a fire in ABC company…

Indicate that the auditor’s opinion is not modified with respect to the matter

When is Emphasis-of-Matter Required (“CAP”)

Consistency (Lack of)

To describe a justified change in accounting principle with material effects

Accounting principle change / error correction involving principle change / investee principle change(equity method)
When the effects are immaterial - disclose in notes
Entity should 1) justify the accounting change 2) use appropriate accounting 3) have adequate disclosure

If not - qualified or adverse opinion

Audit opinion change

Subsequently discovered facts lead to a change in an audit opinion.

Purpose - special purpose frameworks

The financial statements are prepared with a special purpose framework

Other-Matter Paragraphs (Non-Issuer)

Definition

Used when referring to matters other than those that are presented or disclosed in the financials.
Matters are relevant to:

Users’ understanding of the audit
Auditor’s responsibilities
Audit report

When Other-Matter is required ("RRAC")

Restricted Use

Financial statements prepared using contractual or regulatory basis of accounting (except when intended for general use)

Other reports are attached - other information / supplementary information / compliance reporting
Subsequently discovered facts that lead to a change in Audit opinion
Comparative financial statements - prior-period different auditor / not audited but only reviewed or compiled

[NOTES]

BOTH('Emphasis'/'Other') ARE NOT appropriate for use to describe any matter already identified as a key audit matter
The PCAOB uses the term 'explanatory paragraph'
'Going concern' matters are discussed in a separate paragraph dedicated for it

Issuers have more requirements than non-issuers (but the distinction between the two are not frequently asked)
KAM/CAM - not allowed for adverse/disclaimer vs. emphasis-of-matter/other/going-concern - not allowed for qualified/adverse/disclaimer

A1/M8: Comparative F/S / Group Audits

Comparative F/S - Continuing Auditor

Issue 1 audit report that presents both years - updating the previously issued audit report opinion

Auditor’s opinion may differ with respect to different periods.

Ex) Prior year may be unmodified while current year is qualified.

Complete financial statements as well as individual financial statements may have differing opinions, even within the same year.

20X2 complete financial statements = Unmodified. / 20X1 Balance sheet = Unmodified. / 20X1 Income statement = Disclaimer

Auditor was engaged after the beginning of the year and last year is unaudited. For instance, if the auditor cannot count beginning inventory, then COGS may be unobtainable. Income statement / Cash Flow - disclaimer, B/S - unmodified

Restate prior year F/S - correction of error

Un-modified + Add an other-matter par. to the audit report
Using the format (only “DORCS” change their mind)

Date of the auditor’s previous report / Opinion type previously issued
Reason for the prior opinion / Changes that have occurred
Statement that the ”opinion… is different”

Comparative F/S - Predecessor/Successor Auditor

When prior year financials were audited by another auditor, either A or B

Predecessor reissues previous F/S

In doing this, previous auditor should:

Read the statements for the current period.
Compare the audited statements with the current period statements.
Obtain a letter from the current auditor asking if they had discovered any changes that would have material effects on the prior periods financial statements (Letter of Representation).
Obtain a letter from management asking if there are any previous management representations that have changed or whether any subsequent events occurred that require disclosure for the prior period financial statements (Letter of Representation).

No reissuing & Current auditor mentions predecessor auditor

The current auditor should express an opinion on the current period financials only and indicate in an other-matter or explanatory paragraph (DORPS)

The Date of the predecessor auditor’s report
The type of Opinion expressed by the predecessor auditor, and the Reason for any modifications to the opinion, if applicable.
The nature of any emphasis-of-matter, other-matter, or explanatory Paragraph included in the predecessor’s report.
Statement that the financial statements of the prior period were audited by the predecessor auditor

When… material misstatements are identified in the predecessor's audits

Successor should request client to inform predecessor and arrange a meeting
Predecessor auditor should take the steps in 'subsequently discovered facts'

Prior period financial statements were not audited & only reviewed or compiled

Separate opinion for the years (unmodified on B/S + Disclaimer on others + other-matter or explanatory paragraph with DORPS)

Reporting on Audits of Group Financial Statements

(Step 1) See if you can rely on the work of component auditor

Group engagement team must understand whether

Component auditors are independent and will comply with all relevant ethical requirements;
Their professional competence; and their reputation
The extent to which the engagement team will be involved in the work of the component auditor.
Component auditor works in a regulatory environment that is acceptable

(Step 2) When the group engagement team relies on the work on a component auditor, there are two options:

Group engagement team takes full responsibility for the audit of the component.

Do not reference the component auditor
Audit procedures are taken according to the significance of component

Significant = will need to be audited (* significant due to financial materiality / RMM)
Insignificant = review level only

Group engagement team and component audit divide responsibility.

Requirement : F/S is prepared using the same financial reporting framework as group / auditor performed in accordance with GAAS or PCAOB - have same qualities as when the report is audited by group
Reference the component auditor, along with magnitude of the component portion of the financial statements

Nonissuers → Opinion section / Issuers → reference occurs in both the Opinion and Basis for Opinion sections
Typically, component auditors are only referred to as “other auditors” when they are referenced.

Name of component auditor can only be named when 1) have permission 2) component's report is issued

A1/M9: Subsequent Events

A white rectangular box with black text

Description automatically generated

Subsequent Event

Type 1 : Conditions were present before B/S date -> Accrual & disclosure

Litigation, uncollectible accounts(bankruptcy), negotiations agreements with union on Q4 pay

Type 2 : Conditions after B/S date -> Only disclosed

fire, stock/long-term debt issuance

Neither : Sale of fixed asset (not material)

Management's Responsibility for Subsequent Events

Subsequent events should be evaluated through either:

The date the financial statements are issued or widely distributed (issuers).
The date the financial statements are available to be issued or in a form and format that complies with GAAP and all approvals for issuance have been obtained (nonissuers)

Auditor’s Responsibility for Subsequent Events

The auditor has an active responsibility to evaluate subsequent events through the date of auditor's report

* Most of the due date is 'audit report release date' while 1) Management representation letter 2) subsequent events are until the date of auditor’s report

Understand and evaluate subsequent events through - (“PRIME”)

Post Balance Sheet Transactions

Changes in stock or long-term debt after year end.

