CPA Review Notes2019 AUDIT By Cristina Agopian, CPA Published by Cristina Agopian, atSmashwords Copyright 2019 Cristina Agopian
Content
Section1
Engagement Acceptanceand Understanding the Assignment Attestation std require the auditor to be independent in mentalattitude (similar to GAAS - audit std) Obs: does not require an understanding of intcontrol Attest engagement - practitioner expresses aconclusion about reliability of a written assertion that isresponsibility of another party Examples of attest engagements: - reports on the int ctrl structure, - compliance with regulation and contractrequirements - investment performance stats - suplem. Info to financial statements(F/S) Not examples of attest: - mgmt consulting engagements (CPA providesadvice, recommendations) - when CPA advocates clients positions (IRSreview of tax returns) - tax engagements - when CPA solely assist client - expert witness Authoritative body to promulgate attest std =ASB (Auditing Std Board) Note: GAAP is promulgated by FASB (Fin AcctStd Board) - Std on fin acct and reporting for govnunits are promulgated by GASB (Government Acct Std Board) Attest engagements - examination (audit) - review (limited assurance) - agreed-upon procedures - example: onprospective F/S - requires independence and the use of the reportis restricted to specified parties - in an agreed-upon procedure, CPA appliedlimited procedures to F/S - CPA does not perform examination or review,does not provide opinion or negative assurance Important: Attest Engagement requiresIndependence Program Audit (do not confuse with Audit Programs!!) The Single Audit Act Ammend of 1996 - an entity must have a single audit / yrwhen: - entity spends > 500k in fed awards,grants, funds - entity spends funds from >=1 fedprograms If entity only spends funds from one program,it may be eligible for a program audit vs single audit Govn Auditing Std (Yellow Book) - issued by GAO (Govn AccountabilityOffice) - audits of federal org, programs activ,funds received by non-profit org and other external org - GAO incorporates AICPA GAAS and: - review for compliance with law and reg - ext rep of instances or indication offraud - reports on entity's int ctrl structure Note: reports do not render opinion aboutcontinued eligibility for govn fin assist! Financial Statements (F/S) - fairness of presentation in accordance wGAAP is management's responsibility. 1) Balance Sheet (fin position EOY) 2) Income Stm (earnings or loss forperiod) 3) Comprehensive Earnings or Loss for theperiod 4) Cash Flow during the period 5) Stm of Change in Owner's Equity and Stm ofRetained Earnings - invest / distrib to owners Audited F/S - examined by CPA according to GAAS(accounting procedures applied to F/S sufficient to permit issuanceof a report on them) Unaudited F/S - have not been subject to suchexamination - CPA can still be associated w F/S if hasprepared, compiled or review them General use of F/S - issue a financial forecast (employee,potential or existing stockholder) Limited use of F/S - 3rd party - bank - can ask questions of theresponsible party - either fin forecast or fin projection - financial projection = special use, can beused by 3rd parties with whom the firm is negotiating directly - financial forecast = general use =prospective F/S to be used by persons with whom entity is notnegotiating directly prospective fin info - forecast (future position based on expectedcond) - projection (based on hypotheticalassumptions) Section 2 Audit -Std Auditor Report F/S present fairly and in all materialrespects, the entity's fin position, resuklts of ops and cash flow(CF) in accordance with accting principles generally accepted inUSA - introductory - mgmt's responsibility - F/S preparedfairly - auditor's responsibility - GAAS - opinion Confirmation - direct communication w external indepparties - provide evidence regarding existence,rights and obligations, and cutoff - positive - auditor receives response fromrecipients - negative - assumed to be correct, unlessreturned to auditor noting an exception - responses must be sent to auditor, not toentity - used for following assertions existence and occurrence completeness rights and obligations valuation and allocation presentation and disclosure Engagement Ltr - written by CPA to client, contractualunderstanding of work to be performed - signed by CPA and client Management's reprezentation letter - fair presentation of F/S and mgmtresponsibility for them - completeness of info provided toauditor - info concerning subsequent events Objectives of Auditor - to obtain sufficient (qty) and appropriate(quality) evidence regarding the assessed risk of materialmisstatements - designing and implementing appropriateresponse to those risks Audit Objectives - primarily related to F/S assertions assertions are representations by mgmt presentation and disclosure - occurrence and rights and oblig - completeness - classifications - accuracy and valuation transactions - occurrence - completeness - classifications - accuracy and cutoff balances - presentation - completeness - existence - rights and obligations - valuation and allocation Audit Procedures - used for tests of control and substantivetesting - inspection - observation - inquiry - confirmation - recalculation - reperformance - analytical procedures Internal Control - effected by board of dir and mgmt - designed to provide reasonableassurance objectives of int ctrl - compliance w laws and regulations - effectiveness and efficiency of ops - reliability of fin info components of int ctrl - control environment - risk assessment - control activities - inform. and communication - monitoring Section 3 Auditing standards GAAS gen std : training and proficiency, indep and professionalcare std of fieldwork : planning and supervision, int ctrland evidence std ofreporting : consistency, disclosure,opinion and GAAP Communication w Predecessor Auditor - CPA must obtain permission from client - inquiries before accepting engagement - integrity of mgmt - disagreement w mgmt about acctingprinciples - auditing procedure - reason for changing auditor -after engage acceptance - contingencies - internal control - working papers Opinion - must be issued after audit - unmodified - modified - qualified - adverse - disclaimer of opinion Qualified Opinion - matter is material enough to preventunqualified opinion - not material enough to require an adverseopinion - "except for" - emphasis-of-matter or other matter inopinion paragraph Disclaimer Opinion - sufficient and appropriate evidence - if a correcting entry cannot be made=>disclaimer - if a correcting entry can be made =>adverse opinion example of report disclaiming opinion - Indep Auditor's Report - Report on the F/S - Mgmt responsibility - auditor's responsibility - GAAS - Basis for disclaimer of opinion - example- limitation of scope - disclaimer of opinion Auditor's Standard Report (unmodifiedopinion) - title + "independent" - F/S company ABC were audited - F/S are responsibility of mgmt - auditor responsibility for opinion onF/S - audit conducted in accordance w GAAS - audit includes examining evidence,assessing principles and signing estimates - opinion about whether F/S are presentedfairly in all mat respects, in conf w GAAP Adverse opinion - F/S do not present fairly the finposition - departure from accting framework ismaterial - entity is not a going concern Modified opinion (adverse or disclaimer) - title - intro - mgmt responsibility - auditor's responsibility - GAAS - basis for modified opinion - audit opinion EOM emphasis-of-matter or OM other-matter isan addl paragraph to std auditor's report to add explanatory Using the work of other Auditor - if principle accepts responsibility forwork of component auditor - no mention of component auditor is madein the opinion - if not - work of component is mentionedand responsibility is divided Note: no divided responsibility on assessmentof: - inherent risk - control risk Functions of audit committee - auditor establishes - scope, timing andplanning - audit committee communicates betweenauditor and directors - functions - selects and appoints indep auditor - assures auditor is indep - review nature of engagement - helps solving discrepancies - reviews scope Note: does not have to approve auditmethods Section 4 Understanding Entity and its Environment (including intctrl) Materiality - an intern omission / inclusion affects theF/S - sample size would be affected bymateriality, not vice versa! - for planning purposes - preliminaryjudgement about materiality levels - more careful audit is planned to detectsmall mistatm. - perform audit procedures closer to balance sheet(B/S) date - materiality limits don't apply for fraudinvolving mgmt Control Risk - CR - risk that a mat misstatement will not beprevented / detected by int ctrl important: CR should be assessed in terms ofF/S assertions Detection Risk - DR - risk that auditor will not detect a matmisstatement Inherent Risk - IR - F/S are likely to contain misstatement - considered in the planning stage ofengagement audit - greater inherent risk => tests performedat year-end (vs interim date), and more extensive testing Detection risk higher => lower Inherentand Control Risk (exist indep of auditor) Lower Inherent Risk => greater DetectionRisk acceptable by auditor Higher Inherent Risk=> more likely F/S aremat misstated How to lower Detection Risk: - auditor changes nature, timing and extentof testing - more substantive testing to year-end Audit Risk = AR = IR x CR x DR only DR can be changed by auditor tocompensate for IR and CR levels IR x CR = risk of mat misstatement DR increase by decreasing IR and CR if CR is high => auditor must have DR lowto keep audit risk low if DR is low => more tests of details(substantive procedures) examples of factors increasing IR: newregulations, change in