cpa - aud notes

AUD CPA Notes

Copyright belongs to Maggie’s CPA Notes

Please do not distribute illegal copies.

2007‐2008 [THANK YOU FOR USING MAGGIE’S CPA NOTES]

1

Chapter 21 Standards and Related Topics

Chapter 22 Planning

Chapter 23 Internal Control

Chapter 24 Evidence and Procedures

Chapter 25 Audit Programs

Chapter 26 Statistical Sampling

Chapter 27 Audit IT System

Chapter 28 Reports on Audited Financial Statements

Chapter 29 Other Auditing Standards

Chapter 30 Other Types of Reports

Chapter 31 Other Services


2

Chapter 21 Standards and Related Topics

SUMMARY ***Memorize***

TIP

i. Independence – must put in writing to the audit committee 1) Audit: reasonable assurance, independence required 2) Review: limited assurance, independence required 3) Compilation: no assurance, do not require independence

ii. SOX 1) Rotate lead audit partner on audit every 5 years 2) Prohibit auditing if the auditor in the previous year becomes CEO, controller… 3) Require audit committees to be directly responsible for 1) hiring the auditor 2) compensate

auditor 3) oversee auditors’ work. Audit firm can perform tax service as well with AC’s approval.

QUALITY CONTROL A Acceptance and Continuance of Clients and Engagements I Independence, Integrity, and Objectivity C Continuous Monitoring P Personnel management A Assurance regarding Engagement Performance

The nature and extent of a CPA firm’s quality control depend on 1) the firm’s size 2) the nature of the firm’s practice 3) cost-benefit

General Standards

Standards of Field Work

Standards of Reporting

Implicit


3

***Memorize***

Before accepting a new client, need to communicate with Predecessor Auditors 1. The integrity of management 2. Disagreements between the predecessor and management on accounting principles, auditing

procedures, or other significant matters 3. The predecessor’s understanding about why there was a change in auditors; 4. Predecessor communications to audit committees (or similar authorities) regarding internal control

related matters, illegal acts by clients, and fraud.

POINTS SEE - Evidence – sufficient appropriate evidence Quality control is not part of GAAS, GAAS is the measures of auditors’ performance A successor auditor usually need/can review virtually all the predecessor’s WP


4

Chapter 22 Planning (25%)

SUMMARY

FRAUD i. Fraud risk factors

1. High turnover 2. Rapidly changing technology 3. Chang = risk 4. Aggressive earnings projections 5. Considerable competition 6. Negative cash flows 7. Off-shore holding companies

ii. Procedures to detect fraud 1. Unpredictable audit tests 2. Consider possibility & design Procedures to test management override of controls 3. Examine management estimates, year-end entries, unusual entries

iii. Auditor’s responsibilities:

Document the auditor’s response to any fraud risk factors found and evaluation in w/p

iv. Procedures after detecting fraud – always significant, despite of materiality 1. Inform BOD or AC (those charged with governance) 2. Serious breakdown in controls 3. Consult legal counsel

v. Communication of fraud/illegal action

1. Legal/Regulation requirement 2. Successor auditor 3. In response to a subpoena 4. Funding agency

ILLEGAL ACTS i. Auditor’s responsibilities:

Evaluate risk factors and give reasonable assurance that there are no illegal acts that have a direct effect on the f/s

ii. Procedures after detecting illegal acts 1. Inform AC (those charged with governance) 2. Consider impact on evaluation of management integrity 3. Consider impact on audit report 4. Consider withdrawal from engagement 5. Consult legal counsel


5

UNDERSTANDING WITH CLIENTS – ENGAGEMENT LETTER ***Read***

i. Objective of the engagement

ii. Management’s responsibilities:

(1) f/s as well as the selection and application of accounting policies; (2) Establishing and maintaining effective IC; (3) Identification and compliance with applicable laws and regulations; (4) Making all financial records and related information available to the auditor, (5) Adjusting the financial statements to correct material misstatements (6) Provide the auditor with management rep letter

iii. Auditor’s responsibility

(1) Reasonable assurance (2) Obtain understanding of IC

iv. Limitations of engagement

(1) Not designed to provide assurance on IC (2) If fraud is discovered – report to AC