Representation Letter → obtain a letter from management asking if any events occurred during the subsequent event period that requires adjustment or disclosure.
Inquiry → inquire the client’s legal counsel and management about whether any subsequent events have occurred.

Status of litigation, new commitments, unusual transactions, etc.

Minutes → obtain and review the minutes of stockholders, directors, and other committee meetings during the subsequent period.
Examine → examine the most recent interim financial statements and compare them with financials under audit.

Auditor Responsibility for Subsequently discovered facts

If new material information(about the year) becomes available after an auditor report has been issued

Investigate if the information is reliable.
If it existed at the audit report date and would have affected the auditor’s report.

“Information existed at the report date” or
“New information that existed for the year under audit”

The auditor should:

Determine if there are individuals relying on, or likely to rely on, the financial statements.
Discuss the matter with management or those charged with governance.
Advise the client to immediately disclose the new information and its impact on the financials.

Advising the client to reissue revised financial statements
Advising the client to make necessary disclosures and revision to any financials; or
If effect cannot be determined on a timely basis, provide notification that the financials and auditor’s report should not be relied upon

Reissue audit report(which is dual dated or dated anew) + notify audit opinion change with emphasis of matter / other matter P
- cannot recall once issued

When client refuses to take action :

Disassociate → notify the client that the auditor’s report must no longer be used for their financials.
Alert agencies → notify any applicable regulatory agencies that the auditor’s report should no longer be relied on.
Relying parties → notify known users that the auditor’s report should no longer be relied upon.

A1/M10: Other Information and Supplementary Information

Other Information - Management discretion / no opinion

Definition

Financial or nonfinancial information (other than the statements and the auditor’s report) included in the annual report

Management analysis of operations (O) / Press release (X) / Website (X)

Auditor’s responsibilities for other information:

Read the other information.
Consider any material inconsistencies between the other information and the audited financial statements.

When there are, determine if the financials or other information needs to be revised
And request management to correct the material inconsistency

Material inconsistencies (regarding financial information)-> Auditor’s action

When Audited financials need to be revised, but management refuses → auditor should modify F/S opinion
Other information needs to be revised, but management refuses

communicate to those charged with governance
Report the issue in 'other matter' paragraph
Withdraw from the engagement and consult with legal counsel - because you can't issue modified opinion on other info.

Material misstatement of fact (unrelated to financial information) -> Auditor’s action

Other information may include a misstatement that is unrelated to the financial statement data.

Ex) Other information states a company introduced two new products, when this isn't true.

If the auditor becomes aware of a material misstatement of fact, do the following:

Discuss the matter with management
If management refuses to take corrective action, request that management consult with legal counsel.
If after consultation with the third party, and the auditor still believes there is a misstatement, notify those charged with governance.

Because opinions relate to the fairness of the basic financial statements, companies may still get unmodified/unqualified opinions even if there are material misstatements of fact in other information

Additional information = other information

Supplementary Information

Type 1) One that is required by GASB/FASB

Limited procedures performed
In case issues are present -> other-matter paragraphs are added

Type 2) Separately engaged for audit

The auditor has two objectives:

To evaluate the presentation of the supplementary information as a whole.
To provide an opinion on whether the supplementary information is fairly stated in all material respects in relation to the financial statements

Conditions

Auditor should have audited the financial statements in which the supplementary info. is based upon
And this opinion cannot have been an 'adverse' / 'disclaimer' for F/S audit

Reporting

Opinion is rendered through - 'Other-matter' or Separate report
If supplementary info. is materially misstated - qualified or adverse

A1/M11: Foreign / Special Purpose Frameworks

Financial Reporting Framework Generally Accepted in Another Country

Auditor's Responsibilities

Understand the accounting principles from the country
Perform audit procedures following U.S. GAAS
Obtain management representation regarding the purpose and use of financial statements

Reporting

Distribution outside of the United States → use either

U.S. report modified to report on the accounting principles of the other country (emphasis of matter)
Other country's report form

Distribution in the United States:

U.S. report modified to report on the accounting principles of the other country (emphasis of matter)

Special Purpose Framework

These include, cash-basis / tax-basis / regulatory-basis / contractual basis
Differences from standard auditor’s reports

Opinion Section : Non-GAAP financial statement titles should be used for special purpose frameworks.

Instead of “Balance Sheet” → “Balance Sheet-Cash Basis”
If not, adverse / qualified opinion issued

Management Responsibility section : management is responsible for choosing the framework
Include emphasis of matter paragraph
For regulatory and contractual basis report : Add 1) the description of purpose 2) other-matter paragraph for restricted-use

Emphasis-of-matter paragraph should include :

Indicates that the financial statements were prepared in accordance with the applicable special purpose framework.
Refers to the note in the financial statements that describes the framework

Financial statement should include a description of the principle

States that the framework is a basis of accounting other than GAAP.
States that the financial statements may not be suitable for any purpose other than the stated purpose (REG and CON)

Piecemeal Opinion

Auditor may express a piecemeal opinion on one or more specific elements, accounts, or items of financial statements
Should not be expressed when audit has adverse/disclaimer opinion

Ex. Opinion on revenue - that the revenue component is fairly stated

Comparison with compliance reporting
-> compliance reporting is on whether the company complied with the indentures
-> compliance reporting cannot be engaged separately from audit and is a 'by-product' report

Report on application of the requirements of an applicable financial reporting framework

Gain a 2nd opinion
Accountant not required to be independent
Should be based on an existing transaction
The report is restricted for use

Procedures

Obtain understanding of the transaction
Review applicable GAAP
Consult with other CPAs (continuing auditor)
Give type of opinion that may be rendered

A2/M1: Engagement Acceptance and Terms

Before accepting the engagement

Successor auditor should contact the predecessor "through the approval of the client" and inquire the following
✓ Management Integrity ✓ Disagreements with management ✓ Reason for change in auditors
✓ Communication with BOD regarding fraud, illegal acts and internal control related matters
Assess auditability
✓ Sufficient and Appropriate evidence is likely to be available ✓ Independence to the client
Client uses an appropriate financial reporting framework
Management accepts its own responsibility
Compliance with audit firm's own quality control policies and procedures
: to determine whether to accept or continue a client relationship
: to minimize likelihood of association with client whose management lacks integrity

