Management responsibility
Auditor responsibility: “Auditor believes that the evidence obtained is sufficient and appropriate to provide a basis for the _________ audit opinion” **only state if unmodified opinion**
Basis for ____ Opinion: *not included if unmodified*
Opinion: If modified, would state the type of opinion in title of paragraph
Emphasis of matter: emphasize what is in FS
Other matter: brings attention to what is not in FS
Signature and location
Date

Issuer Report

Title: “Report of Independent Registered Public Accounting Firm
Addressee
Opinion on FS: if modified state “discussed in the following paragraph”

Includes what FS are audited and periods covered by FS

Explanatory paragraph: only needed if modified opinion *no title*

Explains why opinion was modified

Basis for opinion: if disclaimer must say “basis for disclaimer of opinion”

1st paragraph: covers management and auditors responsibilities
2nd paragraph: state audit was conducted in accordance with PCAOB and that the audit provides a reasonable basis for opinion

CAMs: not included if adverse or disclaimer
Signature, tenure, location
Date

CAMs

If none, must state that
Matters communicated to audit committee that are:

Material
Challenging, subjective or complex judgment

IPAD

Identification of CAM
Principal considerations that led to determination of CAM
Addressed in audit
Disclosures/account reference

Not required if adverse/disclaimer opinion

Nonissuer Extra Paragraphs

Emphasis of matter: appropriately presented/disclosed; explains items presented in FS *immediately after opinion*

Required (GAASP)

Going concern
Accounting principle justified change
Audit opinion changed (subsequent event)
Special
Purpose framework

May be required

Litigation uncertainty
Major catastrophe
Significant related party transactions
Unusually important subsequent events

Other matters: matters other than those presented in FS *immediately after E of M*

Required

Restricted use
Change in audit opinion (can be E of M or OM)
FS by predecessor not reissued
Comparative FS; prior period not audited, reviewed or compiled
Material inconsistency in other information
Report on supplementary information
Refer to required supplementary information
Restrict use when special purpose FS in accordance with contractual/regulatory basis (except when intended for general use)
Report on compliance

May be necessary

Describe why auditor cannot withdraw
Further explain auditor responsibilities
Sets of FS prepared in accordance with different general purpose framework

Issuer Extra Paragraph

Explanatory paragraph (with title) required:

Going concern
Material change in accounting principle
Change in reporting entity
Change in investee
Previous material misstatement corrected
Other information materially inconsistent
Supplementary information omitted; departs materially; auditor unable to complete prescribed procedures

Explanatory paragraph (without title) required:

Prior year report not presented
Prior year opinion updated
Management required to report on IC over financial reporting, report not required to be audited

Change in Opinion

Disclose - DORCS

Date of previous report
Opinion originally stated
Reason for original opinion
Changes that have occurred
Statement that “opinion...is different”

Report Presented Predecessor Auditor

Prior CPA should

Read current statements
Compare previous with current statement
Obtain letter of rep from successor auditor
Inquire and obtain letter of rep from management

Date the report

Unrevised: original date
Revised: dual date

Report Not Presented Predecessor Auditor

Current CPA should state

Prior period FS audited by predecessor auditor
Type of opinion
Nature of E of M, other matter, explanatory paragraphs included in old report
Date of old report

Component Auditor

Group engagement team must understand

If component auditor is independent
Competence
Extent of work for component auditor

Make no reference: group engagement partner assumes responsibility
Make reference: explain what was audited by component auditor

Component report cannot be restricted use
If unable to evaluate work/independence

Single Statement Audits

Auditor should understand

Purpose for which FS are prepared
Intended users
Steps taken by management to determine financial reporting framework is acceptable

Perform procedures on interrelated items

Sales and receivables
Inventory and payables
Fixed assets and depreciation

If reporting on stockholders equity

Perform procedures to express opinion on financial position

If reporting on net income

Perform procedures to express opinion on financial position and results of operations

Piecemeal Opinion

Adverse/disclaimer of opinion on complete set of FS can still give unmodified opinion on specific element if:

Opinion on element is not published and does not accompany FS opinion
Specific element does not constitute major portion of entity’s FS

Subsequent Events

Recognized

Adjusting journal entry; provides additional information about conditions that existed at BS date

Nonrecognized

Footnote disclosure; events that occurred after BS date and did not exist at BS date

Subsequent period

Public: through date FS are issued
All others: through date FS are available to be issued

Procedures- PRIME

Post BS transactions
Rep letter
Inquiry
Minutes
Examine

Dual Dating

Keep original report date for everything except particular subsequent event
Can use later date for original report; will broaden responsibility for all subsequent events

Changes in Audit Report

Refusal by client- DAR

Disassociate
Alert agencies
Relying parties

FS can no longer be relied upon

Other Information

Auditor generally not responsible for determining if properly stated; must still read
If other information is materially inconsistent, may require revision

If management refuses to revise, modify opinion or withdraw
Inform those charged with governance

