Reading...
Play button
Play button
Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
56 Cards in this Set
- Front
- Back
|
three components of audit
|
compilation, assurance, attest
|
|
|
compilation (focus)
|
financial statements and reporting (10 Q's quarterly reports, which are not audited). They rollover to the annual 10k's. Allows to give heads up for any red flags before the 10k rolls around.
|
|
|
assurance (focus)
|
third party does work based on agreed-upon procedures (increases quality of info that the client is getting) EX: sustainability metrics
|
|
|
attest (focus)
|
integrated audit
|
|
|
compilation (responsible party)
|
management
|
|
|
post-sox has specific requirements for management:
|
look at management's control environment; must maintain a good check/policies procedures to mitigate risk and oversee management
|
|
|
corporate governance
|
1) all the risks must be identified and mitigated (oil industry, fluctuating prices in inventory needs to be addressed)
2) supervision of employees - gives oversight for management activity 3) from board of directors creates an audit committee |
|
|
audit committee
|
ensures that there is a financial expert (primary go-to body for the auditors who are neutral)
|
|
|
assurance (responsible party)
|
accountants/CPA's
|
|
|
attest (responsible aprty)
|
auditor
|
|
|
prof standards (compilation)
|
US GAAP/IFRS
|
|
|
prof standards (assurance)
|
SAS (AICPA); PCAOB
|
|
|
prof standards (attest)
|
PCAOB (public); SAS (AICPA) for private
|
|
|
integrated audit
|
-audit goes back to the foundation of GAAP/IFRS
-SOX changed the type of audit products given - requires an audit of not only f/s, but also audit of internal controls -actually testing and providing opinion on effectiveness on controls -using RESULTS OF CONTROL TESTING to guide substantive testing (transactions + balance) - results will either negate or confirm the beginning assessments |
|
|
auditors can only put small reliance on:
|
management's internal controls
|
|
|
after sox made auditors:
|
do everything, which was inefficient.
now: put reliance on low-risk assertions, but it's more of a judgmenet call depending on quality of their work. however, they NEVER rely on high-risk assertions |
|
|
prior to sox, firms (big 4) audited each other. Now?
|
PCAOB does inspection reports and they audit audit firms themselves (if you audit more than 100 firms)
|
|
|
adverse selection
|
the user is hard-pressed to tell whether they have a good/bad prodcut
|
|
|
asymmetry info
|
a third party that actually understands, and then puts it in a form that's understandable
fun fact: audit report has to expand because as of now, it's just pass/fail |
|
|
agency costs
|
shareholders always want managers (agents) to do what's in their best interest.
it's the idea that if agents can get the opportunity to advance their own interests, they might. (fraud triangle). Board of directors has to understand this costs exists |
|
|
in terms of agents, we need a balance of:
|
motivating agents through money (that is specific to the company's success), but not doing it too much (agents can inflate the numbers)
EX: stock options - pay you base salary, but I'll also issue you 150,000 shares. You paid 20/share, but if stock increases, you get the same rate |
|
|
SOX requirements
|
-CEO/CFO has to certify financial statements. Gives them liability to go to jail
-I year from time of audit until you can jump ship to a client - avoids the possibility that if you jump ship to a client, your friends would be more lenient for you -limit to a number of years an audit firm can audit a firm (not in the US, but has been discussed) |
|
|
Don't simply review controls/talk about control environment:
|
you should go out and pick ones you want to test (high risk) and actually test them (prevents mistatements)
|
|
|
as auditors, we responsible for catching fraud?
|
no (if we suspect it, we have that responsibility because it affects our opinion, but tests to revolve around catching fraud) - that's forensics
|
|
|
SAS 99 Brainstorming
|
a 30-60 min conversation at all auditing engagements and temporarily plays the role of forensics (ask: how would management go about perpetrating fraud?)
|
|
|
going concern
|
you are a viable company to be around in the foreseeable future. Take the company and look 12 months ahead (is there this risk that the company will not be around?)