Engagement Letter

Objective - to express opinion
Auditor Responsibility - conform with GAAS / inform internal control deficiencies if identified
Audit Limitations - material misstatements may not be discovered / there are inherent limitations to audit and internal control
Management Responsibility - prepare financial statements / design and maintain internal control / Make financial info. available to auditor / compliance with laws / provide auditor with representation letter
Others - Fees and Billings / Expected form and content of the report / financial reporting framework / other auditors’ involvement / non-audit services / predecessor auditor

After accepting the engagement

Contact predecessor auditor to gain their audit documentation "through the permission of the client"
- if not permitted, try alternative procedures

NOTES

Engagement is selected and appointed by audit committee / the engagement letter is written by the auditor / signed/dated by the management

A2/M2: Engagement Quality

HELPME : The six elements of quality control

Human Resources - Hiring, Professional Development, Assignment and Promotion
Engagement - Client acceptance and continuance to minimize likelihood of association with bad clients
Leadership Responsibilities - setting policies and procedures as well as setting "tone at the top"
Performance of the Engagement - Supervise throughout the process, give advice to complex problems, resolve differences in opinion
Monitoring - evaluation on whether other quality controls are designed and operated effectively / 2nd partner review / Peer review

2nd Partner review is a requirement for issuers under PCAOB standards. Issuers cannot issue report without such approval
-> analytical review is performed by the 1st review partner and not the 2nd partner

Ethical Requirements - Independence, Integrity and Objectivity (those included in AICPA code)

NOTES

Failure to conform with quality control does not imply that GAAS was not followed

A2/M3: Documentation

Audit Documentation

Purpose

Serves as a primary support of audit procedures(planning/supervision/review) and auditor’s report

Content
1. Company name 2. Subject 3. Date 4. Preparer 5. Reviewer 6. Index 7. Tickmark legends

Should be prepared in enough detail so that ‘an experienced auditor’ is able to understand it

Types

P-File (used for multiple years) / C-File (used only for the current year)
Working trial balance is included in C-File

All errors which are not inconsequential should be communicated to BOD

Documentation Date

Completion Date (issuers: 45 days after report ”release” date / non-issuers: 60 days)
Preservation Period (issuers: 7 years after report ”release” date / non-issuers: 5 years)

NOTES

Selection and application of accounting principles - included
BOD meeting minutes are P-files

A2/M4: COSO Internal Control Framework

Objectives of internal control

Effectiveness and efficiency of Operations
Reliability of Financial Reporting
Compliance with laws and regulations

** Strategic objective is NOT part of the objectives

Five components of internal control

Control Environment ✓ Ethics and integrity ✓ Board and audit committee independence ✓ Organizational structure - Lines of responsibility and reporting structure ✓ Competence (HR functions) - performance evaluation and compensation practices tied to non-financial objectives ✓ Accountability

Risk Assessment
✓ Specify objectives ✓ Analyze changes ✓ consider Fraud ✓ analyze Risk
- Adoption of new accounting principles / new technology / corporate restructuring

Information and Communication - relates to accuracy

Initiate, record, and process financial information
- proper presentation and recording of transactions
Communicate with external / internal parties

Monitoring Activities - evaluation of own internal control

separate/ongoing evaluation of I/C - by internal auditors or management
take corrective actions to improve internal control

Control Activities

Segregation of Duties between "Custody – Authorization – Recording"
Documentation is pre-numbered and promptly distributed
Physical Control
Independent checks - monthly statements, bank reconciliation
Deployment of control policies and procedures (actually acting on them)

** Operating performance reviews - not monitoring, because this relates to financial performances

A2/M5, 7, 8: Audit Planning, Materiality, Audit Risk

Develop Overall Audit Strategy

Scope of audit (reporting frameworks, reporting requirements)
Reporting objectives and timeline (deadline, key dates, communications date)
Preliminary evaluation of RMM, areas of higher risks
Assignment of personnel and time budgeting
Consider inclusion of specialists and other auditors

->> conducted through brainstorming in team discussions

Develop Audit Plan

Decide on Materiality

Magnitude of misstatement that makes a reasonable user change his/her decision

Reasonable user : who is 1) knowledgeable in business and economy 2) recognize inherent limitations of financial statements 3) ability to analyze financial statements

Overall Materiality: used to make audit opinion (compared against total likely misstatements)
** Total Likely Misstatement
= Known Misstatement(Factual) + Likely Misstatement(Projected + Judgmental)
Performance Materiality(compared against known misstatements) - used at audit planning stage to determine nature, time and extent of audit
Amount

Take the lower amount as materiality
Take into consideration both quantitative and qualitative factors - however materiality should be a quantitative matter

May be revised as significant events happen, or when final numbers of F/S are issued

Assessment of Risk of Material Misstatement

Audit Risk

Risk that the auditor concludes that F/S is unmodified when in fact they are materially misstated
Audit Risk = Inherent Risk x Control Risk x Detection Risk

Inherent Risks

Accounts and transactions that are inherently, Complex, Subjective, Uncertain, New etc.

Control Risks

COSO framework components

Detection Risks

the auditor determines the detection risk – by leveling on the N/T/E of substantive procedures

RMM = Inherent Risk x Control Risk

Inquiries, Inspection, Observation, Analytical Procedure (at a higher level – year, month, product line)

Analytical procedures

Types : ratio analysis(based on expected ratio), trend analysis(considering why the difference happened), plausible relationship analysis(financial-financial & financial-non financial)
Objective : enhance understanding of the business, identify changes and unusual transactions, identify risk

Determine the nature, timing, and extent of audit procedures

RMM increase -> detection risk should be decreased to lower audit risk -> skip test of controls + substantive procedures should be increased
RMM decrease -> detection risk can be higher -> test of controls are conducted alongside substantive procedures

A2/M6: Using the Work of Others

Internal Auditor

Internal auditors may assist auditors throughout audit planning and procedures (RMM assessment -> TOC -> Substantive Procedure)
High risk accounts and transactions, those that require professional judgement - CANNOT BE SHARED with internal auditors
Internal audit function’s competence, objectivity, and systematic approach is evaluated