Supplementary Information

Only required if engaged to audit supplementary information
FS must have been audited and cannot have adverse or disclaimer of opinion
Evaluate presentation
Report on whether supplementary information is fairly stated *opinion is issued*
Must obtain written rep form management regarding information
Location in auditors report

Nonissuers: other matter paragraph or separate report (must be referenced)
Issuers: explanatory paragraph or separate report (must be referenced)

Required Supplementary Information

Limited procedures

Inquire of management
Determine if information is consistent with management response
Written management representations

Reporting

Private: other matter paragraph stating the following, if applicable

Required supplementary information is included and limited procedures were performed
Required supplementary information omitted
Some information is missing, some is presented
Identified material departures
Not able to complete required procedures
Unresolved doubts

Public: explanatory paragraph for the following, if applicable

Required information omitted
Material departures form guidelines
Unable to complete procedures
Unresolved doubts

Special Purpose Frameworks

Examples

Cash
Tax
Regulatory
Contractual
Other

Cannot use GAAP terms
In emphasis of matter paragraph

Indicate special purpose framework
Refer to note in FS describing framework
State that framework is basis other than GAAP

Regulatory and contractual are restricted use
Specify framework in opinion paragraph
Do not have to quantify difference between special purpose FW and GAAP

Other Country Framework

For use only outside the USA

Report using other country report or report set out in ISA, or
US form of report

For use in USA

Report using US form with emphasis of matter paragraph

Reporting Accountant

Not required to be independent, must disclose if not
Not continuing accountant
Report issued must be restricted use for only

Management
Board of directors
Prior/current auditor

Chapter 2 High Level Notes

Quality Control

AICPA: auditing firms must have system of quality control
Elements: HELP ME

Human resources

Recruitment & hiring; assigning personnel; performance evaluation; compensation; advancement

Engagement & client acceptance and continuance

Deciding whether to accept/continue client relationships; have policies for withdraw; minimize likelihood of associating with client who lacks integrity

Leadership

Leadership bears ultimate responsibility for quality control system; tone @ top

Performance

Ensure engagement is appropriate and sufficient and work is properly approved; allow consultation with experts on complex/unusual transactions

Monitoring

Ongoing consideration and evaluation of design and effectiveness of quality control; partner bears responsibility for this

Ethical requirements

At least annually, should confirm independence in writing, maintains public confidence in profession

Also affected by

Firm size, cost-benefit, nature and complexity of practice

GAAS relates to individual audits, quality control relates to all professional activities of the firm

Failed quality control DOES NOT equal failed GAAS

Review

Engagement partner should review:

Critical areas of judgment
Significant risks (will always include management override and revenue recognition)

Documentation

Who performed the work
Who reviewed the work and date

Documentation

Support auditor's opinion; not clients FS

Documents that audit was conducted in accordance with GAAS

Audit documentation should:

Cover planning, conduction and supervision of the audit
Show accounting records reconcile to FS
Have enough detail for “experienced auditor” to understand:

NET of procedures
Results of procedures
Findings/issues
Conclusions

Show who performed the work and date completed

Tickmarks are often used to explain work that was performed

Retention

Report release date = auditor grants permission to use report

Should not be sooner than the date that appropriate sufficient audit evidence is obtained

Keep records

SAS (Nonissuers) → 5 years
PCAOB (Issuers) → 7 years

Documentation must be completed within

SAS → 60 days
PCAOB → 45 days
** cannot remove information, only add to it

Files

Permanent: carry forward year to year

Includes: contracts, pension plans, leases, stock options, bylaws, articles of incorporation, minutes, bond indentures

Current: this year only

Includes: audit plan, FS & audit report, TB & AJE, confirmations, copies of entity’s documents, summary of significant audit findings, records of tests of controls & substantive testing

Significant Audit Findings

Selection and application of accounting policies
Give rise to significant risk
Related to possible material misstatements
Cause significant deficiencies

SOX & Audit Committee

Select and appoint external auditor
Auditor reports to and is overseen by audit committee

Client Acceptance

Consider

Ability to meet deadlines
Ability to staff engagement
Independence
Integrity of client management

Management Responsibilities

Responsible for FS and IC

Acknowledge this in engagement letter & also stated in report

Provide auditor access to all information and people
Auditor should not accept if management imposes scope limitations

Includes lack of records

Engagement Letter

Reduced risk of uncertainty
Required under PCAOB
Addresses limitations of engagement
Identification of reporting FW
Management acknowledges their responsibility
Does not include specific audit procedures
PCAOB: letter also provided to audit committee for their acceptance

Initial Engagement

Client must give permission for auditor to discuss with prior CPA

If do not = withdraw

Ask prior CPA

Management integrity
Disagreements with management
Their understanding of why there was a change in auditor
Any communication about fraud/noncompliance

Change in Engagement

From audit to review or compilation
Acceptable reasons

Change in client requirements
Misunderstanding about nature of services

Unacceptable reasons

Engagement would uncover fraud/error
Client attempting to create misleading/deceptive FS
Client refuses to allow correspondence with legal counsel
Client refuses to provide signed rep letter

