• Shuffle
    Toggle On
    Toggle Off
  • Alphabetize
    Toggle On
    Toggle Off
  • Front First
    Toggle On
    Toggle Off
  • Both Sides
    Toggle On
    Toggle Off
  • Read
    Toggle On
    Toggle Off
Reading...
Front

Card Range To Study

through

image

Play button

image

Play button

image

Progress

1/65

Click to flip

Use LEFT and RIGHT arrow keys to navigate between flashcards;

Use UP and DOWN arrow keys to flip the card;

H to show hint;

A reads text to speech;

65 Cards in this Set

  • Front
  • Back
What's New - AICPA
=Clarity Project (and convergence). done in Summer '10 - SAS 117
-Simplifies language of GAAS. Similar to IAASB project to simplify IAS and avoids conflicts with PCAOB standards.
=Proposed SAS. -Audit of Accounting Estimates, FV & Disclosures - Audits of Group F/S
=SAS 116
=SAS 115
=SSAE 15
What's New - AICPA

-Audits of Group F/S
=Differs from SAS 1, AU Sec 543 - Terminology -Responsibilities of Group engagement partner -client acceptance and continuance -Involvement & Understanding of competent auditors -Materiality -Assessing the work of other auditors
What's New - AICPA

-SAS 116: Interim Financial Info
-Issued 2/15/09 for periods after 12/15/09
-Amends AU Sec 722, Interim Financial Information
-Removes Guidance for reviews of interim financial statement of issuers
-Adds more generalizable language regarding framework
What's New - AICPA

-SAS 115: Comm IC related matters ID'd in the Audit
-Issued 10/8 for periods ending on or after 12/15/09 for NON INTEGRATED AUDITS
-Supersedes SAS 112 of same title
-Aligns with SSAE 15
What's New - AICPA

-SAS 115
Definitions of Deficiencies
-Ctrl deficiency: Design or Operation
-Sig Def: Less severe than MW, but needs attn of FS overseers
-MW: reasonable possibility that controls will not prevent or detect a MM on a timely basis
What's New - AICPA

-SAS 115 -Eval deficiencies
=Factors that affect Magnitude of Misstatement
-FS amts or total trans exposed to deficiency
-Vol of activity in acct or class of trans exposed to Deficiency
=Risk factors that affect likelihood of misstatement
-Nature of accts, trans, disc, and assertions
-Susceptibility of related asset or liab to loss or fraud
-Subjectivity, complexity, or extent of judgment needed to determine amount
-interaction of ctrl with other ctrls
-Future conseq of deficiency
What's New - AICPA

-SAS 115 -Indicators of MW
-indication of Fraud on part of senior mgmt
-Restatement of PYs due to MM
-MM in CY
-Ineffective oversight
What's New - AICPA

-SAS 115 -Communicating Deficiencies
-Ctrl Deficiencies
-Sig Defs: in writing to mgmt and those charged with governance
-MW: Same as above
What's New - AICPA

-SAS 115 -Communicating Deficiencies
-Statement indicating purpose for considering IC was for FS audit, not for an IC audit
-Statement indicating not expressing IC opinion
-Statement indicating testing not designed to ID all SDs and MWs
-Definition of SD and MW
-ID of all SDs and MWs
-Limitation or report distribution
What's New - AICPA

-SSAE 15: An examination of an entity's IC over FR that is integrated with an FS audit
-issued in 10/8 for periods ending on or after 12/8 FOR INTEGRATED AUDITS
-Converges with PCAOB AS 5
-Emphasizes top-down risk based approach to examining ICs
What's New at the PCAOB
=Proposed Risk Assessment Standards
-7 new AS related to Risk
1.Audit risk in an audit of FS
2.Audit planning and supervision
3.ID'ing and assessing RMM
4.Auditor's responses to RMM
5.Evaluating Audit Results
6.Consideration of Materiality in Planning and Performing and audit
7.Audit Evidence
What's New at the PCAOB

- Purpose of New Risk Assessment Standards
=Purposes of Proposed Risk Standards
-Updated existing requirements to take account of the improved risk-based audit methodologies auditors use
-Serve as an improved foundation for future standard setting
-Enhance integration of the audit of FS and IC
-Emphasice auditor's responsibilities for considering the risk of fraud
-Reflect an effort to eliminate unnecessary diffs b/w the Board's risk assessment stds and other risk assessment stds
What's New at the PCAOB

-AS 6: Evaluating Consistency of FS
=Effective 11/15/08; Supersedes AU420
=Consistency Issues
-Change in Acct'ing principle
-One GAAP method to another
-Change in est effected by change
in principle
-Change in reporting entity
-Adj to correct previous MS
-Going from non-GAAP to GAAP
method
What's New at the PCAOB