Specialists

Specialists possess special skills and knowledge in field other than accounting or auditing

Tax is not a specialist / tax compliance is a specialist
IT Audit is part of audit, and therefore not a specialist
Any contract that mentions specific ASC rules - ex. lease agreement -> part of audit or accounting

Determine use of specialist -> Evaluate specialist's quality -> Agreement -> Understand the work -> Consider the effect on opinion

Auditor should understand the methods and assumptions used by a specialist but DO NOT NEED additional sub. procedure

Opinion:

1) Specialist indicate that F/S is a departure from GAAP -> qualified / adverse

2) Unresolved difference -> qualified / disclaimer

A2/M9: Fraud Risk

Fraud Risk Audit

Audit Planning

Overall strategy setting and team discussions
Risk assessment procedures by 'Inquiry' and 'Analytical Procedure'(REVENUE included) and assessment of Fraud risk factors

Three Conditions: 1. Incentives/Pressures 2. Opportunity 3. Rationalization and Attitude
Fraudulent Reporting (Management)

Incentive: Company is not doing great. Your pay goes up by lying
Opportunity: Company is complex. Lot of leeway in internal control

High turnover of senior management (-> less people to gain authorization from + people who are new to the company and don’t know much as you do)

Attitude: Management ethics

Misappropriation of assets (Employee)

Incentive: Cut on employee benefits and salary
Opportunity: Company has a lot of stealable assets. Internal control is weak.
Attitude: Employee ethics. Luxurious lifestyle.

Audit Procedures

Overall response: assign personnel with more experience / audit procedures less predictable
General response: Set N/T/E
Specific response: audit procedures to specific transactions, balances etc. (revenue, inventory)

Management Override

Examine unusual journal entries / Examine unusual/abnormal transactions / Accounting estimates

Reporting on Fraud

Internally

To at least one level above those involved (timely basis, not immediate)
If material, then let C-level & BOD know. ANY fraud related to C- level is reported directly to BOD

Externally

Generally, not required unless required - 1. legal requirements 2. Subpoenaed 3. Agencies that receive government assistance

Public companies : auditors should notify fraud and illegal activities to the BOD

1. BOD should report to SEC w/in 1 day 2. if not, auditor should inform the SEC w/in add. 1 day

A3/M4: Specific Areas of Engagement Risks

Compliance with Laws

Illegal acts that have direct effect on F/S : same audit procedure(RMM assessment, audit program etc.)
Illegal acts that have indirect effect: only when a specific information comes to auditor's attention

Accounting Estimates

Completeness: Make sure all estimates have been developed
Valuation: Evaluate the reasonableness of estimates

Understand, recalculate, consider appropriateness of how management made the estimate
Develop auditor’s own estimate
Review subsequent events

Presentation and Disclosure: Obtain Management Rep. Letter

Going Concern

Evaluate Going concern for up to 1 year after the F/S date – based on conditions that exists not on predictions
Evaluate conditions and events that indicate substantial doubt on going concern of entity
Evaluate management plan to mitigate substantial doubt
Auditor’s Report

Mitigated : Un-modified (+ add G/C par, optional)
Not mitigated / appropriately disclosed : Un-modified + G/C
Not mitigated / Not disclosed properly : Modify

Related Party Transactions

Auditor is not interested in whether the transactions were consummated on market terms - only on proper recording and disclosure
Indicators: Compensating balance arrangements, Loan guarantees, Non-recurring/Non-customary transactions
Management should not indicate that the transactions were consummated on market terms – if so, qualified / adverse

Litigations, Claims and Assessment

Obtain list of pending or threatened litigation / unasserted claims and assessment

Assertion: Probable of assertion, reasonable possibility of unfavorable outcome
Matters for which the lawyer has devoted substantive attention to - this limit is agreed upon between client and CPA

Auditor should request the client to write the letter of inquiry to the lawyer - sent and received by CPA
Make additional inquiries
Opinion: 1) Client refuses : withdraw 2) Lawyer refuses : disclaimer / qualified

A5/M1: Integrated Audit Procedures

Integrated Audit

Objective of Integrated Audit (Issuers and Nonissuers)

Express an opinion on the design and operating effectiveness of the entity’s internal control over financial reporting.

Procedures

Plan the Engagement
Obtain understanding of Internal control
Perform 'Test of Controls' in all material areas

for entity with multiple business units / test of controls are employed on specific risks at business units material to the whole

Report on the opinion for I/C

Audit Report of ICFR (Nonissuers)

Two ways of issuing a report on internal controls:

Separate reports → issued for financial statements and internal controls over financial reporting.
Combined report → issued containing an opinion on both.

Separate Reports

Opinion on internal control over financial reporting
Basis for opinion (includes auditor/mggt. Responsibility)
Responsibilities of management for internal control over financial reporting
Auditor’s responsibilities for the audit of internal control over financial reporting

Definition and inherent limitations of internal control over financial reporting
Reference to the audit report on the financial statements

+ Report on audit of ICFR should be included in the audit report of F/S

Combined Report – essentially the same except for using plural terms

Opinion

If one or more "Material Weakness" exists -> adverse opinion

Indicators of material weakness (FROM)

fraud by senior management
Restatement of previously issued financial statements to reflect correction of material misstatement
Identification of material misstatement by auditor
Ineffective oversight of financial reporting and internal controls

Significant Deficiencies and Control Deficiencies are considered 'unmodified'
There are no 'qualified' opinions
Include a separate paragraph explaining the term "material weakness", refer to the weakness identified

Management Report (for issuer : Section 404a of SOX 2002)

Management should present a written assertion "management report" which includes a self evaluation of the effectiveness of I/C
This is an 'assessment' but NOT an 'assurance'

Management’s Report Format

Should include:

Indicate that management is responsible for internal control.
Statement that the auditor has issued an attestation report
Identify the criteria used by management to measure the effectiveness of the entity’s internal control
Include a statement of management’s assessment about the effectiveness of internal control:

Including an “as of” date

Describe any material weaknesses identified by management
Evaluations took place within 90 days prior to the issuance

Scenarios

incomplete or improperly presented → fairly describe in audit report
refuses to supply a report -> withdraw from the engagement
If the report contains additional information beyond the other items, the auditor should :

Read the additional information to ensure that there are no material inconsistencies with management's report.
Disclaim an opinion on such information.

