aud notes

Audit - 1Audit: methodical review and objective examination of an enterprise’s financial statements. The objective of the auditor’s examination is to express an opinion on the financial statements.

Audit function: the audit and expression of an opinion

SAS - Statements on Auditing Standards: interpretations of GAAS issued by the Auditing Standards Board (ASB)

GAAS - Generally Accepted Auditing Standards: compliance is required for all audit engagements

GAGAS – Generally Accepted Government Auditing Standards: government organizations, programs, activities, and entities that receive government funds

PCAOB – Public Company Accounting Oversight Board: established pursuant to the Sarbanes-Oxley Act of 2002 for preparation and issuance of audit reports for “issuers”

- “Issuers” consist of entities subject to the rules of the SEC (primarily public companies)- Public accounting firms must register with the PCAOB in order to audit public companies

SSAE – Statements on Standards for Attestation Engagements: issued by senior technical bodies of the AICPA

SSARS – Statements on Standards for Accounting and Review Services: established by AICPA to regulate standards for privately held companies not seeking audited statements

SSCS – Statements on Standards for Consulting Services: issued by the Management Advisory Services Executive Committee

SSTS – Statements on Responsibilities in Tax Practice: provide guidelines for tax prep services

AICPA Code of Professional Conduct: provides guidelines for behavior and assures high standards to the public

SOX Act: auditors report to and are overseen by the issuer’s audit committee, all services (both audit/non-audit) must be preapproved by the audit committee, a second partner review is required for every public company audit report, must keep records for 7 years, anyone associated with a registered public accounting firm can be held responsible for a firm’s violation of laws, rules, or professional standards

Interpretive publications: recommendations regarding how SASs should be applied in specific situations

SAS Interpretations, appendices to the SASs, AICPA Audit and Accounting Guides, and AICPA auditing Statements of Position

Auditing publications: have no authoritative status but may be helpful to the auditor

Journal of Accountancy, auditing articles in AICPA CPA letter, continuing professional education materials

General Standards

T – Training: the auditor must have adequate technical training and proficiency to perform the audit

I – Independence: the auditor must maintain independence in mental attitude in all matters relating to the audit

- Independence in fact and appearance - Impairment = any direct or material indirect ownership- SOX: accounting firm cannot provide audit services for a company whose top official was an

employee of the accounting firm who worked on the audit during the last year

P – Professional Care: the auditor must exercise due professional care in the planning and performance of the audit and the preparation of the report

- Often called the “average auditor” concept- Due professional care: what the auditor does and how well it is done

o Auditor will obtain sufficient appropriate audit evidence to limit audit risk to a low level High level of assurance is referred to as “reasonable assurance”

Standards of Fieldwork

P – Planning and Supervision: the auditor must adequately plan the work and must properly supervise any assistants

I – Internal Control, Entity, and Environment: the auditor must obtain a sufficient understanding of the entity and its environment, including its internal control, to assess the risk of material misstatement of the financial statements whether due to error or fraud, and to design the nature, extent, and timing of further audit procedures

F – Footing, Cross-footing, and Recalculation - (CYA) - AccuracyI – Inquiry - (Substantive/Internal Control) – Understandability and ClassificationV – Vouching - (Substantive) - OccurrenceE – Examination/Inspection - (Substantive/Internal Control) – Rights/Obligations/Existence/Accuracy/ClassC – Confirmation - (Substantive/Existence) - ExistenceA – Analytical Review Procedures - (Substantive) - CompletenessR – Reperformance - (Internal Control) -R – Reconciliation - (Substantive) – Allocation and ValuationO – Observation - (Substantive/Internal Control) – Completeness/ExistenceT – Tracing - (Substantive) - CompletenessS – Subsequent Events Review - (Substantive) – Proper Period Cut-off

E – Evidence: the auditor must obtain sufficient appropriate audit evidence by performing audit procedures to afford a reasonable basis for an opinion regarding the financial statements under audit

Standards of Reporting

A – Accounting (GAAP): the auditor must state in the auditor’s report whether the financial statements are presented in accordance with generally accepted accounting principles

- Explicit: specifically written in report

C – Consistency: the auditor must identify in the auditor’s report those circumstances in which such principles have not been consistently observed in the current period in relation to the preceding period

- Implicit: assumed consistent within report (unless otherwise stated)

D – Disclosure: when the auditor determines that informative disclosures are not reasonably adequate, the auditor must so state in the auditor’s report

- Implicit: assumed consistent within report (unless otherwise stated)

O – Express Opinion: the auditor must either express an opinion regarding the financial statements, taken as a whole, or state that an opinion cannot be expressed, in the auditor’s report. When the auditor cannot express an overall opinion, the auditor should state the reasons therefore in the auditor’s report. In all cases where an auditor’s name is associated with financial statements, the auditor should clearly indicate the character of the auditor’s work, if any, and the degree of responsibility the auditor is taking, in the auditor’s report

- Explicit: specifically written in report

The examiners test on which reporting standards are explicit (Accounting is GAAP & Expression of Opinion) and which are implicit (Consistency & Disclosure).

The Auditor’s Standard Report

TADS turn into FROGLEAPERS

T – Title: “independent” must be included in the report title

A – Addressee: usually addressed to the company, its stockholders and/or Board of Directors

Introductory Paragraph

F – Financial Statements: a statement that the financial statements as identified in the report were audited

R – Responsibility of Management: a statement that the financial statements are the responsibility of management

O – Our responsibility: and that the auditor’s responsibility is to express an opinion

Scope Paragraph

G – GAAS: a statement that the audit was conducted in accordance with United States GAAS

- For audits of issuers, reference is made to PCAOB standards instead of United States GAAS

L – Looked for Reasonable Assurance: a statement that the audit was planned and performed to obtain reasonable assurance that the financial statements are free from material misstatement

E – Examining evidence: statements that the audit included examining evidence on a test basis;

A – Assessing principles: assessing the accounting principles used and significant estimates made by management; and evaluating the overall presentation; and

P – Provides reasonable basis: a statement that the audit provides a reasonable basis for an opinion

Opinion Paragraph

E – Express an opinion: a statement referring to the financial statements specifically identified in the introductory paragraph; an opinion as to the fair presentation of the financial statements; and

R – Refer to GAAP: a statement regarding conformity with United States GAAP (or PCAOB)

S – Signature: firm’s name must be printed or signed at the end of the report

D – Date: dated on or after the date on which sufficient/appropriate audit evidence was obtained to support the opinion. The report date shows the final date of the auditor’s responsibility. For comparative statements, the date appropriate for the most recent audit should be used.

Independent Auditor’s Report (Non-issuer)

We have audited the accompanying balance sheet of ABC Company as of December 31, 20XX, and the related statements of income, retained earnings, and cash flows for the year then ended. These financial statements are the responsibility of management. Our responsibility is to express an opinion on these financial statements based on our audit.

We conducted our audit in accordance with auditing standards generally accepted in the United States of America. Those standards require that we plan and perform the audit to obtain reasonable assurance about whether the financial statements are free of material misstatement. An audit includes examining, on a test basis, evidence supporting the amounts and disclosures in the financial statements. An audit also includes assessing the accounting principles used and significant estimates made by management, as well as evaluating the overall financial statement presentation. We believe that our audit provides a reasonable basis for our opinion.