***Read*** INFORMATION COMMUNICATED WITH AC

1. Significant matters related to internal control. 2. Selection of or changes in significant accounting policies. 3. Management’s process in making accounting estimates. 4. Adjustments arising from the audit that could have a significant impact on the financial statements. 5. Any disagreements, whether or not resolved, with management about matters that, individually or in

the aggregate, could have a significant impact on the f/s 6. Any serious difficulties encountered in dealing with management related to the performance of the

audit. 7. Responsibility for other information in documents containing f/s. 8. Any consultations management had with other accountants about accounting and auditing

matters. 9. Any major issues discussed regarding initial or recurring retention of the auditor. 10. Uncorrected misstatements

POINTS During the initial planning phase, auditors will discuss with mgt the NET of the audit work If specific information comes to the auditor’s attention that provides evidence concerning the existence of

possible illegal acts that could have a material indirect effect on the financial statements, the auditor should apply audit procedures specifically directed to ascertaining whether an illegal act has occurred.

Draft of audit program addressing NET is required


6

Chapter 23 Internal Control (15%)

SUMMARY i. Understanding Entity and its environment (SEE) affect the

Nature if IC is weak, CR high, use ↑ outside evidence Extent of audit procedures if IC is weak, need to gather more evidence Timing if IC is weak, testing will have to be done at

YE instead of interim (substantive tests vs. TOC)

***Memorize***

ii. Internal control components (CRIME)

Control Activities – policies and procedures- Paid Tips 1. Pre-numbering documents 2. Authorization of transaction 3. Independent checks 4. Documentation 5. Timely and appropriate performance review – budget variance 6. Information processing controls - ITGC 7. Physical controls 8. Segregation of duties (ARC)

Authorization Record Custody

Risk Assessment – risk facing the entity instead of auditor CR Information and Communications – accounting system Monitoring Control Environment – tone of the org, e.g. management’s attitude

iii. SOD for IT

1. Control group 2. Operators 3. Programmer 4. Analyst 5. Librarian

iv. Documentation - required in WP to be retained for at least 7 years per SOX

1) Understanding of CRIME of IC 2) Sources of information 3) Risk assessment procedures performed


7

v. Changes of controls

Must be tested in current audit It no change, must be tested at least every 3 years, more often if significant

***Memorize*** STEPS IN THE AUDIT – (MEMORIZE!!)

1) Establish understanding with client Services to be performed Objective of the audit Limitations(reasonable assurance) Space / Staffing requirement Fees Auditor / management’s responsibilities

2) Obtain understanding of entity and its environment, including its IC NET Risk assessment procedures

3) Assess risk of material misstatement in f/s assertions – IR, CR 4) Design and perform audit procedures to address the risk of material misstatement

Test of controls Substantive tests

5) Evaluate audit evidence 6) Form opinion and issue report – public company, w/p reviewed by a 2nd partner 7) Understand IC Control risk assessment Perform Toc Assess Results Substantive

testing

***Memorize*** IC QUESTIONNAIRE – see P9 week 3

1. Bonding – insurance policy

Lower risk if bonding b/c 1) will recover, 2) investigated by insurance co. 2. Approval 3. Numeric checks – pre-numbered 4. Cross-checks 5. Internal audit function 6. Separation of duties 7. Mechanical devises – physical access 8. Other 9. Personnel policies - Rotate, mandatory vacation


8

SIGNIFICANT DEFICIENCIES AND MATERIAL WEAKNESS Auditors are not required to search for significant deficiencies / material weakness, but may report to

management / governance if find any (implicitly) If mentioned in the report, should state that the auditor is not expressing an opinion on IC. Need to report in each audit regardless of previous communication Written communication should be no later than 60 days following report release date Control deficiency report: Significant deficiency report: Material weakness (more and more serious)

TRANSACTION CYCLES i. Purchase and AP

Factory User Prenumbered Stores Requisition

Storeroom Prenumbered Purchase Requisition (PR)

Purchasing Dept Prenumbered PO Vendor

Receiving Dept Receiving Report (RR)

Prenumbered, 3-copy voucher package AP Dept

Record transaction in AP sub-ledger Approve Payments

General Accounting Treasury Dept Sign & Send Check

Cancel files voucher package

Vouch (work backwards) Existence Trace (work forwards) Completeness

ii. Sales and AR

Department Documents Sales Prenumber Sales Order Credit (Authorization) Credit Approval (Valuation) Shipping (Custody) Shipping Documents (BOL) Billing (Record) Prenumber Invoices Accounting (Record) Record transaction in Sales/AR sub-ledger

Blind

#s Received Filled in


9


10

POINTS

Immediately upon receiving checks from customers by mail, a responsible employee should prepare a duplicate listing of checks received