Audit of ICFR vs Audit of F/S

Purpose

The purpose of an audit of the effectiveness of an entity’s internal control is to express an opinion about whether the entity maintained, in all material respects, effective internal controls as of a point in time based on the control criteria.
The purpose of an auditor’s consideration of internal control in an audit of financial statements conducted with GAAS is to enable the auditor to plan the audit and determine the nature, extent, and timing of tests to be performed

Relevant Period

An audit of ICFR results in an opinion on internal control as of a point in time.
An opinion on financial statements relates to a longer period, such as a year

Extent of Testing

To render an opinion on internal control, the auditor should perform test of controls
In a financial statement audit, the auditor is not required to test controls over all relevant assertions

A5/M2: Communication in an Integrated Audit

Communications

Most Important Items Within a Communication Letter

Address the letter to management
State whether effective internal control(overall opinion) was maintained.
Describe the material weaknesses and significant deficiencies that were identified.
State that the information is intended solely for the use of management - restricted

Communication for non-issuers

A diagram of a diagram

Description automatically generated with medium confidence

Communications for issuers

A blue screen with green check marks

Description automatically generated

NOTE

Control Deficiencies already communicated to management last year but not corrected due to cost reasons - no need to communicate again / Significant Deficiencies and Material Weakness should be communicated again

Other Reporting Issues (Issuers and Nonissuers)

Reporting on a previously reported I/C weakness

When material weaknesses are subsequently eliminated, management may wish to:

Communicate this to the investing public.
Have an independent auditor attest to the improvements in internal control.

The auditor’s objective is to express an opinion on whether a previous weakness has been eliminated.
The auditor's testing is limited to the controls specifically identified by management as eliminating the material weakness.

Scope Limitations

Also consider the following:

If the opinion cannot be expressed due to a scope limitation, management and those charged with governance should be informed in writing - since all the other cases of CD/SD/MW are communicated to them as well
The auditor may issue a report disclaiming an opinion on internal controls as soon as the auditor concludes there is a scope limitation preventing evidence from being obtained

A5/M3: Attestation Engagements and Standards

Statements on Standards for Attestation Engagements (SSAE)

Each type of attestation service allows a different combination of reporting options :

A table with text on it

Description automatically generated

A5/M4: Agreed-Upon Procedures and Prospective Financial Statements

Agreed-Upon Procedures Engagements

Practitioner performs specific procedures and reports the findings; but does not provide an opinion

“Engaging party”(the client) / “Responsible party"(the one responsible for the subject matter)
Client is responsible for assessing the sufficiency of the procedures performed.

Conditions/Reporting Required to Accept an Agreed-Upon Engagement (“I-AM-SURE”)

Independence of the practitioner
Agreement of the parties
Measurability and consistency
Sufficiency of the procedures (client role)
Use of the report can be general or restricted
Responsibility for the subject matter (responsible party role)
Not an Examination or Review service

Rep. letter - generally not required (unless a compliance attestation) / but should disclose in report the inability to obtain rep.

Prospective Financial Statements - Examination / AUP / Prep / Comp

Types of Prospective Financial Statements

Financial Forecast

Reflects the expected financial results of a future period, to the best of the responsible party’s knowledge.
Expected results - uses publicly available information & general use

Financial Projection

Reflects the financial position and results of operations based on a “what-if” scenario.
Hypothetical assumptions - used for specific purposes for specific parties & limited use

Engagement Types

A practitioner is associated with prospective financial statements primarily in one of four ways.

Examination / AUP / Preparation / Compilation engagement

The future cannot be audited, so reviews and audits are NOT applicable to prospective financial statements.

Examination of Prospective Financial Statements - SSAE

Purpose → to express an opinion as to whether:

The statements are presented and prepared in conformity with AICPA guidelines
The underlying assumptions provide a reasonable basis for the prospective statements.

Modifications to the opinion:

AICPA presentation guidelines are not followed → qualified opinion or adverse opinion.
Significant assumptions are not disclosed / assumptions do not provide reasonable basis → adverse opinion
Scope limitation → disclaimer

Pro Forma Financial Statements - Examination / Review / Prep / Comp

Pro forma financial statements

How the historical F/S would have been affected by a hypothetical situation (e.g. M&A)
Pro forma financial statements may be examined or reviewed

Conditions

Historical F/S must have been audited or reviewed - and the level of assurance should be limited to the lowest level

The practitioner should

Provide assurance as to whether the assumptions used by management are appropriate & Adjustments are presented consistent with the assumptions
Make reference (in the report) to the financial statements from which the historical information is derived; and
State whether such statements were audited or reviewed

MD&A - Examination / Review

A supplemental letter from management to shareholders - part of other information

Examination / review may be performed
Examination or Review is allowed only when the firm has audited the applicable year's F/S

SEC required elements include 1) Discussion on client's financial condition 2) Historical amounts 3) Underlying estimates, assumptions
In a review engagement - restricted use + considers internal control

A5/M5: Reporting on Controls at a Service Organization

Service Organization

Objectives of the Service Auditor

Obtain reasonable assurance about whether, in all material respects, based on suitable criteria:

Management's description of the service organization's system fairly presents the system that was designed and implemented throughout the specified period (or as of a specified date if a Type 1 report).
The controls related to the control objectives stated in management’s description of the service organization’s system were suitably designed throughout the specified period (or as of a specified date if a Type 1 report).
When included in the scope of the engagement, the controls operated effectively to provide reasonable assurance that the control objectives stated in management’s description of the service organization system were achieved throughout the specified period. - see below / Type 1 omits this part

Report in accordance with the service auditor’s findings.

System and Organization Controls (SOC 1 and SOC 2) Reports

SOC 1 - controls that are relevant to user entity's ICFR

The use of a SOC 1 report is restricted to the management of the service organization, the user entity, and the user auditor.

SOC 2 - controls relevant to security, availability, processing integrity, confidentiality, or privacy of the info. processed by service org.