In our opinion, the financial statements referred to above present fairly, in all material respects, the financial position of ABC Company as of (at) December 31, 20XX, and the results of its operations and its cash flows for the year then ended in conformity with accounting principles generally accepted in the United States of America.

(Company/Name)

(Date)

When the examiners require CPA candidates to respond to questions concerning the standard audit report, you must remember:

- GAAS Scope Paragraph- GAAP Opinion Paragraph

Types of Opinions

No Misstatement or Immaterial Misstatement

Unqualified Opinion: this is a “clean” opinion that states that the financial statements are presented fairly in conformity with GAAP

Unqualified Opinion with Explanatory Language: under certain circumstances, the auditor may need to add an explanatory paragraph (or other explanatory language) to the report

Material Misstatement

Qualified Opinion: this opinion states that, “except for” the effects of the matters to which the qualification relates, the financial statements are presented fairly, in conformity with GAAP

Highly Material Misstatement

Adverse Opinion: this opinion states that the financial statements do not present fairly the financial position, results of operations, or cash flows of the entity in conformity with GAAP

Disclaimer of Opinion: this is when the auditor does not express an opinion on the financial statements because he/she was not able to perform an audit sufficient in scope to render an opinion

Qualified “Except For” and Adverse Opinion: GAAP

1) Non-GAAP Change

2) Inadequate Disclosure

3) Unjustified Departure from GAAP

4) Unreasonable Accounting Estimate

Qualified “Except For” Opinion: GAAS

1) Uncertainty2) Scope Limitation

Disclaimer Opinion: GAAS

1) Uncertainty2) Scope Limitation3) Lack of Independence4) Unaudited

A candidate must be able to identify the types of opinions available for GAAP issues (Qualified & Adverse) and for GAAS issues (Qualified and Disclaimer)

A commonly tested area is the concept of uncertainty. The chart below will assist in your mastering this area.

GAAP & Evidence No evidence Non-GAAPAuditor agrees Auditor unable Auditor disagreeswith management to obtain evidence with management

Unqualified, no Qualified (GAAS) Qualified (GAAP)mention of or Disclaimer or Adverseuncertainty

Modified Unqualified Opinion

Modified Wording: Division of responsibility – the auditor’s opinion is based in part on the report of anther auditor

Explanatory Paragraph:Necessary and justified departure from GAAP – due to unusual circumstances, a GAAP departure prevents the financial statements from being misleading

Going concern – there is substantial doubt about the entity’s ability to continue as a going concern

To emphasize a matter regarding the financial statements, the auditor may add an explanatory paragraph

A justified lack of consistency is caused by a material change in GAAP between periods or a change in the method of the application of accounting principles

Required SEC regulation S-K quarterly financial data has been omitted or has not been reviewed

Supplementary information required by GAAP has been omitted or departs materially from GAAP, or the auditor is unable to complete prescribed procedures or to remove substantial doubts about the presentation of such information

Other information in a document containing audited financial statements is materially inconsistent with information appearing in the financial statements

You will probably have questions involving the “modified” unqualified opinion. We will cover each of these examples later. It is important to note, however, that this still represents an unqualified opinion. The additional language is used to highlight the above circumstances.

Reporting on Other Information: Statements Prepared under Accounting Principles Generally Accepted in Another Country

- Modified U.S. style report: to be distributed outside the U.S. only

- Standard U.S. report modified for a departure in GAAP: to be distributed within the U.S.

The report options depend upon the intended distribution. Management = written rep. letter re: use

--

Unqualified Opinion

- Lack of Consistency in Accordance with GAAP [Explanatory Paragraph AFTER Opinion Paragraph]

o If the auditor agreed with the change, a lack of consistency in applying GAAP would result in an unqualified opinion with an explanatory paragraph following the opinion paragraph.

- Going Concern Properly Disclosed [Explanatory Paragraph AFTER Opinion, No other Modifications]

o The circumstances should be described in an explanatory paragraph but would require no other paragraph modifications

- Properly Disclosed Contingency [Unmodified Standard Auditor’s Report]

Disclaimer of an Opinion

- Scope Limitations

o When disclaiming an opinion because of scope limitations, the auditor should indicate in a separate paragraph the reasons that the audit did not comply with GAAS. The auditor should also omit the scope paragraph. The opinion paragraph is not omitted; however it indicates that no opinion is expressed.

Qualified “Except For” Opinion

- Scope Limitation [Scope Paragraph Modification, Explanatory Paragraph BEFORE Opinion]

o When a qualified opinion is issued due to a lack of sufficient audit evidence, the lack of evidence should be disclosed in an explanatory paragraph before the opinion paragraph.

Since insufficient evidence is a scope limitation, the scope paragraph should also be modified to refer to the limitation and to the explanatory paragraph that discusses it. The scope limitation should be referred to in both the scope and opinion paragraphs.

o When an auditor qualifies his opinion because of a scope limitation, the wording in the opinion paragraph should indicate that the qualification pertains to the possible effects on the financial statements and not to the scope limitation itself.

- Inadequate Disclosure

o In a report qualified for inadequate disclosure, the auditor would add an explanatory paragraph and modify the opinion paragraph, but the introductory and scope paragraphs would not be modified.

- Consistency Issue

--

Auditor Submitted Documents (ASD)

A) An analysis of inventory by location

B) Depreciable lives of assets

C) An analysis of revenue by product line

Audit – 2

Piecemeal Opinions: opinions on parts of the financial statements, when those parts constitute a major portion of the financial statements

- Not appropriate if the auditor has disclaimed an opinion or issued an adverse opinion because the may overshadow the auditor’s opinion on the financial statements taken as a whole

- An opinion on specified elements that does not constitute a piecemeal opinion may be expressed, but should not accompany the disclaimer or the adverse opinion

Financial Statements Prepared in Accordance with a Comprehensive Basis of Accounting Other than GAAP:

- Qualify an opinion with an Explanatory Paragraph when the financial statements prepared are not suitably titled

Special Reports:

- An unqualified “special report” would be issued in an audit of financial statements prepared on an accounting basis prescribed by a regulatory agency solely for filing with that agency.

- Special reports are also issued for:

o Financial statements that are prepared in accordance with a comprehensive basis of accounting other than GAAP

o Specified elements, accounts or items of a financial statement

o Compliance with contractual or regulatory requirements related to audited financial statements

o Financial information presented in prescribed forms, or schedules that require a prescribed form of auditor’s report

Positive Assurance: provided in all of the reports except “compliance with contractual or regulatory requirements related to audited financial statements”.

--

An accountant may submit a written personal financial plan containing unaudited personal financial statements to a client without complying with requirements of SSARS 1 when both of the following conditions exist:

- The accountant establishes an understanding with the client that the financial statements will be used solely to assist the client in developing a financial plan and will not be used to obtain credit

- Nothing comes to the accountant’s attention during the engagement indicating that the financial statements will be used to obtain credit

--

In a review engagement, the auditor should possess a level of knowledge of the accounting principles and practices of the industry in which the entity operates. This will provide, through the performance of inquiry and analytical procedures, a reasonable basis for expressing limited assurance that there are no material modifications that should be made to the financial statements to be in conformity with generally accepted accounting principles.