loan covenant, inventory kept in openlot Fraud Discrepancies - incomplete transactions - unsupported / unauthorized balances - last minute significant adj - unauthorized employee access to records - tips about alleged fraud Conflicting / Missing Evidence - missing doc - altered doc - org doc missing - inconsistent responses to auditor'sinquiring (analytical procedures) - significant assets missing frominventory Problematic Relationship bet auditor andmgmt - denial of access to records - delays to provide info - denial to revise or add disclosures forF/S Conditions when fraud occurs: - reason to commit - existing circumstances (weak int ctrl) - rationalization Types of fraud - misappropriation of assets (byemployees) - fraudulent fin reporting (by mgmt) Fraud = rationalization, incentive,opportunity Audit procedures: risk assessment procedures tests of controls substantive procedures Risk Assessment Procedures - observation - inspection - reading mgmt reports - tracing transactions not necessary to detect illegal acts orunauthorized transactions In the planning phase - analyticalprocedures !! To identify unusual transactions. and communication - monitoring Service Organization - a payroll company - auditor must review the service auditor'sreport on controls Understanding Int Ctrl - evaluating the design (if improperlydesigned is material weakness) - implementation Segreg of duties - authorize transactions - record transactions - maintain custody of assets Management Assertions about classes of transactions and events - occurrence - completeness - accuracy - cutoff -classifications about acct balances - existence - rights and oblig - completeness - valuation and allocation about presentation and disclosure - occurrence - rights and oblig - completeness - classification and understandability - accuracy and valuation Significant Deficiencies (aka reportableconditions) - must be assessed in design and operation ofint ctrl - the scope is to understand int ctrlstructure - reported to those charged w govern. - less than material weaknesses - significant deficiencies are deficienciesin int ctrl important enough to deserve attention by mgmt Noncompliance w laws and reg disclosure is necessary when: - Sec reporting - successor auditor when inquires - subpoena -firm receives fin assist from govnagency - disclaim an opinion - auditor cannotobtain enough info because client precludes access auditor may modify opinion based onnoncompliance! Section6 Performing Audit Procedures and EvaluatingEvidence Tests of controls - audit evidence about control risk isobtained by performing these tests - evaluate the effectiveness of internalcontrol in place methods inquiry inspections observation reperformance substantive tests -- Y/N presence absence ofa control condition analytical procedures calculations confirmations Effectiveness vs Efficiency of Audit effectiveness risk of incorrect acceptance risk of assessing ctrl risk too low efficiency risk of incorrect rejection risk of assessing ctrl risk too high Assessing ctrl risk bellow max =>identifyspecific activ likely to detect / prevent mat misstatements =>run tests of ctrl (not tests of detail!) to evaluate effectivenessof ctrl active Substantive procedures do not contribute toauditor's assessment of ctrl risk!! Understanding int control and assess levelof ctrl risk => nature and extent of substantive tests Obtaining audit evidence - observation control - inquiry control - confirmation substantive - recalculation - substantive - reperformance control - analytical procedures - substantive High risk of mat misstatement => auditorincrease scope of audit procedures - nature(addl tests) +timing(when) + extent (larger sample size) Audit evidence to draw conclusions foraudit: - risk assessment procedures - tests of controls - cannot be usedalone - substantive procedures - can be used aloneif control is effective Risk Assessment => Determine acceptablelevel of DR for F/S assertions => DR (detection risk)=>extent of audit procedures used to detect mat misstatement Substantive tests < Tests of controls Recap: - is effective ctrls exists => performtests of controls (+substantive) - if does not exist => perform onlysubstantive procedures Analytical Procedures - auditor compares recorded amounts toexpectations - unexpected significant differences arepresented to mgmt - difference cannot be explained=> otheraudit procedures - can be used in initial planning stages andalso in final review of audit - include ratio analysis and reasonablenesstests To ensure that Alll transactions arerecorded vouch from source doc to the journalentry To ensure that All recorded entries haveproper documentation vouch from the journal to the source Max Deviation Rate < Tolerable Rate =>assess ctrl risk too low => auditor should have relied oncontrol Tolerable Rate = # acceptable deviations in population /population size 6 invoices out of 100 means 6% Sample