Reading...
Play button
Play button
Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
91 Cards in this Set
- Front
- Back
|
Consulting Services
|
Practitioner provides advice and/or recommendations
|
|
|
Assurance Services
|
Independent professional services that improve the quality of information / context for decision makers
|
|
|
Other Services
|
Practitioners only role is to assist the client
|
|
|
SAS
|
Statement on Auditing Standards
|
|
|
SSARS
|
Statement on Standards for Accounting and Review Services
|
|
|
SSCS
|
Statement on Standards for Consulting Services
|
|
|
Attestation - General Standards
|
1. Training and proficiency in attestation
2. Knowledge of subject matter 3. Suitable and available criteria 4. Independence in mental attitude 5. Due professional care |
|
|
Attestation - Standards of Field Work
|
1. Planning and supervision
2. Sufficient evidence |
|
|
Attestation - Standards of Reporting
|
1. Character of Engagement
2. Conclusion about the subject matter 3. Significant reservations 4. Any restrictions on use |
|
|
Auditing - General Standards
|
1. Training and proficiency in auditing
2. Independence in mental attitude 3. Due professional care |
|
|
Auditing - Standards of Field Work
|
1. Planning and supervision
2. Sufficient understanding of internal control 3. Sufficient evidence |
|
|
Auditing - Standards of Reporting
|
1. Conformity with GAAP
2. Principles consistently observed 3. Informative disclosures reasonably adequate 4. Expression of an opinion |
|
|
General Accepted Auditing Standards (GAAS)
|
C - Completeness
A - Accuracy V - Valuation and allocation E - Existence C - Cutoff R - Rights and Obligations O - Occurrence C - Classification and understandibility |
|
|
CPA Risk Advisory
|
Managers and investors are concerned about whether entities have identified the full scope of various business risks and taken precautions to mitigate them.
|
|
|
ElderCare Services (PrimePlus)
|
ElderCare services assess whether specified goals regarding care for the elderly are being met by various care givers. Services provided to the elderly include accumulation of information, financial management, and assessment of nursing care.
|
|
|
SSCS
|
Statement on Standards for Consulting Services
|
|
|
Attestation - General Standards
|
1. Training and proficiency in attestation
2. Knowledge of subject matter 3. Suitable and available criteria 4. Independence in mental attitude 5. Due professional Care |
|
|
Attestation - Standards of Field Work
|
1. Planning and supervision
2. Sufficient evidence |
|
|
Attestation - Standards of Reporting
|
1. Character of Engagement
2. Conclusion about the subject matter 3. Significant reservations 4. Any restrictions on use |
|
|
Auditing - General Standards
|
1. Training and proficiency in auditing
2. Independence in mental attitude 3. Due professional care |
|
|
Auditing - Standards of Field Work
|
1. Planning and supervision
2. Sufficient understanding of internal control 3. Sufficient evidence |
|
|
Auditing - Standards of Reporting
|
1. Conformity with GAAP
2. Principles consistently observed 3. Informative disclosures reasonably adequate 4. Expression of an opinion |
|
|
General Accepted Auditing Standards (GAAS)
|
C - Completeness
A - Accuracy V - Valuation and allocation E - Existence C - Cutoff R - Rights and Obligations O - Occurrence C - Classification and understandibility |
|
|
CPA Risk Advisory
|
Managers and investors are concerned about whether entities have identified the full scope of various business risks and taken precautions to mitigate them.
|
|
|
ElderCare Services (PrimePlus)
|
ElderCare services assess whether specified goals regarding care for the elderly are being met by various care givers. Services provided to the elderly include accumulation of information, financial management, and assessment of nursing care.
|
|
|
CPA Performance Review
|
Evaluates whether an entity's performance measurement system contains relevant and reliable measures for assessing the degree to which the entity's goals and objectives are achieved or how its performance compares to its competitors
|
|
|
Healthcare Effectiveness
|
Provides assurance about the effectiveness of healthcare services provided by HMOs, hospitals, doctors, and other providers
|
|
|
SysTrust
|
Assesses whether an entity's internal information systems provide reliable information for operating and financial decisions.