--

Compiled financial statements should be accompanied by a report stating that the financial statements were compiled in accordance with SSARS issued by the AICPA.

--

If the accountant believes that modification of the standard review report is not adequate to indicate the deficiencies in the financial statements taken as a whole, the accountant should withdraw from the review engagement and provide no further services with respect to those financial statements. Note that the accountant should also request that management consider the effect of the scheme on the financial statements.

--

SSARS apply when an accountant “submits” financial statements. Submission is defined as presenting financial statements to a client or third party that the accountant has prepared, either manually or through use of computer software. Preparing financial statements that are in conformity with another comprehensive basis of accounting constitutes a submission of financial statements under SSARS. If the financial statements are expected to be used by a third party, SSARS would require the accountant to report.

--

If financial statements have been compiled on a basis other than GAAP and the client makes no disclosures in the financial statements to that effect, the accountant should disclose the basis of accounting in the accountant’s compilation report.

--

If substantially all disclosures required by GAAP are omitted from compiled financial statements, the accountant’s compilation report should state that the financial statements are not designed for those who are not informed about such matters.

--

The accountant’s report on a review engagement should state that the accountant is not aware of any material modifications that should be made to the financial statements for them to conform with GAAP.

--

If the accountant concludes that modification of the standard report is appropriate, the departure should be disclosed in a separate paragraph of the report.

--

An accountant implicitly states independence when performing compilation services for a client.

An accountant can prepare a working trial balance and prepare monthly journal entries without being required to issue a compilation or review report under the SSARS as long as the performance of these services does not carry forward into the submission of financial statements.

--

When reviewing a nonpublic entity’s financial statements, an accountant ordinarily makes inquiries concerning the entity’s procedures for recording and summarizing transactions.

--

A management representation letter is required for a review engagement. If no representation letter is provided, the review is incomplete and no review report may be issued. Since there is no requirement for a representation letter in relation to a compilation engagement, the engagement may be changed to a compilation engagement (with the client’s consent).

--

The accountant is not required to specifically assess fraud risk or to perform procedures designed to detect material misstatements due to fraud or illegal acts.

--

Compiled financial statements that omit substantially all the disclosures required by GAAP are not comparable to financial statements that do not include required GAAP disclosures. Accordingly, the 20X1 statements are not comparable to the 20X2 statements and Clark cannot report on them.

--

An accountant’s knowledge of an entity’s business and its internal control influences the inquiries made and analytical procedures performed. A significant change in control activities would likely result in further inquiry of management on whether management has monitored the changes and considered whether they were operating as intended.

--

The objective of a review of interim financial information is to provide the accountant, through inquiries and analytical procedures, with a basis for reporting whether material modifications should be made to such information to conform with generally accepted accounting principles.

--

If a report on a review of interim financial information is presented in a registration statement, the prospectus should include a statement that the report is not a “report” or “part” of the registration statement. The accountant should also read the other portions of the registration statement to ensure that his or her name is not used in a way that indicates greater responsibility than s/he intends.

--

An independent accountant will generally read the minutes of the board of directors’ meetings when conducting a review of interim financial information of a publicly held entity. Remember, it requires lots of “reading stuff”.

--

If the quarterly data required by SEC Regulation S-K have been omitted, the auditor’s report must include a statement indicating that the company has not presented such data.

--

Statements on Standards for Attestation Engagements provide guidance with respect to compilation of a financial projection but they do not address services involving advocating for a client, such as testifying as an expert witness.

--

There is no requirement that the accountant’s report be restricted to specified parties when reporting on an assertion about the subject matter instead of reporting directly on the subject matter.

--

A WebTrust engagement is an attestation engagement in which the CPA determines whether the client’s web site meets defined criteria relating to transaction integrity, information protection, and disclosure of business practices. Attestation engagements should be performed in accordance with Statements on Standards for Attestation Engagements (SSAEs).

--

The practitioner’s report on agreed-upon procedures related to management’s assertion about the entity’s compliance with specified requirements is intended solely for the use of specified parties. Thus, the report should include a statement on the use of the report.

--

An examination of a financial forecast is a professional service that involves:

1) Evaluating the preparation of the prospective financial statements

2) Evaluating the support underlying the assumptions

3) Evaluating the presentation of the prospective financial statements in conformity with AICPA

4) Issuing an examination report

--

Attestation standards provide a framework for the attest function beyond historical financial statements.

--

The accountant’s report on a review of pro forma financial information should include a reference to the financial statements from which the historical information is derived and a statement as to whether such financial statements were audited or reviewed.

--

An accountant’s compilation report on a financial forecast should include a statement that the compilation does not include evaluation of the support of the assumptions underlying the forecast. [An examination of the financial forecast would include evaluation of the support.]

--

Negative assurance may be expressed when an accountant is requested to report on the results of performing a review of management’s assertion.

--

Accepting an engagement to compile a financial projection for a publicly held company most likely would be inappropriate if the projection were to be distributed to all stockholders of record as of the report date (general use). Only a financial forecast is suitable for general use.

--

CPA firm’s quality control elements:

- Independence, integrity, and objectivity

- Personnel management

- Acceptance and continuance of clients and engagements

- Engagement performance, and

- Monitoring

--

A basis of accounting used by an entity to comply with the financial reporting requirements of a lending institution is not a comprehensive basis because such a requirement, in itself, would not have substantial support. A comprehensive basis of accounting other than GAAP is one of the following:

1. Cash basis and modified cash basis

2. Tax basis

3. Prescribed regulatory basis

4. Other basis with substantial support (e.g., price-level basis)

--

An auditor’s special report on financial statements prepared in conformity with the cash basis of accounting should include a separate explanatory paragraph before the opinion paragraph that refers to the note to the financial statements that describes the basis of accounting.

--The standard report issued by an accountant after reviewing the FS of a nonpublic entity states that the accountant is not aware of any material modifications that should be made to the financial statements (see the third paragraph of the standard review report). This is a “negative assurance.”

--When reporting on financial statements prepared on the same basis of accounting used for income tax purposes, the auditor should include in the report a paragraph that states that the income tax basis of accounting is a comprehensive basis of accounting other than GAAP (included in the third paragraph of the special report).

--Financial statements of a nonpublic entity that have been compiled should be accompanied by a report explicitly stating that the accountant has compiled the financial statements and stating that the accountant has not audited or reviewed the financial statements.

--Accountant's Review Report

We have reviewed and audited the accompanying balance sheets of Tech Co. as of December 31, 20X2 and 20X1, and the related statements of income, retained earnings, and cash flows for the years then ended, in accordance with Statements on Standards for Accounting and Review Services issued by the American Institute of Certified Public Accountants and generally accepted auditing standards. All information included in these financial statements is the representation of the management of Tech Co.