The use of a SOC 2 report is also restricted

Type 1 Report

Report on the design and implementation of a service organization’s identified controls at a 'point-in-time'
Does NOT provide assurance on the operating effectiveness of the controls.

Type 2 Report

Report on the design, implementation, and operative effectiveness of a service organization’s controls - throughout the period

User Auditor Responsibilities

SOC 1/Type 1 Report :

May aid the user auditor in obtaining an understanding of the controls.
Does not provide the user auditor with a basis for reducing the assessment of control risk as low for areas of the entity’s accounting that are affected by the service organization.

SOC 1/Type 2 Report :

Provides the user with assurance about the design, implementation, and operating effectiveness of the service organization's internal controls. May provide evidence that would allow a reduction in the assessed level of control risk for areas of the entity’s accounting that are affected by the service organization.

Alternatively, such evidence (to allow reduction in assessed risk) can be obtained directly by the user auditor, either by:

testing the user organization's controls over the service organization's activities; or
performing tests of controls at the service organization

When the user auditor plans to use a SOC 1/Type 2 report as audit evidence that the controls at the service organization are operating effectively, the user auditor should be satisfied regarding:

The service auditor’s competence and independence.
The adequacy of the standards under which the report was issued.
Whether the period of time covered by the report is appropriate for the user auditor’s purposes.
The adequacy of the time period covered by the tests of controls and the time elapsed since the performance of the tests of controls.
Whether any complimentary controls address the risk of material misstatement in the user entity’s financial statements and, if so, obtaining an understanding of the design and operating effectiveness of such controls.
The evaluation of whether the tests of controls performed by the service auditor are:

Relevant to the assertions in the user entity’s financial statements; and
Provide sufficient appropriate audit evidence to support the user auditor’s risk assessment

** User auditor is only reading the reports issued by the service auditor and do not have access to audit documentations

Reporting by the User Auditor - same as the use of specialists

If user auditor issues an unmodified/unqualified opinion → make NO reference to service auditor report.
If user auditor issues a modified opinion → permitted to make reference to report to explain modifications.

A5/M6: Reporting on Compliance

A white background with black text

Description automatically generated

Compliance Reporting - 'Review' level

Most commonly used for debt agreements - whether the entity is in compliance with the bond indenture provisions (financial ratios)
Compliance Reports Conditions

The auditor must have audited the client’s financial statements
The auditor may only issue negative assurance on compliance
This engagement is neither a compliance audit nor an attestation engagement

Compliance audit : gives opinion (positive assurance)

Report on compliance in connection with F/S report

May be a separate report; or
Provided in one or more paragraphs in the audit report on the financial statements – Ex. other matter

Compliance Attestation - Examination / AUP

The attestation standards address two types of engagements:

Compliance with specified requirements
→ an entity’s compliance with requirements of specified laws, regulations, rules, contracts, or grants.
Internal control over compliance → an entity’s internal control over compliance with specified requirements

Agreed-Upon Procedures Engagements

The following two conditions MUST be met before performance:

Responsible party accepts responsibility for the compliance and internal control over compliance with specified requirements.
Responsible party evaluates the entity’s compliance or internal control over compliance with specified requirements

-> Management's assertions should be presented in a written management report

Examination Engagements

The two conditions above + Sufficient evidential matter exists or could be developed to support management’s evaluation
Reporting

Non-compliance -> qualified or adverse / opinion is issued on the compliance itself
Scope limitation -> qualified or disclaimer
Management Rep. Letter required

Compliance Audit

Gives positive assurance over, compliance with specific requirements and I/C over compliance
This engagement is performed for GAGAS and Single Audits

A5/M7~8: Government Audits, Single Audits

A close-up of a report

Description automatically generated

Nature and Scope of the Single Audit Act

The Single Audit Act is designed to improve the effectiveness of audits of federal awards and reduce the burden of federal audit requirements of recipients.
The act is required for Type A entities (Type A → federal assistance greater than $750,000)

Type B (less than $750,000 during the year) are exempt from federal audit requirements for that year
Type B that are in 'high risk' areas need Single Audit

A6/M1: SSARS Engagements

Professional Standards

The Statements on Standards for Accounting and Review Services (SSARS)

Promulgated by the Accounting and Review Services Committee of the AICPA.
Provide guidance for unaudited financial statements of information of non-issuers (private companies).

SSARS Applicability

Used for preparation, compilation, and review engagements

SSARS Do NOT Apply

SSARS do not apply to other accounting services provided by accountants such as:

Preparing adjusting/correcting entries - giving simple questions and answers to client
Consulting on financial matters / Preparing tax returns / Rendering bookkeeping services
Processing financial data for clients of other accounting firms.

SSARS are not applicable to reviews of interim financial information of non-issuers whose annual financial statements are audited

Statements on Auditing Standards (SAS) apply to these engagements

A6/M2: Preparation Engagements

Preparation of Financial Statements

Preparations are the lowest level of engagements (Preparation → Compilation → Review → Audit)

Preparation Requirements

Possess knowledge of and understanding of the entity’s financial reporting framework.
Prepare the financial statements.

Include a “no assurance” statement on each page.
OR state a disclaimer of opinion on every page

IF Inaccurate and Incomplete Financial Statements

Inquiries and performance are not required
In case of a known departure :

Disclose the material misstatement in the financial statements; or
Consider withdrawing.

Financial Statements that Omit Substantially All Disclosures

If limited disclosure is acceptable and if the financial statements include only limited notes, label as follows:

“Selected Information - Substantially All Disclosures Required By [framework] Are Not Included."

A6/M3: Compilation Engagements

Compilation Engagement

Objectives of a Compilation:

Assist management in the preparation of financial statements by applying accounting and financial reporting expertise.

Compilation of Financial Statements - Only U-L from ULIARCPA

DO not require the accountant to verify the accuracy or completeness of the information provided by management.

However, obvious and/or egregious errors may be brought up with management.

DO not require the gathering of evidence to express an opinion or a conclusion on the financial statements
DO not require independence - however should be disclosed
Omission of substantially all disclosures of GAAP is allowed

Errors or Frauds with Financial Statements

If accountants discover the information is incorrect, incomplete, or unsatisfactory, they should obtain additional or revised information from the client.