Knowledge of Client Industry

Common sources

AICPA accounting and auditing guides
Trade publications and professional trade associations
Government publications
AICPA accounting trends and techniques

Knowledge of Client Business

Common sources

Tour client facility
Review financial history
Obtain understanding of client accounting
Inquire of client personnel

Audit Strategy

More general guidelines
Plan regarding NET/includes preliminary assessment of materiality
Required to communicate planned scope and timing of audit with those charged with governance

Audit Plan

Can change during an audit
Written audit plan REQUIRED
Based on audit strategy, outlines NET of specific procedures to be performed

Audit Procedures

Risk assessment → required in all audits
Test of controls → tests of internal controls

Required for issuers, not for nonissuers

Substantive tests → tests account balances

Assertions

COVERU
Transactions and events

Completeness
Cutoff
Accuracy
Valuation
Classification

Account balances

Completeness
Allocation/valuation
Rights & obligations
Existence

Presentation & disclosures

Completeness
Understandability and classification
Rights and obligations
Valuation and accuracy

Internal Audit

Not independent
Can aid in understanding of IC, assessing risk and performing substantive tests
Responsibility stays with external auditor
Cannot provide assistance with assessing RMM, determining if sufficient appropriate evidence has been obtained, setting materiality, determining opinion that should be issued, etc.
Consider:

Competence: education level, professional certification, experience, quality of audit documentation
Objectivity: level auditor reports, policies prohibiting audits of areas where internal audit is not independent
Application of systematic & disciplined approach: existence and adequacy and use of documented internal audit procedures

Specialists

Can use auditor or client specialist
Must evaluate competence and adequacy of work and objectivity
Do not refer to specialist in report unless their findings suggest a qualified or adverse opinion

Materiality

Amount of error that would affect the judgment of a reasonable person
FS as a whole

Can also have materiality for transactions, account balances or disclosure if necessary

Use smallest level of misstatement that could be material to any one FS
Performance materiality

Less than total materiality

Tolerable misstatement

Maximum error in population auditor will accept for specific procedure

Revising materiality changes NET

Risk Assessment Procedures

Can provide tests of details and substantive tests at the same time
Understand entity/environment
Understand IC
Inquire with audit committee and management
Analytical procedures

Required in planning and final review

Discussion with engagement team

Understanding entity

Document key elements

Is environment competitive?
What is regulatory environment like?
How does management determine estimates?
Is compensation based on performance?

Audit Data Analytics (ADAs)

Analyze patterns, identify anomalies, & extract other useful information
Steps

Plan ADA
Access and prepare data
Consider relevance and reliability of data
Perform ADA
Evaluate results/conclude

Helps identify notable items

Previously unidentified risks
Modify/support RMM
Provide auditor with information to better plan audit

Internal Control

CRIME

Must have understanding of each element

Control environment

Tone at top
Communication and enforcement of integrity and ethical values
Commitment to competence
Participation of those charged with governance
Management philosophy and operating style
Organizational structure
Assignment of authority, responsibility and accountability
HR policies

Risk assessment

Done by management
Identify likely areas of: lying, cheating, stealing

Information/communication

Account processing from initiation to inclusion in FS
Initiating, authorizing, recording, processing and reporting transactions
Development of significant estimates

Monitoring

Establishing and maintaining IC is the responsibility of management

Existing control activities

Help ensure necessary steps to address risk are taken

Relevant to audit → PAID TIPS

Consideration of Internal Control

5 components of IC apply to all audits
Identify preventative and detective controls
Evaluate design: capable of preventing/detecting misstatements
Evaluate implementation: present & functioning
Limitation: management override, collusion and human error

Procedures for IC

Inquiry (alone is not enough)
Observation
Inspect documents
Walkthrough

Document IC

Required to document understanding
Can use FIND

IT

Manual controls: large, unusual, nonrecurring transactions
Automated controls: high volume, recurring
General controls: relate to many applications
Application controls: apply to processing of individual transactions
Enhanced segregation of duties

Control group
Operators
Programers
Analysts
Librarian

Risk: garbage in → garbage out

IT for Evidence Gathering

Auditing around the computer (manual)

Tests input data, processes data independently and compares results
Appropriate for small batch systems

Auditing through the computer (Computer Assisted Audit Techniques [CAATs])

Includes

Transaction tagging

Electronically mark specific transactions and follow through clients system

Embedded audit modules

Examine all transactions over $

Test data

Clients system, auditors data, offline
Test invalid #, excess $, excess hours

Integrated test facility

Test data mixed with live data, online, client unaware of test

Parallel simulation

Auditor reprocesses clients live data and compares results

Generalized Audit Software Packages (GASP)

Auditor can perform test of controls and substantive tests on clients system
Requires little technical knowledge

Chapter 3 High Level Notes

Fraud

Fraud: intentional
Types:

Fraudulent financial reporting (lying)

Intentional misstatement or omission

Misappropriation of assets (stealing)