Audit evidence concerning segregation of duties ordinarily is best obtained by observing the employees as they apply control procedures

Debit Memo – AP; Credit memo – AR The person who last signs the checks should keep control of them until they are mailed. All receipts for goods, including returned goods or materials, should be handled by the receiving clerk. Analytical procedures and confirmations are usually for substantive tests. AP department do 3-way match


11

Chapter 24 Evidence and Procedures (35%)


AUDIT PROCEDURES i. Test of controls

1. Observation 2. Inquiry 3. Inspection 4. Re-perform procedures

ii. Substantive tests 1. Analytical procedures 2. Tests of details 3. Confirmation

EVIDENCE - (3rd Standard of field work SEE) 1. Sufficient 2. Appropriate

Relevant Reliable

1. From outside 2. Client has a strong IC structure 3. Obtained directly by the auditor 4. Exists in documentary form 5. Original documents

Generated Circulated Example Level 1 Externally Externally Bank confirmation Auditor’s direct knowledge Level 2 Externally Internally Bank statement External evidence Level 3 Internally Externally Cancelled checks Internal evidence Level 4 Internally Internally PO, receiving reports Oval evidence

Audit evidence obtained directly by the auditor (e.g. observation, confirmation, calculation) is more

reliable than audit evidence obtained indirectly or by inference (outside)

INTERNAL AUDIT Internal auditors cannot be used to make judgement/assessment (e.g. assess IR and CR ) In performing an audit, the auditor may request direct assistance from the internal auditors, in obtaining

an understanding of the internal control structure or in performing tests of controls or substantive tests. Competence – educational background Objectivity – level to report, scope


12

***Memorize***

MANAGEMENT REPRESENTATIONS 1. FS fairly presented in conformity with GAAP 2. Availability of financial records and minutes 3. No Noncompliance or deficiencies in financial reporting practices 4. No material misstatement 5. No fraud 6. No plan/intention of affecting CV of asset/liability 7. No material misstatement of Related party, guarantee, uncertainties 8. Material Violation of laws, contingencies 9. Title of ownership of assets, any collateral 10. Compliance of contractual agreements 11. Management’s belief of no material misstatements, no unrecorded subsequent events *dated the same date as the audit report

ANALYTICS

Analytics Commonly used Required by GAAS Planning stage X XSubstantive test X ‐Review stage X XTest of controls ‐ ‐

Analytical procedures alone may provide the appropriate level of assurance for some assertions. Analytical procedures used in planning an audit generally use data aggregated at a high level Analytical procedures used in planning an audit should focus on enhancing the auditor's understanding of

the client's business

POINTS CPA owns w/p, but needs client’s permission to show to a third party Un-reconciled differences between control and subsidiary accounts causes an auditor to suspect that

material misstatements exist in a client's financial statements. Specialist work: The auditor should obtain an understanding of the methods or assumptions used by

the specialist and evaluate whether the specialists findings support the related assertions in the financial statements. The work of a specialist who has a contractual relationship with the client may be acceptable under certain circumstances

Normally, the auditor should not refer to the work or findings of the specialist, specially for standard qualified opinion.

1. Unqualified Opinion, Standard Report No reference to the specialist. 2. Unqualified Opinion, Explanatory Paragraph Added to Report Refer to specialist in explanatory paragraph only if

doing so will help clarify the reason for the explanatory paragraph. 3. Qualified or Disclaimer of Opinion Scope limitation, the auditor is unable to obtain sufficient, competent evidential

matter—No reference to the specialist. 4. Qualified or Adverse Opinion Auditor concludes there is a departure from GAAP—Refer to specialist in explanatory

paragraph only if doing so will help clarify the reason for the qualification or adverse opinion.


13

Chapter 25 Audit Programs

SUMMARY

SUBSEQUENT EVENTS 1. Type 1

Conditions existed at balance sheet date Require adjustment to f/s Dual dating (if disclosed) is required in order to extend responsibility only to the subsequent

event No change of dating is required if just adjust f/s numbers instead of disclose in notes

2. Type 2 Conditions did not exist at b/s date May require disclosure, no adjustments Dual dating is required for

- Casualty losses - Purchasing a business or selling off a component of business - Issuance of stock - Issuance of debt