|
|
|
SysTrust Criteria
|
1. Online Privacy
2. Security 3. Processing Integrity 4. Availability 5. Confidentiality |
|
|
WebTrust
|
Provides Internet users, including businesses and Internet service providers, assurance about electronic commerce activities
|
|
|
Elements of a Quality Control System
|
1. Leadership responsibilities for quality within the firm (the "tone at the top")
2. Relevant ethical requirements 3. Acceptance and continuance of client relationships and specific engagements 4. Human resources 5. Engagement performance 6. Monitoring |
|
|
Quality Control Standards
|
1. A second partner review and approval is required of audit reports
2. The lead auditor and the reviewing partner must be rotated off the audit every 5 years 3. The accounting firm must supervise any associated person with respect to auditing or quality control standards 4. Independence rules have been expeanded by prohibiting the auditor from providing a variety of nonaudit services 5. The client's CEO and CFO must certify the appropriateness of the financial statements and disclosures 6. Penalties for destroying documents to impede an investigation have been expanded 7. Management must assess the effectiveness of internal control and issue a report on its effectiveness 8. The auditor must audit internal control and express an opinion on its effectiveness |
|
|
Analytical Procedures
|
1. Required to be used in planning all financial statement audits
2. Permitted but not required to be applied as substantive tests to achieve an audit objective related to a specific financial statement assertion 3. Required to be used in the final stage of the audit as a review |
|
|
Sources of information used to develop analytical procedures
|
1. Fiancial information from comparable prior period(s)
2. Anticipated results, such as budgets or forecasts prepared by management (or others) prior to the end of the period 3. Relationships amont data, such as the interrelations among the balances on the financial statements 4. Comparable information from the client's industry 5. Related nonfinancial information |
|
|
Analytical Procedures Applied in Planning the Audit
|
1. Focus on enhancing the understanding of the business and the transactions and events since the last audit
2. Identify areas that may represent specific audit risks 3. Ordinarily use data aggregated at a high level |
|
|
Components of Audit Risk
|
1. Inherent Risk
2. Control Risk 3. Detection Risk |
|
|
Audit Risk
|
The risk that an auditor may unknowingly fail to modify the opinion on materially misstated financial statements
|
|
|
Inherent Risk
|
The susceptibility of an assertion to material misstatement in the absense of related controls
|
|
|
Control Risk
|
The risk that internal control will not prevent or detect on a timely basis a material misstatement that could occur in an assertion
|
|
|
Detection Risk
|
The risk that the auditor will not detect a material misstatement that exists in an assertion
|
|
|
Fraudulent Financial Reporting
|
Intentional misstatements or omissions to deceive users, such as altering accounting records or documents, misrepresenting or omitting significant information, and misapplying accounting principles
|
|
|
Misappropriation of Assets
|
Misstatements resulting from theft, embezzlement, or an action that causes payment for items not received
|
|
|
Required Documentation of the Consideration of Fraud
|
1. Planning-stage discussions
2. Procedures for identifying and assessing fraud risks 3. Specific risks identified and the response 4. Reasons for not identifying improper revenue recognition as a fraud risk 5. Results of further addressing management override 6. Responses to other conditions and analytical relationships 7. Fraud communications |
|
|
Analytical Procedures
|
Evaluations of financial information made by a study of plausible relationships among both financial and nonfinancial data using models that range from simple to complex
|
|
|
FVMD
|
Fair Value Measurements and Disclosures
|
|
|
Considerations when assessing the competence of Internal Auditors
|
1. Education level, professional experience
2. Certification, continuing education 3. Policies, programs, procedures 4. Practices regarding assignment of staff 5. Supervision, review of activities 6. Quality of documentation, reports, recommendations 7. Performance evaluation |
|
|
Considerations when assessing the objectivity of Internal Auditors
|
1. Organizational status of director of internal auditing
2. Policies to maintain objectivity |
|
|
CRIME
|
C - Control Activities
R - Risk Assessment I - Information & Communication M - Montitoring E - Control Environment |
|
|
Control Activities
|
Policies and procedures that help ensure that management directives are carried out
1. Performance Reviews 2. Information Processing 3. Physical Controls 4. Segregation of Duties |
|
|
Risk Assessment
|
Entity's identification and analysis of relevant risks as a basis for their management
1. Changes in Operating Environment 2. New Personnel 3. New/Revamped Information Systems 4. Rapid Growth 5. New Technology 6. New Business Models, Products or Activities 7. Corporate Restructuring 8. Foreign Operations 9. Accounting Pronouncements |
|
|
Information & Communication
|
Support the identification, capture, and exchange of information in a form and time frame that enable people to carry out their responsibilities
