Chapter 1

Describe Auditing

auditing is the accumulation and evaluation of evidence about information to determine and report on the degree of correspondence between information and criteria; must be done by a competent and independent person and give an unbiased opinion

Accounting vs. Auditing

accounting is the recording of information and auditing is the checking over the work to make sure its recorded and presented fairly

auditors can do accounting, but not all accountants have the knowledge to complete auditing tasks

Relationship Between Auditing and Information Risk

information risk is the risk that the information used to make business decisions is inaccurate or misrepresented

auditing is done to give reasonable assurance that information is accurately represented in order to reduce information risk

Causes of Information Risk

what are causes of information risk?

• remoteness - information gathered is often relied on others, when it is obtained from others, the likelihood of it being intentionally or unintentionally misstated increases

• bias and motives of providers - information by someone whose goals are inconsistent with those of the decision maker can result in inadequate or incomplete disclosures of information

• voluminous data - in larger organizations, the volume of exchange transactions is fairly large, Increases the probability that there is improperly recorded data in the record

• complex exchange transactions - exchange transactions between organizations have become more and more complex; acquisitions, combining and disclosing results of operations in different industries, and properly valuing and disclosing derivative financial instruments

Reducing Information Risk

how can information risk be reduced?

• user verifies information - user may go to the business and examine records and obtain information such as a physical count, but is often impractical to due to cost. IRS does this with tax returns. In acquisitions, company may hire an outside audit team to perform these tasks

• user shares information risk with management - management is responsible for providing reliable Information to users, legal issues may arise when decisions were made on false information

• audited financial statements are provided - most common way to obtain reliable information is to have an independent audit, external users like stockholders and lenders rely on such information to be as accurate as possible, audit assurance is valued because information is complete, accurate, and unbiased

Assurance Services

list and describe assurance services

assurance service: Is an independent professional service that improves the quality of information for decision makers

list the types of assurance services

• audit of historical financial statemetns

• certain management consulting

• internal controls over financial statements

• reviews

attestation services: a type of assurance service in which the CPA firm issues a report about a subject matter or assertion that is made by another party

List the types of attestations services.

• audit of historical financial statements

• audit of internal controls over financial reporting

• reviews of historical financial statements

• other attestation services that may be applied to a broad range of subject matters

audit of historical financial statements: a form of attestation service in which the auditor issues a written report stating whether the financial statements are in material conformity with accounting standards

• most common assurance service provided by CPA firms

• designed to provide reasonable assurance that statements are free of material misstatements

• publicly traded companies are required to have audits under the federal securities act and opinions can be found in their annual financial reports

internal control over financial reporting: an engagement in which the auditor reports in the effectiveness of internal control over financial reporting; such reports are required for accelerated filer public companies under SOX 404

• must attest to the effectiveness of internal control over financial reporting

review of historical financial statements: management asserts that the statements are fairly stated in accordance wiht accounting standards, the same as an audit, but a lower level of assurance is needed

• requires less evidence to perform

• requires less money

• but gives a lower assurance level

Types of Audits

what are the three main types of audits?

• operational audits: evaluates the efficiency and effectiveness of any part of an organization’s operating procedures and methods, gives recommendations for improving operations

• compliance audit: conducted to determine whether the auditee is following specific procedures, rules, or regulations set by some higher authority

• financial statement audits: conducted to determine whether financial statements are stated in accordance with specific criteria

describe the three types of audits.

operational audits - can evaluate the organizational structure, computer operations, production, marketing or any other area auditor is qualified in, effective and efficiency must meet established criteria, more like management consulting rather than auditing

compliance audits - determine whether personnel are following specific procedure set forth by controller, wage rates in compliance with min. wage laws, contractual agreements, mortages in compliance with governmental regulations, results are typically reported to management rather than outsiders

financial statement audits - looking for stated in accordance to accounting standards and regulations, gathers evidence to look for material errors or misstatements, must have extensive knowledge of company

Types of Auditors

identify the primary types of auditors.