***Memorize*** How to look for subsequent events - MIRACL

1. Management representation letter (dated same date as auditor’s report) 2. Inquire – significant ∆ in c/s, LTD, contingent liability 3. Read - minutes, interim f/s 4. Any changes to assets or liability valuations 5. Proper Cut-offs 6. Obtain Legal letter

POINTS Observation of inventory could be performed before b/s date Positive confirmation is the best evidence for AR Lapping - the theft of one customers payment and subsequently crediting the customer with payment

made by another customer. SOD is the best way to deter it. Test of credit approval is for the assertion of Valuation or allocation (AFDA) Auditors review the reconciliation of payroll tax form to identify potential liability for unpaid payroll taxes


14

Chapter 26 Statistical Sampling

SUMMARY

TYPES OF SAMPLING 1) Attribute sampling

Test of control Test for certain attribute or characteristic

2) Variable sampling Substantive tests Estimate the dollar value, how much vary from a stated amount Variability ↑ uncertainty, ↑ sample sizes Use Standard Deviation as a measure

NORMAL DISTRIBUTION

Every item has an equal chance of being selected

SAMPLING METHOD 1) Mean-per-unit Estimation

Population Total = Audited Sample total value / sample size * population size

2) Ratio Estimation Ratio = Audited Sample total value/Book Sample value Population value = Ratio * Book Population value

3) Difference Estimation

[Difference b/w audit value & BV] / Size (S) * Size (P) + Book Value (P)

4) Projection: 68%/95% of population within 1/1.96 standard deviation of mean SD = SE2

Population Value = Estimated Population Value ± # of SD* Standard Error*Population Size

50% 50%

Mean

Point Estimate


15

SAMPLING STEPS 1) Define the population 2) Choose method 3) Determine sample size 4) Determine acceptable risk level

Select the random sample Audit the random sample Evaluate the results Document the procedures

RISK - AR = IR*CR*DR AR, DR, IR, CR + Sampling Risk

SAMPLING RISK

1) Alpha risk Test of Control: Risk of under-reliance – too much substantive testing Substantive Test: Risk of incorrect rejection – was correct, give qualified opinion

2) Beta risk Test of Control: Risk of over-reliance – too little substantive testing Substantive Test: Risk of incorrect acceptance – was incorrect, give unqualified opinion

Sample Size Expected Deviation rate (Variability) / Expected amount of misstatement

Direct (higher variability, larger size)

Tolerable deviation Rate / Tolerable Misstatement Rate

Inverse (lower %, larger size)

Assess risk of assessing control risk too low / Assess misstatement risk (1 less assessed risk = confidence level)

Direct (higher assessed risk, larger size)

Allowable risk of assessing control risk too low / Allowable misstatement risk

Inverse (higher risk willing to assume, smaller size)

Population size Almost no effect if >5,000 Achieved upper precision limit = Observed sample rate + Allowance for sampling risk Increase planning CR if Achieved upper precision limit > Tolerable rate


16

PPS - Probability-proportional-to-size PPS is a form of variables sampling that uses attribute sampling theory for substantive testing. The sampling unit is the individual dollar in an account balance. PPS sampling has two unique properties.

1. Stratification - The audit population is stratified automatically by monetary value. 2. Overstatements - Larger dollar amounts have a higher probability of being selected. Therefore,

overstatements are more likely to be detected than understatements. 3. Not appropriate for liability account

***Memorize*** Example: 1) Determine Reliability factors of errors by check the table (risk of incorrect acceptance % & # of

misstatement allowed) 2) Sampling interval = Tolerable misstatement ($) / Reliability factor 3) Sample size = BV of population ($) / sampling interval

* Assume Expected misstatement rate = 0

***Memorize***

Projected misstatements - PPS

If Recorded Amount of mistaken sample < Sampling interval Projected misstatement = Error (∆ b/w record & actual audit) / Record Amount * Sampling Interval

If RV>Sampling interval Actual Error

POINTS

Weakness of randomness: if the population has a pattern, may obtain misleading results Stratified sampling – split a highly variable population into two populations to reduce variability Discovery sampling – type of attribute sampling, a predetermined probability of discovering one

item, used with critical items when expected error rate is very low – used for fraud Decide to increase the allowable risk of incorrect rejection (Alpha) – Less work to do, when

1) Decreased reliability from the sample is desired 2) Few differences (audit value minus recorded value) are expected. 3) Initial sample results support the planned level of control risk 4) The cost and effort of selecting additional sample items is low


