A2 Engagement Quality and Acceptance, Planning, and Internal Control

What inquiries should be made to the predecessor auditor before accepting an engagement?

• Management integrity

• Disagreements with management

• The reason for the change in auditor

• Any fraud, noncompliance, and internal control matters related communications

• Nature of entity’s relationships and transactions with related parties and significant unusual transactions

A successor auditor should request the new client to authorize the predecessor auditor to allow a review of the predecessor’s:

Working papers

In the pre-acceptance phase of the engagement, the auditor should assess:

• Firm’s ability to meet reporting deadlines

• Firm’s ability to staff the engagement

• Independence

• Integrity of client management

• Group engagement team’s ability to obtain sufficient appropriate audit evidence

Before accepting an engagement to audit a new client, a CPA is required to obtain:

The prospective client’s consent to make inquiries of the predecessor auditor

When an auditor is requested to change the engagement, they should not:

• refer to the original engagement

• refer to any auditing procedures performed

• refer to the scope limitation

What are the interrelated elements of quality control? (HELP ME)

• Human resources

• Engagement/Client acceptance and continuance

• Leadership responsibilities

• Performance of the engagement

• Monitoring

• Ethical requirements

What is the purpose of a system of quality control?

• To establish policies and procedures that provide reasonable assurance of conforming with professional standards

• To minimize the likelihood of association with clients whose management lacks integrity

When assigning personnel to an engagement, the firm should consider:

• Engagement size and complexity

• Personnel availability

• Special expertise required

• Timing of the work to be performed

• Continuity and periodic rotation of personnel

• Opportunities for on-the-job training

Auditing documentation should:

• Show that the accounting records agree or reconcile with the financial statements

• Provide evidence that the audit was conducted with GAAS

How long must an accounting firm maintain audit work papers for a issuer? For a non-issuer?

• Issuers: 7 years

• Non-issuers: 5 years

When is the documentation completion date for issuers? For non-issuers?

• Issuers: 14 days after report release date

• Non-issuers: 60 days after the report release date

What are the categories that an entity’s objectives may be divided into? (ORC)

• Operating

• Reporting (most relevant objective for audit)

• Compliance

What are the five components of the COSO internal control framework? (CRIME)

• Control environment

• Risk assessment

• Information and communication

• Monitoring activities

• Existing control activities

What are the five principles of the control environment? (EBOCA)

• Ethics and integrity

• Board independence and oversight

• Organizational structure

• Competence

• Accountability

What are the four principles of the risk assessment? (SAFR)

• Specify objectives

• Assess changes

• Fraud

• Risks

What are the three principles of information and communication? (OIE)

• Obtain and use information

• Internally communicate information

• External parties

What are the three principles of monitoring activities? (SoD)

• Separate and ongoing evaluations

• Deficiencies

What are the three principles of existing control activities? (CaTP)

• Control activities

• Technology controls

• Policies and procedures

What are some control activities that help maintain a strong system of internal control? (PAID TIPS)

• Prenumbered documents

• Authorization and approval

• Independent checks

• Documentation

• Timely and appropriate financial performance reviews

• Information processing controls

• Physical or logical controls for safeguarding assets and information

• Segregation of duties

Which functions should not be combined to maintain segregation of duties? (ARC)

• Authorization

• Recordkeeping

• Custody

What are the six main financial statement assertions? (COVERUp)

• Completeness

• cutOff

• Valuation, allocation, and accuracy

• Existence and occurrence

• Rights and obligations

• Understandability of presentation and classification

What should an auditing plan include? (NET)

• Nature: type of procedures that will be performed

• Extent: number of items to be evaluated

• Timing: testing period or tasting as of a certain date

In the planning phase of the audit, the auditor should:

• Obtain an understanding of the client’s business and industry

• Develop the audit strategy

• Develop the audit plan

• Perform risk assessment procedures

The audit strategy outlines:

• Scope of the audit

• Reporting objectives

• Timing of the audit

• Required communications

• Factors that determine the focus of the audit

• Preliminary assessment of materiality and tolerable misstatement

Substantive procedures are used to:

detect material misstatements. They include test of details and substantive analytical procedures

A decrease in the amount of misstatements that the auditor can tolerate will cause the auditor to modify the:

nature, extent, and/or timing of auditing procedures

Applying substantive tests as of an interim date increases:

risk, because it is possible that errors may occur between date of interim testing and balance sheet date

When conducting audit procedures at interim, the auditor must assess the:

incremental risk involved and determine whether sufficient alternative procedures exist to extend interim conclusions to year-end

Which type of audit procedures would an auditor use to test a client’s financial statement assertions?

