Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
65 Cards in this Set
- Front
- Back
What's New - AICPA
|
=Clarity Project (and convergence). done in Summer '10 - SAS 117
-Simplifies language of GAAS. Similar to IAASB project to simplify IAS and avoids conflicts with PCAOB standards. =Proposed SAS. -Audit of Accounting Estimates, FV & Disclosures - Audits of Group F/S =SAS 116 =SAS 115 =SSAE 15 |
|
What's New - AICPA
-Audits of Group F/S |
=Differs from SAS 1, AU Sec 543 - Terminology -Responsibilities of Group engagement partner -client acceptance and continuance -Involvement & Understanding of competent auditors -Materiality -Assessing the work of other auditors
|
|
What's New - AICPA
-SAS 116: Interim Financial Info |
-Issued 2/15/09 for periods after 12/15/09
-Amends AU Sec 722, Interim Financial Information -Removes Guidance for reviews of interim financial statement of issuers -Adds more generalizable language regarding framework |
|
What's New - AICPA
-SAS 115: Comm IC related matters ID'd in the Audit |
-Issued 10/8 for periods ending on or after 12/15/09 for NON INTEGRATED AUDITS
-Supersedes SAS 112 of same title -Aligns with SSAE 15 |
|
What's New - AICPA
-SAS 115 |
Definitions of Deficiencies
-Ctrl deficiency: Design or Operation -Sig Def: Less severe than MW, but needs attn of FS overseers -MW: reasonable possibility that controls will not prevent or detect a MM on a timely basis |
|
What's New - AICPA
-SAS 115 -Eval deficiencies |
=Factors that affect Magnitude of Misstatement
-FS amts or total trans exposed to deficiency -Vol of activity in acct or class of trans exposed to Deficiency =Risk factors that affect likelihood of misstatement -Nature of accts, trans, disc, and assertions -Susceptibility of related asset or liab to loss or fraud -Subjectivity, complexity, or extent of judgment needed to determine amount -interaction of ctrl with other ctrls -Future conseq of deficiency |
|
What's New - AICPA
-SAS 115 -Indicators of MW |
-indication of Fraud on part of senior mgmt
-Restatement of PYs due to MM -MM in CY -Ineffective oversight |
|
What's New - AICPA
-SAS 115 -Communicating Deficiencies |
-Ctrl Deficiencies
-Sig Defs: in writing to mgmt and those charged with governance -MW: Same as above |
|
What's New - AICPA
-SAS 115 -Communicating Deficiencies |
-Statement indicating purpose for considering IC was for FS audit, not for an IC audit
-Statement indicating not expressing IC opinion -Statement indicating testing not designed to ID all SDs and MWs -Definition of SD and MW -ID of all SDs and MWs -Limitation or report distribution |
|
What's New - AICPA
-SSAE 15: An examination of an entity's IC over FR that is integrated with an FS audit |
-issued in 10/8 for periods ending on or after 12/8 FOR INTEGRATED AUDITS
-Converges with PCAOB AS 5 -Emphasizes top-down risk based approach to examining ICs |
|
What's New at the PCAOB
|
=Proposed Risk Assessment Standards
-7 new AS related to Risk 1.Audit risk in an audit of FS 2.Audit planning and supervision 3.ID'ing and assessing RMM 4.Auditor's responses to RMM 5.Evaluating Audit Results 6.Consideration of Materiality in Planning and Performing and audit 7.Audit Evidence |
|
What's New at the PCAOB
- Purpose of New Risk Assessment Standards |
=Purposes of Proposed Risk Standards
-Updated existing requirements to take account of the improved risk-based audit methodologies auditors use -Serve as an improved foundation for future standard setting -Enhance integration of the audit of FS and IC -Emphasice auditor's responsibilities for considering the risk of fraud -Reflect an effort to eliminate unnecessary diffs b/w the Board's risk assessment stds and other risk assessment stds |
|
What's New at the PCAOB
-AS 6: Evaluating Consistency of FS |
=Effective 11/15/08; Supersedes AU420
=Consistency Issues -Change in Acct'ing principle -One GAAP method to another -Change in est effected by change in principle -Change in reporting entity -Adj to correct previous MS -Going from non-GAAP to GAAP method |
|
What's New at the PCAOB
-How is AS 6 different from AU420 |
AS 6 requires auditors to use retrospective application regarding changes in principles or material errors to all periods presented. AU420 only required auditors to show the cumulative effect in the year of change or correction.