17

Chapter 27 Audit IT System

SUMMARY

TYPES OF CONTROL

i. General control ii. Application control

1) Input Properly Initiated, authorized, and approved Check digits, valid character checks, self-checking, control totals, harsh totals, error log

2) Processing Limit and reasonableness test (e.g. salary range of staff vs. management)

3) Output Control totals, error log

TWO BASIC AUDIT APPROACHES

1) Around the computer (Black Box)

Look at source documents & output reports Evaluate results by infer what the computer must be doing Batch system only

2) Through the Computer (Electronic Trail) Batch or online system Build-in electronic trail

***Memorize*** Test deck (test data) – use auditor data on client computer (test invalid conditions) Parallel simulation – use client data on auditor’s computer Integrated test facility – test data is commingled with live data

GENERALIZED AUDIT SOFTWARE - STEVSIC

Select & print records Test extensions & footings Examine records Verify math accuracy Summarize information Isolate duplicate records Compare files or fields


18

POINTS

Utility programs are used to perform tasks such as copying, sorting, merging, and printing. This type of software is usually easily accessible and can lead to unauthorized changes if not properly controlled.

A computer log provides evidence as to which employees used the computer system and the operations performed by them. As a result, the computer log will protect against unauthorized use of the IT system, and it will provide an audit trail.

When an auditor anticipates assessing control risk at a low level in a computerized environment, generally, the auditor initially would focus on general control procedures

When a client processes financial data in electronic form without paper documentation, the auditor may audit on a more continuous basis than a traditional system

Never combine Computer operators (key in data) vs. computer programmer Security administrators vs. computer operators and computer programmers

Internal control is considered ineffective when computer department personnel can: (1) originate or correct transactions, (2) authorize transactions, (3) prepare the initial data, (4) maintain custody or control over non-EDP assets, (5) authorize a change in controls, or (6) originate master file changes.

Preventive controls are generally more important than detective controls in EDI systems because of the speed with which goods and services are delivered.

The purpose of an audit trail would be to 1) monitor the system, 2) answer queries, and 3) deter fraud.

A parity check is an extra bit attached to the end of a string of bits to detect errors resulting from electronic interference when transmitting the string.

Embedded audit modules are coded into a clients application to collect data for the auditor.


19

Chapter 28 Reports on Audited Financial Statements

SUMMARY

STANDARD UNQUALIFIED OPINION ***Memorize***

A. Title (“Independent” must be included) B. Addressee (report to the company, stockholders, BOD, not management) C. Introductory paragraph

- A statement that f/s is audited - A statement that f/s are the Responsibility of the management and that the auditor’s Responsibility

is to express an opinion D. Scope paragraph

- A statement that the Audit was conducted in Accordance with US GAAS - A statement that the audit was Planned and Performed to obtain reasonable assurance that the f/s

are free from Material Misstatement - Statements that the audit included Examining Evidence on a test basis; Assessing the Accounting

principles used and significant estimates Made by Management; and evaluating the overall presentation;

- A statement that the audit provides a reasonable basis for an opinion


20

E. Opinion paragraph - A statement referring to the f/s identified in the introductory paragraph - An opinion as to the fair presentation of f/s (ACDE) - A statement regarding conformity with US GAAP (ACDO)

F. Reporting Date ‐ The date of completion of fieldwork is used

MODIFIED UNQUALIFIED OPINION

- Add explanatory paragraph after opinion paragraph 1. Emphasize a matter 2. Change in GAAP (Justified) 3. Change in reporting entity 4. Correction of an error 5. Change in principle inseparable from a change in estimate 6. Departure from GAAP (Justified) 7. Supplementary information problem 8. Uncertainty (if not material, standard unqualified, disclaimer if very material) 9. Going concern (if not material, standard unqualified, disclaimer if very material) 10. Change of estimates

OTHER OPINIONS

i. GAAP Problem Opinion Situation Introductory Scope Explanatory Opinion Qualified Material - - Before

opinion “Except

for” Adverse Very

material - - Before

opinion Modified

***Memorize*** Qualified opinion paragraph In our opinion, except for the effects of xxx as discussed in the preceding paragraph… Adverse opinion paragraph In our opinion, because of the effects of the matters discussed in the preceding paragraphs, the financial statements referred to above do not present fairly, in conformity with U.S. generally accepted accounting principles, the financial position of X Company as of xxx, or the results of its operations or its cash flows for the years then ended.

ii. GAAS Problem Opinion Situation Introductory Scope Explanatory Opinion Qualified Material - “Except

for” Before opinion

“Except for”

Disclaimer Very material

Modified Omitted Before opinion

Modified

***Memorize***

Qualified Scope paragraph

Except as discussed in the following paragraph, we conducted our audit Opinion paragraph


21

In our opinion, except for the effects of xxx/omission of information as discussed in the preceding paragraph…

Disclaimer Introductory

We were engaged to audit …. Responsibility of the Company’s management (Omit audit’s responsibility sentence)

Opinion Since we were not able to apply other auditing procedures to satisfy ourselves as xxx, the scope of our work was not sufficient to enable us to express, and we do not express, an opinion on these financial statements.