Theft of assets

Corruption (cheating)

Fraud triangle

Incentive
Opportunity
Rationalization

Only reasonable assurance is provided over identification of fraud

Auditors responsibility to design an audit for this

Must discuss fraud risk with key members of the team
Documentation required for risk assessment and response

Includes assessment of RMM at FS level and assertion level

Obtaining Information About Fraud Risk

Inquire of management regarding views of fraud risk
Consider results of analytical procedures
Evaluate fraud risk factors

Responding to Risk

Three levels

Level 1: Overall, general response

Considered when planning the audit

Level 2: Response encompassing specific audit procedures

Level 3: Response addressing risks related to management override

Communication Regarding Fraud

Any indication of fraud (even if immaterial) should be discussed with management at least one level above
Fraud that causes material misstatement → report directly to those charged with governance
Fraud involving senior management → report directly to those charged with governance

Audit Risk

Auditor fails to modify report appropriately
AR = RMM * DR

RMM = IR * CR

Inherent risk **auditor cannot control**

Susceptibility of assertion to be materially misstated, assuming no controls in place

High IR → high-volume transactions, cash, complex calculations, estimates

Control risk **auditor cannot control**

Material misstatement would not be prevented or detected and corrected in a timely basis given the clients controls

High CR → no effective controls, not operating effectively, not be efficient to test operating effectiveness

Detection risk **auditor can control**

Risk that auditor will not detect material misstatement
Inverse relationship between RMM and DR
As DR decreases, substantive testing should increase (inversely related)

Change procedures to be more efficient → nature
Larger sample size → extent
Change testing to year end → timing

Misstatements

Types

Factual misstatement: no doubt
Judgmental misstatement: differences concerning estimates that the auditor considers unreasonable
Projected misstatement: best estimate of misstatements in population

Harder to detect small misstatements

Audit Approach

Substantive

Only substantive tests
Done if no effective controls, implemented controls are ineffective, would not be efficient to test operating effectiveness of controls

Combined

Substantive procedures and tests of controls
Tests of controls must be performed in current period

Dual purpose test

Test of controls performed while performing test of detail

Controls

Auditor required to have understanding of design and implementation of IC

Not required to evaluate operating effectiveness

Must be designed effectively and operating
Quality of evidence

Reperformance
Inspection
Observation
Inquiry

Evidence Obtained in Previous Audits

Can use prior evidence on controls operating effectiveness as long as changes have not been made

Must still be tested every 3 years
Cannot rely on previous audits for controls that address significant risks

Substantive Procedures

Required for each material transaction class, account balance or disclosure
Substantive test that does not indicate deficiencies, does not mean there are none

Noncompliance

Management's responsibility
Auditor cannot be expected to detect all noncompliance
Auditor should obtain understanding of

Legal regulatory framework for entity
How entity is complying with that framework

If identified, discuss with management at least one level above

If material and and intentional, communicate to those charged with governance ASAP
Usually auditor does not have a responsibility to disclose noncompliance to parties other than management and those charged with governance

Opinion

Material effect that has not been adequately reflected in FS → qualified or adverse
Unable to obtain sufficient appropriate evidence → qualified or disclaimer
Client refusal to accept modified report → withdraw

Accounting Estimates

Possible management bias does not constitute a misstatement
Low estimation uncertainty → less pervasive evidence needed
High estimation uncertainty → more pervasive evidence needed

Related Party Transactions

Must be disclosed
Auditor is concerned with making sure they are properly accounted for and disclosed

Audit Evidence

Accounting records

Invoices, contracts, ledgers, journal entries and worksheets

Corroboration evidence

Minutes, confirmation, industry analysts reports, data about competitors, information obtained through observation, inquiry and inspection

Must persuade auditor

Must evaluate all evidence even if doesn't agree with clients statement

Quality of audit evidence

Auditors direct personal knowledge
External evidence
Internal evidence
Oral evidence

Procedures to Obtain Evidence

C FIVE CARROT WARS
Accounts with high turnover → concentrate on ending balance
Accounts with few transactions → concentrate on details of transactions
Revenues mainly concerned with existence
Expenses mainly concerned with completeness
Assertions matched to audit procedures

Completeness

Tracing, analytical review, observation

Cutoff

Cutoff procedures

Valuation, allocation and accuracy

Inspection, footing, independence and recalculation, reconciliation

Existence and occurrence

Confirmation, observation, inspection, examination, vouching

Rights and obligations

Inspection

Understandability and classification

Inception, review, inquiry of management

Analytical Procedures

Document

Auditors expectation
Factors considered in development of expectation
Results of comparison of expectation to recorded amounts
Additional audit procedures performed in response to significant unexplained differences

Vouching vs Tracing

Tracing

Source documents → financial statements
Evidence of completeness

Vouching

FS → source documents
Evidence of existence

Confirmations

Oral evidence is not a confirmation
If received electronically or faxes, verify by calling
Do not provide evidence about valuation or completeness
Should be sent to all banks the client did business with during the year, even if no year end balance
Positive confirmation