Consists of: 1. Physical hardware elements (infrastructure) 2. People 3. Software 4. Data 5. Manual and Automated procedures Often uses IT extensively |
|
|
Information System
|
1. Identifies and records valid transactions
2. Describes transactions for proper classification 3. Measures transactions 4. Determines the proper reporting period 5. Identifies proper disclosures related to transactions |
|
|
Monitoring
|
Process that assesses the quality of internal control performance over time
1. Timely assessment of internal control. 2. Taking of corrective action |
|
|
Control Environment
|
Sets the tone of an organization, influencing the control consciousness of its people
1. Integrity, ethical values 2. Commitment to competence 3. Participation of those charged with governance 4. Management philosophy and operating style 5. Organization structure 6. Assignment of authority, responsibilty 7. Human resource policies and practices |
|
|
Limitations of Internal Control
|
1. Human judgement is faulty
2. Controls can be circumvented by collusion 3. Management may inappropriately override internal control 4. Corporate governance, effective control environment are not absolute deterrents to fraud 5. Costs should not exceed benefits |
|
|
Results of IT
|
1. Greater effectiveness and efficiency of internal control
a. Permits consistent application b. Improves quality of information c. Permits additional analysis d. Improves monitoring of activities, policies, and procedures e. Lessens risk of circumvention f. Implements security controls in applications, databases, and operating systems that segregate duties |
|
|
IT Risks
|
1. Reliance on faulty systems/programs
2. Unauthorized access leading to destruction of data 3. Inaccurate recording of transactions 4. Unauthorized changes in master files, systems, or programs 5. Failure to make necessary changes in systems or programs 6. Inappropriate manual intervention 7. Loss of data |
|
|
Computer System
|
Hardware - Physical aspects such as CPUs, servers, or workstations
Software - Operating systems, applications, and security programs |
|
|
LAN
|
Local Area Network
|
|
|
WAN
|
Wide Area Network
|
|
|
General Controls
|
Relate to all computer activities
|
|
|
Application Controls
|
Relate to specific tasks performed by the system
|
|
|
Examples of General Controls
|
1. Data center operations
2. Systems software acquisition and maintenance 3. Access security 4. Application system development and maintenance |
|
|
Exampels of Application Controls
|
1. Input
2. Processing 3. Output |
|
|
Organzational Structure
|
1. Computer processing function is treated as a service department
2. Department is independent of users 3. Department reports to senior-level management 4. Department does not have asset custody function 5. Department has no transactional authority |
|
|
Input Controls
|
1. Error Listing
2. Field Checks 3. Record Count 4. Financial Total 5. Hash Totals 6. Reasonableness, Limit, Range checks 7. Preformatting 8. Check digits 9. Sequence checks 10. Sign checks 11. Validity checks |
|
|
Hash Total
|
Used to verify the completeness of data (without defined meaning)
|
|
|
Field Checks
|
Test the characters in a field to verify that they are of an appropriate type for that field
|
|
|
Check Digits
|
Used to detect incorrect identification numbers
|
|
|
Narrative Memorandum
|
Written description of the process, flow of documents, and control points
|
|
|
Decision Table
|
Identifies, in matrix form, the contingencies considered in the description of a problem and the appropriate actions taken relative to the contingency
|
|
|
Attestation or Auditing?
Training & proficiency in attestation |
Attestation
|
|
|
Attestation or Auditing?
Knowledge of subject matter |
Attestation
|
|
|
Attestation or Auditing?
Suitable & available criteria |
Attestation
|
|
|
Attestation or Auditing?
Independence in mental attitude |
Both
|
|
|
Attestation or Auditing?
Planning & supervision |
Both
|
|
|
Attestation or Auditing?
Sufficient understanding of internal control |
Auditing
|
|
|
Attestation or Auditing?
Sufficient evidence |
Both
|
|
|
Attestation or Auditing?
Character of engagement |
Attestation
|
|
|
Attestation or Auditing?
Conclusion about the subject matter |
Attestation
|
|
|
Conformity with GAAP
|
Auditing
|
|
|
Attestation or Auditing?
Principles consistently observed |
Auditing
|
|
|
Attestation or Auditing?
Informative disclosures reasonably adequate |
Auditing
|
|
|
Attestation or Auditing?
Significant reservations |
Attestation
|
|
|
Attestation or Auditing?
Expression of an opinion |
Auditing
|
|
|
Attestation or Auditing?
Any restrictions on use |
Attestation
|
|
|
Attestation or Auditing?
Training & proficiency in auditing |
Auditing
|
|
|
Echo Check
|
Verify that a hardware device is working properly
|
|
|
Digital Signatures
|
Form of encryption technology used by businesses to authenticate documents
|
|
|
Device Authorization Table
|
Restricts access to those physical devices that should logically need access (Compatibility Test)
|
|
|
Management Responsibilities for Control Over Revenue Cycle
|
1. Proper acceptance of order
2. Granting credit approval with correct credit limits 3. Safeguarding assets 4. Timely shipment 5. Billing for shipments at authorized prices 6. Accounting for, collection of receivables 7. Cash, checks received are recorded, safeguarded, deposited intact |