EXPLANATORY LANGUAGE i. Other auditors’ work

Always inquire the professional reputation and independence of the other auditor 1) Assume responsibility

Review WP and audit programs of the other auditor. No mention / reference of other auditor in the auditor’s report

2) Divide responsibility Usually happened when the principal CPA cannot review w/p of the other Mention / reference the other auditor, but not the exact name of the auditor All paragraph modified


22

ii. Comparative statements ***Memorize***

1) Update last year’s qualified/adverse opinion when client has corrected them

Intro/Scope – No change Add explanatory paragraph before opinion paragraph

Date of old opinion What the old opinion was Reason why we gave a qualified/adverse opinion Changes made New opinion

2) Prior year was audited by other auditors a) Reissue predecessor auditor’s report w/ permission, predecessor has responsibility to:

Review financials to confirm #s have not changed Letter from successor auditors to predecessor auditor stating: no events have occurred this year

that would affect the prior year’s #s

b) Modify introductory paragraph if not allowed to reissue Prior year Date of prior year opinion Type of opinion If qualified or adverse, give reason

GOING CONCERN

Factors to mitigating the GC – management plans: ***Memorize***

1) Dispose of assets 2) Borrow money or restructure debt 3) Reduce / delay expenditures 4) Increase ownership equity - issue shares

The accompanying financial statements have been prepared assuming that the Company will continue as a going concern. As discussed in Note X to the financial statements, the Company has suffered recurring losses from operations and has a net capital deficiency that raise substantial doubt about its ability to continue as a going concern. Management’s plans in regard to these matters are also described in Note X. The financial statements do not include any adjustments that might result from the outcome of this uncertainty.

If substantial doubt about the GC existed at the date of prior period f/s that are presented on a comparative basis, and that doubt has been removed in the current period, the explanatory paragraph included with the auditor’s report should not be repeated


23

POINTS Piece meal opinion (e.g. AR is misstated, but AP is ok) is not allowed, but different opinion for different

statement, or opinion on only 1 statement engagement is ok. Confirming w/ third party the details of arrangements to maintain financial support may indicate

substantial doubt of GC If lack of independent Disclaimer Very Material effects of GC & Uncertainty Disclaimer, if GC not disclosed adequately qualified /

adverse If the auditor is engaged to audit the financial statements of a company that is not the auditors client, the

report should be addressed to the client (engage company) and not to the directors or stockholders of the company being audited.

When there is a change in the accounting principles referred to the change in an explanatory paragraph, identify the nature of the change, and refer the reader to the note in the financial statements that discussed the change in detail.

When an auditor qualifies an opinion because of a scope limitation, the opinion paragraph should indicate that the qualification pertains to the possible effects on the financial statements and not to the scope limitation itself.

The predecessor auditor should, before reissuing a report, obtain a letter of representation from the successor auditor & management.

Auditor is not required to audit supplementary information unless it’s omitted/material deficiency


24

Chapter 29 Other Auditing Standards

SUMMARY

PCAOB - Standards of the Public Company Accounting Oversight Board Auditor must retain w/p for at least 7 years for public company vs. 5 years for other audit/review Completion of audit file

Public: 45 days of audit report release date Private: 60 days of audit report release date

If a material weakness continues to exist, it must state in the report, and communicated to AC (for both material weakness and significant deficiencies, and distinguish them), ICOFR if no report is issued. Also, an auditor cannot issue a qualified opinion. Can only be unqualified, adverse, or disclaimer.

GOVERNMENT AUDITING GAO (Government Accountability Office) is responsible for promulgating GAS (Governmental Auditing

Standards) CPA firm audits in accordance with GAS need external quality review at least once every 3 years

***Memorize***

GAS requires: 1. A statement of the views of the responsible officials concerning the auditor’s findings in the

auditor’s report if it discloses deficiencies in internal control, fraud, illegal acts, violations of contracts or grant agreement provisions, or abuse.