A review consists principally of inquiries of company personnel and analytical procedures applied to financial data. It is substantially less in scope than an audit in accordance with generally accepted auditing standards, the objective of which is the expression of an opinion regarding the financial statements taken as a whole.

Based on our review, we are not aware of any material modifications that should be made to the accompanying financial statements. Because of the inherent limitations of a review engagement, this report is intended for the information of management and should not be used for any other purpose.

The financial statements for the year ended December 31, 20X1, were audited by us and our report was dated March 2, 20X2. We have no responsibility for updating that report for events and circumstances occurring after that date.

Jordan and Stone, CPAsMarch 1, 20X3

The auditors are issuing a review report this year on comparative financial statements and issued an audit opinion on last year’s financial statements. A review report gives less assurance than an audit. The auditors should not make reference in the first paragraph to the fact that they audited last year’s financial statements even though they are being comparatively shown, because it may mislead the reader of the financial statements as to the auditors’ degree of assurance on this year’s financial statements.

There is and should be a reference to the AICPA in the first paragraph because the auditors are performing a review this year and not an audit.

The accountant’s review and audit responsibilities should not follow management’s responsibilities in the introductory paragraph.

Because the auditors do substantially less work in a review than in an audit, the auditors should state that they do not express an opinion.

There should be reference to conformity with generally accepted accounting principles in the third paragraph.

There should be no restriction on use in a review report.

There should be a reference to the fact that the auditors are not aware of any material modifications that should be made (limited assurance).

There should be reference to the prior year’s audit in a separate fourth paragraph. An example: “The financial statements for the year ended December 31, 20X1 were audited by us and we expressed an unqualified opinion on them in our report dated March 1, 20X2 but we have not performed any auditing procedures since that date.”

--The opinion paragraph in an adverse opinion reads, “in our opinion, because of the effects of the matters discussed in the preceding paragraphs, the financial statements…”

--Due to recurring operating losses and working capital deficiencies, an auditor has substantial doubt about an entity’s ability to continue as a going concern for a reasonable period of time. However, the financial statement disclosures concerning these matters are adequate.

The circumstances should be described in an explanatory paragraph following the opinion paragraph without modifying the three standard paragraphs.

--

Since the auditor was unable to gather sufficient evidence on the beginning balances of the balance sheet accounts, the auditor would be unable to express an opinion on the current year’s results of operations and cash flows. The auditor could express an opinion on the statement of financial position.

--

When an accountant examines a financial forecast that fails to disclose significant assumptions used to prepare the forecast, the accountant should issue an adverse opinion.

--

Financial statements prepared in accordance with a comprehensive basis of accounting other than GAAP that are not suitably titled require a qualified opinion with an explanatory paragraph.

--

A review of data included in financial statements of a nonpublic entity is performed under SSARs, not under PCAOB (auditing) standards. A review of interim financial information under PCAOB (auditing) standards is only conducted for public companies (or companies anticipating going public).

--A review of the predecessor’s audit documentation related to matters of continuing accounting and auditing significance would be permitted. This would include documentation concerning contingencies and internal controls.--An understanding with the client should be established regarding management’s responsibilities, which include establishing and maintaining effective internal control over financial reporting. This is generally documented in an engagement letter.--Intentional misapplication of accounting principles would indicate that management lacks integrity and as a result, the auditor might conclude that a financial statement audit cannot be performed.--Objectivity is reflected by the organizational level to which the internal auditor reports as well as by policies prohibiting audits of areas where the internal auditor lacks independence. In assessing the objectivity of internal auditors, the independent CPA who is auditing the entity’s financial statements considers information obtained from previous experience, from discussions with management, from external quality reviews (if performed), and from professional internal auditing standards (such as those developed by The Institute of Internal Auditors).--A CPA cannot render an opinion on financial statements unless he or she has obtained sufficient appropriate audit evidence supporting that opinion. If such evidence were unlikely to be available, the CPA would most likely reject the potential audit engagement.--The control environment is the foundation for all other components of internal control. Management’s disregard of its responsibility to maintain an adequate internal control environment therefore compromises its ability to provide reasonable assurance regarding reliable financial reporting. The auditor may conclude that the risk of misrepresentation in the financial statements is great enough that an audit should not be conducted.--The internal auditors’ work may affect the nature, timing, and extent of the audit, including procedures the auditor performs when obtaining an understanding of the entity’s internal control, when assessing risk, and when performing substantive procedures. --In order to observe the physical inventory count, the auditor would have to coordinate schedules with the client. This timing is usually agreed upon before implementation of the audit strategy.--The auditor does not consult with the client about audit procedures that will be performed.--A requirement during planning is to perform analytical procedures, which involve comparisons of recorded amounts to expectations.--Both the risk of material misstatement (control risk and inherent risk) and detection risk may be assessed in quantitative terms such as percentages or in non-quantitative terms that range, for example, from a minimum to a maximum. --The auditor’s preliminary judgment about materiality is generally based on either annualized interim financial statements or annual financial statements from a prior period.

--An audit plan aids in instructing assistants in the work to be done. It should set forth in reasonable detail the audit procedures that the auditor believes are necessary to accomplish the objectives of the audit.--If, during the audit, the successor auditor becomes aware of information indicating that the financial statements reported on by the predecessor auditor may require revision, he or she should request the client to arrange a meeting among the three parties to discuss the information and attempt to resolve the matter.--In making judgments about the extent of the effect of the internal auditor’s work on the auditor’s procedures, the auditor considers the materiality of financial statement amounts, the risk of material misstatement of the assertions related to these financial statement amounts, and the degree of subjectivity involved in the evaluation of the audit evidence gathered in support of the assertions. As the degree of subjectivity increases, the need for the auditor to perform tests of the assertions increases. Testing the existence of fixed asset additions involves very little subjectivity, and thus work performed by the internal auditor may reduce the auditor’s testing in this area.--Internal auditors may assist the auditor in obtaining an understanding of internal control and in performing tests of controls and substantive tests.--The auditor may, as a result of the report or findings of the specialist, decide to add explanatory language to the auditor’s standard report or depart from an unqualified opinion. Reference to and identification of the specialist may be made in the auditor’s report if the auditor believes such reference will facilitate an understanding of the reason for the explanatory paragraph or the departure from the unqualified opinion. --Pre-audit planning meetings are typically held to plan technical and personnel aspects of the audit. Assistants should be informed of their responsibilities and the objectives of the procedures that they are to perform.--The auditor should consider the methods the entity uses to process accounting information in planning the audit because such methods influence the design of internal control. The extent to which computer processing is used in significant accounting applications, as well as the complexity of the processing, may also influence the nature, timing, and extent of audit procedures. --Materiality levels include an overall level for each statement; however, because the statements are interrelated, and for reasons of efficiency, the auditor ordinarily considers materiality for planning purposes in terms of the smallest aggregate level of misstatements that could be considered material to any one of the financial statements.--When assessing the internal auditors’ competence, the auditor should obtain information about such factors as educational level, experience, professional certification, continuing education, supervision, review, and evaluation of performance.--Review of assistants’ work is necessary to determine whether it was performed in a satisfactory manner and to determine whether the work supports the conclusions presented in the auditor’s report.--An increase in the assessed level of control risk means that the assessed risk of material misstatement has also increased, and this requires a corresponding decrease in detection risk to maintain the same (presumably low) level of overall audit risk. Increasing the extent of tests of details will result in a reduction in detection risk.