• Certified public accountants: a person who has met state regulatory requirements, including passing the Uniform CPA exam, and thus has been certified; a CPA may have their primary responsibility the performance of the audit function on historical financial statements of commercial and noncommercial financial entities

• Government accountability office auditors: an auditor working for the US government accountability office (GAO), a nonpartisan agency in the legislative branch of the federal government, reports and is responsible solely to Congress, audits information prepared by federal government agencies before its submitted to congress evaluates the operational efficiency and effectiveness of federal programs

• Internal revenue agents: auditors who work for the IRS and conduct examinations of taxpayers returns, responsible for enforcing federal tax laws, solely compliance audits

• Internal auditors: auditors employed by a company to audit for the companies board of directors and management, can range from 1-100s, depending on the size of the company, involved in operational auditing or computer systems, reports directly to high executive office to remain independent from rest of business, outsiders don’t rely solely on internal audits because of the lack of independence

Requirements to Become A CPA

what are the requirements to become a CPA?

meet state requirements, pass the uniform CPA exam, keep up with continuing education

Chapter 3

Standard Unmodified Opinion

what are the 8 distinct parts of a standard unmodified opinion under AICPA standards?

1. Report Title: requires title, must include the word independent; independent auditors report or opinion; coveys that report was completed by an unbiased opinion

2. audit report address: addressed to who the report was prepared for; company, stockholders, or board of directors

3. opinion section: states the auditor’s conclusion based on results of the audit, under heading opinion, indicates firm that completed audit, lists documents audited, wording of financial statements should match the titles used in by management, stated as opinion, not a statement of fact, refers to framework used to complete audit

   1. controversially states present fairly, meaning the auditors do not believe users will be misled by information presented

   2. also means that they are in accordance with any guidelines

4. basis for opinion: states the audit was completed in accordance with GAAP, and refers to additional responsibilities taken on by firm, affirmation that firm is independent from the company, includes that auditor believes sufficient evidence has been obtained

5. management responsibility: describes management responsibility of the financial statements, includes selecting the appropriate principles and maintaining internal controls over financial reporting, free of material misstatements due to fraud or error

6. auditor’s responsibility: three paragraphs

   1. says the auditor is designed to obtain reasonable assurance about whether statements are free from material misstatements (fraud or error), search for material misstatements that could impact decisions, provides high level of assurance but not guarantee

   2. describes the scope of the audit and evidence collected about amounts and disclosures in the statements, includes procedures, assessment of the risk of material misstatements in statements, considers internal controls relevant to the preparation and fair presentation, evaluating appropriateness of accounting policies selected, reasonableness of accounting estimates, the overall statement presentation and ability of the company to continue as a going concern

   3. indicates that auditor communicates to those charged with governance the planned scope and timing of the audit as well as significant findings

7. signature and address of CPA firm: Identifies the cpa firm or practitioner who performed the audit, city and state included

8. audit report date: date of which the auditor completed the procedures, indicates the last day of auditors responsibility for the review of significant events that occured after the date of statements

Conditions to Issue a Standard Unmodified Opinion

what conditions are required to meet to issue an unmodified opinion?

1. all statements and disclosures are included in the financial statements

2. sufficient appropriate evidence has been accumulated, and conducted the engagement in a manner that enables him or her to conclude that the audit was performed in accordance with the applicable auditing standards

3. statements are presented fairly in all material respects in accordance with GAAP or other framework, disclosures also included

4. no circumstances requiring an emphasis of matter paragraph or modification of the wording or auditor’s opinion in the report

Emphasis of Matter Explanatory and Nonstandard Wording

what are the 5 circumstances where an emphasis of matter is required

1. lack of consistent application of principles; changes in principles, inventory valuation, mergers or additional companies added to statements, correction of errors

2. auditor agrees with departure from GAAP; auditor must be satisfied and explain why

3. substantial doubt about going concern for the company; recurring operating losses or capital deficiencies, inability for company to pay obligations, loss of major customers, catastrophes, legal proceedings

4. emphasis of other matters; existence of material related party transactions, important events occurring subsequent to balance sheet date, uncertainties disclosed in footnotes, major catastrophe with significant effect on financial positions

5. reports involving other auditors; makes no reference - other auditor is still liable for all information they audited, makes reference - shared opinion or report, qualify the opinion - states party will not be responsible for any of the information audited by someone else

Other Types of Reports and Opinions

what kind of opinions can be given if a standard unmodified opinion is not justified?