Agree or disagree with information

Negative confirmation

Respond only if party disagrees with information

Blank confirmation

Must fill in amount
Higher quality of information but lower response rate

Ratios

Liquidity

Measures of short term ability to pay maturing obligations

Activity

Measures of how effectively an enterprise is using its assets

Profitability

Measure financial performance of an enterprise for a given period of time

Investor

Measures that are of interest to investors

Long-term debt-paying ability (coverage)

Measures of security for long term creditors/investors

** don't focus on memorizing formulas, they should be given if required for simulation **

Selecting Items for Sampling

All items may be selected if population is made of a small number of high-dollar value items
If specific items are selected, results cannot be projected onto entire population
Sampling risk: risk that sample will not be representative of population

Incorrect acceptance: sample supports conclusion that account balance is not materially misstated when it is in fact

Affects effectiveness

Incorrect rejection: sample supports conclusion that account balance is materially misstated when it is not

Affects efficiency

Nonsampling risk: audit risk not due to sampling

Selecting inappropriate audit procedures, failure to identify misstatements

Stratification: separate into relatively homogeneous groups, results in reduced sample size

Sampling Methods

Statistical sampling: specify the sampling risk auditor is willing to accept, then calculate sample size

Does not eliminate auditor judgment

Nonstatistical sampling: auditor uses judgment to determine sampling size
Attribute sampling: for internal controls; usually yes or no

Risk of assessing control risk too low: assessed level of control risk based on sample is less than the true risk (overreliance)

Affects effectiveness

Risk of assessing control risk too high: assessed level of control risk based on sample is greater than the true risk (underrelaince)

Affects efficiency

Variables sampling and PPS: used for substantive testing

Variables sampling: obtains evidence about the reasonableness of monetary amounts

Discovery sampling: used when the auditor believes population deviation rate is zero or near zero

Attribute Sampling Steps

Define objective
Define population
Define sampling unit
Define attributes of interest
Determine sample size

Inverse relationship to: risk of assessing control risk too low and tolerable deviation rate
Direct relationship: expected deviation rate
Not affected by population size if over 5,000

Select sample

Block sampling not acceptable

Evaluate sample results

Sample deviation rate + allowance for sampling risk = upper deviation rate

Form conclusion

If upper deviation is less than or equal to auditors tolerable deviation rate, may rely on control
If upper deviation rate exceeds tolerable deviation rate, auditor many not rely on control

Document sampling procedure

Types of Variable Sampling

Mean-per-unit

Estimate = average sample value * number of items in population

Ratio estimation

(Audited value / book value) * total value of population

Difference estimation

(book value - audited value) / sample size * number of items in population

Variable Sampling Steps

Define objective
Define population
Determine sample size

Direct relationship: expected misstatement, standard deviation, assessed level of risk
Inverse relationship: tolerable misstatement, acceptable level of risk

Select the sample
Evaluate sample results
Form conclusions
Document sampling procedure
Additional considerations if using ADAs

PPS Sampling

Change of item being selected is proportionate to dollar amount
Zero, negative, and understanded balances require special consideration
Sampling interval

Tolerable misstatement / reliability factor

Sample size

Recorded amount of population / sampling interval

Chapter 4 High Level Notes

Revenue Cycle

Sales

Segregation of the following duties

Preparation of sales order
Credit approval
Shipment
Billing
Accounting

Accounts receivable

Segregation of the following duties

Sales
Collection of cash
Uncollectible receivables
Sales returns
Sales discounts

Cash

Opened by someone who does not have access to accounts receivable ledger
Receipts sent to

Cashier
Accounts receivable department
Accounting department

Expenditure Cycle

3 functions should be segregated

Purchase requisition

Cannot place order

Purchase order
Receipt of goods (should not include purchased amounts)

Accounting department

Obtain receiving report
Recording payable

Receiving report compared to purchase order and vendor invoice

Approving invoice for payment and recording amount

Cash disbursements

Approving payment and signing check should be segregated

Cash Cycle

Lapping: failing to account for cash receipts
Kiting: cash simultaneously reflected in two bank accounts

Inventory Cycle

Following should be segregated

Purchasing
Receiving
Warehouse
Shipping

Investment Cycle

Segregation of the following

Authorization of purchases
Custody of investments
Record keeping

Fair value measurements **in order from least to most disclosures

Level 1: quoted prices in active markets for identical assets
Level 2: other than quoted prices for identical assets
Level 3: estimates and valuations

Payroll Cycle

Segregation of duties for

Authorization to employ and pay
Supervision
Timekeeping and cost accounting
Payroll check preparation
Check distribution

Financing Cycle

Evidence related to equity → board minutes
Evidence related to debt → documents

Other Matters

Auditor must evaluate opening balances and determine if they are materially misstated
Send letter of inquiry to attorney to determine if management has correctly accrued all litigation and claims

Managements responsibility to disclose any legal matters

Going concern

ADMITS and FINE
Must include “going concern” and “substantial doubt” in emphasis of matter paragraph
Can diclaim opinion