--An auditor would review the client’s accounting policies and procedures as part of obtaining an understanding of the client’s operations and business. This understanding is important because it affects the design of internal control, which in turn impacts planned auditing procedures.--As part of audit planning, the auditor should obtain an understanding of the entity’s business. This understanding enables the auditor to better understand events, transactions, and practices that may affect the financial statements, to plan and perform appropriate audit tests, and to properly understand and evaluate the results of those tests.--When an entity transmits, processes, maintains, or accesses significant information electronically, some accounting data and source documents may be available only in electronic form, or only at a certain point in time. The auditor would generally perform tests of controls several times during the year to compensate for this limitation.--The auditor uses the assessed level of control risk (together with the assessed level of inherent risk) to determine the assessed risk of material misstatement, which in turn affects the acceptable level of detection risk for financial statement assertions.--The auditor identifies internal controls relevant to specific financial statement assertions, and then performs tests of controls to evaluate their effectiveness in preventing material misstatements in those assertions. Control risk should be assessed in terms of financial statement assertions.--The acceptable level of detection risk is inversely related to the assurance provided by substantive tests. For example, if the acceptable level of detection risk decreases, more assurance is required from substantive tests.--Samples to test internal control are intended to provide a basis for an auditor to conclude whether the control activities are operating effectively.--Prior to commencing field work, the auditor would likely discuss with management any assistance desired from client staff. This is part of establishing an understanding with the client.--Applying substantive tests to the details of asset and liability accounts as of an interim date increases risk, as it is possible that errors will occur between the date of interim testing and the balance sheet date. For this reason, the auditor generally selects for interim examination only accounts that are reasonably predictable with respect to amount, relative significance, and composition, and must also identify procedures sufficient to extend interim conclusions to year-end.--Regardless of the assessed level of control risk, an auditor would perform some level of substantive tests to restrict detection risk for significant transaction classes. Even with the lowest possible assessed level of control risk, substantive testing cannot be entirely eliminated for significant transaction classes or balances.--As the assessed level of control risk increases, the acceptable level of detection risk for financial statement assertions decreases. To attain a decreased level of detection risk, greater assurance is needed from substantive tests. Increasing the extent of tests will provide greater assurance.--Applying the substantive tests to the details of asset and liability accounts as of an interim date increases risk, as it

is possible that errors will occur between the date of interim testing and the balance sheet date. For this reason, the auditor generally selects for interim examination only accounts that are reasonably predictable with respect to amount, relative significance, and composition, and must also identify procedures sufficient to extend interim conclusions to year-end.--The auditor would most likely use the entity’s financial statements of the prior year in the preliminary determination of materiality. The prior year financial statements would be a good starting point in estimating the current year’s expected results, especially for a continuing client.--A decrease in the amount of misstatements that the auditor can tolerate will cause the auditor to modify the nature, timing, and/or extent of auditing procedures. Performing the planned procedures closer to the balance sheet date is a timing modification that addresses this change.--“Fairness and accuracy” is not a type of financial statement assertion. F/S assertions include: rights and obligations, valuation and allocation, and understandability and classification.--While a specialist who is unrelated to the client will provide the auditor with greater assurance of reliability, a specialist who is related to the client may be acceptable in certain circumstances. In such situations, the auditor would likely perform additional procedures to verify objectivity.--When audit procedures are performed before year-end, the auditor must assess the incremental risk involved and determine whether sufficient alternative procedures exist to extend the interim conclusions to year-end.--The planning process should include application of analytical procedures, such as comparison of the financial statements with budgeted or anticipated results.--Audit documentation to include a description of the discussion among engagement personnel regarding the risk of material misstatement due to fraud.--An auditor should respond to fraud risk by designing appropriate audit procedures. Requesting that management more closely monitor the inventory function does not improve the auditor’s likelihood of detecting fraud.--In assessing the risk related to material misstatements in an entity’s financial statements, the auditor would consider situations that threaten financial stability or profitability, since such situations might provide an incentive to fraudulently misstate the financial statements. Included as one of these characteristics is declining customer demand.--Excessive pressure on management to meet financial targets is a fraud risk factor that would heighten an auditor’s concern about the risk of intentional manipulation of financial statements.--The auditor should consider the implications of an illegal act in relation to other aspects of the audit, particularly the reliability of representations of management.--The auditor should withdraw from the engagement if the client refuses to accept the auditor’s modified report.--Reviewing an internal control questionnaire provides information about control policies and procedures, but does

not provide information about actual transactions or events that have occurred. Therefore, it is not likely to uncover any illegal acts.--If specific information concerning a possible illegal act comes to the auditor’s attention, the auditor should apply additional audit procedures to determine whether an illegal act has in fact occurred.--In every audit, the auditor should obtain a sufficient understanding of the design of relevant internal controls pertaining to financial reporting in each of the five internal control components.--The auditor should obtain an understanding of the entity and its environment to assess the risk of material misstatement and to design and perform further audit procedures.--An advantage of using systems flowcharts to document internal information is that flowcharts provide a visual depiction of clients’ activities.--Tests of details of transactions are used to detect material misstatements in the financial statements after the auditor has assessed risk, not as part of making this assessment.--Observation and inspection may be used to evaluate the design of controls. Observation of entity personnel applying control activities is a procedure that would likely provide evidence about the design of the activities.--The use of budgets and forecasts to identify variances improves managers’ ability to supervise company activities. Variances from budgets serve as signals to managers that a potential problem exists.--The key phrase in this question is “in obtaining an understanding…”. Review of descriptions of controls would typically be performed while gaining an understanding of an entity’s internal control (for any system or cycle, not just inventory).--The control environment reflects the overall attitude, awareness and actions of those charged with governance (i.e., the board of directors, management, owners, and others) concerning the importance of control and its emphasis in the entity.--“Substance over form” concerns relate to controls that appear on the surface to exist but in reality are not operating effectively. When obtaining an understanding of a client’s internal controls, an auditor should concentrate on the substance of controls rather than the form because even when appropriate procedures are established, management may not enforce compliance.--Human error is an inherent limitation in internal control, because even a properly designed and operating internal control system cannot prevent errors in the use of information provided by the system.--Making constructive suggestions to the client is not a primary objective for obtaining an understanding of internal control, although it may be a desirable by-product of an audit engagement.--An auditor would most likely be concerned with internal controls that provide reasonable assurance about the entity’s ability to process and summarize financial data.--

In obtaining an understanding of an entity’s internal control, an auditor is required to obtain knowledge about the design of controls and whether they have been implemented. The auditor is not required to obtain knowledge about the “operating effectiveness of controls” as part of obtaining an understanding of internal control.--Internal control over safeguarding of assets may relate to both financial reporting and operations objectives. For example, controls related to financial reporting might include:

- Use of a lockbox system for collecting cash- Passwords for limiting access to accounts receivable data files