2. A statement of indications of illegal acts discovered during the audit. 3. A written report

o The assertion that evaluating compliance with laws, rules, and regulations with a direct and material effect on the f/s is part of developing an opinion on f/s

o The assertion that specific controls relating to financial reporting are considered o An indication that either no weakness was found or reportable conditions were found, and

separately indicate material weaknesses from other significant deficiency.


25

POINTS

An auditor’s procedures are not part of a company’s ICOFR. It’s possible for an effective ICOFR and still has material weakness.


26

Chapter 30 Other Types of Reports


FIVE TYPES OF SPECIAL REPORTS

- Include reference to the note about the special basis i. F/S that are in conformity with an Other Comprehensive Basis Of Accounting (OCBOA) –

General Use Four types of OCBOA

1) Cash basis 2) Income tax basis 3) Price level basis 4) Regulatory basis

Auditor’s Report

Introductory Balance sheet replaced by “Statement of Assets & Liabilities” Income statement “Statement of Revenue collected & Expenses Paid” No statement of cash flows

Scope: Same Explanatory

Before opinion Explain the basis of account (reference to note) & state “This is an OCBOA”

Opinion: State if statements are in conformity with OCBOA

ii. Specified elements, accounts, or items within the F/S

Introductory We have audited xxx (specific schedule instead of f/s)

Scope: Same except change name of what has been audited Explanatory

Before opinion Opinion:

Restricted use: “This report is intended solely for the information and use of xxx”

iii. Compliance with contractual or regulatory requirements Introductory

Not mention auditor/management’s responsibility Scope: Omitted


27

Opinion: Negative assurance– independence required

“Nothing came to our attention that would cause us to believe the f/s were not in conformity with GAAP”

“However, it should be noted that our audit was not directed primarily toward obtaining knowledge of such noncompliance.”

Restricted use

iv. Incomplete Presentation Introductory

We have audited xxx (specific schedule instead of f/s) Mention auditor/management’s responsibility

Scope Explain what auditor did

Explanatory Before opinion Intention of schedule

Opinion: Conformity with GAAP / OCBOA Restricted use

v. F/S presented in a prescribed form

Responsibility paragraph A scope paragraph An explanatory paragraph similar to an incomplete presentation otherwise in conformity with

GAAP A paragraph that includes a description and the source of significant interpretations made by

management An opinion paragraph A paragraph restricting the distribution of the report

AUDITOR SERVICE FOR IC/OTHER SPECIAL PURPOSE REPORTS Independence not required The user auditor should make inquiries concerning the service auditor's professional reputation The user auditor should not make reference to the service auditor's report as a basis for her/his

own opinion on the user organization's financial statements.

LETTERS TO UNDERWRITERS (COMFORT LETTERS)

In Conjunction with IPO Not required by, nor filed with SEC; merely standard practice Addressed to underwriter, signed by auditor Negative assurance for unaudited interim information– independence required

“Nothing came to our attention that would cause us to believe the f/s were not in conformity with GAAP”

Never repeat opinion on f/s in this letter


28

Chapter 31 Other Services

SUMMARY

Compilation and Review follow SSARS (Statements on Standards for Accounting and Review Services) instead of GAAS

COMPILATIONS

Limited to presenting f/s Only for non-public entities Independence not required, but lack of independence must be stated, but the reason should not be

stated No management representation letter If omission of required disclosure, then add buyer beware paragraph (do not express opinion)

“The financial statements are not designed for those uninformed about the omitted disclosures” Each page is stamped, “see accountant’s compilation report”

***Memorize***

Sample report We have complied the accompanying balance sheet of XYZ Company as of xxx, and the related statements of income, retained earnings, and cash flows for the year then ended, in accordance with Statements on Standards for Accounting and Review Services issued by the American Institute of Certified Public Accountants A compilation is limited to presenting, in the form of f/s, information that is the representation of management (owners). We have not audited or reviewed the accompanying f/s and, accordingly, do not express an opinion or any other form of assurance on them.