deviationrate = # deviations in the sample / samplesize Minimum Tolerable Rate MTR - preset Projected Rate - after the sample was audited if MTR < projected rate => ctrl is notreliable if MTR > projected rate => ctrl isreliable if deviation rate > tolerable rate =>auditor assesses high level of ctrl risk also, if deviation rate < tolerable rate=> the assessed risk of ctrl is too high Tests of transactions - dual purpose - tests of controls - objective - evaluatewhether controls operate effectively - substantive tests - to detect matmisstatements in acct bal of F/S Performance materiality < F/Smateriality Tolerable misstatement applies to substantivetesting, varies inversely w sample size Section 7 RECAP: Substantive procedures - tests of transaction details and acctbal - analytical procedures to detect matmisstatements of F/S - used to test F/S assertions Uncertainties = detection risk (DR) DR = AP x TD AP - analytical procedure risk TD - tests-of-detail risk Note: tests of control reduce, not eliminatethe need for substantive procedures!! Sample size is determined by: - population size has little / no effect onsample size - tolerable rate of deviations fromcontrols - likely rate of deviations - allowable risk of assessing ctrl risk toolow - inverse relationship with sample size - the stronger the int ctrl is perceived byauditor => the smaller the sample size 4 requirements to determine size of attributesampling: 1) likely rate of deviations - estimatepopulation occurrence rate in % 2) allowable risk of assessing ctrl risk toolow 3) determine which sampling table to usebased on reliability level desired 4) Define max tolerable deviation rate Tolerable Rate = # acceptable deviations in population /population size Attribute sampling - used in tests of control- "how many?" PPS sampling ($ Unit Sampling) Sampling interval = population book value /sample size more opportunity for logical units w largerrecorded $ amounts to be selected Sampling Risk - when performing substantive tests ofdetails, risk of - incorrect acceptance - incorrect rejection - when performing tests of ctrls, risk of - overreliance - assessing ctrl risk toolow - underreliance - assessing ctrl risk toohigh Mean per unit = sample mean audited value xnumber of items in population projected misstatement = (book value ofpopulation - sample audited mean) x number of items inpopulation Reg S-K under the securities laws - mgmt provide anannual rep on int ctrl over financial reporting mgmt must disclose mat weakness of intctrl Ratios (Analytical Procedures) T/O abrev for turnover Inv T/O = COGS / Avg Inv Inv EOY = Inv BOY + Purchases COGS Avg Inv = (Inv BOY + Inv EOY) / 2 A/R T/O = Net credit sales / avg A/R Current ratio = Current assets / Currentliab Inv T/O = COGS / Avg Inv acid test ratio = quick assets / currentliab A/R T/O = Net credit sales / avg A/R quick assets = cash, marketable sec, A/R ands-t notes rec Avg days sales in inv = 365/Inv T/O Avg days to collect A/R = 365 / A/R T/O Debt-to-equity ratio = Debt / Equity EPS = Income / # common sharesoutstanding Assets T/O = Net Sales / Avg Total Assets ROE = (net income - pref div) / commonequity common equity = common stock, addl paid-incapital, retained earnings assets = liab + stockholder equity return on assets = (net income + int exp) /avg total assets Subsequent Event - after B/S date but before issuance of auditreport - has mat effect on F/S and requires: - adjustment - events providing addlevidence to B/S and affect estimates - disclosure - events did not exists at B/Sdate Retain Audit Documentation - under SAS no shorter than 5 yrs from reportrelease date - under PCAOB Aud Std 3 , no shorter than 7yrs Review Report - CPA not aware of any materialmodifications to F/S to GAAP - limited assurance - report based on inquiries of firm'spersonnel and analytical procedures - inquiry req + analytical procedures - a review is substantially less than anaudit, the objective of which is to express an opinion - inadequate disclosures req modif of the stdreview report - departures from GAAP: if material=>modified review report - independence = required - engagement ltr - recommended notrequired - representation ltr - req - understand of int ctrl - not req Compilation Report - CPA not express an opinion - no assurance - mgmt responsibility for designing,implementing and maintaining int ctrl - inquiry not required, unless insuf info - departures from GAAP: if material=>modified compilation report - Indep not required but it must bedisclosed - engagement ltr - recommended notrequired - representation ltr - not req - understand of int ctrl - not req Section 8 Audit Report - CPA planned and performed audit to obtainreasonable assurance about F/S free of misstatements - reasonable assurance - inquiry req + analytical procedures - inadequate disclosures req qualified("except for") or adverse opinion - departures from GAAP: require qualified oradverse opinion - independence = required - engagement ltr - required - representation ltr - req - understand of int ctrl - req Compare: Audit - CPA express opinion on F/S as awhole Review - CPA does not express suchopinion Consulting services - indep not req Prospective F/S - report is restricted tospecified users and agreed-upon procedures implemented Special - Reports (special purpose F/S) - F/S prepared on a special-purpose frameworkother than GAAP - specified element, account or item ofF/S - compliance with contractual agreement orregulatory requirement related to audited F/S - fin info presented in prescribed forms - condensed F/S - letter for underwriters or otherparties IT Techniques for program analysis code review comparison program flowcharting software program tracing and mapping snapshot Techniques for program testing test data integrated test facility parallel simulation controlled reprocessing Techniques for continuous testing embedded audit module SCARF extended records transaction tagging Techniques for review oper systems job acct data / oper systems logs library mgmt software process control and security software Code of Professional Conduct (AICPA) Direct financial interest - owned directly by indiv / entity - under the control of the above - estate trust - materiality not a factor Contingent fees prohibited for a CPA performing - audit, review - compilation when 3rd party uses F/S and nodisclosure is made - examination of prospective F/S - tax returns Under SOX 2002, audit partner may lead anaudit for 5 years, than rotate => indep Registered public CPA cannot provide thefollowing nonaudit services to clients covered by SOX: bookkeeping, fin info system design implem,appraisal, valuation, actuarial, int audit, mgmt, HR, broker,dealer, legal services or expert services Note: tax prep are ok, but only w approval ofaudit committee 1934 SEC Act 10-K annual report - accompanied by auditor'sreport 10-Q - quarterly - may be subject to limitedreview 8-K current report - not audited, filed 15days after significant event proxy stm - not audited, full disclosure AICPA auditor of private firms - prep of F/S prohibit prep of source doc and recordingtransactions SEC auditor of public company - prohibit prep of F/S prohibit prep of source doc and recordingtransactions GAO - 7 types of threat to independence - self-interest - self-review - bias - familiarity - undue influence - mgmt participation - structural threat GAO: design, implement, maintain int ctrl isa threat to indep Note: evaluating the effectiveness of intctrl is not when threats are identified, auditors arerequired to apply safeguards to eliminate/reduce threats to indepto an acceptable level ex: controls to eliminate/mitigate Bank Reconciliation Balance per bank + deposits in transit - outstanding checks = balance per bank compare to balance per books=>adjustment RECAP - Relationships Int Ctrl has an inverse rel w SubstantiveTesting Ctrl Risk assessed at max => no ctrltesting performed ctrl Risk assessed bellow max => auditortests int ctrl and evaluated ctrl risk based on tests int ctrl weak => more testing int ctrl strong => less testing controls are reliable = CR (control risk)lower => acceptable DR (detection risk) higher => continuesubstantive procedures as planned controls are not reliable = CR (control risk)higher => acceptable DR (detection risk) lower => stoptesting controls and do more substantive testing Evidence has an inverse relation w DR(Detection Risk) DR = auditor can control nature, timing andextent of audit procedures High level of DR acceptable => lessevidence collected and interim testing ok and fewer transactionsare verified Sampling Risk has an inverse relation wsample size The smaller the sample size, the greater thesampling risk Expected population deviation rate has adirect relation w sample size Expected population deviation rate = anestimate of deviation rate in entire population RECAP - Statistical Sampling attribute (proportional) - tests ofcontrols how many rate of occurrence discovery sampling = expected occurrence stratified sampling = when population ishighly variable, divide it in homogenous groups variable (quantitative) - substantivetesting auditor whishes to estimate / test clientbook value Attribute sampling = Y/N Variable sampling = - . + T accounts Assets Debit (Normal Bal) Credit Expenses Debit (Normal Bal) Credit Owner's Drawing Debit (Normal Bal) Credit Liabilities Debit Credit (Normal Bal) Revenues Debit Credit (Normal Bal) Owner's Cap Debit Credit (Normal Bal) Aboutthe author Cristina Agopian is alicensed CPA in the state of California. + T accounts Assets Debit (Normal Bal) Credit Expenses Debit (Normal Bal) Credit Owner's Drawing Debit (Normal Bal) Credit Liabilities Debit Credit (Normal Bal) Revenues Debit Credit (Normal Bal) Owner's Cap Debit Credit (Normal Bal) Aboutthe author Cristina Agopian is alicensed CPA in the state of California.
Next page