Controls related to operations might include controls to prevent the excess use of materials in production. Internal control over safeguarding of assets generally would not relate to compliance objectives. (Note that the auditor generally would only be concerned with the controls relevant to financial reporting, but this question does not ask which controls are important to the auditor.)--The fact that budgetary reports are being generated indicates that the control has been implemented. The control, however, does not provide any assurance regarding achievement of the entity’s objectives, since the report is not being analyzed or acted upon. Accordingly, the control is not operating effectively.--Services performed by another organization are not considered to be part of the client’s information system if the services provided are limited to executing transactions that are specifically authorized by the client (i.e., sale specifically authorized by the client of the investment securities by an external broker).--Inherent limitations in internal control are limitations that exist despite implementation of appropriate controls.For example, faulty human judgment may result in errors in the design or use of internal controls.--Client records documenting the use of EDP programs would be a relevant item for an auditor to examine while determining if internal control is operating as designed.--Since control risk is assessed at a low level, tests of controls would be required to evaluate the effectiveness of the internal controls to support that assessed level. However, the need for some substantive tests of transactions is never eliminated.--After obtaining an understanding of the entity and its environment, including its internal control, the auditor may make a risk assessment that assumes controls are operating effectively. In such cases, the auditor performs tests of controls to obtain evidence supporting this assessment.--Tests of controls include such procedures as inspecting documentation, inquiry, observation, and re-performance.--Preparation of system flowcharts may aid in the auditor’s understanding of internal control, but would not indicate whether controls were actually operating as designed.--When an entity transmits, processes, maintains, or accesses significant information electronically, factors unique to electronic processing may make it impractical or impossible to reduce detection risk to an acceptable level through substantive testing alone. In such cases, tests of controls should be performed.--The extent of the auditor’s consideration of the client’s internal controls is affected by a variety of factors, with the primary goal being to obtain a sufficient understanding of the entity and its environment, including its internal

control. The amount of time budgeted to complete the audit should not be a primary factor in determining the extent of consideration of the client’s internal controls – if more time is needed to adequately consider internal control, then the budget should be revised.--Inquiry alone generally will not support a conclusion for a lower assessed level of control risk. Observation by the auditor provides more assurance than audit evidence obtained by inquiry alone. Prior audits may be considered by the auditor in assessing control risk in the current audit. An audit of financial statements is a cumulative process.--Observation of client personnel provides an auditor with the most assurance about the effectiveness of the operation of an internal control.--An auditor may decide to assess control risk at the maximum level for certain assertions because the auditor believes evaluating the effectiveness of controls is inefficient (i.e., it would be more efficient to test the assertions substantively). --After performing risk assessment procedures, an auditor might decide not to perform tests of controls because it would be inefficient. In other words, the time required to perform tests of controls would be greater than the reduction in time spent on substantive testing.--As part of understanding internal control, an auditor is not required to obtain knowledge about the operating effectiveness of controls. Operating effectiveness is evaluated later, and only for those controls on which the auditor plans to rely.--Assessing control risk and obtaining an understanding of an entity’s internal control may be performed concurrently.--Tests of controls that do not provide documentary evidence (such as the controls related to segregation of duties) are generally tested by personal inquiry and observation by the auditor.--During the planning phase of the audit, the auditor obtains an understanding of the internal control system by considering:

- The types of misstatements that may occur

- The risk that misstatements may occur

- Factors that influence the design of tests and substantive tests

- The assessment of inherent risk

- Judgments about materiality

- The complexity and sophistication of the entity’s operations and systems

- The use of manual vs. computerized control p rocedures

Such knowledge may be obtained by appropriate inquiry, inspection, or observation. Knowledge may also be obtained based on previous experience with the client and/or an understanding of the industry in which the entity

operates.--An entity’s control environment includes participation of those charged with governance, management’s philosophy, and the organizational structure.--Material fraud (“intentional” misstatements or omissions) may result from large amounts of fictitious accounts receivable. Receiving significantly fewer confirmation responses than expected implies some accounts receivable may be fictitious. --The accountant may have a duty to disclose irregularities to the SEC when the client reports an auditor change, a successor auditor when the successor makes appropriate inquiries, and a government funding agency from which the client receives financial assistance.--Supporting records that should be readily available but are frequently not produced when requested would cause an auditor to consider whether material misstatements exist.--The audit should be designed to identify material misstatements due to illegal acts, but illegal acts that relate to operating aspects rather than accounting aspects may not directly affect the financial statements, and therefore they may be less likely to be discovered by the auditor.--If specific information comes to an auditor’s attention that implies the existence of possible illegal acts that could have a material, but indirect effect on the financial statements, the auditor should next apply audit procedures specifically directed to ascertaining whether an illegal act has occurred. The auditor should obtain an understanding of the situation, inquire of management (at a level above those involved), consult legal counsel, and consider applying additional audit procedures if necessary.--When an auditor becomes aware of a possible client illegal act, the auditor should next obtain an understanding of the nature of the act in order to evaluate the effect on the financial statements.--Ordinarily, audit planning does not require an understanding of the control activities related to each account balance, transaction class, and disclosure component in the financial statements or to every assertion relevant to them.--Information that may raise a question concerning possible illegal acts include unusually large payments made to: 1) cash, 2) bearer, 3) purchase cashier’s checks, and 4) transfer funds to numbered accounts.--Policies and procedures involving segregation of duties are control activities, not control environment factors.--The auditor needs to understand how management addresses risks relevant to financial reporting in order to properly plan the audit.--Before performing substantive tests at an interim date, an auditor should consider whether the amounts of the year-end balances selected for interim testing are reasonably predictable with respect to amount, relative significance and composition.--Control activities are the policies and procedures that help ensure that management directives are carried out.

These policies and procedures may relate to any of the three objectives (financial reporting, operations, and compliance), not strictly to the financial reporting objective.--Before performing substantive tests at an interim date, the auditor must assess the difficulty in controlling the incremental audit risk from the interim date (on which the substantive procedures are performed) to the year-end date (on which an opinion is rendered).--“Internal auditors” are part of the system of internal control. Their audits would cover more areas in greater depth than those of the “independent auditors,” whose concerns are limited to areas materially affecting the “financial statements taken as a whole.”--Monitoring is the process of assessing the quality of internal control performance over time and taking necessary corrective actions. Eliminating a control that is not operating effectively would not be an appropriate corrective action.-There are two types of reports on the processing of transactions by service organizations: “reports on controls placed in operation” and “reports on controls placed in operation and tests of operating effectiveness”. The former do not include tests of operating effectiveness, and therefore, are not intended to provide the user auditor with a basis for reducing the assessment of control risk. Accordingly, such reports should include a disclaimer of opinion regarding the operating effectiveness of the controls.--The user auditor should not make reference to the report of the service auditor as a basis, in part, for his or her own opinion on the user organization’s financial statements. Since the service auditor is not responsible for the examination of any part of the user organization’s financial statements, division of responsibility would be inappropriate.