• qualified opinion: report issued when the auditor believes that the overall financial statements are fairly stated, but either the scope of the audit was limited or financial data indicated failure to follow gaap; modifications to the opinion paragraph and the basis for opinion; “except for” term must be used

• adverse opinion: used when auditor believes overall financial statements are so materially misstated or misleading they do not present fairly the financial position of the company

• disclaimer: Issued when auditor has been unable to satisfy that statements have been fairly presented; lack of knowledge

Examples of Modified Wording

Lack of consistency (changing depreciation methods, changing from LIFO to FIFO, cash to accrual basis) - unmodified opinion with explanatory paragraph

Substantial Doubt About Going Concern (worry of company going bankrupt) - unmodified opinion with explanatory paragraph

Auditor Agrees with Departure from GAAP (smaller private companies, legislation requiring new way of recording something) - unmodified opinion with explanatory paragraph

Emphasis of Matter (contingencies, date of opinions something happened between financial statement date to audit date) - unmodified opinion with explanatory paragraph

Reports Involving Other Auditors (foreign auditor did work that was material) unmodified opinion with a reference to other auditors in opinion and basis for opinion)

Materiality

materiality: a misstatement in the financial statements can be considered material if knowledge of the misstatement will affect a decision of a user of statements

what are the three levels of materiality?

• immaterial: unlikely to have an affect on decisions - unmodified opinion

• amounts are material but do not overshadow statements as a whole: would affect decisions, but statements are overall stated fairly, uses except for wording

• amounts are so material or pervasive that overall fairness of the statements is in question: could cause decision makers to make the wrong decision if relying solely on information, not accurate or reliable, the more pervasive, the chances of issuing an adverse or disclaimer instead of a qualified opinion increases

International Accounting and Auditing

US public companies are required to prepare financial statements that are filed with SEC compliance

Foreign companies listed on US exchanges are allowed to report under IFRS

Auditor’s basis for opinion must state what standards were used to conduct the audit

Chapter 4

Ethical and Unethical Behavior

ethics: set of moral principles or values

unethical behavior: differs than from what they believe is appropriate given the circumstances

Resolving Unethical Dilemmas

Ethical Framework (RIAACA)

1. obtain relevant facts

2. identify the ethical issues from the facts

3. determine who is affected by the outcome of the dilemma and how each person or group is affected

4. identify the alternatives available to the person who must resolve the dilemma

5. identify the likely consequence of each alternative

6. decide the appropriate action

Ethical Conduct Within Accounting

professionals - expected to conduct themselves at a higher level than most members of society, responsibility for conduct that extends beyond satisfying individual responsibilities and beyond requirements of society laws and regulations

public confidence - reassurance to the public that work is being done right, trust

Accountants work is used to make important business decisions and it is expected that they provide accurate and complete information

Content and Layout of AICPA Code

What is the purpose and the content layout of the code of conduct?

The code consists of principles and rules, in addition to interpretations, provide the framework for the rules that govern the CPA’s performance of professional responsibilities, interpretations address circumstances that members may face that are threats to compliance with rules of conduct

what are the parts of the code?

preface - all members, principles of professional conduct

part I - members in public practice, conceptual framework, rules and interpretations

part II - members in business, conceptual framework, rules and interpretation

part III - other members, rules and interpretations

Application of AICPA Code of Conduct

what are the principles of the code?

