A2 M1 AUD CPA

Management

Represents individuals or group of individuals that are responsible for the conduct of the entity’s operations

• There for the day-to-day operations of the business

Those Charged With Governance

Refers to those who bear responsibility to oversee the obligations and strategic direction of an entity, including the financial reporting process

• Board of Directors, Audit Committee, Company directors, government agencies

Audit Committee

Subcommittee of the board of directors, generally made up of three to five members of the board who are “outside directors” who are NOT employees and who do NOT have a material financial interest in the company

• Subgroup of Those Charged With Governance

Function = To enhance internal control by creating means of direct communication between the “outside directors” and the auditor

Outside Directors

Individuals who are neither employees nor part of management and who do not have a material financial interest in the company

• Part of audit committee

• Least biased towards the company

Management’s Responsibilities

Auditor should obtain an agreement from management that it acknowledges and understands its responsibility for:

1. The preparation and fair presentation of the financial statements

2. The design, implementation, and maintenance of internal controls

3. Providing the auditor with access to ALL information relevant to the financial statements and unrestricted access to people within the company from whom its necessary to obtain audit evidence

Engagement Letter

A document where the auditor and Those Charged With Governance should agree to the terms of the engagement in writing that includes information related to the overall audit strategy, but does NOT include specific audit procedures

• Required for every initial audit engagement that helps ensure both parties know what the expectations are

• Sets forth the scope and nature of an auditor's contractual obligation to a client.

• Should be signed and dated by the client as a form of acceptance and included with the auditor’s documentation

Included Elements:

1. Addressee

2. Objective and Scope of the Audit (Inherent limitation statement)

3. Responsibility of the Auditor

4. Responsibility of Management

5. Other relevant information ←- Optional

6. Reporting

7. Signature

ERISA Plan Financial Statement Audits

Applies to things such as 401-k plans or retirement plans that are considered their own separate entity and create their own financial statements

• Auditor must apply all SAS, except selections NOT applicable and they have additional criteria: Forming an Opinion and Reporting on F/S of Employee Benefit Plans Subject to ERISA

Management Responsibilities

• Auditor should obtain agreement of management that it acknowledges and understands its responsibilities:

  1. Maintain current plan instrument (including all plan amendments)

  2. Administer the plan/ determine that the plan’s transactions that are presented and disclosed in ERISA f/s are in conformity with the plan’s provisions, maintaining sufficient records

Auditor Responsibilities

• Auditor should obtain agreement of management or TCWG to:

  1. Provide to auditor, a draft of Form 5500 that includes certification meets requirements of the Department of Labor’s Rules and necessary forms and schedules are included

ERISA Section 103(a)(3)©

Type of ERISA where management can elect to use and auditor doesn’t have to look at all the investments because certain investments can be certified by a qualified institution

• Auditor looks at less items and are charged less for an audit

• Investment information must be appropriately measured, presented, and disclosed in accordance with applicable framework

Auditor’s Responsibility

1. Inquire of management about how management determined that the entity preparing and certifying the investment information is a qualified institution

Recurring Audit

An audit engagement for an existing audit client for whom the auditor performed the preceding audit

• Issuers ←- Engagement letter must be signed by auditor and audit committee every year

• Non-Issuer ←- No changes to terms of engagement = Auditor can remind management of terms

  • Changes to terms of engagement = Auditor must obtain signed engagement letter

Initial Audit

An engagement in which the financial statements for the prior period were not audited or were audited by a predecessor auditor

• Mandatory for new auditor to make inquiries to the predecessor auditor with client’s permission

• Management integrity

  1. Disagreements with management

  2. The reason for the change in auditor

  3. Any fraud, noncompliance, and internal control matters related communications

  4. Nature of entity’s relationships and transactions with related parties and significant unusual transactions

Inherent Limitation

Statement in the Engagement Letter that states “because of the inherent limitations of an audit, together with the inherent limitations of internal control, an unavoidable risk exists that some material misstatements may not be detected, even if the audit is properly planned and performed.”

AICPA Code of Professional Conduct

Requires firms providing auditing, attestation, and accounting and review services to adopt a system of quality management

Quality Management System

System that consists of policies and procedures designed, implemented, and maintained to ensure that the firm complies with professional standards and appropriate legal and regulatory requirements, and that any reports issued are appropriate in circumstances

• Firm must evaluate annually and determine whether it provides the firm with reasonable assurance that the quality management objectives will be achieved

• Objectives:

  1. Firm and firm personnel fulfill their responsibilities and conduct engagements in accordance with professional standards and applicable legal and regulatory requirements

  2. Engagement reports issued by the firm are appropriate in the circumstances

Statement of Quality Management Standards (SQMS)

Standards that are issued by the Auditing Standards Board to provide guidance with respect to management engagement quality and are applied to the firm level as a whole

• NOT auditing standards

Components of a System of Quality Management

Interrelated components of a system of quality management = “REAL MICE”

1. Resources ←- Human, Technological, Intellectual, and Service Providers

2. Engagement Performance

3. The firm’s risk Assessment procedures

4. Governance and Leadership

5. Monitoring and remediation process

6. Information and communication

7. Acceptance and Continuance of client relationships and specific engagements

8. Relevant Ethical requirements

The Firm’s Risk Assessment Procedures

Component of a system of quality management that includes the design and implementation of a risk assessment process where a firm’s system must be responsive to risks and different circumstances for a firm and its engagements

• Risk-based approach should be applied when designing, implementing, and operating the system

• Achieved by:

  1. Establish quality objectives ←- Desired outcomes

  2. Identify and assess the risks to the quality objectives ←- Threats to objectives

     1. Firm-Specific Risk

     2. Engagement-Specific Risk (Complexity of client)

  3. Design and implement responses to address quality risks ←- Try to mitigate risk

Governance and Leadership

Component of a system of quality management that starts with the “tone at the top”

• Quality Objectives:

  1. Demonstration of the firm’s commitment to quality by establishing a culture of public interest and ethics

  2. Leader’s is reasonable and accountable

Relevant Ethical Requirements

Component of a system of quality management that establishes fundamental ethical principles that govern the way the firms carry out their professional responsibilities

• Quality Objectives:

  1. Firm adheres to relevant ethical requirements and fulfill their responsibilities with respect to violations

  2. Others who are subject to requirements must adhere to the established requirements

Acceptance and Continuance

Component of a system of quality management where the auditor determines whether to accept or continue client relationships; auditor must look for red flags

• Quality Objectives:

  1. Judgement is based on information obtained regarding the nature of the engagement and management’s integrity

  2. Ensuring appropriate firm resources are available (staff, needed specialists/ reviewers)

  3. Does NOT base acceptance on operational/ financial priorities

     • Supports judgement by obtaining information regarding:

       1. Client’s industry i which they operate

       2. Nature, organizational structure, business model, and how the entity is financed

       3. Information regarding the subject matter of the engagement

       4. Entity’s reputation

Monitoring and remediation process

Component of a system of quality management that provides a firm with relevant, reliable, and timely information about the design, implementation, and operation of a system of quality management

• Enables a firm to take timely action in response to issues and deficiencies

Monitoring

Firm must determine the appropriate nature, extent, and timing of activities when implementing a system of quality management

• Activities may be ongoing in nature/ performed periodically

• Includes engagement inspections selected for each engagement partner on a cyclical basis

  • Issuers - Special Rule = For auditors that issue more than 100 issuer audit reports during a calendar year are required to monitor in-process engagements

Finding

Any observation that is worthy of attention

• Firm uses professional judgement when evaluating if it’s indicative of a deficiency

Deficiency

A finding that shows the firm’s quality management system does NOT meet a required standard or poses a risk to quality that should be evaluated individually and in the aggregate to determine the impact on system of quality management

• A subset of findings

• All deficiencies are findings, but not all findings are deficiencies

PCAOB Quality Control (QC) Standards

Provides a framework for auditors of Issuers to apply when developing and implementing a system of quality control which applies to the firm as a whole

• Establishes process to provide the firm with reasonable assurance that firm personnel are following professional standards and firm’s own standards of quality

5 Interrelated Elements for Quality Control Standards

1. Independence, integrity, and objectivity

2. Personnel management

3. Acceptance and Continuance of clients and engagements

4. Engagement Performance

5. Monitoring

Independence, Integrity, and Objectivity

Element of QC that encompasses the establishment of policies and procedures that all firm personnel maintain independence and perform all professional responsibilities with both integrity and objectivity

• Ethical backbone of quality control system

Personnel Management

Element of QC that ensures firm personnel have the proficiency to carry out their professional responsibilities and that the level of supervision is appropriate based on the personnel assigned to a particular engagement; how the firm manages it’s people

• Firm personnel possess the appropriate competencies based on their professional responsibilities

Engagement Performance

Element of QC that ensures the work performed by personnel meet professional standards, regulatory requirements, and the firm’s standards of quality

• Achieved by establishing engagement performance procedures for all phases of the engagement:

  1. Documenting

  2. Supervising

  3. Reviewing

  4. Documenting

  5. Communicating results

Engagement Quality Review

An objective evaluation of the significant judgements and conclusions reached by the engagement that is key to ensuring that public interest is served through performance of consistent and quality engagements; ensures that the appropriate report is being issued and that appropriate sufficient audit evidence is being obtained

• Performed prior to the release of the engagement report by a partner or a qualified person who’s NOT on the engagement team

• Quality management standards outlines when review is required

  • Required by law to certain engagements: Governmental organizations, banks, organizations under court management

  • May be performed as a response to quality of risk

Audit Documentation

The principal record of audit procedures performed, evidence obtained, and conclusions reached

• Referred to as “workpapers”

• Provides evidence of basis for the auditor’s report and the conclusion about achievement of overall objectives and evidence that the audit was conducted in accordance with GAAS and legal/ regulatory requirements

  • Supports the audit opinion, NOT the client’s financial statements (Client records)

Retention

• Non-Issuers: Retain documentation for at least 5 years

• Issuers: Retain documentation for at least 7 years

Documentation Completion Date: After date, auditor cannot delete documentation and must document any additions to the file

• Non-Issuers: 60 days following audit report release date

• Issuers: 14 days following audit report release date

Audit Report Release Date

The date the auditor grants the client permission to use the audit report

• Date where report is delivered to the client

Documentation Completion Date

After this date, existing documentation cannot be deleted and additions to the audit documentation must be documented;

Audit documentation must be assembled:

• Non-Issuers: 60 days following audit report release date

• Issuers: 14 days following audit report release date

Permanent (Continuous) File

Includes audit documentation that has a continuing interest from year to year; relevant for more than one year

• Pension plans, multi-year contracts, multi-year leases, stock options, bylaws, Articles of Incorporation, bond indentures

Current File

Contains all audit documentation applicable to the year under audit

• Includes: Audit plan, financial statements, audit report, trial balance and adjusting journal entries, confirmations, management representation letter, tests of controls, substantive tests, contracts for 1 year or less, and significant audit findings

Tickmark

Symbols auditors use to indicate the work has been performed

• Varies between companies

COSO

Provides a framework for effective internal control over financial reporting

Control

A policy or procedure established to achieve the control objectives of management and those charged with governance