chapter 21 assurance, attestation, and internal auditing services mcgraw-hill/irwin copyright ©...

Chapter 21Chapter 21

Assurance, Attestation, and Internal Auditing Services

McGraw-Hill/Irwin Copyright © 2008 by The McGraw-Hill Companies, Inc. All rights reserved.

21-2

Assurance Services

Assurance services are independent

professional services that improve the

quality of information, or its context, for decision makers.

LO# 1

21-3

LO# 1

Assurance Services

21-4

LO# 1

Decision Model

21-5

Types of Assurance Services

Risk Assessment

Business Performance Measurement

Information System

Reliability

Electronic Commerce

Healthcare Performance

Measurement

PrimePlus

LO# 2

21-6

Attest Engagements

Attest services occur when a practitioner is engaged to issue or

does issue a report on subject matter, or an

assertion about subject matter, that is the responsibility of

another party.

LO# 3

21-7

LO# 3

Attest Engagements

21-8

Types of Attest Engagements

Attest Engagements

Examination

Review

Agreed-Upon

Procedures

LO# 4

21-9

Attestation Standards

Attestation Standards

General Fieldwork Reporting

LO# 5

21-10

General Standards

Adequate Technical Training & Proficiency

Adequate Knowledge of Subject Matter

IndependenceDue Professional

Care

Subject Matter Capable of Evaluation

LO# 5

21-11

Standards of Fieldwork

Adequate Planning & Supervised Assistants

Obtain Sufficient Evidence

LO# 5

21-12

Standards of Reporting

Identify Subject Matter or Assertion

State Conclusion

State Significant Reservations

Restricted Use of Report in Certain Circumstances

LO# 5

21-13

Reporting on an Entity’s Internal Control over Financial Reporting

The Federal Deposit Insurance Corporation Act of 1991 requires that the management of large financial institutions issue a report on the effectiveness of the

institution’s internal control and that they engage accountants to attest to management’s report.

The Sarbanes-Oxley Act of 2002 imposed similar requirements on all publicly held

companies.

LO# 6

21-14

Conducting an Engagement

Necessary Conditions

1. Management of the entity accepts responsibility for the effectiveness of the entity’s internal control.

2. The responsible party evaluates the effectiveness of the entity’s internal control using suitable criteria (referred to as control criteria).

3. Sufficient competent evidence exists or could be developed to support the responsible party’s evaluation.

4. Management provides to the practitioner its written assertion based on control criteria referred to in its report.

LO# 6

21-15

Financial Forecastsand Projections

Auditors have been asked to provide assurance with respect to prospective financial statements. The

practitioner can examine, apply agreed-upon procedures, or compile the prospective financial statements if such statements are expected to be

used by a third party.

LO# 7

21-16

LO# 7

Standard Forecast

21-17

LO# 7

Standard Projection

21-18

LO# 7

Agreed-Upon Procedures

21-19

LO# 7

Standard Compilation

21-20

Accounting and Review Services

Compilations Reviews

Many nonpublic businesses do not need an audit of their financial statements. However, these entities may employ a CPA to assist with preparing their

financial statements, tax returns, or other financial documents.

LO# 8

21-21

LO# 8

Levels of Assurance

21-22

Compilation of Financial Statements

A compilation is defined as presenting, in the form of financial statements, information that is the representation of management or owners

without expressing any assurance on the statements.

Compilation with Full

Disclosure

Compilation that Omits

Disclosures

Compilation when CPA

is not Independent

LO# 8

21-23

LO# 8

Compilation with Full Disclosure

21-24

LO# 8

Compilation Without Disclosures

21-25

Review of Financial Statements

A review is defined as the performance of inquiry and analytical procedures to provide the accountant with a reasonable basis for

expressing limited assurance that no material modifications should be made to the

statements in order for them to conform to GAAP (or other comprehensive basis of

accounting).

LO# 8

21-26

Review of Financial Statements

A Review Involves

1. Obtain knowledge of the accounting principles and practices of the industry and an understanding of the entity’s business.

2. Obtain a general understanding of the entity’s organization, its operating characteristics, and the nature of its assets, liabilities, revenues and expenses.

3. Ask the entity’s personnel questions.4. Perform analytical procedures. 5. Read the financial statements to determine if they conform to

GAAP.6. Obtain reports from other accountants, if any.7. Obtain a representation letter from management.

LO# 8

21-27

LO# 8

Standard Review

21-28

Conditions That May Result in Modification of a Compilation or

Review Report

Departure from GAAP

Going-Concern

Uncertainty

LO# 8

21-29

LO# 8

Review with GAAP Departure

21-30

Internal Auditing

Internal auditing is an independent, objective assurance and consulting activity designed to add value and

improve an organization’s operations.

It helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate

and improve the effectiveness of risk management, control, and governance processes.

LO# 9

21-31

Institute of Internal Auditors (IIA) Standards

Standards and Ethics

Practice Advisories

Practice Aids

The IIA oversees and sets standards for internal auditing internationally.

LO# 9

21-32

IIA Code of Ethics

Principles

Integrity

Objectivity Confidentiality

Competency

LO# 9

21-33

Internal Auditors’ Roles

Evaluating Risks and Controls

Reviewing Compliance

Financial Auditing Operational Auditing

LO# 9

21-34

LO# 9

Internal Audit Function

21-35

Interactions between Internal and External Auditors

Some of the work performed

by internal auditors is

directly relevant to the

work of the independent

auditor.

Before relying on the work of

internal auditors, the

external auditor must evaluate

the internal auditors’

objectivity and competence.

LO# 9

21-36

Trust Services

Security

Availability

Processing Integrity

Online Privacy

Confidentiality

Five Principles Five Principles of Trust of Trust ServicesServices

LO# 10

21-37

WebTrust Services

CPA WebTrust

Assurance Servicesrelating to Electronic Commerce

LO# 11

21-38

SysTrust Services

SysTrust

Assurance Servicesrelating to Information Systems

LO# 12

21-39

PrimePlus Services

CPA PrimePlus Services

Consulting/Facilitating Services Direct Services

Assurance Services

LO# 13

21-40

End of Chapter 21