AUDIT 4

The auditor should obtain bank cutoff statements that include transactions for 10 to 15 days after year-end. The outstanding checks and deposits in transit at year-end on the bank reconciliation should then be traced to the bank cut-off statement.--The function of cash receipts is part of the treasurer’s department and should be separate from the role of posting credits to the A/R ledger. Failure to separate the recordkeeping function from the custodial function allows an individual to misappropriate cash and then cover up the theft by posting credits against the related A/R balance.--The standard AICPA bank confirmation form includes spaces for the bank to confirm both cash balances on deposit at the bank and collateral pledged on loans originating from the bank.--A bank employee may not have access to all information about transactions with the audit client and thus may be unaware of all the financial relationships the bank has with the client.--In general, an audit procedure can be restated as the question to be answered. In this case, tracing a sample of purchase orders and related receiving reports to the purchases journal and the cash disbursements journal seeks to answer the question, “Were all purchases properly recorded?” (the completeness assertion).--In making sure that a voucher is not paid for twice, the check signer should stamp the voucher “paid”, thereby canceling the voucher so it cannot be resubmitted for payment.--Reconciling control totals for sales invoices with the accounts receivable subsidiary ledger is not an effective control related to the billing process, since errors that exist in the preparation of invoices would likely carry through to accounts receivable.--Vouching to supporting documents tests the occurrence assertion.--Assertions about valuation and allocation deal with whether asset, liability, revenue, and expense components have been included in the financial statements at appropriate amounts, and any resulting valuation adjustments are appropriately recorded. For example, management asserts that trade accounts receivable included in the balance sheet are stated at net realizable value.--Matching vendor’s invoices with receiving reports provides authorization for payment and is generally performed in the accounts payable department. Recalculation of vendor invoices is compatible with this authorization function.--By ensuring that credit approval is obtained before goods are shipped to customers, the auditor is testing management’s assertion that accounts receivable are collectible (valuation or allocation).--Shipping documents provide evidence that a sale occurred, and therefore selecting from a population of shipping

documents allows the auditor to test whether corresponding invoices exist for each sale.--Vouchers should be approved before payment occurs. Overriding this control to expedite payment may result in unauthorized payments being made. The auditor would need to consider this change in evaluating current controls and determining the nature, extent, and timing of testing.--Tracing from invoices to shipping documents would provide evidence that sales billed to customers were actually shipped. An invoice for which the corresponding shipping documents could not be located might be indicative of fictitious sales (i.e., sales that were recorded but never actually shipped).--In testing the existence or occurrence assertion, the auditor is concerned that fictitious or overstated receivables may have been recorded. Observing the mailing of monthly statements and reviewing evidence of follow-up on errors reported by customers provides evidence that procedures are in place to identify and correct such errors.--By ensuring that credit approval is obtained before goods are shipped to customers, the auditor is testing management’s assertion that accounts receivable are collectible (allocation and valuation). Ensuring that credit approval is obtained before goods are shipped does not support the rights and obligations assertion.--

Progress Tests

- When a qualified opinion results from a limitation of scope, it should be described in an explanatory paragraph preceding the opinion paragraph and referred to in both the scope and opinion paragraphs of the auditor's report.

- If an auditor chooses to report on information accompanying the basic financial statements in a client-prepared document, the report should include a description of both the character of the audit work performed and the degree of responsibility assumed.

- In accordance with the GAAP hierarchy, FASB Technical Bulletins are considered the most authoritative of the sources listed in the question. Of the sources listed, AICPA Accounting Interpretations would be considered the second most authoritative. FASB Statements of Financial Accounting Concepts are among the least authoritative sources of GAAP available to auditors. AICPA Technical Practice Aids are among the least authoritative sources of GAAP available to auditors.

- Failure to include a statement of cash flows is a GAAP violation that requires an "except for" qualified opinion to be issued.

- If the accountant has compiled the financial statements of nonpublic entity, and the compiled financial statements are not expected to be used by a third party, the accountant may decline to issue a compilation report.

- An accountant is required to comply with the provisions of Statements on Standards for Accounting and Review Services when submitting unaudited financial statements. Submission is defined as: presenting to a client or third parties financial statements the accountant has prepared. An accountant who reproduces client-prepared financial statements has not prepared those statements. Preparation of standard monthly journal entries is a bookkeeping service that also does not involve preparation of financial statements.

- The report should not state that the auditors have no responsibility for updating the prior year's audit report for events and circumstances that occurred after that date. This type of comment is included in a report on prospective financial statements, not in a report on the financial statements of a nonpublic entity.

- Observing safeguards over access to and use of assets and records is part of the study and evaluation of the client's internal control; such an evaluation is not conducted in a review.

- When unaudited financial statements (generally the first quarter of the following year in an annual report) are presented in comparative form with audited financial statements in documents filed with the SEC, such statements should be clearly marked as "unaudited," but should not be referred to in the auditor's report. The statements need not be withheld until audited.

- The engagement described is one to express an opinion on a specified element, account, or item of the financial statements. Since Field's profit participation is based on Gold's net income or stockholders' equity, Hardy can accept the engagement only if Hardy also audited the complete financial statements.

- Analytical procedures may be used to enhance the auditor's understanding of the client's business or to evaluate financial statement assertions, but generally would not be helpful in assessing the competence and objectivity of an entity's internal auditor.

- Selecting a sample of vendors' invoices for comparison to receiving reports is performed during fieldwork. This is not part of the planning phase.

- Intentional misapplication of accounting principles would indicate that management lacks integrity and as a result, the auditor might conclude that a financial statement audit cannot be performed.- Recording fictitious sales generally has the same impact on revenues and receivables: both would be overstated by the same dollar amount. However, this will cause the accounts receivable turnover ratio to decrease, because the sales figure for the year is generally much larger than the average receivables amount. Since the numerator (sales) is being increased far less proportionately than is the denominator (receivables), overall the ratio will decline. (Try using actual numbers if you want to see how this works: Assume sales of $2,000,000 and average receivables of $300,000. What will happen to the ratio if you increase both of these numbers by $50,000? It will go from 6.7% to 5.9%--a decline.)

- Dividend income from investments is tested by referring to the dividend record books produced by investment advisory services, such as "Moody's Dividend Record." These books state the dividend that was declared and paid by the investee.

- Analysis of repairs and maintenance expense provides assurance with regard to management's assertion that expenditures for property and equipment have been capitalized and have not been charged to expense.

- In testing the existence or occurrence assertion, the auditor is concerned that fictitious or overstated receivables may have been recorded. Observing the mailing of monthly statements and reviewing evidence of follow-up on errors reported by customers provides evidence that procedures are in place to identify and correct such errors.

- The appropriate numerator for calculating inventory turnover is cost of goods sold. Cost of goods sold is the expense most clearly associated with the sale (turnover) of inventory, which is priced at acquisition cost, not selling price.

- Attribute sampling is appropriate for tests of controls. Controls relate to authorization, validity, completeness, accuracy, appropriate classification, accounting in conformity with GAAP, and proper period.

- A lower risk of incorrect acceptance requires a greater sample size.

- The effect on sample size cannot be determined, because there is more than one change occurring. In this case, the increase in population variability results in an increase in sample size, whereas the larger tolerable misstatement results in a decrease in sample size. The overall effect on sample size will depend on which of the two effects is greater, but this cannot be determined from the information provided.