Substantive procedures and test of controls

In designing a written audit plan, an auditor should establish specific audit objectives that relate primarily to the:

financial statement assertions

The internal auditor may provide direct assistance for:

• obtaining an understanding of the client’s system of internal control

• performing test of controls

• performing substantive tests

The external auditor cannot share responsibility with the internal auditor for:

subjective areas, including assessments, materiality, and estimate accounts

The external auditor can rely on the work of internal auditors in:

areas of low degree of subjectivity, lower risk, or lower materiality (e.g. prepaids, fixed assets)

How does the external auditor test the competency of the internal auditor?

Quality of the internal auditor’s education, professional certification, experience, performance evaluations, audit plan, audit procedures, and audit documentation

How does the external auditor test the objectivity of the internal auditor?

The internal auditor reports to a higher level department (i.e. those charged with governance or legal counsel) rather than the accounting department and they do not review their own work

If an auditor for a non-issuer decides to mention the specialist in the report, the report must indicate that:

the reference to the auditor’s specialist does not reduce the auditor’s responsibility for that opinion

What is the difference between an auditor’s specialist and a management’s specialist?

• Auditor specialist: expertise other than accounting or auditing to assist auditor in obtaining audit evidence

• Management specialist: expertise other than accounting or auditing hired by the client to assist entity in preparing financial statements

What is considered when setting the materiality level of an audit?

• The needs of financial statement users

• Qualitative and quantitative factors

• Smallest level of misstatement that could be material to any one of the financial statements (i.e. balance sheet, income statement, etc)

What is performance materiality?

Amount set by auditor at less than overall materiality to reduce probability that the aggregate of uncorrected and undetected misstatements exceeds overall materiality

What is the audit risk formula?

Audit risk = Risk of material misstatement * Detection risk

What is the risk of material misstatement formula?

Risk of material misstatement = Inherent risk * Control risk

What factors affect inherent risk?

• Complexity

• Subjectivity

• Change

• Uncertainty

• Management bias or other fraud risk factors

What factors generally have a high inherent risk?

• High volume, unique, or individually significant transactions

• Complex or subjective calculations

• Amounts derived from estimates

• Cash

Illustrate the relationship between risk of material misstatement and detection risk when risk of material misstatement is high and when it is low

• Risk of material misstatement is high —> more assurance is required from substantive testing —> detection risk is low

• Risk of material misstatement is low —> less assurance is required from substantive testing —> detection risk is high

When is the control risk assessed to be low? When is it assessed to be high?

• Low: Auditor plans to rely on controls (since they are designed and implemented appropriately), so the auditor will need to test controls

• High: Since there are no effective controls relative to the specific assertion, implemented controls are not operating effectively, or sufficient appropriate audit evidence may be obtained by substantive testing only, the auditor will not rely on the controls and will not test them

What are the three types of misstatements?

• Factual: Misstatements about which there is no doubt

• Judgmental: Differences arising from judgements of management

• Projected: Projection of misstatements identified in audit samples to entire population

As acceptable level of detection risk decreases, the auditor should increase assurance provided from substantive testing by:

• Changing the nature of substantive testing to a more effective procedure

• Change the timing (such as performing at year-end); or

• Change the extent of substantive testing (such as using a larger sample size)

What is the relationship between detection risk and acceptable assurance from substantive tests?

Inverse relationship

Illustrate the fraud risk factor triangle:

• Incentives/pressures: reason to commit fraud

• Opportunity: lack of effective controls

• Rationalization/attitude: attempt to justify fraudulent behavior

Any indication of fraud should be discussed with an appropriate level of management:

at least one level above those involved

Before agreeing to a request of a change in engagement by management, the auditor should consider:

• Reason for the request, especially if there are scope limitations

• Effort required to complete the engagement

• Estimated additional cost to complete the engagement