|
|
Audit Risk Model
|
Inherent Risk x Control Risk x Detection Risk = Audit Risk = Risk of issuing a clean opinion when F/S are materially misstated
|
|
Risk of Material Misstatement
|
RMM = Inherent Risk x Control Risk
|
|
Audit Risk Evidence Direction
Inherent Risk Evidence Direction Control Risk Evidence Direction Detection Risk Evidence Direction |
Greater risk requires more evidence except for detection risk. Lower DR requires more audit evidence
|
|
Profession's Response to Audit Risk
|
SAS 99: Explicit assessment of Fraud Risk
AICPA: New Risk Std - SAS 104-111 New AR Model: RMMxDR=AR PCAOB: 6 ASs that deal with Mgts Assertions (Presentation, Existence, Rights and Obligs, Completeness, Valuation) |
|
Committee Of Sponsoring Organizations (COSO) members?
|
AICPA, AAA, Institute of Internal Auditors (IIA), Institute of Management Accountants (IMA), Financial Executive Committee
|
|
COSO Major Initiatives
|
-Internal Ctrl - An integrated framework (how a Company can manage ctrls)
-Fraudulent FR Survey w/ 200 SEC enforcement actions from 87 to '97 -ERM: Process by which BoD & Mgrs incorporate risk into overall strategy. Helps mgrs to ID and manage risk. |
|
Enterprise Risk Management ERM Defined
|
-a process that Bod, mgrs, and other personnel use to ID events may affect an entity and manage risk to be within risk appetite and provide reasonable assurance regarding goal achievement
|
|
ERM Framework
|
4 Categories: Reporting, Operations, Compliance, Strategic (top of Cube)
-Operations includes effective use of resources -Reliability of reporting |
|
ERM Framework 2
|
8 components: RICO RIME
-Risk Response -Internal Environment -Control Activities -Objective Setting -Risk Assessment -Info & Communication -Monitoring -Event Identification |
|
Risk Analysis
|
Includes Assessment, Response, Monitoring
|
|
Risk Analysis - Assessment
|
Identify Risk, Measure Risk, Prioritize Risk
|
|
Risk Analysis - Response
|
Control Risk, Share or Transfer Risk, Diversify or Avoid Risk
|
|
Risk Analysis - Monitoring
|
Process level, Activity Level, Entity Level
|
|
COSO integrated framework purposes
|
Standards for IC and improvement
|
|
Internal control
|
Processes of Mgt, Bod, and others to provide reasonable assurance that co achieves following objectives:
-Efficiency and Effectiveness of ops -Reliable FR -Compliance with laws and regs |
|
5 Components of IC
|
Control Environment - Tone at the Top
Risk Assessment - ID of risk and mgt Control Activities - Activity to mng risk Information & Communication - systems that support ID of risk ctrl Monitoring-Assessment of qual IC |
|
1 Control Environment
|
-Integrity and Ethical Values
-Commit. to Comp (know. staff) -BoD & Audit Comm participation -Mgt phil. and op style (risk averse?FR) -Org Structure -Assignment of Authority & Respon. -HR policies & practice (raises, needs of employees) |
|
2 Risk Assessment
|
Mgt should be able to ID and respond to risks from:
-change in operating environment -New Personnel -New IT systems -Rapid growth -New business models |
|
3 Control Activities
|
-Top level reviews
-Direct Activity Management -Information processing (ctrls to check accuracy, completeness, and authoriz) -Physical ctrls (lock & key) -Performance indicators -Seg of duties |
|
4 Information & Communication
|
Can be formal or informal
-Quality of sys gen info is important -Current, accurate, assess Communication: internal & external -Int: knowledgeable staff with defined roles, BoD & Mgt communication with upstream comm available. -Ext: Customers & Suppliers |
|
5 Monitoring
|
-is it proper and changed when necessary?
|
|
Limitations of IC - Causes
|
-Personal errors (fatigued, misunderstood, careless)
-Mgmt override: vs Intervention which is related to mgt fraud -Collusion: related to employee fraud/cost-benefit tradeoff |
|
Internal Control Evaluation
|
-conclusion of ethical values implementation.
-Provided for by COSO |
|
Mgt Responsibilities for IC
|
-Est and maintain systems
-More if public (SOX) -Must report effectiveness of IC: Statement on mgts resp, ID COSO framework, effectiveness at EOY, Independent audit, Disclose MW |
|
Auditor responsibility for IC
|
-Understand well enough to plan audit. May only learn enough to know will not test ctrls
-Public: understand well enough to design and test IC. Give opinion on effectivness (AS 5). |
|
AS 5
|
Requires Ind Firm's opinion on IC in integrated audit.