Estimate audit procedures

Review procedures used by management to determine estimated
Develop independent estimate
Review subsequent events and transactions that corroborate the value

Management Bias

Selective correction of misstatements
The identification of additional adjusting entries that offset misstatements accumulated by the auditor
Bias in selection and application of accounting principles
Bias in accounting estimates

Management Representation Letter

Auditor prepares, signed by client
Final piece of evidence
Mandatory

If do not provide, disclaimer or withdraw

Dated same date as auditors report
Signed by CEO and CFO
If performing integrated audit, additional representation should be obtained regarding management's responsibilities for IC
Contents

Management is responsible for

Fair presentation of FS
Design and implementation of IC
Providing all information to the auditor
Disclosing known or suspected fraud to auditor
Disclosing known or suspected noncompliance
Uncorrected misstatements would not make the FS misleading (summary of misstatements included)
Disclosing known actual or possible litigation to auditor
Making reasonable estimates
Identifying and properly disclosing related party transactions
Making AJE for subsequent events

Audit Committee

3 to 5 members
Not employees, no material financial interest
Functions

Select and appoint independent auditor
Assures auditor is independent
Reviews nature and details of engagement
Reviews quality of auditors work
Reviews scope of audit
Ensures recommendations from auditor are given proper attention
Maintains communication between auditor and board of directors
Helps solve disagreements
Evaluates IC of company
Makes resorts to board of directors and stockholders when necessary

Auditor should communicate disagreements with management, regardless of whether they were resolved
Communication can be oral or written

If written, must be restricted use
Issuers → communication made before issuance

Types of Control Deficiencies

Material weakness: reasonable possibility that material misstatements of entities FS will not be prevented or detected and corrected

Indicators:

Fraud perpetrated by senior management
Restatement of previously issued FS to correct material misstatement
Identification of material misstatement that would not have been detected by IC
Ineffective oversight by those charged with governance

Significant deficiencies: less severe than material weakness, important enough to merit attention by those charged with governance
Both can still exist even if material misstatements were not identified

Chapter 5 High Level Notes

Top Down Approach

Evaluate FS risks
Consider controls at entity level
Focus on specific accounts and transactions with reasonable possibility of material misstatement

Nonissuers Communication of Control Deficiencies

FS audit

Significant deficiencies and material weaknesses within 60 days of report release
In writing, to management
Not required to look for them but cannot be ignored if they come to auditors attention

IC audit

Communicate by report release date
Written communication with management and those charged with governance

Includes corrected and uncorrected deficiencies

Also must provide written communication to management regarding any other deficiencies within 60 days of report release

Inform those charged with governance that communication was made

Issuers Communication of Control Deficiencies

Material weakness

In writing to management and audit committee
Made prior to issuance of report

Significant deficiencies

Communicated to audit committee in writing

All other control deficiencies

In writing to management
Inform audit committee that communication has been made

Inherent Limitations Paragraph (Issuers and Nonissuers)

IC may not prevent or detect and correct misstatements
Projections of assessment subject to risk that controls become inadequate

IC Report

May be two separate reports or combined report

If separate, must reference that in the report

No qualified opinion for internal control

If material weakness identified, adverse opinion
If scope limitation, disclaimer or withdraw

Attestation Engagements

Follow Standards for Attestation Engagements (SSAE)
Include

Agreed upon procedures
Financial forecasts and projections
Pro forma FS
Compliance
MD & A
Reporting on controls at service organization

No reference to historical FS or GAAP
Must be independent
Common concepts → CAPE CORP
Can provide 3 conclusions issued

Examination

Positive opinion; high level of assurance
**most like FS audit opinion

Review

Conclusion; moderate level of assurance
Negative assurance → “we are not aware of any material modifications that should be made in order for ____ to be presented fairly”

Agreed upon procedures → I AM SURE

No assurance, procedures and findings are listed
Restricted use

Prospective FS

Financial forecast: expected conditions; general or restricted use
Financial projection: hypothetical conditions; restricted use only
Engagement types

Preparation (SSARS)
Compilation (SSARS)
Examination (SSAE) → provides opinion
Agreed upon procedures (SSAE)
**Reviews are not allowed

Pro Forma FS

Hypothetical events on historical FS
Engagement types

Examination
Review
Can restrict use on either

Make reference to historical FS and state whether they were audited or reviewed

Service Organization Reports

Type 1 report

Report on design and implementation of service organizations controls
Provides auditor with understanding of controls
Cannot reduce control risk

Type 2 report

Report on design, implementation and operating effectiveness of IC
Provides the auditor with assurance about service organization controls
Allows for reduction in control risk

No reference to service auditor if unmodified opinion

Compliance Reports in Connection with Audited FS

Must have audited financial statements and can only provide negative assurance if the following are met

No identification of noncompliance
Unmodified or unqualified opinion on FS
Applicable covenants & regulatory requirements have been subject to audit during FS audit