If the client refuses to provide such information or does not make appropriate revisions - WITHDRAW
If client does not take appropriate investigative action to indicators of fraud - WITHDRAW

Obtain information and disclose the departure in a separate paragraph of report

Compilation Report

A document with text on it

Description automatically generated

Additional paragraphs are required for certain items such as:

Discuss omissions - the accountant may not compile certain statements for the client

This paragraph should state that if the disclosures were included, they might influence the user’s conclusions, and should indicate that the financial statements are not designed for those who are uninformed about the omitted disclosures.

Disclose that the accountant is not independent

The accountant is permitted, but not required, to disclose the reason(s) for the independence impairment
If the accountant chooses to disclose the reason, ALL reasons must be included in the disclosure

Disclose known departures from the applicable reporting framework

If the accountant believes that disclosure in the report would not be adequate to indicate the deficiencies in the financial statements → withdraw and provide no further services to those financial statements

A6/M4~6: Review Engagements

Review

Issuer → Interim reviews allowed / Non-issuer → Anytime
Limited assurance given → Independence required
Review report states that the accountant is NOT aware of any material modifications (limited) necessary for the statements to conform with the applicable reporting framework.
Inquiry and analytical procedures provide reasonable basis for conclusions

Review Requirements (“U LIAR CPA”)

U → Understanding with client should be established (through engagement letter - SAME as audit)

L → Learn and/or obtain sufficient knowledge of the entity’s business

The accountant is NOT required to perform - test of control / test of details / assessment of fraud risk
Communicate with the predecessor accountant
Design the analytical procedures and the inquiries (next steps) of management

I → Inquiries should be addressed to appropriate individuals

The accountant is generally not required to support management’s responses with other evidence

If responses don’t sound logical, auditors will want to investigate further (“Smell Test”)

Inquiries to legal counsel (X) / Inquiries about fraud (O) / Fraud risk assessment (X)

A → Analytical procedures should be performed (- SAME as audit)

R → Review other procedures that should be performed

Read the financial statements for conformity with the applicable reporting framework.
Obtain reports from other accountants who have been engaged to audit or review significant components of the reporting entity
Consider whether the going concern basis of accounting is appropriate, determine whether any substantial doubt exists, and assess management’s plans to alleviate any doubt.
If the accountant becomes aware of information that is incorrect, incomplete, or otherwise unsatisfactory:

Request that management consider the effect on those matters on the financial statements.
Consider management's assessment of the matter and determine the effect, if any, on the report.

C → Client representation letter should be obtained from management (- SAME as audit)

If management does not provide written representations, or if the accountant concludes that there is cause to doubt the written representations

Discuss the matter with management and those charged with governance, as appropriate.

If the accountant continues to doubt management’s integrity → withdraw

P → Professional judgment should be used to evaluate results (- SAME as audit)

A → Accountant (CPA) should communicate results through 'review report'

Review Reports

Reporting Sequence

Introductory paragraph

Include a statement that a review includes primarily applying analytical procedures and inquiries.
Include a statement that a review is less in scope than an audit, and no opinion is expressed.

Management Responsibility (-SAME as audit)

Accountant's Responsibility

The accountant’s responsibility is to conduct the review in accordance with SSARS.
The standards require the accountant to perform procedures to obtain limited assurance as a basis for reporting whether the accountant is aware of any material modifications.

Basis for Conclusion

Not included for unmodified report / Only included in case of modification
'Basis for Qualified Conclusion' / 'Basis for Adverse Conclusion'

Conclusion

Unmodified : "Nothing has come to the accountant’s attention to believe that the financial statements are not prepared in accordance with the applicable framework - GAAP"
Qualified : "Except for the effect of matter described in the Basis for Qualified Conclusion paragraph, we are not aware of ~"
Adverse : "Due to the significance of matter described in Basis for Adverse Conclusion paragraph ~"

** NO report issued in case of scope limitation (WITHDRAW)

Emphasis-of-Matter Paragraph and Other-Matter Paragraphs (- SAME as audit)

Updating Reports

All Periods Compiled or Reviewed

Prior period = Compiled ; Current Period = Compiled
Prior period = Reviewed ; Current Period = Reviewed
Update the report on the prior period and issue together as part of the current report.

Current Period Reviewed and Prior Period Compiled (Upgrade) - Combined to current + paragraph

Update the report on the prior period(s) and issue as the last paragraph of the current period’s report.

Current Period Compiled and Prior Period Reviewed (Downgrade) - Either compile or review

Option 1 → Issue a compilation report and add a paragraph to the report that :

no review procedures were performed after the date of the review report.

Option 2 → Reissue the prior period review report, which may be combined or separate with current report.

If combined → state that no review procedures were performed after the review report date.

Current Period Prepared and Prior Period Compiled or Reviewed

There is no requirement to reference the prior period - no report

Omission of Required Disclosures

The accountant should not issue a report on comparative financial statements when the statements for one or more, but not all, of the periods presented omit substantially all of the disclosures required by GAAP.

Predecessor Accountant’s Compilation or Review Report

Reissued : Predecessor should decide if their report is still appropriate…

Read the statements and report of the current period
Compare the prior period statements with those issued previously and currently
Obtain a letter from the successor auditor stating that they (the successor) are not aware of any relevant information that might have a material effect on the prior period statements
Perform any procedures deemed necessary

Not Reissued : The successor may make reference to the report of the predecessor in the current report or perform that level of service themselves. - so only 1 report

When making reference to the predecessor accountant’s report

That the statements were audited by a predecessor auditor
The type of opinion expressed by the predecessor auditor and, if the opinion was modified, the reason for the modification.
The nature of any emphasis-of-matter, other-matter, or explanatory paragraph included in the predecessor auditor's report.
The date of the predecessor auditor's report.

Restated Prior Period Financial Statements

Option 1 → Predecessor OR successor accountant may report on changed prior period financial statements, as restated.
Option 2 → The successor accounting may report only on the restatement adjustment, while indicating a predecessor accountant report on the prior period financial statements before restatement.