-Plan and perform audit to obtain reasonable assurance about MW exist at audit date |
|
AS 5 Objectives
|
5 of them:
1.Focus IC audit on most important matters (large risk) 2.Only include aspects for effective audit. 3. Audit scalable to fit size & complexity 4.Simplify AS 2 language 5.Give opinion on effectiveness of IC at audit date |
|
AS 5 - Top-Down Risk Based Approach
|
FS Lvl -overall risk to IC
then Entity Lvl Ctrls (deal with FR) then Significant accts & Disc then Relevant assertions for Accts |
|
AS 5 - ID entity lvl controls
|
Must Eval. Entity lvl ctrl works, no need to test other ctrls related to related accts or assertion
-include ctrl environ ctrls -Ctrl over mgt override -Co.'s risk assessment policy -Ctrl over period end FR process |
|
AS 5 - Testing Controls
|
-Design & Operating Effectiveness
-EvidenceDepends on Risk -Consider Nature & Timing |
|
AS 5 - Testing Controls (Types of Test)
|
-Inquiry
-Observation -Documentation -Reperformance |
|
AS 5 - Evaluating Deficiencies
|
-Severity of Def: Reasonably possible that MM occurs w/o detection (& magnitude)
-Indicators of MW: Restatement of CY or PY, Sr. Mgmt fraud, Ineffective AC oversight |
|
AS 5 - IC Report Essential Contents
|
-Independent Firm
-Mgmt's Responsibility -Refer to Mgmts IC report -Auditor responsibility -Definition of IC -PCAOB Accordance -Reasonable Assurance -What Audit Includes -Reasonable basis for opinion -Limitation of IC -Opinion, Sig, City/state, Date |
|
ANALYTICAL PROCEDURES - GENERAL
|
Compares rec'd amts & ratios to expectations (AU 329 p5)
-Used to assist in planning -As substantive tests -An overall review Planning assist and review are REQUIRED |
|
5 types of AP
|
-compare to PY
-Compare to client determined expected results (budgets, forecasts) -Auditor expectations -Compare to industry Data -Compare to expected results from non-financial data |
|
Analytical Procedure - Planning Phase
|
-Plan nature, timing, extent of audit
-Uses highly aggregated data |
|
AP - Substantive Tests
|
Usefulness depends on:
-Nature of assertion -Plausibility and predictability of relationship -Availability and reliability of data -Precision of expectation |
|
ANALYTICAL PROCEDURES - OVERALL REVIEW
|
-Assure that conclusions are accurate and evaluating FS presentation
-Adequacy of evidence for unusual balances -Unusual balances not previously ID'd |
|
AP - Reliability
|
Data from outside or independent sources are more reliable. Info from good ctrls, audited data also more reliable
|
|
WHY AUDITORS OVER-RELY ON WEAK PROCEDURES
|
Auditors lend too much weight to weak procedure with an expected result and too little weight with unexpected results. Auditor should evaluate usefulness of procedure.
|
|
APs - Implications for Practice
|
Auditor expectations biased toward unaudited values
Industry experience helps Hypothesis generation is difficult |
|
SAMPLING AND AUDITING CASH - PHASES OF AN AUDIT
|
-Planning
-ToC & Substantive Test of Transactions -APs & Test of Balances -Opinion |
|
Procedures not involving sampling
|
-Inquiry and observation
-APs -Tests on every pop item -Procedures that do not evaluate characteristics -Tests of automated IT ctrls |
|
NonStatistical vs Statistical Sampling
|
-NonStat (judgmental): use subjective judgment to determine sample size, selection or evaluation
-StatSamp: objective method to determine size, selection and evaluation. Must be mathematically evaluated and statistically selected |
|
TYPES OF SAMPLING
|
Attribute & Variables/MUS Sampling
|
|
ATTRIBUTE SAMPLING STEPS (TOC/STT)
|
Reach a conclusion based on rate of occurrence in a population
-Determine test objective -Define pop characteristics -Determine sample size -Select the sample -Perform tests -Generalize to population and draw conclusion |
|
Nonstatistical Sample size guides
|
High 12-20
Mod 20-35 Low 30-75 Stop & Go - whether you select more units depends on results of previous sample (1-3, select more; 4 reassess SS) |
|
Sample selection methods - NonStat
|
Haphazard
Block Directed Systematic sampling with judgmental start |
|
Sample Selection methods - Stat
|
-systematic sampling with random start
-Simple random sampling -Stratified random sampling (large pop) -MUS |
|
MUS
|
-Always round up
-Items larger than interval always selected -voided samples get replaced -missing samples are exceptions -Evaluates overstatements most easily, poor for understatements -No misstatements: Comp Upper Exception rate x sample interval = UML |
|
Evaluating Sample results
|
divide exceptions by samples size to get SDR (Sample deviation rate). best guess at population rate.
-Sampling Risk: risk of different result if all items tested -if TDR>EPDR, does not support planned reliance on IC for nonstat -Comp Upper DR>EPDR, no dice. CUDR=SDR + Sampling Risk |