Auditing & Attestation
I.
Engagement plan, Client acceptance and agreement
A. Determine Nature and Scope 1.
GAAS: board guidelines ad detailed practices and procedures – Chap 28 1)
2)
2.
GAAS Hierarchy: a) FASB stmt & interpretations;b) FASB Technical Bulletins, AICAP A&A Guides; c) AICPA Practice Bulletins; d) AICPA Accounting Interpretation GAAS Standard (audit standard) a)
General (TIP) – training, independence, performance;
b)
Field Work (SEE) – supervision & planning/ entity and its environment; evidence
c)
Reporting (ACDE) – accounting = U.S GAAp; consistency; disclosure; expressing an opinion.
3)
Date of report: no earlier than the last date of obtaining evidence
4)
Going concern:
5)
Supplementary info & Segment info
Std for Accounting and Review Services (SSARS) – Chap 31 1)
Authorization Guidance Hierarchy: a) SSARS; b) Interpretative Publication; 3) other publication Not precluded from issuing report on one F/S and not the others
2)
3)
Compilation: a)
Independence is not required; explicitly in the report only when lack of –
b)
Reporting or non-reporting options
c)
Limited to presenting, info that is rep of mgmt “scope limit”
d)
Allow to omit substantially all disclosure if not misleading
Review: a)
Independence req
b)
Inquiry or analytics (ratio analysis)
c)
Disclaim of opinion
d)
Not allow to omit substantially all disclosure if not misleading & scope limit
4)
Comparative F/S a) b)
c) 3.
Should not issue CFS when statement for one period omit substantially all of the disclosure by GAAP The same opinion is not req for all stmt
Std for Attestation Engagements (SSAE) – Chap 31 a) b)
4.
Predecessor’s report reissued
Examination; Reviews; Agree-upon procedures – no assurance Type: Financial forecast/projection(prospective F/S); Pro-Forma F/S; I/C over F/R; Compliance with contract; Mgmt D&A
Compliance Auditing Applicable to Govt Entity and other Recipients of Govt (Government Audit Standard) – Chap 29 1)
Type: Financial Audit; Attestation; Performance Audit
2)
Req. a written report on the consideration of I/C on all audits
3)
“Single Audit Act”
Threshold: non-federal entity, >=$500K within a fiscal year Compliance reporting: allowability of expenditures & eligibility 5.
Other Assurance Services (Chap.29) 1)
Audit of Internal Control (I/C on financial reporting):
*** Auditor’s opinion relation to effectiveness of company’s ICOFR as of “ a point of time” and “ taken as a whole” a)
b)
Auditor responsibility: express opinion on mgmt’s assessment of effectiveness of ICOFR
c)
Test & evaluate design effectiveness: design eff to prevent/detect error or fraud
d)
1.
Mgt responsibility: effectiveness of company’s ICOFR; evaluation/ evaluation with sufficient evidence; written assessment of ICOFR
Test &evaluate operation effectiveness: operating as designed, authority& qualification to perform control effectively
Appropriateness of engagement to meet clients needs
B. Assess engagement risk and CPA’s firm’s ability to perform the engagement (Chap 21) 1.
Engagement responsibilities a)
Auditor: F/S misstmt GAAS); discover errors/ fraud/illegal/IC deficiency come to attention
b)
I/C or A/C: internal Control
c)
Mgmt: prevent & detect fraud/illegal; establish& maintain I/C, legal issues, adjust Misstmt
2.
Staffing and Supervision Req
3.
Quality Control Stardards
*** related to CPA firm’s practice as a whole while GAAS related to individual audit engagement a)
Objective: meeting responsibility to provide profe services conform with prof std
b)
Responsibility: all firm personnel should comply; design & maintain – personnel needed
c)
Elements(IM APE): independence, integrity & objectivity; Monitoring; Acceptance & Continuance of clients; Personnel Mgmt; Engagement Perf
d)
Personnel Mgmt(HEAD): Hiring; Assignment of Personnel to Engagements, Advancement , Prof Development
4.
Mgmt Integrity impact on mgt rep
5.
Research Info sources for planning and performing the engagement
C. Communicate with Predecessor A/C or Auditor
D. Decide whether to accept/continue (Chap 22)
E. Engagement Ltr (Chap 22) Objective of audit, mgt & auditor’s responsibilities
F. Obtain an understanding of the client’s operation, business and industry (Chap 22) I/C to identify type of material factors that affect RMM design T.O.C
G. Perform analytical procedures a)
Purpose: planning (req.); substantive testing (not req.); overall review (req)
b)
Plausibility, predictability, and precision
c)
Benford’s law
H. Preliminary Engagement Materiality (Chap 22) a)
Misstmt: misapplies GAAP; Omits necessary info; Departs from facts
b)
F/S level (pervasive risks) + A/C, transaction, disclosure level (NET)
I. Assess IR & RMM from errors, fraud, and illegal acts (Chap 22) a)
AR = RMM * DR = (IR*CR) * (AP * TD)
J. Other planning matters (Chap.24) 1.
Use the work of other independent auditors a)
2.
Use the work of a specialist: a) b)
3.
5.
objectivity; no reef in auditor’s report unless for clarification specialist’s responsibility: appropriateness & reasonableness of methods, assumptions & application
Internal audit function: a)
4.
report of predecessor auditor
objectivity & competence
Related parties and RPT a)
transactions: loans, sales
b)
understand business purpose (lack of biz substance?)
c)
disclosure: unsubstantiated rep qualified/adverse
Electronic evidence (computer vs. manual) – Chap 27
*** with computer: input, process correct output correct (eg, test data, parallel simulation, integrated test facility) a)
audit trail only for short period
b)
reduce computation error
c)
system error is greater
d)
error/fraud detected slowly
e)
easier for unauthorized access and program change (seg. Duty)
6.