-How is AS 6 different from AU420
AS 6 requires auditors to use retrospective application regarding changes in principles or material errors to all periods presented. AU420 only required auditors to show the cumulative effect in the year of change or correction.
Audit Risk Model
Inherent Risk x Control Risk x Detection Risk = Audit Risk = Risk of issuing a clean opinion when F/S are materially misstated
Risk of Material Misstatement
RMM = Inherent Risk x Control Risk
Audit Risk Evidence Direction
Inherent Risk Evidence Direction
Control Risk Evidence Direction
Detection Risk Evidence Direction
Greater risk requires more evidence except for detection risk. Lower DR requires more audit evidence
Profession's Response to Audit Risk
SAS 99: Explicit assessment of Fraud Risk
AICPA: New Risk Std - SAS 104-111
New AR Model: RMMxDR=AR
PCAOB: 6 ASs that deal with Mgts Assertions (Presentation, Existence, Rights and Obligs, Completeness, Valuation)
Committee Of Sponsoring Organizations (COSO) members?
AICPA, AAA, Institute of Internal Auditors (IIA), Institute of Management Accountants (IMA), Financial Executive Committee
COSO Major Initiatives
-Internal Ctrl - An integrated framework (how a Company can manage ctrls)
-Fraudulent FR Survey w/ 200 SEC enforcement actions from 87 to '97
-ERM: Process by which BoD & Mgrs incorporate risk into overall strategy. Helps mgrs to ID and manage risk.
Enterprise Risk Management ERM Defined
-a process that Bod, mgrs, and other personnel use to ID events may affect an entity and manage risk to be within risk appetite and provide reasonable assurance regarding goal achievement
ERM Framework
4 Categories: Reporting, Operations, Compliance, Strategic (top of Cube)
-Operations includes effective use of resources
-Reliability of reporting
ERM Framework 2
8 components: RICO RIME
-Risk Response
-Internal Environment
-Control Activities
-Objective Setting
-Risk Assessment
-Info & Communication
-Monitoring
-Event Identification
Risk Analysis
Includes Assessment, Response, Monitoring
Risk Analysis - Assessment
Identify Risk, Measure Risk, Prioritize Risk
Risk Analysis - Response
Control Risk, Share or Transfer Risk, Diversify or Avoid Risk
Risk Analysis - Monitoring
Process level, Activity Level, Entity Level
COSO integrated framework purposes
Standards for IC and improvement
Internal control
Processes of Mgt, Bod, and others to provide reasonable assurance that co achieves following objectives:
-Efficiency and Effectiveness of ops
-Reliable FR
-Compliance with laws and regs
5 Components of IC
Control Environment - Tone at the Top
Risk Assessment - ID of risk and mgt
Control Activities - Activity to mng risk
Information & Communication - systems that support ID of risk ctrl
Monitoring-Assessment of qual IC
1 Control Environment
-Integrity and Ethical Values
-Commit. to Comp (know. staff)
-BoD & Audit Comm participation
-Mgt phil. and op style (risk averse?FR)
-Org Structure
-Assignment of Authority & Respon.
-HR policies & practice (raises, needs of employees)
2 Risk Assessment
Mgt should be able to ID and respond to risks from:
-change in operating environment
-New Personnel
-New IT systems
-Rapid growth
-New business models
3 Control Activities
-Top level reviews
-Direct Activity Management
-Information processing (ctrls to check accuracy, completeness, and authoriz)
-Physical ctrls (lock & key)
-Performance indicators
-Seg of duties
4 Information & Communication
Can be formal or informal
-Quality of sys gen info is important
-Current, accurate, assess
Communication: internal & external
-Int: knowledgeable staff with defined roles, BoD & Mgt communication with upstream comm available.
-Ext: Customers & Suppliers
5 Monitoring
-is it proper and changed when necessary?
Limitations of IC - Causes
-Personal errors (fatigued, misunderstood, careless)
-Mgmt override: vs Intervention which is related to mgt fraud
-Collusion: related to employee fraud/cost-benefit tradeoff
Internal Control Evaluation
-conclusion of ethical values implementation.
-Provided for by COSO
Mgt Responsibilities for IC
-Est and maintain systems
-More if public (SOX)
-Must report effectiveness of IC: Statement on mgts resp,
ID COSO framework,
effectiveness at EOY,
Independent audit,
Disclose MW
Auditor responsibility for IC
-Understand well enough to plan audit. May only learn enough to know will not test ctrls

-Public: understand well enough to design and test IC. Give opinion on effectivness (AS 5).
AS 5
Requires Ind Firm's opinion on IC in integrated audit.
-Plan and perform audit to obtain reasonable assurance about MW exist at audit date
AS 5 Objectives
5 of them:

1.Focus IC audit on most important matters (large risk)
2.Only include aspects for effective audit.
3. Audit scalable to fit size & complexity
4.Simplify AS 2 language
5.Give opinion on effectiveness of IC at audit date
AS 5 - Top-Down Risk Based Approach
FS Lvl -overall risk to IC
then
Entity Lvl Ctrls (deal with FR)
then
Significant accts & Disc
then
Relevant assertions for Accts
AS 5 - ID entity lvl controls
Must Eval. Entity lvl ctrl works, no need to test other ctrls related to related accts or assertion
-include ctrl environ ctrls
-Ctrl over mgt override
-Co.'s risk assessment policy
-Ctrl over period end FR process
AS 5 - Testing Controls
-Design & Operating Effectiveness
-EvidenceDepends on Risk
-Consider Nature & Timing
AS 5 - Testing Controls (Types of Test)
-Inquiry
-Observation
-Documentation
-Reperformance
AS 5 - Evaluating Deficiencies
-Severity of Def: Reasonably possible that MM occurs w/o detection (& magnitude)
-Indicators of MW: Restatement of CY or PY, Sr. Mgmt fraud, Ineffective AC oversight
AS 5 - IC Report Essential Contents
-Independent Firm
-Mgmt's Responsibility
-Refer to Mgmts IC report
-Auditor responsibility
-Definition of IC
-PCAOB Accordance
-Reasonable Assurance
-What Audit Includes
-Reasonable basis for opinion
-Limitation of IC
-Opinion, Sig, City/state, Date
ANALYTICAL PROCEDURES - GENERAL
Compares rec'd amts & ratios to expectations (AU 329 p5)
-Used to assist in planning
-As substantive tests
-An overall review
Planning assist and review are REQUIRED
5 types of AP
-compare to PY
-Compare to client determined expected results (budgets, forecasts)
-Auditor expectations
-Compare to industry Data
-Compare to expected results from non-financial data
Analytical Procedure - Planning Phase
-Plan nature, timing, extent of audit
-Uses highly aggregated data
AP - Substantive Tests
Usefulness depends on:
-Nature of assertion
-Plausibility and predictability of relationship
-Availability and reliability of data
-Precision of expectation
ANALYTICAL PROCEDURES - OVERALL REVIEW
-Assure that conclusions are accurate and evaluating FS presentation
-Adequacy of evidence for unusual balances
-Unusual balances not previously ID'd
AP - Reliability
Data from outside or independent sources are more reliable. Info from good ctrls, audited data also more reliable
WHY AUDITORS OVER-RELY ON WEAK PROCEDURES
Auditors lend too much weight to weak procedure with an expected result and too little weight with unexpected results. Auditor should evaluate usefulness of procedure.
APs - Implications for Practice
Auditor expectations biased toward unaudited values
Industry experience helps
Hypothesis generation is difficult
SAMPLING AND AUDITING CASH - PHASES OF AN AUDIT
-Planning
-ToC & Substantive Test of Transactions
-APs & Test of Balances
-Opinion
Procedures not involving sampling
-Inquiry and observation
-APs
-Tests on every pop item
-Procedures that do not evaluate characteristics
-Tests of automated IT ctrls
NonStatistical vs Statistical Sampling
-NonStat (judgmental): use subjective judgment to determine sample size, selection or evaluation
-StatSamp: objective method to determine size, selection and evaluation. Must be mathematically evaluated and statistically selected
TYPES OF SAMPLING
Attribute & Variables/MUS Sampling
ATTRIBUTE SAMPLING STEPS (TOC/STT)
Reach a conclusion based on rate of occurrence in a population
-Determine test objective
-Define pop characteristics
-Determine sample size
-Select the sample
-Perform tests
-Generalize to population and draw conclusion
Nonstatistical Sample size guides
High 12-20
Mod 20-35
Low 30-75

Stop & Go - whether you select more units depends on results of previous sample (1-3, select more; 4 reassess SS)
Sample selection methods - NonStat
Haphazard
Block
Directed
Systematic sampling with judgmental start
Sample Selection methods - Stat
-systematic sampling with random start
-Simple random sampling
-Stratified random sampling (large pop)
-MUS
MUS
-Always round up
-Items larger than interval always selected
-voided samples get replaced
-missing samples are exceptions
-Evaluates overstatements most easily, poor for understatements

-No misstatements: Comp Upper Exception rate x sample interval = UML
Evaluating Sample results
divide exceptions by samples size to get SDR (Sample deviation rate). best guess at population rate.

-Sampling Risk: risk of different result if all items tested
-if TDR>EPDR, does not support planned reliance on IC for nonstat

-Comp Upper DR>EPDR, no dice. CUDR=SDR + Sampling Risk