Report can be issued as separate report of part of auditors report

Separate report must be restricted use
If part of auditors report, the entire report becomes restricted use

Report on compliance would be in other matter paragraph

Compliance Attestation

Agreed upon procedures

Present specific findings to assist users in evaluating entity’s compliance with specified requirements
Same elements as standard agreed upon procedures report

Must still be restricted use

Examination

Examine entity’s compliance with requirements
Same elements as standard examination

Does not have to be restricted use
Provides opinion

Government Auditing Standards

Unconditional requirements = must
Presumptively mandatory = should
Types

Financial audits

Incorporate GAAS; determine if FS present fairly in accordance with GAAP or special purpose framework (OCBOA)

Attestation engagements

Follow attestation standards

Performance audits

Objectively present findings to assist management with decision making

Key categories

Effectiveness, economy and efficiency → are programs meeting goals? Cost and resources used?
Internal control → organizational goals are achieved effectively and efficiently? IT security effective?
Compliance → compliance criteria has been met?
Prospective analysis → evaluate information based on hypothetical future events and possible actions that could be taken

GAGAS: Performing Financial Audits

Evaluate if corrective action has been taken to address findings in previous audits
Special consideration given to fraud and noncompliance
Developing a finding

Criteria → laws or regulations
Condition → situation that exists
Cause → reason for the condition or deviation from criteria
Effect or potential effect → clear logical link between condition and deviation from criteria

Audit documentation of work performed
Auditor communication to relevant parties
Auditor’s responsibility paragraph should state that the audit was conducted in accordance with GAAS and Government Auditing Standards
Other matter paragraph should be added to end of report referencing GAGAS (Yellow Book) report

GAGAS: Reporting on Financial Audits

No opinion issued on IC
Negative assurance issued on compliance → nothing came to auditors attention
If report contains confidential information

May issue two separate reports → one with confidential information and one without
If excluding confidential information altogether, must report on the exclusion of info and state the reason for the omission

Auditor should evaluate if exclusion of information will cause results to be distorted

Governmental Audit Report on Internal Controls

Includes

Assertion that evaluating compliance with laws with a direct and material effect on FS is part of developing opinion on FS
Assertion that specific controls relating to financial reporting are considered
Indication that either no weaknesses were found or that significant deficiencies were found and whether they were material

Single Audits

Expends $750,000 or more of federal assistance in a fiscal year
Objectives

Separate schedule of expenditures of federal awards
Compliance audits of federal awards

Materiality determined separately for each major program

Major program → $750,000 in assistance expensed or classified as “high risk”

Must contact Inspector General & obtain current program specific audit guide
Auditor must be selected through procurement (best bid wins)
Report must be submitted by earlier of

30 days after receipt of audit report or
9 months after end of audit period

Express opinion regarding compliance related to federal awards
5 reports that are issued for single audits

Financial statement report (GAAS)
SEFA Report in relation to FS *express opinion on fair presentation of*
GAGAS (Yellow Book Report) → IC over financial reporting and compliance
Single Audit Report → compliance for each major program
Schedule of Findings and Questioned Costs

Must report on

Significant deficiencies and material weaknesses in IC over major programs
Material noncompliance
Questioned costs in excess of $25,000

Major program determination

Type A: over $750,000

Break into high and low risk

Type B: all others

Break into high and low risk

Includes all Type A not identified as low risk and all Type B identified as high risk
If low risk client → must test at least 20% of total federal awards expended
If high risk client → must test 40% of total federal awards expended

Chapter 6 High Level Notes

Services for Unaudited FS (SSARS)

Preparation: independence not required; no assurance
Compilation: state whether independent; no assurance
Review: must be independent
Must be able to justify departures from SSARS
Do not apply to interim FS for nonissuers whose annual FS are audited
If accountant becomes aware of fraud or noncompliance, this should be communicated to appropriate level of management

Elements of SSARS Engagements

3 party relationship

Management
Accountant
Intended users → auditor not responsible for identifying them

Require written agreement with management
FS prepared in accordance with special purpose framework are not appropriate unless:

Description of framework and description of material difference from GAAP
Disclosures similar to GAAP

Subsequent Events SSARS

Accountant not responsible for providing review procedures after date of review report; if information becomes known, accountant should:

Discuss with management
Determine if FS need revision

Material information becomes known after issuance

Immediately disclose information and impact to people relying (management's responsibility)
Determine if FS need revision

Client refuses to make changes

Disassociate
Agencies
Related parties

Preparation Engagements (SSARS)

Engagement letter required
Must have understanding of framework used
Each page of FS says “no assurance provided” or disclaimer provided on FS
No report issued
Does not have to include accountant/firm name
If using special purpose framework, description should be on face of FS
Not required to inquire or perform other procedures
If information is incorrect, obtain additional information from client; if FS are prepared with known departures, must disclose the material misstatements
Can prepare FS that omit disclosures if

Accountant discloses omission
Omission not intended to mislead users

Limited disclosures

“Selected information - substantially all disclosures required by [financial reporting framework] are not included”