Risk of auditing around the computer
***without computer a)
Input, output correct process correct
K. Identify F/S assertions and formulate audit objectives a)
Transaction: occurrence, completeness, accuracy, cutoff, classification
b)
A/C balance: existence, R&O, Completeness, Val & All
c)
Presentation& Discl: occurrence & R&O, completeness, class & understandability, val & all
Sarbanes-Oxley Act: a)
PCAOB: oversee audit firms
b)
Doc retention: 7 year;
c)
Completion: 60 days following the report day
d)
Partner retention: 5 year
II Consider I/C in both manual and computerized environments – Chap 23
1.
Understanding of Biz processes and info flows a)
Components (CRIME): control activity; rish assessment, info &comm.; monitoring; control environment
Responsibility: b) c)
2.
Mgr: establish & maintain I/C Auditor: communicate significant def and material weakness regarding mgt decision within 60 days after report issued- how control prevent, detect, correct material misstmt in relevant assertion (not auditor’s duty to search for def )
Identify controls effective in preventing/detecting Misstmt a)
Objective: authorization, validity, recording, accountability & comparison; access
b)
Procedures: segregation, tracking, reconciliation, perspective –trace, vouch
3.
Doc an understanding of I/C a)
4.
Limitation of I/C a)
5.
6.
7.
Flowchart, questionnaire, narrative
Errors & fraud
Effects of Service Org in I/C – Chap 30 a)
Service auditor: not req independence with all users
b)
User auditor: should not ref to svc audtor’s report, consider Service auditor’s reputation
Test of Control a)
Not req!! test only when i) expectation of operating eff; ii) reduce CR from sub testing alone
b)
control without change: min ones/3 yr; not apply to controls mitigate a significant risk
Assess CR
III Obtain and doc info to form a basis for conclusion – Chap 24-27 A.
Perform planned procedures 1.
Application of audit sampling – Chap 26 a)
Sampling risk vs. non-sampling risk
b)
Non-statistical vs. statistical sampling
c)
Attribute sampling: T.O.C --> A.Sderivate rate
d)
Classic variable sampling: S.T C.V.S$$
e)
Probability-proportional-to-size sample: use attribute sampling theory for S.T Stratification by $$; used when no error expected
2.
Analytical procedures: see above
3.
Confirmation of bal and transaction with third parties
B.
4.
Physical exam of inventories another assets
5.
Other Test of details
6.
CAAT (Date interrogation, extraction and analysis)
7.
Substantive tests before B/S date
8.
Test of unusual YE transactions
Evaluation contingencies
“Uncertainty”: likelihood when probably req. disclosure; when remote not req disclosure
C.
D.
Obtain and evaluate lawyer’s ltr a)
Ltr of outside lawyer can’t by a substitute for info obtained from inside counsel
b)
Uncertainty on potential loss amt explanatory P
Review subsequent events a)
Type I: after date of repot before release adjust or qualified
b)
Type II: after B/S date before issue disclosure or qualified
*** “dual date”: req disclosure of event c)
E.
Prevent future reliance on report
Obtain rep from mgmt - Chap 24 a)
Date: no early than the report date
b)
Subsidiary audit – obtain a rep from parent concern matters may aff subsidiary
F.
Identify reportable conditions and other control def
G.
Identify matters for communicate with A/C – Chap 22 a)
Service provided; general info (accounting issues, mgmt dealing, SAD); significant def; independence; quality of an SEC company’s accounting principles and underlying estimates
H.
Perform procedures for accounting and review services engagements
I.
Perform procedure for attestation engagement
IV. Engagement Review – objectives are achieved and info evaluation
A.
Perform analytical procedures – Chap 24 a)
B.
C.
See above
Evaluate the sufficiency and competence of audit evidence and document engagement conclusion a)
Nature of evidence: sufficiency & appropriately; corroborative; relevance & reliability
b)
Obtain evidence: T.O.C & S.P
c)
Evaluate evidence: risk assessment planned audit procedure (N.E.T)opinion
Evaluate whether F/S are free of material misstmt – Chap 28 a)
Unqualified i. ii.
D.
Explanatory P: lack of consistency; uncertainty; going-concern; justifiable departure from GAAP
b)
Qualified: Omission of a basic F/S
c)
Disclaim: independence
d)
Scope limitation: Disclaim or qualified
Consider going concern exists – Chap 28 a)
E.
I/C is not mentioned in report
Auditor’s responsibility: evaluate info det substantial doubt about – in reasonable period (one year)
b)
Adequate disclosure qualified/adverse opinion
c)
Uncertainty disclaim
Consider other info in doc containing audited F/S – Chap 28 a)
Auditor’s responsibility: no beyond F/I
F.
b)
Inconsistency: revise report & add explanatory P; withdraw
c)
Misstatement: notify client in writing + legal counsel
Review work performed to provide reasonable assurance that objectives are achieved
V. Prepare Communication to satisfy engagement objectives
A. Reports: 1.
Reports on Audited F/S
2.
Reports on review and complied F/S
3.
Reports req by GAS
4.
Reports on compliance with laws and regulations
5.
Reports on I/C
6.
Reports on perspective F/S
7.
Reports on the processing of transactions by service organizations
8.
Reports on supplementary F/I
9.
Special reports
10. Reports on other assurance services 11. Reissuance of reports
B. Other Req Communication 12. Errors & Fraud, illegal acts 13. Communication with audit committees 14. Other reporting considerations by SSAE
C. Other Matters 1.
Subsequent discovery of facts existing at the date of auditor’s repot
2.
Consideration after the report date of omitted procedures