REVIEW 1. Procedures

Inquire Analytical

2. Review of public company

Interim only Follow GAAS instead of SSARS Inquiries and analytical (inquiry of lawyer & GC not required, include minutes review) Obtain management representation letter Require sufficient understanding of client’s IC Limited assurance – negative assurance GAAP problem: add explanatory paragraph before opinion paragraph GAAS problem does not require modification


29

3. Review of non-public company Follow SSARS, not GAAS Not required to obtain Understanding of IC Perform inquiries and analytical Obtain management letter GAAP problem: add explanatory paragraph after opinion paragraph, withdraw if significant GAAS problem does not require modification Limited assurance after disclaimer General use Each page is stamped “See Accountant’s Review Report”

***Memorize*** Sample report

Independent Accountant’s Report We have reviewed the accompanying balance sheet of X Company as of xxx, and the related statements of income, retained earnings, and cash flows for the year then ended, in accordance with Statement on Standards for Accounting and Review Services issued by the American Institute of Certified Public Accountants. All information included in these financial statements is the representation of the management of X Company. A review consists principally of inquiries of company personnel and analytical procedures applied to financial data. It is substantially less in scope than an audit in accordance with U.S. generally accepted auditing standards, the objective of which is the expression of an opinion regarding the financial statements taken as a whole. Accordingly, we do not express such an opinion. Based on our review, we are not aware of any material modifications that should be made to the accompanying financial statements in order for them to be in conformity with U.S. generally accepted accounting principles.

CHANGE OF LEVEL OF SERVICE 1. Same or higher level of service

Add explanatory paragraph after the opinion paragraph (date/service/opinion) 2. Lower level of service

Add explanatory paragraph after the opinion paragraph (from audit to lower -> no audit procedures have been performed thereafter), and

Reissue last year’s report 3. Other CPA performed Review/Compilation this year, have option to

1) Predecessor Re-issue prior’s report (not required) should read f/s, get rep letter from management & successor auditor

2) Mention in intro – statements were examined by other auditors / date/type of opinion/reason Add a paragraph reference to predecessor’s report

3) Perform compilation/review on prior year & issue own report


30


31

FORECASTS & PROJECTIONS

Forecasts Projections General use Restricted use Expected future financial position Given certain hypothetical assumptions

1. Levels of service

Examination (similar to audit) – opinion or disclaimer Compilation – disclaimer of opinion Agreed-upon procedures – present findings, restricted use

All three services No updating responsibility No negative assurance

2. SSAE (Statements on Standards for Attestation Engagements) defer from GAAS (TIP

SEE ACED) E.g. compliance with law, IC, projection/pro forma No “Understanding of entity and its environment, including IC required” (SEE)

***Memorize***

Reporting standards Assertion identified Conclusion Reservations Distributions (general or restricted use)

AGREED-UPON PROCEDURES Written assertion relating to specified elements, accounts, or items Describe agreed-upon materiality limits State that an audit was not done and disclaimer of opinion Similar to mgt responsibility – Client’s responsible for sufficiency of procedures List procedures and findings List any reservations No negative assurance Restricted use

REPORT ON INTERNAL CONTROL EFFECTIVENESS Independent accountant’s report

Introductory We have examined…based upon [identify criteria] Management / our responsibility (express opinion on…)

Scope In accordance with AICPA standards Obtained understanding of IC, testing, and evaluating We believe that our examination provides a reasonable basis for our opinion


32

***Memorize*** Inherent limitations paragraph

Because of inherent limitations in any internal control, misstatements due to error or fraud may occur and not be detected. Also, projections of any evaluation of the internal controls over financial reporting to future periods are subject to the risk that internal controls may become inadequate because of changes in conditions, or that the degree of compliance with policies or procedures may deteriorate.

Opinion Management’s assertions fairly stated / xxx company maintain effectiveness of IC based on

[criteria] Could be qualified / adverse if have material weakness

An engagement to express an opinion on an entity’s system of IC and a consideration of internal control made as part of an audit differ in purpose and scope; however, the procedures are similar in nature.

POINTS Merely reproducing client-prepared financial statements without modification is merely making a

copy of the financial statements, not a compilation. Internal Control is not considered in compilation. Attesting doesn’t including advocacy for clients Even for a compilation, accountant should not issue report for comparative f/s if there is inconsistency

in GAAP required disclosure. When unaudited f/s are presented in comparative form with audited f/s in documents filed with the

SEC, such statements should be clearly marked as unaudited but not referred to in the auditor’s report, and the unaudited report should be either:

Reissued, or Include a separate paragraph describing the responsibility assumed for the unaudited f/s The practitioners report on pro forma financial information should include ... reference to the financial

statements from which the historical financial information is derived No requirement that a compilation report be printed on paper (including letterhead) or that it be signed

manually.