• responsibilities: in carrying out thier responsibilities as professional , members should exercise sensitive professional and moral judgements in all their activities

• public interest: members should accept the obligation to act in a way that will serve the public interest, honor the public trust, and demonstrate a commitment to professionalism

• integrity: to maintain and broaden public confidence, members should perform all professional responsibilities with the highest sense of integrity

• objectivity and independence: a member should maintain objectivity and to be free of conflicts of interest in discharging professional responsibilities. a member in public practice should be independent in FACT AND APPEARANCE when providing auditing and other attestation services

• due care: a member should observe the professions technical and ethical standards, strive continually to improve competence and quality of services, and discharge professional responsibility to the best of the members ability

• scope and nature of services: a member in public practice should observe the principles of the code of conduct in determining the scope and nature of services to be provided

threats to compliance

adverse interest: the threat that a member will not act with objectivity because the members’ interests are opposed to the attest client’s interests

• an officer, director, or significant shareholder participates in litigation against the firm

advocacy: the threat that a member will promote an attest client’s interest or position to the point that his or her objectivity or independence is compromised

• a member endorses an attest client’s services or products

familiarity: the threat that, due to a long or close relationship with an attest client, a member will become too sympathetic to the clients interests or too accepting of the clients work or product

• a members close friend is employed by the company, working for the company for many years, fall Into a routine and not diligent

management participation: the threat that a member will take on the role of an attest client management or otherwise assume management responsibilities, such as may occur during an engagement to provide nonattest services

• due to a loss of client personnel, the attest client asks a member firm to assist with accounting activities, including authorization of transactions, actively participation within the company and still completing the audit

self interest: the threat that a member could benefit, financially or otherwise, from an interest in, or relationship with, an attest client or persons associated with the client

• the member has a financial interest in an attest client, and the outcome of a professional services engagement may affect the fair value of the financial interest

self-review: the threat that a member will not appropriately evaluate the results of a previous judgement or service performed or supervised by the member or an individual in the member’s firm and that the member will rely on that service in forming a judgement as part of another service

• the members performs bookkeeping services for the attest client and then performs an audit on those financial statements

undue influences: the threat that a member will subordinate his or her judgement to an individual associated with a client or any relevant third party due to that individual’s reputation or expertise, aggressive or dominant personality, or attempts to coerce or exercise excessive influence over the members

• the client indicates that it will not award additional engagements to the firm if the firm continues to disagree with the client on an accounting or tax matter

applicability of rules of conduct

• integrity and objectivity: free of conflicts of interest, not knowingly misrepresent facts or subordinate his or her judgement to others

• independence: independent in the performance of professional services as required by standards promulgated by bodies of teh council

• general standards: undertake only assignments they can complete with professional competency and accuracy and completion, exercise due professional care, plan and supervise all engagements, obtain sufficient and relevant data to afford a reasonable basis for all conclusions or recommendations

• compliance with standards: a member who performs any accounting services shall comply with standards designated by the council

• accounting principles: follow standards by council in issuing reports about entities compliance with GAAP

• acts discreditable: a member shall not commit an act discreditable to the profession

• contingent fees: shall not perform for a contingent fee any professional service of the member also performs for the client an audit, review or certain compilations of financial statements or an examination of prospective financial statements, also shall not prepare an original or amended tax return or claim for a tax refund for a contingent fee for any client

• commissions and referral fees: member shall not receive or pay a commission or referral fee for any client an audit, review or certain compilations of financial statements or an examination of prospective financial statements, non prohibited commissions or ref fees must be disclosed of such fees to the client

• advertising and solicitation: shall not seek to obtain clients by advertising false, deceptive, or misleading information, solicitation by the use of coercion overreaching or harassment is prohibited

• confidential client informations: shall not disclose confidential client information without specific consent of the client

• form of organization and name: shall not practice under a nape that is misleading, all partners must be cpas to have cpa in the firm names

Independence

independence of mind: state of mind that permits the audit to be performed with an unbiased attitude (independent in fact, independence in appearance)

independence rule: a member in public practice shall be independent in the performance of profession services as required by standards promulgated by bodies designated by the council

SOX, SEC, PCAOB Requirements

Non audit services - SOX and SEC restrict but don’t eliminate all non-audit services

• bookkeeping and other accounting services

• financial information systems design and implementation

• appraisal and valuation services

• actuarial services

• internal audit outsourcing

• management or HR functions

• broker, dealer, investment advisor, or investment banker services

• legal and expert services unrelated to the audit

• any other service that the PCAOB determined by regulation is impermissible

CPA firms are not prohibited from performing services for private companies and public companies as long as the public company is not their audit client