Compilation

No assurance; assist management in presentation of FS
Must have engagement letter
Must have understanding of clients business

STAFF

Looking for math errors and mistakes related to applicable reporting framework
If accountant becomes aware of incomplete/inaccurate information and client refuses to change = WITHDRAW
Also withdraw if scope limitation
Each page marked “see accountant's compilation report”
Can compile FS that omit disclosures if

Accountant discloses omission
Omission not intended to mislead users

Must disclose if not independent

Permitted, not required, to disclose reasons

Report issued

Review Engagements

Limited assurance
Not required to obtain understanding of IC and assess risk
Must be independent
Requirements

U LIAR CPA

Not required to test IC, perform audit tests, assess fraud risk or communicate with predecessor accountant
Documentation does not include testwork → no testing is done
Issues report

Must include “independent” in title
Provides negative assurance

Each page of FS say “see independent accountants review report”

Review Reports

Prepared under regulatory or contractual basis = restrict use
Known departures paragraph immediately follows accountants conclusion paragraph
Going concern remains: emphasis of matter paragraph including “substantial doubt” and “going concern”
Reports on compiled FS must include same disclosures

One contains disclosures and one omits them = no report issued

Unaudited FS presented with audited FS must be clearly marked and either:

Reissue prior period report
Other matter paragraph in current report describing responsibilities assumed for prior period FS

Interim Reviews (Nonissuers)

SAS
Use same framework as annual
Latest FS have been audited
Going concern in emphasis of matter must be included if

Included in prior year and conditions still exist
Management stated substantial doubt exists

Interim Reviews (Issuers)

PCAOB
Standards do not require written report unless

Client states auditor has reviewed interim FS, then report must be included

Interim procedures

U LIAR CPA
Understand IC

Comfort Letters

From CPA to underwriter/other requesting parties
Restricted use
Positive assurance

CPA independence
Compliance on form of FS if audited

Negative assurance

Unaudited FS
Pro forma

Rules

Independence rules

Not required for compliance and non-attestation services
Applies to covered members:

On engagement team
Position to influence engagements
Partner providing 10+ hours of non-attest services during the year
Partner in same office as lead partner
Firm as a whole

Impaired with material indirect interest to any direct interest
Not impiared for:

Fully collateralized car loans
Credit card balance not over $10,000
Bank account fully insured by government
Passbook loan

Imparied:

Immediate/close family in key position
Person formerly employed by client and engagement covers period of employment
Over 1 year late on audit fees
Actual/threatened litigation

Unless immaterial amount and unrelated to attestation

Cannot make management decisions for client

General standards rules

Professional competence

Only undertake engagements that can be reasonably expected to be completed with professional competence

Due professional care

Planning and supervision and sufficient relevant data

Compliance with standards rule

Must comply with standards of applicable bodies

Accounting principles rule

Departure from GAAP may be justified if compliance would cause FS to be misleading

Confidential client information rule

Cannot disclose confidential client information
Exceptions

Subpoena
Quality review AICPA
Inquiry by ethics division of AICPA or state CPA society

Contingent fees rules

Not contingent if fixed by court
Permitted for compliance if state “not independent”
Prohibited → audit/attest and tax returns

Okay if for challenging IRS

Acts discreditable

Fail to return records
Discrimination or harassment
Failing to follow procedures in governmental audit
Negligence
Failing to follow GAAS
Solicitation or disclosure of CPA questions and answers
Failure to file personal tax return timely
Cannot be false, misleading or deceptive
Disclosure of confidential information

Form of organization and name rule

All owners must be CPAs if CPA firm
Can use names of past owners

Threats to Compliance

Adverse interest threat

Members interest is opposed to client interest

Advocacy threat

Promotes clients interest to point that independence impaired

Familiarity threat

Member becomes too sympathetic of client work

Management participation threat

Member takes on management roles

Self-interest threat

Member could benefit from relationship with client

Self-review threat

Not appropriate review work done by member

Undue influence threat

Threat that member will subordinate judgment because of excessive influence over member

PCAOB

3 not CPAs, 2 CPAs
Only registered accounting firms can report on SEC audits
Documentation maintained for 7 years
Concurring review

SOX II

Auditor cannot also provide

Bookkeeping
Financial information design
Appraisal and valuation
Actuarial services
Management and HR
Internal audit outsourcing
Broker, dealer, investment advisor, investment banker
Legal services
Expert services

Taxes okay if approved by audit committee
Lead partner rotates off every 5 years

Name must be disclosed

One year cool off period

CEO, CFO, controller, chief accounting officer

Rule 2-01 (SEC)

Financial interest exceptions

Received through unsolicited gift and disposed of ASAP, no later than 30 days after

Lead partner requires 5 years cool off period

2 years for other partners

PCAOB Rules

Cannot provide aggressive tax transactions
Cannot provide tax services to corporate officers or immediate family

GOA

External peer review every 3 years
DOL independence

Direct financial interest
Material indirect interest