Current Period Unaudited and Prior Period Audited - Combined + other-matter

When the prior period has been audited, the accountant should issue the current period compilation or review report, and add an other-matter paragraph, which should indicate:

That prior period statements were audited;
The date of the previous report(s);
The opinions expressed, and, if other than unmodified, the reasons for modification; and
That no auditing procedures have been performed since the previous report date.

Current Period Audited and Prior Period Unaudited - Combined + other-matter

When the current period statements are audited, the auditor should include an other-matter paragraph in the auditor’s report that includes:

The service (review or compilation) performed in the prior period;
The date of the prior period report;
A description of any material modifications described in the report; and
A statement that the services was less in scope than an audit and did not provide an opinion

Interim Review

Interim Period

Does not include year-end - includes other 3 quarters
Interim review :

Issuer / Mandatory for filing with the SEC - under PCAOB standards
Non-issuer / Required by lenders (loan officers or investors)

If audited -> SAS
if not audited OR annual F/S review of non-issuer / SSARS

Procedures (“U LIAR CPA”) - Same as Review Engagement part

U → Understanding with the client established (using an engagement letter).
L → Learn and/or obtain sufficient understanding of the entity, its environment, including internal control

Make inquiries on I/C and obtain sufficient understanding

I → Inquiries should be addressed to appropriate individuals.

Inquiries to predecessor accountant + review their documentation

A → Analytical procedures should be performed.
R → Review - other procedures should be performed.
C → Client representation letter should be obtained from management.
P → Professional judgment should be used to evaluate results.
A → Auditor (CPA) should communicate results

To management and the audit committee

A6/M7~9: Ethics

A table with check marks

Description automatically generated

Rules by Type of Member

The code of professional conduct has three sections:

Members in public practice (1.XXX)

Covered member
Immediate family → think of it as anyone who lives under your roof.
Close relatives

Members in business (2.XXX)

Ex) fortune 500 company or a mom-and-pop shop.

Other members (3.XXX)

Ex) People between jobs or voluntarily retired.

General Rule

Members in public practice shall be independent in fact(mind) and in appearance(Financial, Employment and Business Relationships)
Services : Audit, Review and AUP
People : Covered Member / Immediate Family / Close Relatives
Terms Applied : Earlier of [Signing or Performing] ~ Later of [Termination or Issuance of Report]

Exception : For employment relationships - entire F/S period

Hold a significant interest in the company.
Have access to accounting records.
Have the ability to influence management

Independence Impaired By Financial Interests

A covered member and immediate family should not have a direct or 'material' indirect interest in client

Covered Member : Engagement Team / Firm / Partners and equivalents in same office / CEO / Non-Attest partner / Sub.
Immediate Family : Spouse / Spouse Equivalent / Dependent (= more than half of financial support)
Close Relatives : Parents, Siblings, Non-dependent children

Engagement Team : Impaired when either, material interest to client OR material to relative to own net worth
Partner/CEO : Impaired when both conditions are met
Non-Attest partner : Not impaired

Indirect Investments - impaired when material

Mutual Fund : indirect, material when more than 5% of share of fund - and that fund holds investment in client
Partnership : General - considered direct / Limited - indirect, material when material to member's net worth
Executor/Trustee : appointment as executor (OK) / having the authority as an executor - direct / Blind trust - direct

Interest in client's subsidiaries and affiliated companies

Subsidiaries : Client -> Sub (ALWAYS) / Parent -> Client (when material direct)
Affiliates(Sisters and Equity Methods) : Only when material direct

Unsolicited interest

Gift or inheritance : dispose of the interest within 30 days after becoming aware

Loans

Loans to and from client impairs independence, with exceptions
Grandfathered loans : loans obtained prior to becoming a client / under customary terms
Other : Automobile / insurance / credit cards / cash advance of up to $10,000 / passbook loan

Independence Impaired by Employment Relationships

Covered Members

Former Partner of firm -> client

Should not appear to participate in firm business
Should have at least 1 year bumper + not have interaction with engagement team

Former employee of client -> firm

Should not participate in the engagement of F/S covering the employment period

Potential employment to client

Negotiations : Report and disassociate

Everybody else

Everyone in the firm : Do not work for client / Do not have more than 5% of client's equity share
Immediate family : Working as key position related to major financial roles and management roles is not allowed

Honorary directorship - allowed

Independence Impaired by Business Relationships

Jointly held investments - impaired for material in relation to CM's net worth
Cooperative relationship (JVs) - impaired for material cases
Co-fiduciary of estate or trust - okay unless material

Other Cases

Non-Attestation services (bookeeping, tax, consulting, advisory etc.)

For issuers - only tax services are allowed
Non-issuer - can do non-attestation, but should be restricted to simple activities

Litigation

Attestation related / Commenced litigations & litigations which are probable -> impaired
Non-attestation services -> not impaired
'Class action' suit by shareholders -> not impaired

Fee arrangements

Unpaid fees - impaired when prior year fees are not paid until the current year report release date
Contingent fees - generally not allowed, w/ three exceptions
Commission and referral - not allowed

PCAOB Rules (SOX)

Applicable to : Public / SEC filing / FDIC-insured bank (>$500M) / Broker-dealer
Additional rules

Rotation : Lead & Review partner (5+5) / partners (7+2)

Small firms with fewer than five issuer clients and fewer than 10 partners may be exempted

Cooling-off period : 1 year time to work for a client (+disassociate with firm's management and financial interests)

Non-Audit services : NOT allowed w/ exceptions -> should have audit committee pre-approval

Exceptions : Tax / Financial Information System Design and Implementation / Valuation and Appraisal Services / Actuarial Services / Human Resource-Related Services
Tax - allowed : tax return prep / tax planning / review of proposed transaction / employee personal tax service
Tax - not allowed : aggressive tax return / contingent fees / tax service for CEO, CFO, COO

NOT allowed (add.)

Insurance / 'investment company complex' / Broker-Dealer accounts
Contingent Fees : only acceptable for legally fixed fees (not allowed for tax purposes)

Communication

Communicate matters of independence with audit committee annually + before engagement

Audit Committee

Must be a member of BOD / must be independent - receive no other compensation other than being a BOD
BOD should appoint audit committee - not the management
Audit committee oversees auditor's work - not the management