Other regulations to be followed:

• must have audit committees involved

• designated cooling off period before auditor can take a job with a client company

• partner rotation - must change partners every 5 years

• fees must be paid before audits can take place

• auditors cannot have any ownership of client companies

Enforcement

• AICPA professional ethics division is responsible for investigating violations of the code and deciding disciplinary action

• unintentional violations result in a remedial or corrective actions

• second level of disciplinary action is action before the Joint Trial Board

• Joint Trial Board has authority to suspend or expel members from the AICPA for violations of professional ethics

Chapter 11

Objectives of Internal Controls

what are the three primary objections of effective internal control?

1. reliability of reporting

2. efficiency and effectiveness of operations

3. compliance with laws and regulations

reliability of reporting - management has a legal and professional responsibility to be sure the information they provide is correct and fairly presented; to fulfill these financial reporting responsibilities

efficiency and effectiveness of operations - controls encourage efficient and effective use of its resources to optimize the company’s goals; accurate financial and nonfinancial information about companies operation for decision making

compliance with laws and regulations - sox 404 requires all public companies to issue a report over their internal controls; as well as many other laws and regulation regarding all aspects of the business

Management vs Auditor Responsibilities

What do management responsibilities consist of?

1. establishing and maintaining the entiti’s internal control

2. preparation of financial statements

3. design and implementation must have reasonable assurance and inherent limitations

4. required by SOX 404, must issue an internal control report including a statement and assessment of effectiveness

what is the auditors responsibilities relating to internal controls?

1. must identify and asses risks of material misstatements

2. obtain an understanding of internal controls relveant to the audit and engagement

3. ensure controls over reliability of financial reporting and controls over classes of transactions

COSO Components

what does the CRIME acronym stand for?

1. Control Environment

2. Risk Assessment

3. Information and Communication

4. monitoring

5. existing control activities

Control environment: actions, policies, procedures reflecting overall attitudes of top management, directors, and owners

Risk Assessment: identifying and analysing risks that may prevent

Information and Communication: initiate, record, process, and report entities transactions and to maintain accountability for related assets

Monitoring: ongoing or periodic assessment of quality of internal control by management to determine controls are operating as they should be

Existing Control Activities: policies and procedures to ensure necessary actions are taken to address risks to achieve objectives

General Controls and Application Controls

general controls: apply to all aspects of the IT functions, including IT administration; separation of IT duties; system development; physical and online security over access to hardware, software, and related data; apply to entire entity and affect many different software applications

application controls: typically operate at the business process level and apply to processing transactions, such as controls over the processing of sales or cash receipts; only effective when general controls are effective

what are some examples of general controls?

• administration of IT function - CIO or IT manager reports to senior management and board

• separation of IT duties - responsibilities for programming, operations, and data control are separated

• system development - teams of users, system analysts, and programmers develop and test software

• physical and online security - access to hardware is restricted, passwords and users IDs limit access to software and data files, and encryption and firewalls protect data and programs from external parties

• backup and contingency planning - written backup plans are prepared and tested regularly throughout a year

• hardware controls - memory failure or hard-drive failure causes error messages on the monitor

what are some examples of application controls?

• input controls - preformatted screens prompt data input personnel for information to be entered

• processing controls - reasonableness tests review unit-selling prices used to process a sale

• output controls - the sales department does post processing review of sale transactions

Information Technology Systems and Internal Control

what are the types of IT systems and what do they do for internal controls

• local area networks (LANs)

• wide area networks (WANs)

• database management systems

• enterprise resource planning systems (ERPs)

LANS: networks that connect computer equipment, data files, software within a local area such as a building

WANS: networks that connect computer equipment, files, software across different geographical locations, businesses with offices around the world

database management systems: hardware and software systems that allow clients to establish and maintain databases shared by multiple applications

ERPS: systems that integrate numerous aspects of an organization’s activities into one accounting information systems