|
|
|
auditor responsiblities
|
-to be able to opine on controls and financial statements
-time focused on higher-risk assertions EX: AR valuation is more important than cash) |
|
|
materiality
|
tells us what should go on financial statements and waht should not
|
|
|
The audit process (preconditions)
|
Partner has a portfolio of clients in office, decision to keep/fire clients. Takes into account the factors
|
|
|
Factors in terms of preconditions of a auditor's clients
|
1) cooperation - actually going to give you access to plan/execute the audit. A way to solidify this is to make them sign a contract, or an ENGAGEMENT LETTER
2) good system of corporate governance 3) history (what happens if you got formerly fired?) -you need comfort in prior years' numbers; if a less-established CPA firm audited the client, then preconditions get way more expansive. Becomes a 3-year audit |
|
|
Engagement risk
|
do I want to take on a client? (for reputation purposes)
|
|
|
the audit process (planning)
|
thoroughly understanding the client and its business:
-Control environment - what the audit team did last year. -Top level view of financial statements -looking at the impending changes such as: the 10k, risk assessments, industry analytics, changes in financial statements, interview management, walk around institutions, talk to board of directors -research suppliers, competitors, products, mission statement, business plan, action plans, strategic objectives ** compare strategy/plan with what is actually happening at lower-level management** |
|
|
Three types of risk
|
compliance, business, reporting
|
|
|
business risk
|
strategy/operations:
-most companies have a business model with strategies that come with risks (EX: Walmart has a low-cost strategy that worries about suppliers providing items with low costs and that is efficient) |
|
|
reporting risk
|
reporting requirements needed to meet sox, whereas private companies don't have to meet (EX: reporting rules in other countries for international companies. Different financial standards framework -> need to consolidate to GAAP. The risk here would be the complexity of consolidation, and whether reporting will be accurate
|
|
|
compliance risk
|
not about following US GAAP - compliance in terms of quality mechanism of product/trial requirements to ensure safety for human contact (when it comes to experimenting or innovation)
-if such requirements are not met, the risk on the financial statement would be "contingency" - a liability might have to be recorded. Or worse, going concern or viability of the company |
|
|
foreign corruption practices act
|
you can't bribe officials to operate for your own interest
|
|
|
obsolescence
|
refers to something that is already disused or discarded, or antiquated; the state of being which occurs when an object, service, or practice is no longer wanted even though it may still be in good working order
|
|
|
LCM
|
is an approach to valuing and reporting inventory. Normally ending inventory is stated at historical cost (what was paid to obtain it) but there are times when the original cost of the ending inventory is greater than the cost of replacement thus the inventory has lost value. If the inventory has decreased in value below historical cost then its carrying value is reduced and reported on the balance sheet. The criterion for reporting this is the current market value. Any loss resulting from the decline in the value of inventory is charged to cost of goods sold (COGS) if non-material, or Loss on the reduction of inventory to LCM if material.
|
|
|
types of categories of strategy
|
cost leader - low cost (Walmart)
differentiation - quality, comfort |
|
|
PEST analysis
|
macroeconomics, social, technological, political-legal
once this analysis is done, you determine the implications as an auditor |
|
|
it's not easy to jump to financial statements + audit implications without ___
|
understanding controls (have to consider with respect to controls and how good they are)
|
|
|
risk responses
|
controls to respond to these risks: avoidance, acceptance, reduction
|
|
|
avoidance
|
- if you have assessed risk and costs of mitigating are too much, you would avoid it (EX: starbucks avoids Norwegian markets because they are territorial and protective of mom and pops shops)
|
|
|
acceptance
|
if I identify a risk, the risk is one that I can't avoid and have to accept (Benefits associated with the risks far outweigh the costs)
EX: selling medical equipment has a lot of compliance risk, but it's okay. I will accept because they will not exceed benefits |
|
|
reduction
|
with controls I can mitigate to a reasonable level
EX: mitigating fraud and human element; Controls to mitigate such risk would be segregation of duties and independent verification |
|
|
sharing
|
risks of doing business can be given to a third party for a fee (not all can be shared)
EX: insurance - enter new venture that is well-versed in a market. Facebook bought Instagram in a joint venture. |
|
|
What risk response does (as an auditor) does not require controls?
|
-avoidance
-acceptance (with acceptance, you may to want implement a reduction strategy, so there still may be controls) |
|
|
general elements of good internal control
|
basic objective - to safeguard assets and avoid misappropriation of f/s. Ensure strategic/operation goals are played out
internal controls can't just be word-of-mouth. If CEO puts out good morals that will seep through. Need internal controls as an identified process. Something concrete. Understand internal controls are not foolproof and you would just be mitigating risk as there are still human elements. You can provide assurance, but not absolute assurance you have to be well-aware of new risks. current control structure may not be mitigated. emphasis on flexibility |
|
|
COSO
|
framework that everyone uses.
|
|
|
risk assessment ->
|
response (reduction/sharing) -> control activities -> monitoring -> use information/communication to monitor
|
|
|
10k
|
anything included in the f/s (letter to shareholders, management discussion and analysis, auditor's report, supplementary schedule)
|
|
|
dates/deadlines for management:
|
10Q's
large accelerated filers (30 days from end of quarter to close books, review, and file with SEC) small filers = 60 days 10K's large = 75 days SF = 90 days |
|
|
ultimately ___ are responsible for not filing 10Q's or 10k's
|
management (the clients); huge drops on stocks if reports are delayed
|
|
|
influence and oversee audit profession
|
SEC, FASB, IASB, AICPA, stateboard of accountancy
|
|
|
establish auditing standards
|
AICPA, PCAOB, IAASB
|