- The effect on sample size cannot be determined, because there is more than one change occurring. In this case,the smaller tolerable misstatement results in an increase in sample size, but the higher risk of incorrect acceptance results in a decrease in sample size. The overall effect on sample size will depend on which of the two effects is greater, but this cannot be determined from the information provided. Note that the number of items in the population is generally assumed to have virtually no effect on sample size.

- Selection of every twentieth item results in a sample that is 5% (1/20 .05) of the population. The sample results indicate a net overstatement of $3,500 ( $3,700 $200), which is then projected to the total population as $70,000 ( $3,500 / .05). (Alternatively, 3,500 20 70,000). Since the projected misstatement of $70,000 exceeds the tolerable misstatement of $60,000, there is an unacceptably high risk that the actual misstatement in the population will exceed the tolerable misstatement.

- The sample size in an attribute sampling application is affected by the allowable risk of assessing control risk too low, the tolerable deviation rate, and the expected deviation rate. The average dollar value of the check requests has no effect on the sample size.

- If the auditor assesses control risk too low, then the true population deviation rate exceeds the auditor's tolerable rate while the auditor's estimate of the maximum deviation rate (based on sample results) was less than the tolerable rate. Only cell III represents this set of conditions.

- To determine the number of items to be selected for a particular sample for a test of controls, the auditor should consider the tolerable rate of deviation from the controls being tested, the likely rate of deviations (expected deviation rate), and the allowable risk of assessing control risk too low.

- An increase in tolerable misstatement results in a smaller sample size. An increase in the assessed level of control risk leads to an increase in sample size.

- By using statistical sampling, the auditor can quantify sampling risk to assist in limiting it to a level considered acceptable.

- Ratio estimation is most effective if there is a correlation between book values and audit amounts.

- Deviations from control activities do not necessarily result in misstatements. Therefore, deviations from pertinent control activities at a given rate would ordinarily be expected to result in misstatements at a lower rate.

- When planning a particular sample for a substantive test of details, the auditor should consider how much monetary misstatement in the account might exist without causing the financial statements to be materially misstated (tolerable misstatement) as well as the expected size and frequency of misstatements.

- The situation given is an example of sampling risk, or the probability that the sample chosen is not representative of the population as a whole. This is illustrated by the fact that the sample deviation rate is less than the tolerable rate, but the true deviation rate exceeds the tolerable rate.

- Inclusion of zero and negative balances requires special design considerations with PPS sampling, but it does not require special design considerations with classical variables sampling.

- The auditor decided to increase the level of the preliminary assessment of control risk because the 7% tolerable rate (maximum rate of deviations that an auditor would be willing to accept without altering his/her planned reliance on the control) was less than the 8% upper deviation rate.

- The allowance for sampling risk is the excess of the 8% upper deviation rate over the 3.5% (= 7 ÷ 200) sample deviation rate, or 4 1/2%.

- If a random number matches a properly voided voucher, the auditor would ordinarily replace this with another voucher in order to attain the desired sample size.

- Attribute sampling is used to estimate a rate of occurrence, and often involves a yes-no question. Attribute sampling could be used to determine the error rate in posting journal entries, perhaps by asking, "Is the entry posted to the proper account?"

- Embedded audit modules are sections of the application program code that collect transaction data for the auditor. Embedded audit modules are usually built into the application program when the program is developed. This would require that the auditors be involved in the system design of the application to be monitored.

- While the auditor will frequently use many valid and invalid conditions, it is not feasible to test every possible valid and invalid condition using a test data approach.

- The requirement that employees take regular vacations is a good internal control, but it is unrelated to computer-access controls.

- When companies use information technology (IT) extensively and evidence is available only in electronic form, generalized audit software packages generate the programs necessary to interrogate the files and extract and analyze the data.

- Because timely communication may be important, the auditor may choose to communicate significant deficiencies during the course of the audit rather than after the audit is concluded.

- A lack of objectivity by those responsible for accounting decisions represents a significant internal control deficiency because it may result in financial statements that are biased rather than being presented fairly.

- In reporting on a nonissuer's internal control over financial reporting in an attest engagement (not an audit), the practitioner's report should include a paragraph stating that, because of inherent limitations of any internal control, errors or fraud may occur and not be detected.

- The communication of significant deficiencies in internal control report should state that the communication is intended solely for the use of management, those charged with governance, and others within the organization.

- Any report issued on significant deficiencies should indicate that the purpose of the audit was to report on the financial statements and not to provide assurance on internal control.

- In an engagement to express a separate opinion on an entity's internal control, the scope is extensive, and the purpose is directed primarily toward the internal control report. In an audit, the scope is less extensive, and the purpose is to determine the nature, timing, and extent of auditing procedures. Similar procedures generally would be used in both types of engagements.

- The auditor may expand the scope paragraph to state that internal control was considered as a basis for designing appropriate audit procedures, but not for the purpose of expressing an opinion on the effectiveness of internal control. This serves to emphasize that the extended level of testing and reporting on internal control required by the Sarbanes-Oxley Act did not apply in this case.

- Be careful! While it is true that Hannah is following PCAOB standards in both the Bender and Kleinpeter engagements, PCAOB standards do not require expanded testing and reporting on internal control for nonissuers. Therefore, only in the Bender engagement would Hannah be required to express an opinion on the effectiveness of internal control.

- It is management's responsibility to assess and report on internal control. The auditor, however, is required to attest to the accuracy of management's report, and this requires the auditor to test the effectiveness of internal control. In addition, the auditor is required to include in his or her report an evaluation of the effectiveness of internal control.

- In an audit of an issuer, the auditor is required to communicate both significant deficiencies and material weaknesses to management and the audit committee, but only material weaknesses result in an adverse opinion on the effectiveness of internal control.

- Generally Accepted Government Auditing Standards primarily apply to audits of federal financial assistance but have been adopted by some states for audits of state financial assistance.

- OMB Circular A-133 expands the auditor's responsibilities to include procedures designed to test and report on compliance matters having a direct and material effect on major federal award programs.

- OMB Circular A-133 allows auditors to use a risk-based approach to determine major grants.

- A concurrent opinion on the financial statements taken as a whole is not a required part of the auditor's report during a performance audit of a governmental entity performed in accordance with Government Auditing Standards.

- The auditor should obtain written representation that management has disclosed all laws and regulations that have a direct and material effect on its financial statements.

- Per Government Auditing Standards, audit documentation should contain sufficient information so that supplementary oral explanations are not required.

- Government Auditing Standards require that the auditor issue a written report on internal control in all audits. As part of this reporting requirement, the auditor must describe the scope of the auditor's work in obtaining an understanding of internal control and his or her assessment of control risk.

- Basic elements of a report on compliance include a statement that tests of compliance with laws, regulations, contracts, and grants that have a direct and material effect on the financial statements is part of obtaining reasonable assurance that the financial statements are free of material misstatement.

- Auditors engaged to perform audits of federal financial assistance (generally under the provisions of the Single Audit Act) must perform procedures to obtain an understanding of internal control pertaining to compliance, and should document this understanding of internal control.

-